From fiedorow at math.ohio-state.edu Mon Jul 1 00:40:15 1996 From: fiedorow at math.ohio-state.edu (Zbigniew Fiedorowicz) Date: Mon, 1 Jul 1996 15:40:15 +0800 Subject: MacPGP 2.6.3 released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have put FatMacPGP2.6.3 v 1.6 on my web page http://www.math.ohio-state.edu/~fiedorow/PGP for distribution in the US and Canada in accordance with ITAR. The distribution is encrypted and you have to read the file README.txt for instructions on how to decrypt it. Here is a description of the main features of FatMacPGP2.6.3 v 1.6 from the README in the distribution: Enclosed is version 1.6 of FatMacPGP 2.6.3. This is a Macintosh port of the international version PGP 2.6.3ia released 04.03.96. The underlying PGP cryptographic code is the same as in the international release, except that it uses the RSAREF1.0 RSA library instead of Philip Zimmermann's MPILIB, in order to conform with US Patents on RSA. Also the legal_kludge switch, which allows interoperability with infringing pre-2.6 versions of PGP, is disabled. FatMacPGP 2.6.3 will run in native mode on a Power Macintosh, and will also run on 68K Macintoshes having a 68020 CPU or better. It will NOT run on Macintoshes with only a 68000 CPU such as Pluses, SE's, Classics or PB100's. It contains all the enhancements and bug fixes of PGP 2.6.3ia such as 1) It allows recipients of a public key message to be read in from a file containing the list of recipients, one per line. (Unlike previous versions of MacPGP it will not crash if the number of recipients exceeds 5 or 7.) 2) When extracting multiple keys into an ascii file, the each key is put separately into its own block, neatly labelled with the key id and user ids. 3) Better support for 8 bit character sets, ie. characters you get by holding down the option key. 4) Userids can be automatically signed with your secret key when creating keys ('pgp -kg') or adding new userids ('pgp -ke'). This is controlled by the AutoSign flag in the Options menu. 5) The misfeature of the initial 2.6.3i release, which didn't allow softwrapped text to be treated as text has been removed. 6) When clearsigning messages, FatMacPGP 2.6.3 will add a "Charset:" headerto the signature block, explaining which character set was used for creating the signature. This will help the recipient of the message to select correct character conversion when verifying the signature. If he/she is using version 2.6.3i, PGP will automatically choose the correct character set, thereby eliminating a lot of "Bad signature" problems. In addition to the above FatMacPGP 2.6.3 has many enhancements and bug fixes relative to previous versions of MacPGP. 1) Unlike MIT MacPGP 2.6.2 contains native Power PC code. Consequently it runs typically about 1.5 to 2 times faster than the MIT version on PPC machines, and even faster for large keyrings or large keys. It also runs typically 10-20% faster on 68K machines. 2) It has a greatly enhanced AppleEvent suite. For instance, unlike the MIT version, it is not necessary to write data to temporary files before passing it to MacPGP for en/de/cryption or signing. FatMacPGP 2.6.3 accepts AppleEvent TEXT parameters up to 32K in size in memory and returns the processed data as a parameter to the reply AppleEvent. (See the accompanying documentation for further details.) 3) It has options for automatic hardwrapping and detabbing of text, which should make electronic transmission of clearsigned messages more reliable and increase interoperability with many DOS and Unix text processing programs. 4) It has an option for stealthifying PGP encrypted files, removing any trace of their provenance. The resulting files can't be distinguished from white noise and can be completely concealed by "stegoing" into graphics and audio files. (There is of course also an option for destealthifying.) 5) It has an option for using SHA1 as the hashing algorithm for PGP signatures, instead of MD5. (Dobbertin has recently made some dramatic progress towards cryptanalyzing MD5. If he is successful, this might call into question the reliability of PGP signatures under certain circumstances.) This is an experimental feature which is not compatible with earlier versions of PGP. (It is not compatible with the proposed standards of PGP 3.0 either. But 3.0 is supposed to be deliberately incompatible with all 2.x versions to avoid the RSA patent issue.) FatMacPGP 2.6.3 is distributed under the same license terms from MIT and RSADSI as the 2.6.2 release, since its functional core is virtually identical. Please read the license agreements prior to using the program. Distribution of this program may be subject to US government export controls. This release is not endorsed by Philip Zimmermann, MIT or anyone else. However full source code for FatMacPGP 2.6.3 is being released together with the executable (although in a separate archive). It is not difficult to verify that the cryptographic core is unchanged from the 2.6.2 version. Also the author is mentioned in Zimmermann's documentation as the primary developer of previous MacPGP versions. A few support files, such as sample AppleScripts and other extensions, to facilitate interaction with the Eudora mailer program and the BBEdit text editor are included. While they are fully functional and hopefully useful, they are primarily intended to serve as illustrations to other developers on how to integrate PGP with other Macintosh programs. Detailed documentation can be found in the document "MacPGP263_AppleEvents" in the Macintosh Documentation folder. Read the included document "Verifying PGP" for instructions on how to verify this copy of MacPGP. Beginners should first take a look at the document "Getting Started with MacPGP". A detailed reference manual to MacPGP entitled "MacPGP263_Manual" is enclosed in the Macintosh Documentation folder and the indispensible "PGP User's Guide" by Philip Zimmermann is in the Documentation folder. Sources for FatMacPGP 2.6.3 will be available shortly. Z. Fiedorowicz -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: mac Comment: MacPGP 2.6.3 iQCVAwUBMdbLNr1LYmqiC9QjAQEl/wP+JXpDvgQ9VgTmXsvjjfFp+zd4v8ZeIMmt 45WcfqqPvSUPVEXv225MyYHMO1zKDkcKej1swBpFZDz5GV1eZJvriqYuNqc4Z0g0 0w9syQ2i6U5AoF6MR8bPs9Apq2Og9dRbFbaNXZ9Ba6bCtPHXyfZS1qQpi06Mkpty Xh39nE3dv4s= =/3Xe -----END PGP SIGNATURE----- From jon at aggroup.com Mon Jul 1 00:45:20 1996 From: jon at aggroup.com (Yanni) Date: Mon, 1 Jul 1996 15:45:20 +0800 Subject: [Fwd: Doubleclick] Message-ID: <9606301649.AA32058@jon.clearink.com> > There's a very obvious way to get their cookie put in your cookies > file without you explicitly going to their site. This is my favorite example... You work at a company. Evil co-worker there says...check out this webpage I just setup. You goto that page, the server gives you a cookie with confidential information. ( 4k can store a lot of data..:) )... Boss comes around and looks at your cookie file, notices confidential information. You get fired, sued, whatever.... > The server can send whatever it wants to you in the Set-Cookie: > header. Read the spec. Yes, but you know the server that sent it. A Set-Cookie header can't set the domain to be other than the domain that the cookie came from. The message that was copied to the list implied that one domain could set a cookie for another domain. That isn't true unless you have access the the persons cookie file. ( as you implied in your response, but which is beyond the scope of the original letter ). Regards, -jon Jon (no h) S. Stevens yanni at clearink.com ClearInk WebMagus http://www.clearink.com/ finger pgp at sparc.clearink.com for pgp pub key We are hiring! Check out... http://www.clearink.com/clearink/home/job.html From vznuri at netcom.com Mon Jul 1 00:45:27 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Mon, 1 Jul 1996 15:45:27 +0800 Subject: The Net and Terrorism In-Reply-To: Message-ID: <199606302244.PAA23220@netcom17.netcom.com> [TCM] >Can anything be done? To stop the likely effects of lots more >surface-to-air missiles, lots more nerve gas available on the black market, >and so on? > >In a word, "no." there are various parts of this essay I agree with, and other parts that I don't. your conclusion that such things are unstoppable is quite tenuous and not backed by evidence. what you fail to note is that law enforcement agencies usually benefit from the same innovations in technology that criminals benefit from. the FBI for example has vastly improved their ability to deal with criminal fingerprints through technology for example. in fact one could argue somewhat that government agencies stand to benefit more from new tehcnology because in some ways they are better organized and better funded than small nefarious cells of terrorists. however, I tend to agree that there is a continual arms race going on here, and that it's not necessarily desirable. the "solution" (TCM would argue against the use of such a word) is not to merely try to have a warfare, siege-like mentality imho, and a continual "trying to stay ahead of the criminals". we do not have regular open terrorism in the streets of the US and I see no reason to think there ever will be as TCM suggests. nevertheless what his essay misses, and many in law enforcement miss, are the root reasons for crime. I'm not going to sound like a liberal here and say criminals are blameless because they have been psychologically abused. its not excusable to react to any situation through crime or terrorism. however they have various gripes that are always seeded in reality. it seems to me no nation-state has ever experimented with trying to take away the root causes of violence and discontent. why? because a policeman holding a gun is so much more visceral and the public responds to this image readily. other "programs" that try to decrease discontent among the budding terrorists of tommorrow are usually ridiculed. it is very difficult to prove that they work or that they are worth the money. terrorists invariably have a patricular pathological psychological profile that sees the world in terms of "martyrs vs. villians" with the villians in the government, and the villians taking away or abusing respectable citizens. the "problem" of terrorism will be solved when we take the view that insanity and violence is *not* a natural aspect of human behavior (as TCM tends to suggest), and that there are specific environmental conditions that breed it. like malaria, if you take away the swamplike breeding grounds, you will largely remove it. such a thing is a radical hypothesis, but one that nonetheless has never really been tested in practice. >FBI Director Louis Freeh and the TLA spooks are already sounding the alarm >about the "Four Horsemen." Sen. Sam Nunn is calling for measures to ensure >that cyberspace is "secured" and that the Net is not used to further >chemical and biological terrorism. the military and spook establishments require threats to survive. I believe they are largely manufacturing a new one that has marginal actual danger content. >I'm not advocating such "terrorism," by the way, merely telling it like it is. ah yes, the standard amusing TCM disclaimer. hmmm, your signature suggests otherwise. >Keep your head down, avoid crowded downtown areas, prepare for moderate >disruptions, and reject arguments that an American Police State will do >anything to stop terrorism. once you lamented about the impractability of Duncan Frissel's suggestions for tax avoidance for regular people and a real society. many of your own suggestions seem to be to fit into the same kind of category of "not viable for regular human beings". >(Remember, terrorism is just warfare carried on by other means, with >apolgies to Von Clausewitz.) disagree. the purpose of warfare has traditionally been to seize something tangible like territory. terrorists are after intangibles-- namely, terror itself, disrupting a "peace process", etc. in warfare, the warfare is directly aimed at obtaining the "thing", like the way Hussein invaded Kuwait. terrorists do not obtain a physical "thing" by bombing some symbol. terrorism is extremely symbolic at the root. however I agree in the use of violence they are identical. Tim McVeigh apparently bombed the OKC Murrah building for a reason: he was pissed off over Waco. in a country in which the populace believes that the government is truly "of, by, or for the people" you won't see this kind of discontent and barbarianism. terrorism is not normal but generally an indication that a nation-state has gone badly off track and neglected some important psychological need of some significant part of its populace. From frantz at netcom.com Mon Jul 1 00:45:40 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 1 Jul 1996 15:45:40 +0800 Subject: FTS2000 and Encryption? Message-ID: <199606302228.PAA19168@netcom7.netcom.com> At 1:57 PM 6/30/96 -0400, Mark O. Aldrich wrote: >... The [FTS2000 follow-on contract - WSF] >security policy and RFP materials are on the 'net (I can't get to the web >right now, or I'd post the URL with this message). Please post the URL when you can. >From what I remember, >the RFP does state that all payload data will be encrypted by the >Government using NSA-approved crypto and that the vendors are not to >"worry about" what's in the payloads. All they have to do is carry it >from point a to point b. Given that FTS2000 supports X.25 Packet Assembly Disassembly (PADs), there is a wide field ahead for screwing up such useful features as 8-bit transparent characters and data forwarding (i.e. When does the PAD decide it has a complete packet and actually send it). Try running emacs without good data forwarding control. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From mhw at wittsend.com Mon Jul 1 00:45:46 1996 From: mhw at wittsend.com (Michael H. Warfield) Date: Mon, 1 Jul 1996 15:45:46 +0800 Subject: secure WWW on UNsecure servers In-Reply-To: <199606292310.TAA12274@jekyll.piermont.com> Message-ID: Perry E. Metzger enscribed thusly: > Joseph Sokol-Margolis writes: > > > How might one arrange for these encrypted web pages residing on an > > > (unsecure) server to get decrypted only at the client's machine? > > > This should work as transparently as possible for the user; > > > except possibly for a userid/password query it should look like a > > > normal web browsing session. For now, we can assume that the > > > decrypted web pages contain only HTML and images in .gif format. > > It seems like it could be done by writing a plug-in that passed the > > encrypted page to pgp (or had it internally) and used that to decrypt it. > > The plug-in could store the pass-phrase locally and clear when the user > > disconnected. > The "Right Way" to do what was asked is to use S/HTTP. However, > Netscape, in their wisdom, has not implemented it. Uh... Wait a minute... The only ones to blame for the dearth of S/HTTP systems are Tereasa systems and EIT. While the rest of us have been working on and developing for SSL those guys have stonewalled and sat on it. I know. You ever try browsing for S/HTTP information. Most of the links on their site with any useful information refuse access to anyone other that EIT members. We've had a freely available SSL reference implentation available for ages. AFAIK they STILL don't have a working reference implementation. When they do, you can bet it will be EIT only. They're so hell bent on keeping total control over it that they now strangled it to death. We now have freeware SSLeay and nobody is even interested in screwing S/HTTP. Forget that it's a better idea. The idea was stillborn because the parents strangled it a birth. > Perry Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From wb8foz at nrk.com Mon Jul 1 00:45:52 1996 From: wb8foz at nrk.com (David Lesher) Date: Mon, 1 Jul 1996 15:45:52 +0800 Subject: FTS2000 and Encryption? In-Reply-To: Message-ID: <199606302206.SAA01870@nrk.com> > I imagine that we'll see contining developments in the STU-III area (the > most popular crypto phone in Government use), as well as new devices > supporting Type I and Type II crypto for use on the FTS2000 nets. I've heard an ISDN STU-III is either out or coming RSN. One bugaboo I recall was that FTS2000 would not let us make a frac T1 off-net connection. Alas, that included the remote diagnostic number of the equip. mfgr ;-{ -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From ericm at lne.com Mon Jul 1 00:46:02 1996 From: ericm at lne.com (Eric Murray) Date: Mon, 1 Jul 1996 15:46:02 +0800 Subject: [Fwd: Doubleclick] In-Reply-To: <9606301243.AA03585@jon.clearink.com> Message-ID: <199606302113.OAA27031@slack.lne.com> Yanni writes: > > > [short-attention-span summary: someone's using Netscape cookies as a > > way to target-market browser users. Since I hate being targeted, I > > came up with a hack "fix" to prevent it, see below] > > Whatever. Whatever? > > > >Date: Wed, 26 Jun 1996 19:42:00 -0700 > > > >From: Scott Wyant Subject: COMMENT: > > > >Cookie dough > > > > > > > >If you're like me, you never went to a site called "doubleclick." > > > >So how did they give you a cookie? After all, the idea of the > > > >cookie, according to the specs published by Netscape, is to make a > > > >more efficient connection between the server the delivers the > > > >cookie and the client machine which receives it. > > > >But we have never connected to "doubleclick." > > Scott must have. Navigator is very picky about where a cookie comes > from and what is put in the domain field of the cookie. I had a cookie in my cookies file from them also, and had not been to their site before. There's a very obvious way to get their cookie put in your cookies file without you explicitly going to their site. I'm sure a smart boy like you could figure it out. [...] > > My own experiments shows that simply removing the cookie file (~/. > > netscape/cookies) works to "fix" this, as long as you don't have > > old netscape config files lying about (then it pops a dialog asking if > > you want to nuke the old config, and uses the old cookies file). > > Netscape (version 3.0b for Linux) doesn't recreate the cookies file. > > Of course this "fix" means that I'm not able to take advantage of > > whatever cookies might offer me, but since I can't control them and > > never see them there's probably not a lot that they do that I'll miss. > > Who cares if you can't control them? They don't contain any > information that you don't already know about! The server can send whatever it wants to you in the Set-Cookie: header. Read the spec. The user can set Netscape to pop up an alert when a cookie is sent, and it says what the cookie is. However there's no standard encoding format so you get stuff like "IAF=zb87" or "X=VGhlIGxhdW5jaCBjb2RlIGlzICdiYW5kZXJzbmF0Y2gnCgAA" which as far as most users are concerned is gibberish, although it could be base64 encoded "The launch code is 'bandersnatch'". Most people will accept whatever they're given, assuming that they can even find the preference for accepting cookies. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From warlord at MIT.EDU Mon Jul 1 00:46:10 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 1 Jul 1996 15:46:10 +0800 Subject: MacPGP 2.6.3 released In-Reply-To: Message-ID: <199607010105.VAA30534@ihtfp.org> > 2) When extracting multiple keys into an ascii file, the each key is > put separately into its own block, neatly labelled with the key id > and user ids. I hope there is a way to put all the keys into a single key block. > 5) It has an option for using SHA1 as the hashing algorithm for PGP > signatures, instead of MD5. (Dobbertin has recently made some > dramatic progress towards cryptanalyzing MD5. If he is successful, > this might call into question the reliability of PGP signatures > under certain circumstances.) This is an experimental feature > which is not compatible with earlier versions of PGP. This is ok... > (It is not compatible with the proposed standards of PGP 3.0 > either. But I think this is a horrible mistable. Besides the fact that there is no "PGP 3.0" (there is "PGPlib", however), why isn't your code compatible with the implementation that we're working on? This can be highly confusing when PGPlib comes out and messages signed with PGPlib can't be verified by your code, and vice-versa. Bad idea, Zig. > But 3.0 is supposed to be deliberately incompatible with > all 2.x versions to avoid the RSA patent issue.) HUH? Where did you get this faulty information? PGPlib (as I said, there is no PGP 3.0) will have full 2.6 support. So, I don't know where you heard this, but I would recommend you verify your information with people close to the project before spreading more FUD around. Enjoy! -derek From markm at voicenet.com Mon Jul 1 00:46:13 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 1 Jul 1996 15:46:13 +0800 Subject: arcfour In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 29 Jun 1996, Steve Reid wrote: > A few questions about RC4... > > I understand that RC4 is like a one-time-pad, in that a key can not be > used more than once. What about adding a different salt to the key for > each encryption? Would that be sufficent, even if the salt (but not the > rest of the key) were known to an attacker? Probably. > > Is there any way to identify and weed out weak keys? Keys starting with the sequence "00 00 FD", and "03 FD FC" are weak. > > Does anyone have any sample data I can use to test an RC4 implementation? > A key and the first few bytes of the stream should be sufficent. There are a few test vectors included in the original alleged-RC4 file available on the usual crypto FTP sites. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdbm/LZc+sv5siulAQHksQP9GkdqWiJ7s2ST4QF9ZwcFtFxzTk/PJskh ReNuvXEmWFChkP0AVHJq8USFJDL4CuN4GI7d3sQpn+2HjFw+bcklCuH9zJrret2Y mD7boKcYhzvi/abaKY9FF9/BNtC33yahrjhEIxYFx6QNTLGM9KCjBZIG7/sOAQvq aMSYbfVhvz8= =cgR3 -----END PGP SIGNATURE----- From alano at teleport.com Mon Jul 1 00:46:19 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 1 Jul 1996 15:46:19 +0800 Subject: Cookies anyone? Message-ID: <2.2.32.19960630205357.00af51c8@mail.teleport.com> At 04:34 PM 6/29/96 -0700, vanished at alpha.c2.org wondered what happens if he tosses his cookies: >While rummaging around in my cookie jar, I found this message--along with some >cookies. > >:Netscape HTTP Cookie File >:# http://www.netscape.com/newsref/std/cookie_spec.html >:# This is a generated file! Do not edit. > >Rather than bring down my system by experimenting, I thought I'd ask the list, >"What happens if I delete this file?" and "What happens if I delete (edit) the >cookies?" If you edit the file, Netscape may no longer be able to read the file correctly. (Bookmarks are similar in this respect. Netscape code is pretty picky about things like line termination and the like.) If you toss your cookies, Netscape will probibly bring you more cookies, but they will be different cookies than the last batch. Beware of burned cookies, fortune cookies (espicially ones with "Good Times" written on them), raisin cookies (especially if the raisins move), Brownies under the age of consent, and the cookies from dusty vending machines (Especially the hairy green ones). > >This may have been discussed before, but until now I never checked for cookies. You might also read the cookie recipie at http://www.netscape.com/newsref/std/cookie_spec.html . I hear it was written by a disgruntled Mrs. Fields employee. >Thanks for your consideration of this matter. You are welcome. Have a nice day. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From markm at voicenet.com Mon Jul 1 00:46:26 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 1 Jul 1996 15:46:26 +0800 Subject: rsync and md4 In-Reply-To: <199606301849.LAA23313@netcom18.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 30 Jun 1996, Mike Duvos wrote: > Has MD5 been broken again? Or are you referring to that little > collision problem which is unlikely to affect the security of the > typical real life application? The point isn't whether MD5 can be attacked in a "real life" application, but that there is a flaw in MD5. This means that it is weaker than an algorithm like SHA that has no known cryptanalytical attacks against it. Besides, a hashing algorithm with a 128-bit output can be broken as easily as a 64-bit encryption key. MD5 shouldn't be used for that reason alone. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdblK7Zc+sv5siulAQHlCgP7BHta126r27mc0Xw9UKy4wnXhzu3AbRBM QauVyh5hHvWKMJ7tXZEyDOtzvGCL3KalHCcXE7cfnybhOS6D+w9K/ZTafY0ASwP+ q6VHT1F3r0b616hL0wfp165X/qTVYKb4urWRU0p+hv9mQ0ET0ZoYpHJz66+7YJ5o AcobTzBNQyk= =oyfI -----END PGP SIGNATURE----- From markm at voicenet.com Mon Jul 1 00:46:31 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 1 Jul 1996 15:46:31 +0800 Subject: Cookies anyone? In-Reply-To: <199606292334.QAA20775@infinity.c2.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 29 Jun 1996 vanished at alpha.c2.org wrote: > While rummaging around in my cookie jar, I found this message--along with > some cookies. > > :Netscape HTTP Cookie File > :# http://www.netscape.com/newsref/std/cookie_spec.html > :# This is a generated file! Do not edit. > > Rather than bring down my system by experimenting, I thought I'd ask the list, > "What happens if I delete this file?" and "What happens if I delete > (edit) the cookies?" I know that there were already several replies so I'll just add a little more information. If you are in DOS, you can prevent the cookies file from being written to by making it read-only (attrib +r cookies.txt). Ditto for UNIX. Also, if you have Netscape 3.04b, you can enable a security option that notifies you whenever a server attempts to send you a cookie. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdbi4bZc+sv5siulAQGybAP9Fs9eo/8/eiWPRrv7Y8u4jVUbwFFAk6/2 MAkNZJ4IgaZpKmb2lLZwmLbYtbE6sZ1W/KE7N5Hgm84M6vhKGI05vRazgGzHxjlX u6s3dgBnc3ojokd61ZgJA/tXRasNEjRKNuH7AiYuqMym+rkrUxFfNQPcpnCDAyh4 MrpmZcQ0ByY= =xFS+ -----END PGP SIGNATURE----- From perry at piermont.com Mon Jul 1 00:46:41 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 1 Jul 1996 15:46:41 +0800 Subject: rsync and md4 In-Reply-To: <199606301849.LAA23313@netcom18.netcom.com> Message-ID: <199606301942.PAA18888@jekyll.piermont.com> Mike Duvos writes: > Perry writes: > > > I'm afraid you are totally wrong here. MD4 has been completely > > broken. I wouldn't trust it for anything. In fact, MD5 is no longer > > trustworthy, either -- it was broken recently. Stick to SHA. > > Has MD5 been broken again? Or are you referring to that little > collision problem which is unlikely to affect the security of the > typical real life application? I'm not refering to the old pseudocollision problem in the compression from over a year back. A couple of months ago a real break was made as I recall. It wasn't perfect but it was enough. From jon at aggroup.com Mon Jul 1 00:46:45 1996 From: jon at aggroup.com (Yanni) Date: Mon, 1 Jul 1996 15:46:45 +0800 Subject: [Fwd: Doubleclick] Message-ID: <9606301243.AA03585@jon.clearink.com> > [short-attention-span summary: someone's using Netscape cookies as a > way to target-market browser users. Since I hate being targeted, I > came up with a hack "fix" to prevent it, see below] Whatever. > > >Date: Wed, 26 Jun 1996 19:42:00 -0700 > > >From: Scott Wyant Subject: COMMENT: > > >Cookie dough > > > > > >If you're like me, you never went to a site called "doubleclick." > > >So how did they give you a cookie? After all, the idea of the > > >cookie, according to the specs published by Netscape, is to make a > > >more efficient connection between the server the delivers the > > >cookie and the client machine which receives it. > > >But we have never connected to "doubleclick." Scott must have. Navigator is very picky about where a cookie comes from and what is put in the domain field of the cookie. Go read about the domain field in the Cookie spec. Then, write a CGI to play with setting/deleting cookies yourself. You will find out that it is actually almost an art to even get a cookie set. > > >Pay special attention to the information at: > > > Maybe this scott wyant guy works for doubleclick? ;) > > >You'll see that the folks at "doubleclick" make the point that > > >this entire transaction (between their server and your machine) > > >is "transparent to the user." In plain English, that means > > >you'll never know what hit you. No sh*t. The cookie spec says that as well. > > >So what's happening is, subscribers to the doubleclick service put > > >a "cookie request" on their home page FOR THE DOUBLECLICK COOKIE. There is no such thing as a "cookie request". It is up to the browser to send the cookie and up to you to parse it out of the HTTP header. There is no way that the browser is going to send the cookie unless the domain and path matches. Go read the Cookie spec. > > >When you hit such a site, it requests the cookie and take a look to > > >see who you are, and any other information in your cookie file. > > >It then sends a request to "doubleclick" with your ID, requesting > > >all available marketing information about you. (They're very coy > > >about where this information comes from, but it seems clear that > > >at least some of it comes from your record of hitting > > >"doubleclick" enabled sites.) You then receive specially > > >targetted marketing banners from the site. In other words, if > > >Helmut Newton and I log on to the same site at the exact same > > >time, I'll see ads for wetsuits and basketballs, and Helmut will > > >see ads for cameras. Whatever. What are you saying doesn't make any sense if you knew what the heck you were talking about. > > >If you log in to a "doubleclick" enabled site, and it sends a > > >request for your "doubleclick" cookie, and you don't have one, why > > >each and every one of those sites will hand you a "doubleclick" > > >cookie. Whatever. > > >Neat, huh? And you can bet they're going to be rolling in the > > >cookie dough. > > >Me, I edit my cookie file each and every time I go to a new > > >site. (Despite the dire warning at the top of the file, you can > > >edit it with no adverse consequences.) Whatever. > > >Oh, and one other thing. If you edit your cookie file BEFORE > > >you connect to "doubleclick," and then jump around at the site, > > >you'll notice that they DON'T hand you a cookie. I probed the > > >site pretty carefully, checking the MagiCookie file, and > > >nothing happened. > > > > > >Until I closed Netscape. The LAST thing the 'doubleclick" site did > > >was.... > > >You guesed it. They handed me a cookie. So much for making > > >the client-server negotiation more efficient. (In fairness, > > >that cookie may have been in memory until I closed Netscape -- I > > >can't tell for sure.) Scott Wyant > > >Spinoza Ltd. No duh. Navigator doesn't fflush() the cookie file until you quit. It keeps it in memory for speed. > My own experiments shows that simply removing the cookie file (~/. > netscape/cookies) works to "fix" this, as long as you don't have > old netscape config files lying about (then it pops a dialog asking if > you want to nuke the old config, and uses the old cookies file). > Netscape (version 3.0b for Linux) doesn't recreate the cookies file. > Of course this "fix" means that I'm not able to take advantage of > whatever cookies might offer me, but since I can't control them and > never see them there's probably not a lot that they do that I'll miss. Who cares if you can't control them? They don't contain any information that you don't already know about! > I think that Netscape should add a configuration to the browser so > that paranoid privacy fanatics like me can disable cookies or better > yet control which ones that we'll accept. Navigator 3.0 has a preference. -jon (who has had more than enough real world experience with cookies) Jon (no h) S. Stevens yanni at clearink.com ClearInk WebMagus http://www.clearink.com/ finger pgp at sparc.clearink.com for pgp pub key We are hiring! Check out... http://www.clearink.com/clearink/home/job.html From frantz at netcom.com Mon Jul 1 00:46:58 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 1 Jul 1996 15:46:58 +0800 Subject: The Net and Terrorism Message-ID: <199606301954.MAA20179@netcom7.netcom.com> Thanks Tim for your essay. The only thing I would add is that terrorist attacks on pure information resources (e.g. the banking system) are likely to result in many fewer casualties than terrorist attacks on physical entities (e.g. major cities). Another way of saying it is, email bombs are preferable to snail mail bombs. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From mpd at netcom.com Mon Jul 1 00:47:04 1996 From: mpd at netcom.com (Mike Duvos) Date: Mon, 1 Jul 1996 15:47:04 +0800 Subject: rsync and md4 In-Reply-To: <199606301747.NAA18634@jekyll.piermont.com> Message-ID: <199606301849.LAA23313@netcom18.netcom.com> Perry writes: > I'm afraid you are totally wrong here. MD4 has been completely > broken. I wouldn't trust it for anything. In fact, MD5 is no longer > trustworthy, either -- it was broken recently. Stick to SHA. Has MD5 been broken again? Or are you referring to that little collision problem which is unlikely to affect the security of the typical real life application? From maldrich at grci.com Mon Jul 1 00:47:10 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Mon, 1 Jul 1996 15:47:10 +0800 Subject: FTS2000 and Encryption? In-Reply-To: <9605288360.AA836007879@mailgate5.kpmg.com> Message-ID: On Fri, 28 Jun 1996 nson at kpmg.com wrote: > I trying to find out if there are any talks, decisions or even standards being > discussed for encryption and FTS2000? The current FTS2000 contains little in the way of protection other than the proprietary standards undertaken by the vendors (mostly OPSEC and PHYSEC), and the "customer" level crypto that's operated above the layers provided by the FTS2000 networks. In the FTS2000 follow-on contract, however, things are going to change. The Govvies are mandating compliance with a security policy (wow - that's an incredible change) and network management traffic has to be protected. Further, overhead and orderwire bytes, etc., will also have to be protected. The Government isn't mandating how, but the bidding vendors are expected to propose solutions. Further, there are going to be some standards for points of demarcation between adjacent networks. The security policy and RFP materials are on the 'net (I can't get to the web right now, or I'd post the URL with this message). From what I remember, the RFP does state that all payload data will be encrypted by the Government using NSA-approved crypto and that the vendors are not to "worry about" what's in the payloads. All they have to do is carry it from point a to point b. I imagine that we'll see contining developments in the STU-III area (the most popular crypto phone in Government use), as well as new devices supporting Type I and Type II crypto for use on the FTS2000 nets. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From maldrich at grci.com Mon Jul 1 00:47:15 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Mon, 1 Jul 1996 15:47:15 +0800 Subject: crypto and bagpipes [NOISE] In-Reply-To: <199606292214.PAA15653@mail.pacifier.com> Message-ID: On Sat, 29 Jun 1996, jim bell wrote: > At 01:01 PM 6/29/96 -0700, Michael Myers wrote: > >>Perry E. Metzger wrote: > >>| vinnie moscaritolo writes: > >>| > >>>Mr Brooks, the piper, > > (...) > >>| > >>>claims he wasn't playing a musical > >>| > >>>instrument, but practising with a weapon! > >>| > >>> > >>| > >>>The imagination boggles if his claim is successful! > >>| > >>| No one who has heard sustained bagpipe playing can deny the fact that > >>| bagpipes are indeed an instrument of war, with no legitimate place in > >>| peaceful everyday society. > >>| > >>| Perry > > > >Of course...when bagpipes are outlawed... > > Do you mean the FULL-AUTO "Assault Bagpipes," the ones that produce more > than one "toot" per blow? Or the more "responsible" (but still dangerous!) > semi-auto bagpipes, where you have to blow each time you want a toot. I understand that, even now, the Government is testing nuclear powered bagpipes (NPB's), unmanned ariel bagpipes (UAB's), and highly classified inter-continental bagpipe delivery systems (IBDS's). Can this be the end of civilization as we know it? ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From perry at piermont.com Mon Jul 1 00:47:22 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 1 Jul 1996 15:47:22 +0800 Subject: rsync and md4 In-Reply-To: <199606300025.UAA04020@darius.cris.com> Message-ID: <199606301747.NAA18634@jekyll.piermont.com> "David F. Ogren" writes: > > MD4 is a hashing algorithm, but it can be used for checksuming. > > > > > > A first guess might be 2^-128 but I know that this sort of thing is > > > rarely that simple. Is md4 that good? > > > > 2^-64. > > Are you sure? MD5 is a 128 bit hash, and the probability of collision with > a specific random piece of data (of any length) should be 2^-128. I could > be wrong, but do you have any explanation of why you think the answer is > 2^-64. Does the phrase "birthday attack" mean anything to you? > > > Why md4? I chose md4 because it seemed to be the fastest of the > > > reputedly strong, publicly available checksum algorithms. Suggestions > > > for alternative algorithms are welcome. > > MD4 is the fastest hash I am aware of. However, there has been some > successful attacks against two rounds of MD4. Although this is not to > suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower) and > more secure. I'm afraid you are totally wrong here. MD4 has been completely broken. I wouldn't trust it for anything. In fact, MD5 is no longer trustworthy, either -- it was broken recently. Stick to SHA. Perry From ogren at cris.com Mon Jul 1 00:47:27 1996 From: ogren at cris.com (David F. Ogren) Date: Mon, 1 Jul 1996 15:47:27 +0800 Subject: rsync and md4 Message-ID: <199606300025.UAA04020@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- > On Sat, 29 Jun 1996, Andrew Tridgell wrote: > > > Now I'd like to calculate some probabilities of failure of the > > algorithm. The fundamental thing I need to know to do the calculation > > is the probability of a random piece of data of length n having the > > same md4 checksum as another given piece of data of the same length. > > MD4 is a hashing algorithm, but it can be used for checksuming. > > > > A first guess might be 2^-128 but I know that this sort of thing is > > rarely that simple. Is md4 that good? > > 2^-64. Are you sure? MD5 is a 128 bit hash, and the probability of collision with a specific random piece of data (of any length) should be 2^-128. I could be wrong, but do you have any explanation of why you think the answer is 2^-64. > > Why md4? I chose md4 because it seemed to be the fastest of the > > reputedly strong, publicly available checksum algorithms. Suggestions > > for alternative algorithms are welcome. MD4 is the fastest hash I am aware of. However, there has been some successful attacks against two rounds of MD4. Although this is not to suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower) and more secure. David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0xC626E311 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdXI1fBB6nnGJuMRAQFghwP/W0ZzdAYcbsdsCcrA97cwfw4uwug8sJWd bjWD4Z+ski7kE4HN7bj2dRLFGke6EQZ8DiebnLIRPqGCxeyxdzotqcrsdKrgp+eN eMfjp0Y3wVwvrPn2kVI5M0iI9kpX8tvvLh7Kp3OBvHdsBTim4aPPuM8xR2SHLSgv /SYnhEBeYLA= =VPWe -----END PGP SIGNATURE----- From dm at amsterdam.lcs.mit.edu Mon Jul 1 00:49:54 1996 From: dm at amsterdam.lcs.mit.edu (David Mazieres) Date: Mon, 1 Jul 1996 15:49:54 +0800 Subject: anonymous mailing lists Message-ID: <199607010012.UAA04061@amsterdam.lcs.mit.edu> iang at cs.berkeley.edu (Ian Goldberg) wrote: > Yesterday, Dave and I discussed at length a design for a new > remailer network... If you are thinking of revamping the mixmaster protocol, I have a couple of suggestions/requests. One basic philosophy motivating all of these ideas is that I would like to avoid requiring any "centralized control" or consensus about exactly what remailers should exist. This can be achieved by pushing a lot of configuration parameters into the anonymous messages, where the sender has control over them First, D-H (or RSA with short-lived keys) is an extremely good idea. Long-lived encryption keys (like the current mixmaster secret keys) should not be used for secrecy. However, it would also be good if you could avoid any man-in-the middle weaknesses. Specifically, with simple D-H, an active attack could be used to record all anonymous messages from A to B, and weeks later if B is compromised the messages could then be decrypted. Thus, when sending from remailer A to remailer B, B's identity must be proven with B's public key (either through RSA encrypting A's half of the D-H secret key and a challenge with B's key, or by having B sign his half of the D-H secret and a nonce). Moreover, since not every remailer will be known to every other, and since people may want to set up and test new remailers for a while before announcing them to the world, a strong cryptographic hash or MAC of B's public key should be embedded in the remailed-message itself. Thus, A can query B for its public key and verify the public key, then use this public key to know it is talking to the real "next hop". It would also be nice to avoid having every message go through every remailer unless the sender actually want's it to. In particular, a larger remailer network should not have to translate into more traffic for all the remailers, as it would be nice to have as large a network as possible. Thus, if, for instance, remailer A sends messages out every half hour, and A wants to send messages to B, C, and D--why not send the three useful messages to B, C, and D all in the same round, and just send garbage to all the other remailers. Of course, messages should be allowed to have as many next-hops as necessary, so that if you don't want A to know that a message's next hop is B, you can ask it to send the same message to C, F, and G as well as to B. That way, A won't know the real next hop. Now the next question is, when sending garbage to all the other remailers, should "all the other remailers" be defined by A or by the anonymous message itself. Here, A should definitely have some list of remailers it knows about. However, maybe at each hop a message should be able to supply 6-byte (IP address/port number) addresses of other remailers to which garbage should be send. If there appears to be a remailer at the address supplied, and that remailer is not already known to A, perhaps the new remailer should automatically be added to the list of garbage recipients (and then automatically deleted if it stops responding for 24 hours). In the event that A has a real backlog of messages for a particular destination B, it might make sense for A to hand some of those messages off to other remailers instead of just feeding them garbage. That way, even when one remailer is receiving a lot of mail it won't be immediately clear to it's operator which the preceeding hop is. Given all these features, of course, it would be necessary to have variable-length next-hop-descriptors instead of the fixed size and number currently in mixmaster. Is there some reason this can't be done? The total actual length of the 3-DES encrypted portion of the mixmaster message shouldn't be available to any but the last hop. Thus, is there something wrong with padding the message (or even just the 10K header portion of the message if you want to keep the message in two parts) with garbage to be 3-DES decrypted into more garbage at the next hop? Of course the padding should be done in such a way that the final hop does not know how much space the remailing headers originally took up, but this shouldn't be too hard (for instance the padding could go between the headers and the message data). Finally, another very useful feature would be some support for improved response blocks. Right now aliases like alpha.c2.org don't offer very much security because they have to go through Type-1 remailers. However, one could imagine mixmaster extensions to allow it to work for replies as well as anonymous messages. Imagine a nym server with just a 10K mixmaster header as a response block. The server would pad a received message to 10K, prepend the 10K mixmaster header, and send off the message. At each hop of the way, the message would get "decrypted" with some 3-DES key (and possibly a weird IV). However, couldn't the recipient then just "encrypt" the message to recover the plaintext? Of course, this might undesireably weaken the replay prevention, but there's got to be a good solution for response blocks somewhere near what we currently have for mixmaster. David From perry at piermont.com Mon Jul 1 01:35:30 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 1 Jul 1996 16:35:30 +0800 Subject: rsync and md4 In-Reply-To: <199607010408.AAA21171@darius.cris.com> Message-ID: <199607010520.BAA19288@jekyll.piermont.com> "David F. Ogren" writes: > > I'm afraid you are totally wrong here. MD4 has been completely > > broken. I wouldn't trust it for anything. In fact, MD5 is no longer > > trustworthy, either -- it was broken recently. Stick to SHA. > > > > Unless you are aware of some attack that I'm not, this is the most current > information on MD4 and MD5: > > MD4 has had successful attacks on limited rounds. It has _not_ been > completely cracked. Could you please quit spewing inaccurate information? Dobbertin completely cracked MD4 already, and found MD5 collisions in a document circulated on May 2nd that mean it isn't far behind. The comments you are making are dangerous because they encourage people who don't know better to think that hashes which are known unsafe are safe. Please quit posting until you start monitoring the field enough to have accurate sources of information. [...] Forward from sci.crypt on 11 Jun 1996 14:22:03 GMT wrote (Re: "MD5 discussion"): >In view of the continuing discussion about MD5, I want to make a few >comments, which hopefully can help to avoid some misunderstandings >and misinterpretations: >1. In February 1996 my paper "Cryptanalysis of MD4" appeared (Fast >Software Encryption, Cambridge Proceedings, Lecture Notes in Computer >Sciences, vol. 1039, Springer-Verlag, 1996, pp. 71-82). In this >paper, as an example two versions of a contract are given with the >same MD4 hash value. Alf sells his house to Ann, in the first version >the price is $176,495 and in the second it is $276,495. The contracts >have been prepared by Alf. Now if Ann signs the first version with >$176,495 then Alf can altered to price to $276.495 ... In principle >this risk occurs, if you use a hash function for which (senseful) >collisions can be found, whenever you allow another person to have >influence on the contents of a document you are signing. [...] From bobpal at cdt.org Mon Jul 1 01:51:26 1996 From: bobpal at cdt.org (Bob Palacios) Date: Mon, 1 Jul 1996 16:51:26 +0800 Subject: REMINDER: SAFE Forum Cybercast - Monday July 1, 12 noon - 6 pm EDT Message-ID: <31D75EAB.41A7@cdt.org> SECURITY AND FREEDOM THROUGH ENCRYPTION FORUM MONDAY JULY 1, 1996 STANFORD, CA 9:00 am - 3:00 pm PDT / 12:00 noon - 6:00 pm EDT / 1600 - 2000 GMT On July 1, 1996 in the heart of California's Silicon Valley, members of Congress and prominent computer industry leaders and privacy advocates will meet to discuss the need to reform U.S. encryption policy. The SAFE Forum will bring together members of Congress, privacy advocates, cryptographers, and industry leaders for a discussion on the need to reform U.S. encryption policy. If you can't attend the SAFE Forum in person, you can still participate by attending the cybercast of the event. The cybercast will include still photos of the conference, a RealAudio broadcast of the forum, and a telnet chat room for netizens to discuss the event and cryptography issues. Just visit the SAFE Forum web site on Monday for the necessary links: http://www.crypto.com/safe/ (You will need to be a copy of RealAudio installed on your computer. Visit http://www.realaudio.com/ for a FREE copy of Real Audio). The SAFE Forum Cybercast is brought to you with the help and support of: MediaCast (http://www.mediacast.com/) and AudioNet (http://www.audionet.com/) --------------------------------------------------------------------------- Event Information * Location: Kresge Auditorium at Stanford University, Stanford, California * Date: July 1, 1996, 9:00 am - 3:00 pm Program: 9:00 - 9:15 Welcome Rep. Anna Eshoo (D-Ca), co-host Rep. Tom Campbell (R-Ca), co-host Sen. Patrick Leahy (D-Vt) (by satellite) Jerry Berman, Center for Democracy and Technology 9:15 - 10:15 The Need for Locks and Keys on the GII: An Encryption Overview Marc Andreessen, Netscape Communications Lori Fena, Electronic Frontier Foundation Eric Schmidt, Sun Microsystems Craig Mundie, Microsoft Corporation 10:15 - 10:30 Technology Demo: The Need for Locks & Keys -- Packet Sniffing on the Internet (Cylink Corporation) 10:30 - 10:45 Break 10:45 - 11:45 How U.S. Encryption Policy Fails to Meet User Needs Herbert Lin, National Research Council Jim Omura, Cylink Corporation Tim Oren, CompuServe Incorporated Phil Zimmermann, PGP, Inc. Todd Lappin, Wired Magazine -- Introducing "Stories of Real-Life Encryption Users" 11:45 - 1:00 Lunch 1:00 - 1:45 The Cryptographers' Report: "Forty Bits Is Not Enough" Matt Blaze, AT&T Whitfield Diffie, Sun Microsystems Bruce Schneier, Counterpane Systems Eric Thompson, Access Data Tom Parenty, Sybase Technology Demo: The Genie is Out of the Bottle -- A World Wide Web Tour of Good Cryptography Available Outside of the United States 1:45 - 2:45 Addressing Law Enforcement Concerns in a Constitutional Framework Ken Bass, Venabel, Baetjer, Howard and Civiletti Cindy Cohn, McGlashan & Sarrail Michael Froomkin, University of Miami Law School John Gilmore, Electronic Frontier Foundation Grover Norquist, Americans for Tax Reform Nadine Strossen, American Civil Liberties Union Daniel Weitzner, Center for Democracy and Technology 2:45 - 3:00 Conclusion Members of Congress expected to participate include: * Rep. Anna Eshoo (D-CA) * Rep. Tom Campbell (R-CA) * Rep. Zoe Lofgren (D-CA) * Sen. Conrad Burns (R-MT) * Sen. Patrick Leahy (D-VT) (by satellite) --------------------------------------------------------------------------- Sponsors Of The SAFE Forum: America Online American Civil Liberties Union Americans for Tax Reform AT&T Audionet Business Software Alliance Center for Democracy and Technology Center for National Security Studies Commercial Internet eXchange CompuServe Incorporated Computer and Communications Industry Association Computer Professionals for Social Responsibility Cylink Corporation Digital Secured Networks Technology EDS Electronic Frontier Foundation Electronic Messaging Association Electronic Privacy Information Center Information Technology Association of America IEEE - USA ManyMedia MediaCast Media Institute Microsoft Corporation National Association of Manufacturers Netcom Online Communication Services Netscape Communications Corporation Novell, Inc. Oracle Corporation Pacific Telesis Group Pretty Good Privacy, Inc. Prodigy, Inc. Progress and Freedom Foundation Rent-a-Computer Securities Industry Association Software Publishers Association Sun Microsystems, Inc. Sybase, Inc. Voters Telecommunications Watch Wired Magazine --------------------------------------------------------------------------- CORRECTION An earlier Policy Post listed Matt Blaze with Lucent Technologies. That information was incorrect; he is with AT&T Research. --------------------------------------------------------------------------- From perry at piermont.com Mon Jul 1 01:52:47 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 1 Jul 1996 16:52:47 +0800 Subject: MD5 breaks, etc. Message-ID: <199607010408.AAA19179@jekyll.piermont.com> 1) On the question of MD4, it has been demonstrated that one can generate multiple documents with the same hash -- an example was given in a paper a while back of two contracts, identical but for the dollar sum agreed two, with identical MD4 hashes. That demonstrates that MD4 is useless. 2) Hans Dobbertin on May 2nd released a short paper that circulated widely on the net describing collisions in the MD5 compression function. Several people have asked me for references on this. I cannot give you anything -- all I have is postscript of the document, which had not been published in any journal when I last checked. However, the result is widely known. MD5 is *not* something that should be trusted going forward, and I hope the next version of PGP uses SHA-1. Perry From ogren at cris.com Mon Jul 1 02:05:33 1996 From: ogren at cris.com (David F. Ogren) Date: Mon, 1 Jul 1996 17:05:33 +0800 Subject: rsync and md4 Message-ID: <199607010408.AAA21171@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: rsync and md4 To: perry at piermont.com, ogren at cris.com Cc: markm at voicenet.com, Andrew.Tridgell at anu.edu.au, cypherpunks at toad.com > > "David F. Ogren" writes: > > Are you sure? MD5 is a 128 bit hash, and the probability of collision > with > > a specific random piece of data (of any length) should be 2^-128. I > could > > be wrong, but do you have any explanation of why you think the answer > is > > 2^-64. > > Does the phrase "birthday attack" mean anything to you? But this isn't a birthday attack. Its a comparison between one specific file and one randomly chosen one. > > MD4 is the fastest hash I am aware of. However, there has been some > > successful attacks against two rounds of MD4. Although this is not to > > suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower) > and > > more secure. > > I'm afraid you are totally wrong here. MD4 has been completely > broken. I wouldn't trust it for anything. In fact, MD5 is no longer > trustworthy, either -- it was broken recently. Stick to SHA. > Unless you are aware of some attack that I'm not, this is the most current information on MD4 and MD5: MD4 has had successful attacks on limited rounds. It has _not_ been completely cracked. MD5 has not been broken. A weakness has been shown, but collisions still cannot be developed. So checksums should still be secure. Additionally, in this case we are more concerned with the chance of random collisions than intentional collisions. In fact, I was probably wrong to suggest MD5. It _is_ more secure, but speed is his first priority, not security. SHA1 is a good hash algorithm as far as security goes (I've used it myself), but it's over three times slower than MD4. - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMddOi+SLhCBkWOspAQHLTgf7BsDpCO2nhxsHYOunVv8abXWgITexhM/Z vmYWaz2Lgu3tBYZHXIG7B2ijTikZ7u8RgMGd9esipjFxOks1bHRQwYbVbWeDUDb3 O0c5TmPPmZt/7PscUEw1D3hhtj8HeGmn9pfu0y/I54OnMIJzbvNMICpMtLLDXJCu PhpUoAfamyRdWl9OYAvZ3LBMLBdGagzCh/jPxCQ9gEBq0aYMkxF1/qlfIMdmegow H/uL+TRgN5roTIKDZPGPZWYbdLbf0NT00avPz5qKaA5BkOpxYgeRKtoBHdYC5krH O2NZGZqb5LRKgxW9+IvCWoUoJQTB6IXP+YDU7p4pbn/Y/QORSHzqGA== =WA0Y -----END PGP SIGNATURE----- From ogren at cris.com Mon Jul 1 02:43:51 1996 From: ogren at cris.com (David F. Ogren) Date: Mon, 1 Jul 1996 17:43:51 +0800 Subject: rsync and md4 Message-ID: <199607010605.CAA24104@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- > > "David F. Ogren" writes: > > > I'm afraid you are totally wrong here. MD4 has been completely > > > broken. I wouldn't trust it for anything. In fact, MD5 is no longer > > > trustworthy, either -- it was broken recently. Stick to SHA. > > > > > > > MD4 has had successful attacks on limited rounds. It has _not_ been > > completely cracked. > > Could you please quit spewing inaccurate information? > > Dobbertin completely cracked MD4 already, and found MD5 collisions in > a document circulated on May 2nd that mean it isn't far behind. > > The comments you are making are dangerous because they encourage > people who don't know better to think that hashes which are known > unsafe are safe. Please quit posting until you start monitoring the > field enough to have accurate sources of information. > I stand by my statements. I have followed the current developments regarding MD5 with interest, and am using SHA1 in the program that I am currently authoring because of its MD5's weaknesses. However, MD5 (and MD4) have not been completely cracked. The problems that you bring up have to do with situations where an active attacker develops a slightly different pair of documents with the same hash. Although this is highly undesirable characteristic for a hash function, and shows a weakness in the function that may eventually lead to its being completely cracked, it does not mean that a fraudulent document can be created from an already signed document. This is an old argument and I don't want to get into it here. However, there a lots of people that who still think MD5 can be safely used to a) sign documents that you create yourself, and b) sign documents that you have made cosmetic changes to. Irregardless, this argument is moot. This thread is titled "rsync and md4". It is a discussion about which hash function suits this particular purpose and he is not particularly concerned with resistance to deliberate attack. In this case MD4 will function adequately. - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMddp3uSLhCBkWOspAQEI1Qf/VLg6ak6Y/VfbynFhCcA69RZKAQ/C6pCx DMdz3OFitOwQM/csjTPBs7jue/3ArIQ+jevBOjp/NyAoJ4U8+Np4yv7ksmpEjTKq EWq4DcvAB7MgpgJ72A92tO55vQo8AjYPmcZT2LhqeiTg+R6yL437T4gqS0ZSs7Ud 7e1anp7m72shSel6OKsxtfgiyVDlVi6mdtpXlLegWxcZhPaRYaZen3mHJ3JdxCpc EsQupdrNVxBGMuxKeBwlkjCxD1TbqFpHTodh0oapEDScjpzTMmQeHYavmboI+Pys 32jt1PI9JEPIDracYcI3ovkgvR5VmMlKhAPDXcYbr2MWeBbVRDOaJw== =9dqv -----END PGP SIGNATURE----- From remailer at yap.pactitle.com Mon Jul 1 04:39:05 1996 From: remailer at yap.pactitle.com (Yap Remailer) Date: Mon, 1 Jul 1996 19:39:05 +0800 Subject: MacPGP 2.6.3 released In-Reply-To: <199607010105.VAA30534@ihtfp.org> Message-ID: <199607010634.XAA23399@yap.pactitle.com> > From: Derek Atkins > cc: cypherpunks at toad.com > Date: Sun, 30 Jun 1996 21:05:01 EDT > > Besides the fact that there is no "PGP 3.0" (there is "PGPlib", > however)... > > ...PGPlib (as I said, there is no PGP 3.0) will have full 2.6 > support. So, I don't know where you heard this, but I would > recommend you verify your information with people close to the > project before spreading more FUD around. > > Enjoy! Where do I get PGPlib? An Altavista search of PGPlib turned up nothing, and it's not on net-dist.mit.edu, which I thought was the canonical distribution point? Thanks. From perry at piermont.com Mon Jul 1 10:14:24 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 2 Jul 1996 01:14:24 +0800 Subject: rsync and md4 In-Reply-To: <199607010605.CAA24104@darius.cris.com> Message-ID: <199607011320.JAA20895@jekyll.piermont.com> "David F. Ogren" writes: > I stand by my statements. Then you have lost all your reputation with me. If you don't even have the integrity to admit that you are wrong, you are obviously not a reasonable source of information. > However, MD5 (and MD4) have not been completely cracked. The problems that > you bring up have to do with situations where an active attacker develops a > slightly different pair of documents with the same hash. I believe that is "cracked" under most definitions of cryptographic hashes, Mr. Ogren. A cryptographic hash is supposed to be useable in a signature precisely because it is supposed to be computationally infeasable to find two documents with the same hash. Whether both documents are chosen by the attacker or only one is immaterial -- the property as stated is independant of that. As things stand, you can get someone to sign a contract saying "I agree to pay David F. Ogren $100" and turn it into one saying "I agree to pay David F. Ogren $2395.39" or some such. If that isn't "cracked" what would be "cracked"? Yes, it could be worse, but is this not far more than bad enough? > Although this is highly undesirable characteristic for a hash function, and > shows a weakness in the function that may eventually lead to its being > completely cracked, it does not mean that a fraudulent document can be > created from an already signed document. Whatever you like, Mr. Ogren. Perry From perry at piermont.com Mon Jul 1 11:25:19 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 2 Jul 1996 02:25:19 +0800 Subject: rsync and md4 In-Reply-To: <9607011359.AA15838@mordred.sware.com> Message-ID: <199607011419.KAA20986@jekyll.piermont.com> Charles Watt writes: > How typically Perry. Thank you for the compliment. I know that you think my comments are evidence that I am nasty and that you think this is an insult, but my clients seem to think this sort of thing is evidence that I'm uncompromising in trying to maintain the security of their systems. Everyone here knows my reputation. I may have a rough edge to me, but people by now know that my advice is generally right on the money. The fact that I have a reputation pleases me -- it does not disturb me. > Perry, as you are so fond of quoting Dobbertin, let me forward once again to > the list Hans' analysis of the "crack" that he discovered. He explicitly > agrees with Mr. Ogren's analysis. No, he doesn't. Dobbertin's privately circulated document is entitled "Cryptanalysis of MD5", not "Possible weaknesses in MD5". The MD4 results were even more damning. It is true that the attacks aren't general, but they are bad enough that the key property of cryptographic hashes -- that it is computationally infeasable to produce two documents with the same hash (note that the property is NOT that you cannot produce a document with the same hash as a document selected by the opponent), has been broken. Chosen plaintext, in particular, is completely broken. Dobbertin explicitly says that although there is no reason to panic, that MD5 is not to be trusted. I quote from your quote of Dobbertin: 5. My conclusions are: no reason for panic, but in future implementations better move away from MD5. > Yes it is prudent to move away from MD5. But there are still plenty > of uses where it is more than sufficient. Yeah, like if you are looking for a wacky checksum and not a cryptographic hash. Look the point is that Ogren seems to think this is some sort of a minor technicality and that we can safely ignore it most of the time. Thats simply not prudent. Once you find that the key properties of your cryptographic hash have fallen and you have to be exceptionally careful about what you put through the hash lest an attacker somehow influence it, you've lost the game. MD5 is no longer trustworthy. I agree that one needn't run screaming in the streets, but Ogren made it sound as though this wasn't a matter of concern. Thats simply wrong. Saying that leads people to a completely incorrect conclusion. Perry From raph at CS.Berkeley.EDU Mon Jul 1 11:56:20 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 2 Jul 1996 02:56:20 +0800 Subject: List of reliable remailers Message-ID: <199607011350.GAA27758@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"treehole"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (c2 alpha) (flame replay) (alumni portal) Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Note: The remailer list now includes information for the alpha nymserver. Last update: Mon 1 Jul 96 6:47:34 PDT remailer email address history latency uptime ----------------------------------------------------------------------- flame remailer at flame.alias.net +++++__.-++- 10:04:50 100.00% alumni hal at alumni.caltech.edu #######*+*## 1:13 100.00% ecafe cpunk at remail.ecafe.org ####*#+--##* 14:24 99.98% replay remailer at replay.com *********+** 4:18 99.98% nemesis remailer at meaning.com +**** 23:43 99.98% c2 remail at c2.org ++++++++-+++ 51:58 99.97% portal hfinney at shell.portal.com +#######+*## 1:24 99.95% haystack haystack at holy.cow.net *-+#++++###+ 9:25 99.94% exon remailer at remailer.nl.com ++*******+** 5:49 99.94% lead mix at zifi.genetics.utah.edu ++++++++++++ 39:16 99.94% nymrod nymrod at nym.jpunix.com ** ****#+#-# 12:31 99.92% mix mixmaster at remail.obscura.com __.-_.-.--- 18:42:17 99.88% treehole remailer at mockingbird.alias.net +++ -..+++-+ 5:28:11 99.24% amnesia amnesia at chardos.connix.com ----------- 4:20:06 99.22% penet anon at anon.penet.fi __ _-..... 44:52:17 99.20% extropia remail at miron.vip.best.com --.-------- 5:15:59 97.93% ncognito ncognito at rigel.cyberpass.net -.___.-._ 22:24:17 97.35% alpha alias at alpha.c2.org ******-+++** 38:56 96.99% jam remailer at cypherpunks.ca * 19:19 96.68% lucifer lucifer at dhp.com +++ 56:06 95.20% vegas remailer at vegas.gateway.com #**-#*** 16:52 60.55% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From jamesd at echeque.com Mon Jul 1 12:03:35 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Tue, 2 Jul 1996 03:03:35 +0800 Subject: Hardware RNG Message-ID: <199607011504.IAA24410@dns2.noc.best.net> At 06:23 AM 6/30/96 -0700, Timothy C. May wrote: > While radioactive decay is unpredictable (so are a lot of things, by the > way), there are all kinds of biases that reduce the apparent entropy. > Detector "dead time" is a classic one (basically, the detector can't detect > counts during a post-pulse recovery time...probably not a problem at low > count rates, but an example of how subtle things can sneak in). If he has more than eight bits of timing resolution, such biases will have no affect. He is using his non uniformly distributed random number to select a uniformly distributed pseudo random number. Provided that the does not attempt to get more entropy out than he puts in, the result should be a uniformly distributed truly random number. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From maldrich at grci.com Mon Jul 1 12:21:51 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Tue, 2 Jul 1996 03:21:51 +0800 Subject: FTS2000 Security Info and RFP Message-ID: The URL's for FTS2000 RFP, Security Policy data, and assorted sundries are: http://post.fts2k.gsa.gov/ (the official government stuff) http://204.70.134.242/policy/ (This appears to be an MCI server and I don't know if they know that this stuff is online) Enjoy. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From watt at sware.com Mon Jul 1 12:29:35 1996 From: watt at sware.com (Charles Watt) Date: Tue, 2 Jul 1996 03:29:35 +0800 Subject: rsync and md4 In-Reply-To: <199607011320.JAA20895@jekyll.piermont.com> Message-ID: <9607011359.AA15838@mordred.sware.com> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-Certificate: MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK aTxjgASxqHhzkx7PkOnL4JrN+Q== MIC-Info: RSA-MD5,RSA, AUgiTVoKIzYpT3U2b5lxqGU6+uLTb+C+hivLsd0PxXH993pdEwRJ3rvJtAPSIacX +G7fosR46YQw+F9wxr955fI= > "David F. Ogren" writes: > > I stand by my statements. > > Then you have lost all your reputation with me. If you don't even have > the integrity to admit that you are wrong, you are obviously not a > reasonable source of information. How typically Perry. > > > However, MD5 (and MD4) have not been completely cracked. The problems that > > you bring up have to do with situations where an active attacker develops a > > slightly different pair of documents with the same hash. > > I believe that is "cracked" under most definitions of cryptographic > hashes, Mr. Ogren. A cryptographic hash is supposed to be useable in a > signature precisely because it is supposed to be computationally > infeasable to find two documents with the same hash. Whether both > documents are chosen by the attacker or only one is immaterial -- the > property as stated is independant of that. As things stand, you can > get someone to sign a contract saying "I agree to pay David F. Ogren > $100" and turn it into one saying "I agree to pay David F. Ogren > $2395.39" or some such. If that isn't "cracked" what would be > "cracked"? Yes, it could be worse, but is this not far more than bad > enough? > > > Although this is highly undesirable characteristic for a hash function, and > > shows a weakness in the function that may eventually lead to its being > > completely cracked, it does not mean that a fraudulent document can be > > created from an already signed document. > > Whatever you like, Mr. Ogren. > > Perry Perry, as you are so fond of quoting Dobbertin, let me forward once again to the list Hans' analysis of the "crack" that he discovered. He explicitly agrees with Mr. Ogren's analysis. Yes it is prudent to move away from MD5. But there are still plenty of uses where it is more than sufficient. Charlie Watt SecureWare - ----------------------------------------------------------------------- > Some of you may have seen this, but I think it's worth reposting here. > --Rob > > Forward from sci.crypt on 11 Jun 1996 14:22:03 GMT > wrote (Re: "MD5 discussion"): > > >In view of the continuing discussion about MD5, I want to make a few comments, > >which hopefully can help to avoid some misunderstandings and misinterpretations: > > >1. In February 1996 my paper "Cryptanalysis of MD4" appeared (Fast Software > >Encryption, Cambridge Proceedings, Lecture Notes in Computer Sciences, > >vol. 1039, Springer-Verlag, 1996, pp. 71-82). In this paper, as an example two > >versions of a contract are given with the same MD4 hash value. Alf sells his > >house to Ann, in the first version the price is $176,495 and in the second it is > >$276,495. The contracts have been prepared by Alf. Now if Ann signs the first > >version with $176,495 then Alf can altered to price to $276.495 ... > >In principle this risk occurs, if you use a hash function for which (senseful) collisions > >can be found, whenever you allow another person to have influence on the > >contents of a document you are signing. Certainly this does not happen > >very often in practical applications. But sometimes you *must* have an agreement > >about a text (contract) which is then signed by two or more parties. And these are > >often just the most important applications! > > >2. I suspect that the recent attack on MD5 compress can be refined and extended > >such that it might lead to MD5 collisions (matching the right IV) and perhaps then > >even to similar results as already obtained for MD4. Certainly this requires a lot of > >hard additional work. > > >3. If you write a message for your own (nobody else has influence on it) and sign > >it using MD5 (and a strong public key algorithm, of course) then there is no danger > >that it can be altered (at least according to our knowledge today)! Thus it is true > >that I guess almost all of you will have no risk using MD5, for instance in PGP. > >However, if you accept 2., then in some cases there could be problems ... > > >4. After all I have reservations against keeping MD5 as a (de facto) standard, > >because 2. might indicate that there is a serious security problem with MD5. > > >5. My conclusions are: no reason for panic, but in future implementations better > >move away from MD5. > > >6. Presently a paper discussion the status of MD5 in detail is in preparation. > > > - Hans Dobbertin -----END PRIVACY-ENHANCED MESSAGE----- From reagle at rpcp.mit.edu Mon Jul 1 12:31:43 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Tue, 2 Jul 1996 03:31:43 +0800 Subject: SEC lets California retailer trade stock on Internet Message-ID: <9607011502.AA20760@rpcp.mit.edu> WASHINGTON, June 27 (Reuter) - A California company that sells energy-saving solar panels has received Securities and Exchange Commission approval to trade its stock over the Internet, extending the boundaries of off-exchange trading into cyberspace. The approval, the first the SEC has issued on stock trading over the Internet, was given earlier this week to Ukiah, Calif.-based Real Goods Trading Corp., through a ``no action'' letter. In such a letter, the SEC allows a petitioning company to perform what it requested to do, without fear of any enforcement action. In approving Real Goods' request, however, the agency imposed conditions in the interest of investor protection. John Schaeffer, president, chief executive and founder of the company said in an interview he hoped to get the new system operational ``within a couple of weeks.'' Schaeffer said that since 1991, his company has sold $4.6 million of its company's stock to the public through direct, small offerings and without having to pay fees to investment bankers. ``The 'off the grid' trading of our stock is a logical extension of our service to our customers, who will now be able to buy and sell our security without going through a broker,'' Schaeffer said. ``This is also consistent with our mission of creating independent energy alternatives for our customers,'' he added. Real Goods is currently traded thinly on the Pacific Stock Exchange, at a price range of between $5 to $7 in 1995. The stock closed at $7.25 on June 26. In its application, the company said its system would function as a passive Internet bulletin board that will provide the names, addresses, including E-mail, and phone numbers of interested buyers and sellers and number of shares offered for sale or desired to be purchased. Those participating may transmit the information through the company's World Wide Web site or by telephone, fax, mail or E-mail. Real Goods will then enter the data into the system. Real Goods posted a loss of $175,000 last year on sales of $15.3 million, Schaeffer said. ``We expect to be profitable this year,'' he said, adding he estimates sales to climb to about $20 million. Earlier this year, the SEC permitted Spring Street Brewery Co., of New York, to make an initial public offering over the Internet. The agency asked the company to suspend trading, pending review of legal implications of such a trading system. Spring Street subsequently said it planned to establish an online stock exchange through a unit. _______________________ Regards, Democracy is where you can say what you think even if you don't think. - Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From watt at sware.com Mon Jul 1 12:54:39 1996 From: watt at sware.com (Charles Watt) Date: Tue, 2 Jul 1996 03:54:39 +0800 Subject: rsync and md4 In-Reply-To: <199607011419.KAA20986@jekyll.piermont.com> Message-ID: <9607011452.AA15989@mordred.sware.com> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-Certificate: MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK aTxjgASxqHhzkx7PkOnL4JrN+Q== MIC-Info: RSA-MD5,RSA, BmSwniu8gUasZa1TjPkW32wDQoVcczj8fKdr0iBciiZtHKyz1xXgeHgBI9V0oV8h dwcOLMC8bbAL39VVNkGHlxw= > > Perry, as you are so fond of quoting Dobbertin, let me forward once again to > > the list Hans' analysis of the "crack" that he discovered. He explicitly > > agrees with Mr. Ogren's analysis. > > No, he doesn't. Dobbertin's privately circulated document is entitled > "Cryptanalysis of MD5", not "Possible weaknesses in MD5". The MD4 > results were even more damning. It is true that the attacks aren't > general, but they are bad enough that the key property of > cryptographic hashes -- that it is computationally infeasable to > produce two documents with the same hash (note that the property is > NOT that you cannot produce a document with the same hash as a > document selected by the opponent), has been broken. Chosen plaintext, > in particular, is completely broken. > > Dobbertin explicitly says that although there is no reason to panic, > that MD5 is not to be trusted. > > I quote from your quote of Dobbertin: > > 5. My conclusions are: no reason for panic, but in future > implementations better move away from MD5. > > > Yes it is prudent to move away from MD5. But there are still plenty > > of uses where it is more than sufficient. > > Yeah, like if you are looking for a wacky checksum and not a > cryptographic hash. > > Look the point is that Ogren seems to think this is some sort of a > minor technicality and that we can safely ignore it most of the > time. Thats simply not prudent. Once you find that the key properties > of your cryptographic hash have fallen and you have to be > exceptionally careful about what you put through the hash lest an > attacker somehow influence it, you've lost the game. MD5 is no longer > trustworthy. I agree that one needn't run screaming in the streets, > but Ogren made it sound as though this wasn't a matter of > concern. Thats simply wrong. Saying that leads people to a completely > incorrect conclusion. I admit I am at a disadvantage having deleted the first few messages on this thread without actually reading them -- but when I am out one day and come back to 200+ cypherpunk messages of which perhaps 10 are relevant to cryptography, I get a little quick with the delete. However, I am assuming from the stated speed requirement that the original query was intended for just such a hashing scheme. I interpretted Ogren's comments along the lines of "choose an algorithm based upon a best fit for the requirements, where security is just one of the requirements (although the most important)" (quotes used to indicate paraphrasing rather than actual quote). If these assumptions are valid, then he is quite correct, for a blanket condemnation of MD5 is unwarranted. If the intended application is for use with signatures, then I too would be quite leary of MD5 -- but only if I am signing a document that I did not originate OR I need to ensure the validity of the signature for longer than 12 months. Condemning an application of MD5 without understanding the specific requirements placed upon the hashing algorithm is unjustified. Complacently accepting the strength of the algorithm for all applications based upon recent findings is foolish. Charles Watt SecureWare -----END PRIVACY-ENHANCED MESSAGE----- From ogren at cris.com Mon Jul 1 13:01:46 1996 From: ogren at cris.com (David F. Ogren) Date: Tue, 2 Jul 1996 04:01:46 +0800 Subject: rsync and md4 (my final comments) Message-ID: <199607011536.LAA26258@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- > > "David F. Ogren" writes: > > I stand by my statements. > > Then you have lost all your reputation with me. If you don't even have > the integrity to admit that you are wrong, you are obviously not a > reasonable source of information. > At this point, I can see that we have agreed to disagree. Mr. Watt has kindly quoted the exact text from Dobbertin, which I did not have handy. Let the readers of this list decide for themselves in regards to the security of MD5. But I wanted to make two last comments before this thread (finally!) dies. 1. I think that you will agree that MD4 will work fine for Mr. Tridgell's program, irregardless of your criticisms. He specifically stated that he was not concerned about intentional collisions, only random ones. 2. (quoted from Mr. Perry in an article entitled "MD5 breaks, etc.") > checked. However, the result is widely known. MD5 is *not* > something that should be trusted going forward, and I hope the next > version of PGP uses SHA-1. As I understand the current plans, PGP 3.0 _will_ incorporate a SHA option. In fact, I believe that there may already be "bootleg" versions that incorporate SHA. - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMdfvtuSLhCBkWOspAQGkQwf5AQTJbqJ7YQOCSaLWK7qjn0Fr0AzF9Cyb Bd2WJcHisQZ4WxwPy41SF3uUNXvgyES11rfvqa7SoqDU1QuO4N3I8PZ5+zrlwDpI 2Yb/wHyQ2jPtCVSWCmoyZfbw7a9086wWbg+N4IDuefPdgI+SqNiYmQnEsrh1+f9T L2/gC6GLXFHtl68guYTGjI3XIgHcILWkqjuo19rzw+4NXAQ3kPxTaBLGcxuMYEPl E5IbuKZ3mN4CZIDTSSctr78cthsr79KgW5NwlBW5AcCkU1XnhALVTN0vNEf2tILN jl0BdVALNbkyFdTAE7/5z6pDcThgKR/68cRrTBTRFlq1WAadXAKV8w== =drZ2 -----END PGP SIGNATURE----- From perry at piermont.com Mon Jul 1 13:39:32 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 2 Jul 1996 04:39:32 +0800 Subject: MD5 breaks, etc. In-Reply-To: <1996-Jul01-150540.1> Message-ID: <199607011553.LAA21151@jekyll.piermont.com> "John Hemming - CEO MarketNet" writes: > Accepting for a moment that MD5 collisions have been identified. From > a commercial aspect I am concerned to ensure the cryptographic security > of our ECheque system. [...] > Just a thought on the use of MD5. If two signatures are appended to the > same document both using MD5, but one either > > a) Signing all but the last octet of the message ... or > b) Signing the whole of the message and signature. > > Would that not make the determination of useable collisions either > impracticable or impossible? Wouldn't it be easier to move to SHA-1? > Alternately, could someone please point me at the SHA algorithm. I believe SHA-1 (note-- you want the updated version!) is in the latest edition of Schneier, or at least is referenced there. BTW, you are going to have to assume if you are doing real world business that you will be upgrading your algorithms every few years until the end of your application's lifespan. Perry From johnhemming at mkn.co.uk Mon Jul 1 14:01:24 1996 From: johnhemming at mkn.co.uk (John Hemming - CEO MarketNet) Date: Tue, 2 Jul 1996 05:01:24 +0800 Subject: MD5 breaks, etc. Message-ID: <1996-Jul01-150540.1> Accepting for a moment that MD5 collisions have been identified. From a commercial aspect I am concerned to ensure the cryptographic security of our ECheque system. Just a thought on the use of MD5. If two signatures are appended to the same document both using MD5, but one either a) Signing all but the last octet of the message ... or b) Signing the whole of the message and signature. Would that not make the determination of useable collisions either impracticable or impossible? I must admit I am inclined to encode additionally the key components of the message (amount paid, to whom) as well as the hash using a Private Key encryption. After all we have at least 60 octets of important data that can be encoded in this manner using one simple encryption sequence, this can cover account credited and amount easily. If someone can collision codge the description I am not desperately concerned. Alternately, could someone please point me at the SHA algorithm. From alex at crawfish.suba.com Mon Jul 1 14:27:33 1996 From: alex at crawfish.suba.com (Alex Strasheim) Date: Tue, 2 Jul 1996 05:27:33 +0800 Subject: Sameer got plugged on C-SPAN Message-ID: <199607011632.LAA07025@crawfish.suba.com> Janlori Goldman, at the Center for Democracy & Technology, just mentioned Sameer's anonymizer on C-SPAN during a segment of Internet privacy. They showed a shot of the screen and everything. From snow at smoke.suba.com Mon Jul 1 14:46:29 1996 From: snow at smoke.suba.com (snow) Date: Tue, 2 Jul 1996 05:46:29 +0800 Subject: crypto and bagpipes [NOISE] In-Reply-To: Message-ID: On Sun, 30 Jun 1996, Mark O. Aldrich wrote: > > Can this be the end of civilization as we know it? > What is this civilization thing people keep talking about, and how could _anything_ relating to bagpipes be remotely civil? crypto tie-in: If you steno a voice message into bagpipe music, would anyone be able to stand it long enough to extract the message? Petro, Christopher C. petro at suba.com snow at crash.suba.com From perry at piermont.com Mon Jul 1 15:07:38 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 2 Jul 1996 06:07:38 +0800 Subject: rsync and md4 (my final comments) In-Reply-To: <199607011536.LAA26258@darius.cris.com> Message-ID: <199607011647.MAA21252@jekyll.piermont.com> "David F. Ogren" writes: > 1. I think that you will agree that MD4 will work fine for Mr. Tridgell's > program, irregardless of your criticisms. He specifically stated that he > was not concerned about intentional collisions, only random ones. If one is concerned about speed and doesn't need a cryptographic checksum, a long CRC will be far, far faster and will do fine. As soon as one starts talking about using cryptographic checksums, there is no point in using them unless one really wants the cryptographic protection. Perry From ogren at cris.com Mon Jul 1 15:32:05 1996 From: ogren at cris.com (David F. Ogren) Date: Tue, 2 Jul 1996 06:32:05 +0800 Subject: rsync and md4 Message-ID: <199607011700.NAA19537@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- > Look the point is that Ogren seems to think this is some sort of a > minor technicality and that we can safely ignore it most of the > time. Thats simply not prudent. Once you find that the key properties > of your cryptographic hash have fallen and you have to be > exceptionally careful about what you put through the hash lest an > attacker somehow influence it, you've lost the game. MD5 is no longer > trustworthy. I agree that one needn't run screaming in the streets, > but Ogren made it sound as though this wasn't a matter of > concern. Thats simply wrong. Saying that leads people to a completely > incorrect conclusion. And I told myself I wouldn't respond to this thread anymore. Oh well. I just don't want to be misinterpreted. I never meant to imply (and don't think that I did), that the attacks against MD5 were insignificant. As I said, I'm moving to SHA in any software I develop from now on. What I said was the attacks were insignificant in the application being considered (rsync) and that MD5 was not completely broken. Come on, all the guy wanted was a fast 128 bit checksum. For example, I am still using PGP clearsigning which, of course, uses MD5. Dobbertin indicates that his attack cannot be used against me as long as I only sign messages that I create myself. Yes, PGP would work better with SHA. I'd be able to sign documents that others created with (more) certainty. But that doesn't mean that I should stop using PGP. P.S. I apologize to the list for flooding this list recently. Unfortunately, I took it a little too personally when Perry told me to "stop spewing inaccurate information" and to "quit posting". It was late, and I let him bait me more than I ordinarily would. Now I find myself running in circles trying to make sure that I've made myself clear and that no one else (other than Perry) is misintepreting what I'm saying. - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMdgDbuSLhCBkWOspAQGPeQf/QJB109Gjd3s/ALodykZgH0S6FCs3wHK7 OiTUpxBF5lwojhBSrz7ej1RnAW+Uq5Lcz/GyWqH6rvYPPI1uZ3023UAV3nqH8qXY nnznPfvTkUQgSjaQu/YRvWlTWwrNsW/KIR6iVbwVDnbUnvuAjUJskWyAg1Wz4zIV 8PV8RnrHSTT06j5LrCtiD0eWr/NgmpgIFS5+ID5z9/ikMV6xF4zSrlubELFFJUUT M3nZWDlr7SaU0hFLQt3yu6oSqAjKSGrPsU1QCJ/Y1zdS49R/cLIzOzbQ42R1Cyot hMnAayTqNdUI/goa2WAbda3gYpRodTA2GpciNj7u3xs0Ik/1TIEqlw== =4x7D -----END PGP SIGNATURE----- From scott_wyant at loop.com Mon Jul 1 15:32:38 1996 From: scott_wyant at loop.com (Scott Wyant) Date: Tue, 2 Jul 1996 06:32:38 +0800 Subject: [Fwd: Doubleclick] Message-ID: <1.5.4.32.19960701172423.006cd9e8@pop.loop.com> At 12:43 PM 6/30/96 -0700, you wrote: > >> > >Date: Wed, 26 Jun 1996 19:42:00 -0700 >> > >From: Scott Wyant Subject: COMMENT: >> > >Cookie dough >> > > >> > >If you're like me, you never went to a site called "doubleclick." >> > >So how did they give you a cookie? After all, the idea of the >> > >cookie, according to the specs published by Netscape, is to make a >> > >more efficient connection between the server the delivers the >> > >cookie and the client machine which receives it. >> > >But we have never connected to "doubleclick." > >Scott must have. Navigator is very picky about where a cookie comes >from and what is put in the domain field of the cookie. > Nope. I'm afraid your information is incorrect here. I've also watched other sites hand me a double-click cookie. And no, I don't work for "DoubleClick." Interesting premise, though. Scott Wyant Spinoza Ltd. From warlord at ATHENA.MIT.EDU Mon Jul 1 16:10:22 1996 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Tue, 2 Jul 1996 07:10:22 +0800 Subject: MacPGP 2.6.3 released In-Reply-To: <199607010634.XAA23399@yap.pactitle.com> Message-ID: <199607011808.OAA03374@charon.MIT.EDU> > > ...PGPlib (as I said, there is no PGP 3.0) will have full 2.6 > > support. So, I don't know where you heard this, but I would > > recommend you verify your information with people close to the > > project before spreading more FUD around. > > > > Enjoy! > > Where do I get PGPlib? An Altavista search of PGPlib turned up > nothing, and it's not on net-dist.mit.edu, which I thought was the > canonical distribution point? If you read closely, you will notice that I said "will", which is in the future tense. PGPlib has not been released, yet. But it will. And I will most assuredly let you know when it is released. Until then, however, my time is better spent implementing than responding to email like this. So, thanks for making me lose my concentration and my place in my code so I could reply to your message. Enjoy! -derek From iang at cs.berkeley.edu Mon Jul 1 16:14:20 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Tue, 2 Jul 1996 07:14:20 +0800 Subject: PGP Inc. buys ViaCrypt (was: Zimmerman/ViaCrypt?) In-Reply-To: <0PggPD7w165w@Garg.Campbell.CA.US> Message-ID: <4r95j8$db6@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <0PggPD7w165w at Garg.Campbell.CA.US>, Edgar Swank wrote: >Phil disagrees with ViaCrypts new "business" version of PGP which >apparently encrypts all messages with an employer-supplied public key >in addition to any specified by the employee. ViaCrypt has their side >of the argument on their web page. > > http://www.viacrypt.com/ > >The basis of the possible lawsuit would be that ViaCrypt violated >their agreement not to put any "back door" into any product with the >PGP name. Whether the "business version feature" could be defined as a >"back door" would be the crux of the argument. > Muppet news flash: I'm listening to the SAFE conference live by RealAudio, and Zimmerman just announced that on Friday, PGP Inc. bought ViaCrypt. He didn't give any more details. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdgZikZRiTErSPb1AQExbgP+KYhxBQ8iBs73tQXsmcUezXMznkG88q2E +8G6tqzml5sX3DYsss3rDL/Le2a6RRZjYwOnjpnhjWdCPUIKsXE6s41XaaBhSN0f RaJnYWp+rMPdSMRvHsQQahg25WdGdSYgnHBW46NMGDoBbOG8EN9/Cn0lnIRIfXE6 dP4BCMzoBjw= =nwDn -----END PGP SIGNATURE----- From blancw at microsoft.com Mon Jul 1 16:15:33 1996 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 2 Jul 1996 07:15:33 +0800 Subject: FW: "CyberPayment Infrastructure" Message-ID: >---------- >From: Dick Moores[SMTP:rdm at netcom.com] >Sent: Sunday, June 30, 1996 2:13 PM >To: SEASIGI >Subject: "CyberPayment Infrastructure" > >"CyberPayment Infrastructure" is the title of a new article from the >Journal of Online Law. I have an email subscription, but there's also >a >web site, http://www.wm.edu/law/publications/jol . The new article >should be on the web site soon, but if it's not, I'll send it to anyone >who asks. It's about 20k. Here's the abstract: > > {Article 6} > > CyberPayment Infrastructure > Henry H. Perritt, Jr. [NOTE 1] > > [Cite as Henry H. Perritt, Jr., > "CyberPayment Infrastructure," > 1996 J. Online L. art. 6, par. ___] > >Abstract > >{par. 1} An essential requisite for commerce on the Internet >is the existence of a reliable and secure system to handle >payment for goods and services purchased. The basic >technology for such systems is public key encryption. >Professor Perritt explains how this technology can be used >to create a variety of "payment infrastructures." Any >payment system must meet certain requirements: merchants can >depend on it to be paid; consumers have access to the means >of payment through intermediaries like "certificate >authorities;" these intermediaries understand their >responsibilities and risks; and existing financial >institutions understand their responsibilities in the world >of non-paper-based financial instruments. Much of what is >necessary can be accomplished within today's legal framework >without need of new laws. > >----------------------------------------------------------------- > >Dick Moores rdm at netcom.com > > From tim at dierks.org Mon Jul 1 16:28:48 1996 From: tim at dierks.org (Tim Dierks) Date: Tue, 2 Jul 1996 07:28:48 +0800 Subject: [Fwd: Doubleclick] Message-ID: At 10:24 AM 7/1/96, Scott Wyant wrote: >At 12:43 PM 6/30/96 -0700, jon at aggroup.com wrote: >>> > >From: Scott Wyant Subject: COMMENT: >>> > > >>> > >If you're like me, you never went to a site called "doubleclick." >>> > >So how did they give you a cookie? After all, the idea of the >>> > >cookie, according to the specs published by Netscape, is to make a >>> > >more efficient connection between the server the delivers the >>> > >cookie and the client machine which receives it. >>> > >But we have never connected to "doubleclick." >> >>Scott must have. Navigator is very picky about where a cookie comes >>from and what is put in the domain field of the cookie. > >Nope. I'm afraid your information is incorrect here. I've also watched >other sites hand me a double-click cookie. The way doubleclick works is that the sites who contract with them to sell advertising space insert a URL into their page which fetches the doubleclick ad banner. For example, the guys at TroutHeads, Inc. (www.troutheads.com) would insert an HTML IMAGE tag with an HREF referring to ad.doubleclick.net; that then results in _your_ browser doing an HTTP transaction with ad.doubleclick.net; doubleclick can then hand you all the cookies it wants. Anytime you fetch an image, you're visiting a site, and because it's automatic, you can easily visit a lot of sites you never knew you were going to. >From : For any HTML document you wish to display an ad banner for, simply add the following HTML tags:

Click on graphic to find out more!
Where MY_URL is the URL for the HTML document displaying the ad banner. For example:

Click on graphic to find out more!
- Tim Tim Dierks - Software Haruspex - tim at dierks.org "...when ketchup finally comes out of the bottle, it is going a good 25 miles a year.... It rolls along at three-thousandths of a mile an hour. Heinz knows the speed because it has a device called a Bostwickometer, a chutelike contraption that calculates the speed at which ketchup travels." - The New York Times, June 12, 1996 From jya at pipeline.com Mon Jul 1 16:59:40 1996 From: jya at pipeline.com (John Young) Date: Tue, 2 Jul 1996 07:59:40 +0800 Subject: Technology and Privacy Message-ID: <199607011930.TAA03640@pipe3.t2.usa.pipeline.com> The Washington Post, July 1, 1996, p. A16. Technology and Privacy [Letter] In reference to the May 31 editorial "Plant Lights and Privacy" commenting on an 11th Circuit Court of Appeals decision to uphold the use of thermal imaging in cases involving indoor marijuana growing operations: The U.S. Supreme Court had just declined to review that 11th Circuit decision. On June 11, The Post published a letter from Jack King ["When Government Can Look Through Walls"] warning us that thermal imaging, as developed by the military and as used by civilian law enforcement agencies with the cooperation of the military, posed an Orwellian threat to citizens because the government could use the technology to tell if two people were making love in the privacy of their bedroom. To set the record straight, military thermal imaging is used to support civilian law enforcement only after other probable cause for a search warrant, such as power bills, observation of boarded-up windows, vents on the roof to draw away heat and buys by confidential informants, are documented. The military is then called in, using thermal imagers, to determine if there is an unusual heat source in the house as detected by heat escaping from the house. In dozens of cases where thermal imaging was used, I have not observed one case where it could detect the activity of people in a house, let alone a bedroom. I also have not observed the technology to have the ability to detect what people are doing in any room behind closed doors, covered windows and walls other than to detect blurs or shadows moving around behind light curtains. The United States v. Cusumano language quoted by Mr. King was reversed last month by the court because the original three judges decided it was an issue that didn't need deciding, i.e. the constitutionality of thermal imaging absent a search warrant, and did not exercise "judicial restraint." The trend to Mr. King's "militarization" of the war on drugs, based on a decision by then-secretary of defense Richard Cheney that drug use represented a threat to our national security, is being carried out with restraint, respect for the law and an appropriate appreciation for the privacy of our citizens. Barrie A. Vernon Alexandria The writer is an attorney with the National Guard Bureau at the Pentagon working in support of the counter-drug directorate. [End] From jya at pipeline.com Mon Jul 1 17:13:41 1996 From: jya at pipeline.com (John Young) Date: Tue, 2 Jul 1996 08:13:41 +0800 Subject: The Net and Terrorism Message-ID: <199607012008.UAA08186@pipe6.t2.usa.pipeline.com> To complement Tim May's essay on the Net and Terrorism: The Washington Post, July 1, 1996, Business, p. 22. Keeping the Military in High Tech [Excerpts] At Camber Corporation in Springfield, Va., posters, comic strips and colorful Silicon Graphics Inc. computers dot the office landscape. Employees banter as they work. Technical director Bryan Ware, 26, serves as the bridge between the college-age computer programmers and the military commanders who authorize the projects. "A lot of military people don't know or trust technology," he said. "A lot of computer nerds don't know or trust the military. I know and like both." The Army had a congressional mandate to prepare for terrorists using chemical, biological or even nuclear weapons and for civilian doctors having to figure out how to treat the victims. To that end, the Army contracted Camber to create the Nuclear Biological Chemical Medical Defense Information Server which has many more bells and whistles than the average Web site. On the opening page, "danger" signs line the background. Articles on the latest terrorist catastrophes appear in the center of the screen. Black illuminated links to the site's library, to news and to other information fill the left-hand side. Click on the library link, and medical manuals on nuclear, biological and chemical warfare treatments appear. To the left, a video section link becomes visible. Click on it, and an interactive session begins between the user and an actor playing the role of nuclear, chemical or biological warfare victim. If the user administers the proper treatment (it's good to read the library manuals before going to the video), the victim will survive. If the user fails to administer the correct procedures, the victim will die. "We try to have fun," said Alex Neifert, 21, who's working on the Army Web site project for the summer before heading back to the University of Michigan's Graduate School of Information in the fall. "We're hoping to improve the preparedness of the military and civilian communities to deal with these types of problems. This site will give doctors access to important information that could save lives in the event of a terrorist action," said the Army officer in charge of the project. Camber and the military hope that 1,000 visitors will view the Web site daily when it officially opens July 3. To access the site, point your browser to: www.nbc.gov/. ----- From seth at hygnet.com Mon Jul 1 18:21:21 1996 From: seth at hygnet.com (Seth I. Rich) Date: Tue, 2 Jul 1996 09:21:21 +0800 Subject: [Fwd: Doubleclick] In-Reply-To: <1.5.4.32.19960701172423.006cd9e8@pop.loop.com> Message-ID: <199607012117.RAA08803@arkady.hygnet.com> > >> > >If you're like me, you never went to a site called "doubleclick." > >> > >So how did they give you a cookie? After all, the idea of the > >> > >cookie, according to the specs published by Netscape, is to make a > >> > >more efficient connection between the server the delivers the > >> > >cookie and the client machine which receives it. > >> > >But we have never connected to "doubleclick." You probably loaded a banner ad from doubleclick -- and downloading the inline image from their site is sufficient for the cookie transfer to take place. Seth --------------------------------------------------------------------------- Seth I. Rich - seth at hygnet.com "Info-Puritan elitist crapola!!" Systems Administrator / Webmaster, HYGNet (pbeilard at direct.ca) Rabbits on walls, no problem. From declan at well.com Mon Jul 1 19:54:17 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 2 Jul 1996 10:54:17 +0800 Subject: Technology and Privacy Message-ID: The June 11 letter was from Jack King, a quite clueful and thoughtful D.C. attorney who has been diligent in tracking the war on (some) drugs. Hardly an alarmist. Why can't I quite bring myself to trust "Barrie A. Vernon?" -Declan > The Washington Post, July 1, 1996, p. A16. > > > Technology and Privacy [Letter] > > > In reference to the May 31 editorial "Plant Lights and > Privacy" commenting on an 11th Circuit Court of Appeals > decision to uphold the use of thermal imaging in cases > involving indoor marijuana growing operations: The U.S. > Supreme Court had just declined to review that 11th Circuit > decision. > > On June 11, The Post published a letter from Jack King > ["When Government Can Look Through Walls"] warning us that > thermal imaging, as developed by the military and as used > by civilian law enforcement agencies with the cooperation > of the military, posed an Orwellian threat to citizens > because the government could use the technology to tell if > two people were making love in the privacy of their > bedroom. > > To set the record straight, military thermal imaging is > used to support civilian law enforcement only after other > probable cause for a search warrant, such as power bills, > observation of boarded-up windows, vents on the roof to > draw away heat and buys by confidential informants, are > documented. The military is then called in, using thermal > imagers, to determine if there is an unusual heat source in > the house as detected by heat escaping from the house. In > dozens of cases where thermal imaging was used, I have not > observed one case where it could detect the activity of > people in a house, let alone a bedroom. I also have not > observed the technology to have the ability to detect what > people are doing in any room behind closed doors, covered > windows and walls other than to detect blurs or shadows > moving around behind light curtains. > > The United States v. Cusumano language quoted by Mr. King > was reversed last month by the court because the original > three judges decided it was an issue that didn't need > deciding, i.e. the constitutionality of thermal imaging > absent a search warrant, and did not exercise "judicial > restraint." > > The trend to Mr. King's "militarization" of the war on > drugs, based on a decision by then-secretary of defense > Richard Cheney that drug use represented a threat to our > national security, is being carried out with restraint, > respect for the law and an appropriate appreciation for the > privacy of our citizens. > > Barrie A. Vernon > Alexandria > The writer is an attorney with the National Guard Bureau at > the Pentagon working in support of the counter-drug > directorate. > > [End] > > > > > > From ses at tipper.oit.unc.edu Mon Jul 1 19:54:28 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 2 Jul 1996 10:54:28 +0800 Subject: The Net and Terrorism In-Reply-To: <199607012008.UAA08186@pipe6.t2.usa.pipeline.com> Message-ID: [www.nbc.gov] hmmm... I remember using IRC during scud attacks when I was working at the Technion. Useful sources of info, but kind of worrying when you suddenly lose all of Tel Aviv when a server picks an importune time to reboot :-) Simon I want my, I want my, I want my Atropine --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From WlkngOwl at unix.asb.com Mon Jul 1 19:56:00 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 2 Jul 1996 10:56:00 +0800 Subject: mocking paranoia Message-ID: <199607012239.SAA25392@unix.asb.com> On 29 Jun 96 at 5:58, nelson at crynwr.com wrote: > Earlier, someone mocked someone else for being paranoid. Sorry, but > this is a mistake. By definition, you have a non-empty threat model > when you set out to encrypt; therefore you must be paranoid to use > encryption. [..] Depends. If you're paranoia is irrational, then you may do irrational things that will hurt... For instance, there are people who believe that the NSA has control over every C compiler on the planet which inserts a back door into any version of PGP, and therefore the only 'safe' PGP is v1.0. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From frogfarm at yakko.cs.wmich.edu Mon Jul 1 22:30:32 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Tue, 2 Jul 1996 13:30:32 +0800 Subject: (fwd) Re: Cookie problem here , cookie problem there ... Message-ID: <199607020059.UAA11206@yakko.cs.wmich.edu> [Given the recent upset here regarding cookies, of which I only have the most cursory knowledge, I hope some will find this tidbit of use.] >From: jerryw at convex.com (Jerry Whelan) Newsgroups: comp.infosystems.www.authoring.cgi,comp.infosystems.www.authoring.misc,comp.infosystems.www.browsers.misc Subject: Re: Cookie problem here , cookie problem there ... Date: 1 Jul 1996 14:28:39 -0500 Lines: 28 In article <4r8m92$4u at news.istar.ca>, Gord Jeoffroy wrote: -} Margaret wrote: -} -} >You can disable the warnings, you cannot disable the cookies. I am -} >cancelling every cookie I encounter (I usually avoid sites heavy -} >with cookies), reason - I hate invasion of privacy and in particular, -} >junk email from direct marketing. -} -} -} I completely agree with your sentiment, by the way. I'm planning to -} add an editorial to an online magazine I'm beginning. The article will -} be full of server-side includes to demonstrate to the person reading -} it that Big Brother definitely is watching. I don't have any connection with these guys, except that I use their software. Check out www.privnet.com and the Internet Fast Forward netscape plugin for Windows. It can selectively filter cookie transmissions to web servers as well as some other very cool stuff like filter out unwanted images, including but not limited to advertisements. You will be amazed how much more information you can get on your screen when you filter out the useless images, like the one netscape puts at the top of their home page. -- ------------------------------------------------------------------------------ Jerry Whelan -- Information Superman jerryw at convex.com -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information "We think people like seeing somebody in a uniform on the porch." -US Postal spokeswoman, quoted in AP 1/27/96. I don't know about you, but the only folks I know who'd enjoy seeing someone in uniform on their porch are leathermen... From minow at apple.com Mon Jul 1 22:31:40 1996 From: minow at apple.com (Martin Minow) Date: Tue, 2 Jul 1996 13:31:40 +0800 Subject: Notes from SAFE meeting Message-ID: Here are my raw, unedited, incomplete, and not to be trusted, notes from the SAFE meeting, July 1, 1996, at Stanford. (ps. thanks to the folk who did an amazing amount of work to put this on.) burns: fbi, cia, nsa presented to senate/congress: said nothing that wasn't already in public record (newspapers) telia (Swedish Telecom) representative (Mattias Soederholm) -- can't import strong encryption as NSA claims it would harass company. doesn't like having to tell customers that USA will read their mail. Whit Diffie - nuclear non-proliferation: proliferation of crypto does more good than harm: make sure that weapons are under your control: extensive development since Kennedy administration. Positive control over nuclear weapon: crypto. ---- Technical panel ---- whit diffie, eric thompson (forced decryption, fbi is a client), bruce schneier, tom parenty (sybase), matt blaze. We came to discuss policics, but were charged with discussing technology. key lengths -- too much jargon. question is work factor: how much work to break system. public keys used only for signatures; actual encryption uses "normal" crypto. 40 bits == 2^40 operations to get a key. First: two different points of view: security officer: every message must be secure, even against strong opponent. intelligence agency wants to read every message. 30, 60, 90, 120. 2^30 == one billion. any pc can recover any key. billion billion == des. very clear that can do it, not easy, however. 90 bits billion billion billion. won't be do-able in lifetime of business personal data. 120 bits can't be do-able in forseeable future. but, point of view of an intercept organization; meet in the middle? won't satisfy either party's interest. 40 bit can be exported. last year, demonstrated that can break 40 bit keys. Takes on order of few weeks to a month of Sun workstations. intercept device spends most of its time deciding whether to record data. has a fraction of a second to look at a message, 40 bits too large for intercept on that basis. eric thompson. access data. cryptanalysis -- break codes, build hardware to aid in this. specialize in defining parts and pieces to break e.g., rc40 amd2905 chips on a board breaks in $8,400 engineering cost. Sell under $20,000. little company, not well-funded government agency. des fpga about $1M/7 days per key. off the shelf design using 5 year old chips. what's realistic to expect the nsa, fbi can do? bruce schneier: foreign crypto. is it any good? yes. more done outside usa than inside. many countries asia, europe, pacific have strong groups. algorithm conferences: 90% of papers from outside usa. hard to get funding in usa. more academic research overseas. products with more options. here, products are hamstrung by baggage: key length, escrow. other countries can write without restrictions. best products from former yugoslavian folk working in swedish university. usa corp's cant compete: no talent, government restrictions. losing our share of research, developement, products. as internet becomes ubiquitious, we lose market share. restrictions won't stop, will only hurt us. tom parenty; worked for NSA: "in God we trust, the rest we monitor." key escrow ineffective. can today buy over 500 products from 60 countries. no usa monopoly. www.cypto.com home page; list of pointers for our favorite foreign crypto products (for some value of "our" and some value of "favorite.") crypto controls don't keep crypto out of child pronographer hands. keeps out of hands of legitimate individuals and corporations. criminal, terrorist, can layer foreign crypto on anything usa gov't does. will give protection. moral equiv of wiretaps? no! criminals: criminals talk to criminals, criminals talk to rest of world. crim to crim: use strong crypto. crim to airline, car rental, hotel: can go to airline etc. and subpeona their records: crypto buys nothing for wiretap. solve crimes, prevent crimes? would key escrow prevent oklahoma bombing? but without strong crypto, foreigner working outside usa can take plane down, grab medical records. etc., by hacking insecure networks. matt blaze: key escrow. ignore politics; doesn't make technical sense. fundamental flaws software engineering can't technically solve in a sensible way. first: enormous increase of engineering complexity. difficult to design even simply secure (alice, bob, eve + detective dorothy) system engineering. key escrow makes this even more difficult. engineering problem is too complex. classified world not far ahead of unclassified: blaze discovered protocol failure in clipper chip design -- can circumvent escrow field, can forge messages. reason failures occur not because nsa incompetent, but because problem is extremely difficult. second fundamental problem: operating key escrow center economically and technically difficult. 24/7/365, 2 hour response to law enforcement request. key escrow doesn't distinguish between comm key, data storage keys, and signature keys. releasing latter may be devistating. --- diffie: if you collect data; it will be used (census data used to round up Japanese in California, Jews in Germany, Holland, Denmark). schneier: data harvesting: insurance company wants to know who filled perscription for AZT. crpyto prevents against non-invasive attack; not against fbi entering house to install bugs. diffie: crypto requirements of bad people: terrorists need tight-knit, unified in purpose. tools to secure communication are readily available "closed crypto." ordinary folk need open crypto; delayed by government restrictions. --- legal issues: ken bass: counsel for telecom policy: national security? non-escrowed strong encryption? balance? costs? what are they, what do we lose? escrow born by nsa mission. didn't hear law enforcement concerns initially; now nsa stands behind shield of fbi. nsa/fbi has created arms race among cryptographers. most people would have been happy with des, which nsa can probably break, but not others. nsa discovered it was doing itself great damage by pursuing export controls: but biggest danger to nsa is explosion of protocols, routings, etc. nsa wants to read everything to see what it wants to look at. fbi, however, knows what it wants to see. nsa knows that crypto puts it out of business. nsa needs to preserve fiction of crypto (i.e, that they can read, but you think they can't). fbi wants to preserve status quo. law enforcement can't undertake survelience until it knows who the target is. don't need crypto to find crooks. needed only after you know who the crooks are. fbi foolish to try to convince us that crypto (escrow) is golden bullet of law enforcement. why does fbi need to have crypto to monitor people for whom they already have probable cause (that they need in order to get warrant to wiretap). jim lucire: americans for tax reform. IRS doesn't follow constitutional protections. barry steinhardt (ACLU). law enforcement concerned to preserve its wiretap capability. wiretap happy administration. set records for number of wiretaps (both in criminal and national security). law requiring wiretap capability in telecom infrastructure. additional crimes where wiretap allowed. Janet Reno: four challenges -- threat that encryption poses to law enforcement; ability to search for stored information. wiretapping. why does aclu find it so odious. fourth amendement "particularized suspicion" -- government must have a reason to search you. wiretapping is a "generalized search." in 1970's, 50% of wiretaps produced useful information. now 17% reveal useful info. warrant to search 100 homes to find criminal info in 17 homes? ability to continue wiretapping is in question. what is cost to individuals who are wiretapped? cindy cohn, lawyer: export problems with ITAR: scientists lose. bernstein case (can export crypto research): export rules squelch discussion and reseach: first amendment; right of people to talk about science, art, literature; not just politics. broadness: IATR is overlly broad. defines export to prevent publication. prevents export to "ordinary" people, but only intended to prevent export to terrorist. procedural problems: no hard boundaries. barbara simons (acm) -- copyright? net community suprised when CDA was passed. major voices heard are those of lobbiests; not technology focus; focussed only on their lobby-needs. monitor net? only to preserve copyright. goals will work only if you shut down the net. copyright legislation makes illegal to manufacture device to violate copyright (camera? vcr?) john gilmore (eff): can we trust the courts? won't be won on a single front: need to keep pressure up. "for purposes of first amendment analysis, court finds that source code is speech." will go to supreme court. need help from legislature. want to bring light into export control process. want to have clear rules so you can read rules, build product and export it. michael froomkin (law school, univ of miami): legal status of privacy? can't count on courts. don't take wait and see attitude. wiretap still has some value. Legal status of no export has been successful: no strong crypto in w/95. ken bass question: froomkin: crypto is a constitutional right (200 pages). very few nsa cases; mostly 4th amendment ('drug exception to constituion). korn case, bernstein case. briefs in cases required reading for congress (first amendment). crypto useful to protect free speech (Phil Zimmerman talked about human rights people in Burma who use PGP to protect their messages from government.) [representative zoe lofgren (Dem CA) -- someone proposed 4th amendment in congressional debate amending criminal law. Defeated on party lines.] implication for information sharing between cia/fbi/nsa with foreign intelligence agency? guatamala tragedy example of problem. the dumb criminal theory? blow up buildings with trucks they rent in their own names. --- With apologies for incoherence, errors, and incompleteness --- Martin Minow minow at apple.com From bluebreeze at nym.jpunix.com Mon Jul 1 22:55:15 1996 From: bluebreeze at nym.jpunix.com (Blue Breeze) Date: Tue, 2 Jul 1996 13:55:15 +0800 Subject: Sameer on C-SPAN Message-ID: <199607020123.UAA19678@alpha.jpunix.com> :From: Alex Strasheim :Date: Mon, 1 Jul 1996 11:32:21 -0500 (CDT) : :Janlori Goldman, at the Center for Democracy & Technology, just mentioned :Sameer's anonymizer on C-SPAN during a segment of Internet privacy. : :They showed a shot of the screen and everything. Not everything. No picture of Sameer!? That's what I'd like to see. From frissell at panix.com Mon Jul 1 23:39:16 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 2 Jul 1996 14:39:16 +0800 Subject: Iron Censorship Message-ID: <2.2.32.19960702020835.00b36038@panix.com> The New York Times reports that: "Tipped off by an anonymous source named "nobody," Simon & Schuster Inc. and its literary police are engaged in the Internet equivalent of a high-speed car chase: tracking down a runaway book pirated on right-wing and anarchist sites on the World Wide Web. In the last month, the publishing house's monitors have discovered more than seven Internet sites containing the text of "Report from Iron Mountain," first published in 1967 and intended as political satire, and re-released early this year by a Simon & Schuster imprint, the Free Press." http://www.nytimes.com/library/cyber/week/0701iron-mountain.html Taking up the challenge, I fired up AltaVista and quickly found: http://www.cwi.nl/htbin/jack/mailfetch.py?2383 (2646 lines) I haven't checked this version against my dog-eared first edition so I don't know if this one has been modified by the Great Enemy. DCF "Who wonders what ever happened to the Regional Government Conspiracy. Anyone out there remember "Blame Metro", "Terrible 1313" and other chronicles of what used to be called the Metropolitan Government movement?" From drosoff at arc.unm.edu Tue Jul 2 00:23:08 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Tue, 2 Jul 1996 15:23:08 +0800 Subject: rsync and md4 Message-ID: <1.5.4.16.19960702023938.4637d0c4@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 11.36 AM 7/1/96 -0400, David F. Ogren wrote: >2. >(quoted from Mr. Perry in an article entitled "MD5 breaks, etc.") > >> checked. However, the result is widely known. MD5 is *not* >> something that should be trusted going forward, and I hope the next >> version of PGP uses SHA-1. > >As I understand the current plans, PGP 3.0 _will_ incorporate a SHA option. >In fact, I believe that there may already be "bootleg" versions that >incorporate SHA. What is the difference between SHA and SHA-1? Is this algorithm subject to the same licensing as MD5? Could someone point me to such a bootleg version for DOS, please? Thanks. =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Non-technical beginner's guide to PGP ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdiLyBguzHDTdpL5AQHACgP/dmJJ6aQ0ZVlHN3WcAsPkaGoAypU/iCz4 F8HSK6nxbmG+pBd5+82Flzqpquy23Wfp+uk2l+CIv7oygoOMXVvadRLTQKXZEe+h 8/rk0pLATszwLakwa427P5xgGs4mfwvKjzBi0LpEIu1qkUmWYGQphl7KPAumdLc+ +3Wpc0INmHY= =qXUq -----END PGP SIGNATURE----- From daw at cs.berkeley.edu Tue Jul 2 01:00:33 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Tue, 2 Jul 1996 16:00:33 +0800 Subject: Message pools _are_ in use today! In-Reply-To: Message-ID: <4ra50l$is@joseph.cs.berkeley.edu> In article , Timothy C. May wrote: > The newsgroup "alt.anonymous.messages" has existed for a year or two, and > serves to be working reasonably well as a message pool. Check it out. alt.anonymous.messages is not an ideal message pool-- it is a hack. (Granted, it *is* a really cool, clever, and practically useful hack.) Ian and I talked about this at some length. alt.anonymous.messages has certain unfortunate shortcomings. Someone sniffing the Berkeley 'net can tell when I receive an alt.anonymous.messages message by when I download an article from the NNTP server; they can tell when I send such an article by when I upload an article to the NNTP server; they can list all the ``subversive'' Berkeley folks who have read alt.anonymous.messages lately. The local NNTP server must be trusted. Furthermore, even if you run a trusted NNTP server on your local machine, there are still vulnerabilities. Someone sniffing on your subnet can tell when you inject a new message onto alt.anonymous.messages, as can your neighboring NNTP servers. Then there are all the standard message length and timing threats from traffic analysis. And there is no perfect forward secrecy when using alpha nymservers to redirect email to alt.anonymous.messages. There are also second-order threats, arising from the fact that an attacker can selectively and remotely delete messages from some spools by using cancel messages, without compromising any NNTP servers. Ian's post detailed a proposal for implementing a message pool with better security properties: link encryption, constant size messages, randomized flooding, perfect forward secrecy, etc. This mechanism is intended to provide recipient anonymity. Sender anonymity must still be achieved by standard chaining methods. If folks have better ideas for how to achieve really good recipient anonymity, I hope they'll speak up! Take care, -- Dave From llurch at networking.stanford.edu Tue Jul 2 02:42:36 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Tue, 2 Jul 1996 17:42:36 +0800 Subject: Notes from SAFE meeting In-Reply-To: Message-ID: On Mon, 1 Jul 1996, Martin Minow wrote: > burns: fbi, cia, nsa presented to senate/congress: said nothing that wasn't > already in public record (newspapers) But he was entertaining. > telia (Swedish Telecom) representative (Mattias Soederholm) -- can't import > strong encryption as NSA claims it would harass company. doesn't like having > to tell customers that USA will read their mail. Specifically, he said "They said they had the power to harass us in ways that could not be traced." Conspiracy hounds feel free to have a field day with that one... > solve crimes, prevent crimes? would key escrow prevent oklahoma bombing? > but without strong crypto, foreigner working outside usa can take plane down, > grab medical records. etc., by hacking insecure networks. This seems to be the best argument for the masses. Tod L... from Wired and VTW felt the need to made some disparaging cracks about libertarian rants, as he distinguished them from the rational commentary. > second fundamental problem: operating key escrow center economically and > technically difficult. 24/7/365, 2 hour response to law enforcement request. Craig-somebody from Microsoft had earlier made an excellent point about the insurability of zero-asset escrow agencies. Would you give your key to this man? (Yes, I did find that funny coming from a Microsoft employee.) > the dumb criminal theory? blow up buildings with trucks they rent in > their own names. Of course, that kind of suicidally dumb criminal tends to do the most damage. Key escrow wouldn't help because it's too slow. -rich From frantz at netcom.com Tue Jul 2 02:49:25 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 2 Jul 1996 17:49:25 +0800 Subject: rsync and md4 [NON-CRYPTO ALGORITHM] Message-ID: <199607020623.XAA19699@netcom7.netcom.com> At 10:50 AM 6/30/96 +1000, Andrew Tridgell wrote: >It effectively creates binary diffs of the two files, without direct >(local) access to both files. As far as I know this is a new type of >algorithm. I worked with an algorithm which sounds similar to this one back about 20 years ago when creating a diff for VM/370 at Tymshare. Here's a quick description of the algorithm so you can see how much the hashing discussion below applies to your problem. (1) Chose a way to break the files into "units". We chose line ends. (2) Hash each unit in both files making two vectors of hashes. (3) Identify which units exist once and only once in a file by: (3a) Initialize a (large) vector of 2-bit entries to all zeros. (3b) Use the hash of each unit to index the vector. If the entry is 00 change it to 01. If it is 01 change it to 10. If it is 10 leave it alone. (4) And the two 2-bit entry vectors together to get the units that exist once and only once in both files. These units are anchors of similarity between the files. (5) Find the hashes which represent these anchors of similarity in both files and link them together. (6) Link the neighbors of already linked units. (7) The unlinked hashes represent differences between the two files. Note that this algorithm finds units that have been moved. I had to do something intelligent with this information to allow for diff-like output. To handle binary files you may need to change the definition of "unit". We used a simple barber poll hash. We went for a number of years before we had a hash failure. (I know, there was a bug in the code that handled hash failures.) A hash based on a CRC calculation would probably be better. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From llurch at networking.stanford.edu Tue Jul 2 02:51:30 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Tue, 2 Jul 1996 17:51:30 +0800 Subject: Info on alleged new German digital wiretapping law? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- None of the Europeans I ran into at today's SAFE conference had even heard of the legislation decried at http://fight-censorship.dementia.org/fight-censorship/dl?num=3027 and in alt.fan.ernst-zundel. What's up? - -rich http://www.stanford.edu/~llurch/ send mail with subject line "send pgp key" for my key or "911" to page me -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMdiyIpNcNyVVy0jxAQEi9QH7BglmZ3rtAnAcKp+5sMQzvWs8WUFXGzpO N8jqMnhpWhkIyFyV62EvAMFKHMGSquaPb75aak8s2xFTXJGsAuZDRg== =Dqj9 -----END PGP SIGNATURE----- From frantz at netcom.com Tue Jul 2 02:55:46 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 2 Jul 1996 17:55:46 +0800 Subject: SAFE Forum Message-ID: <199607020623.XAA19680@netcom7.netcom.com> Rather than a complete report (which will cover a lot of material people here already know), I will just give you my highlights from the forum. None of the people on the first panel have been asked to testify before either intelligence committee. (Panel was: Lori Fena, EFF; Craig Mundie, Microsoft; Eric Schmidt, Sun; and a substitute for Marc Andreessen from Netscape). Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] These systems can best be described as key-rental systems. "Crime prevention ought to be part of the FBI's mission. [Herbert Lin, National Research Council] Jim Omura [Cylink] spoke of specific business his company has lost to foreign competitors due to export licensing problems. He spoke of protecting US corporate links between China and the US. CompuServe losses are mostly overseas (in e.g. the former USSR) due to insecure communications and Telephone companies. [Tom Oren, CompuServe] PGP Inc bought ViaCrypt on Friday. [Phil Zimmermann, PGP Inc.] (Scooped by Ian Goldberg) Congresswoman Eshoo appeared not to have heard about PGP being used by human rights groups in e.g. Bosnia to protect their files. National Research Council report available from: www2.nas.edu/cstbweb A compromise on key length won't satisfy either side because those using encryption to protect their data want every single message to be secure (implying long keys and brute force times), while those monitoring communications need to quickly decide whether a message is interesting (implying short decrypt times). [Whit Diffie, Sun] We sell RC4, 40 bit decryption hardware (based on AMD29000) for $16K. FPGA devices for breaking DES in 7 days for $1M. [Eric Thompson, Access Data] NSA's problem is not crypto, but the explosive growth in the number of protocols. NSA needs to get out of the business of being a reputation agent for crypto (thru ITAR approval) and allow weak crypto to naturally appear in the market. [Ken Bass, Venabel, Baetjer, Howard and Civiletti] In the 1970s 50% of the wiretaps were of value, now only 17% are. [Barry Steinhardt, ACLU] The introduction of "Dorothy" as the canonical Key Escrow (GAK) holder. (To great hoots of laughter.) [I think this was Tom Parenty, Sybase, but I could be wrong.] When analyzing the crypto requirements of bad guys (e.g. terrorists) and good guys (e.g. digital commerce users), the bad guys are small, tight knit communities where the current, widely available, crypto systems work well. The good guys are not tight knit and need infrastructure we don't have, such as widely available software and certification. [Very broadly taken from Whit Diffie] ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From snow at smoke.suba.com Tue Jul 2 03:05:53 1996 From: snow at smoke.suba.com (snow) Date: Tue, 2 Jul 1996 18:05:53 +0800 Subject: The Net and Terrorism In-Reply-To: Message-ID: On Mon, 1 Jul 1996, Simon Spero wrote: > I want my, I want my, I want my Atropine No, you don't. Petro, Christopher C. petro at suba.com snow at crash.suba.com From vznuri at netcom.com Tue Jul 2 03:18:16 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 2 Jul 1996 18:18:16 +0800 Subject: whitehouse dossier database? Message-ID: <199607020639.XAA13694@netcom11.netcom.com> holy cow, is this real? Grabbe cites several credible references. although of course he himself fits the bill as one of the world's greatest conspiracy theorists (or trackers, depending on your point of view ). I don't recall the article by Paul Rodriguez of Washington Times, was it recent? ------- Forwarded Message Date: Sun, 30 Jun 1996 20:16:49 -0500 (CDT) Sender: owner-CN-L at cornell.edu From: Brian Redman To: Conspiracy Nation The following is brought to you thanks, in part, to the kind assistance of CyberNews and the fine folks at Cornell University. Conspiracy Nation -- Vol. 8 Num. 30 ====================================== ("Quid coniuratio est?") - - ----------------------------------------------------------------- THE WHITE HOUSE "BIG BROTHER" DATA BASE ======================================= - - -----BEGIN PGP SIGNED MESSAGE----- The White House "Big Brother" Data Base & How Jackson Stephens Precipitated a Banking Crisis by J. Orlin Grabbe Score another coup for Jackson Stephens' Systematics (Alltel Information Services). It provided the software for the White House's "Big Brother" data base system, and now the White House is in a panic that there may be secret methods of accessing its computer. The existence of the White House computer system and data base--known as WHODB, White House Office Data Base, and containing as many as 200,000 names--was revealed by Paul Rodriguez in the *Washington Times*. Some of the information was developed by *Insight*'s Anthony Kimery, soon to be managing editor of the electronic publication *SOURCES eJournal*. Kimery is a writer whose articles in *The American Banker* and *Wired* were among the first to report U.S. government spying on domestic banking transactions. (Kimery was also fired from one magazine for looking into the death of Vince Foster.) Now things have come full circle. The chief government effort to spy on U.S. domestic banking transactions was directed by the electronic spy agency, the National Security Agency (NSA), working in connection with the Little Rock software firm Systematics. Systematics, half-owned by billionaire Jackson Stephens (of Stephens Inc. fame), has been a major supplier of software for back office clearing and wire transfers. It was Stephens' attempt to get Systematics the job of handling the data processing for the Washington-D.C. bank First American that lead to the BCCI takeover of that institution. Hillary Clinton and Vince Foster represented Systematics in that endeavor, and later Foster became an overseer of the NSA project with respect to Systematics. Working together, the NSA and Jackson Stephens' Systematics developed security holes in much of the banking software Systematics sold. Now we face a crisis in banking and financial institution security, according to John Deutch, Director of the CIA. "One obstacle is that banks and other private institutions have been reluctant to divulge any evidence of computer intrusions for fear that it will leak and erode the confidence of their customers. Deutch said 'the situation is improving' but that more cooperation was needed from major corporations, and said the CIA remains willing to share information with such firms about the risks they might face." (*The Washington Post*, June 26, 1996, page A19.) What Deutch failed to mention was that this "banking crisis" in large part was itself created by one of the U.S. intelligence agencies--the NSA in cahoots with Stephens' software firm Systematics. The Citibank heist by Russian hackers, for example, took advantage of a back door in Citibank's Systematics software. (The Russian hackers were apparently aided by the son of one of Jim Leach's House Banking Committee investigators.) Have any major banks thought of instituting lawsuits over this deliberate breach of security on the part of a software supplier? John Deutch has a proposed solution for this and other computer security problems: the creation of an "Information Warfare Technology Center". Guess where he wants to put the Center: in the National Security Agency itself, naturally. That is, the government wants money budgeted for a new bureaucracy to solve the problem another bureaucracy spent money creating. You have to admire the sheer chutzpah of this kind of con--one which would also leave the NSA fox guarding the banking chicken coop. Meanwhile, over at the White House, senior aides are in a panic. Is the WHODB system related to the PROMIS software? they want to know. Is there a back door into the system? Have files been download? It just goes to show that given the right incentive, even the White House will begin spouting conspiracy theories. Perhaps Charles O. Morgan (see part 2 of my Vince Foster series) should write the White House a threatening letter. - - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdXLbWX1Kn9BepeVAQGSuwP7BOGXepZld6j1skJLnTfKYCDCBo3BZUyN A7hEslyPUkSh7pLGpJhiPQcQf+uEq9eFVYqeUKV+toKgZvEr6nb924aNFq5ObZyV 3drfdlWwgxf503ShHcOW7D/mpu2I5u1P2yyV5sM1nBH/y9CzX/DXNL9l3nBop7wA WmBXlraXros= =BjAo - - -----END PGP SIGNATURE----- - - ----------------------------------------------------------------- I encourage distribution of "Conspiracy Nation." - - ----------------------------------------------------------------- If you would like "Conspiracy Nation" sent to your e-mail address, send a message in the form "subscribe cn-l My Name" to listproc at cornell.edu (Note: that is "CN-L" *not* "CN-1") - - ----------------------------------------------------------------- For information on how to receive the improved Conspiracy Nation Newsletter, send an e-mail message to bigred at shout.net - - ----------------------------------------------------------------- Want to know more about Whitewater, Oklahoma City bombing, etc? (1) telnet prairienet.org (2) logon as "visitor" (3) go citcom - - ----------------------------------------------------------------- See also: http://www.europa.com/~johnlf/cn.html - - ----------------------------------------------------------------- See also: ftp.shout.net pub/users/bigred - - ----------------------------------------------------------------- Aperi os tuum muto, et causis omnium filiorum qui pertranseunt. Aperi os tuum, decerne quod justum est, et judica inopem et pauperem. -- Liber Proverbiorum XXXI: 8-9 - ------- End of Forwarded Message ------- End of Forwarded Message From tcmay at got.net Tue Jul 2 03:45:50 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 2 Jul 1996 18:45:50 +0800 Subject: Message pools _are_ in use today! Message-ID: I must be missing something....: At 3:28 AM 7/2/96, David Wagner wrote: >Someone sniffing the Berkeley 'net can tell when I receive an >alt.anonymous.messages message by when I download an article from >the NNTP server; they can tell when I send such an article by when >I upload an article to the NNTP server; they can list all the >``subversive'' Berkeley folks who have read alt.anonymous.messages >lately. > >The local NNTP server must be trusted. I'm not following your "upload an article to the NNTP server." Don't most people use mail-to-News gateways to post anonymously? (If not, they should, of course.) This way, the posting of an article has the anonymity provided by the chain of remailers used to reach the terminal site, the mail-to-News gateway. The posting is anonymous (within the usual limits we discuss here), and the reading is "pretty hard" to focus on, for several reasons: 1. Hard to gain access to local ISP without sending alerts out (it would be for my ISP, at least). This is admittedly not cryptographically interesting, but is a very real practical difficulty. 2. Many who browse alt.anonymous.messages probably "glance" at many of the oddly-named message pool messages. I know I do. Again, makes it a "needle in a haystack" to know which of several hundred folks who glanced at "ToBear" or "TheRealMessage"--assuming the NSA could ever identify these hundreds--is the real intended target. 3. And I recall that many have newsreaders which download _all_ messages in a newsgroup automatically. Again, this makes the pool of potential readers quite large and meaningless to try to track. The use of public posting areas for message pools (what I called "Democracy Walls" several years back) seems to me have several compelling advantages over "reply-block" approaches. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From llurch at networking.stanford.edu Tue Jul 2 04:12:45 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Tue, 2 Jul 1996 19:12:45 +0800 Subject: Message pools _are_ in use today! In-Reply-To: <4ra50l$is@joseph.cs.berkeley.edu> Message-ID: On 1 Jul 1996, David Wagner wrote: > Someone sniffing the Berkeley 'net can tell when I receive an > alt.anonymous.messages message by when I download an article from > the NNTP server So, download every message, all the time, and junk posts that don't interest you offline. You betray yourself as an Evil Anonymous Communicator, but somehow I think they might already know. You give no information about which messages you're actually interested in unless your local workstation is compromised. > Furthermore, even if you run a trusted NNTP server on your local > machine, there are still vulnerabilities. Someone sniffing on your > subnet can tell when you inject a new message onto alt.anonymous.messages, > as can your neighboring NNTP servers. This is true. You'd have to generate white noise, again betraying yourself, but only in general. "They" would need to track every message. To make it more interesting, encrypt a bunch of messages for bogus PGP keys created for the purpose. -rich From vznuri at netcom.com Tue Jul 2 04:25:28 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 2 Jul 1996 19:25:28 +0800 Subject: "gov runs anon remailers" Message-ID: <199607020636.XAA12930@netcom11.netcom.com> fallout from that old, lame Strassman & Marlow paper. a bit on the new Puzzle Palace. ------- Forwarded Message Date: Mon, 1 Jul 1996 06:11:41 -0400 (EDT) From: "Donna J. Logan" To: snetnews at alterzone.com, liberty-and-justice at pobox.com, act at efn.org Subject: CAQ: CIA Spying on EMAIL (fwd) - - -> SearchNet's snetnews Mailing List - - ---------- Forwarded message ---------- Date: Sun, 30 Jun 1996 15:19:38 -0700 (PDT) To: Recipients of pol-abuse Subject: CAQ: CIA Spying on EMAIL From: Bob Witanek Posted dadoner at chesco.com Thu Jun 20 23:46:55 1996 From: Ronnie Dadone Subject: CIA Spying on Re-mail? http://www.worldmedia.com/caq/articles/remail.html > ARE THE FEDS SNIFFING YOUR RE-MAIL? > > by Joh Dillon > > THE RULES OF PRIVACY ARE CHANGING WITH ELECTRONIC > COMMICATIONS, THE EAGERNESS OF GOVERNMENT TO PRY INTO OUR > COMMINICATIONS, APPARENTLY, IS NOT. > > Foreign and domestic intelligence agencies are actively monitoring > worldwide Internet traffic and are allegedly running anonymous > re-mailer" services designed to protect the privacy of electronic > mail users. > > The startling claim that government snoops may be surreptitiously > operating computer privacy protection systems used by private > citizens was made earlier this year at a Harvard University Law > School Symposium on the Global Information Infrastructure. The > source was not some crazed computer hacker paranoid about government > eavesdropping. Rather, the information was presented by two defense > experts, Former Assistant Secretary of Defense Paul Strassmann, now > a professor at West Point and the National Defense University in > Washington, D.C., along with William Marlow, a top official at > Science Applications International Corp., a leading security > contractor. > > Anonymous re-mailer services are pretty much what the name implies. > By stripping identifying source information from e-mail messages, > they allow people to post electronic messages without traceable > return address information. > > But Strassmann and Marlow said that the anonymous re-mailers, if > used properly and in tandem with encryption software pose an > unprecedented national security threat from information terrorists. > Intelligence services have set up their own re-mailers in order to > collect data on potential spies, criminals, and terrorists, they > said. *1 > > Following their Harvard talk, Strassmann and Marlow explicitly > acknowledged that a number of anonymous re-mailers in the US are run > by government agencies scanning traffic," said Viktor > Mayer-Schoenberger, a lawyer from Austria who attended the > conference. Marlow said that the [US] government runs at least a > dozen re-mailers and that the most popular re-mailers in France and > Germany are run by respective agencies in those countries."2 > > Mayer-Schoenberger was shocked by the defense experts' statement and > tried to spread the news by sending an e-mail message to Hotwired, > the online version of Wired magazine. Although the story did not > make headlines, his note quickly became the e-mail message relayed > 'round the world, triggering over 300 messages to Strassmann and > Marlow. It was followed by the electronic version of spin control. > > Strassmann quickly posted a denial. In an interview, he said the > Austrian completely misunderstood what he and Marlow had said. That > was false," Strassmann said of Mayer-Schoenberger's message. That > was the person's interpretation of what we said. ... We did not > specifically mention any government. What we said was that > governments are so heavily involved in this [Internet issues] that > it seems plausible that governments would use it in many ways." *3 > (Marlow did not return a call for comment.) > > But Harvard Law School Professor Charles Nesson, who heard the > original exchange at the Harvard conference, recalls the > conversation as Mayer-Schoenberger described it. *4 > Mayer-Schoenberger also stands by his story. I remember the > conversation perfectly well," he e-mailed from Vienna. They said a > couple of additional things I'm sure they don't want people to > remember. But the statement about the re-mailers is the one most > people heard and I think is quite explosive news, isn't it?" *5 > > Marlow said that actually a fair percentage of re-mailers around the > world are operated by intelligence services, Mayer-Schoenberger > recalled in a subsequent interview. Someone asked him: `What about > the US, is the same true here as well?' Marlow said: `you bet.' > > The notes for the Harvard symposium, posted on the World Wide Web, > also lend credence to Mayer-Schoenberger's account. The CIA already > has anonymous re-mailers but to effectively control [the Internet] > would require 7,000 to 10,000 around the world," the notes quote > Marlow as saying. *6 > -------------------------------------------------------------------- > > @EASE WITH EAVESDROPPING > > Prying into e-mail is probably as old as e-mail itself. The Internet > is notoriously insecure; messages are kept on computers for months > or years. If they aren't stored safely, they can be viewed by anyone > who rummages through electronic archives by searching through the > hard drive, by using sophisticated eavesdropping techniques, or by > hacking in via modem from a remote location. Once e-mail is > obtained, legally or not, it can be enormously valuable. Lawyers are > increasingly using archived e-mail as evidence in civil litigation. > And it was Oliver North's e-mail (which he thought was deleted) that > showed the depths of the Reagan administration's involvement in the > Iran-Contra affair. > > Moreover, it's easier to tap e-mail messages than voice telephone > traffic, according to the paper written by Strassmann and Marlow. As > e-mail traffic takes over an ever-increasing share of personal > communications, inspection of e-mail traffic can yield more > comprehensive evidence than just about any wire-tapping efforts, > they wrote. E-mail tapping is less expensive, more thorough and less > forgiving than any other means for monitoring personal > communications. 7 > -------------------------------------------------------------------- > > @ RISK > > Two kinds of anonymous re-mailers have evolved to protect the > privacy of users. The first, and the less secure, are two-way > database re-mailers," which maintain a log linking anonymous > identities to real user names. These services are more accurately > called pseudonymous" re-mailers since they assign a new name and > address to the sender (usually a series of numbers or characters) > and are the most vulnerable to security breaches, since the logs can > be subpoenaed or stolen. The most popular pseudonymous" re-mailer is > a Finnish service at anon.penet.fi". > > I believe that if you want protection against a governmental body, > you would be foolish to use anon.penet.fi," said Jeffrey Schiller, > manager of the Massachusetts Institute of Technology computer > network and an expert on e-mail and network security. Last year, in > fact, authorities raided anon.penet.fi to look for the identity of a > Church of Scientology dissident who had posted secret church papers > on the Internet using the supposedly private service. *8 > > The second kind of re-mailers are cypherpunk" services run by > computer-savvy privacy advocates. Someone desiring anonymity detours > the message through the re-mailer; a re-mailer program removes > information identifying the return address, and sends it on its way. > Schiller says that a cypherpunk re-mailer in its simplest form is a > program run on incoming e-mail that looks for messages containing a > request-re-mailing-to" header line. When the program sees such a > line, it removes the information identifying the sender and remails" > the message. *9 Some re-mailers replace the return address with > something like nobody at nowhere.org." > > Further protection can be obtained by using free, publicly available > encryption programs such as Pretty Good Privacy and by chaining > messages and re-mailers together. Sending the message from re-mailer > to re-mailer using encryption at each hop builds up an onion skin > arrangement of encrypted messages inside encrypted messages. Some > re-mailers will vary the timing of the outgoing mail, sending the > messages out in random sequence in order to thwart attempts to trace > mail back by linking it to when it was sent. > -------------------------------------------------------------------- > > @ISSUE: THE RIGHT TO PRIVACY > > Linking encrypted messages together can be tricky and > time-consuming. So who would bother? A. Michael Froomkin, an > assistant professor of law at the University of Miami and an expert > on Internet legal issues, says anonymity allows people to practice > political free speech without fear of retribution. Whistleblowers > can identify corporate or government abuse while reducing their risk > of detection. People with health problems that are embarrassing or > might threaten their ability to get insurance can seek advice > without concern that their names would be blasted electronically > around the world. *10 A battered woman can use re-mailers to > communicate with friends without her spouse finding her. > > The Amnesty International human rights group has used anonymous > re-mailers to protect information supplied by political dissidents, > said Wayne Madsen, a computer security expert and co-author of a new > edition of The Puzzle Palace, a book on the National Security > Agency. Amnesty International has people who use re-mailers because > if an intelligence service in Turkey tracks down [political > opponents] ... they take them out and shoot them," he said. I would > rather err on the side of those people. I would rather give the > benefit of the doubt to human rights." *11 > > Strassmann and Marlow, on the other hand, see the threat to national > security as an overriding concern. Their paper, Risk-Free Access > into the Global Information Infrastructure via Anonymous Re-mailers, > presented at the Harvard conference, is a call to electronic arms. > In it, they warn that re-mailers will be employed in financial fraud > and used by information terrorists" to spread stolen government > secrets or to disrupt telecommunication, finance and power > generation systems. Internet anonymity has rewritten the rules of > modern warfare by making retaliation impossible, since the identity > of the assailant is unknown, they said. Since biblical times, crimes > have been deterred by the prospects of punishment. For that, the > criminal had to be apprehended. Yet information crimes have the > unique characteristic that apprehension is impossible. ... > Information crimes can be committed easily without leaving any > telltale evidence such as fingerprints, traces of poison or > bullets," they wrote. *12 > > As an example, they cite the Finnish re-mailer (anon.penet.fi), > claiming that it is frequently used by the ex-KGB Russian criminal > element. Asked for proof or further detail, Strassmann said: That > [paper] is as far in the public domain as you're going to get." *13 > > At the Harvard symposium, the pair provided additional allegations > that anonymous re-mailers are used to commit crimes. There was a > crisis not too long ago with a large international bank. At the > heart of the problem turned out to be anonymous re-mailers. There > was a massive exchange around the world of the vulnerabilities of > this bank's network," Marlow said. *14 > > But David Banisar, an analyst with the Washington, D.C.-based > Electronic Privacy Information Center (EPIC) downplayed this kind of > anecdote, saying that such allegations are always used by > governments when they want to breach the privacy rights of citizens. > I think this information warfare stuff seems to be a way for the > military trying to find new reasons for existence and for various > opportunistic companies looking for ways to cash in. I'm really > skeptical about a lot of it. The problem is nine-tenths hype and > eight-tenths bad security practices," he said. Already existing > Internet security systems like encryption and firewalls could take > care of the problem." > > The public should not have to justify why it needs privacy, he said. > Why do you need window blinds? Privacy is one of those fundamental > human rights that ties into other human rights such as freedom of > expression, the right to associate with who you want, the right to > speak your mind as you feel like it. ... The question shouldn't be > what do you have to fear, it should be `Why are they listening in?' > With a democratic government with constitutional limits to > democratic power, they have to make the argument they need to listen > in, not the other way around." *15 > > Froomkin, from the University of Miami, also questioned Strassmann > and Mayer's conclusions. First of all, the statistics about where > the re-mailers are and who runs them are inaccurate. I can't find > anybody to confirm them," he said. I completely disagree with their > assessment of facts and the conclusions they draw from them. ... > Having said that, there's no question there are bad things you can > do with anonymous re- mailers. There is potential for criminal > behavior." *16 > > Banisar doubts that intelligence agencies are actually running > re-mailers. It would entail a fairly high profile that they tend to > shy away from, he said. However, it is likely that agencies are > sniffing" monitoring traffic going to and from these sites, he said. > -------------------------------------------------------------------- > > @ WORK SNIFFING THE NET > > Not in doubt, however, is that the government is using the Internet > to gather intelligence and is exploring the net's potential > usefulness for covert operations. Charles Swett, a Department of > Defense policy assistant for special operations and low-intensity > conflict, produced a report last summer saying that by scanning > computer message traffic, the government might see early warnings of > impending significant developments." Swett added that the Internet > could also be used offensively as an additional medium in > psychological operations campaigns and to help achieve > unconventional warfare objectives." *17 The unclassified Swett paper > was itself posted on the Internet by Steven Aftergood of the > Federation of American Scientists. > > The document focuses in part on Internet use by leftist political > activists and devotes substantial space to the San Francisco-based > Institute for Global Communications (IGC), which operates Peacenet > and other networks used by activists. IGC shows, Swett writes, the > breadth of DoD-relevant information available on the Internet." > > The National Security Agency is also actively sniffing" key Internet > sites that route electronic mail traffic, according to Puzzle Palace > co-author Wayne Madsen. In an article in the British newsletter > Computer Fraud and Security Bulletin, Madsen reported that sources > within the government and private industry told him that the NSA is > monitoring two key Internet routers which direct electronic mail > traffic in Maryland and California.18 In an interview, Madsen said > he was told that the NSA was sniffing" for the address of origin and > the address of destination" of electronic mail. > > The NSA is also allegedly monitoring traffic passing through large > Internet gateways by scanning network access points" operated by > regional and long-distance service providers. Madsen writes that the > network access points allegedly under surveillance are at gateway > sites in Pennsauken, N.J. (operated by Sprint), Chicago (operated by > Ameritech and Bell Communications Research) and San Francisco > (operated by Pacific Bell). *19 > > Madsen believes that NSA monitoring doesn't always stop at the US > border, and if this is true, NSA is violating its charter, which > limits the agency 's spying to international activities. People > familiar with the monitoring claim that the program is one of the > NSA's `black projects,' but that it is pretty much an `open secret' > in the communications industry," he wrote. > > Electronic communications open up opportunities to broaden > democratic access to information and organizing. They also provide a > means and an opportunity for governments to pry. But just as people > have a right to send a letter through the post office without a > return address, or even to drop it in a mail box in another city, so > too, electronic rights advocates argue, they have the right to send > an anonymous, untraceable electronic communication. And just as the > post office can be used maliciously, or to commit or hide a crime, > re-mailers can be used by cruel or criminal people to send hate mail > or engage in flame wars." And like the post office, the highways, > and the telephone, the Internet could be used by spies or > terrorists. Those abuses, however, do not justify curtailing the > rights of the vast number of people who use privacy in perfectly > legal ways. > > Robert Ellis Smith, editor of the Privacy Journal newsletter, said > government agencies seem obsessed with anonymous re-mailers. They > were set up by people with a very legitimate privacy issue, he said. > Law enforcement has to keep up with the pace of technology as > opposed to trying to infiltrate technology. Law enforcement seems to > want to shut down or retard technology, and that's not realistic. > Anonymous re-mailers are not a threat to national security. *20 > -END-- > > SUBSCRIPTION INFO - - -> Send "subscribe snetnews " to majordomo at alterzone.com - - -> Posted by: "Donna J. Logan" - ------- End of Forwarded Message ------- End of Forwarded Message From snow at smoke.suba.com Tue Jul 2 04:30:09 1996 From: snow at smoke.suba.com (snow) Date: Tue, 2 Jul 1996 19:30:09 +0800 Subject: Net and Terrorism. Message-ID: I took a few days to think about this stuff, and I am replying to these in bulk rather than seperately. T.C. May wrote: Can anything be done? To stop the likely effects of lots more surface-to-air missiles, lots more nerve gas available on the black market, and so on? In a word, "no." /* I disagree. Terrorism, political terrorism is fear. There are ways to protect military targets that are quite cost effective, unfortunately they are politically unpopular. (What just happend in Saudi is on my mind. STUPID military commanders getting the same pie in the face time and time again. There is NOTHING so unchanging as the military mind set.) Civilian targets are harder to protect, but certain steps can be taken to lessen chances of a sucessful attack. Another method, and this would be very unpopular (and hypocritical of the US) would be simply to announce that we (the Country) are going to hold the _manufacturing_ nation responcible for the use of weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a city in the Soviet Union. MAD carried to a lower level. A third option is quite simply to buy as much of it as possible. */ I expect a city or two to get nuked in the next decade or so. (Haifa or Tel Aviv would be my leading candidates.) To me, this is unsurprising. /* My bets in the following order: Paris New York Rome London LA (by home brewed idiots) Chicago Berlin. I don't think that terrorists in the middle east will pop a nuke as they would get as many of their own as the "enemy". One of the things a terrorist needs more than money is a place to hide, and if you are killing your own people, they won't shield you. */ moderate economic or physical crises. (No, I am not a "survivalist," just mentally and physically prepared to deal with a major earthquake, economic dislocation, or terrorist incident in San Jose, which is 30 miles north of me.) /* Sounds like a "survivalist" to me. */ examples of how the Net can be used to undermine governments (what those governments of course refer to as "terrorism," even when it is mostly not). I'm not advocating such "terrorism," by the way, merely telling it like it is. /* If you want to define terrorism as in the above paragraph, them I am, and you do too. The biggest problem with terrorism is that there isn't a good defination that looks the same from both sides. In otherwords the old saw about one mans terrorist being anothers freedom fighter. Any defination sufficiently inclusive so as to cover all "terrorist" activities will also include uniformed soldiers. The lines get very thin and blurry. */ Keep your head down, avoid crowded downtown areas, prepare for moderate disruptions, and reject arguments that an American Police State will do anything to stop terrorism. /* The american police state (and if we aren't one yet, it isn't for lack of trying) IS an instrument of terrorism in some parts of this country. */ (Remember, terrorism is just warfare carried on by other means, with apolgies to Von Clausewitz.) /* Terrorism is when the other side hits with out warning. */ From: frantz at netcom.com (Bill Frantz) Thanks Tim for your essay. The only thing I would add is that terrorist attacks on pure information resources (e.g. the banking system) are likely to result in many fewer casualties than terrorist attacks on physical entities (e.g. major cities). Another way of saying it is, email bombs are preferable to snail mail bombs. /* I don't think so. One objective of terrorism is/could be to lessen a populations faith in "The System". Some possible situations (can't remember how to spell scenireo): Trash a multi-store pharmacy database and people can't get their prescriptions, or worse get the wrong one. Cause disturbances in certain parts of certain cities, then attack the 911 system to route officers and firemen to _wealthy_ neigborhoods at the expense of the poor neighborhoods. Then complain to the papers about it. Gain control of the power grid (I don't know how possible this is) and selectively brown out certain sections of the city during peak demand periods. Make it obvious, then do the preceeding idea. In all of these people will, or could die, but are much more effective in undermining the faith people have in the structures that run the country. If a bomb blast goes off, people get pissed off at the bomb makers, if the power fails, people get pissed at the electrical company. If you can create a large enough disturbances they will be better than bombs. */ From: "Vladimir Z. Nuri" [TCM] >Can anything be done? To stop the likely effects of lots more >surface-to-air missiles, lots more nerve gas available on the black market, >and so on? >In a word, "no." try to have a warfare, siege-like mentality imho, and a continual "trying to stay ahead of the criminals". we do not have regular open terrorism in the streets of the US and I see no reason to think there ever will be as TCM suggests. /* Depending on how you define "terrorism" I would like you to visit my neighborhood, and then we can go to a couple other here in chicago where the cops terrorize the citizens, the gangs terrorize the cops and the citizens, etc. It hasn't hit the national level yet, but it will. */ nevertheless what his essay misses, and many in law enforcement miss, are the root reasons for crime. I'm not going to sound like a liberal /* There is a big difference (IMO) between a terrorist and a common criminal. Money and Ideology. In *MOST* instances the terrorist is attempting to acheive a political, social, or long term (as in decades/generations) economic change. A criminal is simply trying to get rich or get stoned. IMO the root cause of crime is a lack of self disipline, and it is as far as I can tell part of the human condition. */ in reality. it seems to me no nation-state has ever experimented with trying to take away the root causes of violence and discontent. why? /* Is it possible that to a large degree the nation-state IS the problem? */ because a policeman holding a gun is so much more visceral and the public responds to this image readily. other "programs" that try to decrease discontent among the budding terrorists of tommorrow are usually ridiculed. it is very difficult to prove that they work /* Rightly so. Most of these programs amount to hand-outs or paternalistic pandering. People need to work, not get paid for doing nothing. */ terrorists invariably have a patricular pathological psychological profile that sees the world in terms of "martyrs vs. villians" with the villians in the government, and the villians taking away or abusing respectable citizens. /* Often they are right. */ the "problem" of terrorism will be solved when we take the view that insanity and violence is *not* a natural aspect of human behavior (as TCM tends to suggest), and that /* It is. Insanity is a condition that occasionaly crops up in humans. Sometimes the problem is chemical, sometimes not, however it _is_ natural. So is violence. People want things, and some don't care what they have to do to get these things. */ >(Remember, terrorism is just warfare carried on by other means, with >apolgies to Von Clausewitz.) disagree. the purpose of warfare has traditionally been to seize something tangible like territory. terrorists are after intangibles-- namely, terror itself, disrupting a "peace process", etc. /* Or forcing a certain group to the discussion table. */ Any Obcrypto I could add at this point would be preaching to the choir. Petro, Christopher C. petro at suba.com snow at crash.suba.com From shamrock at netcom.com Tue Jul 2 06:13:46 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 2 Jul 1996 21:13:46 +0800 Subject: The Net and Terrorism Message-ID: At 0:54 7/2/96, snow wrote: >On Mon, 1 Jul 1996, Simon Spero wrote: > >> I want my, I want my, I want my Atropine > > No, you don't. Simon, you got to be more careful when synthesizing that Sarin. Always check that the vent is working first. -- Lucky Green PGP encrypted mail preferred. Disclaimer: My opinions are my own. From yusuf921 at uidaho.edu Tue Jul 2 06:16:59 1996 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Tue, 2 Jul 1996 21:16:59 +0800 Subject: fbi botches intel "ecspionage" case In-Reply-To: <199606291925.MAA12512@netcom3.netcom.com> Message-ID: > at the end of the show, the reporter stated that > the FBI was seeking stronger laws against theft > of "intellectual property" in congress that might > solve the problem. Their main concern when they contacted me about me message to 'Blacknet' is that 'InterNational Terrorists(tm)' would use it to sneak US industry secrects out of the country. Thought for the Day: No matter what pious reason created the entity, Every Entity's primary and over-ruling goal is self-preservation; and no where is this more true than in Gov't, the IRS, and the FBI From frissell at panix.com Tue Jul 2 06:54:44 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 2 Jul 1996 21:54:44 +0800 Subject: But what about the poor? Message-ID: <2.2.32.19960702103730.00bb4544@panix.com> At 11:25 PM 7/1/96 -0700, Bill Frantz wrote: >Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] >These systems can best be described as key-rental systems. This is shocking, shocking. It never occurred to me that our government would charge us for the benefit of being tapped. What about the poor. I'm going to write Senator Kennedy and see if maybe we can get the selfish Republican Congress to free up some cash so that less fortunate Americans can afford to be tapped too. This argument against key escrow never made it onto that long list of questions we made up in the Spring of '93 when Key Escrow was first proposed by the Admin (it was probably Vince Foster's fault). We showed a lack of imagination. DCF "Gee Ossifer I'd love to let you read my files but I just couldn't afford expensive socialistic key escrow so I bought cheap efficient private key escrow instead." From jya at pipeline.com Tue Jul 2 10:06:24 1996 From: jya at pipeline.com (John Young) Date: Wed, 3 Jul 1996 01:06:24 +0800 Subject: LOS_tit Message-ID: <199607021322.NAA17823@pipe4.t2.usa.pipeline.com> 7-2-96 UST, page one: "Companies fear losing privacy, customers' trust." In a show of self-reliance reminiscent of the old West, companies are taking matters into their own hands, hiring security firms to protect their computer systems and ignoring the convention that law enforcement is the best defense. It's a stance that has implications for law enforcement and commerce, raises broad questions of privacy and control, and pits the philosophy of the Clinton administration directly against that of many Fortune 500 companies. "An organization has very little to gain" by reporting, says Lloyd Hession, of IBM's Business Recovery Services. There seems to be universal agreement that the strongest means for securing computer data against theft lies in cryptography, but the Clinton administration, citing fears that criminals would use cryptography to cloak their activities, is setting regulations slowing development of cryptography software. The Clinton administration is to announce, as early as this week, a commission to determine the federal government's role in securing cyberspace, from terrorism to petty crimes. http://pwp.usa.pipeline.com/~jya/lostit.txt (13 kb) Go via www.anonymizer.com. Pipeline now belongs to Mindspring, an Atlanta company. LOS_tit From anonymous-remailer at shell.portal.com Tue Jul 2 10:45:04 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Wed, 3 Jul 1996 01:45:04 +0800 Subject: PGP secret keys Message-ID: <199607021339.GAA02261@jobe.shell.portal.com> Could someone post a pointer to a FAQ that tells what to do if you loose your secret key file? How can you regenerate your private key so that the userid number still matches the public key that has been distributed?? From warlord at MIT.EDU Tue Jul 2 10:51:07 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 3 Jul 1996 01:51:07 +0800 Subject: rsync and md4 In-Reply-To: <1.5.4.16.19960702023938.4637d0c4@arc.unm.edu> Message-ID: <199607021238.IAA13218@toxicwaste.media.mit.edu> > What is the difference between SHA and SHA-1? Is this algorithm subject > to the same licensing as MD5? The difference between SHA and SHA.1 is the "small technical change" that was added last year. I'm not sure what you mean by "licensing", since there are no licensing issues for MD5 (unless you mean "export issues", in which case SHA, SHA.1 and MD5 all fall into the same category). > Could someone point me to such a bootleg version for DOS, please? Umm, good luck. -derek From warlord at MIT.EDU Tue Jul 2 11:30:42 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 3 Jul 1996 02:30:42 +0800 Subject: PGP secret keys In-Reply-To: <199607021339.GAA02261@jobe.shell.portal.com> Message-ID: <199607021427.KAA15410@toxicwaste.media.mit.edu> > Could someone post a pointer to a FAQ that tells what to do if you loose > your secret key file? How can you regenerate your private key so that the > userid number still matches the public key that has been distributed?? Pretty much you are SOL. To re-create the secring from the pubring you need to find the secret components of your secret key. The only known way of doing that is factoring you key. How big is it? If it is in the range of 384-512 bits, then we can probably reproduce your secring in about a year. If its any bigger than that, all you can really do is generate a new key. You don't want to generate a key that has the same keyID, since it wont be able to decrypt any messages that the old one could anyways. Enjoy! -derek From ceridwyn at wolfenet.com Tue Jul 2 12:17:35 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Wed, 3 Jul 1996 03:17:35 +0800 Subject: hard drive encryption Message-ID: <2.2.32.19960702145307.006bb7ac@gonzo.wolfenet.com> What is the best utility freely available for encrypting an entire drive that won't be used for a length of time? ie: I'm going away for a period of time and wish to encrypt the drive while I'm gone, but have no interest in actually using it while it's encrypted. I also have no real preference in what algorithm is used, as long as it's relatively secure. Speed is also not a big consideration, as it will be used once when I leave to encrypt, and once when i return to decrypt. Thanks in advance for the help... //cerridwyn// btw, the OS is Win95 if that matters... From joelm at eskimo.com Tue Jul 2 12:48:18 1996 From: joelm at eskimo.com (Joel McNamara) Date: Wed, 3 Jul 1996 03:48:18 +0800 Subject: hard drive encryption Message-ID: <199607021524.IAA22324@mail.eskimo.com> Currently, SecureDrive seems to be the most reliable under Win95. Check out: http://www.eskimo.com/~joelm/cryptbk.html I just published a cookbook on how to build a "CryptoBook" (a secure PC laptop with all sorts of crypto goodies). Details on SecureDrive are included. Joel At 07:53 AM 7/2/96 -0700, you wrote: > >What is the best utility freely available for encrypting an entire drive >that won't be used for a length of time? ie: I'm going away for a period >of time and wish to encrypt the drive while I'm gone, but have no interest >in actually using it while it's encrypted. I also have no real preference >in what algorithm is used, as long as it's relatively secure. Speed is >also not a big consideration, as it will be used once when I leave to encrypt, >and once when i return to decrypt. >Thanks in advance for the help... >//cerridwyn// > >btw, the OS is Win95 if that matters... > > > From jya at pipeline.com Tue Jul 2 12:56:27 1996 From: jya at pipeline.com (John Young) Date: Wed, 3 Jul 1996 03:56:27 +0800 Subject: TRI_cks Message-ID: <199607021418.OAA29985@pipe2.t2.usa.pipeline.com> 7-2-96. FiTi: "A Japanese engineer's box of tricks is helping detect forged banknotes." Counterfeit dollar bills are judged on a scale of one to nine, with the crudest at level one. The detector machines that existed before Matsumura's could only pick out bills at around level five or six. Supernotes are ranked between seven and nine and have been almost impossible to detect. Matsumura says supernotes do have flaws, though, and his machine can spot differences in the printing by referring to a histogram, or statistical graph, of patterns on real US notes. Each supernote tends to have two or three minute aberrations. Consequently, sensors check for any variations at 12 points on the note. A 0.9-second scan also monitors the thickness of the paper and the printing ink. The company can only produce 500 units a month, but already has orders for 45,000. http://pwp.usa.pipeline.com/~jya/tricks.txt (4 kb) TRI_cks From WlkngOwl at unix.asb.com Tue Jul 2 13:33:43 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 3 Jul 1996 04:33:43 +0800 Subject: PROMISe them anything (was Re: whitehouse dossier database?) Message-ID: <199607021547.LAA04235@unix.asb.com> On 1 Jul 96 at 23:39, Vladimir Z. Nuri wrote: > holy cow, is this real? Grabbe cites several credible references. Ask Phil Resuto. [..] > ------- Forwarded Message [..] > Conspiracy Nation -- Vol. 8 Num. 30 > ====================================== > ("Quid coniuratio est?") [..] > THE WHITE HOUSE "BIG BROTHER" DATA BASE > ======================================= [..] > The White House "Big Brother" Data > Base & How Jackson Stephens > Precipitated a Banking Crisis Jackson Stephens? Why am I thinking of Steve Jackson Games, operators of the Illuminati BBS that were raided by the SS a few years back... [..] > What Deutch failed to mention was that this > "banking crisis" in large part was itself created by one of > the U.S. intelligence agencies--the NSA in cahoots with > Stephens' software firm Systematics. The Citibank heist > by Russian hackers, for example, took advantage of a back > door in Citibank's Systematics software. (The Russian > hackers were apparently aided by the son of one of Jim > Leach's House Banking Committee investigators.) Have > any major banks thought of instituting lawsuits over this > deliberate breach of security on the part of a software > supplier? Huh? I thought the Russian 'hackers' helped write the software, and used one of their own backdoors. [..] From cwe at it.kth.se Tue Jul 2 13:35:48 1996 From: cwe at it.kth.se (Christian Wettergren) Date: Wed, 3 Jul 1996 04:35:48 +0800 Subject: Paper: "A Socially based Identity Model" Message-ID: <199607021542.RAA08948@piraya.electrum.kth.se> Hi! I've written a paper where I introduce a "name spectrum" as a identity model. The name spectrum has increasing levels of identification; anyone, anyone with alias, established pseudonym, well-reputed pseudonym, escrowed pseudonym, identity and True Name. I try to show how law enforcement still can find criminals, even though they (we) have privacy. I argue that the power balance between the individual and the law enforcement should be approximately the same as it is in ordinary life. I talk quite a lot about the analogy between real life and cyberspace when it comes to power and trust. I have a suggestion for how to deploy traffic mixers (DCnet) without tilting the power balance too much to the advantage of the user as well. I suggest reputation servers where an efficient reputation market can be maintained. I'd appreciate any comments on the paper. It is still preliminary, though. It is available at http://www.it.kth.se/~cwe/phd/ in a number of formats. -Christian Wettergren, cwe at it.kth.se From jimbell at pacifier.com Tue Jul 2 15:09:52 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 06:09:52 +0800 Subject: The Net and Terrorism Message-ID: <199607021646.JAA16308@mail.pacifier.com> At 03:23 AM 7/2/96 -0700, Lucky Green wrote: >At 0:54 7/2/96, snow wrote: >>On Mon, 1 Jul 1996, Simon Spero wrote: >> >>> I want my, I want my, I want my Atropine >> >> No, you don't. > >Simon, you got to be more careful when synthesizing that Sarin. Always >check that the vent is working first. Also, you don't want JUST that atropine; trimedoxime and benactyzine are also helpful. BTW, the first symptom of sarin poisoning is a tightness in the chest... Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Tue Jul 2 15:24:07 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 06:24:07 +0800 Subject: LOS_tit Message-ID: <199607021650.JAA16623@mail.pacifier.com> At 01:22 PM 7/2/96 GMT, John Young wrote: > 7-2-96 UST, page one: > The Clinton administration is to announce, as early as > this week, a commission to determine the federal > government's role in securing cyberspace, from terrorism > to petty crimes. > http://pwp.usa.pipeline.com/~jya/lostit.txt (13 kb) A commission which will probably be made up of government, ex-government, and industry people, totally ignoring ordinary citizens yet again. Jim Bell jimbell at pacifier.com From tcmay at got.net Tue Jul 2 15:37:11 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 3 Jul 1996 06:37:11 +0800 Subject: Net and Terrorism. Message-ID: At 6:58 AM 7/2/96, snow wrote: >T.C. May wrote: > >Can anything be done? To stop the likely effects of lots more >surface-to-air missiles, lots more nerve gas available on the black market, >and so on? > >In a word, "no." >/* > I disagree. Terrorism, political terrorism is fear. There are ways to >protect military targets that are quite cost effective, unfortunately they >are politically unpopular. (What just happend in Saudi is on my mind. >STUPID military commanders getting the same pie in the face time and time >again. There is NOTHING so unchanging as the military mind set.) Well, attacks on military targets are almost, by definition, not "terrorism." (I'll spare the list a debate about the semantics; U.S. journalists tend to refer to anything done to "us" as "terrorism," whether the target is military or civilian.) The focus of my comments was really on civilian or non-military targets. (Including destruction of government buildings, maybe. I'm not sure whether the Oklahoma City bombing and the recent Phoenix/Viper Militia case is "terrorism" in a formal sense, or counter-government action, but my point is that such things are likely to be happen.) >Civilian targets are harder to protect, but certain steps can be >taken to lessen chances of a sucessful attack. Sure, any particular "soft target" can be hardened to some extent. But not all of them, and even harder sites can be reached. This is left as an exercise for the reader. (Hint: The Japanese cult's Sarin gas attack on the subways...there are tens of thousands of comparable targets in the U.S. alone. Look around, and ask what it would take to harden each one. A minor cryptographic connection is that hardening N of M sites makes the remaining M - N sites all the more tempting.) >Another method, and this would be very unpopular (and >hypocritical of the US) would be simply to announce that we (the Country) >are going to hold the _manufacturing_ nation responcible for the use of >weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a >city in the Soviet Union. MAD carried to a lower level. You are essentially making my point, that the biggest danger of the current responses to terrorism is that nations will turn to national terrorism and police state tactics. >A third option is quite simply to buy as much of it as possible. No, wouldn't work. As with the "War on (Some) Drugs," all this does is raise the price a bit, actually making it a more tempting market for many to get into. (And various CBW agents are incredibly cheap to make, with the precursors available in common products. How ya gonna buy up all the peach pits, for example? Or "buy up" all the fertilizer and fuel oil?) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Tue Jul 2 16:03:35 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 07:03:35 +0800 Subject: Message pools _are_ in use today! Message-ID: <199607021730.KAA18852@mail.pacifier.com> At 08:28 PM 7/1/96 -0700, David Wagner wrote: >If folks have better ideas for how to achieve really good recipient >anonymity, I hope they'll speak up! Once they start offering Internet news/email/USENET feeds (one way) by DSS-type dish antenna from satellite, it'll be mighty hard to figure out who's receiving the data. They could probably easily provide 10 megabits per second, which I assume would be more than enough for what's needed. (BTW, for a few years a company called "Planet Connect" has been providing FIDOnet data feeds, although they use the older-style, large antenna systems, and their data rate is 19.2kbps, not even close to enough for Internet service.) Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Tue Jul 2 16:25:22 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 07:25:22 +0800 Subject: But what about the poor? Message-ID: <199607021705.KAA17479@mail.pacifier.com> At 06:37 AM 7/2/96 -0400, Duncan Frissell wrote: >At 11:25 PM 7/1/96 -0700, Bill Frantz wrote: > >>Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] >>These systems can best be described as key-rental systems. > >This is shocking, shocking. Oh, but what a business opportunity! I assume a floppy can hold 1000 keys. Even if I undercut the going rate of $200 per year by a factor of 10, that's a potential income of $20,000 per floppy per year. A box of 20 floppies on the shelf, and I'm set for life! >This argument against key escrow never made it onto that long list of >questions we made up in the Spring of '93 when Key Escrow was first proposed >by the Admin (it was probably Vince Foster's fault). We showed a lack of >imagination. There's no doubt that the government will want to bribe the escrow agents, first to tolerate the system at all, and second to foster enthusiastic cooperation later on, and possibly even ILLEGAL cooperation. Over-paying them is just one way to do it. One thing that never ceases to amaze me is how the government can continue to ignore the likelihood (hell, certainty!) that since "key escrow" will only be attractive to the extent it actually benefits the user, such users will be served by escrow agents who store only encrypted or anonymously-held keys. These are inherently protected against any kind of disclosure, yet provide all the claimed benefits of key escrow. Jim Bell jimbell at pacifier.com From llurch at networking.stanford.edu Tue Jul 2 16:27:51 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 07:27:51 +0800 Subject: SAFE Forum In-Reply-To: <199607020623.XAA19680@netcom7.netcom.com> Message-ID: On Mon, 1 Jul 1996, Bill Frantz wrote: > "Crime prevention ought to be part of the FBI's mission. [Herbert Lin, > National Research Council] In case it's not clear, this was said with much sarcasm... i.e., today's FBI is too often engaged in other pursuits. This in the context of explaining that ubiquitous strong crypto is the best defense against computer crime. -rich From jimbell at pacifier.com Tue Jul 2 16:28:58 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 07:28:58 +0800 Subject: hard drive encryption Message-ID: <199607021730.KAA18844@mail.pacifier.com> At 07:53 AM 7/2/96 -0700, Cerridwyn Llewyellyn wrote: > >What is the best utility freely available for encrypting an entire drive >that won't be used for a length of time? ie: I'm going away for a period >of time and wish to encrypt the drive while I'm gone, but have no interest >in actually using it while it's encrypted. I also have no real preference >in what algorithm is used, as long as it's relatively secure. Speed is >also not a big consideration, as it will be used once when I leave to encrypt, >and once when i return to decrypt. >Thanks in advance for the help... You could just de-install and hide the drive. Replace it with some old cast-off drive. (The easiest way to get somebody to stop looking for something is to let him find it.) Jim Bell jimbell at pacifier.com From frantz at netcom.com Tue Jul 2 16:33:11 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 3 Jul 1996 07:33:11 +0800 Subject: But what about the poor? Message-ID: <199607021813.LAA26475@netcom7.netcom.com> At 6:37 AM 7/2/96 -0400, Duncan Frissell wrote: >"Gee Ossifer I'd love to let you read my files but I just couldn't afford >expensive socialistic key escrow so I bought cheap efficient private key >escrow instead." "Gee Orificer, I'd love to let you read my files, but I just couldn't afford any key escrow, so I went naked and didn't use it." :-) ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From frantz at netcom.com Tue Jul 2 18:06:46 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 3 Jul 1996 09:06:46 +0800 Subject: SAFE Forum--some comments Message-ID: <199607021936.MAA07885@netcom8.netcom.com> At 6:40 PM 7/2/96 -0700, Timothy C. May wrote: >... Phil Zimmermann, who told a humorous story of going >to Congressman Dana Rohrabacher's office, seeing the picture of Ollie North >on the wall (much laughter), but finding Rohrabacher's staffers aghast at >the crypto laws and ITARs. Someone pointed out that Phil and Ollie have something in common. They have both been accused of illegally exporting crypto. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From ericd at shop.internet.net Tue Jul 2 18:14:06 1996 From: ericd at shop.internet.net (Eric Davis) Date: Wed, 3 Jul 1996 09:14:06 +0800 Subject: SAFE Archive Message-ID: FYI: The complete SAFE Forum audio archive is online at: http://www.mediacast.com ----------------------------------------------------- Eric Davis ericd at internet.net Director of Information Systems 415-842-7400 (V) Internet Shopping Network 415-842-7415 (F) Visit our site at: http://www.isn.com/ Co-Founder MediaCast http://www.mediacast.com/ Personal contact: ericd at cyberfarm.com KD6HTO (R) ----------------------------------------------------- There are no law enforcers if law itself they ignore. -- Inka Inka -- Step Back -- Myth of the Machine -- From JeanPaul.Kroepfli at ns.fnet.fr Tue Jul 2 18:16:22 1996 From: JeanPaul.Kroepfli at ns.fnet.fr (Jean-Paul Kroepfli) Date: Wed, 3 Jul 1996 09:16:22 +0800 Subject: SAFE Forum (We sell decryption hardware) Message-ID: <01BB6863.DF27D040@JPKroepsli.S-IP.EUnet.fr> Bill Frantz wrote >We sell RC4, 40 bit decryption hardware (based on AMD29000) for $16K. FPGA >devices for breaking DES in 7 days for $1M. [Eric Thompson, Access Data] What? Do you have some information about this ad (e. g. eMail)? I know some bank that would be very interested about this possibility (not for use it, but as an impulse to change their systems). Best regards, Jean-Paul ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- Jean-Paul et Micheline Kroepfli (our son: Nicolas and daughter: Celine) eMail: JeanPaul.Kroepfli at utopia.fnet.fr Also Compuserve and MSNetwork Phone: +33 81 55 52 59 (F) PostMail: F-25640 Breconchaux (France) or: +41 21 843 27 36 (CH) or: CP 138, CH-1337 Vallorbe Fax: +33 81 55 52 62 (Switzerland) Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting PGP Fingerprint : 19 FB 67 EA 20 70 53 89 AF B2 5C 7F 02 1F CA 8F "The InterNet is the most open standard since air for breathing" From vznuri at netcom.com Tue Jul 2 18:20:35 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 3 Jul 1996 09:20:35 +0800 Subject: SAFE Forum--some comments In-Reply-To: Message-ID: <199607022014.NAA10761@netcom14.netcom.com> TCM >And here I'll comment on Ken Bass's excellent comments [...] > >He pointed out that the driving force for crypto policy is probably the >_law enforcement_ camp, not the _intelligence agency_ camp. And that the >NSA is regretting the ITAR stuff, as it has sparked an "arms race" to >develop stronger crypto. Bass noted that people now equate permission to >export with weakness, and that had the U.S. not restricted exports, users >probably would've been "fat, dumb, and happy" to keep using breakable >crypto. doesn't make sense to me at all. who was behind clipper? the NSA, not the FBI. the FBI is behind digital telephony, which involved *wiretapping*, not key escrow. actually I think that the NSA is trying to convince law enforcement agencies that if they follow the NSA plan of crypto suppression & key escrow that their job will be easier, that great instability results from unfettered crypto. this fits into the way the NSA hates to be behind any proposal themself, and need "cut outs" to do the lobbying for them. I think at the core of it the NSA doesn't really care too much about law enforcement issues like obtaining warrants and that kind of thing. all the talk about warrant and subpoenas makes no sense from the point of view of the NSA. the NSA goals and the law enforcement goals do not really seem to me to overlap much at all and that the whole argument that they do has been a diversion. this suggests an interesting way to turn the "pro-suppression" crowd against itself. if the law enforcement arm can be convinced, as many people are now advocating, that strong crypto actually makes their job easier and the world information infrastructure less insecure, they may eventually advocate unfettered crypto. then you have only the NSA alone standing up and saying that they need the suppression laws. the concept that the NSA "regrets" ITAR laws sounds like an utter fantasy to me. the ITAR has been around for decades. the NSA has been continually *strengthening* the interpretations of the ITAR. the ITAR is enforced largely through NSA *harassment* of companies that are seen to be supposedly violating it. the NSA can stop sending their "men in black" at any time. when the harassment stops, the crypto would spread. no one is twisting the NSA's arm to reject crypto exports in all the applications that are submitted. rather, it is the NSA that is doing all the arm twisting. the NSA has made radical interpretations of the ITAR in various situations: 1. they rule that mere *hooks* are illegal 2. they have told Microsoft that merely *signing* foreign crypto software packages is illegal so the more I think about it, the more I think Bass's comments as reported by TCM are a pile of hooey. perhaps even disinformation. the NSA has full power to stop their harassment campaign at any time. it is possible that there are *elements* within the NSA that regret the policy, but they clearly are not the ones involved in enforcing it. what many people fail to mention is that today we may not even have these horrible infoterrorist problems that the NSA and CIA et. al. are screeching about lately if crypto had been allowed to grow organically and unharassed. in my view, the NSA is largely *responsible* for the weakness in the information infrastructure as it now stands because of their suppression of efforts to implement strong security via crypto. this is the great hypocrisy of it all. frankly at times I think the whole key escrow debate seems like a huge smokescreen or decoy just to get the public to argue about something the NSA was never seriously contemplating anyway. it's could be just a delaying tactic that is working quite spectacularly. every conference of experts sounds the same and they all come to the same conclusion. meanwhile the ITAR is virtually unchanged within the last 5 years. From llurch at networking.stanford.edu Tue Jul 2 18:21:33 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 09:21:33 +0800 Subject: hard drive encryption In-Reply-To: <2.2.32.19960702145307.006bb7ac@gonzo.wolfenet.com> Message-ID: On Tue, 2 Jul 1996, Cerridwyn Llewyellyn wrote: > What is the best utility freely available for encrypting an entire drive > that won't be used for a length of time? ie: I'm going away for a period > of time and wish to encrypt the drive while I'm gone, but have no interest > in actually using it while it's encrypted. I also have no real preference > in what algorithm is used, as long as it's relatively secure. Speed is > also not a big consideration, as it will be used once when I leave to encrypt, > and once when i return to decrypt. Joel's book is not to be missed, but for the single-use application you describe, a screwdriver and a trip to a safe deposit box (or a friend's house) might be more appropriate... -rich From asgaard at sos.sll.se Tue Jul 2 18:27:16 1996 From: asgaard at sos.sll.se (Asgaard) Date: Wed, 3 Jul 1996 09:27:16 +0800 Subject: TRI_cks In-Reply-To: <199607021418.OAA29985@pipe2.t2.usa.pipeline.com> Message-ID: > "A Japanese engineer's box of tricks is helping detect > forged banknotes." Since the bulk of forged US$ (made in Syria and/or Iran?), hundreds of millions, alledgedly are circulating in Russia, will this bring down the Russian black market economy? Or will they outlaw the Japanese box? Asgaard From jpp at software.net Tue Jul 2 18:27:33 1996 From: jpp at software.net (John Pettitt) Date: Wed, 3 Jul 1996 09:27:33 +0800 Subject: SAFE Forum--some comments Message-ID: <2.2.32.19960702211030.01075964@mail.software.net> At 06:40 PM 7/2/96 -0700, Timothy C. May wrote: > >I was at the "SAFE" forum yesterday. Too many things to report on, so I'll >just add comments here and there. > I thought it was interesting to not that a Republican Senator came to california to talk about this stuff and *neither* of the California Senators has got a clue yet. One questioner from the audience made an interesting point that given that most of american can't seta vcr clock crypto will be totally beyond them unless it becomes pervasive ("you can buy it at radio shack"). It was pretty clear from all the speaker that this is a libertarian/authoritarian issue and not a liberal/conservative one. John John Pettitt, jpp at software.net EVP, CyberSource Corporation, 415 473 3065 PGP Key available at: http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705 From tcmay at got.net Tue Jul 2 18:30:05 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 3 Jul 1996 09:30:05 +0800 Subject: SAFE Forum--some comments Message-ID: I was at the "SAFE" forum yesterday. Too many things to report on, so I'll just add comments here and there. And here I'll comment on Ken Bass's excellent comments (there were many excellent points). Bass is a D.C.-area lawyer with the prestigious Venable law firm (the venerable Venable firm?), and a former Reagan Administration official. He pointed out that the driving force for crypto policy is probably the _law enforcement_ camp, not the _intelligence agency_ camp. And that the NSA is regretting the ITAR stuff, as it has sparked an "arms race" to develop stronger crypto. Bass noted that people now equate permission to export with weakness, and that had the U.S. not restricted exports, users probably would've been "fat, dumb, and happy" to keep using breakable crypto. (Many interesting points to make. Bass is no supporter of Clipper and Escrow, and made many points about why the policy won't work. His later dialog with Michael Froomkin and Jerry Berman, about the constitutionality of crypto laws was a highpoint for me.) His comments fit in with the points made by Diffie that the 40 bit restriction is unlikely to satisfy either the user community or the surveillance community. 40 bits is too weak for a targetted attack, but too strong for "vacuum cleaner" intercepts such as NSA SIGINT uses. (Diffie also gave an excellent summary of cryptographic work factors, using 30 bits, 60 bits, 90 bits, and 120 bits as examples. For example, 30 bits needs about a billion operations to brute force, which any modern PC can do in several seconds. 60 bits is a billion times harder, which NSA machines can handle, and 90 bits is beyond current capabilities...) I said I wouldn't do a summary, but I'll make a few comments: -- Both Congresswimmin, Eshoo and Lofgren, seemed genuinely interested in the issues -- Senator Leahy, on t.v. from Vermont, emphasized _privacy_ and made the Cypherpunk/libertarian/ACLU point that he and his neighbors are not criminals and don't think the government has any right to demand that communications, computer files, diaries, and the like be "escrowed." -- Senator Conrad "I ain't no Democrat" Burns was there in person and was entertaining and strongly blasted key escrow and the ITAR restrictions. I found his comments refreshing. -- The whole affair was "preaching to the choir," as many speakers noted. That is, there was little controversy and little disagreement. This was a point made nicely by Phil Zimmermann, who told a humorous story of going to Congressman Dana Rohrabacher's office, seeing the picture of Ollie North on the wall (much laughter), but finding Rohrabacher's staffers aghast at the crypto laws and ITARs. Then, Phil took a hotel shuttle and ended up talking to the driver, who was also aghast. "Where else can you find this kind of consensus?" (A point many of us have made as well, that nearly everyone who has the issues explained to them comes down on the side that the government has no right to tell us we can't use codes and ciphers, that it's all similar to Big Brother demanding video cameras in our homes....) -- Craig Mundie, currently of Microsoft, made excellent points about the costs of a key escrow infrastructure. (By the way, those who read "The Soul of a New Machine" should be interested that Mundie was the leader of the North Carolina research facility of Data General that lost the "shootout at HoJos." If this means nothing to you, read the Kidder book--soon!) -- Michael Froomkin, a law professor (and member of our list of course), pointed out despite the various constitutional issues, the crypto laws are mostly having their desired effect, namely, slowing the deployment of crypto and creating confusion. (That Windows 95 has no crypto modules, and that most browsers and mail programs have nothing built in tells us that the FUD worked.) In summary, for me the SAFE forum was a success. Though it was periods of boring platitudes we all agreed with interspersed with good insights from the speakers and audience. Not much that was new to a Cypherpunk, of course. (In fact, the forum was almost a kind of Cypherpunks physical meeting, in terms of the topics, and in terms of who attended....it was even where we've been having recent physical meetings.) A day well spent. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Tue Jul 2 18:33:22 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 3 Jul 1996 09:33:22 +0800 Subject: PGP secret keys Message-ID: <199607022040.QAA09851@unix.asb.com> On 2 Jul 96 at 6:39, anonymous-remailer at shell.port wrote: > Could someone post a pointer to a FAQ that tells what to do if you loose > your secret key file? How can you regenerate your private key so that the > userid number still matches the public key that has been distributed?? You can't do anything. Yer screwed. From bginter at abilnet.com Tue Jul 2 18:37:51 1996 From: bginter at abilnet.com (Benjamin R. Ginter) Date: Wed, 3 Jul 1996 09:37:51 +0800 Subject: hard drive encryption In-Reply-To: <2.2.32.19960702145307.006bb7ac@gonzo.wolfenet.com> Message-ID: <31D99039.8BD@abilnet.com> Cerridwyn Llewyellyn wrote: > > > What is the best utility freely available for encrypting an entire drive > that won't be used for a length of time? ie: I'm going away for a period > of time and wish to encrypt the drive while I'm gone, but have no interest > in actually using it while it's encrypted. I also have no real preference > in what algorithm is used, as long as it's relatively secure. Speed is > also not a big consideration, as it will be used once when I leave to encrypt, > and once when i return to decrypt. > Thanks in advance for the help... > //cerridwyn// > > btw, the OS is Win95 if that matters... Just take your hard drive with you, jeez.. [gk] From WlkngOwl at unix.asb.com Tue Jul 2 18:43:27 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 3 Jul 1996 09:43:27 +0800 Subject: Message pools _are_ in use today! Message-ID: <199607022051.QAA10112@unix.asb.com> On 1 Jul 96 at 20:28, David Wagner wrote: [..] > Ian and I talked about this at some length. alt.anonymous.messages > has certain unfortunate shortcomings. > Someone sniffing the Berkeley 'net can tell when I receive an > alt.anonymous.messages message by when I download an article from > the NNTP server; they can tell when I send such an article by when > I upload an article to the NNTP server; they can list all the > ``subversive'' Berkeley folks who have read alt.anonymous.messages > lately. Uploading can be gotten around by using anonymous remailers and mail-to-news gateways... although someone can tell if you send mail to anonymous mailers. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From froomkin at law.miami.edu Tue Jul 2 18:46:32 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Wed, 3 Jul 1996 09:46:32 +0800 Subject: UK Crypto regs? In-Reply-To: <199606300840.JAA00124@server.test.net> Message-ID: Thank you to AB for forwarding the Ross Anderson summary. I am unclear on what I consider a key point regarding UK policy. The US (and Japanese) governments have pledged not to seek to esrow digital signature keys. (FWIW I think this is a very important and praiseworthy pledge.) There is a large class of DS keys, eg RSA keys, which can also be used for encryption; there is also a class of keys (eg. SHA 1, I think?) that cannot. A PKI that requires escrow therefore must either a) limit the type of encryption allowed for DS keys, end exclude one of the most popular flavors or b) escrow digital signature keys I am unclear as to whether the UK authorities understand this, and if so which option they plan to choose. I would welcome any information that might be floating around. [This message may have been dictated with Dragon Dictate 2.01. Please be alert for unintentional word substitutions.] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From WlkngOwl at unix.asb.com Tue Jul 2 18:52:19 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 3 Jul 1996 09:52:19 +0800 Subject: Rambling about "Net and Terrorism" (long, slightly amusing, and Message-ID: <199607021839.OAA07556@unix.asb.com> On 2 Jul 96 at 1:58, snow wrote/quoted: [It's hard to tell what's a quote and what snow wrote here] > Can anything be done? To stop the likely effects of lots more [..] > In a word, "no." > /* > I disagree. Terrorism, political terrorism is fear. There are ways to > protect military targets that are quite cost effective, unfortunately they > are politically unpopular. (What just happend in Saudi is on my mind. [..] Yep. Terrorism is fear, but *no* target can be 100% protected. Not even military targets, though it can get difficult and expensive for someone to attack a target. In such cases, terrorists would go for easier targets. Terrorism is against a larger, vague target such as a nation or corporation or an industry or an ideology. Instances are against representations of the target.... a military base is attacked because it is a symbol, not because it is strategic. If said terrorists cannot attack a military base, they'll attack some soldiers on leave at a disco. The symbolic importance cannot be understanted (though it doesn't mean that strategic targets are safe either). So to get back to 'net related discussion: differentiate between use of the internet (and phone or mail systems) to plan acts and spread propaganda versus terrorist acts on the internet. The former implies a need for LEAs to snoop, while the latter implies a need for high-security, crypto, etc.... they are not so compatible. So let's say Wild Al's Church of Kookology and Jihad of Banality (WACKJOB) is planning a cyber-terrorist act. They want something symbolic that will demoralize the United Statesers (USers), so that they will pressure the US government to stop it's Promotion of Internation Googoomuck (PIG) in some corner of the world. It's counter-productive for WACKJOB to stop PIG by destroying the Federal Reserve's computers, paritcular because an economic collapse will keep USers from buying widget fluid from one of their sponsor countries. WACKJOB would also be unable use counterfeit (or real) yankee greenbacks to support their enterprise... and likely this would have a negative effect on marks, pounds, etc. Note that any wealthy kooks who couldn't give a damn about WACKJOB or PIG but like to show off their kook-factor among their other wealthy friends by bankrolling WACKJOB would also be adversely affected... and chances are WACKJOB will not bite the hand that helps it. WACKJOB might want to disrupt communications so that they can perform a non-cyber terrorist act against PIG, but this might prove more difficult because the Management's systems of communication (telephones, email, cellular, courier, face-to-face meetings, etc.) is complex and distributed. Also, WACKJOB would want the pigsty networks functioning so that the USers will know about the WACKJOBs sacrificed their lives and disrupted downtown traffic in NYC by leaping off buildings and splattering on the pavement. So other than using the 'net to plan their WACKJOB (so absurd that the NSA gronk who intercepted the traffic had to be taken to the hospital with a hernia from laughing so much), what *symbolic* cyber-terrorist acts could an aspiring WACKJOB plan? Keep in mind people value human life a little more computer records or property (excepting certain 'libertarian' folk). WACKJOBs would attack computer systems that would have an immediate affect on USers lives... but not permanent, and ones that would still allow USers to know it was a WACKJOB. It would have to be something that appeared to affect mainstream USers. Perhaps interfering with transportation or medical communications that allowed for a mass amount of injury or death in a short, tragic and dramatic burst. Seems securing these systems would be a priority. (Question: possibility of two systems of crypto, escrowed for general public and unescrowed for institutional systems which are more controlled, and where LEAs can get some access to because of the institutional nature?) [..] > Civilian targets are harder to protect, but certain steps can be > taken to lessen chances of a sucessful attack. Lesser chances of being hit by a falling WACKJOB are not the same as no chance of it. > Another method, and this would be very unpopular (and > hypocritical of the US) would be simply to announce that we (the Country) > are going to hold the _manufacturing_ nation responcible for the use of > weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a > city in the Soviet Union. MAD carried to a lower level. Feh! Maybe the Russians hate the WACKJOBs as much as the USers, but a corrupt or poor gronk in O-+>| ("The country formaerly known as Russia") sold nerve gas to a WACKJOB... or some WACKJOB stole it. Why hold them responsible?!? And what if it was stolen from a USer? Under that logic, we can go after the company that mined the steel used in the knife that killed Nicole Simpson (probably a few WACKJOBs would agree with that...) > A third option is quite simply to buy as much of it as possible. So WACKJOBs make their own nerve gas from common household ingredients like Olestra and NutriSweet. Then what? >> I expect a city or two to get nuked in the next decade or so. (Haifa or Tel >> Aviv would be my leading candidates.) To me, this is unsurprising. > My bets in the following order: [..] So the WACKJOBs decide that the center of PIGginess conspiracy happens to be in some rural BFE, hiding under the guise of the Fritters County Malitia and Bible Emporium or maybe in the local Federal Bureau of Ice Cream and Prophylactics Building and nuke the small town you just happen to live in. (Who would have suspected Oklahamo City?) Many terrorist strieks against Brittain or Israel/Palestine did not occur in major cities. Many did not occur in those countries, but on airlines or cruise ships, or in other countries where the targets are. If you are a USer, you are a target for a WACKJOB. Doesn't matter if you're in NYC or London or the middle of nowhere or taking an airplane from a WACKJOB-sympathizing country. Doesn't even matter if you're a WACKJOB sympathizer. > I don't think that terrorists in the middle east will pop a nuke as > they would get as many of their own as the "enemy". One of the things a > terrorist needs more than money is a place to hide, and if you are > killing your own people, they won't shield you. [..] Why only mideast groups? Why should *they* be the only terrorists? With the 'net, any group with a bone to pick can, in theory, go after bigger cyber-targets (in theory, anyway). And why nuking? One can understand up-and-coming-regional powers such as Iran or Iraq, Pakistan, trying to get stolen nukes, but not likely for terrorism. Not saying that no terrorist group would use nukes... but even a lot of stupid WACKJOBs know that nuking a major (or minor) US city would provoke a fierce response from the US, and probably a lot of other countries that felt equally under threat or wanted to disociate themselves from WACKJOBs. If a WACKJOB's friends or family felt nuking was too extreme, a WACKJOB becomes a pariah. Perhaps even the official WACKJOBs disociate themselves from the WACKJOBs who nuked some city... Terrorists want to demoralize their enemies, not anger them further. [..] > One objective of terrorism is/could be to lessen a populations faith > in "The System". Some possible situations [...] > > Trash a multi-store pharmacy database and people can't get their > prescriptions, or worse get the wrong one. Wrong ones? No. It can be recovered from, though with much inconveniencem for most people. Trashing a computerized pill-making system so the wrong medications were in the wrong pills would have more effect... but would it demoralize faith in the system? > Cause disturbances in certain parts of certain cities, then attack > the 911 system to route officers and firemen to _wealthy_ neigborhoods at > the expense of the poor neighborhoods. Then complain to the papers about > it. The 911 system doesn't work. Officers and firement only go the the wealthy neighborhoods in many cities and plenty of people already complain about it. WACKJOBs want a terrorist act that would be noticed... contributing to the status quo isn't an act of terrorism. > Gain control of the power grid (I don't know how possible this is) > and selectively brown out certain sections of the city during peak demand > periods. Make it obvious, then do the preceeding idea. Many places have backup generators or their own local systems. If you live in a hurricane or earthquake prone area your used to losing your electrcity. Possibly one could get a utility's computer system to dosconnect thousands of subscribers for not paying bills, which would incite anger against it (though chances are their computer system would do this without any human intervention). Differentiate between extortion ("give a million dollars to x account or all subscribers are disconnected"), vandalism/prank/K001 d00Z feat, system malfunction/bad programming, and WACKJOBs. They cannot be lumped together as generic 'terrorism'. It seems the pro-GAK and police-state forces focus on WACKJOBs when they use the term 'terrorists' (though they may label others as such for effect at times). > In all of these people will, or could die, but are much more > effective in undermining the faith people have in the structures that run > the country. If a bomb blast goes off, people get pissed off at the bomb > makers, if the power fails, people get pissed at the electrical company. > If you can create a large enough disturbances they will be better than > bombs. What is one trying to accomplish by creating a disturbance? To lead to a collapse of the nation state? Chances are widespread disturbance will lead to large-scale martial law, which would favor statists. The focus has been on larger, 'sexier' and 'heroic' acts of terrorism which are inappropriate to the 'net. What if the WACKJOBs manage to infect copies of Windoze 6.0 with a copy of a virus that destroys PIG-related files? Or if they vanadalize web pages, ftp- or gopher sites with (what they perceive as) PIG-related materials? Or a WACKJOB cancel-moose roaming Usenet? It also seems as if GAK- proposals would be a hinderance to measure to protect against such acts. Another reason the 'net is a "terrorist threat"... it allows "terrorist" groups to have a voice. Didn't a recent government paper cite Zapatista communiques as an example of this? Anti-terrorist measures are as much (if not mroe) thought 'protection' as they are property/life protection. "Terrorism" (as defined by the state) does more to stregthen the state, by creating a nebulous enemy that the state can put an ugly face on while seizing control to 'protect' itself. 'Cyberterrorism' is something the state uses to claim jurisdiction over the cybernetic ether, or by which certain consultants spread FUD for their own benefit. Situationist's comments about the "Protection Racket" come to mind here. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From nobody at REPLAY.COM Tue Jul 2 18:57:15 1996 From: nobody at REPLAY.COM (Anonymous) Date: Wed, 3 Jul 1996 09:57:15 +0800 Subject: No Subject Message-ID: <199607022101.XAA08988@basement.replay.com> At 06.39 AM 7/2/96 -0700, anonymous-remailer at shell.portal.com wrote: >Could someone post a pointer to a FAQ that tells what to do if you loose >your secret key file? How can you regenerate your private key so that the >userid number still matches the public key that has been distributed?? You can't. You're dead. Next time make a backup. From froomkin at law.miami.edu Tue Jul 2 19:10:13 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Wed, 3 Jul 1996 10:10:13 +0800 Subject: But what about the poor? In-Reply-To: <2.2.32.19960702103730.00bb4544@panix.com> Message-ID: On Tue, 2 Jul 1996, Duncan Frissell wrote: > At 11:25 PM 7/1/96 -0700, Bill Frantz wrote: > > >Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] > >These systems can best be described as key-rental systems. I bet you it's almost all fixed cost. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From ericd at shop.internet.net Tue Jul 2 19:12:22 1996 From: ericd at shop.internet.net (Eric Davis) Date: Wed, 3 Jul 1996 10:12:22 +0800 Subject: Message pools _are_ in use today! In-Reply-To: <199607021730.KAA18852@mail.pacifier.com> Message-ID: Hughes offers a downlink product called DirectPC. The back channel is your regular modem. Telco/Analog your requests to their servers and the data is delivered via your DSS dish, sent to your PC and decoded via an ISA card. (Opt. DES downlink encryption) http://www.direcpc.com/ The downlink is shared 500Kb/s ( I think ). Though you can schedule a higher BW channel for A/V applications (or so the lit reads). Think it supports multicast/broadcast by default... Eric Davis ----------------------------------------------------- Eric Davis ericd at internet.net Director of Information Systems 415-842-7400 (V) Internet Shopping Network 415-842-7415 (F) Visit our site at: http://www.isn.com Personal contact: ericd at cyberfarm.com KD6HTO (R) ----------------------------------------------------- There are no law enforcers if law itself they ignore. -- Inka Inka -- Step Back -- Myth of the Machine -- On Tue, 2 Jul 1996, jim bell wrote: > At 08:28 PM 7/1/96 -0700, David Wagner wrote: > > >If folks have better ideas for how to achieve really good recipient > >anonymity, I hope they'll speak up! > > Once they start offering Internet news/email/USENET feeds (one way) by > DSS-type dish antenna from satellite, it'll be mighty hard to figure out > who's receiving the data. They could probably easily provide 10 megabits per > second, which I assume would be more than enough for what's needed. > > (BTW, for a few years a company called "Planet Connect" has been providing > FIDOnet data feeds, although they use the older-style, large antenna > systems, and their data rate is 19.2kbps, not even close to enough for > Internet service.) > > Jim Bell > jimbell at pacifier.com > From jpp at software.net Tue Jul 2 19:12:41 1996 From: jpp at software.net (John Pettitt) Date: Wed, 3 Jul 1996 10:12:41 +0800 Subject: SAFE Forum Message-ID: <2.2.32.19960702211201.01023864@mail.software.net> At 10:57 AM 7/2/96 -0700, Rich Graves wrote: >On Mon, 1 Jul 1996, Bill Frantz wrote: > >> "Crime prevention ought to be part of the FBI's mission. [Herbert Lin, >> National Research Council] > >In case it's not clear, this was said with much sarcasm... i.e., today's FBI >is too often engaged in other pursuits. This in the context of explaining >that ubiquitous strong crypto is the best defense against computer crime. > >-rich > > Crime prevention is *never* part of their mission after all if crime is prevented it's hard to use the crime stats to justify the budget ... John Pettitt, jpp at software.net EVP, CyberSource Corporation, 415 473 3065 PGP Key available at: http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705 From elam at art.net Tue Jul 2 19:25:18 1996 From: elam at art.net (Lile Elam) Date: Wed, 3 Jul 1996 10:25:18 +0800 Subject: SAFE Forum--some comments Message-ID: <199607022147.OAA10677@art.net> Well, I went to SAFE and found that it was very helpful for me. I have been struggling with trying to figure out what I personally can do to help change the current state of cryptography in the US of A and found that alot of good suggestions were made at this conference. It was almost like a brainstorming event on how to get things (US politics and laws) going in the right direction in this field. Hearing leaders in the cryptography field speak was awesome. They were direct and to the point. And you could tell that they were being completely strait with everyone about the current situation and what the technology could/could-not do for us. The comment I kept hearing over and over was that we have to educate the public about what cryptography is and why it's important to everyone using computers to communicate. This public includes people who are not on the net and those who don't even know what the Internet is. So, now I have some ideas on what I, as an individual can do to help. Educating poeple about crypto. I work with alot of artists on the net (~300+) and will introduce crytography to them. We'll think of some cool ways to implement it in our work and in the process will learn how to use it. :) The SAFE t-shirts were great too... -lile (a webmaster at art.net) www.art.net From snow at smoke.suba.com Tue Jul 2 19:31:45 1996 From: snow at smoke.suba.com (snow) Date: Wed, 3 Jul 1996 10:31:45 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Tue, 2 Jul 1996, snow wrote: > Cause disturbances in certain parts of certain cities, then attack > the 911 system to route officers and firemen to _wealthy_ neigborhoods at > the expense of the poor neighborhoods. Then complain to the papers about > it. > > Gain control of the power grid (I don't know how possible this is) > and selectively brown out certain sections of the city during peak demand > periods. Make it obvious, then do the preceeding idea. > > In all of these people will, or could die, but are much more > effective in undermining the faith people have in the structures that run > the country. If a bomb blast goes off, people get pissed off at the bomb > makers, if the power fails, people get pissed at the electrical company. > If you can create a large enough disturbances they will be better than > bombs. > */ Ummm... Just in case anyone is thinking it right now, NO, I didn't. If this outage was deliberate, I had nothing to do with it. I was just postulating possibilities. Petro, Christopher C. petro at suba.com snow at crash.suba.com From llurch at networking.stanford.edu Tue Jul 2 19:33:22 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 10:33:22 +0800 Subject: PROMISe them anything (was Re: whitehouse dossier database?) In-Reply-To: <199607021547.LAA04235@unix.asb.com> Message-ID: On Tue, 2 Jul 1996, Deranged Mutant wrote: > On 1 Jul 96 at 23:39, Vladimir Z. Nuri wrote: > > > holy cow, is this real? Grabbe cites several credible references. > > Ask Phil Resuto. No, for the full story, look at: http://www.cco.net/~trufax/reports/bavarian.html > > Conspiracy Nation -- Vol. 8 Num. 30 I always thought this was a self-parody, like "50 Greatest Conspiracies of All Time." Looking through back issues again, I concede that he might be doing it on purpose. Which is an entirely different thing than saying he believes it. > > Stephens' software firm Systematics. The Citibank heist > > by Russian hackers, for example, took advantage of a back > > door in Citibank's Systematics software. (The Russian > > hackers were apparently aided by the son of one of Jim > > Leach's House Banking Committee investigators.) Have > > any major banks thought of instituting lawsuits over this > > deliberate breach of security on the part of a software > > supplier? > > Huh? I thought the Russian 'hackers' helped write the software, and > used one of their own backdoors. Shh. Never let the truth get in the way of a good rant. -rich http://www.c2.org/~rich/ From cme at cybercash.com Tue Jul 2 19:42:40 1996 From: cme at cybercash.com (Carl Ellison) Date: Wed, 3 Jul 1996 10:42:40 +0800 Subject: Self-signed certificates Message-ID: <2.2.32.19960702215220.002ff23c@cybercash.com> Here's some trouble-making I'm doing on another list (one that believes in X.509 certs and CAs).... :) - Carl >Date: Tue, 02 Jul 1996 17:34:46 -0400 >To: Greg.McPhee at Software.com (Greg McPhee) >From: Carl Ellison >Subject: Re: Self-signed certificates >Cc: ssl-talk at netscape.com > >At 01:51 PM 7/2/96 -0700, Greg McPhee wrote: >>> >>>If you have encountered an old friend of yours on the net and want to make >>>sure that you can exchange keys with her without some active eavesdropper >>>getting in the path and substituting keys, then a CA's cert is probably >>>worthless to you. [I have a paper at this month's USENIX Security Symposium >>>on this subject.] >> >>I want to understand why the "CA's cert" above is worthless. Assuming the >>"CA's cert" is a self signed certificate identifying a CA, then is it >>worthless because it is an untrusted CA, or because my old friend and I >>don't have personal certificates signed by this CA? >> >>Couldn't wait for the paper :-) > >OK -- at the risk of boring the list... :) > >There are many definitions for "identity". In this one case, I'm using the >example of an old friend. We meet again on the net and want to trade keys, >for private communications. Much of the loose talk over the years about >certificates says that if she and I have certificates from a good CA, then >we can be assured we aren't being spoofed. That statement isn't true. > >To state it more formally, a CA's certificate in this case is neither >necessary nor sufficient. > >The CA binds a key to *its name for a person* -- trying to make that name >globally unique and meaningful -- but all it can promise is to make the name >unique. It can't promise to make it meaningful *to me*. The CA is not >aware of my existence, much less of what I know about each person in the >world. There might be 100 certificates for "Sue Robinson" -- with various >other information to distinguish them from one another -- but when I knew >her she was going under the name of Laura and I have no clue what her other >distinguishing information is. I had lost touch with her. > >I could ask her, over the net, and she would tell me all those new bits of >information. > >Trouble is, I need an authenticated channel to her in order to be sure I'm >not being spoofed while she tells me her SNail address (or whatever makes >her cert unique). I can't get an authenticated channel without the cert. >Impasse. > >Thus the cert from the CA is not sufficient. > >It is also not necessary. The paper I'm presenting gives a protocol with >which Sue and I can use our shared memories (what makes us old friends in >the first place and, in a real sense, the *true* definition of "identity") >to prove to each other that there is no eavesdropper over a confidential >channel we create. Once we've done that, we then we can tell each other our >keys and each issue a cert for the other's key. At that point, we have >certified keys for each other without involving a CA. What's better, I have >her certified key from a "CA" I can trust above all others -- myself. > >[QED] > > - Carl From ichudov at algebra.com Tue Jul 2 20:10:25 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 3 Jul 1996 11:10:25 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: <199607022253.RAA31595@manifold.algebra.com> Timothy C. May wrote: > > >Another method, and this would be very unpopular (and > >hypocritical of the US) would be simply to announce that we (the Country) > >are going to hold the _manufacturing_ nation responcible for the use of > >weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a > >city in the Soviet Union. MAD carried to a lower level. > > You are essentially making my point, that the biggest danger of the current > responses to terrorism is that nations will turn to national terrorism and > police state tactics. Khm, have you thought about getting 2,000 nukes in response? - Igor. From um at c2.org Tue Jul 2 20:54:43 1996 From: um at c2.org (Ulf Moeller) Date: Wed, 3 Jul 1996 11:54:43 +0800 Subject: Message pools _are_ in use today! In-Reply-To: Message-ID: >alt.anonymous.messages is not an ideal message pool-- it is a hack. >(Granted, it *is* a really cool, clever, and practically useful hack.) I agree that alt.anonymous.messages is not perfect. But if you download all articles and don't post to alt.anonymous.messages without using a remailer, the only real threat are denial of service attacks with cancel messages etc. >If folks have better ideas for how to achieve really good recipient >anonymity, I hope they'll speak up! I think a DC+ net would achieve the same degree of anonymity more efficiently. (It's not trivial to estimate the traffic caused by a remailer net as proposed by Ian, so I may be wrong there.) From um at c2.org Tue Jul 2 20:56:28 1996 From: um at c2.org (Ulf Moeller) Date: Wed, 3 Jul 1996 11:56:28 +0800 Subject: Info on alleged new German digital wiretapping law? In-Reply-To: Message-ID: Rich Graves writes: >None of the Europeans I ran into at today's SAFE conference had even heard >of the legislation decried at > > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027 > >and in alt.fan.ernst-zundel. What's up? The report is correct. The mainstream press has completely ingnored the wiretap legislation, probably because it is part of the long-awaited new telecommunications law to end the Telekom monopoly. From frissell at panix.com Tue Jul 2 21:24:53 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 3 Jul 1996 12:24:53 +0800 Subject: LE Risks with No Crypto Message-ID: <2.2.32.19960703002028.00ba3b24@panix.com> Did anyone notice the fun little bit in the story of the bust of the Viper Militia in Arizona? The state employee that BATF sent to infiltrate the group almost "assumed room temperature" because an ally of the Militia working for AT&T pulled his long distance phone records. The infiltrator was questioned rather closely about some of his phone calls to official numbers. He managed to persuade them that he wasn't a Fed. Too bad AT&T doesn't use an encrypted open books system to store is records so that "bad guys" can't abuse those records and put our heroic law enforcement personnel at risk. This is a perfect illustration of the fact that technology puts the government most at risk because it will always be the juiciest target. "Worth the powder to blow it up with." DCF From ogren at cris.com Tue Jul 2 21:32:09 1996 From: ogren at cris.com (David F. Ogren) Date: Wed, 3 Jul 1996 12:32:09 +0800 Subject: Lack of PGP signatures Message-ID: <199607022343.TAA21050@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Jul 02 19:40:44 1996 I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. Atkins) do not seem to PGP clearsign their messages to this list. In fact, a surprisingly small percentage of messages on the C-punk list are signed. This despite the fact that the average subscriber is at least literate in PGP. Does anybody have any speculation on why this is? Is it because people consider mundane mail unimportant enough to sign? Is it because the members of this list are more concerned with encryption than authentication? Is it because most mail programs are not PGP aware? Is it because of the weaknesses in MD5? David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMdmzfeSLhCBkWOspAQEdaAf7BzkKqxVyzBY4TAKoSXqO2DhFpceMGfv1 WJhMXHCi9FnZuCHs2hl03vhf/DReX1Y6YWU9ntLhpO8kY6eDeRdq/M9eyD/le1df lZXewrfWrv/JSQgDEmUgao01EkVCVILAx/mUzeBTYPx0nx4CVKUw5pCOJvcO4oVs Y9K1w7ivSpVtwvonYSrqWjT3qDDXm2aCID+YlffH2c+nDBXPgv094fj5Fzzoi+4i sS8u/otxz8d2A+NlhqKJZWxkPtBi0AA2VO6L2Mx8ZmlwRWaD4EiTjaozusPq5GoE tEh9YIPt4+CJZTiLwRRh1x+OqWIDQOJMcDlLmNhiYxFYuevWhmbLPA== =/E0F -----END PGP SIGNATURE----- From jimbell at pacifier.com Tue Jul 2 21:33:51 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 12:33:51 +0800 Subject: But what about the poor? Message-ID: <199607030031.RAA12438@mail.pacifier.com> At 04:55 PM 7/2/96 -0700, Martin Minow wrote: >Jim Bell wants to get rich running a key escrow business (:-) >> >>Oh, but what a business opportunity! I assume a floppy can hold 1000 keys. >>Even if I undercut the going rate of $200 per year by a factor of 10, that's >>a potential income of $20,000 per floppy per year. A box of 20 floppies on >>the shelf, and I'm set for life! >> >Add in the cost of a bank vault I'm assuming that the keys are, themselves, encrypted. > and the ability to provide any key >to an approved law enforcement agency (i.e., one that provides you with >a legitimate search warrant for the key) with a 2 hour response time >(24/7/365). Easy solution! Make 'em show up at the front door. It'd cut down on the requests, I'd say... This would be an excellent way of getting around the "response time" requirement: The time the cops take to actually arrive and request the key is THEIR time, not that of the escrow agent. Locate the escrow agent in Encampment, Wyoming, and see how many can find it! > Also, you will have to take in keys as they are provided. However, this raises an interesting question: Can key-escrow agents change the terms of their operation to delete such responses (or slow them...) for the cops? Or, for that matter, can they charge the cops an arm and a leg for the key? (Say, $100,000 per?) Another question: The cops probably assume that the escrow agent is NOT going to inform the key holder that the key has been delivered. But if the stated policy of the escrow agent is that the key owner MUST be informed, what are the cops gonna do about it? Further, how are the cops going to evidence the existence of a valid warrant? (As opposed to a forgery?) Jim Bell jimbell at pacifier.com From hua at XENON.chromatic.com Tue Jul 2 21:49:59 1996 From: hua at XENON.chromatic.com (Ernest Hua) Date: Wed, 3 Jul 1996 12:49:59 +0800 Subject: Ken Bass: Wire tap only useful for conviction (Was: SAFE Forum--some comments) In-Reply-To: Message-ID: <199607030102.SAA05930@server1.chromatic.com> > And here I'll comment on Ken Bass's excellent comments (there were many > excellent points). > > He pointed out that the driving force for crypto policy is probably the > _law enforcement_ camp, not the _intelligence agency_ camp. Ken pointed out that law enforcement had to have gotten enough evidence prior to a wire tap request to show probable cause. If this is the case, then the only usefulness of wire taps is to improve the likelihood of conviction and not the detection of potential terrorist (or child molestation or your favorite bad guy) plots. Therefore, it is important to cut through the rhetoric and to challenge Reno and Freeh and others when they spout such non-sense, unless they are foreshadowing an Orwellian state (where you might as well expect a camcorder in every bedroom. After all, the most common case of child abuse/molestation/spousal abuse is in the home. Better protect the public!) Ern From jimbell at pacifier.com Tue Jul 2 21:52:48 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 12:52:48 +0800 Subject: Net and Terrorism. Message-ID: <199607030107.SAA14488@mail.pacifier.com> At 04:13 PM 7/2/96 -0500, snow wrote: >On Tue, 2 Jul 1996, snow wrote: >> Cause disturbances in certain parts of certain cities, then attack >> the 911 system to route officers and firemen to _wealthy_ neigborhoods at >> the expense of the poor neighborhoods. Then complain to the papers about >> it. >> >> Gain control of the power grid (I don't know how possible this is) >> and selectively brown out certain sections of the city during peak demand >> periods. Make it obvious, then do the preceeding idea. >> >> In all of these people will, or could die, but are much more >> effective in undermining the faith people have in the structures that run >> the country. If a bomb blast goes off, people get pissed off at the bomb >> makers, if the power fails, people get pissed at the electrical company. >> If you can create a large enough disturbances they will be better than >> bombs. Hey, great job Chris! Saw the news reports on the national news! B^) Jim Bell jimbell at pacifier.com From warlord at MIT.EDU Tue Jul 2 22:23:54 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 3 Jul 1996 13:23:54 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607022343.TAA21050@darius.cris.com> Message-ID: <199607030142.VAA29584@toxicwaste.media.mit.edu> > I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. > Atkins) do not seem to PGP clearsign their messages to this list. In fact, > a surprisingly small percentage of messages on the C-punk list are signed. > This despite the fact that the average subscriber is at least literate in > PGP. Actually, I don't PGP sign my messages because 95% of the time my connection to my mail host (the machine on which I read and respond to mail) is insecure. Composing the message, bringing the message to my local machine, running PGP, re-uploading the message, and sending it is a big deal and I don't consider it important enough for my everyday posts. When I send out notices that I consider important I do sign them. But that is fairly rare (at the moment). Basically, I refuse to type my passphrase over the net, which signing all my messages (this one included) would require. -derek From unicorn at schloss.li Tue Jul 2 22:28:49 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 3 Jul 1996 13:28:49 +0800 Subject: secure WWW on UNsecure servers In-Reply-To: Message-ID: On Fri, 28 Jun 1996, Joseph Sokol-Margolis wrote: > > How might one arrange for these encrypted web pages residing on an > > (unsecure) server to get decrypted only at the client's machine? Given the cost of high bandwidth connections and the practical necessity of surrendering control of the actual machine on which the server resides to have a decent connection at all, it seems to me that this possibility should be very seriously considered. It will allow virtual anonyminity of browsing and (with cooperative ISPs) allow anonymous maintaince of a page itself. The other alternative (maintaining control of the server and machine itself) requires substantially more work to foil traffic analysis and jurisdictional savvy employment to achieve the same effect. As usual, the mathamatic defense vastly exceeds the utility of the physical defense. To what extent will it be possible, e.g., to run a financial services web page from a server and still keep the server staff from knowing what the page is? It provides the ISP providing the server with liability protection, and presents many more anonymous possibilities. This, clearly, must be the best answer to turning web pages and WWW transactions into the kind of personal and private exchanges that PGP affords e-mail today. From AwakenToMe at aol.com Tue Jul 2 22:31:29 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Wed, 3 Jul 1996 13:31:29 +0800 Subject: hard drive encryption Message-ID: <960702214331_229961662@emout07.mail.aol.com> you told him to take his hard drive with him. but me on the other hand am wondering because I want my drive secure from everyone. While im here and not here. And Im definitely not going to take myt drive everywhere hehehe Sooo what other programs are out there?? Any shareware versiob..trials..etc.. that anyone knows any WWW sites of? Tanks! From jad at dsddhc.com Tue Jul 2 22:31:58 1996 From: jad at dsddhc.com (John Deters) Date: Wed, 3 Jul 1996 13:31:58 +0800 Subject: The Net and Terrorism Message-ID: <2.2.32.19960703005232.009d18e4@labg30> At 03:44 PM 6/30/96 -0700, you wrote: >in reality. it seems to me no nation-state has ever experimented with >trying to take away the root causes of violence and discontent. But here in the U.S., we ARE trying to take them away via the educational system. About the only thing we can effectively do is to provide more educational opportunities that denounce violence, racism, hate crimes, etc. However, you cannot eliminate discontent without eliminating greed; which is simply not possible. Even so, there are a couple of problems with even attempting "to take away the root causes", not the least of which is the Constitutionally protected right to free speech. I am allowed to teach my kid to hate anyone for any reason. I can blame this or that group for this set of troubles, and that the best way to deal with this is not only to scare them away, but to kill as many of them as possible. It may be morally repugnant, but it is protected speech. The countries that sponsor terrorists have not been noted for their successful educational systems. And they certainly are not going to listen to Western discussions on how best to solve their "problems". Do you still not accept that we have a world that contains people who exist in conditions that foster and breed terrorists? If not, look at some more concrete examples. Have you ever met an Islamic fundamentalist? How about a Christian fundamentalist? There really is no difference between them, other than the specific quotations that exit their pre-programmed mouths. When religion enteres the picture, no amount of logic will convince the true believers that they are acting destructively. Even moderately regligious Christians (the people to whom I have been most exposed) have very strong beliefs that X is the word of God, and therefore not subject to question. When this is some destructive (yet not obvious as such) statement, such as "Go forth and multiply", no amount of education or logic will convince them that Zero Population Growth is a good thing. I'm sure you can multiply this into all sorts of destructive behavior preached locally, such as the Southern Baptist preachers who refuse to denounce the maltreatment of blacks or the burning of black churches. There is no force of law that can alter this behavior. My point here is that this behavior is explicitly protected by the Bill of Rights. So, do you not accept that we have the environment right here that can breed violence and discontent? For the most part, I see kids today being educated with much less "hatred" than even my age group was brought up with (I'm 34). We're moving in the right direction by incorporating diversity in education, entertainment and the workplace, but we can never hope to erase it all. And if even one person retains the seed of violence, they can employ the "warfare of the weak" -- terrorism. >or that they are worth the money. terrorists invariably have a >patricular pathological psychological profile that sees the world >in terms of "martyrs vs. villians" with the villians in the government, >and the villians taking away or abusing respectable citizens. So your point here is one of *agreement* that human nature will produce psychological profiles of people who commit acts of terror. >the "problem" of terrorism will be solved when we take the view >that insanity and violence is *not* >a natural aspect of human behavior (as TCM tends to suggest), Even in spite of your argument above? Violence is here. It's been present since recorded history. We've gotten pretty good at it, actually. I think the record speaks pretty clearly that violence continues to be a part of human behavior, despite any efforts made to stop it. >and that >there are specific environmental conditions that breed it. like >malaria, if you take away the swamplike breeding grounds, you will >largely remove it. such a thing is a radical hypothesis, but one that >nonetheless has never really been tested in practice. As I said above, we can reduce some of the breeding grounds, but we can not eradicate them all. And if one were to conduct a study correlating racist attitudes with education with numbers of acts of terror, we might find a direct correlation. The U.S. has a level of tolerance for diversity that I only recently came to appreciate. We hosted a foreign exchange student from Scotland (hardly culture shock to him), but he surprised me when he commented on how surprised he was that different groups of people were mixed together -- black kids hanging out with white kids, catholics and protestants being friends, the sort of thing that I take for granted every day. He expected the subtle racism of home. And lets just say that Great Britain's culture is probably closer to ours than any other country. I am more than willing to agree with you that elimination of hatred and prejudice will go farther than any law enforcement measures to reduce terrorist acts. However, my point, and I believe this is Tim's point, too, is that it will *never* eliminate these acts, and that there must be other ways of dealing with the problems that occur. >>I'm not advocating such "terrorism," by the way, merely telling it like it is. >ah yes, the standard amusing TCM disclaimer. hmmm, your signature suggests >otherwise. This personal attack was completely unwarranted. Are you suggesting that Tim is a sponsor of terrorist attacks, or that he approves of the repeatedly demonstrated governmental penchant for violating our privacy whenever convenient? There was no point to making this statement, other than to foster discontent. >>(Remember, terrorism is just warfare carried on by other means, with >>apolgies to Von Clausewitz.) >disagree. the purpose of warfare has traditionally been to seize I completely disagree with you here. Terror has all the same purposes as general-purpose warfare: it's simply being carried out by a smaller group, without the resources available to an entire government. Look at the Irish Question: they want independance from a government they deem undesirable. Look at the arabian terrorist bombings of Americans in Saudi Arabia, Lebanon, etc.: they want to drive the U.S. Army out. Likewise, the bombing of the Murrah building in OK was a "military" target: it housed the agencies that some small group percieved to be responsible for the attack on Waco. Even the church building burnings happening across the southern U.S. appear to have a specific objective: to frighten the victims; and if the victims left the area, the terrorists would have accomplished their objectives. No hidden purposes here: these are all military actions being carried out by groups that are simply not in a position to negotiate. It is "warfare by the weak". You may think that you hold every answer to terrorism in your hand, that hugs and kisses before bedtime will make the evil monsters under the bed go away. The point of Tim's essay was that, yes, the net can be used by the evil monsters, and yes, the evil monsters are here, and no, the evil monsters are not going away any time soon. Why did you feel it necessary to try to slam his fairly well-researched and quite obvious conclusion? John -- J. Deters >From Senator C. Burns' Pro-CODE bill, which I support and you can find at: http://www.senate.gov/member/mt/burns/general/billtext.htm " (2) Miniaturization, disturbed computing, and reduced transmission costs make communication via electronic networks a reality." +---------------------------------------------------------+ | NET: jad at dsddhc.com (work) jad at pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'33"N by 93^16'42"W Elev. ~=290m (work) | | PGP Key ID: 768 / 15FFA875 | +---------------------------------------------------------+ From unicorn at schloss.li Tue Jul 2 22:32:33 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 3 Jul 1996 13:32:33 +0800 Subject: anonymous mailing lists In-Reply-To: <199606290404.XAA32220@manifold.algebra.com> Message-ID: On Fri, 28 Jun 1996, Igor Chudov @ home wrote: > How about this attack: suppose I want to find out who hides behind > an alias MightyPig at alpha.c2.org and I have the ability to monitor > all internet traffic. Then I simply start mailbombing that address > and see whose account gets unusually high traffic volume. > > A nice, albeit quite expensive, way of pretection from traffic analysis > is to create a mailing list (or a newsgroup) and forward all messages to > all users of that mailing list or newsgroup. Of course, since messages > are encrypted, only the recipients will be able to decrypt them. > > This way the list of suspects is all subscribers of that list or > newsgroup and there is no way to discriminate them. > > Instead of having messages to be sent to all recipients all the time, > alpha.c2.org may be programmed so that it sends out every message not to > only one recipient X, but to X and 20 other randomly selected people. > > It apparently makes traffic analysis much harder. > > Then users of alpha.c2.org will have to install mail filters that > automatically delete all incoming mail not intended to be read by them > (they can't read such messages anyway). > > - Igor. > I think that traffic analysis can be best defeated by powerful filtering rather than any kind of multiple sending. Eventually, (as the number of messages to a particular party increases beyond the number of distractor messages sent with each mailing) it will be possible to note the statistical difference in the number of messages send to the random 20 people and the actual recipiant. A mail bombing will still reveal the true identity of the addressee as the 20 distractor address will be randomly selected each time, and the addressee will not. Instead, one might suggest, the same 20 people should be sent to as distractors. Unfortunately this leaves the actual addressee open to disclosure when he/she responds to alpha forwarded messages (you were assuming all internet traffic would be monitored, thus the response timing would be a major clue). I think the real answer to this is going to be open access pools. All encrypted messages will be left in a collective pop account, accessable by anyone at all. An agent could easily be written to poll the pop account, download the entire queue of messages and locally decode and make available only the ones addressed to the addressee. I suspect the best policy would be to purge the pop account once a month of messages older than 2 months. Traffic analysis will reveal who polls the pop account, but not much else. I suppose this could even work today if someone wrote a clever agent to poll alt.anonymous.messages. From minow at apple.com Tue Jul 2 22:37:47 1996 From: minow at apple.com (Martin Minow) Date: Wed, 3 Jul 1996 13:37:47 +0800 Subject: But what about the poor? Message-ID: Jim Bell wants to get rich running a key escrow business (:-) > >Oh, but what a business opportunity! I assume a floppy can hold 1000 keys. >Even if I undercut the going rate of $200 per year by a factor of 10, that's >a potential income of $20,000 per floppy per year. A box of 20 floppies on >the shelf, and I'm set for life! > Add in the cost of a bank vault and the ability to provide any key to an approved law enforcement agency (i.e., one that provides you with a legitimate search warrant for the key) with a 2 hour response time (24/7/365). Also, you will have to take in keys as they are provided. Hmm, the SecureCard (tm) I use to dial into my office system generates one key per minute. Assume there are a million out there. Assume keys are 64 bits (8 bytes) + 64 bits of card ID. 16 Mbytes/minute is, according to the back of my envelope, just under 1/4 mbyte/sec, so each of those floppy's will fill up pretty quickly, and you'll need a really, really, big safe to put them in. Of course, Jim probably knows this. Martin. From unicorn at schloss.li Tue Jul 2 22:52:58 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 3 Jul 1996 13:52:58 +0800 Subject: fbi botches intel "ecspionage" case In-Reply-To: <199606291925.MAA12512@netcom3.netcom.com> Message-ID: On Sat, 29 Jun 1996, Vladimir Z. Nuri wrote: > > "economic espionage" (ecspionage?) is in full swing as being > promoted as the new bogeyman to justify spending billions of > dollars to our intelligence agencies, both military and > the FBI. Careful, the FBI only does counter-intel in this context. > > we already have a very good example where this has > backfired. I was watching Nightline on Tues night or > so in which there was info about how the FBI helped > get an informant into Intel in a *very* sensitive > position, where he was able to film the pentium chip > plans. he said he sold them, as I recall, > to iraq, syria, china, etc. Again, why was the FBI putting the informant into Intel? It was almost 100% certain to be related to a criminal or counter-intel matter. The fact that the informant may have appropriated information in the process and sold it to the highest bidder is a rebuke against the FBI's informant selection process, not against economic or industrial espionage, which the FBI does not do. > somehow we have missed a good public debate about > ecspionage in the country. there were a few NYT > editorials, but it is clearly being used as a very > major aspect of promoting the new post-cold-war spy > and intelligence strategy without almost any notice > by major analyists. It has gained a great deal of notice, you just have to know where to look. I suggest looking over e.g., the economist, foreign affairs, foreign policy, the international journal of intelligence and counterintelligence, signal.... > > I was thinking about all the objections I had to the > FBI ecspionage treatment that were never raised on the > program: I don't think you have a firm grasp on the role or part the FBI took in this matter. > 2. we have a tradition of separation of church and state in > this country, and also separation of the public government > and private industry. suddenly we have the FBI saying they > want to infiltrate companies to deal with economic espionage. Typically this is with the consent of the companies, or in response to complaints from same. This is COUNTER intelligence, not espionage or "ecspionage" (A silly and non-sensical term even if you were constructing it correctly here). > well, these companies have their own policy, and what do > they gain by having a government agency working inside them? See my comment above. > in the above case I note, it led to exactly the *opposite* > of what was intended: the theft of *highly*sensitive* plans > by an FBI mole. Not the first time, certainly will not be the last. Again, it's a question of procedure, not of the validity of the program. > 3. hence, one wonders if the FBI could do a better job of > combating ecspionage I believe you mean economic intelligence here, not economic espionage, or industrial espionage, or "ecspionage." > if someone else can give more info on this case (apparently > a book is coming out about it or something) including the > guy's name, I'd appreciate it, I didn't take any notes so > this is a bit fuzzy. Try to be more careful about the roles of the various parties in your (otherwise interesting) commentary. From frantz at netcom.com Tue Jul 2 22:55:01 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 3 Jul 1996 13:55:01 +0800 Subject: SAFE Forum--some comments Message-ID: <199607030157.SAA17571@netcom8.netcom.com> At 2:47 PM 7/2/96 -0700, Lile Elam wrote: >The comment I kept hearing over and over was that we have to >educate the public about what cryptography is and why it's important >to everyone using computers to communicate. This public includes >people who are not on the net and those who don't even know what the >Internet is. Absolutely! The image of postcards vs. letters may be the most effective metaphor. > www.art.net Check it out. Well worth the visit. (And if, like me, you are limited to 28.8, well, you can practice your Zen.) ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From tcmay at got.net Tue Jul 2 22:58:35 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 3 Jul 1996 13:58:35 +0800 Subject: Net and Terrorism. Message-ID: At 9:13 PM 7/2/96, snow wrote: >On Tue, 2 Jul 1996, snow wrote: >> Gain control of the power grid (I don't know how possible this is) >> and selectively brown out certain sections of the city during peak demand >> periods. Make it obvious, then do the preceeding idea. > Ummm... Just in case anyone is thinking it right now, NO, I >didn't. If this outage was deliberate, I had nothing to do with it. I was >just postulating possibilities. Hmmhhh....I post about the "Net and Terrorism" on Sunday, and the Viper Militia and their plans to blow up several courthouses in Phoenix are revealed a few hours later....Snow posts about using computers to knock out the power grid, and a few hours later power goes out over 15 western states.... Coincidence? I think not. But we can test this hypothesis: "Alien spaceship images will appear in thousands of darkened rooms and will trigger mass hysteria." We'll find out tomorrow if Cypherpunks really do have the Power. --Tim Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From blancw at microsoft.com Tue Jul 2 23:00:37 1996 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 3 Jul 1996 14:00:37 +0800 Subject: Net and Terrorism. Message-ID: >From: tcmay at got.net > > >"Alien spaceship images will appear in thousands of darkened rooms and >will trigger mass hysteria." ............................................................... Scheduled for July 4th, "at a theater near you". > .. >Blanc From unicorn at schloss.li Tue Jul 2 23:13:19 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 3 Jul 1996 14:13:19 +0800 Subject: FTS2000 and Encryption? In-Reply-To: <199606302206.SAA01870@nrk.com> Message-ID: On Sun, 30 Jun 1996, David Lesher wrote: > > I imagine that we'll see contining developments in the STU-III area (the > > most popular crypto phone in Government use), as well as new devices > > supporting Type I and Type II crypto for use on the FTS2000 nets. > > I've heard an ISDN STU-III is either out or coming RSN. I have an AT&T prototype. I don't know if they are freely available yet. > > One bugaboo I recall was that FTS2000 would not let us make a frac > T1 off-net connection. Alas, that included the remote diagnostic > number of the equip. mfgr ;-{ > > -- > A host is a host from coast to coast.................wb8foz at nrk.com > & no one will talk to a host that's close........[v].(301) 56-LINUX > Unless the host (that isn't close).........................pob 1433 > is busy, hung or dead....................................20915-1433 > From declan at well.com Tue Jul 2 23:16:09 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 3 Jul 1996 14:16:09 +0800 Subject: F-C Dispatch #16: DoJ files appeal, Supreme Court ho! Message-ID: ----------------------------------------------------------------------------- Fight-Censorship Dispatch #16 ----------------------------------------------------------------------------- Justice Department files appeal, Supreme Court ho! ----------------------------------------------------------------------------- By Declan McCullagh / declan at well.com / Redistribute freely ----------------------------------------------------------------------------- In this dispatch: Justice Department's appeal means long, tortuous process A mysterious "Order on Motion for Clarification" Text of Justice Department's Notice of Appeal July 2, 1996 WASHINGTON, DC -- The Department of Justice yesterday appealed the Philadelphia court's decision striking down the Communications Decency Act, a move that sets the stage for a long, tortuous climb to the Supreme Court. The government's "Notice of Appeal" is a terse, two-page statement saying they "hereby appeal" the "Adjudication and Order entered June 12," the day the special three-judge panel unanimously declared the CDA to be unconstitutional and blocked the Justice Department from enforcing it. Next move is the DoJ's. They have until September 1 to file a "jurisdictional statement" arguing that the Supreme Court should hear their appeal. The Supreme Court doesn't automatically have to accept jurisdiction, notes Ann Beeson, an attorney with the ACLU. "The Supreme Court can still decline to exercise jurisdiction over the case," she says, adding: "They do not have the same kind of discretion they have in a cert petition." All the DoJ has to do is convince the Supremes that there's "still a substantial federal question," says Beeson. "If they're not convinced there is a question, they can decline the appeal." But by all accounts, there's precious little chance of that happening. After Justice files the jurisdictional statement, our attorneys have 30 days to file a response -- and then when the next term begins on October 7, the Supremes will meet to discuss the case. (If the procedure is anything like granting cert, the votes will be cast in a secret conference attended only by the justices and the actual vote won't be disclosed.) The climb to the nation's highest court will be only partly over by then, since the court's decision to consider our case marks the start of the briefing schedule. The government will have 45 more days to file their arguments saying why the Philadelphia decision was wrong; we have 30 more days to rebut. If the Department of Justice -- hardly the speediest bureaucracy in DC -- uses all of their alloted time, the paperwork won't be complete until Christmas. And then the Supremes need plenty of time to digest it. So everyone's best guess is that the Supreme Court will hear the combined ACLU and ALA coalition lawsuits early next year -- just in time for the rescheduled Electronic Freedom March on the nation's Capitol. As I wrote in a recent HotWired column: "The ACLU predicts the Supreme Court will issue a decision near the close of the next term, which ends in July 1997 -- just in time for Congress to try again." +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ THE MYSTERIOUS "ORDER ON MOTION FOR CLARIFICATION" +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ You might be surprised by a mysterious sentence in the text of the Justice Department's notice of appeal talking about a "Order on Motion for Clarification" the court issued on June 28. Not to worry. The judges ruled so vigorously in our favor that the DoJ wanted to be sure the government could prosecute anyone they think may violate other parts of the CDA. "Because of the wording of the court's actual order, they unwittingly called into question whether the DoJ could enforce the provisions of the CDA that we didn't challenge," says Ann Beeson from the ACLU. The Philadelphia court quickly issued the clarification. +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ TEXT OF JUSTICE DEPARTMENT'S "NOTICE OF APPEAL" +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF PENNSYLVANIA _____________________________________________________________ AMERICAN CIVIL LIBERTIES UNION, : CIVIL ACTION et al., Plaintiffs; : No. 96-963 : v. : : JANET RENO, in her official : capacity as Attorney General of : the United States, Defendant. : _____________________________________________________________ AMERICAN LIBRARY ASSOCIATION, : CIVIL ACTION INC., et al., Plaintiffs; : No. 96-1458 : v. : : UNITED STATES DEP'T OF JUSTICE, : et al., Defendants. : _____________________________________________________________ DEFENDANTS' NOTICE OF APPEAL Notice is hereby given that defendant Janet Reno, in her official capacity as Attorney General of the United States, hereby appeals, pursuant to section 561(b) of the Telecommunications Act of 1996, Pub. L. No. 104-104, Sec.561(b), 110 Stat. 143, to the Supreme Court of the United States from the Adjudication and Order entered June 12, 1996, as clarified by the Order on Motion for Clarification entered on June 28, 1996, in American Civil Liberties Union et al. v. Reno, Civ. A. No. 96-0963 (E.D. Pa.). Notice is also hereby given that defendants United States Department of Justice and Janet Reno, in her official capacity as Attorney General of the United States, hereby appeal, pursuant to section 561(b) of the Telecommunications Act of 1996, Pub. L. No. 104-104, Sec.561(b), 110 Stat. 143, to the Supreme Court of the United States from the Adjudication and Order entered June 12, 1996, as clarified by the Order on Motion for Clarification entered on June 28, 1996, in American Library Ass'n, et al. v. Department of Justice, et al., Civ. A. No. 96-1458 (E.D. Pa.). Respectfully Submitted, MICHAEL R. STILES United States Attorney MARK R. KMETZ Assistant United States Attorney FRANK W. HUNGER Assistant Attorney General Civil Division DENNIS G. LINDER Director, Federal Programs Branch [signed] ANTHONY J. COPPOLINO Trial Attorney [signed] JASON R. BARON PATRICIA M. RUSSOTTO Trial Attorneys United States Department of Justice Civil Division Federal Programs Branch 901 E. Street N.W. Washington, Dc 20530 Tel: (202) 514-4782 Date: July 1, 1996 ----------------------------------------------------------------------------- MEA CULPA. In F-C Dispatch #13, I wrote that the Washington Post ran an article "on the first page of the Outlook section bashing "self-indulgent dross" and "crap" on the Net. I neglected to mention that John Schwartz and Kara Swisher had an excellent rebuttal inside. ----------------------------------------------------------------------------- Mentioned in this CDA update: HotWired column on what kind of net-censorship Congress will try next: http://www.hotwired.com/netizen/96/24/declan4a.html Fight-Censorship Dispatch #13: http://fight-censorship.dementia.org/dl?num=2741 Fight-Censorship list Int'l Net-Censorship Justice on Campus This document and previous Fight-Censorship Dispatches are archived at: To subscribe to future Fight-Censorship Dispatches and related announcements, send "subscribe fight-censorship-announce" in the body of a message addressed to: majordomo at vorlon.mit.edu Other relevant web sites: ----------------------------------------------------------------------------- From ghio at myriad.alias.net Tue Jul 2 23:23:33 1996 From: ghio at myriad.alias.net (Matthew Ghio) Date: Wed, 3 Jul 1996 14:23:33 +0800 Subject: Sameer on C-SPAN In-Reply-To: <199607020123.UAA19678@alpha.jpunix.com> Message-ID: <199607030242.TAA13879@myriad> bluebreeze at nym.jpunix.com (Blue Breeze) wrote: > > Not everything. No picture of Sameer!? That's what I'd like to see. There's one in the latest WebSmith magazine. From frantz at netcom.com Tue Jul 2 23:27:49 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 3 Jul 1996 14:27:49 +0800 Subject: Lack of PGP signatures Message-ID: <199607030207.TAA18393@netcom8.netcom.com> At 7:43 PM 7/2/96 -0400, David F. Ogren wrote: >I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. >Atkins) do not seem to PGP clearsign their messages to this list. In fact, >a surprisingly small percentage of messages on the C-punk list are signed. >This despite the fact that the average subscriber is at least literate in >PGP. > >Does anybody have any speculation on why this is? I want implausible deniability for the mistakes I make. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From markm at voicenet.com Tue Jul 2 23:40:31 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 3 Jul 1996 14:40:31 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607022343.TAA21050@darius.cris.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 2 Jul 1996, David F. Ogren wrote: > I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. > Atkins) do not seem to PGP clearsign their messages to this list. In fact, > a surprisingly small percentage of messages on the C-punk list are signed. > This despite the fact that the average subscriber is at least literate in > PGP. > > Does anybody have any speculation on why this is? > > Is it because people consider mundane mail unimportant enough to sign? This is one reason. I think that there are several other reasons: -- Someone may be using a machine at work or on a multiuser UNIX system which is untrusted and insecure. In the case of a UNIX account, one could compose a message off-line and rz it using a term program, but that is a major hassle. -- Many email programs do not have support for PGP so signing a message often requires a lot of cutting and pasting. -- PGP may not work on the computer a person is using for Internet access or the system might be too slow to use PGP. > > Is it because the members of this list are more concerned with encryption > than authentication? I think they are both equally important. The point of public-key cryptography is the ability to communicate with a person without having a secure channel to exchange keys. Once keys can be transmitted using the same medium used for the encrypted traffic, it makes a MITM or denial-of-service attack much easier. There has to be some out-of-band method to authenticate keys. Without authentication, a lot of the security that could be gained by using PK crypto is lost. > > Is it because most mail programs are not PGP aware? I don't know of any mail programs that can use PGP (I know there are various interfaces, sendmail wrappers, and other hacks, but I have yet to see a mailer with an "Encrypt" or "Sign" option. > > Is it because of the weaknesses in MD5? Doubtful. PGP authentication is better than no authentication. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdnnBLZc+sv5siulAQEIpAP/WesfBknwJeUnNIZzYtLkJkqR7hMu2jYz 9migOABikpYDwe0H8Dfn34ff3bab5xncoJ7M8l0HmvrISMjeFp9DpKXT0yJ0rk7a HymHCGyGpJXjQ+snbLoyEQbB4DzcE+BjihSM2upmIMhQbH3paEagc41VwL+udfVA EsWUux6Yato= =8SiH -----END PGP SIGNATURE----- From jimbell at pacifier.com Wed Jul 3 00:01:07 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 15:01:07 +0800 Subject: Message pools _are_ in use today! Message-ID: <199607030340.UAA22879@mail.pacifier.com> At 01:13 PM 7/2/96 -0700, Eric Davis wrote: > >Hughes offers a downlink product called DirectPC. >The back channel is your regular modem. >Telco/Analog your requests to their servers >and the data is delivered via your DSS dish, >sent to your PC and decoded via an ISA card. >(Opt. DES downlink encryption) >http://www.direcpc.com/ > >The downlink is shared 500Kb/s ( I think ). >Though you can schedule a higher BW channel >for A/V applications (or so the lit reads). Anybody know what the total average bps rate for, say, USENET is? >Think it supports multicast/broadcast by default... It sounds like it might be a good addition to a network of remailers... Jim Bell jimbell at pacifier.com From minow at apple.com Wed Jul 3 00:06:28 1996 From: minow at apple.com (Martin Minow) Date: Wed, 3 Jul 1996 15:06:28 +0800 Subject: SAFE Forum--some comments Message-ID: John Pettitt recalls an question from the audience at the SAFE conference: > >One questioner from the audience made an interesting point that given >that most of american can't seta vcr clock crypto will be totally >beyond them unless it becomes pervasive ("you can buy it at radio shack"). > It's not quite that bad. Here are a few (more or less strong) crypto products you might not know you have: 1. Every Macintosh made since at least 1988 has a secure authentication client module in the AppleShare Chooser dialog. When you use it to connect to a remote server, it notes that the user information is "two-way scrambled." (The server sends a random number challenge that the client uses to encrypt the username and password. The encrypted information is sent to the server.) All Macintosh systems running System 7 or later have the corresponding server software. What is interesting about this is that the encryption is completely invisible to the user. 2. At least one garage door opener company offers an opener that resets itself -- an intruder can't record the signal and play it back as the "key code" is one-time only. However, I agree with the questioner regarding the "set VCR problem." I suspect that the major problems in deploying strong crypto will be in marketing and human engineering -- and that the current regulatory environment adds to the difficulty by removing marketing incentives to do high-quality human engineering. Note that the VCR companies have solved the vcr problem by receiving a timecode from a local television station -- making the problem invisible to the end user. We should be able to do the same with strong crypto. Martin Minow minow at apple.com From ogren at cris.com Wed Jul 3 00:18:36 1996 From: ogren at cris.com (David F. Ogren) Date: Wed, 3 Jul 1996 15:18:36 +0800 Subject: Lack of PGP signatures Message-ID: <199607030350.XAA21619@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Jul 02 23:47:42 1996 > This is one reason. I think that there are several other reasons: > > -- Someone may be using a machine at work or on a multiuser UNIX system > which > is untrusted and insecure. In the case of a UNIX account, one > could > compose a message off-line and rz it using a term program, but that > is a > major hassle. > From the responses I received, this one may be a biggie. And it's one that we can't do much about remedying. > > Is it because most mail programs are not PGP aware? > > I don't know of any mail programs that can use PGP (I know there are > various > interfaces, sendmail wrappers, and other hacks, but I have yet to see a > mailer > with an "Encrypt" or "Sign" option. > I'm beta testing a PGP aware mailer right now called Pronto Secure. It will be a great program when its release. Requires almost no PGP knowledge. Everything is almost perfectly transparent to the user. There is also Private Idado, of course, but that's a little harder to use, and doesn't have the features of a full-fledged mailer. I figure that if strong encryption becomes legal to export from the US (making international standards easier to implement), we may see more programs like these. David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMdntX+SLhCBkWOspAQGNgAf/VD/h7sVi/lhIJHSZMtJ262TIE7l++nRh igjbX3PQeIIWrkWuilqarpuYMPwmOXB1OTn38MGkiwGENpAjsX7dS7+kyv/uh5IH OY250DUMdiVW8YqYRknXo2lnOQDxtBWxO/aoDdJoFMRYHYaIBQGtAeg4WpbTjK19 OwdhtDSoXtY8EqdJJHctJcN1Ds7crJWI1v6vmR/I3AhvHMZZrmMuv1Dczsyn3aTj P+wqspkp1oXztRQwP4VCEDpd7X2RGI74fICuJcf0+lRFoIH1o/gI50zLca+b/nq4 I3gn8Vo+LdUzmVpWNkrbW3YhMPyaIIYxFQ36BBT1A/KqliUvZooUgA== =l17m -----END PGP SIGNATURE----- From tcmay at got.net Wed Jul 3 00:18:46 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 3 Jul 1996 15:18:46 +0800 Subject: The Net and Terrorism Message-ID: Not knowing enough of the posting of John Deters, I can't tell where he is being facetious, where I agree with him, and where I really disagree with him. So, take my comments as responding directly to what I perceive his points to actually be: At 12:52 AM 7/3/96, John Deters wrote: >But here in the U.S., we ARE trying to take them away via the educational >system. About the only thing we can effectively do is to provide more >educational opportunities that denounce violence, racism, hate crimes, etc. >However, you cannot eliminate discontent without eliminating greed; which is >simply not possible. As I see it, the more "educated" a subgroup becomes, in terms of "education" about "the dominant political power structure," the more they see the world in dark terms, and resent it. The more "educated" an ethnic subgroup is about "racism" is, the more racist they themselves are. (I learned this in 1970 when I went away to college in California and found an entire racial/ethnic subgroup totally consumed by fears of persecution and racism, so much so that they could only study their own persecution and so screwed themselves out of any reasonable chance of succeeding in the American culture.) By the way, the accepted name for this is: "victimology." >Even so, there are a couple of problems with even attempting "to take away >the root causes", not the least of which is the Constitutionally protected >right to free speech. I am allowed to teach my kid to hate anyone for any >reason. I can blame this or that group for this set of troubles, and that >the best way to deal with this is not only to scare them away, but to kill >as many of them as possible. It may be morally repugnant, but it is >protected speech. I certainly agree with this. Many people and subgroups are losing sight of this basic point. (Of course, their confusion is partially explained by the fact that they have grown up believing that government schools are responsible for instilling proper ethical values.) >The countries that sponsor terrorists have not been noted for their >successful educational systems. And they certainly are not going to listen >to Western discussions on how best to solve their "problems". And those who think the government school system _is_ responsible for teaching moral and ethical values should ponder the issue of just what moral and ethical values were taught by the official schools of Alabama and Mississippi in the 1920s, 30s, 40s, and 50s. Duh. When you dance with the Devil, you dance to his tune. >For the most part, I see kids today being educated with much less "hatred" >than even my age group was brought up with (I'm 34). We're moving in the I'm 44 and I see just the opposite. Today's kids spout platitudes about "Why can't we all just get along?" without any clues about what they mean. 99% of kids interviewed cite "racism" as the world's Number One problem, showing their education to be a complet failure. --Tim May P.S. I planned to stop here, in the interests of brevity, but: >The U.S. has a level of tolerance for diversity that I only recently came to >appreciate. We hosted a foreign exchange student from Scotland (hardly >culture shock to him), but he surprised me when he commented on how >surprised he was that different groups of people were mixed together -- >black kids hanging out with white kids, catholics and protestants being >friends, the sort of thing that I take for granted every day. > >He expected the subtle racism of home. And lets just say that Great >Britain's culture is probably closer to ours than any other country. Well, on these points I agree. Non-U.S. countries often cluck about America's well-publicized race problems, but we are far more integrated and mixed than are most countries (and I lived for a year in Europe and have visited a few times since). >I am more than willing to agree with you that elimination of hatred and >prejudice will go farther than any law enforcement measures to reduce >terrorist acts. However, my point, and I believe this is Tim's point, too, >is that it will *never* eliminate these acts, and that there must be other >ways of dealing with the problems that occur. One of my "meta-points" is to try to move the discussion beyond comments about "hatred and prejudice," which I find to be code words for meaningless chatter which misses the real issues. (No offense to John Deters is intended.) >You may think that you hold every answer to terrorism in your hand, that >hugs and kisses before bedtime will make the evil monsters under the bed go >away. The point of Tim's essay was that, yes, the net can be used by the >evil monsters, and yes, the evil monsters are here, and no, the evil >monsters are not going away any time soon. Why did you feel it necessary to >try to slam his fairly well-researched and quite obvious conclusion? Thanks for the comments, John. My main point was that we should not give up basic American (and "western") values for the sake of reducing terrorism. (Ironically, one of the basic notions of terrorism of certain sorts is that the very acts of terrorism will bring on some state which will further the causes of the terrorists...the Hegelian triatica and all that revolutionary stuff, etc.) The terrorists should not be given a victory of sorts by implementing martial law to reduce further attacks. --Tim, again Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Wed Jul 3 00:25:05 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 15:25:05 +0800 Subject: SAFE Forum--some comments Message-ID: <199607030434.VAA25837@mail.pacifier.com> At 07:00 PM 7/2/96 -0700, Bill Frantz wrote: >At 2:47 PM 7/2/96 -0700, Lile Elam wrote: >>The comment I kept hearing over and over was that we have to >>educate the public about what cryptography is and why it's important >>to everyone using computers to communicate. This public includes >>people who are not on the net and those who don't even know what the >>Internet is. > >Absolutely! The image of postcards vs. letters may be the most effective >metaphor. However, that AT+T fellow who revealed the phone records to the militia group would also be an appropriate comparison to destroy the "key-escrow" idea. I assume AT+T had procedures in place which were SUPPOSED TO prevent this. Well, key-escrow agents "will" also have similar procedures. Why should we assume they will be more reliable? Jim Bell jimbell at pacifier.com From alano at teleport.com Wed Jul 3 00:25:41 1996 From: alano at teleport.com (Alan Olsen) Date: Wed, 3 Jul 1996 15:25:41 +0800 Subject: Sameer on C-SPAN Message-ID: <2.2.32.19960703041841.00b01ffc@mail.teleport.com> At 07:42 PM 7/2/96 -0700, you wrote: >bluebreeze at nym.jpunix.com (Blue Breeze) wrote: >> >> Not everything. No picture of Sameer!? That's what I'd like to see. > >There's one in the latest WebSmith magazine. As well as his article on writing modules for Apache servers... [BTW, the issue number is no 4.] A worthwhile magazine if you write code for web servers. Now all I have to do is come up with a few ideas for modules... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From jimbell at pacifier.com Wed Jul 3 00:43:02 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 15:43:02 +0800 Subject: But what about the poor? Message-ID: <199607030429.VAA25505@mail.pacifier.com> At 10:16 PM 7/2/96 -0500, snow wrote: >On Tue, 2 Jul 1996, jim bell wrote: >> stated policy of the escrow agent is that the key owner MUST be informed, >> what are the cops gonna do about it? >> >> Further, how are the cops going to evidence the existence of a valid >> warrant? (As opposed to a forgery?) > > The judge that issues it will digitally sign it. You can check the >signature block. However, what about an UNCOOPERATIVE escrow agent? (one who insists on signed paper, or for that matter insists that the judge himself shows up.) Or one, at least, who sites himself in Borneo, on the top of a 4000 foot mountain, with a 386 laptop computer and a box of floppies, and who promises 2 hour services to anybody who shows up? No email, no fax, no phone, no light, no motor car, not a single luxury....oooops....sorry about that...not even radio. Moreover, if the escrow agent is out of the country, can any domestic laws force him to divulge keys? Jim Bell jimbell at pacifier.com From blancw at MICROSOFT.com Wed Jul 3 00:47:58 1996 From: blancw at MICROSOFT.com (Blanc Weber) Date: Wed, 3 Jul 1996 15:47:58 +0800 Subject: fbi botches intel "ecspionage" case Message-ID: >From: Black Unicorn > >On Sat, 29 Jun 1996, Vladimir Z. Nuri wrote: > >> 3. hence, one wonders if the FBI could do a better job of >> combating ecspionage > >I believe you mean economic intelligence here, not economic espionage, >or >industrial espionage, or "ecspionage." ............................................................... One day in a future galaxy, "ecspionage" will involve locating "flits"..... .. Blanc From perry at piermont.com Wed Jul 3 01:13:19 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 3 Jul 1996 16:13:19 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607022343.TAA21050@darius.cris.com> Message-ID: <199607030500.BAA26348@jekyll.piermont.com> "David F. Ogren" writes: > Atkins) do not seem to PGP clearsign their messages to this list. In fact, > a surprisingly small percentage of messages on the C-punk list are signed. > This despite the fact that the average subscriber is at least literate in > PGP. > > Does anybody have any speculation on why this is? I'd say this is it: > Is it because most mail programs are not PGP aware? From die at pig.die.com Wed Jul 3 01:18:46 1996 From: die at pig.die.com (Dave Emery) Date: Wed, 3 Jul 1996 16:18:46 +0800 Subject: Message pools _are_ in use today! In-Reply-To: <199607021730.KAA18852@mail.pacifier.com> Message-ID: <9607030513.AA24821@pig.die.com> > > At 08:28 PM 7/1/96 -0700, David Wagner wrote: > > >If folks have better ideas for how to achieve really good recipient > >anonymity, I hope they'll speak up! > > > (BTW, for a few years a company called "Planet Connect" has been providing > FIDOnet data feeds, although they use the older-style, large antenna > systems, and their data rate is 19.2kbps, not even close to enough for > Internet service.) > There is another small company (used to be called Pagesat and now called NCIT) that provides a 115.2 kb compressed (gzip) forward error corrected feed of the entire USENET in near real time over a Ku band satellite - not big ugly 8-10 foot dish C band, but a 1 meter VSAT style fixed offset fed Ku dish (bigger than DSS - more the size of Primestar). (Satellite is K2 and soon will be GE-1). Pagesat/NCIT markets this service primarily to medium and small size ISPs, but it is available to individuals willing to pay $400/yr for the service and about $600-$1000 for the hardware. Dave Emery die at die.com From llurch at networking.stanford.edu Wed Jul 3 01:18:53 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 16:18:53 +0800 Subject: SAFE Forum--some comments In-Reply-To: <199607022147.OAA10677@art.net> Message-ID: On Tue, 2 Jul 1996, Lile Elam wrote: > So, now I have some ideas on what I, as an individual can do to > help. Educating poeple about crypto. I work with alot of artists > on the net (~300+) and will introduce crytography to them. We'll > think of some cool ways to implement it in our work and in the > process will learn how to use it. :) A good toy to share might be CryptaPix, an image viewer with integrated crypto, http://execpc.com/~kbriggs/ as seen on comp.os.ms-windows.announce on 5/24. -rich From llurch at networking.stanford.edu Wed Jul 3 01:20:00 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 16:20:00 +0800 Subject: Message pools _are_ in use today! In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Ulf Moeller wrote: > >alt.anonymous.messages is not an ideal message pool-- it is a hack. > >(Granted, it *is* a really cool, clever, and practically useful hack.) > > I agree that alt.anonymous.messages is not perfect. But if you > download all articles and don't post to alt.anonymous.messages > without using a remailer, the only real threat are denial of > service attacks with cancel messages etc. You could also read alt.anonymous.messages by pointing The Anonymizer at AltaVista. Their news feed expires pretty quick, but it's probably just as fast and reliable as yours, if not better. -rich From declan at well.com Wed Jul 3 01:25:05 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 3 Jul 1996 16:25:05 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: CyberWire Dispatch // Copyright (c) 1996 // Jacking in from the "Keys to the Kingdom" Port: Washington, DC -- This is a tale of broken codes, betrayal of a social contract, morality run amuck, and a kind of twisted John Le Carre meets the Crying Game encounter. For a range of companies producing so-called "blocking software" designed to keep kids from accessing undesirable material in cyberspace, the road to such a moral high ground turns out to be a slippery slope. These programs, spawned in the wake of the hysteria over how much porn Junior might find on the Net, have chosen the role of online guardians. The resulting array of applications, including names like SurfWatch, CyberPatrol, NetNanny and CyberSitter, acts as a kind of digital moral compass for parents, educators, paranoid Congressmen, and puritanical PTAs. Install the programs and Junior can't access porn. No fuss, no muss, no bother. "Parental empowerment" is the buzzword. Indeed, it was these programs that helped sway the three-judge panel in Philly to knock down the Communications Decency Act as unconstitutional. But there's a darker side. A close look at the actual range of sites blocked by these apps shows they go far beyond just restricting "pornography." Indeed, some programs ban access to newsgroups discussing gay and lesbian issues or topics such as feminism. Entire *domains* are restricted, such as HotWired. Even a web site dedicated to the safe use of fireworks is blocked. All this might be reasonable, in a twisted sort of way, if parents were actually aware of what the programs banned. But here's the rub: Each company holds its database of blocked sites in the highest security. Companies fight for market share based on how well they upgrade and maintain thhat blocking database. All encrypt that list to protect it from prying eyes --- until now. Dispatch received a copy of each of those lists. With the codes cracked, we now held the keys to the kingdom: the results of hundreds, no, thousands of manhours of smut-surfing dedicated to digging up the most obscene and pornographic sites in the world. And it's in our possession. But it didn't come easy... I'd just spent the better part of a muggy Washington night knocking back boilermakers in an all-night Georgetown bistro waiting for a couple of NSA spooks that never showed. I tried to stumble to the door and an arm reached out and gently shoved me back to my table. At the end of that arm was a leggy redhead; she had a fast figure and even faster smile. There was a wildness about her eyes and I knew it was the crank. But something else wasn't quite right. As I fought with my booze-addled brain, struggling to focus my eyes, I noticed her adam's apple. "Who needs this distraction," I thought, again wondering what kind of comic hellhole I fell into that put me in the middle of yet another bizarre adventure. "I have something for you," she/he deadpanned. Red had the voice of a baritone and a body you could break bricks on. No introductions, no chit-chat. This was strictly business and for a moment I thought I was being set up by the missing spooks. The hair on the back of my neck stood on end. Out from Red's purse came a CD-ROM. She/he shoved the jewel box across the table. It was labeled: "The keys to the kingdom." What the fuck was this? I must be on Candid Camera. Red anticipated my question: "I can't say; I won't say. Just take it, use it. That's all I'm supposed to say." And she/he got up, stretched those mile-high legs, and loped into the night. The next morning I slipped the disc in my Mac and the secret innards of the net-blocking programs flowed across my screen. CyberPatrol, SurfWatch, NetNanny, CyberSitter. Their encrypted files -- thousands and thousands of web pages and newsgroups with the best porn on the Net. Not surprising, really -- the net-blocking software companies collect smut-reports from customers and pay college kids to grope around the Net for porn. This shit was good. Even half-awake with a major league hangover, I could tell the smut-censoring software folks would go ballistic over Red's delivery. To Junior, these lists would be a one-stop-porn-shop. Susan Getgood from CyberPatrol emphasized this to Dispatch. She said: "The printout of the 'Cybernot' list never *ever* leaves this building. It's under lock and key... Once it left this building we'd see it posted on the Net tomorrow. It would be contributing to the problem it was designed to solve -- [it would be] the best source of indecent material anywhere." She's right. A recent version of CyberPatrol's so-called "Cybernot" list featured 4,800 web sites and 250 newsgroups. That's a lot of balloon-breasted babes. CyberPatrol is easily the largest and most extensive smut-blocker. It assigns each undesirable web site to at least one and often multiple categories that range from "violence/profanity" to "sexual acts," "drugs and drug culture," and "gross depictions." The last category, which includes pix of syphilis-infected monkeys and greyhounds tossed in a garbage dump, has some animal-rights groups in a tizzy. They told Dispatch that having portions of their sites labeled as "gross depictions" is defamatory -- and they intend to sue the bastards. "We're somewhat incensed," said Christina Springer, managing director of Envirolink, a Pittsburgh-based company that provides web space to environmental and animal-rights groups. "Pending whether [our attorney] thinks we have a case or not, we will actually pursue legal actions against CyberPatrol." Said Springer: "Animal rights is usually the first step that children take in being involved in the environment. Ignoring companies like Mary Kay that do these things to animals and allowing them to promote themselves like good corporate citizens is a 'gross depiction.'" CyberPatrol's Getgood responded: "We sent a note back to [the Envirolink director] and haven't heard back from him. Apparently he's happy with our decision. I still think the monkey with its eye gouged out is a gross depiction." Rick O'Donnell from the Progress and Freedom Foundation is amazed that Envirolink would threaten legal action. "It's new technology. It's trial-and-error... There will be glitches." "Filtering software firms have the right to choose whatever site they want to block since it's voluntary... Government-imposed [blocking] is censorship. Privately-chosen is editing, discernment, freedom of choice," he said. The Gay and Lesbian Alliance Against Defamation (GLAAD) is as unhappy as Envirolink. When Dispatch spoke with GLAAD's Alan Klein and rattled off a list of online gay and lesbian resources that the overeager blocking software censored, he was horrified. "We take this very seriously," said Klein. "Lesbian and gay users shouldn't be treated as second-class users on the Net. These companies need to understand that they can't discriminate against lesbian and gay users... We will take an active stance on this." CyberPatrol blocks a mirror of the Queer Resources Directory (QRD) at http://qrd.tcp.com/ and USENET newsgroups including clari.news.gays (home to AP and Reuters articles) alt.journalism.gay-press, and soc.support.youth.gay-lesbian-bi, Red's list revealed. CyberSitter also bans alt.politics.homosexual and the QRD at qrd.org. NetNanny blocks IRC chatrooms such as #gaysf and #ozgay, presumably discussions by San Francisco and Australian gays. GLAAD told Dispatch they were especially surprised that CyberPatrol blocked gay political and journalism groups since the anti-defamation organization has a representative on the "Cybernot" oversight committee, which meets every few weeks to set policies. However, Dispatch learned the oversight group never actually sees the previously top-secret "Cybernot" list. They don't know what's *really* banned. Why should alt.journalism.gay-press, for instance, be blocked? There's no excuse for it, said GLAAD's Klein. "A journalism newsgroup shouldn't be blocked. It's completely unacceptable... This is such an important resource for gay youth around the country. If it weren't for the Net, maybe thousands of gay teens around the country would not have come out and known there were resources for them." He's right. Even a single directory at the QRD, such as the Health/AIDS area, has vital information from the Centers for Disease Control and Prevention, the AIDS Book Review Journal, and AIDS Treatment News. In response to Dispatch's questions about these sites being blocked, CyberPatrol's Getgood said: "It doesn't block materials based on sexual preference. If a site would be blocked if there are two heterosexuals kissing, we'd block it if there are two homosexuals kissing." Fine, but we're not talking about gay porn here. What about some of the political groups? "We'll look into it," said Getgood. NetNanny is just as bad, argues GLAAD's Loren Javier, who called the software's logging features "dangerous." (The program lets parents review what their kids have been doing online.) "If you have someone who has homophobic parents, it gives them a way of keeping tabs on their kid and possibly making it worse for their children," said Javier. Worse yet, CyberPatrol doesn't store the complete URL for blocking -- it abbreviates the last three characters. So when it blocks the "CyberOS" gay video site by banning http://www.webcom.com/~cyb, children are barred from attending the first "Cyber High School" at ~cyberhi, along with 16 other accounts that start with "cyb." In attacking Shawn Knight's occult resources at http://loiosh.andrew.cmu.edu/~sha, the program cuts off 23 "sha" accounts at Carnegie Mellon University, including Derrick "Shadow" Brashear's web page on Pittsburgh radio stations. The geeks at CMU's School of Computer Science had fun with this. In March they cobbled together a "Banned by CyberPatrol" logo that they merrily added to their blocked homepages: http://nut.compose.cs.cmu.edu/images/ban3.gif NetNanny also has a fetish for computer scientists. For instance, it blocks all mailing lists run out of cs.colorado.edu -- including such salacious ones as parallel-compilers, systems+software, and computer-architecture. Guess those computer geeks talk blue when they're not pumping out C code. Dispatch asked Getgood why CyberPatrol blocks access to other seemingly unobjectionable web sites including the University of Newcastle's computer science department, the Electronic Frontier Foundation's censorship archive, and the League for Programming Freedom at MIT, a group that opposes software patents. Getgood replied via email: "I'll forward this message to our Internet Research Supervisor and have her look into the specific sites you mention..." She said there is a "fair process" for appeals of unwarranted blocking. But CyberPatrol doesn't stop at EFF and MIT. It also goes after gun and Second Amendment pages including http://www.shooters.com/, http://www.taurususa.com/, http://206.31.73.39/, and http://www-199.webnexus.com/nra-sv/, according to a recent "Cybernot" list. The last site is run by the National Rifle Association (NRA) Members' Council of Silicon Valley, and bills itself as "the NRA's grass roots political action and education group for the San Jose, Santa Clara, Milpitas, and surrounding areas." Peter Nesbitt, an air-traffic controller who volunteers as part of the Silicon Valley NRA group, says "it's terrible" that CyberPatrol blocks gun-rights web sites. "The people who are engaging in censoring gun rights or gun advocates groups are the opposition who want to censor us to further their anti-gun agenda." An unlikely bedfellow, the National Organization of Women (NOW) ain't too pleased neither. Of course, they're unlikely to feel any other way -- CyberSitter blocks their web site at www.now.org. Not to be outdone, NetNanny blocks feminist newsgroups while CyberSitter slams anything dealing with "bisexual" or "lesbian" themes." CyberPatrol beats 'em all by going after alt.feminism, alt.feminism.individualism, soc.feminism, clari.news.women, soc.support.pregnancy.loss, alt.homosexual.lesbian, and soc.support.fat-acceptance. Dispatch reached Kim Gandy, NOW's executive vice president, at home as she was preparing dinner for her 3-year old daughter. Gandy charged the companies with "suppressing information" about feminism. She said: "As a mother myself, I'd like to limit my kids from looking at pornography but I wouldn't want my teenage daughter [prevented] from reading and participating in online discussions of important current issues relating to womens rights." An indignant NOW? Let 'em rant, says CyberSitter's Brian Milburn. "If NOW doesn't like it, tough... We have not and will not bow to any pressure from any organization that disagrees with our philosophy." Unlike the others, CyberSitter doesn't hide the fact that they're trying to enforce a moral code. "We don't simply block pornography. That's not the intention of the product," said Milburn. "The majority of our customers are strong family-oriented people with traditional family values. Our product is sold by Focus on the Family because we allow the parents to select fairly strict guidelines." (Focus on the Family, of course, is a conservative group that strongly supports the CDA.) Dispatch particularly enjoyed CyberSitter's database, which reads like a fucking how-to of conversations the programmers thought distasteful: [up][the,his,her,your,my][ass,cunt,twat][,hole] [wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...] [,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus] [,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...] [gay,queer,bisexual][male,men,boy,group,rights,community,activities...] [gay,queer,homosexual,lesbian,bisexual][society,culture] [you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy] CyberSitter's Milburn added: "I wouldn't even care to debate the issues if gay and lesbian issues are suitable for teenagers. If they [parents] want it they can buy SurfWatch... We filter anything that has to do with sex. Sexual orientation [is about sex] by virtue of the fact that it has sex in the name." That's the rub. It's a bait and switch maneuver. The smut-censors say they're going after porn, but they quietly restrict political speech. All this proves is that anyone setting themselves up as a kind of digital moral compass quickly finds themselves plunged into a kind of virtual Bermuda Triangle, where vertigo reigns and you hope to hell you pop out the other side still on course. Technology is never a substitute for conscience. And for anyone thinking of making an offer for the disc, forget it. Like a scene out of Mission Impossible, we came back from a late-night binge to find the CD-ROM melted and the drive smoldering. Thank God there's a backup somewhere. Red, get in touch. Meeks and McCullagh out... ------------- While Brock N. Meeks (brock at well.com) did the heaving drinking for this article, Declan B. McCullagh (declan at well.com) did the heavy reporting. From snow at smoke.suba.com Wed Jul 3 01:52:28 1996 From: snow at smoke.suba.com (snow) Date: Wed, 3 Jul 1996 16:52:28 +0800 Subject: But what about the poor? In-Reply-To: <199607030031.RAA12438@mail.pacifier.com> Message-ID: On Tue, 2 Jul 1996, jim bell wrote: > stated policy of the escrow agent is that the key owner MUST be informed, > what are the cops gonna do about it? > > Further, how are the cops going to evidence the existence of a valid > warrant? (As opposed to a forgery?) The judge that issues it will digitally sign it. You can check the signature block. Petro, Christopher C. petro at suba.com snow at crash.suba.com From llurch at networking.stanford.edu Wed Jul 3 02:01:42 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 17:01:42 +0800 Subject: Info on alleged new German digital wiretapping law? In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Ulf Moeller wrote: > Rich Graves writes: > > > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027 > > > >and in alt.fan.ernst-zundel. What's up? > > The report is correct. > > The mainstream press has completely ingnored the wiretap legislation, > probably because it is part of the long-awaited new telecommunications > law to end the Telekom monopoly. We 'merkins were probably just a little more aware. So what's the prospect for implementation? The claim is that law enforcement is supposed to have a back door to every computer system. Are we talking about escrow of root passwords, or what? That's the bit I found loony, given what I've heard (from you and others) about the generally semi-clueful technology and telecoms ministries. Is it THAT bad? -rich From stend at grendel.austin.texas.net Wed Jul 3 02:07:05 1996 From: stend at grendel.austin.texas.net (Firebeard) Date: Wed, 3 Jul 1996 17:07:05 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607022343.TAA21050@darius.cris.com> Message-ID: <199607030559.AAA17707@grendel.austin.texas.net> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Mark M writes: MM> On Tue, 2 Jul 1996, David F. Ogren wrote: DO> In fact, a surprisingly small percentage of messages on the C-punk DO> list are signed. This despite the fact that the average DO> subscriber is at least literate in PGP. DO> DO> Does anybody have any speculation on why this is? DO> DO> Is it because people consider mundane mail unimportant enough to DO> sign? MM> This is one reason. I think that there are several other reasons: >> Is it because most mail programs are not PGP aware? MM> I don't know of any mail programs that can use PGP (I know there MM> are various interfaces, sendmail wrappers, and other hacks, but I MM> have yet to see a mailer with an "Encrypt" or "Sign" option. Well, I'd say that the emacs/Gnus/mailcrypt combo is PGP aware - - properly installed, emacs has encrypt, sign, and remail menu items. I don't use it routinely mainly because I haven't set things up to propogate my key, so signing articles would be kind of useless. - -- #include /* Sten Drescher */ Unsolicited solicitations will be proofread for a US$100/page fee. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQEVAwUBMdoLmC+2V9GxYWz1AQEwMwf+MKji8AGIfhmLCkANxjzvqc209yLlGEAz J1LIXuN4+2M7fVPPKmsg6jiUT0k4G0IpXJMF7bbolDYd1PjEAlJiRhlCa7D8GJbz w21cE2IN8qvJZfzZrncfsOlElOzQXBbi2DpyF1xPzxRvOodwGBT80iVOQR6K0jZO wficMfAUmItp7y5+W+L+y2rsAaQ+gkhuLAyKwe7C4n7eYW+2Pqh7CvJT/Ob7nlTD OgrR8i9m6cl6G5JsJAcb/FYcRzyr8+k8BzvryWqiALS0QGwv8lzbbP0HS9171Fu7 vAXcilhV4WNgG7WVBcElIYlgGW5yiaUxq64O91QVQPfrR283c3APTg== =rVPk -----END PGP SIGNATURE----- From llurch at networking.stanford.edu Wed Jul 3 02:08:01 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 17:08:01 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607030142.VAA29584@toxicwaste.media.mit.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 2 Jul 1996, Derek Atkins wrote: > Actually, I don't PGP sign my messages because 95% of the time my > connection to my mail host (the machine on which I read and respond to > mail) is insecure. Composing the message, bringing the message to my "Me too," though I recently created a 512-bit key just for the purpose of such insecure signing. As long as people understand that that key simply means "this is either me, or someone who has gone to the trouble of cracking root here, or someone who spent a couple weeks brute-forcing this key," it's useful to prevent casual attacks. Several others are doing the same thing... I know all the NoCeM posters and most of the newsgroup moderators using PGPMoose have created suuch secondary keys. - -rich finger or send mail with subject line "send pgp key" if you want 'em -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMdoJ+JNcNyVVy0jxAQH7fwIAvK/GWCSXtoDyZWIC+rffKjv/VNbQL/J8 nvabWe7DC6NMp6iGmmZCaIkuvD+TON6rEpu3xatyim0R8ILQoSPyfg== =/wh3 -----END PGP SIGNATURE----- From llurch at networking.stanford.edu Wed Jul 3 02:11:02 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Wed, 3 Jul 1996 17:11:02 +0800 Subject: LE Risks with No Crypto In-Reply-To: <2.2.32.19960703002028.00ba3b24@panix.com> Message-ID: On Tue, 2 Jul 1996, Duncan Frissell wrote: > Too bad AT&T doesn't use an encrypted open books system to store is records > so that "bad guys" can't abuse those records and put our heroic law > enforcement personnel at risk. I keep hearing suggestions like this, but I don't think they'd work. If you needed a digital key to grok phone records, then that digital key would be passed around just as casually as the current passwords. Any organization that large, where 99% of the information is banal and uninteresting 99% of the time, cannot keep secrets. It's unreasonable to expect them to. It doesn't make business sense to promise security, because when they fail to deliver, as they can't, they'll get their ass sued. I recently had a practical joker call up all the magazines to which I was subscribed and change my address to that of the local hospital, where these practical jokers were suggesting they'd like to send me. There is no security against this kind of attack, because it's just not in most people's threat profile. This kind of thing is annoying, but it can't be helped. Adding a reasonable level of security to such an insignificant system would increase the cost of that system by several orders of magnitde. It's just not worth it. In the unicorn of Color's relative absence, it falls on me to stress that you can't trust organizations to protect your privacy. If you need to participate in an insecure system, and everybody does, use cash, and use psedonyms. > This is a perfect illustration of the fact that technology puts the > government most at risk because it will always be the juiciest target. > "Worth the powder to blow it up with." This is true. -rich From jimbell at pacifier.com Wed Jul 3 02:14:21 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 3 Jul 1996 17:14:21 +0800 Subject: SAFE Forum--some comments Message-ID: <199607030603.XAA01097@mail.pacifier.com> At 08:44 PM 7/2/96 -0700, Martin Minow wrote: >It's not quite that bad. Here are a few (more or less strong) crypto >products you might not know you have: > >1. Every Macintosh made since at least 1988 has a secure authentication > client module in the AppleShare Chooser dialog. When you use it to > connect to a remote server, it notes that the user information > is "two-way scrambled." (The server sends a random number challenge > that the client uses to encrypt the username and password. The > encrypted information is sent to the server.) All Macintosh systems > running System 7 or later have the corresponding server software. > What is interesting about this is that the encryption is completely > invisible to the user. How did this affect the Macintosh's exportability? >Note that the VCR companies have solved the vcr problem by receiving >a timecode from a local television station -- making the problem >invisible to the end user. We should be able to do the same with >strong crypto. I haven't bought a new VCR in a few years. Is this real? What prevented them from doing this 10 years ago? Jim Bell jimbell at pacifier.com From vznuri at netcom.com Wed Jul 3 03:14:54 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 3 Jul 1996 18:14:54 +0800 Subject: The Net and Terrorism In-Reply-To: <2.2.32.19960703005232.009d18e4@labg30> Message-ID: <199607030700.AAA12965@netcom3.netcom.com> >Do you still not accept that we have a world that contains people who exist >in conditions that foster and breed terrorists? of course. but what TCM's writing often seems to hide is a cynicism about these conditions. "there's nothing we can do about it. buy a bulletproof jacket and avoid crowed downtown areas". I'm saying this cynicism and isolationism tends to make the problem worse, not better. you clearly agree that we must find the reasons that terrorists are being bred, and work to eliminate those conditions. TCM apparently would feel that such a thing is a waste of time. another thing that annoys me about the TCM slant or "spin" is the pervasive connotation in his writing that terrorism is going to get far worse in the future. if so, I would say that is because world conditions that breed terrorists are getting far worse. he seems to convey the idea that the world is a nonsensical place where things, like increases in terrorism, occur for no particular reason. keep in mind that Ruby Ridge and Waco happened only a few years ago. that's a nanosecond in cosmic time, yet the terrorist repercussions are being felt immediately. I would say its very visceral evidene that terrorists are responding to events and are not just madmen out for the fun of killing people. there's a bit of that of course.. >So, do you not accept that we have the environment right here that can breed >violence and discontent? it's a fatalistic way of putting it. yes I agree that such an environment exists. no, I don't believe there is nothing that can be done about it. no, I don't believe that everything that can be done about it has been done about it. far from the case. my point in the essay. >So your point here is one of *agreement* that human nature will produce >psychological profiles of people who commit acts of terror. no, I specifically reject that insanity and violence are "normal" aspects of human behavior. merely because they have been around for centuries does not prove they are normal, only how warped the world has become such that abnormality is considered normal. >Violence is here. It's been present since recorded history. We've gotten >pretty good at it, actually. I think the record speaks pretty clearly that >violence continues to be a part of human behavior, despite any efforts made >to stop it. what your argument amounts to is essentially "well gosh, if there was a way to get rid of violence we would have discovered it by now". not if you are cynical, pessimistic, closeminded, and believe that violence is simply a part of life. >As I said above, we can reduce some of the breeding grounds, but we can not >eradicate them all. And if one were to conduct a study correlating racist >attitudes with education with numbers of acts of terror, we might find a >direct correlation. no, but I believe you can eradicate virtually all the most extreme "swamplike breeding grounds" that lead to the most insane terrorism such as OKC. would OKC have happened if neither ruby ridge or Waco happened? a compelling case can be made... >The U.S. has a level of tolerance for diversity that I only recently came to >appreciate. I agree. but it's not optimal. it's fantastic compared to the rest of the world, though, I agree. good anecdote. >I am more than willing to agree with you that elimination of hatred and >prejudice will go farther than any law enforcement measures to reduce >terrorist acts. However, my point, and I believe this is Tim's point, too, >is that it will *never* eliminate these acts, and that there must be other >ways of dealing with the problems that occur. disagree. terrorism on the scale of OKC is largely unprecedented in American history. I believe you are conflating degrees of violence. and behind your and Tim's argument is that "there is a point at which it is a waste of time to try to put any more work into eradicating terrorism, because it is inevitable". >Look at the Irish Question: they want independance from a government they >deem undesirable. Look at the arabian terrorist bombings of Americans in >Saudi Arabia, Lebanon, etc.: they want to drive the U.S. Army out. the point is that there is no physical strategic value from bombing symbols. I was making the point that terrorism is extremely symbolic at the root. I'm not saying either warfare or terrorism is better than the other. they're both very evil. but it seems to me that people like TCM who equate terrorist activities with what governments do are doing a grave disservice to civilization. you can find isolated examples where governments behave like terrorist organizations, but their primary purpose is to avoid such situations. >You may think that you hold every answer to terrorism in your hand, that >hugs and kisses before bedtime will make the evil monsters under the bed go >away. bzzzzzzt. what I am pointing out is that what Tim is essentially saying, as you seem to be, that trying to combat terrorism is a waste of time because it is a fact of life, is erroneous in my view. it is a common libertarian argument that goes, "criminality is everywhere, so why try to stop it?" a rather juvenile ideology. may you live in your reality and see what it is like. hint: the current one we are living in is not one in which the government does not try to fight terrorism. The point of Tim's essay was that, yes, the net can be used by the >evil monsters, and yes, the evil monsters are here, and no, the evil >monsters are not going away any time soon. Why did you feel it necessary to >try to slam his fairly well-researched and quite obvious conclusion? because, from my past experience, it seems Timmy's wildest fantasies are always contained in the paragraphs in which he says, "now, I'm not advocating this or anything...." From eagle at armory.com Wed Jul 3 05:02:51 1996 From: eagle at armory.com (Jeff Davis) Date: Wed, 3 Jul 1996 20:02:51 +0800 Subject: SAFE Forum--some comments In-Reply-To: Message-ID: <9607030224.aa08663@deepthought.armory.com> Tim sez... > And here I'll comment on Ken Bass's excellent comments (there were many > excellent points). Bass is a D.C.-area lawyer with the prestigious Venable > law firm (the venerable Venable firm?), and a former Reagan Administration > official. > > He pointed out that the driving force for crypto policy is probably the > _law enforcement_ camp, not the _intelligence agency_ camp. And that the > NSA is regretting the ITAR stuff, as it has sparked an "arms race" to > develop stronger crypto. Bass noted that people now equate permission to > export with weakness, and that had the U.S. not restricted exports, users > probably would've been "fat, dumb, and happy" to keep using breakable > crypto. Bass is fun to drink with too. His web site is under attack and he needs a hacker if anyone is interested in doing any pro bono community service work. Bruce's comments on the robustness of foreign, (i.e. unescrowed) encryption were very enlightening as well. It was good to see all the old CDT hands, and the munchies Gilmore bought went quickly at the Godwin table. Mike makes a substantial argument that the Supreme Court will not overturn ACLU et. al. v. Reno, but I wouldn't pretend to speak for him. And Cindy Cohn is the point man in the Super Bowl long range recon team, Bernstein v. DoS. Defending Bernstein on First Amendment grounds and having judge Patel rule that for the purposes of the case, source code is speech, is a big deal. The First Amendment survives the Electronic Revolution with ACLU v. Reno. The Super Bowl is ITAR. It's nice to have some momentum going in to the Super Bowl. With robust, uncompromised cryptography, we can reclaim the 4th Amendment ourselves. I have a feeling that the congressional support is reaching critical mass. Oh yeah, knowing me as you do Tim, it probably doesn't surprise you that the entire global positioning system is going to roll over at midnight 23 August 1999, and claim it's my 25th birthday, 6 January 1980... As Barlow says, "You know its gonna get stranger, so let's get on with the show!" -- According to John Perry Barlow: *What is EFF?* "Jeff Davis is a truly gifted trouble-maker." *email * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** US Out Of Cyberspace!!! Join EFF Today! *email * From anthony at direct.it Wed Jul 3 06:00:44 1996 From: anthony at direct.it (Anthony Daniel) Date: Wed, 3 Jul 1996 21:00:44 +0800 Subject: hard drive encryption Message-ID: <2.2.32.19960703100758.0069f568@betty.direct.it> Hi You could try using SECURE Desk-Top. It can encrypt your hard drive using a symmetrical key. The algorithms are DES and IDEA (128 bits). It's fast and you could choose exactly what part of the drive to encrypt, whether just some files or the entire drive. You can download the software from this url: http://www.systems.it/secure All the best Anthony > >What is the best utility freely available for encrypting an entire drive >that won't be used for a length of time? ie: I'm going away for a period >of time and wish to encrypt the drive while I'm gone, but have no interest >in actually using it while it's encrypted. I also have no real preference >in what algorithm is used, as long as it's relatively secure. Speed is >also not a big consideration, as it will be used once when I leave to encrypt, >and once when i return to decrypt. >Thanks in advance for the help... >//cerridwyn// > >btw, the OS is Win95 if that matters... > From eagle at armory.com Wed Jul 3 07:17:11 1996 From: eagle at armory.com (Jeff Davis) Date: Wed, 3 Jul 1996 22:17:11 +0800 Subject: SAFE Forum--some comments In-Reply-To: <199607022014.NAA10761@netcom14.netcom.com> Message-ID: <9607030239.aa09019@deepthought.armory.com> Vladimir rebuts May quoting Bass... > >He pointed out that the driving force for crypto policy is probably the > >_law enforcement_ camp, not the _intelligence agency_ camp. And that the > >NSA is regretting the ITAR stuff, as it has sparked an "arms race" to > >develop stronger crypto. > > doesn't make sense to me at all. who was behind clipper? the NSA, not > the FBI. the FBI is behind digital telephony, which involved > *wiretapping*, not key escrow. That's because you don't understand American Football. The NSA is Jerry Kramer for the FBI's Frank Gifford on a double whammy end around of any substantial public hearings on the subject running a play Lombardi designed in the height of the Cold War. The only problem is Lombardi died of cancer, and the Clinton Administration has been duped into winning one for the Gipper- except the Gip has altzheimers and Nancy has to wipe his chin, so its bed time for Bonzo, ITAR and EES! Party on C'punks! Internet is the revenge of the nerds on Acid. (Don't post when you're peaking...don't post when you're peaking...) -- According to John Perry Barlow: *What is EFF?* "Jeff Davis is a truly gifted trouble-maker." *email * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** US Out Of Cyberspace!!! Join EFF Today! *email * From ses at tipper.oit.unc.edu Wed Jul 3 07:25:52 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 3 Jul 1996 22:25:52 +0800 Subject: PGP secret keys In-Reply-To: <199607022040.QAA09851@unix.asb.com> Message-ID: On Tue, 2 Jul 1996, Deranged Mutant wrote: > On 2 Jul 96 at 6:39, anonymous-remailer at shell.port wrote: > > > Could someone post a pointer to a FAQ that tells what to do if you loose > > your secret key file? How can you regenerate your private key so that the > You can't do anything. Yer screwed. Unless you buy an 'O' and you're escrowed :-) --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From daw at cs.berkeley.edu Wed Jul 3 07:52:40 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Wed, 3 Jul 1996 22:52:40 +0800 Subject: Message pools _are_ in use today! In-Reply-To: Message-ID: <4rdm7p$2lm@joseph.cs.berkeley.edu> In article , Timothy C. May wrote: > I must be missing something....: Nope! That would be..er..my fault. :-) > I'm not following your "upload an article to the NNTP server." Don't most > people use mail-to-News gateways to post anonymously? (If not, they should, > of course.) > > This way, the posting of an article has the anonymity provided by the chain > of remailers used to reach the terminal site, the mail-to-News gateway. You are quite right. I was mixing my criticisms. My mistake. A message pool provides only recipient anonymity, of course. For sender anonymity (e.g. posting to a message pool), chaining is the right way to go. > The posting is anonymous (within the usual limits we discuss here), and the > reading is "pretty hard" to focus on, for several reasons: > > 1. Hard to gain access to local ISP without sending alerts out (it would be > for my ISP, at least). This is admittedly not cryptographically > interesting, but is a very real practical difficulty. > > 2. Many who browse alt.anonymous.messages probably "glance" at many of the > oddly-named message pool messages. I know I do. Again, makes it a "needle > in a haystack" to know which of several hundred folks who glanced at > "ToBear" or "TheRealMessage"--assuming the NSA could ever identify these > hundreds--is the real intended target. > > 3. And I recall that many have newsreaders which download _all_ messages in > a newsgroup automatically. Again, this makes the pool of potential readers > quite large and meaningless to try to track. > > The use of public posting areas for message pools (what I called "Democracy > Walls" several years back) seems to me have several compelling advantages > over "reply-block" approaches. Good points, all of them. I agree that public message pools seem to give far better security than reply-block approaches. (Although the two can be combined: set up a nym reply-block which just redirects traffic to alt.anonymous.messages; then the reply-block is not security-critical, but does allow folks to contact you by a simple email address.) Jim Bell brought up the really nifty point that someday soon we may be able to receive these message pools by satellite dish-- hurray for true broadcasting! That would provide most excellent security (unless `they' started requiring licenses, waiting periods, ... to own a dish-- unlikely). I can't wait. Another suggestion was to read alt.anonymous.messages by pointing the anonymizer at it. This doesn't stand up to my threat model at all. The anonymizer only provides you anonymity against a malicious server who is trying to collect marketing information-- it doesn't protect you against SIGINT folks eavesdropping on network links, performing traffic analysis, etc. to trace back your access. Now if we had pipe-net deployed :-), the idea might work... From asgaard at sos.sll.se Wed Jul 3 08:43:24 1996 From: asgaard at sos.sll.se (Asgaard) Date: Wed, 3 Jul 1996 23:43:24 +0800 Subject: Info on alleged new German digital wiretapping law? In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Ulf Moeller wrote: > > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027 > > > >and in alt.fan.ernst-zundel. What's up? > > The report is correct. > > The mainstream press has completely ingnored the wiretap legislation, > probably because it is part of the long-awaited new telecommunications > law to end the Telekom monopoly. As has the media in Sweden completely ignored that we have our own 'Digital Telephony Act' as of July 1. I haven't been able to find it on the net yet. From second hand sources it seems more or less identical to the US one, although the financial burdens for reprogramming and hardware adjustsments are put solely on the telco's (Sweden has no monopoly since a decade). The telco's have a respite until 7.1.97 to fulfill the requirements. Asgaard From m5 at vail.tivoli.com Wed Jul 3 09:32:49 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 4 Jul 1996 00:32:49 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: Message-ID: <31DA7000.6239@vail.tivoli.com> Declan McCullagh/Brock Meeks wrote (and quite well, I might add): > ... > Install the programs and Junior can't access porn. No fuss, no muss, no > bother. "Parental empowerment" is the buzzword. Indeed, it was these > programs that helped sway the three-judge panel in Philly to knock down > the Communications Decency Act as unconstitutional. Scenario: Mr. & Mrs. Joseph and Mary Christian buy SmutNoMore for their home computer, to protect their children Mathew, Mark, Luke, John, and Zebediah. All are happy and content. One day, Mathew and Mark go to a the home of a school chum, Bart Simpson, whose parents are products of the liberal 60's. Bart has a computer too, along with an ISDN link through a local ISP to the Internet. But --- horrors --- Bart's computer is not equipped with SmutNoMore, or any other filtering software. Bart's parents do not believe it to be fair to filter their children's access to information. During that afternoon of Internet fun, Mark clicks the mouse and follows a hyperlink link to a web site filled with nasty objectionable anti-family morally corrosive filth. Mark and Mathew run home in tears to their parents and tell all about the nightmare they've experienced. I wonder whether the Christians would be able to successfully sue the Simpsons on some sort of "corruption of a minor" deal? Indeed, couldn't it even be possible that some local prosecutor might find the Simpsons criminally involved? ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * pain is inevitable m5 at tivoli.com * m101 at io.com * * suffering is optional From WlkngOwl at unix.asb.com Wed Jul 3 10:13:53 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 4 Jul 1996 01:13:53 +0800 Subject: NOISE.SYS v0.6.3 is released. Message-ID: <199607031410.KAA15519@unix.asb.com> NOISE.SYS Version 0.6.3-Beta is now released. Check ftp.funet.fi in directory /pub/crypt/random. NOISE.SYS is a /dev/random-like driver for DOS systems, similar to the Linux implementation. It collects timings from keystrokes, disk access, mouse movement, and other system events as sources of randomness. Changes include: Ability to add samples by writing to RANDOM$ or URANDOM$ devices Fixes bug when reading RANDOM$ device in ASCII mode under MSDOS7 (Yes, it was a minor bug) If you have any questions, comments, or problems, drop me a line. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From froomkin at law.miami.edu Wed Jul 3 10:28:14 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Thu, 4 Jul 1996 01:28:14 +0800 Subject: Ken Bass: Wire tap only useful for conviction (Was: SAFE Forum--some comments) In-Reply-To: <199607030102.SAA05930@server1.chromatic.com> Message-ID: On Tue, 2 Jul 1996, Ernest Hua wrote: > > > And here I'll comment on Ken Bass's excellent comments (there were many > > excellent points). > > > > He pointed out that the driving force for crypto policy is probably the > > _law enforcement_ camp, not the _intelligence agency_ camp. > > Ken pointed out that law enforcement had to have gotten enough > evidence prior to a wire tap request to show probable cause. > If this is the case, then the only usefulness of wire taps is > to improve the likelihood of conviction and not the detection > of potential terrorist (or child molestation or your favorite > bad guy) plots. I thought Ken Bass was wrong on this point (I agreed with everything else he said): wiretaps help LEOs identify co-conspirators. They are not without intelligence value. [This message may have been dictated with Dragon Dictate 2.01. Please be alert for unintentional word substitutions.] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From jimbell at pacifier.com Wed Jul 3 10:53:25 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 4 Jul 1996 01:53:25 +0800 Subject: The Net and Terrorism Message-ID: <199607031403.HAA16134@mail.pacifier.com> At 12:00 AM 7/3/96 -0700, Vladimir Z. Nuri wrote: > >keep in mind that Ruby Ridge and Waco happened only a few years >ago. that's a nanosecond in cosmic time, yet the terrorist >repercussions are being felt immediately. I would say its very >visceral evidene that terrorists are responding to events and >are not just madmen out for the fun of killing people. there's >a bit of that of course.. If you listen to the Feds discussing this most recent militia story, when they're asked what was the militia's motivation, they don't want to talk about it, and won't even speculate on more than the most unspecific, vacuous terms. Jim Bell jimbell at pacifier.com From bshantz at nwlink.com Wed Jul 3 11:02:07 1996 From: bshantz at nwlink.com (Brad Shantz) Date: Thu, 4 Jul 1996 02:02:07 +0800 Subject: Lack of PGP signatures Message-ID: <199607031436.HAA27482@montana.nwlink.com> Mark M. Wrote: > > Is it because most mail programs are not PGP aware? > > I don't know of any mail programs that can use PGP (I know there are various > interfaces, sendmail wrappers, and other hacks, but I have yet to see a mailer > with an "Encrypt" or "Sign" option. Once upon a time last year or the year before, Tim May posted why he doesn't use PGP very often. And I have always stood by that same sentiment. Yes, it is a good encryption product, but it is not integrated seamlessly into other applications. Tim, feel free to whack me if you think I'm speaking for you. If, as cypherpunks, we want to spread the use of strong crypto, we need to have a better interface than what currently exists on PGP 2.6.2. I'm sure Derek and the other guys on PGPlib will make it easier to integrate into applications. Am I just blowing smoke, Mr. Atkins? PGP is a pain for encrypting or signing e-mail when you have to save your message out to a temp file, encrypt it, and load it back in to your mail package. Sure, there are things like Private Idaho, which I use on occasion. But, it is still a seperate application that just doesn't fit seamlessly into most applications. In my free time, I have been playing around with add ons for Microsoft Exchange. I've got an OLE 2.0 encryption object that embeds nicely into an Exchange message. I haven't tied it in to PGP yet, because I have been waiting for the release of PGPlib. However, that will allow at least some seamless integration. Brad Shantz TRIsource Windows Development Services From minow at apple.com Wed Jul 3 12:39:43 1996 From: minow at apple.com (Martin Minow) Date: Thu, 4 Jul 1996 03:39:43 +0800 Subject: SAFE Forum--some comments Message-ID: Jim Bell asks about Macintosh exportability. There appears to be no problem using a non-tappable authentication in the AppleShare client (but this does not mean that the actual data is secure). The PowerTalk module (available with System 7.5 and later, but to be replaced in the future for reasons not having to do with crypto) supports additional crypto-related functions, including MD5, RSA digital signatures and 40-bit encrypted (and, hence, exportable) data streams. Apple did negotiate with the export control people in order to fashion a technology that could be exported. There are also country-specific kits in order to meet import requirements. The actual strong encryption capabilities are not accessable to developers or end users. MD5 and RSA signing API's are published and, as part of my work at Apple, I wrote and distributed sample code that shows how to use them to sign and verify arbitrary data areas. At the poorly-attended June physical c-punks meeting in Palo Alto, I gave a very brief overview of Apple's "crypto-related" capabilities and could repeat it at a future meeting. > >I haven't bought a new VCR in a few years. Is this real? What prevented >them from doing this 10 years ago? > This is fairly recent. It requires a cooperating (generally, PBS) station that broadcasts the timecode in one of the retrace lines. Martin. minow at apple.com From warlord at MIT.EDU Wed Jul 3 12:44:48 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 4 Jul 1996 03:44:48 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607031436.HAA27482@montana.nwlink.com> Message-ID: <199607031509.LAA09556@toxicwaste.media.mit.edu> > I'm sure Derek and the other guys on PGPlib will make it easier to > integrate into applications. Am I just blowing smoke, Mr. Atkins? No, you are not blowing smoke. That is the hope of the PGPlib project; PGPlib will make it easy (almost trivial) to integrate PGP security into almost any application. > In my free time, I have been playing around with add ons for > Microsoft Exchange. I've got an OLE 2.0 encryption object that > embeds nicely into an Exchange message. I haven't tied it in to PGP > yet, because I have been waiting for the release of PGPlib. However, > that will allow at least some seamless integration. Neat. I don't know enough about OLE to comment, but can we discuss this offline? Is there an equivalent of OLE (AppleEvents, perhaps?) for the Mac? It would be really cool if we could come up with a plug-in standard that gets put into mailers such that we could later add a PGP drop-in that performs the encryption using those standard interfaces. -derek From bluebreeze at nym.jpunix.com Wed Jul 3 13:23:28 1996 From: bluebreeze at nym.jpunix.com (bluebreeze at nym.jpunix.com) Date: Thu, 4 Jul 1996 04:23:28 +0800 Subject: Sameer on C-SPAN Message-ID: <199607031555.KAA02107@alpha.jpunix.com> :bluebreeze at nym.jpunix.com (Blue Breeze) wrote: :> :> Not everything. No picture of Sameer!? That's what I'd like to see. : :There's one in the latest WebSmith magazine. Thanks Matt. Outta my way! (Thanks to Alan too.) From tcmay at got.net Wed Jul 3 14:00:50 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 4 Jul 1996 05:00:50 +0800 Subject: Message pools _are_ in use today! Message-ID: At 11:40 AM 7/3/96, David Wagner wrote: >Jim Bell brought up the really nifty point that someday soon we may be >able to receive these message pools by satellite dish-- hurray for true >broadcasting! That would provide most excellent security (unless `they' >started requiring licenses, waiting periods, ... to own a dish-- unlikely). >I can't wait. Yeah, and I should have mentioned the "PageSat" Usenet distribution model, too. (It was a really hot topic 3-4 years ago, but I've heard little of it in the past couple of years...the rise of the Web has made passive downloads of Usenet a lot less interesting.) Someone mentioned the Ku-band dishes that are used by PageSat (or whatever it is now called....). My DSS system, which is technically a Ku-band receiver, has a digital i/o connector of some sort on the back, and it is rumored that this will someday be available for PageSat-like uses. (I have a feeling this may be years off, for admin reasons if not technical reasons.) The point being that there are already _many_ ways to read NetNews almost untraceably. With more to come. (NetNews also used to be available on CD-ROM; the volume is now so high that this just isn't practical anymore. But it underscores the point that NetNews is so "distributed" that attempts to track who is reading "alt.anonymous.messages," and _particular_ messages in such a group, are nearly hopeless.) Finally, the threat model has two angles to consider: 1. The authorities want to know all those who have read a particular message--call it "ToAlice" to keep in the "Alice" and "Bob" framework. 2. The authorities already have identified a suspect, call him "Bob," and wish to know if he reading (and perhaps decrypting) messages to "Alice." As several of us have noted, #1 is tough--real tough. The authorities would have to contact 10,000 or more ISPs who have local newsfeeds and subpoena their logs of who read which newsgroups...assuming such logs are even kept (I don't know the granularity of such logs, whether any logs are kept of specific newsgroups and specific messages within newsgroups). The authorities would have to also check on the other distribution "vectors," including _subscriptions_ to NetNews newsgroups (where a newsgroup is _mailed_ to recipients...I heard this is an option for some). And PageSat, and so on. The second angle, #2, is formally equivalent to wiretapping a target. Once identified, and tapped, anything the target reads can presumably be read by the authorities. (Quibbles: I really mean a "black bag" type of surveillance, where the target's local machine has been compromised/tapped.) The bottom line is this: were I an FBI agent given the task of finding out who is reading a specific message or series of messages, e.g., the "ToAlice" encrypted messages posted in alt.anonymous.messages, I would tell my bosses it is economically impractical. --Tim May (P.S. I think this recent discussion of message pools, started by Hal and continued by this latest thread, is very important. Message pools have fewer of the kinds of "correlations" that can allow sender-recipient correlations to be made.) Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From nowhere at alpha.c2.org Wed Jul 3 14:04:38 1996 From: nowhere at alpha.c2.org (nowhere at alpha.c2.org) Date: Thu, 4 Jul 1996 05:04:38 +0800 Subject: Lack of PGP signatures Message-ID: <199607031631.JAA07820@infinity.c2.org> At 09:42 PM 7/2/96 EDT, Derek Atkins wrote: :Basically, I refuse to type my passphrase over the net, which signing :all my messages (this one included) would require. : :-derek Why, in heaven's name, would you have to "type your passphrase over the net" to encypher a message? From sandfort at crl.com Wed Jul 3 14:12:46 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 4 Jul 1996 05:12:46 +0800 Subject: Ken Bass: Wire tap only useful for conviction (Was: SAFE Forum--some comments) Message-ID: <2.2.32.19960703163757.00761c98@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 09:59 AM 7/3/96 -0400, Michael Froomkin wrote: >...wiretaps help LEOs identify co-conspirators. They are >not without intelligence value. True, but so do pen registers. It's usually easy enough to separate calls to Pizza Hut from calls to co-cospirators. There is no need to hear the content of a call to get a good idea who is involved in a conspiracy. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From drosoff at arc.unm.edu Wed Jul 3 14:25:28 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Thu, 4 Jul 1996 05:25:28 +0800 Subject: But what about the poor? Message-ID: <1.5.4.16.19960703170022.48475994@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 09.29 PM 7/2/96 -0800, jim bell wrote: >At 10:16 PM 7/2/96 -0500, snow wrote: >>On Tue, 2 Jul 1996, jim bell wrote: >>> stated policy of the escrow agent is that the key owner MUST be informed, >>> what are the cops gonna do about it? >>> >>> Further, how are the cops going to evidence the existence of a valid >>> warrant? (As opposed to a forgery?) >> >> The judge that issues it will digitally sign it. You can check the >>signature block. > > >However, what about an UNCOOPERATIVE escrow agent? (one who insists on >signed paper, or for that matter insists that the judge himself shows up.) >Or one, at least, who sites himself in Borneo, on the top of a 4000 foot >mountain, with a 386 laptop computer and a box of floppies, and who promises >2 hour services to anybody who shows up? No email, no fax, no phone, no >light, no motor car, not a single luxury....oooops....sorry about that...not >even radio. > >Moreover, if the escrow agent is out of the country, can any domestic laws >force him to divulge keys? And anyway, you could just be a kind of escrow agent that will hold the keys for the key owner, right? You don't have to say that you will provide them to the government, right? =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdqh6hguzHDTdpL5AQFD4gQAlm9cekEcnq26tQkwTljb+xDGc5wRQL6e D5gqXo2JpCQuLXfdYND5ROoV58T4UL43uXMfo8ziqq2mMNRY5SsNKaOWi+f4bw6c SEhMBeBIzLnd50rIzQvWfRzaVr1NBwKjlOGpmRD9H3lWsap/l2ttog4CdShWRWdv 4GMLwzh+PhE= =Y2+p -----END PGP SIGNATURE----- From frantz at netcom.com Wed Jul 3 14:32:30 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 4 Jul 1996 05:32:30 +0800 Subject: SAFE Forum--some comments Message-ID: <199607031659.JAA25899@netcom8.netcom.com> At 9:34 PM 7/2/96 -0800, jim bell wrote: >However, that AT+T fellow who revealed the phone records to the militia >group would also be an appropriate comparison to destroy the "key-escrow" >idea. I assume AT+T had procedures in place which were SUPPOSED TO prevent >this. Well, key-escrow agents "will" also have similar procedures. Why >should we assume they will be more reliable? We shouldn't. In fact, they will have a much higher economic value. I would expect them to be more vulnerable to insiders. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From rah at shipwright.com Wed Jul 3 14:36:18 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 4 Jul 1996 05:36:18 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607031436.HAA27482@montana.nwlink.com> Message-ID: At 11:09 AM -0400 7/3/96, Derek Atkins wrote: > Is there an equivalent of OLE (AppleEvents, perhaps?) > for the Mac? It would be really cool if we could come up with a > plug-in standard that gets put into mailers such that we could later > add a PGP drop-in that performs the encryption using those standard > interfaces. Damn betcha. It's called OpenDoc, and it's probably the most exciting thing to happen to the Mac since desktop publishing. See my web-page for a rant or two on the subject. Vinnie Moscaritolo (Famous ex-Marine and Samoan Attorney) started a list at mailto://majordomo at thumper.vmeng.com called mac-crypto (send "subscribe mac-crypto" in the body of the message), where we're talking about stuff like this, and other things. One of the projects we've been kicking around is a Macintosh Digital Commerce Conference ("Digital Commerce *is* Financial Cryptography", and all that...), and it looks like Vinnie's very close to getting a conference date set up. A while ago, the folks working on the Macintosh Cryptography Interface Project merged their list with mac-crypto, so things have been getting interesting, even if traffic is a little sparse these days. Getting a conference date firmed up should change that, we hope. So would a discussion of PGPlib in OpenDoc... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From tcmay at got.net Wed Jul 3 14:36:27 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 4 Jul 1996 05:36:27 +0800 Subject: Lack of PGP signatures Message-ID: At 7:38 AM 7/3/96, Brad Shantz wrote: >Once upon a time last year or the year before, Tim May posted why he >doesn't use PGP very often. And I have always stood by that same >sentiment. Yes, it is a good encryption product, but it is not >integrated seamlessly into other applications. Tim, feel free to >whack me if you think I'm speaking for you. If, as cypherpunks, we >want to spread the use of strong crypto, we need to have a better >interface than what currently exists on PGP 2.6.2. You are correct in your memory of what I said. My message is somewhere in the archives...but the archives are of course no longer very available. I'll make a few brief points: 1. PGP and other crypto tools are not well-integrated into Eudora, Microsoft Mail, cc:Mail (or whatever), Netscape mail, etc. Sure, various tools exist, but not out-of-the-box. (Proof that crypto confusion has been a successful strategy for U.S. authorities.) 2. For me, using PGP means using MacPGP. This means cutting-and-pasting and extra work. (Given that I often delete messages after only glancing at them for 5 seconds or less, any additional work is not welcome.) 3. Of course, I will only _decrypt_ messages sent to me personally, for obvious reasons. And given that I am very open about my political views and am neither a money launderer nor a conspirator, nor a Horsemen of any other flavor, most of the PGP-encrypted messages sent to me are banal and PGP use was unneeded. (After doing the mumbo jumbo to decrypt a message, I get crap like "Yo, Tim, just wanted to say that PGP is, like, really kewl. Send me some encrypted stuff.") And so on. I use PGP when I think it is necessary. As to using it _routinely_, at least signing routinely and checking signatures routinely, it can't be routine until it is routine. Why isn't mail in the major e-mail packages _automatically_ signed? Look to them for answers. Look to the NSA for more answers. Look to Dorothy Denning for an explanation of why obstacles need to be placed in the path of wider use of crypto. (Note to Mac users: before any of you wastes your time composing a message to me about a new package that makes links to MacPGP through AppleEvents, it turns out that one has to first install a tool that is only commercially available, for $$$. Again, obstacles have been placed in the path of easy and wide use of crypto.) Finally, a comment. I've never really bought the argument that we should all be using PGP in all of our messages to set some kind of example or to provide cover traffic. We don't have to set any kind of example, in my cosmology. And the "cover traffic" is amply provided by an exponential increase in Web traffic, alternate routes, new services, etc. I think crypto tools need to be made easier to use (without installing additional commercial tools which cost more than the mail package itself), but until then I will feel no guilt about not using PGP more than I do. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From drosoff at arc.unm.edu Wed Jul 3 14:36:48 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Thu, 4 Jul 1996 05:36:48 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 12.10 AM 7/3/96 -0500, Declan McCullagh wrote: >CyberWire Dispatch // Copyright (c) 1996 // >Install the programs and Junior can't access porn. No fuss, no muss, no >bother. "Parental empowerment" is the buzzword. Indeed, it was these >programs that helped sway the three-judge panel in Philly to knock down >the Communications Decency Act as unconstitutional. I've wondered .. could a creative child circumvent these filter programs using a URL-redirecter, like where you see something like http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/ or are they not URL-based? =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdqkPhguzHDTdpL5AQG77QP7B6oJR9SOeJYyTP9fnad+Yn/fA/ZObaf3 szA2m9Sytxslfd/Juu19KfTTTjncE7dHMBnq6PuyouKD5jwkTnncnXNe7R2Tgjp8 SdVpyUUdFz++lLdBQ1WYos+eCU2QaGqsYe5+79MkHhFOk1XOhAH8zX5hG9kwuO+q 8C9/wuf6ZyU= =NfcF -----END PGP SIGNATURE----- From drosoff at arc.unm.edu Wed Jul 3 14:37:03 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Thu, 4 Jul 1996 05:37:03 +0800 Subject: PGP secret keys [PUN] Message-ID: <1.5.4.16.19960703170031.48477926@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 07.23 AM 7/3/96 -0400, Simon Spero wrote: >On Tue, 2 Jul 1996, Deranged Mutant wrote: > >> On 2 Jul 96 at 6:39, anonymous-remailer at shell.port wrote: >> >> > Could someone post a pointer to a FAQ that tells what to do if you loose >> > your secret key file? How can you regenerate your private key so that the >> You can't do anything. Yer screwed. > >Unless you buy an 'O' and you're escrowed :-) AAAAAAGH! Death by pun! =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdqkpBguzHDTdpL5AQG4KAP9G0Ej5v4wIytlZYGywG2hfgHKGHqmqt58 lCd9cdEno1vD0OzYHx86wx7unxfIBZU93ueKsFLpou0XKnTxBuDc0qw/z4WORBUc WGANjF2+XyyR/RxrVKNIwl/mbdc59WmWP2Mg1Xzb19kULhvRXbMS7kQJYba+JmRF jXvXJC4V6b4= =lQxI -----END PGP SIGNATURE----- From tcmay at got.net Wed Jul 3 14:51:42 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 4 Jul 1996 05:51:42 +0800 Subject: The Net and Terrorism Message-ID: At 7:00 AM 7/3/96, Vladimir Z. Nuri wrote: >of course. but what TCM's writing often seems to hide is a cynicism >about these conditions. "there's nothing we can do about it. buy >a bulletproof jacket and avoid crowed downtown areas". I'm saying >this cynicism and isolationism tends to make the problem worse, >not better. you clearly agree that we must find the reasons that >terrorists are being bred, and work to eliminate those conditions. >TCM apparently would feel that such a thing is a waste of time. Well, I've written many dozens of articles on this issue (and many thousands of articles overall). My article made my points, so I won't rewrite it here. You are of course not required to agree. You are free to live in crowded cites--near "soft targets." You are welcome to lobby for world peace and for economic changes to lessen terrorism. (I think this is mostly hopeless. No matter how "nice" conditions get, for game-theoretic reasons there will be some groups seeking changes.) >another thing that annoys me about the TCM slant or "spin" is the >pervasive connotation in his writing that terrorism is going >to get far worse in the future. if so, I would say that is because >world conditions that breed terrorists are getting far worse. he >seems to convey the idea that the world is a nonsensical place >where things, like increases in terrorism, occur for no particular >reason. I've never made any claims, explicit or implicit, that such acts are "for no particular reason." Various groups--religious, political, corporate, etc.--see advantages and disadvantages in various course of action. (This sounds nebulous, but I am trying to avoid citing specific examples; I'm trying to separate out the reactions people have to specific camps and look at the bigger picture.) >keep in mind that Ruby Ridge and Waco happened only a few years >ago. that's a nanosecond in cosmic time, yet the terrorist >repercussions are being felt immediately. I would say its very >visceral evidene that terrorists are responding to events and >are not just madmen out for the fun of killing people. there's >a bit of that of course.. Straw man. I never claimed that terrorists are doing it just for the fun of it. The "terrorist" bomb that killed 230 American soldiers in Beirut in 1983 was done for "good" reasons ("good" in the sense of advancing their goals)--that bomb triggered an almost immediate departure of Americans from Beirut. Mission accomplished. (I also don't call that attack a "terrorist" event, given the target and the state of war extant.) Classical terrorism, such as that of the Bologna train station bombing by the P2 Lodge, also advances political goals. It is not done "randomly," or "for the fun of it." >no, I specifically reject that insanity and violence are "normal" >aspects of human behavior. merely because they have been around >for centuries does not prove they are normal, only how warped >the world has become such that abnormality is considered normal. You and others are of course welcome to lobby for people to be nice to each other. Peace and brotherhood, rah rah. I believe there are basic game-theoretic reasons which make conflict and jockeying for power "not surprising." >the point is that there is no physical strategic value from bombing >symbols. I was making the point that terrorism is extremely symbolic And the bombing in Beirut is explained how? Bear in mind that the British thought the Colonial tactic of shooting at them from behind trees--a "terrorist" tactic borrowed from the Indians who used it on the colonists--was immoral and unsportsmanlike. Ditto our feeling that the "sneak attack" on Pearl Harbor was immoral. I take the meta-view that the attack on Pearl Harbor was brilliantly carried-out military strategy, just as the bombing of the Marine barracks in Beirut was brilliantly carried-out military strategy. > >bzzzzzzt. what I am pointing out is that what Tim is essentially saying, >as you seem to be, that trying to combat terrorism is a waste of time >because it is a fact of life, is erroneous in my view. it is a common >libertarian argument that goes, "criminality is everywhere, so why try >to stop it?" a rather juvenile ideology. may you live in your reality and >see what it is like. hint: the current one we are living in is not >one in which the government does not try to fight terrorism. You really need read up on the "strategy of tension," esp. the writings of Stefano Dellechiai (sp?) and the Russian "anarchists" of the late 19th century. Also, the role the CIA played in funding former German commando Otto Skorzeny in setting up "terrorist" groups in the 1950s and 60s. Basically, one of the things terrorists want to do is to provoke a crackdown by the ruling authorities, making things so bad that a counterrevolution occurs. They believe they will reap the rewards of such a counterevolution (or revolution, as it need not be "counter"). You can all fill in the way this worked for leftists hoping for a leftist revolution (Sindero Luminoso being the exemplar here) and rightists hoping that things will get so bad that a fascist or rightist revolution will occur (P2 being an example). My main point in my essay was that violence and authoritarianism are all around us, and that responding to the attacking of "soft targets" by cracking down on basic liberties is NOT something we should endorse. Taking responsibility for our own protection is preferable. (And my point about moving out of cities referred to what *I* am doing; others are of course free to mingle in crowded markets, hoping that the bombs won't come that day. Others are free to send their children to day care centers located in likely targets for ZOG's enemies to bomb, and so on.) >because, from my past experience, it seems Timmy's wildest >fantasies are always contained in the paragraphs >in which he says, "now, I'm not advocating this or anything...." If you can't make your points reasonably and convincingly, I see that you once again make ad hominem arguments. Calling me "Timmy" is not terribly effective. --Timmy Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Wed Jul 3 15:13:57 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 4 Jul 1996 06:13:57 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: Sameer's www.anonymizer.com is not blocked -- yet, at least. Some of the programs release weekly updates, so as soon as it's reported by some Net-groping pornhound, I'm sure it'll end up in there. But the blocking apps do more than just check on URLs -- which do constitute most of the databases. (I mentioned that CyberPatrol lists 4,800 web sites.) They also block by keywords. So going through a URL-redirector to "playboy.com" or "xxxpix" would fail. CyberPatrol is free for the download. Check it out! http://www.cyberpatrol.com/ -Declan >-----BEGIN PGP SIGNED MESSAGE----- > >At 12.10 AM 7/3/96 -0500, Declan McCullagh wrote: > >>CyberWire Dispatch // Copyright (c) 1996 // > >>Install the programs and Junior can't access porn. No fuss, no muss, no >>bother. "Parental empowerment" is the buzzword. Indeed, it was these >>programs that helped sway the three-judge panel in Philly to knock down >>the Communications Decency Act as unconstitutional. > >I've wondered .. could a creative child circumvent these filter programs >using a URL-redirecter, like where you see something like >http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/ >or are they not URL-based? > >=============================================================================== >David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu >For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu >0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 >Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ >Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. >=== === === === === === === === === === === === === === === === === === === === >"Truth is stranger than fiction, especially when truth is being defined by the >O.J. Simpson Defense Team." -Dave Barry > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 > >iQCVAwUBMdqkPhguzHDTdpL5AQG77QP7B6oJR9SOeJYyTP9fnad+Yn/fA/ZObaf3 >szA2m9Sytxslfd/Juu19KfTTTjncE7dHMBnq6PuyouKD5jwkTnncnXNe7R2Tgjp8 >SdVpyUUdFz++lLdBQ1WYos+eCU2QaGqsYe5+79MkHhFOk1XOhAH8zX5hG9kwuO+q >8C9/wuf6ZyU= >=NfcF >-----END PGP SIGNATURE----- From cibir at netcom.com Wed Jul 3 16:07:58 1996 From: cibir at netcom.com (Joseph Seanor) Date: Thu, 4 Jul 1996 07:07:58 +0800 Subject: Setting a PGP keyserver on my Web server In-Reply-To: <199607031436.HAA27482@montana.nwlink.com> Message-ID: How can I go about setting up a PGP keyserver on my Web Server? Joseph Seanor cibir at netcom.com From crypto at nas.edu Wed Jul 3 16:09:10 1996 From: crypto at nas.edu (CRYPTO) Date: Thu, 4 Jul 1996 07:09:10 +0800 Subject: A public briefing in NYC on the NRC cryptography policy... Message-ID: <9606038364.AA836431090@nas.edu> Subject: A public briefing in NYC on the NRC cryptography policy report The NRC report entitled Cryptography's Role in Securing the Information Society was released on May 30, 1996. A public briefing on the report will be held in New York City: Wednesday, July 10, 1996, 10:00 am to noon. It will be presented at the Association of the Bar of the City of New York (ABCNY) under the aegis of its Committee on Science and Law. Mr. Kenneth Dam, study chair and Max Pam Professor of American and Foreign Law at the University of Chicago, Mr. Colin Crook, committee member and senior technology officer at Citicorp, and Dr. Herbert Lin, study director and senior staff officer of CSTB, will be present. The briefing will take place in the Stimson Room, 42 W. 44th Street, New York, New York, from 10:00 a.m. to Noon. Committee members will respond to questions from attendees, and a limited number of pre-publication copies of the report will be available at that time. For further information, please contact Michael Schiffres of the ABCNY Committee on Science and Law at (718) 248-5708 for further information. The event is open to the press and the public. If you have suggestions about other places that the committee should offer a public briefing, please send e-mail to crypto at nas.edu. From frantz at netcom.com Wed Jul 3 16:14:08 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 4 Jul 1996 07:14:08 +0800 Subject: Lack of PGP signatures Message-ID: <199607031912.MAA08945@netcom8.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- At 7:38 AM 7/3/96 +0000, Brad Shantz wrote: >PGP is a pain for encrypting or signing e-mail when you have to save >your message out to a temp file, encrypt it, and load it back in to >your mail package. On my Mac I just entered this answer, cut it to the clipboard, launched PGP, clearsigned it, and pasted the result back into the Eudora window for the new mail. Bill -----BEGIN PGP SIGNATURE----- Version: 2.6 iQB1AwUBMdqyT9QgMXPCzT+1AQF35QMAiUM/5pVLwh41m0KncAiW+kms0d/GWn2W C8RNwQpzanwEBaNyCpd/MSPdMAz5+YRrstnmp9MqGwbKMbsW4frqb86Dxdpgp2/f qnwHvik9PlU/K81unAPij83MulSuysdJ =feiY -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From frantz at netcom.com Wed Jul 3 16:14:50 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 4 Jul 1996 07:14:50 +0800 Subject: SAFE Forum--some comments Message-ID: <199607031912.MAA08980@netcom8.netcom.com> At 08:44 PM 7/2/96 -0700, Martin Minow wrote: >It's not quite that bad. Here are a few (more or less strong) crypto >products you might not know you have: > >1. Every Macintosh made since at least 1988 has a secure authentication > client module in the AppleShare Chooser dialog. When you use it to > connect to a remote server, it notes that the user information > is "two-way scrambled." (The server sends a random number challenge > that the client uses to encrypt the username and password. The > encrypted information is sent to the server.) All Macintosh systems > running System 7 or later have the corresponding server software. > What is interesting about this is that the encryption is completely > invisible to the user. I hear this as the server sends out a key which the client uses to encrypt the username/password. This algorithm makes less sense than the one I thought I heard at the SAFE forum on Monday which was: (1) The server sends out a challenge/salt (different each time) (2) The client uses a secure hash to compute hash(salt||password) and returns the username and the hash. (3) The server computes hash(salt||password) and compares the hashes. Given that there is still some interest in algorithms and protocols on this list, can you describe what is really happening? Thanks - Bill ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From shelly at wyverstone.win-uk.net Wed Jul 3 16:21:15 1996 From: shelly at wyverstone.win-uk.net (Andrew Sheldon) Date: Thu, 4 Jul 1996 07:21:15 +0800 Subject: LACC: GCHQ/DTI briefing on strong encryption - Report Message-ID: <43@wyverstone.win-uk.net> Following are Ross Anderson's comments from the recent meeting hosted by the IEE in the UK with contributions from GCHQ, Security Services, et al. They are long but are, I feel, worth posting here... (appologies if they have already been posted - I've been away... =========== From: rja14 at cl.cam.ac.uk (Ross Anderson) Newsgroups: sci.crypt,alt.security,uk.telecom,alt.security.pgp Subject: HMS Clipper - GCHQ bungling! Date: 28 Jun 1996 12:20:19 GMT Organization: U of Cambridge Computer Lab, UK Message-ID: <4r0im3$32p at lyra.csx.cam.ac.uk> I went to the meeting organised at the IEE yesterday on the UK `Trusted Third Party' proposals. One of the speakers, Nigel Hickson of the DTI, confirmed that escrowing of confidentiality keys would be mandatory. He also claimed that an OECD expert group was working on `global crypto guidelines', and made clear that the controls would focus on small-to medium enterprises and individuals rather than on large companies. It was a most extraordinary meeting, and showed up GCHQ in a rather poor light. The introductory talk was given by Andrew Saunders, advertised as head of CESG (GCHQ's protection arm) since 1991 and a GCHQ board member. He remarked that the debate on encryption had been acrimonious, especially in the USA, but that now technology made possible a compromise in the form of `Trusted Third Parties' which would supply a key delivery service and a key recovery service for both users and law enforcement authorities. I asked him whether his department had advised ministers that it was all right to release the April report on encryption in the NHS network (which floated the TTP idea), or had at least had sight of it before its release. He claimed to have no knowledge of whether his agency had seen it. After a talk on the common criteria by Murray Donaldson of the Ministry of Defence, Saunders left, and we were addressed by a man introduced as Paul Fleury, head of the information systems security group at the security service. He was claimed to have been with MI5 for 18 years, and in his current post for 5; and to head a team of 9 people responsible for the overall UK threat assessment (with technical input from GCHQ), as well as for managing CRAMM and running UNIRAS (the UK government equivalent of CERT). Strangely enough for such a senior and responsible person, his name did not appear on the programme, and in the list of participants he appears only as `UNIRAS SPEAKER, Security Service, PO Box 5656, London EC1A 1AH' (so now you know - but why did he turn up with slides that had his name on them and yet not write his name in the attendance register?) His talk contained little to surprise, with statistics on viruses, equipment thefts and hacking. He did mention that 98% of the 873 hacking incidents in 1994/5 were abuse of access by insiders rather than external attack. The third talk was by Elizabeth France, the Data Protection Registrar, who expressed amusement at my having ironically referred to her (along with the other speakers) as `one of the forces of darkness' when I relayed notice of the meeting to the net. She proceeded to blaze with light; she argued that the national security exemptions to data protection law should be curtailed, and could see no reason why the security service should not have to register along with everybody else. She also pleaded for the wider use of privacy enhancing technologies, such as the use of pseudonyms in medical databases. Next was John Austen of the Yard, who pointed out that company directors can get ten years' jail if one of their employees has kiddieporn on a company server, since under the Children and Young Persons Act simple possession is an offence. Then Bob Hill of the MoD talked about the SOS-TDP project to provide security interfaces in Microsoft, Novell and DEC products, linked with Northern Telecom's `Enterprise Security Toolkit'; David Ferbrache of DRA talked about security threats from the Internet; John Hughes of TIS about firewalls; and Alex McIntosh of PCSL about how his company built a crypto infrastructure for Shell and got government approval for it. The threat model depicted in these talks was remote from reality. For example, it was categorically stated that most thefts of PCs are for the information in them, rather than the resale value of the machine or its components. False - over 11% of UK general practitioners have experienced theft of a practice PC, yet there is only one case known to the BMA in which the information was abused. Another example was the numbers put on various threats: satellite TV hacking was said to cost 300,000 pounds a year (according to News Datacom at Cardis 94, that should be 200,000,000) while other risks were wildly inflated. Bob Morris, the former NSA chief scientist, is fond of asking security researchers, `Do you consider yourself to be more dishonest, or more incompetent?' Well, does GCHQ know that the threat model presented at their meeting is wrong, or don't they? Anyway, Alex McIntosh's talk brought matters back to crypto policy when he explained that following UK and US government approval of a corporate security architecture designed for Shell, Fortune 500 companies would be trusted to manage their own keys. The explanation is that they have so much to lose that they will be responsive to warrants and subpoenas. (The doctrine of equality of persons before the law was not, of course, mentioned.) The final speaker was Nigel Hickson from the DTI. The excuse given for his late arrival ws that he had been in France with the OECD and had been discussing crypto policy for three days. He looked somewhat junior but was said to co-chair the ITSEC scheme with CESG and to be one of a group of five people in DTI responsible for information security policy. In the introduction to his talk, he picked up on Alex's remarks about Shell and stated that the motivation for the DTI's involvement was that while `large firms will crack security', it would be an inhibiting factor for small-to-medium firms and individuals, and would prevent them participating in commerce on the Internet (this seemed to clash with the policy announcement that corporate encryption would be regulated but private would not be). He then quite blatantly waffled until his time was almost up before getting to the reason most people had come to the meeting, namely the DTI announcement of its intent to regulate `Trusted Third Parties'. My notes on his words are as follows: Why the UK announcement? Many reasons, some of which are highlighted in the public statement. The primary reason is that to secure electronic commerce people will need access to strong crypto, and if this is serious then government will have to look at what systems are `appropriate'. The UK government has spent a lot of time discussing the essential balance. Continued law enforcement access is required along the lines of the Interception of Communications Act. The government has `obviously' looked at TTPs and at `elements of key escrow'. There was no mention of national intelligence requirements. Policy framework for the provision of encryption services: 1 No new controls on the use of encryption, such as types of algorithm. The introduction of trusted third parties will be on a voluntary basis; 2 Licensing of TTPs will be on (a) competence (b) ability to provide a service (c) cooperation with government under conditions of warranted interception; 3 International working will be the essential vehicle to drive it - first in Europe and then in a wider field. Legislation later this year is possible. The EU is working on a `second infosec decision' to promote TTPs in Europe. The OECD expert group is working on global crypto guidelines. By the time he had finished this short exposition, he had run over the advertised time of 4.15, eating well into the fifteen minutes that the programme had allocated for discussion. There were only a few questions: Paul Leyland managed to ask whether it would be mandatory for confidentiality keys to be escrowed, and Hickson said yes. Just as the questions were starting to flow, the chairman - advertised as Mr DJ Robertson, Ministry of Defence - declared the meeting closed. I objected; I pointed out that there were plenty of people with questions, and that the government's attempts to sell their proposal would not be aided by such blatant news management, which would surely be reported. He said that we absolutely had to be out of the room by half past four - the time then - and overruled me, remarking that the Universities of Oxford and Cambridge had asked quite enough questions. Then a large gentleman came up to me and said that he hoped my remark about publicising their news management had been made in jest. I told him that it was not, and he became menacing. He said that the meeting was held under IEE rules and seemed taken aback when I stood my ground and told him I was a member. He then said that he was also a graduate of Cambridge and that he would write to very senior people in the University about me. Good luck to him. Although he wouldn't give me his name, his lapel badge said `B Buxton' and the attendance register lists a Bill Buxton, Parity Solutions Ltd., Wimbledon Bridge House, 1 Hartford Road, Wimbledon SW19 3RU. After the meeting, we milled around, to the evident discomfiture of the man advertised as Robertson. Finally, at almost five o'clock, an IEE lady turned up while there were still a few of us in the corridor. He asked her to see us off the premises, at which she smiled and asked whether we knew our way out. When I said yes, she said 'that's all right then' and went off. The man advertised as Robertson scuttled away without meeting my eye. As Bob would ask, incompetence or dishonesty? Well, I didn't get the impression that our spooks are even competent at being dishonest. Ross Anderson From hlin at nas.edu Wed Jul 3 16:42:53 1996 From: hlin at nas.edu (Herb Lin) Date: Thu, 4 Jul 1996 07:42:53 +0800 Subject: SAFE forum -- remarks of Herb Lin Message-ID: <9606038364.AA836434501@nas.edu> Folks -- I object to the characterization of my remarks about crime prevention being made with sarcasm. The complete remark was "Crime prevention ought to be part of the FBI's mission, ... and it is -- ask them, and they acknowledge that." No sarcasm was intended; the basic point was, and is, that encryption has costs from the perspective of the authorized information collection efforts of law enforcement, and benefits from the perspective of preventing information crimes such as the compromise of proprietary business information. I am not on the cypherpunks list, so if you want me to respond, pls copy me at hlin at nas.edu. herb === Date: Tue, 2 Jul 1996 10:57:30 -0700 (PDT) >From: Rich Graves To: cypherpunks at toad.com Subject: Re: SAFE Forum On Mon, 1 Jul 1996, Bill Frantz wrote: > "Crime prevention ought to be part of the FBI's mission. [Herbert Lin, > National Research Council] In case it's not clear, this was said with much sarcasm... i.e., today's FBI is too often engaged in other pursuits.. This in the context of explaining that ubiquitous strong crypto is the best defense against computer crime. -rich From maldrich at grci.com Wed Jul 3 16:55:02 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Thu, 4 Jul 1996 07:55:02 +0800 Subject: PGP, Inc. indeed has purchased ViaCrypt and Lemcom Systems Message-ID: C'punks: In case you've not seen the press release, it's at http://www.viacrypt.com/lit/pgpinc.htm This brings "back home" the license that Phil granted for the commercial sales of PGP. While PGP, Inc., has a web page (www.pgp.com) it, uh, doesn't really have anything on it. I guess they're busy doing a make on PGPfone, or designing a new box for ViaCrypt software. :) ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From ogren at cris.com Wed Jul 3 16:58:05 1996 From: ogren at cris.com (David F. Ogren) Date: Thu, 4 Jul 1996 07:58:05 +0800 Subject: Lack of PGP signatures Message-ID: <199607032012.QAA13633@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Wed Jul 03 16:09:34 1996 > At 09:42 PM 7/2/96 EDT, Derek Atkins wrote: > > :Basically, I refuse to type my passphrase over the net, which signing > :all my messages (this one included) would require. > : > :-derek > > Why, in heaven's name, would you have to "type your passphrase over the > net" to encypher a message? > Lots of people still deal with the Internet remotely, despite the profileration of SLIP/PPP accounts. To see the the difference consider the following two scenarios: 1. Alice connects to the Internet via a PPP account. She downloads all of her mail to Exchange (on her local computer), from which she can encrypt/decrypt et cetera. All encryption is done locally and securely. 2. Bob connects to the Internet via a "shell" account. All processing is done by his ISP's unix machine. He reads his mail on the mail reader provided by unix machine. He has two choices: 2A. Install PGP on the ISP's unix machine and use it to encrypt/decrypt messages. This is relatively easy, but also insecure. The ISP's administration has access to his secret keyring, and his password must be sent over the modem line to the ISP before it used. Thus he is "typing his passphrase over the net". 2B. He can download the mail to his local machine manually. Manually encrypt/decrypt the mail there and then upload it (again manually) to the host computer to be sent. This is secure, but it's also a pain in the butt. David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2..6.2 iQEVAwUBMdrTf+SLhCBkWOspAQGLHgf+LEQRFzRl5vdWoGDI8TKhyfHHjBbCszHV Fshtoa2h3vj+GcqGhh3IBTBwynZWlrQTHZeON41XMcl7ZxUqb9yd3C0qxaBE56Yk Bf1b9KVa+z7GWue3EVbcuOP2wNBQjUKC0FZLjwHGxiLH1+sZ2HvTGzBSLeHWoMFq oYyxLR6RZMbMy/2lKWJDIaz9CB4X8p5TPqvHQqoOIAhM6cmJkJc6VlPdW4bQgWWi unzKcaMf9WuHH3crZMNAeGsnq2PkzYlDCTQNsESHIBtlw0+Z8gjmGaqnI2ouG1gh b0ozEOOvgo+jrLF1+uXy92UJzdOFeNq4kXjbqxa9QQ7FidtDYpskkw== =B5gF -----END PGP SIGNATURE----- From wendigo at gti.net Wed Jul 3 17:02:22 1996 From: wendigo at gti.net (Mark Rogaski) Date: Thu, 4 Jul 1996 08:02:22 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu> Message-ID: <199607032025.QAA25327@apollo.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be David Rosoff wrote: : : I've wondered .. could a creative child circumvent these filter programs : using a URL-redirecter, like where you see something like : http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/ : or are they not URL-based? I would assume that the filters look for regexp's in the query string, too. How about a nice little Nutscape plugin that uses a rot13'd query string? http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/ Hmmm, no bad words in the query string. Of course the filter package would start looking for rot13'd stuff in the next release. So the next logical step is to use the URL encrypted with the redirector's public key ... or better yet, a dynamically generated key. Just convert it to radix64 so as to avoid ?'s &'s or ='s, and use that as the query string. The plug-in would only be necessary to generate the first request. Any URL preparation could be handled by passing the output of netcat through a stream filter before sending it to the client. Now, if I can get the time, maybe I will write a nice little redirector to do this. (hehehehehehe ... right ... get the time ... good one) mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdrXDQ0HmAyu61cJAQEZXwP/bSI1tqQH/BCXXWPHhIp9Waq/A22ozyKf W0iL3zveQWbmirXd5RYtxoo+v8jTFmv+SOIUKrI+n7WKTmFoj1TtzMf8zTYTz/KW aZ2NK/PddgSqq4mjQEaxufMqvbG8lE/+Cu6GePo8UkFmkd7hSnNQA5sVv/kaTD47 5xVQCwkEwnc= =traT -----END PGP SIGNATURE----- From watt at sware.com Wed Jul 3 17:05:39 1996 From: watt at sware.com (Charles Watt) Date: Thu, 4 Jul 1996 08:05:39 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607031912.MAA08945@netcom8.netcom.com> Message-ID: <9607031935.AA08888@mordred.sware.com> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-Certificate: MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK aTxjgASxqHhzkx7PkOnL4JrN+Q== MIC-Info: RSA-MD5,RSA, BeMb0/+U7Gnp8Xx2J5GUFwFI2hLb0giw65Y+HudXPvuSMDdeBToKOQXkR/HvyvKr kM+gtqWFV3Q/2xKS6iIeYRc= > -----BEGIN PGP SIGNED MESSAGE----- > > At 7:38 AM 7/3/96 +0000, Brad Shantz wrote: > >PGP is a pain for encrypting or signing e-mail when you have to save > >your message out to a temp file, encrypt it, and load it back in to > >your mail package. > > On my Mac I just entered this answer, cut it to the clipboard, launched > PGP, clearsigned it, and pasted the result back into the Eudora window for > the new mail. > > Bill > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6 > > iQB1AwUBMdqyT9QgMXPCzT+1AQF35QMAiUM/5pVLwh41m0KncAiW+kms0d/GWn2W > C8RNwQpzanwEBaNyCpd/MSPdMAz5+YRrstnmp9MqGwbKMbsW4frqb86Dxdpgp2/f > qnwHvik9PlU/K81unAPij83MulSuysdJ > =feiY > -----END PGP SIGNATURE----- With our mailers, you simply hit the reply key. Of course, it is PEM rather than PGP. But with automated key management PEM can be a lot easier to use than PGP with its key ring -- and most implementations don't require you to use the restrictive IETF certificiate hierarchy. See www.secureware.com Charlie Watt SecureWare, Inc. -----END PRIVACY-ENHANCED MESSAGE----- From vznuri at netcom.com Wed Jul 3 17:09:42 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 4 Jul 1996 08:09:42 +0800 Subject: blocking software & brock meeks Message-ID: <199607032037.NAA25035@netcom23.netcom.com> sent this to Brock Meeks re: his latest column I also ask cpunks not to harass these companies or their users-- it's a solution that's working. ------- Forwarded Message To: brock at well.com Subject: cyber blocking software Date: Wed, 03 Jul 96 12:48:49 -0700 From: "Vladimir Z. Nuri" I read your columns regularly. outstanding work. regarding your recent dispatch: please do not harass the blocking software companies too much. they are simply based on a different premise than the regular net. the internet starts out with, "everybody can access everything". they start out with, "only stuff we approve of can be accessed". what their system shows is that you will always have disagreement and controversy whenever this software is employed, whereever subjectivity is involved. it is a very legitimate and worthwhile service for parents who would rather "err on the side of caution". but far better to have these organizations arguing & bickering with who they censor than to have the people who are censored suing the government. the people who want free net access have it, and are unbothered by these controversies. in other words, by moving the controversies to places where they are locally contained (i.e. among the blockers and blockees) the rest of the surfing public is unaffected and perhaps even protected from harassment. so you see? there is all kinds of ranting about censorship going on, but it has nothing to do with the way the vast majority uses the internet. it's completely voluntary. it's the perfect solution. so far, nothing the blocking companies do can affect the net as a whole. they are largely predicated on that function. in a real sense they are providing very general services of "rating web sites our customers will be most interested in". and you realize, even the Point Communications awards are the exact same thing. so again, please do not harass the companies. it's a solution that does work. the existence of controversy does not prove it doesn't work. it in fact proves that it does work. ------- End of Forwarded Message From me at muddcs.cs.hmc.edu Wed Jul 3 17:16:42 1996 From: me at muddcs.cs.hmc.edu (Michael Elkins) Date: Thu, 4 Jul 1996 08:16:42 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607031631.JAA07820@infinity.c2.org> Message-ID: <199607032033.NAA07808@muddcs.cs.hmc.edu> nowhere at alpha.c2.org writes: > At 09:42 PM 7/2/96 EDT, Derek Atkins wrote: > :Basically, I refuse to type my passphrase over the net, which signing > :all my messages (this one included) would require. > > Why, in heaven's name, would you have to "type your passphrase over the net" to encypher a message? He was talking about signing messages that you send. You have to enter your passphrase possible over a TELNET session, which sends it across in the clear. This is a Bad Thing(tm) for keeping it truly private. me -- Michael Elkins http://www.cs.hmc.edu/~me PGP key fingerprint = EB B1 68 32 3F B5 54 F9 6C AF 4E 94 5A EB 90 EC From youssefy at ucla.edu Wed Jul 3 17:23:55 1996 From: youssefy at ucla.edu (youssefy at ucla.edu) Date: Thu, 4 Jul 1996 08:23:55 +0800 Subject: AT&T bans anonymous messages Message-ID: <2.2.32.19960703211803.006cedb4@pop.ben2.ucla.edu> At 11:43 AM 6/24/96 -0500, you wrote: >AT&T WorldNet service has banned the sending of anonymous email or >posting anonymously. > Can someone please explain to me the technicalities of how they know I am sending anonymous e-mail? From um at c2.org Wed Jul 3 17:43:15 1996 From: um at c2.org (Ulf Moeller) Date: Thu, 4 Jul 1996 08:43:15 +0800 Subject: Info on alleged new German digital wiretapping law? In-Reply-To: Message-ID: > > > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027 > So what's the prospect for implementation? The claim is that law enforcement > is supposed to have a back door to every computer system. Are we talking > about escrow of root passwords, or what? No. There are two points: 1) The network operators have to create a wiretapping system to be approved by the Regulation Authority, and operate dedicated digital lines for law enforcement access. As I understand it, Internet providers could be forced to duplicate IP packets to that line, when wiretapping has been ordered. 2) They have to keep files of customer data (name, address, etc.) that the Regulation Authority can access secretly at any time. From WlkngOwl at unix.asb.com Wed Jul 3 17:44:27 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 4 Jul 1996 08:44:27 +0800 Subject: The Net and Terrorism Message-ID: <199607032157.RAA25003@unix.asb.com> On 3 Jul 96 at 7:03, jim bell wrote: > If you listen to the Feds discussing this most recent militia story, when > they're asked what was the militia's motivation, they don't want to talk > about it, and won't even speculate on more than the most unspecific, vacuous > terms. How can they? It's also not their concern WHY they (allegedly) plotted to blow up buildings, only THAT they did so. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From vznuri at netcom.com Wed Jul 3 17:44:32 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 4 Jul 1996 08:44:32 +0800 Subject: The Net and Terrorism In-Reply-To: Message-ID: <199607032035.NAA24719@netcom23.netcom.com> TCM breaks a longstanding personal policy of never replying to my posts directly. (well, thanks.) realize that my speculation on his position is largely associated with the vacuum of his continually refusing to discuss key points of his essays. >My article made my points, so I won't rewrite it here. You are of course >not required to agree. You are free to live in crowded cites--near "soft >targets." You are welcome to lobby for world peace and for economic changes >to lessen terrorism. lobbying is of marginal efficacy. I was not advocating lobbying congress. imagine that all the palestinians had good paying jobs, for example. how many of them would be into rock-throwing and terrorism? of course their own attitudes make such a thing very difficult. they may not have any skills or reject a job even if offered one. I'm not saying such a thing is easy. the fact that it is so elusive is proof of how difficult such a thing is. what you are failing to address is that terrorism is bred from DISCONTENT. I do believe that it is possible for groups to live together without DISCONTENT. such a thing is incredibly difficult to achieve, but definitely impossible if one starts with the premise, as you do, that such a thing is impossible. you will often find that some groups, if given minor concessions, are quite aghast at such overtures. but when both parties are stuck in "kill my enemies" mode, such a thing is not conceivable of course. I do NOT believe that living in the world is a zero-sum game as you seem to suggest. your use of the term is very compelling. do you believe human life is always at the expense of other human life? if so I can see why you think terrorism and violence are inevitable and likely to worsen (e.g. with the increase in population). but if you start from a different premise, that human problems can be solved, you may get a different reality. (interesting though, this dark view of the world as a zero-sum game does seem to influence a lot of thinking here on this list). >(I think this is mostly hopeless. No matter how "nice" conditions get, for >game-theoretic reasons there will be some groups seeking changes.) "hopeless"-- couldn't have characterized your position better myself. "groups seeking changes" == "terrorists"?? quite a leap of terminology. notice that it is quite possible to PEACEFULLY work for changes without resorting to violence. those that do resort to violence are at the most extreme ends of the spectrum. terrorism is like an adult having the ultimate temper tantrum. "if you don't give me what I want, I'll blow up a building". >I've never made any claims, explicit or implicit, that such acts are "for >no particular reason." Various groups--religious, political, corporate, >etc.--see advantages and disadvantages in various course of action. (This >sounds nebulous, but I am trying to avoid citing specific examples; I'm >trying to separate out the reactions people have to specific camps and look >at the bigger picture.) again, a blurring of degrees of extremism. of course there will always be conflicting demands of different groups in the world. but why does this equate to an inevitable rise in terrorism? I think we should study why it is that some people don't resort to violence to solve their problems, and some do, and try to pinpoint the difference in their psychologies. terrorists are not insane in a certain sense. they have just pushed themselves out of the envelope. >I never claimed that terrorists are doing it just for the fun of >it. I didn't say you claimed that. what you seem to suggest an inherent irrationality to terrorism such that it is often senseless. I'm trying to point out that terrorists are not just insane people, and that we are not always going to have lots of terrorists just because there is always an insane percentage of the human populace. I would suggest that terrorism in this country is only going to get worse if the government becomes more extreme. unfortunately, responses to terrorism tend to increase the extremism of govt, so it is difficult to separate cause from effect. I suspect we are already in this negative feedback loop. but ask yourself, would tim mcveigh have bombed the OK building if: 1. the FBI hadn't tried to cover up waco and ruby ridge 2. the FBI disciplined their agents, firing some on the spot 3. the FBI admitted making "egregious errors" 4. the FBI compensated families with cash without them having to sue the government first in retrospect, are any of these things not the "right thing to do" anyway? didn't the government eventually end up doing most of them anyway in the long run? what if they had apologized from the beginning? now, I am not saying what Mcveigh did was justified-- what I am saying is that the government could have potentially averted inflaming him and a zillion other militia members by a particular course of action that was inconceivable to them because of their need to preserve their testosterone-laced image of manhood... I gues being a government agent means never having to say you're sorry.... but terrorists are subject to the exact same kind of extremism of course. the extreme government and the extreme terrorist are the perfect match for each other and continually inflame each other more. >You and others are of course welcome to lobby for people to be nice to each >other. Peace and brotherhood, rah rah. "lobby". you are using your own straw man against me. I don't advocate lobbying or petitioning congress in particular to change the world. such measures play a small role. (btw, you probably think mother teresa is an idiot based on that sentence) >I believe there are basic game-theoretic reasons which make conflict and >jockeying for power "not surprising." again, a conflation of regular, routine conflict and disagreement with extreme violence and terrorism. why can some people solve their problems, or postpone their settlement, without resorting to violence? why can't others? >>the point is that there is no physical strategic value from bombing >>symbols. I was making the point that terrorism is extremely symbolic > >And the bombing in Beirut is explained how? it was a highly symbolic action. the palestinians are enraged that israel is largely supported through american dollars and military support. >Bear in mind that the British thought the Colonial tactic of shooting at >them from behind trees--a "terrorist" tactic borrowed from the Indians who >used it on the colonists--was immoral and unsportsmanlike. Ditto our >feeling that the "sneak attack" on Pearl Harbor was immoral. I take the >meta-view that the attack on Pearl Harbor was brilliantly carried-out >military strategy, just as the bombing of the Marine barracks in Beirut was >brilliantly carried-out military strategy. ok, an interesting analogy. notice however why the japanese attacked however. their critical oil supplies were being cut off. it wasn't just an exercise in trying to destroy an enemy. we became their enemy for particular reasons. >You really need read up on the "strategy of tension," esp. the writings of >Stefano Dellechiai (sp?) and the Russian "anarchists" of the late 19th >century. Also, the role the CIA played in funding former German commando >Otto Skorzeny in setting up "terrorist" groups in the 1950s and 60s. terrorists would not be terrorists unless they had their reasons. take away their reasons for being terrorists and they have nothing to inflame themselves about. that's my point. >Basically, one of the things terrorists want to do is to provoke a >crackdown by the ruling authorities, making things so bad that a >counterrevolution occurs. bzzzzt. you constantly talk about terrorists as if they are one single kind of breed in the world. but they have a zillion different variations and they are all violent for different reasons. they are fighting for *causes*. the sole cause of a terrorist is not to destroy government. they *want* to destroy government for some other reason. "I'm pissed off about [x], therefore I'm going to destroy the government". now, they *say* they are dedicated to destroying governments, but they're really just pissed off about [x], and if you take away [x] (which the government does often have a hand in) they have very little reason to be terrorists any more. ( McVeigh is a good case in point.) there are terrorists who are explicitly dedicated to destroying government merely because it is government, but I'd say this is an extreme form of terrorism that is relatively rare. apparently you have studied these forms the most and concluded they are the regular variety, and I take exception to this. you will not find terrorism in societies that are largely "contented". you cannot realize this until you study societies that are "content", which is the opposite of what you have done, focus on societies that are "discontented" and stuck in turmoil. I think this is what I find remarkable about your writing. for terrorists, destroying the government is a means to an end. but you often write as if terrorism is the end itself, that terrorism is its own reason for existence. that's what I'm questioning. They believe they will reap the rewards of such a >counterevolution (or revolution, as it need not be "counter"). note that they are really interested in the rewards, not necessarily the revolution. what would happen if they could obtain the rewards without the revolution? frequently revolution is required because the government is fanatically opposed to giving them their demands. but their demands are rarely that extreme at the root. (a place to live, religious tolerance, sovereignty, whatever). when you have terrorists, what you have is a government that is as extreme in its attitudes as the terrorists. it takes two to tango, as you are suggesting. the violent confrontation between government and terrorism is only the result of a negative feedback loop in which both become more extreme and polarized, each feeling that any concession to the other is a sign of submission. it is *not* a natural course of civilized society as you frequently suggest. >My main point in my essay was that violence and authoritarianism are all >around us, and that responding to the attacking of "soft targets" by >cracking down on basic liberties is NOT something we should endorse. well, we're in agreement, although at times it sounds like you are rooting for the violent crackdown, the negative feedback loop. your writing is very opaque sometimes. its not clear what you are advocating in particular. you seem to want to advocate things without appearing to advocate them, eh? >If you can't make your points reasonably and convincingly, I see that you >once again make ad hominem arguments. Calling me "Timmy" is not terribly >effective. actually it was a term of endearment . I would be awfully bored here without your postings. it's just a pity that you don't ever consider reexamining your fundamental premises, or stating them in depth. but this is human nature, so I can't fault you for it. From frantz at netcom.com Wed Jul 3 17:49:27 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 4 Jul 1996 08:49:27 +0800 Subject: Lack of PGP signatures Message-ID: <199607032105.OAA18411@netcom8.netcom.com> At 12:15 PM 7/3/96 -0700, Bill Frantz wrote: >On my Mac I just entered this answer, cut it to the clipboard, launched >PGP, clearsigned it, and pasted the result back into the Eudora window for >the new mail. But of course the signature doesn't check. (I suspect Eudora line wrapping.) >Pretty Good Privacy(tm) 2.6 - Public-key encryption for the masses. >(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 9 Jun 94 >Distributed by the Massachusetts Institute of Technology. Uses RSAREF. >Export of this software may be restricted by the U.S. government. >Current time: 1996/07/03 21:04 GMT >pgp PGPTmpClipboardFile.tmp > >File has signature. Public key is required to check signature. . >WARNING: Bad signature, doesn't match file contents! > >Bad signature from user "Bill Frantz ". >Signature made 1996/07/03 17:48 GMT > >Plaintext filename: PGPTmpClipboardFile ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From hfinney at shell.portal.com Wed Jul 3 17:50:14 1996 From: hfinney at shell.portal.com (Hal) Date: Thu, 4 Jul 1996 08:50:14 +0800 Subject: Setting a PGP keyserver on my Web server Message-ID: <199607032119.OAA19946@jobe.shell.portal.com> From: Joseph Seanor > How can I go about setting up a PGP keyserver on my Web Server? I have simple code for a "proxy" key server on my web server. It is not a real key server, but just forwards requests to a real key server. It has a list of a few servers that it knows about and it tries the list until one responds. I use it for Java applets which get PGP keys from the server; they have limitation that they can only connect back to the server they came from. So this solves that problem. Code and a sample Java applet are available from: . Hal From WlkngOwl at unix.asb.com Wed Jul 3 17:57:48 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 4 Jul 1996 08:57:48 +0800 Subject: Lack of PGP signatures Message-ID: <199607032150.RAA24892@unix.asb.com> On 3 Jul 96 at 9:31, nowhere at alpha.c2.org wrote: > At 09:42 PM 7/2/96 EDT, Derek Atkins wrote: > :Basically, I refuse to type my passphrase over the net, which signing > :all my messages (this one included) would require. > Why, in heaven's name, would you have to "type your passphrase over > the net" to encypher a message? You need to type it in to SIGN a message. (BTW, there's been an awful lot of messages posted with one line huge paragraphs. It's moderately inconvenient using Windows, but it's still a pain. Can you hit the Enter key or set word wrap on next time?) Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jimbell at pacifier.com Wed Jul 3 18:04:13 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 4 Jul 1996 09:04:13 +0800 Subject: The Net and Terrorism Message-ID: <199607032148.OAA12397@mail.pacifier.com> At 05:45 PM 7/3/96 +0000, Deranged Mutant wrote: >On 3 Jul 96 at 7:03, jim bell wrote: > >> If you listen to the Feds discussing this most recent militia story, when >> they're asked what was the militia's motivation, they don't want to talk >> about it, and won't even speculate on more than the most unspecific, vacuous >> terms. > >How can they? It's also not their concern WHY they (allegedly) >plotted to blow up buildings, only THAT they did so. >Rob. But as I've pointed out elsewhere, there's a big difference between "We're gonna do this!" and "Someday we may have to do this." My impression is that the government has tried to completely erase the dividing line between these two concepts. Jim Bell jimbell at pacifier.com From alano at teleport.com Wed Jul 3 18:16:18 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 4 Jul 1996 09:16:18 +0800 Subject: Lack of PGP signatures Message-ID: <2.2.32.19960703220436.00e93fe8@mail.teleport.com> At 02:07 PM 7/3/96 -0700, Bill Frantz wrote: >At 12:15 PM 7/3/96 -0700, Bill Frantz wrote: >>On my Mac I just entered this answer, cut it to the clipboard, launched >>PGP, clearsigned it, and pasted the result back into the Eudora window for >>the new mail. > >But of course the signature doesn't check. (I suspect Eudora line wrapping.) Yep. Been there, done that. Line wrap problems are the bain of PGP sigs. This is the reason that most PGP shells will force a line wrap before generating the signature. The only way around it is to turn off all line wrapping or have a utility do it for you before signing it. I am wondering why there is not a signing option that ignores all non-printing characters. Might fix some of these problems... (Can anyone think of a reason this would be a "Bad Thing(tm)"?) --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From ses at tipper.oit.unc.edu Wed Jul 3 18:22:06 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Thu, 4 Jul 1996 09:22:06 +0800 Subject: ecash thoughts Message-ID: 1) Current ecash systems require live verification of coins, which will require banks to perform public key operations at around the 100K PKOP/s level, as well as all the headaches caused by the serial number lookup. Would anybody care to price up a system to handle this kind of traffic, assuming that coins can be given relatively short maximum lifetimes to keep the number of serial numbers in use within semi-reasonable limits. I'm wondering what the breakeven point is for only doing statistical sampling when verifying low value coins. 2) If ecash is used to create a new currency- i.e. the value of a unit of the ecash is not tied to any single existing currency, what should the value of one currency unit be set at? (let's call it a Turing) If the currency is run to be as anti inflationary as possible (e.g. backed by index-linked government securities), one Turing should buy the same amount of goods for a long long time, though relative prices may change. What value is likely to give the most convienient prices to the most goods? (e.g. +/- powers of two). 3) Not ecash, but still banking [noise] I'm currently visiting at my parents house in England, which for the past 18 years has had a really nice phone number. Unfortunately, BT split london into two area codes, and have reallocated the exchange number in the other one to citibank. Unfortunately, not many of their customers can quite cope with the concept of area-codes. Even more unfortunately, neither can BT or citibanks telcom group- we've had calls transferred from their switchboard straight through to us. Now, here comes the test for cp ingenuity - can you think of the best way to answer the phone to someone who things they've called a bank? Ones I've used so far, when I've been really pissed off are: Oh, I'm sorry - haven't you heard? They've filed for chapter 11. I'm from the Federal Reserve- I'm working with the recievers - can I possibly help you? [response was a disappointing "Good Heavens! Really?" ] and the simple, yet subtle Lovecraftian terror of: CitiBank, Nick Leeson speaking. [pause, giggle, must have a wrong number, click] Any more suggestions? Simon From markm at voicenet.com Wed Jul 3 18:54:19 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 4 Jul 1996 09:54:19 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 3 Jul 1996, David Rosoff wrote: > At 12.10 AM 7/3/96 -0500, Declan McCullagh wrote: > > >CyberWire Dispatch // Copyright (c) 1996 // > > >Install the programs and Junior can't access porn. No fuss, no muss, no > >bother. "Parental empowerment" is the buzzword. Indeed, it was these > >programs that helped sway the three-judge panel in Philly to knock down > >the Communications Decency Act as unconstitutional. > > I've wondered .. could a creative child circumvent these filter programs > using a URL-redirecter, like where you see something like > http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/ > or are they not URL-based? If the child is creative enough, he will be able to boot DOS from a bootdisk and remove the line from config.sys that starts up the filtering software. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdr7NLZc+sv5siulAQERvQP/YyzeV1YtbR0ba0RkiosU/r6kzDDJeDSc OllJ4dAwlRAvJgNdlbX0aa0pQ47e7QNDu6yZsUv2j1MfJSvVcNlMLIWIaWP0lEvJ 4L+Oedxearr6fSwjgDa40Tv+/hWC3qwV7QHLKriRuyQxDE7nWbz8wMl2G1i91rAg a5dD8JrALeg= =RucL -----END PGP SIGNATURE----- From cme at cybercash.com Wed Jul 3 18:57:56 1996 From: cme at cybercash.com (Carl Ellison) Date: Thu, 4 Jul 1996 09:57:56 +0800 Subject: Minutes Of the WWW I&A Forum Message-ID: <2.2.32.19960703215331.00736f58@cybercash.com> >Return-Path: >Date: Wed, 03 Jul 1996 5:45pm >From: "Niemczuk John" >To: vanbelld at bah.com, hapemand at bah.com, anthony.vitale at qmgate.trw.com, > balenson at tis.com, ballodi at paralon.com, bdorsey at v-one.com, > benner_tim at bah.com, bitting at mitre.org, bonatti at bah.com, > cme at cybercash.com, crowan at jgvandyke.com, cscrugg at spyrus.com, > dale at sctc.com, davidh at checkpoint.com, davids at checkpoint.com, > fred.unterberger at east.sun.com, ghilborn at csc.com, hecker at netscape.com, > hh at columbia.sparta.com, hittman at v-one.com, housley at spyrus.com, > hthomas at smiley.mitre.org, iolson at mitre.org, j_rolen at hud.gov, > jacksont at lfs.loral.com, jalexand at aero.org, james.prohaska at litronic.com, > janispel at caas.com, janisple at caas.com, jbiggs at csc.com, > jfurlong at mitre.org, jharrell at centech.com, jim.beattie at network.com, > jim at lsli.com, jmat at vnet.ibm.com, jmyers at mitre.org, jswang at v-one.com, > kearny at betuvic1.vnet.ibm.com, khrose at annap.infi.net, > khutton at lfs.loral.com, kurowski at lfs.loral.com, lnotargi at us.oracle.com, > louden at mitre.org, luther at sware.com, migues_sammy at prc.com, > mikez at secureware.com, mjm at reston.ans.net, mkrenzin at mail.hcsc.com, > mmancuso at v-one.com, mulvihil at smiley.mitre.org, netland at scc.com, > olkowskid at comm.hq.af.mil, oswald at columbia.sparta.com, pguay at mitre.org, > price_bill at prc.com, ray at sesi.com, sferry at raptor.com, > shlomo at checkpoint.com, sledgerw at bdm.com, smith at sctc.com, > tcfarin at sed.csc.com, tehrsam at us.oracle.com, thomps1r at ncr.disa.mil, > vritts at cscmail.csc.com, watt at sware.com, wneugent at smiley.mitre.org, > woycke at mitre.org >Cc: jhsteve at missi.ncsc.mil >Subject: Minutes Of the WWW I&A Forum > > Multilevel Information Systems Security Initiative >(MISSI) > Identification and Authentication (I&A) Forum > 3 June 1996, Meeting Minutes > > The theme of this I&A Forum was security for the World Wide Web (WWW). > The following was the agenda for the meeting: > > - Introduction - Dave Luddy, National Security Agency (NSA) > - Web Technology Overview - Dave Dodge, NSA > - INTELINK Security Needs - Susanne Rosewell, ISMC > - Mitre Corporate Experiences Using The Web (An Information Security >[INFOSEC] Point Of View) - Michael Louden, Mitre > - Security Policy Summary - Dale Hapeman, Booz, Allen & Hamilton > - Internet Engineering Task Force (IETF)/Worldwide Web Consortium (W3C) >Secure Web Standard Activities - Judy Furlong, Mitre > - Netscape and Web Security - Frank Hecker, Netscape > - Protecting Web Sites From Attack - Dr. Rick Smith, Secure Computing >Corporation > - Security products For WWW Applications - Mike Zauzig, SecureWare > - WWW Access (Attempting Solutions) - Dale Hapeman, Booz, Allen & Hamilton > - Forum Wrap-up - Dave Luddy, NSA > > Mr. Dave Luddy, the Forum Chairperson, opened the meeting with an >overview of the forum. He discussed: > - The goal of the forum is "to insure the commercial availability of >affordable I&A solutions that meet our customer's security, performance, >interoperability, and security management needs." > - The focus is on MISSI FORTEZZA based solutions. > - The development of an I&A Concept Of Operations (CONOPS) will be used as >the means of capturing I&A requirements for WWW access and other network >applications. > - The forum participants and modus operandi are documented in the I&A >Forum Charter. > > Mr. Dave Dodge, from the Operations Directorate of NSA, presented an >introduction to the WWW technology. Mr. Dodge presented an overview of: > - The Hypertext Transport Protocol (HTTP) which is one of the most >flexible tools for navigating the Internet. > - Uniform Resource Locators (URLs) which allow a user to identify the >location of a resource and the method used to retrieve it. > - The HyperText Mark-up Language (HTML) which is used to format Web pages >and present URLs to users. > - The Common Gateway Interface (CGI) which allows programs run on a server >to receive data from a user via an HTTP connection. > - JAVA which allows a program to be moved from the server to a client and >then executed on the client. JAVA is designed to "protect you from itself". > It has checks that are made during execution. JAVA is not universally >implemented yet. There is no tag in the HTML > - The Secure Socket Layer (SSL) > - The Secure-HTTP (S-HTTP) > >Questions and Answers: >Q: Is a firewall able to differentiate an access made by a user from an >access originated by a JAVA applet? >A: (from Dave Dodge and Frank Hecker): No. A JAVA applet can open any >random port to the server that provided it. >Q: Can a JAVA applet make an access through a proxy? >A: (from Frank Hecker). Either the applet needs to know about that proxy >ahead of time or it can make use of the existing HTTP browser. >Q: Do search engines present any special I&A issues? >A: Most search engines are implemented using the GET or POST HTTP commands >which feed a program running on the server. Control of access to that >program is the same as access to any Web page. >Q: Is there an IETF Working Group (WG) for WWW? >A: The W3C is an industry consortia that deals with Web issues (it's >responsible for the new HTML standard). There are many IETF WGs and >standards related to Web topics. > > Ms. Susanne Rosewell, from the ISMC Security office presented a >briefing on INTELINK security needs. She pointed out that there is a panel >working on security issues that meets monthly. They are supported by several >WGs that are addressing: > - JAVA > - Access Control > - Firewalls > - Inter Domain security > > Ms. Rosewell discussed some of the security issues and goals related to >INTELINK: > - Currently, Local Administrators provide security by reviewing server >logs to track who has had access to a server (i.e., no access control). > INTELINK would like to provide access control at the "front door" and not >at individual servers. > - They are looking at using X.509 Version 3 certificates to provide the >ability to limit access to no foreign (NOFORN) information. They also want >to use X.509 certificates to identify community of interest (COI). > - The Inter Domain WG is investigating the use of commercial off-the-shelf >(COTS) multi-level security (MLS) servers to allow a Secret user to access >Secret and below data from a server that also contains Top Secret data. > - A long term goal is to provide "true data labeling" so that data may >carry and maintain a sensitivity label. > >Questions and Answers: >Q: Isn't it harder to get Secret data into a Top Secret enclave than to >get Secret data out of a Top Secret enclave? >A: Yes. >Q: Is the goal to provide servers that contain both Top Secret and Secret >data that is connected to both (S and TS) networks? >A: Yes. >Q: Is data aggregation an issue? >A: Current efforts are to only label individual data objects. >Q: How will an individual user determine what technology to use and when >to upgrade? >A: INTELINK will be mandating a SSL capable browser in the future and is >asking people to comply with that requirement now. >Q: Will the INTELINK e-mail solution be Simple Mail Transfer Protocol >(SMTP) or X.400. >A: The E-mail application package that INTELINK will standardize on is >still an issue. They need a application now and consider SMTP as the only >current option. X.400 applications (from the Defense Message System [DMS]) >are somewhere down the road. >Q: Commercial MLS servers are not readily available, the market has not >been established. How will INTELINK obtain COTS MLS servers? >A: There are a few MLS workstations available. INTELINK is working with >NSA and vendors to solve this issue. >Q: INTELINK is requiring the use of Version 3 X.509 certificates, DMS has >an infrastructure based on Version 1 certificates. Is anyone working on >solving this issue. >A: There is an INTELINK representative on the MISSI Key Privilege & >Certificate WG (KP&CWG) which is working on the problem of incompatible >X.500 infrastructures. Conversion from Version 1 to Version 3 X.509 >certificates is a transition issue for DMS. The issue is the timing of the >conversion to Version 3 certificates. There was never any intention to >interoperate between the two versions. > > Mr. Michael Louden, who is involved with Mitre corporate management of >computer and network operations briefed "A Corporate Experience Using The >Web (An INFOSEC Point Of View). The briefing provided an overview of the >Mitre Information Infrastructure (MII). In the area of security, the >briefing included the MII security environment, key security features, >security trade-offs, and security issues. Miter has different access control >mechanisms (e.g., Passwords, Tickets) for different servers and would like >to centralize/standardize the access control mechanisms. > >Questions and Answers: >Q: When Mitre splits into two separate organizations, will you have to >totally rework your access control rights? >A: Mitre plans to duplicate the access control system and then delete the >individuals from the other organization. > > Mr. Dale Hapeman, the Booz(Allen I&A task leader, presented a briefing >on "Sensitive But Unclassified (SBU) WWW Requirements." He started the >brief by reviewing the Context Diagram from the I&A CONOPS and presented an >operational environment which showed Web clients an servers relative to SBU >enclaves. Mr. Hapeman followed with an explanation of how each facet of a >MISSI security policy could be applied to data as it is being transferred >between a Client and Server through multiple firewalls. He provided >definitions of Authorized and Authenticated. Mr. Hapeman finished with an >invitation to the audience to consider the policies they would like to see >implemented at the different components involved in a WWW access (client, >server, and firewall). > > Ms. Judith Furlong is a lead INFOSEC Engineer at the Mitre corporation. >She presented a briefing titled "IETF/W3C Secure Web Standards Activity." > Ms. Furlong started her briefing with a discussion of the following >existing Web security standards > - SSL Protocol > - S-HTTP > - Private Communication Technology (PCT) protocol > - Secure Electronic Transaction (SET) Protocol > > Ms. Furlong followed with an overview of the W3C, including a >discussion of the W3C Security WG. Ms. Furlong covered: > - The Protocol Extension Protocol (PEP), a W3C proposal for extending HTTP >to accommodate additional capabilities such as security, watermarks, >labeling etc. She further described the Security Extension Architecture >(SEA) using the proposed PEP. > - The Joint Electronic Payment Initiative (JEPI), a joint WG between the >W3C's Electronic Payments WG and CommerceNet which is developing an Internet >payment protocol negotiation scheme and a standard interface for payment >modules. > - The Digital Signature Initiative which deals with issues associated with >applying digital signatures to objects such as video frames. > - The Platform for Internet Content Selection (PICS) WG which has the >charter to design technology to support "values-based" content >rating/labeling. The PICS technology has security applicability. > > Ms. Furlong provided an overview of the IETF and its Web Transaction >Security (WTS) and Transport Layer Security (TLS) WGs. > She completed her briefing with a discussion of the following security >areas not being addressed by standards efforts: > - Secure Search capabilities > - Mobile Code Security > - Security Management Functions > - Interfaces to Security Infrastructures > > Mr. Frank Hecker, a senior systems engineer with Netscape >Communications Corporation, presented a briefing on Netscape and Web >Security. The briefing covered the security areas and technologies that >Netscape is active in. Mr. Hecker started with a discussion of SSL and how >Netscape has improved it through upgrades to their Navigator software as >well as additional SSL issues they are investigating. He also covered >Netscape's security related issues: > - Support for hardware tokens other than FORTEZZA. > - Making a browser "firewall aware" (e.g., able to authenticate to >intermediate firewalls) without becoming susceptible to man-in-the-middle >attacks. > - Providing directory services for use by many different types of >applications. > - Downloadable applications (JAVA and JAVASCRIPT) > - Financial transactions - Netscape will implement SET > - Secure e-mail - S/multipurpose internet mail extensions (MIME) >(initially not FORTEZZA) > - Public key infrastructure - Committed to X.509 Version 3 Certificates > - User and/or administrator configurability - Netscape will have a toolkit >to support Navigator 3.0. > >Questions and Answers: >Q: What are Netscape's plans for supporting applications other than Web >browsing over SSL connections? >A: Netscape currently implements HTTP, NNTP over SSL. They plan on >implementing lightweight directory access protocol (LDAP) over SSL in the >future. file ransfer protocol (FTP), TELNET, and SMTP/POP3/IMAP4 are >possible but not planned. Other vendors or individuals have implemented >TELNET and FTP over SSL. >Q: How does a user deal with non-SSL servers or optionally implementing >SSL on a connection? >A: A page that must be accessed with SSL is designated with a URL starting >with https:// (instead of http://). > > Dr. Rick Smith an information security consultant with Secure Computing >Corporation presented a briefing titled "Protecting Web Sites From Attack". > Dr. Smith started his presentation with a history of some of the more well >known sever penetrations. Dr. Smith discussed several types of attacks and >methods of protection with Type Enforcement Encapsulation. > >Questions and Answers: >Q: Where are the tables used for type enforcement defined? >A: There is an Administrators Tool that includes this function. >Q: How many domains and types can Sidewinder implement? >A: Dozens. > > Mr. Mike Zauzig, a senior products development engineer with >SecureWare, presented a briefing on "Security Products For WWW >Applications." Mr. Zauzig provided an overview of his company, aspects to >web security, and the following SecureWare products: > - Hannah - Network Security > - Troy - Platform Integrity Assurance > - SecureMail - E-mail Security > - Secure Web Platform Integrity - Safe Web Server > - Interceptor - Transmission Control Protocol (TCP)/IP Firewall > - Internet Scanner - Attack Simulator > >Questions and Answers: >Q: Is SecureWare's mail package interoperable with other FORTEZZA e-mail >implementations. >A: Yes (Dave Luddy). >Q: The Security First Network Bank shows a Web server that is connected to >directly the Internet (not through the firewall). Is this machine running >SSL on one side and Hannah on the other? >A: Yes. > > Mr. Hapeman presented a briefing which attempted to summarize the >security requirements presented at the day's meeting. He reviewed the >security services needed and the requirements that are allocated to >components. He also discussed the protocol requirements and possible >solutions available to secure the Web. Different options for authenticating >to firewalls placed between clients and servers were presented. Much work >remains to secure the proxy or tunneling solutions. > >Questions and Answers: >Q: The Internet Protocol Security (IPSec) protocol has not been mentioned >all day. It is very mature and has had much NSA input (especially the >Internet Security Association and Key Management Protocol [ISAKMP] key >management protocol). It should be considered as a security solution. >A: Agreed. IPSec is a viable option, especially for authenticated >firewall-to-firewall connections. It was not mentioned by name but is >certainly being considered as a solution. > > Mr. Luddy's closing comments were: > - NIST FIPS PUB JJJ has been discussed at previous I&A Forums. Although >it presents an authentication scheme, it does not provide for interoperable >solutions. Dave Kemp has authored a Public Key Login Protocol that provides >the detail needed for interoperability. The document will be submitted as >an IETF Internet draft. Comments are solicited. > - The I&A CONOPS document will be sent out by e-mail to everyone who >registered. > - The topic for the next I&A Forum is Access Control. It is scheduled for >8-9 July 1996. > > > From lzirko at c2.org Wed Jul 3 19:16:19 1996 From: lzirko at c2.org (Lou Zirko) Date: Thu, 4 Jul 1996 10:16:19 +0800 Subject: Computer-Aided Revolution Message-ID: <199607032325.QAA21478@infinity.c2.org> -----BEGIN PGP SIGNED MESSAGE----- To: jimbell at pacifier.com, cypherpunks at toad.com Date: Wed Jul 03 18:24:47 1996 You could have all 1000 sync with the same time server. There are plenty of standard time servers available on the net and timer daemons are available for most platforms. Lou Zirko > I've thought of an application for a "revolutionary" program for > peaceful > protest, but one that requires that a substantial number (1000) of > people > have access to computer time synchronized to 1 second, ideally 0.1 > second. > How good would a time sync over the net typically be? > > Jim Bell > jimbell at pacifier.com > > Lou Zirko (502)383-2175 Zystems lzirko at c2.org "We're all bozos on this bus" - Nick Danger, Third Eye -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 iQEVAwUBMdsBT8tPRTNbb5z9AQFtmQf/bSl4oZ/TGz9jzPcEk6pCrJISQrIkpwc4 3ycIuRTkAk71BxyWllpquaFvc4LYxSha1KgjF4WKLE8luVEhLYNiK+MZxUQmd6Sn 26eagt3r470dppK6w6Ahzf8Nrm6SwYO7J0xHAxh5j/dDkvtGm9S5s+c4cgzbyvzR fOmz48UJYfcnQ5TmllOmqDHQ2YTbLcgBDZmG154KeSx/9AaU8hOw2WpWsCZAhVY5 By06kqTm12JBt1ERE63juPgf9AQpOY7ssGLRfTNttlZayd/UeTDmB0coD3rJnM1R egbl7hdoqNmkic9SMHF7TS5p+pq4WphGkxUqmvyI9wBy2YC+Luqgnw== =t8a2 -----END PGP SIGNATURE----- From jimbell at pacifier.com Wed Jul 3 19:26:23 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 4 Jul 1996 10:26:23 +0800 Subject: Computer-Aided Revolution Message-ID: <199607032257.PAA16812@mail.pacifier.com> I've thought of an application for a "revolutionary" program for peaceful protest, but one that requires that a substantial number (1000) of people have access to computer time synchronized to 1 second, ideally 0.1 second. How good would a time sync over the net typically be? Jim Bell jimbell at pacifier.com From asgaard at sos.sll.se Wed Jul 3 19:27:51 1996 From: asgaard at sos.sll.se (Asgaard) Date: Thu, 4 Jul 1996 10:27:51 +0800 Subject: The Net and Terrorism In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Timothy C. May wrote: > Basically, one of the things terrorists want to do is to provoke a > crackdown by the ruling authorities, making things so bad that a > counterrevolution occurs. They believe they will reap the rewards of > such a counterevolution (or revolution, as it need not be "counter"). Examples of this are the bombing attacks on tourists in Egypt and Turkey; classical terrorism where the victims are not really participants in the political struggle (as opposed to volontarily enlisted American soldiers in Saudi). The agenda here is to bring down the economy by scaring away future tourists, making way for an islamic revolution/a separate kurdish state. Anyone been to Egypt lately? Asgaard From llurch at networking.stanford.edu Wed Jul 3 19:28:35 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 4 Jul 1996 10:28:35 +0800 Subject: Info on alleged new German digital wiretapping law? In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Ulf Moeller wrote: > > > > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027 > > > So what's the prospect for implementation? The claim is that law enforcement > > is supposed to have a back door to every computer system. Are we talking > > about escrow of root passwords, or what? > > No. There are two points: > > 1) The network operators have to create a wiretapping system to be > approved by the Regulation Authority, and operate dedicated digital > lines for law enforcement access. As I understand it, Internet > providers could be forced to duplicate IP packets to that line, when > wiretapping has been ordered. Sounds like US and Swedish law. What's the phase-in period? > 2) They have to keep files of customer data (name, address, etc.) that > the Regulation Authority can access secretly at any time. Sounds like a market opportunity. -rich From declan at well.com Wed Jul 3 19:47:48 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 4 Jul 1996 10:47:48 +0800 Subject: blocking software & brock meeks Message-ID: Since I wrote most of the dispatch M. Nuri is talking about, I'll take a moment to respond to his points below. First, neither Brock nor I intends to "harass" the blocking software companies. Seocnd, I wouldn't be nearly as skeptical of their efforts if they'd honestly admit what they block. Right now, parents don't _know_ the extent to which Junior is kept from educational and political sites. This was the point of the article; I fear you missed it entirely. -Declan >sent this to Brock Meeks re: his latest column >I also ask cpunks not to harass these companies or their users-- >it's a solution that's working. > >------- Forwarded Message > >To: brock at well.com >Subject: cyber blocking software >Date: Wed, 03 Jul 96 12:48:49 -0700 >From: "Vladimir Z. Nuri" > > >I read your columns regularly. outstanding work. > >regarding your recent dispatch: please do not harass the >blocking software companies too much. they are simply based >on a different premise than the regular net. the internet >starts out with, "everybody can access everything". they >start out with, "only stuff we approve of can be accessed". > >what their system shows is that you will always have disagreement >and controversy whenever this software is employed, whereever >subjectivity is involved. it is a very legitimate and worthwhile >service for parents who would rather "err on the side of caution". > >but far >better to have these organizations arguing & bickering with who they >censor than to have the people who are censored suing the >government. the people who want free net access have it, and >are unbothered by these controversies. in other words, >by moving the controversies to places where they are locally >contained (i.e. among the blockers and blockees) the rest >of the surfing public is unaffected and perhaps even protected >from harassment. > >so you see? there is all kinds of ranting about censorship going >on, but it has nothing to do with the way the vast majority uses >the internet. it's completely voluntary. it's the perfect solution. >so far, nothing the blocking companies do can affect the net as >a whole. they are largely predicated on that function. > >in a real sense they are providing very general services of >"rating web sites our customers will be most interested in". >and you realize, even the Point Communications awards are the >exact same thing. > >so again, please do not harass the companies. it's a solution >that does work. the existence of controversy does not prove >it doesn't work. it in fact proves that it does work. > > > >------- End of Forwarded Message From llurch at networking.stanford.edu Wed Jul 3 19:55:32 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 4 Jul 1996 10:55:32 +0800 Subject: SAFE forum -- remarks of Herb Lin In-Reply-To: <9606038364.AA836434501@nas.edu> Message-ID: On Wed, 3 Jul 1996, Herb Lin wrote: > Folks -- I object to the characterization of my remarks about crime prevention > being made with sarcasm. The complete remark was "Crime prevention ought > to be part of the FBI's mission, ... and it is -- ask them, and they acknowledge > that." OK, sorry, my reading. I'd certainly hate to jeopardize any professional relationships by implying that you'd been poking fun at them on purpose. There's already far too much distrust to go around. As I recall, the sequence went "Crime prevention ought to be part of the FBI's mission [audience snickers, Herb realizes what he just said and smiles]... and it is -- ask them, and they acknowledge that." The best standup comics are the genuine straight men, I guess. To avoid any trouble, I'll be using that line *without* specific attribution from now on. -rich From furballs at netcom.com Wed Jul 3 20:01:39 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Thu, 4 Jul 1996 11:01:39 +0800 Subject: LE Risks with No Crypto In-Reply-To: <2.2.32.19960703002028.00ba3b24@panix.com> Message-ID: I will presume for the moment that you actually support this position and this is not a blatant troll. On Tue, 2 Jul 1996, Duncan Frissell wrote: > Did anyone notice the fun little bit in the story of the bust of the Viper > Militia in Arizona? > > The state employee that BATF sent to infiltrate the group almost "assumed > room temperature" because an ally of the Militia working for AT&T pulled his > long distance phone records. The infiltrator was questioned rather closely > about some of his phone calls to official numbers. He managed to persuade > them that he wasn't a Fed. > > Too bad AT&T doesn't use an encrypted open books system to store is records > so that "bad guys" can't abuse those records and put our heroic law > enforcement personnel at risk. > > This is a perfect illustration of the fact that technology puts the > government most at risk because it will always be the juiciest target. > "Worth the powder to blow it up with." > > DCF > I disagree completely with the premise that the government will always be the juciest target. If you read Tim May's treatise about terrorism, he makes a point that may never be openly discussed by the press as it makes all too much sense. That point is simply that terrorism begins to blossom against a government when a section of the citizenry percieves that they have been disenfranchised by that government and view no opportunity for legal recourse to change the situation, and are not willing to live under those rules. The fact that AT&T may or may not use encryption on their records is irrelevant. That BATF agent could have been the one to pull records illegally instead. Now where is your point ? A government represented has now abused position and priviledge to persue a purpose - right or wrong. The US government is at risk because of the robber baron mentality of many of the government officials, congressmen, representatives, and of course BIll & Hillary. IMO They have purposefully abused position and priveldge and lined their own pockets to their advantage - leaving many of the citizenry wondering what is really going on. I am not a supporter of the militia movement - however, they do represent a growing segment of the population that feels disenfrachised and view violence against the visible government establishment as a way to make their point. There are others who view the government the same way as the militia, but resort to trying to continue to work within the existing system to make the changes they feel are necessary. In this venue encryption is not only desirable but necessary as those in power are trying to consolidate their position by trying to use information they can glean against those who want to remove them from office or thwart their efforts to enact bad legislation. RIchard Nixon was noted for his use of the IRS against select folks. Now we have BIll Clinton and the 700+ personal files collect for use against "enemies" of the administration. My position is that crypto should be available to all - not just the government or a priviledged few. Any technology man creates can be used for good or evil. That will never change. ...Paul From llurch at networking.stanford.edu Wed Jul 3 20:18:15 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 4 Jul 1996 11:18:15 +0800 Subject: Lack of PGP signatures In-Reply-To: <199607032012.QAA13633@darius.cris.com> Message-ID: On Wed, 3 Jul 1996, David F. Ogren wrote: > Lots of people still deal with the Internet remotely, despite the > profileration of SLIP/PPP accounts. On the other extreme, but with the same conclusion, some of us work in ubiquitous distributed computing environments. I simply don't have a "home" PC; I can sit down and work on any of 20,000 computers on campus with equal ease. Most of the time, I log on encrypted, but strong encryption is unavailable for some services I need to use to do my job. -rich From llurch at networking.stanford.edu Wed Jul 3 20:20:22 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 4 Jul 1996 11:20:22 +0800 Subject: Lack of PGP signatures In-Reply-To: <9607031935.AA08888@mordred.sware.com> Message-ID: On Wed, 3 Jul 1996, Charles Watt wrote: > -----BEGIN PRIVACY-ENHANCED MESSAGE----- > Proc-Type: 4,MIC-CLEAR > Content-Domain: RFC822 > Originator-Certificate: > MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG > A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj > dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw > MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl > Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT > DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB > AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf > 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA > A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK > aTxjgASxqHhzkx7PkOnL4JrN+Q== > MIC-Info: RSA-MD5,RSA, > BeMb0/+U7Gnp8Xx2J5GUFwFI2hLb0giw65Y+HudXPvuSMDdeBToKOQXkR/HvyvKr > kM+gtqWFV3Q/2xKS6iIeYRc= > > > -----BEGIN PGP SIGNED MESSAGE----- And then there's the part about it being ugly as sin for people with non-crypto-aware clients, and a performance hit for people with clients that are crypto-aware. -rich From alano at teleport.com Wed Jul 3 20:25:22 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 4 Jul 1996 11:25:22 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <2.2.32.19960704003011.00f3be94@mail.teleport.com> At 06:58 PM 7/3/96 -0400, Mark M. wrote: >> I've wondered .. could a creative child circumvent these filter programs >> using a URL-redirecter, like where you see something like >> http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/ >> or are they not URL-based? > >If the child is creative enough, he will be able to boot DOS from a bootdisk >and remove the line from config.sys that starts up the filtering software. Or just remark it out and reboot. Or does the filtering software make it so they cannot use an editor as well...? Sounds like a pretty easy thing to bypass given a small amount of clues. (Makes me wonder how the usually clueless parents are going to block access to their kids who usually understand the technology better than they do.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From mix-admin at nym.alias.net Wed Jul 3 20:35:33 1996 From: mix-admin at nym.alias.net (lcs Remailer Administrator) Date: Thu, 4 Jul 1996 11:35:33 +0800 Subject: Wanted: NNTP posting access for remailers Message-ID: <199607040046.UAA04545@anon.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- Would anyone out there be willing to give NNTP posting or transfer privileges to anon.lcs.mit.edu? Because of recent spams through mail2news at anon.lcs.mit.edu, I may loose my news posting privileges to the news server I have been using. Though I try to resolve all complaints I receive, other complaints have been sent to other postmasters in the domain, who don't seem to want to hear about these problems. If you run a news server and would like to help people posting anonymous messages, please consider allowing posts from mail2news at anon.lcs.mit.edu. Ideally you would also be in a position to receive mail at some of the relevant postmaster aliases in your domain, and would not mind forwarding misdirected complaints to me so that I can deal with them. Alternatively, if you are willing to give me "IHAVE" priviliges, I can possibly set things up with an initial "Path:" header that guarantees most complaints will go directly to me. Thanks, - -mix-admin at anon.lcs.mit.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMdsT70TBtHVi58fRAQHQ0QP/U3Jn7sL9+k3aUr+qw4WdDxef/lIeu3xO BwdO8zlNPavJgbxuunR81n011jGy80l7qnc+DpvtuEEQqszLMcMO/4zHw/VfVOY8 08nxE8+IkF/FE66vJdnU7O3I1mIjtbF8ixcm9FOwqoehSLJB40tXy6wu6KV663TQ fmy/Gz5XDe8= =Gp4D -----END PGP SIGNATURE----- From attila at primenet.com Wed Jul 3 21:05:37 1996 From: attila at primenet.com (attila) Date: Thu, 4 Jul 1996 12:05:37 +0800 Subject: WSJ: Cable Ruling may Portend Internet Regulation Message-ID: <199607040046.RAA08830@primenet.com> WSJ 01 Jul 96 Cable Ruling May Portend Internet Content Restrictions What looks at first glance like a Supreme Court victory for free expression in cable television could turn out to be a First Amendment quagmire encouraging restrictions on the Internet. That's the view some constitutional experts are taking of a high court ruling Friday that struck down parts of a 1992 law designed to curb "indecent" programming on cable channels leased to local groups or set aside for the public. "It's a sweeping victory for legitimate First Amendment expression," declared Michael Greenberger, one of the attorneys who represented public-access cable producers who challenged the law. Conservative advocates on the other side of the case also claimed victory because one part of the law was preserved. "American families fighting to shelter young children from cable-television pornography won a major battle today as the Supreme Court upheld the right of private cable operators to screen pornographic programs," said Cathy Cleaver, director of legal studies at the Family Research Council. But some liberals were less sanguine. The ruling "tastes sweet at first," said Prof. Laurence Tribe of Harvard Law School, "but it turns out to be a sugar-coated poison pill for the First Amendment." He argued that the reasoning in the court's main opinion, written by Justice Stephen Breyer, was highly cautious and pragmatic rather than sweeping. This approach could be used to permit aggressive regulation of the Internet if the government can show that the global computer network gives children access to indecent material, meaning material that depicts sexual activities or organs in a "patently offensive" way. The Supreme Court produced six opinions but not one that commanded a majority; the vote counts were 6-3 and 5-4 to strike down two of the cable restrictions at issue, and 7-2 to uphold a third. In a separate case last month, a special federal court in Philadelphia invalidated key parts of a 1996 law aimed at curbing indecent material on the Internet. The Clinton administration last week said it would appeal that ruling to the Supreme Court. The Philadelphia court relied on ringing First Amendment rhetoric to decry government interference with the Internet. Justice Breyer's opinion on Friday was strikingly different in tone and method. He took great pains to underscore the seriousness of the government's concern about exposing children to adult programming and explicitly rejected the sort of categorical legal analysis that looks with great skepticism at any restriction on the content of programming. The trio of provisions at issue in the case were pushed by Republican Sen. Jesse Helms of North Carolina as last-minute amendments to a broader 1992 cable-regulation bill. They authorized cable-system operators to prohibit indecent programming on leased channels and public access stations reserved for educational and governmental use. If an operator chose to allow indecent programming on leased channels, the Helms amendments required the operator to "segregate" such programming from other offerings, block it and provide it only to customers who requested it in writing. Supporters of the legislation said they were targeting leased-access programs in New York and elsewhere that feature hard-core pornography. The Supreme Court case arose from lawsuits filed by community-access programmers who argued that the law would ban legitimate shows on sex education, abortion and other topics that could be defined as indecent. (In the legal lexicon, indecent material receives some First Amendment protection, whereas "obscene" material, defined as that which lacks any social or artistic value, doesn't.) In Friday's ruling, the high court by a 7-2 vote upheld a provision that encourages -- but doesn't require -- cable operators to prohibit indecent programming on leased access channels. There is plenty of evidence on those channels of pornographic material that lacks social merit and should be kept away from children, Justice Breyer said. The provision isn't overly broad, he added. Adults seeking racy shows can look to the larger commercial cable channels, where they are plentiful. By a 6-3 vote, however, the court struck down the provision that requires operators who choose to allow indecent programming to block it for all but those viewers who request it in writing. Justice Breyer questioned the need to force customers to disclose their viewing appetites, and he asserted that other, less intrusive means exist to tailor dissemination of adult material if it is to be provided. As examples, he pointed to a recently enacted requirement that commercial cable operators "scramble" or block stations dedicated to sexual material and another that obliges television manufacturers to install "V-chips" in televisions that can automatically identify and block sexual or violent programming. (The high court didn't rule formally on the constitutionality of these devices.) Finally, by a 5-4 margin, the court struck down a measure that encourages cable operators to ban indecent material on public-access stations. There isn't much, if any, indecency on these channels, but the law threatens to cause censorship of controversial shows on health, politics and art, Justice Breyer said. Daniel Brenner, a lawyer with the National Cable Television association, said the group was pleased overall with the ruling because it left operators "with the ability to protect our customers as to leased access. We wish it had done the same for public access." The Federal Communications Commission, which had defended the Helms amendments, managed to find something to celebrate as well. The decision "reaffirms that the Supreme Court believes that caring about what kids see on television is a compelling government interest, and there are constitutionally permissible ways for government to act to protect kids," said FCC Chairman Reed Hundt. He added that the ruling "is also significant because it confirms that the government's definition of "indecency" is not unconstitutionally vague." Only Justices John Paul Stevens and David Souter joined the Breyer opinion in full. Justice Sandra Day O'Connor dissented in part. Justices Anthony Kennedy and Ruth Bader Ginsburg would have struck down all of the challenged law. The court's most conservative wing -- Chief Justice William Rehnquist and Justices Antonin Scalia and Clarence Thomas -- would have upheld the entire law. Contractors' Speech In a pair of other First Amendment cases, the high court ruled 7-2 that independent government contractors can't be fired for expressing their views on public issues or for supporting the wrong candidate. In cases from Illinois and Kansas, the court said that contractors have roughly the same free-speech rights as public employees. Justice Scalia, joined by Justice Thomas, dissented from both decisions. "Favoritism," he wrote, "happens all the time in political life, and no one has ever thought that it violated -- of all things -- the First Amendment to the Constitution of the United States." (Wabaunsee County, Kansas vs. Umbehr, O'Hare Truck Service Inc. vs. City of Northlake, Ill.) -- Fuck off, Uncle Sam. Cyberspace is where democracy lives! From snow at smoke.suba.com Wed Jul 3 21:28:22 1996 From: snow at smoke.suba.com (snow) Date: Thu, 4 Jul 1996 12:28:22 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Tue, 2 Jul 1996, Timothy C. May wrote: > At 6:58 AM 7/2/96, snow wrote: > >T.C. May wrote: > >Can anything be done? To stop the likely effects of lots more > >surface-to-air missiles, lots more nerve gas available on the black market, > >and so on? > >In a word, "no." > >/* > > I disagree. Terrorism, political terrorism is fear. There are ways to > >protect military targets that are quite cost effective, unfortunately they > >are politically unpopular. (What just happend in Saudi is on my mind. > >STUPID military commanders getting the same pie in the face time and time > >again. There is NOTHING so unchanging as the military mind set.) > > Well, attacks on military targets are almost, by definition, not > "terrorism." (I'll spare the list a debate about the semantics; U.S. > journalists tend to refer to anything done to "us" as "terrorism," whether > the target is military or civilian.) I think a clear line can be established between terrorist incidents and battles/fights/raids/attacks carried out by other "legitimate" troops or guerilla fighters. Military troops can best be protected by 3 seperate methods: 1) Don't put them in situations were they are targets for terrorism abroad. Soldiers and Marines exist to elivate the ENEMIES body counts, not ours. By putting troops trained to fight in defensive passive positions you are exposing them to terrorist attacks, and ruining their combat reflexes. 2) When they _are_ exposed, let them fight the fuck back. Rules of engagment are simple. When fired on, shoot to kill. If the shot comes from a building, take out the building. If from a crowd, well, do you best, but _get the shooter_. 3) Again when operating in a potentially deadly enviroment, follow the standard anti-terrorist rules. Vary your routines, don't bunch up, Be unpredictable. None of these were done in the Saudi blast, Nor where they done in Beruit 12 years ago. > The focus of my comments was really on civilian or non-military targets. > (Including destruction of government buildings, maybe. I'm not sure whether > the Oklahoma City bombing and the recent Phoenix/Viper Militia case is > "terrorism" in a formal sense, or counter-government action, but my point > is that such things are likely to be happen.) IMO the Ok. bombing was a terrorist attack. The attack was carried out by a civilian (in the sense that he was not acting as a part of any government, official or otherwise and not wearing a uniform etc.) > >Civilian targets are harder to protect, but certain steps can be > >taken to lessen chances of a sucessful attack. > Sure, any particular "soft target" can be hardened to some extent. But not > all of them, and even harder sites can be reached. This is left as an > exercise for the reader. > (Hint: The Japanese cult's Sarin gas attack on the subways...there are tens > of thousands of comparable targets in the U.S. alone. Look around, and ask > what it would take to harden each one. A minor cryptographic connection is > that hardening N of M sites makes the remaining M - N sites all the more > tempting.) I kinda mis-spoke. The way I should have put it was: Steps can be taken to make attacks less likely, and to make it easier to capture the individuals responcible afterwords. Think about it. Why have we had so little terrorism in this country? This is one of the most diverse countries in the world, we allow damn near anyone breathing into this country, yet we have much less terrorism than does England, France, Germany etc. Why? IMO It is opportunity. Maybe everyone who emigrates here doesn't get rich, but they are almost _all_ better off than in their original countries. By keeping this country as free as possible, and allowing the free exchange of ideas, not jailing (too many) people for political/religious opnions you at least give the appearance that they can change things w/out killing things and breaking people. This makes it much harder for the potential terrs. to get the financial backing. It also reduces sympathy for them in the community. IMO as long as people have the illusion of freedom and upwards mobility coupled with the ability to pray to the stupidity of their choice things will maintain an even keel in this country. You will have the occasional UniBomber, but I don't think you will get anything like that Japanese Cult w/sarin. Then again we have come close. > >Another method, and this would be very unpopular (and > >hypocritical of the US) would be simply to announce that we (the Country) > >are going to hold the _manufacturing_ nation responcible for the use of > >weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a > >city in the Soviet Union. MAD carried to a lower level. > You are essentially making my point, that the biggest danger of the current > responses to terrorism is that nations will turn to national terrorism and > police state tactics. I missed that in your original post. > >A third option is quite simply to buy as much of it as possible. > No, wouldn't work. As with the "War on (Some) Drugs," all this does is > raise the price a bit, actually making it a more tempting market for many > to get into. If the US were to offer Russia $3 billion (or whatever) in a one time take it or leave it for their entire chemical weapon stock, it might get the soviet shit off the market. The nuclear stuff is a little easier to store (I think) and it would be a harder sell. I agree tho' that it isn't possible to buy out the market. Petro, Christopher C. petro at suba.com snow at crash.suba.com From adam at homeport.org Wed Jul 3 21:33:00 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 4 Jul 1996 12:33:00 +0800 Subject: Computer-Aided Revolution In-Reply-To: <199607032257.PAA16812@mail.pacifier.com> Message-ID: <199607040148.UAA04518@homeport.org> xntp (extended network time protocol) can be accurate to a few tenths of a second over a serial link, possibly better. It can get to thousandths or better over an ethernet. GPS can also provide a very accurate time signal (about $300 for the hardware, which is becoming relatively common.) Adam jim bell wrote: | I've thought of an application for a "revolutionary" program for peaceful | protest, but one that requires that a substantial number (1000) of people | have access to computer time synchronized to 1 second, ideally 0.1 second. | How good would a time sync over the net typically be? | | Jim Bell | jimbell at pacifier.com | -- "It is seldom that liberty of any kind is lost all at once." -Hume From wb8foz at nrk.com Wed Jul 3 21:37:14 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 4 Jul 1996 12:37:14 +0800 Subject: Lack of PGP signatures In-Reply-To: <2.2.32.19960703220436.00e93fe8@mail.teleport.com> Message-ID: <199607040145.VAA05041@nrk.com> > I am wondering why there is not a signing option that ignores all > non-printing characters. Might fix some of these problems... (Can anyone > think of a reason this would be a "Bad Thing(tm)"?) Moving spaces could change meaning on a legal doc. A nonsense example is the alt.folklore.urbane "cow orker" tag... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From snow at smoke.suba.com Wed Jul 3 21:55:30 1996 From: snow at smoke.suba.com (snow) Date: Thu, 4 Jul 1996 12:55:30 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Timothy C. May wrote: > At 9:13 PM 7/2/96, snow wrote: > >On Tue, 2 Jul 1996, snow wrote: > >> Gain control of the power grid (I don't know how possible this is) > > Ummm... Just in case anyone is thinking it right now, NO, I > >didn't. If this outage was deliberate, I had nothing to do with it. I was > >just postulating possibilities. > Hmmhhh....I post about the "Net and Terrorism" on Sunday, and the Viper > Militia and their plans to blow up several courthouses in Phoenix are > revealed a few hours later....Snow posts about using computers to knock out > the power grid, and a few hours later power goes out over 15 western > states.... > Coincidence? I think not. > But we can test this hypothesis: > "Alien spaceship images will appear in thousands of darkened rooms and will > trigger mass hysteria." I mentioned this to my wife. Her reply: "I think mass hysteria already exists". Petro, Christopher C. petro at suba.com snow at crash.suba.com From snow at smoke.suba.com Wed Jul 3 21:59:24 1996 From: snow at smoke.suba.com (snow) Date: Thu, 4 Jul 1996 12:59:24 +0800 Subject: The Net and Terrorism In-Reply-To: <2.2.32.19960703005232.009d18e4@labg30> Message-ID: On Tue, 2 Jul 1996, John Deters wrote: > At 03:44 PM 6/30/96 -0700, you wrote: > >in reality. it seems to me no nation-state has ever experimented with > >trying to take away the root causes of violence and discontent. > But here in the U.S., we ARE trying to take them away via the educational > system. About the only thing we can effectively do is to provide more > educational opportunities that denounce violence, racism, hate crimes, etc. > However, you cannot eliminate discontent without eliminating greed; which is > simply not possible. Bullshit. The root causes of violence and discontent are not persistent "us against themism". The root causes are situation dependent, but would fall into 3 areas: 1) boredom. 2) lack (of food, housing, land, etc. Also includes perceived lack) 3) Response to the perceived threat against the 2). It is my opnion that the education system in this county is a breeding ground for violence and discontent for in several ways: 1) By almost totally failing to prepare students for "Real Life" while at the same time telling them what wonderful intelligent humans they are, it sets them up for 1 & 2 above. 2) Given the revisionist teachings often presented in schools, and the current practice of "blame the white man", certain ignorant (see 1) individuals feel threatened leading to 3 above. As I said in an earilier post, IMO one of the things that has kept the levels of terrorism down in this country (unless you count things like the KKK as terrorism...just thought of that hmmmm...again caused by the 1 & 3 as well as occasionaly 2 above). > The countries that sponsor terrorists have not been noted for their > successful educational systems. And they certainly are not going to listen > to Western discussions on how best to solve their "problems". They have also not been known for their freedoms. The USSR supposedly exprted quite a bit of terrorism, especially by proxie. They have a decent educational system, but free thought is discouraged. > My point here is that this behavior is explicitly protected by the Bill of > Rights. > So, do you not accept that we have the environment right here that can breed > violence and discontent? > For the most part, I see kids today being educated with much less "hatred" > than even my age group was brought up with (I'm 34). We're moving in the > right direction by incorporating diversity in education, entertainment and > the workplace, but we can never hope to erase it all. And if even one > person retains the seed of violence, they can employ the "warfare of the > weak" -- terrorism. Agreed. > psychological profiles of people who commit acts of terror. > >the "problem" of terrorism will be solved when we take the view > >that insanity and violence is *not* > >a natural aspect of human behavior (as TCM tends to suggest), I'd say they _are_ natural. It is natural and healthy to act violently at times, and insanity is simply a broken [mind brain] shit happends. > >and that > >there are specific environmental conditions that breed it. like > >malaria, if you take away the swamplike breeding grounds, you will > >largely remove it. such a thing is a radical hypothesis, but one that > >nonetheless has never really been tested in practice. > As I said above, we can reduce some of the breeding grounds, but we can not > eradicate them all. And if one were to conduct a study correlating racist > attitudes with education with numbers of acts of terror, we might find a > direct correlation. I doubt it. THere are quite a few well educated racists. > away. The point of Tim's essay was that, yes, the net can be used by the > evil monsters, and yes, the evil monsters are here, and no, the evil > monsters are not going away any time soon. Why did you feel it necessary to > try to slam his fairly well-researched and quite obvious conclusion? The monsters are in our heads. They are us. Petro, Christopher C. petro at suba.com snow at crash.suba.com From drosoff at arc.unm.edu Wed Jul 3 22:11:00 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Thu, 4 Jul 1996 13:11:00 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <1.5.4.16.19960704020949.330fe182@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 05.30 PM 7/3/96 -0700, Alan Olsen wrote: >At 06:58 PM 7/3/96 -0400, Mark M. wrote: >>If the child is creative enough, he will be able to boot DOS from a bootdisk >>and remove the line from config.sys that starts up the filtering software. >Or just remark it out and reboot. Or does the filtering software make it so >they cannot use an editor as well...? > >Sounds like a pretty easy thing to bypass given a small amount of clues. >(Makes me wonder how the usually clueless parents are going to block access >to their kids who usually understand the technology better than they do.) It would not have stopped me. =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdsleRguzHDTdpL5AQGYYQQAirqoel38eJrNBo17WKYlKZ5SYT8n+4dM Uil2vBHosxIOdGo8vmarHoxVALF7L31wXbFJ6pdv7p/qHAMvzDW3RetJQhDAc42P lZY0qMnRonoA6tKQbTcx8zkoRevGBEzTjxkVUyfRDHJCez7U42Mlvif728Faj4Dg 9ceqFYutAjU= =/cfm -----END PGP SIGNATURE----- From unicorn at schloss.li Wed Jul 3 22:25:16 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 4 Jul 1996 13:25:16 +0800 Subject: What remains to be done. Message-ID: Because I am not myself much of a programer, and because I have to find excuses to feel useful, I thought I would annoy everyone with my ideas about where c'punks might want to direct their efforts at encryption development. Of course any suggestion at direction tends to require a disclosure of the assumptions one is working from. The following are mine: 1. The most interesting crypto uses and implementations seem to come from grassroots programers, not large organizations. Remailers, PGP, Curve Encrypt, Private Idaho, mixmaster, premail, and magic money all were the results of "grassroots" efforts. None of these have been produced from massive corporate R and D programs, and most have been the result of predominately a single programmer's efforts. 2. The most useful crypto applications out there have tended to survive by using crypto that looks forward, not to the past, or the present. This is generally manifest in the inclusion or easy use of multiple methods. Zimmerman's selection of IDEA over DES, PGP's multiple key sizes, Curve Encrypt's 3DES/IDEA option, are all examples of an effort to design systems which will be useful tommorow, not just today. PGPlib seems to pick up this trend where PGP 2.x went awry. 3. In so far as proliferation is important, the impact of crypto applications and implementations is directly tied to ease of use. If PGP has failings, one must be that it can be immensely intimidating to the novice. 4. Increasingly cryptography is defying attempts at conventional regulation. 5. #4 will eventually spur sovereigns to rather drastic methods to defy #4. 6. Secure Communications, and transparent crypto are a Good Thing. Assuming the above, I think it is apparent that crypto development should be focused on a few general points and a few key areas. As to general points, I think the clear concentrations include: A. Increasing the ease of use. Perhaps I should have put this as #1, because really among those things which I suggest in this post, I think this is of primary importance. It cannot be stressed enough that encryption must be transparent, easy to use, but at the same time make its presence just apparent enough to encourage its use, and to make users note its absence. Crypto will have its most significant impact, its most liberating results, and be self assuring only to the extent that it is not a novelty, but an assumption. Please, authors, coderpunks, make crypto easy to use, but flexible enough so that adept and expert users can modify functional aspects. (Key generation, key size, exponent size, algorithm selection, level of verbosity and suchlike should find their way into an expert menu somewhere). B. Multiple encryption method support/larger key sizes. While I may be more paranoid than some, or even most, I think it is crucial to provide for the possibility that strong encryption may one day face a total ban in more countries. To avoid the chilling effect that this would certainly have on development, it is of key importance to permit applications and implementations to nexus with several methods, and to allow what may today seem like extrodinarily large key sizes. (256 bits would not be unreasonable in my view, particularly so where the user was given the option of selecting a ~128 or so bit method like IDEA or 3DES at their option (consistent with A. above). C. Anonymous communication. I'm not sure this needs much explanation. D. True stego. Today it is a simple matter to identify encrypted traffic. This is the key flaw in what I will call (at risk of sounding like a white paper) the NEI (National Encryption Infrastructure). It subjects users to very effective and easy to implement traffic analysis. While I understand the temptation to use checksum like methods to speed the key checking process, at some point I am of the view that this convenience will come back to haunt crypto. Given these areas, what specific applications might be the best to look into for the grassroots crypto advocate/coder? A. Methods to run secure websites on insecure servers. A thread on 'punks last month, I am of the view that local decryption of web pages is essential to the development of coercion free web pages. Estlablishing a truely secure web page today requires the server to be extra-terratorial, in a secure physical location, and requires such lengths to defeat traffic analysis (which lengths must be applied to the actual network logistics, rather than the software logistics) so as to be impractical to all but institutional resources. The best effort I have seen is in European Union Bank (www.eub.com) or (www.eub.net) [neither of which I recommend you use for deposits] and it still falls quite short. A software solution which permits local decryption makes traffic analysis less useful, presents the opportunity to use front end and disposable www pages on domestic ISPs while imposing no liability on the ISP itself, and opens several more effective traffic analysis deterants. Ideally, both web proxies (for servers as well as clients) and local decryption will be written allowing both server and user a degree of double blind operation as well as easy disposability of front ends. A Netscape plugin for local decryption of web pages and proxy forwarding of WWW form submissions to the server is a MUST. Is anyone considering work on these? B. More effective message pools. Really this is the only practical and most effective method to defeat traffic analysis of e-mail communications. Why do you think it is that informants always communicate with the FBI in the classified ads? This has been discussed again and again, yet I am aware of no serious effort to construct an effective server or client to implement it more effectively than USENET (which seems to be hopelessly slow and prone to drop postings regularly) I am encouraged by the new mixmaster model, but I have yet to read the entire abstract carefully. If the goal is, as I believe it should be, to make encryption accessible and understood by, if not everyman and joe sixpack, joe digitalsixpack, then it strikes me that the focus should be on WWW browsers and servers, (Netscape like material), popular mailing programs (Eudora), and the building blocks of the network, the point of origin, and the point of final destination. Point to point, grassroots plug ins to existing de facto standards, and ease of use, ease of use, ease of use. cypherpunks write code. Call me "half a cypherpunk" -- I hate lightning. (unicorn at schloss.li) From alano at teleport.com Wed Jul 3 22:30:52 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 4 Jul 1996 13:30:52 +0800 Subject: Lack of PGP signatures Message-ID: <2.2.32.19960704022445.00e26020@mail.teleport.com> At 09:45 PM 7/3/96 -0400, David Lesher wrote: >> I am wondering why there is not a signing option that ignores all >> non-printing characters. Might fix some of these problems... (Can anyone >> think of a reason this would be a "Bad Thing(tm)"?) > >Moving spaces could change meaning on a legal doc. > >A nonsense example is the alt.folklore.urbane "cow orker" tag... I was thinking of carriage return/line feed combinations... Spaces are obvious and print. I was thinking of non-printing characters that are non-obivious when inserted. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From tcmay at got.net Wed Jul 3 22:40:01 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 4 Jul 1996 13:40:01 +0800 Subject: The Net and Terrorism Message-ID: At 8:35 PM 7/3/96, Vladimir Z. Nuri wrote: >TCM breaks a longstanding personal policy of never replying >to my posts directly. (well, thanks.) realize that my >speculation on his position is largely associated with the >vacuum of his continually refusing to discuss key points of his >essays. Check your mail logs, Larry, as I've replied to a couple of your posts in the last several months. True, I delete most of your posts after glancing at them briefly, but I do this with a lot of posts and posters. >imagine that all the palestinians had good paying jobs, for example. >how many of them would be into rock-throwing and terrorism? of course their >own attitudes make such a thing very difficult. they may not have any >skills or reject a job even if offered one. I'm not saying such a thing >is easy. the fact that it is so elusive is proof of how difficult such >a thing is. Your point being? After all, nothing we can do will give the Palestinians such jobs...visit the Middle East and see the quagmire. Too many points to make here, and I don't plan to debate utopian ideologies about making the world a land of milk and honey. (I will tell you that there are relatively few "good paying jobs" anywhere in the Arab world--look at the poverty of Egypt, Yemen, Sudan, Morocco, and so on. Note that these countries are not directly involved in the Israeli-Palestinian dispute, and yet not a single one of these countries has so much as a primitive electronics production facility, let alone true high tech facilities such as Israel has. You may want to wave a magic wand and say "Yeah, but what if they did have such jobs?," but this is pure fantasy, and not something I plan to waste time debunking.) >I do NOT believe that living in the world is a zero-sum game as you >seem to suggest. your use of the term is very compelling. do you >believe human life is always at the expense of other human life? I made no such claims about the world being a zero-sum game. (I made references to game theory, and used the term "game-theoretic," but this is not at all the same thing as asserting anything about zero sum games! I never mentioned zero sum games, positive sum games, or anything at all about sums. You are carelessly setting up straw men and then knocking them down.) No real point in wading through the rest of your ramblings. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Jul 3 22:50:55 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 4 Jul 1996 13:50:55 +0800 Subject: Net and Terrorism. Message-ID: At 12:14 AM 7/4/96, snow wrote: > Military troops can best be protected by 3 seperate methods: > 2) When they _are_ exposed, let them fight the fuck back. Rules of > engagment are simple. When fired on, shoot to kill. If the shot > comes from a building, take out the building. If from a crowd, ^^^^^^^^^^^^^^^^^^^^^^ "Colonel, the mission was accomplished. Apparently the sniper was firing from the 34th floor, so we simply took out the building. There was minor collateral damage, of course." Such overreaction to terrorist events is often precisely what a terrorist wants, as I've explained a couple of times. >> You are essentially making my point, that the biggest danger of the current >> responses to terrorism is that nations will turn to national terrorism and >> police state tactics. > > I missed that in your original post. Well, go back and look for it. The clear point of my post was that the U.S. should not adopt police state measures so as to reduce terrorism. >> >A third option is quite simply to buy as much of it as possible. >> No, wouldn't work. As with the "War on (Some) Drugs," all this does is >> raise the price a bit, actually making it a more tempting market for many >> to get into. > > If the US were to offer Russia $3 billion (or whatever) >in a one time take it or leave it for their entire chemical weapon stock, >it might get the soviet shit off the market. The nuclear stuff is a little >easier to store (I think) and it would be a harder sell. As with "buying out" the coca crop in Peru, the poppy crop in Turkey, the marijuana crop in the dozens of countries, etc., their motto is, obviously enough, "we'll make more." Again, the Sarin attack in Tokyo had nothing to do with former U.S.S.R. CBW weapons. Chemical and biological agents are cheap to make, especially in the quanties needed to kill only a few thousand people, and in the non-battlefield delivery environment. > I agree tho' that it isn't possible to buy out the market. Then why do you float ideas such as buying out the Soviet arsenal if you think it isn't possible? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From fair at clock.org Wed Jul 3 23:03:48 1996 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Thu, 4 Jul 1996 14:03:48 +0800 Subject: blocking software & brock meeks Message-ID: Vladimir, I agree with you in general, however, Brock and Declan have a point to make too: these companies need to differentiate themselves based on two things: 1. basic philosophy of filtering (why they filter what they filter). 2. diligence in keeping up their databases. Brock & Declan are right to expose the basic filtering philosophies of the different companies, so that those of us who may wish to avail ourselves their services know exactly what we're getting (or rather, not getting). In the end, the market will choose between the simple "no porn" philosophy (for whatever your definition is of that), and the "christian family values approved by the christian coalition" philosophy (with, one hopes, a whole lot of other points on the spectrum in the middle). However, the consumers cannot make this choice absent the information; Brock & Declan have done everyone a service by shining some light on this. What I'm surprised about is that these companies apparently aren't already trumpeting their philosophies of filtering themselves. The principle differentiator for this market is not the software - there really aren't that many ways to filter this stuff, and these companies ought to share their techniques in that area so that they can all be more effective and thus serve their customers better. The real differentiator is what's in their databases, which (one presumes) is driven by each of their philosophies of what is "harmful" to minors. One wonders if these companies might be embarassed to actually take a public position on this burning issue: just exactly what *is* "harmful" to minors? Personally, I fail to see how they can avoid it - it is the essence of their entire business. Erik Fair From steve at miranova.com Wed Jul 3 23:12:36 1996 From: steve at miranova.com (Steven L Baur) Date: Thu, 4 Jul 1996 14:12:36 +0800 Subject: Lack of PGP signatures In-Reply-To: Message-ID: >>>>> "Rich" == Rich Graves writes: Rich> On Wed, 3 Jul 1996, Charles Watt wrote: >> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Rich> And then there's the part about it being ugly as sin ... (defun gnus-article-hide-pem (&optional arg) "Toggle hiding of any PEM headers and signatures in the current article. If given a negative prefix, always show; if given a positive prefix, always hide. Adapted from gnus-article-hide-pgp." (interactive (gnus-hidden-arg)) (unless (gnus-article-check-hidden-text 'pem arg) (save-excursion (set-buffer gnus-article-buffer) (let ((props (nconc (list 'gnus-type 'pem) gnus-hidden-properties)) buffer-read-only end) (widen) (goto-char (point-min)) ;; hide the horrendously ugly "header". (and (search-forward "\n-----BEGIN PRIVACY-ENHANCED MESSAGE-----\n" nil t) (setq end (1+ (match-beginning 0))) (gnus-hide-text end (if (search-forward "\n\n" nil t) (match-end 0) (point-max)) props)) ;; hide the trailer as well (and (search-forward "\n-----END PRIVACY-ENHANCED MESSAGE-----\n" nil t) (gnus-hide-text (match-beginning 0) (match-end 0) props)))))) -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone except you in November. From JMKELSEY at delphi.com Wed Jul 3 23:15:30 1996 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Thu, 4 Jul 1996 14:15:30 +0800 Subject: anonymous remailers Message-ID: <01I6NJC6YZES91X6WG@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- [ To: Cypherpunks ## Date: 07/02/96 03:36 pm ## Subject: Re: anonymous mailing lists ] >Date: Sat, 29 Jun 1996 09:40:51 -0700 >From: Hal >Subject: Re: anonymous mailing lists >Wei Dai did some nice statistical analysis of this type of attack >sometime a year or two ago. Even with countermeasures such as you >suggest, if they are not perfect, so some information leaks correlating >incoming and outgoing messages, Wei showed that it was possible to >deduce the owners of the nyms surprisingly quickly. Yes, this makes sense. As I said before, this is related to the way timing attacks work. A little correlation that shouldn't be there, over many messages, turns out to be enough to unravel a lot of information. >The countermeasures do work - if you get and send exactly 50 pieces of >4K byte email every day, no matter what, then correlations don't exist >- but they are expensive to do perfectly. At the very least, this is susceptible to a flooding attack. At any rate, this is analogous to the fixed-delay solution to timing attacks. (Make all PK operations with long-term secret keys take the same amount of time.) Unfortunately, I can't see a solution to this that's analogous to blinding out the values in the timing attacks. >Hal Note: Please respond via e-mail as well as or instead of posting, as I get CP-LITE instead of the whole list. --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMds0LUHx57Ag8goBAQHPeQP+JH4b7bJCLW3ttqQ+v0XzEcbCaeOg9LqR e+xuaLx2AjCx5N+V2q3xeJTAldfZZ5YFwCUq3KgpnBAbDvJ1my0hCGmKj+1uXQTp SFSciq5oItMo2kwncbez2RaN/0aqcDSOGnc4ddfO4Ur7H7k+aLOQuaAUvcvDpV1p C8up+1PSPW0= =60Zh -----END PGP SIGNATURE----- From JMKELSEY at delphi.com Wed Jul 3 23:29:05 1996 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Thu, 4 Jul 1996 14:29:05 +0800 Subject: anonymous remailers Message-ID: <01I6NJCHTC8Q91X6WG@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- [ To: cypherpunks ## Date: 07/02/96 03:35 pm ## Subject: Re: anonymous mailing lists ] >Date: Fri, 28 Jun 1996 23:04:28 -0500 (CDT) >From: ichudov at algebra.com (Igor Chudov @ home) >Subject: Re: anonymous mailing lists >How about this attack: suppose I want to find out who hides behind >an alias MightyPig at alpha.c2.org and I have the ability to monitor >all internet traffic. Then I simply start mailbombing that address >and see whose account gets unusually high traffic volume. Yes. This is a simpler version. The advantage of the attack I was describing over this attack is that an attacker doesn't have to know how to send messages to the recipient--just where the stream of messages is originating. >A nice, albeit quite expensive, way of pretection from traffic analysis >is to create a mailing list (or a newsgroup) and forward all messages to >all users of that mailing list or newsgroup. Of course, since messages >are encrypted, only the recipients will be able to decrypt them. The flaw here is that only a small number of people will be willing to plow through any volume of messages at all, in order to occasionally get a single readable message. There are also some potential problems with giving the right recipient a cheap way to determine whether or not this message is for him, without giving anyone else a cheap way to determine this. (An application for ``Rabin for Paranoids,'' anyone?) >This way the list of suspects is all subscribers of that list or >newsgroup and there is no way to discriminate them. If this is a small enough group, that may still be a problem. And the bandwidth and processing requirements are probably enough to ensure that it's a small group. >Instead of having messages to be sent to all recipients all the time, >alpha.c2.org may be programmed so that it sends out every message not to >only one recipient X, but to X and 20 other randomly selected people. This makes the attack only a little harder. If the other 20 are selected randomly, then for a stream of many messages, only one recipient will correlate properly with sender volume and timing. If it's the same 20 every time for a given receiver, then the attacker will be able to narrow the recipient down to 20 people. At that point, he can use other techniques (wiretaps, black-bag jobs, TEMPEST attacks, etc.) to make his final determination. > - Igor. Note: Please respond via e-mail as well as or instead of posting, as I get CP-LITE instead of the whole list. --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMds0OUHx57Ag8goBAQFE8QP/ZWBP32mg2xdkcUrloFwruW+4L1bgY+Uk CEGxngqarxQxTNAckF0vOzpbS5gtjrs6dlEOFIQGeEuF3UWxHeKUIoOejofBZ2vT Htp/FT4x2xkfTFlgVE6GLyjE7bxK8DqfwH3ACAtbR4l+YwKQDNoInfpeFw0HKD40 jC/R8M7l0Lk= =9uja -----END PGP SIGNATURE----- From andrew_loewenstern at il.us.swissbank.com Thu Jul 4 00:36:56 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Thu, 4 Jul 1996 15:36:56 +0800 Subject: Message pools _are_ in use today! In-Reply-To: <199607022051.QAA10112@unix.asb.com> Message-ID: <9607031927.AA00805@ch1d157nwk> Deranged Mutant writes: > Uploading can be gotten around by using anonymous remailers > and mail-to-news gateways... although someone can tell if you > send mail to anonymous mailers. Not if you run your own remailer! andrew From jimbell at pacifier.com Thu Jul 4 00:51:29 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 4 Jul 1996 15:51:29 +0800 Subject: ecash thoughts Message-ID: <199607040424.VAA02562@mail.pacifier.com> At 05:53 PM 7/3/96 -0400, Simon Spero wrote: >2) If ecash is used to create a new currency- i.e. the value of a unit of >the ecash is not tied to any single existing currency, what should the >value of one currency unit be set at? (let's call it a Turing) Low, maybe a tenth of an American cent. But probabilistic payment should be used to allow the minimum average payment to go way below this, perhaps to an unlimited extent. The reason is simple: The cost of providing net transactions, and electronic transactions in general, can be expected to drop exponentially, just like the cost of telecommunications and CPU power do. Any arbitrary limit to how low they can go will act somewhat akin to the minimum wage: It will deter development of any product or service whose perceived value is less than this arbitrary minimum. Jim Bell jimbell at pacifier.com From snow at smoke.suba.com Thu Jul 4 01:25:07 1996 From: snow at smoke.suba.com (snow) Date: Thu, 4 Jul 1996 16:25:07 +0800 Subject: Lack of PGP signatures In-Reply-To: <2.2.32.19960703220436.00e93fe8@mail.teleport.com> Message-ID: On Wed, 3 Jul 1996, Alan Olsen wrote: > I am wondering why there is not a signing option that ignores all > non-printing characters. Might fix some of these problems... (Can anyone > think of a reason this would be a "Bad Thing(tm)"?) IANACE, but off the top of my head I'd say clear signing binaries. Petro, Christopher C. petro at suba.com snow at crash.suba.com From snow at smoke.suba.com Thu Jul 4 01:33:54 1996 From: snow at smoke.suba.com (snow) Date: Thu, 4 Jul 1996 16:33:54 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Thu, 4 Jul 1996, Timothy C. May wrote: > At 12:14 AM 7/4/96, snow wrote: > > Military troops can best be protected by 3 seperate methods: > > 2) When they _are_ exposed, let them fight the fuck back. Rules of > > engagment are simple. When fired on, shoot to kill. If the shot > > comes from a building, take out the building. If from a crowd, > ^^^^^^^^^^^^^^^^^^^^^^ > "Colonel, the mission was accomplished. Apparently the sniper was firing > from the 34th floor, so we simply took out the building. There was minor > collateral damage, of course." I guess that part of the problem is that I was in the military, and while I was never actually under fire, there was always the possibility, and after hereing (from people who where there) the silly ass ROE, let's just say that when some one is trying to kill you it is nice to be able to do something about it. There is something to the theory of peer pressure. I would maintain that there is a difference between responding to immediate threats and long term supression. > Such overreaction to terrorist events is often precisely what a terrorist > wants, as I've explained a couple of times. Sometimes the terrorists are relying on exactly the opposite, a lack of immediate reaction. This makes the government look impotent. > >> >A third option is quite simply to buy as much of it as possible. > >> No, wouldn't work. As with the "War on (Some) Drugs," all this does is > >> raise the price a bit, actually making it a more tempting market for many > >> to get into. > > > > If the US were to offer Russia $3 billion (or whatever) > >in a one time take it or leave it for their entire chemical weapon stock, > >it might get the soviet shit off the market. The nuclear stuff is a little > >easier to store (I think) and it would be a harder sell. > > > I agree tho' that it isn't possible to buy out the market. > > Then why do you float ideas such as buying out the Soviet arsenal if you > think it isn't possible? Market v.s. Arsenel. Difference between buying a car dealership and buying the Big 6 Auto Makers. I was simply refering to removing the soviet stocks from the market. That would force the prices up a but, might get some private dealers into the market, but I wouldn't think that this particular market is all that big. I may be wrong about the size of the market. Petro, Christopher C. petro at suba.com snow at crash.suba.com From tcmay at got.net Thu Jul 4 01:38:10 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 4 Jul 1996 16:38:10 +0800 Subject: Message pools _are_ in use today! Message-ID: At 7:27 PM 7/3/96, Andrew Loewenstern wrote: >Deranged Mutant writes: >> Uploading can be gotten around by using anonymous remailers >> and mail-to-news gateways... although someone can tell if you >> send mail to anonymous mailers. > >Not if you run your own remailer! Agreed. And if a remailer chain is long enough, the "someone can tell if you send mail to anonymous mailers" is meaningless. (In an ideally crypto-anarchic world, millions of messages are being sent to anonymous remailers, and it is worth nothing to know that Subject A sent a message to an anonymous remailer.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Thu Jul 4 02:13:27 1996 From: attila at primenet.com (attila) Date: Thu, 4 Jul 1996 17:13:27 +0800 Subject: What remains to be done. Message-ID: <199607040558.WAA07414@primenet.com> Addressed to: Black Unicorn Cypherpunks ** Reply to note from Black Unicorn 07/03/96 10:17pm -0400 good "white paper." modularity is the key. use of standardized encryption libraries permitting user selection of one or more formats. message pools would be great from satellite channels --how do you regulate (read this as "pay for") since someone must receive the messages to uplink? -otherwise you have the dropouts of USENET. user interface is the achilles heel for most programmers --the time is spent making the code 'work.' with the tools available which allow multi- platform development, the *functional* GUI should be done by someone who creates "artitstic" interfaces. I agree-- if encryption can be made so simple, and with a clean user interface, it will be used by joe sixpack (who rarely likes uncle, anyway --but for different reasons). once joe sixpack starts to use (probably dropping his private keys...), then it is too pervasive to stop --even if there are a few high level prosecutions. one of our greatest failings v/v encryption as a group (including coderpunks) is we are satisfied with our access to encrytion. PGP is a nusiance, and the instructions are not clear --so we experiment until we get the results: on the command line. our satisfaction makes us insular; we need to think in global terms --mass marketing of a free product which will hold appeal for everyone. encryption is no different than the students in China --no, they do have it, but how long can Father Deng (and his successors) hang on against technology and quest for knowledge? -- Fuck off, Uncle Sam. Cyberspace is where democracy lives! From attila at primenet.com Thu Jul 4 02:15:08 1996 From: attila at primenet.com (attila) Date: Thu, 4 Jul 1996 17:15:08 +0800 Subject: Net and Terrorism. Message-ID: <199607040558.WAA07424@primenet.com> Addressed to: tcmay at got.net Cypherpunks ** Reply to note from tcmay at got.net 07/04/96 03:22am -0700 = Date: Thu, 4 Jul 1996 03:22:42 -0700 = To: cypherpunks at toad.com = From: tcmay at got.net (Timothy C. May) = = Subject: Re: Net and Terrorism. = = At 12:14 AM 7/4/96, snow wrote: = = > Military troops can best be protected by 3 seperate methods: = = > 2) When they _are_ exposed, let them fight the fuck back. Rules of = > engagment are simple. When fired on, shoot to kill. If the shot = > comes from a building, take out the building. If from a crowd, = ^^^^^^^^^^^^^^^^^^^^^^ = = "Colonel, the mission was accomplished. Apparently the sniper was firing = from the 34th floor, so we simply took out the building. There was minor = collateral damage, of course." = unfortunately, that was a modus operandi which I commanded --e.g. if one shoots, waste them all. fortunately, the U.S. SE Asia policies in "denied zones" (we were never there) is no longer in vogue. however, we will probably see that again in parts of the world as many cultures do not have the basic respect for life we do. the first time you witness a small child begging for chocolate exploded by a remote control pressed by her father, you understand --you do not necessarily like it, it's just survival. and faced with a decision of giving up 'n' "friendlies" for 1000n, or even more, to survive, I know where I stood, and still stand. War is hell --and terrorism is war, make no mistake about it. in "black" operations, priority 1 is survival, priority 2 is objective, and accountability is generally not an issue (unless you are out of bounds). = Such overreaction to terrorist events is often precisely what a terrorist = wants, as I've explained a couple of times. = yes, but it is the press, not the commander, who makes the decision to give the terrorist sympathy coverage. basicly: exclude, by whatever means, the press and eliminate the terrorists 15 minutes of fame. = = >> You are essentially making my point, that the biggest danger of the current = >> responses to terrorism is that nations will turn to national terrorism and = >> police state tactics. = > = > I missed that in your original post. = = Well, go back and look for it. The clear point of my post was that the U.S. = should not adopt police state measures so as to reduce terrorism. = no shit; in spades. if the U.S does adopt the police state tactics Bubba is espousing, the U.S. will be faced with _real_ terror, not staged incidents to justify the marial law, etc. if the populace is already disenchanted, absolute loss of freedom will stir to action some very unlikely participants and partners in "brotherhood." = = >> >A third option is quite simply to buy as much of it as possible. = >> No, wouldn't work. As with the "War on (Some) Drugs," all this does is = >> raise the price a bit, actually making it a more tempting market for many = >> to get into. = > = > If the US were to offer Russia $3 billion (or whatever) = >in a one time take it or leave it for their entire chemical weapon stock, = >it might get the soviet shit off the market. The nuclear stuff is a little = >easier to store (I think) and it would be a harder sell. = = As with "buying out" the coca crop in Peru, the poppy crop in Turkey, the = marijuana crop in the dozens of countries, etc., their motto is, obviously = enough, "we'll make more." = The U.S. spooks are still the single largest trafficers in drugs... = Again, the Sarin attack in Tokyo had nothing to do with former U.S.S.R. CBW = weapons. Chemical and biological agents are cheap to make, especially in = the quanties needed to kill only a few thousand people, and in the = non-battlefield delivery environment. = = > I agree tho' that it isn't possible to buy out the market. = = Then why do you float ideas such as buying out the Soviet arsenal if you = think it isn't possible? = U.S. cash has eliminated a lot of Soviet weapons, including, I believe some chemical. however, keep in mind: the obsolete, and expensive to maintain, hardware predominated. However, you will never be able to buy out the religious terrorists --they are on a "mission." The Western world faces far more threat from fundamentalist religious terrorists than it does from the Soviet Union, etc. There is no cure for the "revolutionary" terrorists --just death for their own brand of glory. If we do not even print their obit, there is no glory! = --Tim May = -- Fuck off, Uncle Sam. Cyberspace is where democracy lives! From loki at infonex.com Thu Jul 4 02:34:38 1996 From: loki at infonex.com (Lance Cottrell) Date: Thu, 4 Jul 1996 17:34:38 +0800 Subject: Wanted: NNTP posting access for remailers Message-ID: I would be willing to give you permission to use news.infonex.net. I will set it up for you tomorrow. -Lance At 5:46 PM 7/3/96, lcs Remailer Administrator wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Would anyone out there be willing to give NNTP posting or transfer >privileges to anon.lcs.mit.edu? > >Because of recent spams through mail2news at anon.lcs.mit.edu, I may >loose my news posting privileges to the news server I have been using. >Though I try to resolve all complaints I receive, other complaints >have been sent to other postmasters in the domain, who don't seem to >want to hear about these problems. > >If you run a news server and would like to help people posting >anonymous messages, please consider allowing posts from >mail2news at anon.lcs.mit.edu. Ideally you would also be in a position >to receive mail at some of the relevant postmaster aliases in your >domain, and would not mind forwarding misdirected complaints to me so >that I can deal with them. Alternatively, if you are willing to give >me "IHAVE" priviliges, I can possibly set things up with an initial >"Path:" header that guarantees most complaints will go directly to me. > >Thanks, >- -mix-admin at anon.lcs.mit.edu > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 >Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface > >iQCVAwUBMdsT70TBtHVi58fRAQHQ0QP/U3Jn7sL9+k3aUr+qw4WdDxef/lIeu3xO >BwdO8zlNPavJgbxuunR81n011jGy80l7qnc+DpvtuEEQqszLMcMO/4zHw/VfVOY8 >08nxE8+IkF/FE66vJdnU7O3I1mIjtbF8ixcm9FOwqoehSLJB40tXy6wu6KV663TQ >fmy/Gz5XDe8= >=Gp4D >-----END PGP SIGNATURE----- ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From jimbell at pacifier.com Thu Jul 4 02:47:31 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 4 Jul 1996 17:47:31 +0800 Subject: Message pools _are_ in use today! Message-ID: <199607040656.XAA09167@mail.pacifier.com> At 05:25 PM 7/3/96 -0700, Timothy C. May wrote: >Someone mentioned the Ku-band dishes that are used by PageSat (or whatever >it is now called....). My DSS system, which is technically a Ku-band >receiver, has a digital i/o connector of some sort on the back, and it is >rumored that this will someday be available for PageSat-like uses. (I have >a feeling this may be years off, for admin reasons if not technical >reasons.) As I understand it, the DSS broadcast (unlike older C-band units) consists of a single digital stream which contains the highly compressed (MPEG?) data representing all channels. Being compressed, the data rate needed per channel varies with the scene and the rate it changes. Even if you add up a large number of these statistically-varying channels, you'll still get a fairly wide variation in the needed bit rate per second. The system must have a substantial amount of headroom to protect against occasional times when many channels need a lot of bits, headroom that is mostly not being used, most of the time. If this is correct, then most of this headroom should be available to piggybacked data traffic on a "space-available" basis. Probably tens of megabits per second. Jim Bell jimbell at pacifier.com From grafolog at netcom.com Thu Jul 4 04:44:40 1996 From: grafolog at netcom.com (jonathon) Date: Thu, 4 Jul 1996 19:44:40 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Mark M. wrote: > On Wed, 3 Jul 1996, David Rosoff wrote: > > I've wondered .. could a creative child circumvent these filter programs > If the child is creative enough, he will be able to boot DOS from a bootdisk > and remove the line from config.sys that starts up the filtering software. Even more creative kids will find the Dos-based web browser that bypasses whatever is in the config.sys file, that is supposed to prevent them from seeing those "naughty" websites. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From gary at systemics.com Thu Jul 4 07:30:15 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 4 Jul 1996 22:30:15 +0800 Subject: Noise: Re: Those Evil Republicans In-Reply-To: <9606262325.AA25647@Etna.ai.mit.edu> Message-ID: <31DBA835.6EEA4806@systemics.com> hallam at Etna.ai.mit.edu wrote: > > Jersey and the Isle of Man are not independent soverign nations. The > Manx parliament is subordinate to the English Privy Council and Jersey > is similarly an anachronism. Andora is ruled jointly by the French President > and a Spanish Bishop (or is it the other way round?). Andorra is a self governing sovereign nation - the French president and Spanish bishop play only titular roles. Regarding Jersey and the Isle of Man, I misunderstood the requirement for the countries to be independant - we were after all discussing countries which have no control over their currencies. Still, there are many non-independant countries that do not use the currency of the country they are dependent on - for example Bermuda and BVI (both UK dependent) use the US dollar. Many of the Caribbean islands which are UK dependent (eg. Anguilla) use East Caribbean dollars. There are also several independent sovereign nations that have no control over their own currency (eg. Liechtenstein (the one you mentioned), Andorra, Monaco, Nauru, Marshall Islands, Micronesia and Pueto Rico). One could even argue that countries such as Cuba have relinquished control over their own currency by tying their Peso to the US dollar (which is also widely used in Cuba). The same could perhaps be said of Luxembourg. > Fogive my skepticism but I don't think that any ecconomist would seriously > suggest these as usefull models for modern industrial societies. The chief > industries being parasitic on those of larger nations. First of all, "parasitic" is a very derogatory term to apply to these nations. They are no more parasitic than out of town supermarkets. Second, you suggest Liechenstein as a useful model for a modern industrial society that has no control over its currency, but then go on to criticise Andorra as a useful model. Why? Third, you have missed the point I was making, that of Goodhearts law, which loosely states that "attempts by the government to regulate or tax one channel of banking business quickly lead to the same business being conducted through a different channel which is untaxed or unregulated". Surely the fact that every large nation has its banking tax havens (eg. UK has the Channel Islands, the US has the Caribbean islands) is proof of this? Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From gary at systemics.com Thu Jul 4 08:14:37 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 4 Jul 1996 23:14:37 +0800 Subject: What remains to be done. In-Reply-To: Message-ID: <31DBB50A.5656AEC7@systemics.com> Black Unicorn wrote: > > A. Methods to run secure websites on insecure servers. > > A thread on 'punks last month, I am of the view that local decryption of > web pages is essential to the development of coercion free web pages. > Estlablishing a truely secure web page today requires the server to be > extra-terratorial, in a secure physical location, and requires such > lengths to defeat traffic analysis (which lengths must be applied to the > actual network logistics, rather than the software logistics) so as to be > impractical to all but institutional resources. The best effort I have > seen is in European Union Bank (www.eub.com) or (www.eub.net) [neither of > which I recommend you use for deposits] and it still falls quite short. > > A software solution which permits local decryption makes traffic analysis > less useful, presents the opportunity to use front end and disposable www > pages on domestic ISPs while imposing no liability on the ISP itself, and > opens several more effective traffic analysis deterants. > > Ideally, both web proxies (for servers as well as clients) and local > decryption will be written allowing both server and user a degree of > double blind operation as well as easy disposability of front ends. > > A Netscape plugin for local decryption of web pages and proxy forwarding > of WWW form submissions to the server is a MUST. I fully agree with all of your comments, but, encrypted proxying issues aside, what is wrong with SSL? Is it because the encryption is for the whole server, not individual users? > Is anyone considering work on these? I gave the encrypted proxy idea some thought, and intend to do it one day. If someone is willing to run it, then I will certainly do it. Offers? With regard to the local decryption idea, then I don't see this as much of a problem. How much interest is there in this? We already have something similar running, but it would still need a bit of work to make more general. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From cyberia at cam.org Thu Jul 4 09:57:33 1996 From: cyberia at cam.org (CyberEyes) Date: Fri, 5 Jul 1996 00:57:33 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <31DA7000.6239@vail.tivoli.com> Message-ID: On Wed, 3 Jul 1996, Mike McNally wrote: > During that afternoon of Internet fun, Mark clicks the mouse and > follows a hyperlink link to a web site filled with nasty objectionable > anti-family morally corrosive filth. Mark and Mathew run home in > tears to their parents and tell all about the nightmare they've > experienced. > > I wonder whether the Christians would be able to successfully sue > the Simpsons on some sort of "corruption of a minor" deal? Indeed, > couldn't it even be possible that some local prosecutor might find > the Simpsons criminally involved? Depending on whether the information they accessed was pornographic, yes they could be. I'm not a lawyer, but I know it's illegal for minors to look at pornography. Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From kyleb at juno.com Thu Jul 4 10:28:33 1996 From: kyleb at juno.com (Kyle A Beltle) Date: Fri, 5 Jul 1996 01:28:33 +0800 Subject: PGP Message-ID: <19960704.101434.10126.21.KYLEB@juno.com> Hello, Does anyone have the latest version of PGP for Windows and/or DOS If so please reply directly, since I am not yet on C'Punks. Thanks, KyleB at juno.com From gregmi at galileo.mis.net Thu Jul 4 11:27:36 1996 From: gregmi at galileo.mis.net (Greg Miller) Date: Fri, 5 Jul 1996 02:27:36 +0800 Subject: Word lists for passphrases Message-ID: <31dbf02b.66263803@pop.mis.net> Are there any publically available word lists which contain just about every word in the English language? It's not absolutley necessary, but I'd also like the list to include english names. Thanks in advance. begin 644 tagline.txt enum MicrosoftBoolean {TRUE, FALSE, MAYBE}; Greg Miller: Programmer/Analyst (gregmi at mis.net) http://grendel.ius.indiana.edu/~gmiller/ end. From sandfort at crl.com Thu Jul 4 11:54:25 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 5 Jul 1996 02:54:25 +0800 Subject: Noise: Re: Those Evil Republicans In-Reply-To: <31DBA835.6EEA4806@systemics.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 4 Jul 1996, Gary Howland wrote: > There are also several independent sovereign nations that have no control > over their own currency (eg. Liechtenstein (the one you mentioned), Andorra, > Monaco, Nauru, Marshall Islands, Micronesia and Pueto Rico)... Don't forget Panama, Liberia, Tuvalu, Turks & Caicos, etc. Printing one's own money does not a sovereign nation make. > First of all, "parasitic" is a very derogatory term to apply to these > nations. They are no more parasitic than out of town supermarkets. Correct. While the US unsuccessfully tries to play policeman for the world, other countries are far more successful in being the bankers, playgrounds, pharmaceutical manufacturers and distributors, etc. for the world. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From WlkngOwl at unix.asb.com Thu Jul 4 12:31:33 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 5 Jul 1996 03:31:33 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <199607041655.MAA00784@unix.asb.com> On 3 Jul 96 at 18:58, Mark M. wrote: [..] > If the child is creative enough, he will be able to boot DOS from a bootdisk > and remove the line from config.sys that starts up the filtering software. Who bother using a boot disk. Remove it from the config.sys and then reboot. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Thu Jul 4 12:33:08 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 5 Jul 1996 03:33:08 +0800 Subject: The Net and Terrorism Message-ID: <199607041655.MAA00793@unix.asb.com> On 3 Jul 96 at 14:48, jim bell wrote: [..] > But as I've pointed out elsewhere, there's a big difference between "We're > gonna do this!" and "Someday we may have to do this." My impression is > that the government has tried to completely erase the dividing line > between these two concepts. As far as the government is concerned, "gonna do this" and "may have to do this" is the same, since the "this" is illegal. There is no dividing line. I suspect that since they (alegedly) had specific targets planned it leaned closer to the "gonna do this". From the minimal discussion in the media I have read, it appeared to be another 'revenge for waco and ruby ridge' action rather than a 'defense of civil liberties from a potential totalitarian government' action. (I'm rather skeptical as to how blowing up a specific IRS office would be effective were the government to change into a totalitarian regime.) Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Thu Jul 4 12:37:38 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 5 Jul 1996 03:37:38 +0800 Subject: Lack of PGP sigs Message-ID: <199607041655.MAA00788@unix.asb.com> -----BEGIN PGP SIGNED MESSAGE----- Another minor problem is when PGP-sigs are made using something other than MD5 as a hash algorithm, at least until certain modifications of PGP become 'standardized' until PGPlib is released. Rob. -----BEGIN PGP SIGNATURE----- Version: 2.6.3b Charset: cp850 Comment: SHA1 is used instead of MD5 for this signature iQEVAwUBMdvzjwTNlSxdPy6ZAQIbRwf8DFyAdkQemj6z8nGb8MAkg9Hi0t9AZgpT /7IaNy7x7+P1ahY5TRm0gZRaRr3A3scz4jCCP2IUbKnP/3SnVsvWH/GuH2EnGzQQ UhZODymDzaeWVhoQH0GNhDsAf3yLVyr6CQPWsP0aMDD4HBCFKDjr5ip9XsZRYCo1 P+7GbT+/oIRtztEFufguecIalfh275rT/FyDioblKxgyK+AX8hQ+3POzJgayPbc8 7AosgiFv9UGD4O4ComQyurZi/eFdn/x6NqrVKUVRK0KOWDVEYqAhDz45oP94//NQ ahE8viIm6irCu6PS+yf62RZvZafXLccHCBG2rUOm6gYEsB3XtuM/Vg== =SQBi -----END PGP SIGNATURE----- --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Thu Jul 4 12:45:03 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 5 Jul 1996 03:45:03 +0800 Subject: What remains to be done. Message-ID: <199607041710.NAA00995@unix.asb.com> Another need is for file/disk-encryption utilities. I'm not familiar with what's out there for Macs, but for PCs there's SFS and ASPICRYP for SCSI drives (with no source!) and SFS, SecureDrive and SecureDevice for HD (or FD). The latter won't work on Win95. AFAIK, SFS and SecureDrive aren't 100% friendly with Win95 either, though they'll work. There's a need for something that will work under Win95, WinNT, and/or OS/2 for encrypting partitions. Aside from a few commercial or shareware apps which use some variant of DES, there's little out there. (One problem is that DD kits for Win95/NT and OS/2 cost $$$.) Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From tcmay at got.net Thu Jul 4 13:04:11 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 5 Jul 1996 04:04:11 +0800 Subject: Net and Terrorism. Message-ID: At 5:58 AM 7/4/96, attila wrote: > U.S. cash has eliminated a lot of Soviet weapons, including, I >believe > some chemical. however, keep in mind: the obsolete, and expensive to > maintain, hardware predominated. However, you will never be able to >buy out > the religious terrorists --they are on a "mission." > > The Western world faces far more threat from fundamentalist religious > terrorists than it does from the Soviet Union, etc. > > There is no cure for the "revolutionary" terrorists --just death >for their > own brand of glory. If we do not even print their obit, there is no glory! I recall that Attila is one of several Mormons on the list, from a recent thread where I happened to mention Mormons as an example (and got comments, including a statement that "Mormon" is a slur). Anyway, I should point out that Mormons (or Latter Day Saints, I guess) are spreading quickly around the world...all WITHOUT using "conversion by the sword," as some other well-known religions are wont to do. Islam, notably, was known for this policy of conversion by the sword: entire national populations were given the choice of converting to Islam or being put to the sword. Most converted, naturally enough. (cf. various histories, incl. Wright's "Sacred Rage.") Islam is one of the religions teaching that "martyrs" go directly to Paradise/Heaven/Valhalla. A terrorist who explodes himself goes directly to sit at Allah's dinner table. His relatives, too, as I understand their beliefs, though the surviving relatives have to wait until they die to get this benefit. Further, if a large Middle Eastern city, e.g., Tel Aviv or Haifa, were to be nuked by Believers, then all of the vaporized Muslims in the city would automatically be martyred, and would also go to Paradise. This makes it more "acceptable" to Believers to hit targets which may contain their own kind. (The famous "Kill them all and let God sort them out" line really does apply to many Muslims.) (Two other religions come to mind as having similar beliefs about death in battle and afterlives: the Viking "berserkers" circa 800-1100 A.D. and the Japanese/Shinto suicide pilots in WW2. I'm sure there are other examples.) Most other religions which have strong beliefs about an afterlife, including Mormons, Catholics, and other flavors of Christianity, nevertheless have not adopted this "martyr" concept. This may explain why few suicide bombings and suchlike come from these groups. (There are exceptions. Many Christian sects believe that abortion is immoral and a grave sin, and that those who bomb or shoot up abortion clinics, a la John Salvi, are doing God's work and are ensured a place in Heaven. Personally, I expect to see more such "terrorist" acts in the coming decades, in the U.S.) Calling a spade a spade, Islam is in some sense a "terrorist religion," in that physical force is seen by many Muslims as a legitimate mechanism of conversion. The wrinkle that those who die in the service of Allah go directly to sit at his side is of course a major incentivizing factor for more truck bombs, nerve gas attacks, and even nukings. We should all be thankful that Mormons, as economically powerful and as well-organized as they are, steer far clear of this kind of recruiting and service to their beliefs. (It's been 30 years since I've been in Salt Lake City, but I understand that strip clubs exist there--from reading certain news groups!--and that alcohol is not illegal there. This government tolerance of things inimical to the dominant religion would be unthinkable in, say, Mecca.) There are of course other flavors of Islam, including arts-loving, peace-loving, and scholarly sorts. The propagation of science and math through the Dark Ages owes much to Arabic scholars, of course. Hence, we cannot blanketly condemn Islam. However, for the sake of the discussion about terrorism, it's important to recognize that some significant fraction of Muslims believe these notions of martrydom and are willing to engage in horrific acts to accomplish certain ends. (The Arab world is very poorly connected to the Net at this time. It'll be interesting to see what happens if and when they become well-connected, with PGP, remailers, information markets, etc.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From fair at clock.org Thu Jul 4 13:48:27 1996 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Fri, 5 Jul 1996 04:48:27 +0800 Subject: Word lists for passphrases Message-ID: You could just snarf up a week's worth of netnews... Erik From dlv at bwalk.dm.com Thu Jul 4 13:54:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 5 Jul 1996 04:54:39 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: <41ZJqD67w165w@bwalk.dm.com> tcmay at got.net (Timothy C. May) writes: > Islam, notably, was known for this policy of conversion by the sword: > entire national populations were given the choice of converting to Islam or > being put to the sword. Most converted, naturally enough. No, the population was given the choice of converting or becoming slaves. (Slaves who opted to convert later didn't become free.) There were very few examples of mass genocide during the moslem conquests, and generally they avoided killing anyone who could be sold into slavery. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From cyberia at cam.org Thu Jul 4 14:04:12 1996 From: cyberia at cam.org (CyberEyes) Date: Fri, 5 Jul 1996 05:04:12 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu> Message-ID: On Wed, 3 Jul 1996, David Rosoff wrote: > I've wondered .. could a creative child circumvent these filter programs > using a URL-redirecter, like where you see something like > http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/ > or are they not URL-based? The child would also be able to use the Anonymizer at http://www.anonymizer.com. But, is it that easy to redirect? Just type that little rd command? What others are there? I've seen < and > in use, what do they perform? Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From cyberia at cam.org Thu Jul 4 14:18:55 1996 From: cyberia at cam.org (CyberEyes) Date: Fri, 5 Jul 1996 05:18:55 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <199607032025.QAA25327@apollo.gti.net> Message-ID: On Wed, 3 Jul 1996, Mark Rogaski wrote: > I would assume that the filters look for regexp's in the query string, too. > How about a nice little Nutscape plugin that uses a rot13'd query string? Do you have a copy of that plugin? If it exists. > http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/ > > Hmmm, no bad words in the query string. Of course the filter package would > start looking for rot13'd stuff in the next release. So the next logical > step is to use the URL encrypted with the redirector's public key ... or > better yet, a dynamically generated key. Just convert it to radix64 so > as to avoid ?'s &'s or ='s, and use that as the query string. > > The plug-in would only be necessary to generate the first request. Any > URL preparation could be handled by passing the output of netcat through > a stream filter before sending it to the client. That "creative child" would have to be pretty damn smart to do what you described. Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From cyberia at cam.org Thu Jul 4 14:25:35 1996 From: cyberia at cam.org (CyberEyes) Date: Fri, 5 Jul 1996 05:25:35 +0800 Subject: Computer-Aided Revolution In-Reply-To: <199607032257.PAA16812@mail.pacifier.com> Message-ID: On Wed, 3 Jul 1996, jim bell wrote: > I've thought of an application for a "revolutionary" program for peaceful > protest, but one that requires that a substantial number (1000) of people > have access to computer time synchronized to 1 second, ideally 0.1 second. > How good would a time sync over the net typically be? Probably not very good, considering lags, and other aspects. It's possible however... 1000 people is a lot, though. Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From cyberia at cam.org Thu Jul 4 14:36:04 1996 From: cyberia at cam.org (CyberEyes) Date: Fri, 5 Jul 1996 05:36:04 +0800 Subject: ecash thoughts In-Reply-To: Message-ID: On Wed, 3 Jul 1996, Simon Spero wrote: > I'm currently visiting at my parents house in England, which for the past > 18 years has had a really nice phone number. Unfortunately, BT split > london into two area codes, and have reallocated the exchange number in > the other one to citibank. Unfortunately, not many of their customers can > quite cope with the concept of area-codes. Even more unfortunately, > neither can BT or citibanks telcom group- we've had calls transferred > from their switchboard straight through to us. > > Now, here comes the test for cp ingenuity - can you think of the best way > to answer the phone to someone who things they've called a bank? Act like a teller, get their banking information, then steal all their money. er. Sure, it's bank fraud, but it's fun! :) Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From jimbell at pacifier.com Thu Jul 4 15:42:21 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 5 Jul 1996 06:42:21 +0800 Subject: The Net and Terrorism Message-ID: <199607041917.MAA05137@mail.pacifier.com> At 12:43 PM 7/4/96 +0000, Deranged Mutant wrote: >On 3 Jul 96 at 14:48, jim bell wrote: >[..] >> But as I've pointed out elsewhere, there's a big difference between "We're >> gonna do this!" and "Someday we may have to do this." My impression is >> that the government has tried to completely erase the dividing line >> between these two concepts. > >As far as the government is concerned, "gonna do this" and "may have >to do this" is the same, since the "this" is illegal. There is no >dividing line. A couple of decades ago, a relative of mine was in the Army Reserve. Every summer, they went on exercises, and in one particular exercise (this is probably true of all of them, as well), they invented some sort of fictional scenario in which America was bordered by two fictional countries, the one to the south was called "Taco Land" and the one to the north was called "Big Tree Land." I complimented him on the Army's ability to hide the meanings of these fictions so well! B^) Naturally, the Reserve went out and set up camp, etc, and did everything an army was supposed to do under such exercises. So why were they allowed to do this, while ordinary citizens weren't? Now, you may respond, "Hey, they're the Army, that's their job and they're allowed!" Maybe. But then again, as "ordinary citizens" we have a job to do as well. And part of that job may involve ensuring that if the government stops being limited to the strictures of the Constitution, they can take it down and replace it with something better. (See Declaration of Independence, for example.) Frankly, nothing of what I've heard that this Arizona group did ought to be illegal. I interpret the 2nd amendment ("arms") to include the dictionary meaning, "objects used as weapons," so I don't see any legitimate restriction of explosives. As for scouting, practicing, and making possible-but-not-certain plans, I see nothing wrong with this either. (Remember, the Army has plenty of plans, too... few of which ever are carried out.) >I suspect that since they (alegedly) had specific targets >planned it leaned closer to the "gonna do this". Then, unfortunately, your "logic" is atrocious. If you see a likely enemy, it makes sense to identify his assets well in advance of any actual hostilities, even if those hostilities are not certain. (to fail to do so would be completely irresponsible.) That's what these people appear to have done. > From the minimal discussion in the media I have read, ^ ^^^^^^^^^^^^^^^^^^ That's a CLUE. The reason there's been "minimal discussion" is because the lap-dog media wants to avoid the entire "we're gonna do this/someday we may have to do this" issue. It's not that they want to put the dividing line in a slightly different location, they want to deny that there is ANY SORT of a dividing line at all! For the media to acknowledge that the people have a RIGHT to simply collect weapons of all kinds, including explosives, for a potential future confrontation with the government would, then, require debate as to how far this could go. I think that would lead to the logical conclusion is that no action is illegal short of actually engaging in an attack. > it appeared to be another >'revenge for waco and ruby ridge' action rather than a 'defense of >civil liberties from a potential totalitarian government' action. I don't really see any valid distinction, here, except in _time_. > (I'm rather skeptical as to how blowing up a specific IRS office would >be effective were the government to change into a totalitarian regime.) > >Rob. Local people can be expected to act locally. They'll take care of their part of town, you take care of yours, right? Jim Bell jimbell at pacifier.com From mhw at wittsend.com Thu Jul 4 16:35:37 1996 From: mhw at wittsend.com (Michael H. Warfield) Date: Fri, 5 Jul 1996 07:35:37 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <31DA7000.6239@vail.tivoli.com> Message-ID: Mike McNally enscribed thusly: > Declan McCullagh/Brock Meeks wrote (and quite well, I might add): > > ... > > Install the programs and Junior can't access porn. No fuss, no muss, no > > bother. "Parental empowerment" is the buzzword. Indeed, it was these > > programs that helped sway the three-judge panel in Philly to knock down > > the Communications Decency Act as unconstitutional. > Scenario: Mr. & Mrs. Joseph and Mary Christian buy SmutNoMore for > their home computer, to protect their children Mathew, Mark, Luke, > John, and Zebediah. All are happy and content. > One day, Mathew and Mark go to a the home of a school chum, Bart > Simpson, whose parents are products of the liberal 60's. Bart has > a computer too, along with an ISDN link through a local ISP to > the Internet. But --- horrors --- Bart's computer is not equipped > with SmutNoMore, or any other filtering software. Bart's parents > do not believe it to be fair to filter their children's access to > information. > During that afternoon of Internet fun, Mark clicks the mouse and > follows a hyperlink link to a web site filled with nasty objectionable > anti-family morally corrosive filth. Mark and Mathew run home in > tears to their parents and tell all about the nightmare they've > experienced. > I wonder whether the Christians would be able to successfully sue > the Simpsons on some sort of "corruption of a minor" deal? Indeed, > couldn't it even be possible that some local prosecutor might find > the Simpsons criminally involved? Scenario update: Replace all instances of Bart's computer and internet connections with Playboy or Penthouse (or worse - Hustler!) magazines found in a drawer in the house. You then discover this to be the shear and utter gibberish that it really is... BTW... You will also discover that the new senario is orders of magnitude MORE likey than the former. > ______c_____________________________________________________________________ > Mike M Nally * Tiv^H^H^H IBM * Austin TX * pain is inevitable > m5 at tivoli.com * m101 at io.com * > * suffering is optional Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From ichudov at algebra.com Thu Jul 4 17:23:38 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 5 Jul 1996 08:23:38 +0800 Subject: Net and Terrorism. In-Reply-To: <41ZJqD67w165w@bwalk.dm.com> Message-ID: <199607042108.QAA07984@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > > tcmay at got.net (Timothy C. May) writes: > > Islam, notably, was known for this policy of conversion by the sword: > > entire national populations were given the choice of converting to Islam or > > being put to the sword. Most converted, naturally enough. > > No, the population was given the choice of converting or becoming slaves. > (Slaves who opted to convert later didn't become free.) There were very > few examples of mass genocide during the moslem conquests, and generally > they avoided killing anyone who could be sold into slavery. Just curious how much slaves cost at that time. Would be interestnig to see a price of a good slave as compared to, say, average monthly earnings or a price of one sheep. - Igor. From hfinney at shell.portal.com Thu Jul 4 17:24:03 1996 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Jul 1996 08:24:03 +0800 Subject: What remains to be done. Message-ID: <199607042102.OAA26752@jobe.shell.portal.com> From: Black Unicorn > A. Methods to run secure websites on insecure servers. > [...] > A software solution which permits local decryption makes traffic analysis > less useful, presents the opportunity to use front end and disposable www > pages on domestic ISPs while imposing no liability on the ISP itself, and > opens several more effective traffic analysis deterants. I don't quite understand what is being proposed here. If the information on the web site is encrypted, who is supposed to be able to decrypt it? Just one person, or some select group of people? My concern is the difficulty of keeping keys secret if they are made available to more than one or two people. Once the keys are known to those who would oppose the publication of the information they can go to the ISP just as easily as if the information were not encrypted, and get them to take it down if it is illegal. It would seem that an equally effective method would be to use no encryption, but just a secret URL, one which is not linked to from elsewhere - an "island in the net", so to speak (apologies to Bruce Sterling). Hal From root at edmweb.com Thu Jul 4 17:35:45 1996 From: root at edmweb.com (Steve Reid) Date: Fri, 5 Jul 1996 08:35:45 +0800 Subject: ecash thoughts Message-ID: > But probabilistic payment should be used to allow the minimum average > payment to go way below this, perhaps to an unlimited extent. I just thought of an obvious problem with "probabilistic payments". Suppose someone is surfing the web or whatever, and various sites are charging, say, 0.1 cents per web page, via probabilistic payments. Suppose there is a 1 in 10 chance that the person will pay 1 cent. The person wanders around the web, acting as though he's perfectly willing to pay, and participating in the fair coin tosses. Except, he really has no intention of paying. He will gain free access to 9 out of 10 sites, and on the ones that he loses the 1/10 gamble, he just backs out of the deal and doesn't pay anything. The end result is that instead of seeing all of the web at 0.1 cents per page, he sees 90% of the web completely for free. If everyone does this, the sites will go broke. It's the equivalent of welshing on a bet. The obvious solution would be to require that the person pay the 1 cent, then if he wins the 9/10 bet, he gets the 1 cent back. But that will just move the problem from the user to the server- the site can welsh on the bet and refuse to pay back the one cent. They will get ten times the payment that they are supposed to get. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From joelm at eskimo.com Thu Jul 4 17:53:33 1996 From: joelm at eskimo.com (Joel McNamara) Date: Fri, 5 Jul 1996 08:53:33 +0800 Subject: Announce: Private Idaho 2.7b Message-ID: <199607042154.OAA06900@mail.eskimo.com> Since I'm in an especially patriotic mood today, I've just uploaded the 2.7b beta release of Private Idaho (which started out life as a Windows PGP shell, but is turning into the "mother of all privacy tools" shell). Significant new additions include: Automated install application - no more installing and updating new releases of PI by hand (many thanks to Colin Tan for writing the Setup application). The install application comes bundled with PGP QuickStart, a utility for helping new users download and install PGP. Expert and user modes - for new users, user mode provides a limited set of commonly used commands. Expert mode gives you access to all of the commands. Steps - again, another feature for new users. Step-by-step information on how to perform common tasks. Change nym account reply blocks - easy way to change nym reply blocks. Anonymizer support - support for C2's new anonymous Web browsing server. Select a URL from any text within Private Idaho and your browser will anonymously access that Web page. Mixmaster support - support for Mixmaster type 2 remailers. Variable word-wrap length - select window size, 65, 70, or 75 character line length. Revised online help HTML version of help Get it at: http://www.eskimo.com/~joelm/pi.html And while you're there, as an added 4th of July bonus, check out: http://www.eskimo.com/~joelm/cryptbk.html For the extremely tacky, and offensive to some, "Building a CryptoBook" page. Comments, questions, etc. as usual to: Joel McNamara joelm at eskimo.com From nobody at c2.org Thu Jul 4 18:08:46 1996 From: nobody at c2.org (Anonymous User) Date: Fri, 5 Jul 1996 09:08:46 +0800 Subject: premail-0.44, WHERE DO I GET IT. Message-ID: <199607042205.PAA24666@infinity.c2.org> Cpunks: I tried to find the perl script premail (v. 0.44) that is described at the Raph Levien's page. Unfortunately, EVERY place where it is purported to be is screwed up: ftp.csua.berkeley.edu does not respond to FTP commands, Levien's download page returns premail 0.43 instead of 0.44, and ftp.hacktic.nl does not have premail-0.44. WHAT TO DO??? WHAT TO DO??? WHAT TO DO??? From markm at voicenet.com Thu Jul 4 18:21:16 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 5 Jul 1996 09:21:16 +0800 Subject: Lack of PGP signatures In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 3 Jul 1996, snow wrote: > On Wed, 3 Jul 1996, Alan Olsen wrote: > > I am wondering why there is not a signing option that ignores all > > non-printing characters. Might fix some of these problems... (Can anyone > > think of a reason this would be a "Bad Thing(tm)"?) > > IANACE, but off the top of my head I'd say clear signing binaries. It is not possible to clear-sign binaries with PGP. The point of clear-signing is to have signed text that is readable to people who don't have the software necessary to process the text. It would make sense to clearsign a file that is base64'ed or uuencoded, which wouldn't alter the contents of the file. I can't see how such an option would be harmful, except that it might lose some characters that are important to the context of the message. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdwIoLZc+sv5siulAQHVegQAqeyjQY9SmQ4mM1/ezBDeI9MLa3EZ8620 JXrbxYCt74zUFzqC8GxylUE9cowdZmDrQ2NbYepWbekoY/cmSE3lxJPd1VW36Lbo NY3c1iNswvUiAsfXPUA+tBide/aZCk/vniHXFwLBPJi+gRTjktpbIUNixoxW3B5z xJSFusVl8Lg= =QUGA -----END PGP SIGNATURE----- From naim at micronet.fr Thu Jul 4 18:34:22 1996 From: naim at micronet.fr (predator) Date: Fri, 5 Jul 1996 09:34:22 +0800 Subject: unsuscribe In-Reply-To: <31CDACD4.751@potlatch.esd112.wednet.edu> Message-ID: <31DC3BCB.702C@micronet.fr> unsuscribe From anonymous-remailer at shell.portal.com Thu Jul 4 19:17:53 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 5 Jul 1996 10:17:53 +0800 Subject: No Subject Message-ID: <199607042317.QAA04006@jobe.shell.portal.com> :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6.2 hIkDPRWysueuweUBA+irExxkMlmCIvGqzCvDUNWtFWbAjJx4JODBCbauj6uYeC62 pF0r72wgDKrncK5Z/oZdF11vaVveW50KrZQQFVL2+etoRTHfLBNgKKYW4cDwTe/f 4jS3+tut2XfRf/y/Ho139zKfNIBdHC0ByHEsIcKU2FPwNzalERc3q+yehKYAAAHF mFeehQHt3/AdVJOueBP+EzxG31y72enxE0lilm9VGzQzLf7sH2354xezhtxsrNgH BEkF9o0EhYy6/3JHDhqcat0fwDBZsBPDH8Lg1m60xBMD8iTLtOT5jUNAQRUwahlf s1acdgoSnx6PgTnHpox4r6SNxeIaC9AH1WTAngfrLvm877/gk5kxjIJV7D7Z7sF8 IQn9BXNPj1/6c9MyqAPQE7w3PpEFkN6/KPZsAhtyEc/ib4IxwMoRoVCRpOY13iVm q1UGaOPsTaom13rCn35fFp71o+Myc+Due3OoTpCC01B95JucbhUMV2pyBdgcafbN vnj/0FUAgWVDkAMWYuZj82qqoi8NWcNhXsBxsnXRBAxemgckmZdo+sx6sUlSLy9u 5JbN+7DNcwbfY5qbUJIVnPNu4BDuN+s9dCVSYalCVL/rGhFwkCvPSHJuFIZF7daE H+uITFUp5D8kmlLj3zHdTaoXkctRA7xc2+JVlgEGAsLuBQ8SSOQQovmJIarmBdhJ g2RiRaGv4CsaSbQiMfy5vAmDjbuJdrL+sYfDI4n4ODVSaBHkGjoOriU8T1kpwJCT qFRDBgQGhMwGplT1FKULqn7D7SFh =v5LU -----END PGP MESSAGE----- I didn't know L.Detweiler's first name was Larry. How did you, tcmay? From drosoff at arc.unm.edu Thu Jul 4 19:23:03 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Fri, 5 Jul 1996 10:23:03 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <1.5.4.16.19960704232543.3a3f1d7c@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 01.30 PM 7/4/96 -0400, CyberEyes wrote: > The child would also be able to use the Anonymizer at >http://www.anonymizer.com. But, is it that easy to redirect? Just type >that little rd command? What others are there? I've seen < and > in >use, what do they perform? No, but in things like Yahoo and Alta Vista, when they have those ads, look at the URL assigned to the ad. It redirects you through the service you're using rather than send you straight there. I don't know why. I was just using an example.... Since HTML uses the < and > (less-than and greater-than) characters in the code, you use the < and > to print one of these characters and not use it in the code. =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdxKCxguzHDTdpL5AQFyaQP/VevSEcgSOqZ0I0XB7mFX5tKivwEpHQ4+ 8zEBfUJTI7SZjZVSbo7dCa/4IRuk7NBrvI0bGHCyRqO7TPqOEZn9Po1eBFfg2I08 RZEVrE3EN1gm/rW32pJ/ocNLTH45mRqKEQoO8gZle509ZvkhiBzJuK8aXFn7hJn+ cgJeSUTfBmw= =U3zk -----END PGP SIGNATURE----- From drosoff at arc.unm.edu Thu Jul 4 19:29:36 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Fri, 5 Jul 1996 10:29:36 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <1.5.4.16.19960704232548.0b77fbf4@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 02.09 PM 7/4/96 -0400, you wrote: >On Wed, 3 Jul 1996, Mark Rogaski wrote: > >> I would assume that the filters look for regexp's in the query string, too. >> How about a nice little Nutscape plugin that uses a rot13'd query string? > > Do you have a copy of that plugin? If it exists. > >> http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/ >> >> Hmmm, no bad words in the query string. Of course the filter package would >> start looking for rot13'd stuff in the next release. So the next logical >> step is to use the URL encrypted with the redirector's public key ... or >> better yet, a dynamically generated key. Just convert it to radix64 so >> as to avoid ?'s &'s or ='s, and use that as the query string. >> >> The plug-in would only be necessary to generate the first request. Any >> URL preparation could be handled by passing the output of netcat through >> a stream filter before sending it to the client. > > That "creative child" would have to be pretty damn smart to do >what you described. It would actually take less creativity to do the other things, bypass the config.sys, etc. The child would thus be perhaps a little TOO creative. :) =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdxKohguzHDTdpL5AQEFIwQAuK9Ca8ImcDka9mYWht35h8NMSr2A/tfB zvusZ8P5HIEYTbQ8GyRDQ3R+X58+k2pQmaCnO66EtI83mrVs+J9C8B7LoobroZpO u2R0SnMMJVU6eQAnkABkgYaMLVamqEMG+n6qmk7NePjsawSBvOdtuH9dmccR1/Pi +sGpQvT6RvI= =vTir -----END PGP SIGNATURE----- From furballs at netcom.com Thu Jul 4 19:30:11 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Fri, 5 Jul 1996 10:30:11 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Thu, 4 Jul 1996, Timothy C. May wrote: > At 5:58 AM 7/4/96, attila wrote: > > > U.S. cash has eliminated a lot of Soviet weapons, including, I > >believe > > some chemical. however, keep in mind: the obsolete, and expensive to > > maintain, hardware predominated. However, you will never be able to > >buy out > > the religious terrorists --they are on a "mission." > > > > The Western world faces far more threat from fundamentalist religious > > terrorists than it does from the Soviet Union, etc. > > > > There is no cure for the "revolutionary" terrorists --just death > >for their > > own brand of glory. If we do not even print their obit, there is no glory! > > I recall that Attila is one of several Mormons on the list, from a recent > thread where I happened to mention Mormons as an example (and got comments, > including a statement that "Mormon" is a slur). > > Anyway, I should point out that Mormons (or Latter Day Saints, I guess) are > spreading quickly around the world...all WITHOUT using "conversion by the > sword," as some other well-known religions are wont to do. > > Islam, notably, was known for this policy of conversion by the sword: > entire national populations were given the choice of converting to Islam or > being put to the sword. Most converted, naturally enough. > > (cf. various histories, incl. Wright's "Sacred Rage.") > > Islam is one of the religions teaching that "martyrs" go directly to > Paradise/Heaven/Valhalla. A terrorist who explodes himself goes directly to > sit at Allah's dinner table. His relatives, too, as I understand their > beliefs, though the surviving relatives have to wait until they die to get > this benefit. > > Further, if a large Middle Eastern city, e.g., Tel Aviv or Haifa, were to > be nuked by Believers, then all of the vaporized Muslims in the city would > automatically be martyred, and would also go to Paradise. This makes it > more "acceptable" to Believers to hit targets which may contain their own > kind. (The famous "Kill them all and let God sort them out" line really > does apply to many Muslims.) > > (Two other religions come to mind as having similar beliefs about death in > battle and afterlives: the Viking "berserkers" circa 800-1100 A.D. and the > Japanese/Shinto suicide pilots in WW2. I'm sure there are other examples.) > > Most other religions which have strong beliefs about an afterlife, > including Mormons, Catholics, and other flavors of Christianity, > nevertheless have not adopted this "martyr" concept. This may explain why > few suicide bombings and suchlike come from these groups. > > (There are exceptions. Many Christian sects believe that abortion is > immoral and a grave sin, and that those who bomb or shoot up abortion > clinics, a la John Salvi, are doing God's work and are ensured a place in > Heaven. Personally, I expect to see more such "terrorist" acts in the > coming decades, in the U.S.) > > Calling a spade a spade, Islam is in some sense a "terrorist religion," in > that physical force is seen by many Muslims as a legitimate mechanism of > conversion. The wrinkle that those who die in the service of Allah go > directly to sit at his side is of course a major incentivizing factor for > more truck bombs, nerve gas attacks, and even nukings. > > We should all be thankful that Mormons, as economically powerful and as > well-organized as they are, steer far clear of this kind of recruiting and > service to their beliefs. > > (It's been 30 years since I've been in Salt Lake City, but I understand > that strip clubs exist there--from reading certain news groups!--and that > alcohol is not illegal there. This government tolerance of things inimical > to the dominant religion would be unthinkable in, say, Mecca.) > > There are of course other flavors of Islam, including arts-loving, > peace-loving, and scholarly sorts. The propagation of science and math > through the Dark Ages owes much to Arabic scholars, of course. Hence, we > cannot blanketly condemn Islam. > > However, for the sake of the discussion about terrorism, it's important to > recognize that some significant fraction of Muslims believe these notions > of martrydom and are willing to engage in horrific acts to accomplish > certain ends. > > (The Arab world is very poorly connected to the Net at this time. It'll be > interesting to see what happens if and when they become well-connected, > with PGP, remailers, information markets, etc.) > > --Tim May > Normally I would snip a bit to save bandwidth, but your comments, abreviated, would not be as effective. My cousin is attached to one of the Ranger companies that went to Somalia, among other "friendly" vacation spots. He told me that just prior to moving out to rescue 6 men pinned down at 900 m by sniper fire, his CO instructed them that these snipers were muslim and considered it an honor to die for their religion. His last words to them were: "Tell them 'Go with God', then fire!" As far as John was concerned it was a win-win situation... ...Paul BTW, Attila, this was one of the companies Eric had to help pull out of the fire, created courtesy of the UN and the Pakistani CO for that attachment. But that's an interesting story for another time. From markm at voicenet.com Thu Jul 4 20:16:43 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 5 Jul 1996 11:16:43 +0800 Subject: ecash thoughts In-Reply-To: <199607040424.VAA02562@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 3 Jul 1996, jim bell wrote: > At 05:53 PM 7/3/96 -0400, Simon Spero wrote: > > >2) If ecash is used to create a new currency- i.e. the value of a unit of > >the ecash is not tied to any single existing currency, what should the > >value of one currency unit be set at? (let's call it a Turing) > > Low, maybe a tenth of an American cent. But probabilistic payment should be > used to allow the minimum average payment to go way below this, perhaps to > an unlimited extent. The reason is simple: The cost of providing net > transactions, and electronic transactions in general, can be expected to > drop exponentially, just like the cost of telecommunications and CPU power > do. Any arbitrary limit to how low they can go will act somewhat akin to > the minimum wage: It will deter development of any product or service whose > perceived value is less than this arbitrary minimum. If the value of a Turing is one tenth of an American cent, then it would actually just be a pseudocurrency backed by U.S. dollars. The inflation of ecash would be the same as the inflation of U.S. money. However, I do agree that the value of one unit should be low. You use Moore's Law to state that the cost of electronic transactions drops exponentially. However, this is only true if the electronic transactions use the same amount of bandwidth. As chip processing speed and transmission bandwidth double, the cost of building the equipment also doubles. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdxhVrZc+sv5siulAQEvXQP9EpchmkFK5dlxzwGP73oh02ATNzrVfl+N nB7BrpT/Ord5cUYk9vVFVdqZ4w3rW+/uV0QQaPE+GOeDH5bnDtX7nBGBQp72TpVl Bwy+b6cuHuPMjivMSqHfOcSLhXXDO3Km+35dxx77FNOWa4MI2rgDtUdqjXOocaiR puGEgEosYDI= =6UK5 -----END PGP SIGNATURE----- From attila at primenet.com Thu Jul 4 20:18:25 1996 From: attila at primenet.com (attila) Date: Fri, 5 Jul 1996 11:18:25 +0800 Subject: Net and Terrorism. (blanc@accessone.com) Message-ID: <199607050037.RAA29295@primenet.com> Addressed to: blanc Cypherpunks To: blanc From: attila Reply-To: attila at primenet.com Subject: RE: Net and Terrorism. ** Reply to note from blanc 07/04/96 12:31am -0700 = Could you explain your statement below: = = the first time you witness a small child begging for chocolate = exploded by a remote control pressed by her father, you understand = --you do not necessarily like it, it's just survival. = = Why was the child exploded? To kill the soldier it was requesting = chocolate from? = human life is cheap in many non-Western countries, particularly the orient. Female children are considered expendable (in China where parents are limited to one child; the abortion of a female fetus is common). children in war zones have always begged chocalate from soldiers and even a small child can pack enough plastiques to wipe out an entire patrol. as I said, it is one or the other --the child dies either way, and explosives are very messy. no matter how war movies are glorified for joe six-pack, war is still hell. -- Fuck off, Uncle Sam. Cyberspace is where democracy lives! From llurch at networking.stanford.edu Thu Jul 4 20:29:23 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 5 Jul 1996 11:29:23 +0800 Subject: What remains to be done. In-Reply-To: <199607042102.OAA26752@jobe.shell.portal.com> Message-ID: On Thu, 4 Jul 1996, Hal wrote: > It would seem that an equally effective method would be to use no > encryption, but just a secret URL, one which is not linked to from > elsewhere - an "island in the net", so to speak (apologies to Bruce > Sterling). The URL would still be visible in your ISP's http log and, in som cases, to other users of the ISP. You'd have to cont on low traffic and little interest from other users in your ISP from browsing the world-readable bits of your home directory. A case of an ISP closing someone's account because of an objection to an unliked gif was sent to Declan's fight-censorship list a few days ago. -rich From attila at primenet.com Thu Jul 4 20:32:16 1996 From: attila at primenet.com (attila) Date: Fri, 5 Jul 1996 11:32:16 +0800 Subject: Net and Terrorism. Message-ID: <199607050037.RAA29288@primenet.com> Addressed to: tcmay at got.net Cypherpunks ** Reply to note from tcmay at got.net 07/04/96 5:43pm -0700 = I recall that Attila is one of several Mormons on the list, from a = recent thread where I happened to mention Mormons as an example (and = got comments, including a statement that "Mormon" is a slur). = your memory is correct as to my membership: I am an active Elder and member of the Quorum of High Priests. The official name of the church since 1838 (eight years after founding) is "The Church of Christ and the Latter Day Saints" --therefore preference for 'LDS' or 'Saints.' the use of "Mormon" to describe our members is obvious from the "Book of Mormon," so named by the fact the prophet Mormon compiled and/or authored much of the book, although the last prophet and custodian was Moroni (the gold statue on top of LDS Temples is of Moroni). = Anyway, I should point out that Mormons (or Latter Day Saints, I = guess) are spreading quickly around the world...all WITHOUT using = "conversion by the sword," as some other well-known religions are = wont to do. = our mission is simple: we only ask that you read the material (preferably including the Book of Mormon) and privately (possibly including your family) to get on your knees and humbly and openly pray to God to tell you if the LDS church is the restored Church of Christ himself, as established before his crucifixion, unfortunately, we have been met by the sword, including in Utah, which was _occupied_ by Federal troops for almost 50 years and more than one U.S. Army was sent by Washington to subjugate and/or exterminate us. = Islam, notably, was known for this policy of conversion by the sword: = entire national populations were given the choice of converting to = Islam or being put to the sword. Most converted, naturally enough. = = (cf. various histories, incl. Wright's "Sacred Rage.") = = Islam is one of the religions teaching that "martyrs" go directly to = Paradise/Heaven/Valhalla. A terrorist who explodes himself goes = directly to sit at Allah's dinner table. [snip...] = = Personally, I expect to see more such "terrorist" acts in the = coming decades, in the U.S.) = given the insolvency of the U.S. government and the absurd ratios of stock values in the NYSE and NASDAQ --most of it on 10%, or less, margin, a total economic collapse is inevitable --not if! *when?* all the "safeguards" of FDR's Glass Act, the SEC, etc. are just so many words. the monied class and the manipulators are no less than the moneychangers Jesus expelled from the temple in Jerusalem. = Calling a spade a spade, Islam is in some sense a "terrorist = religion," in that physical force is seen by many Muslims as a = legitimate mechanism of conversion. [snip...] = = We should all be thankful that Mormons, as economically powerful and = as well-organized as they are, steer far clear of this kind of = recruiting and service to their beliefs. = technically, we "turn the other cheek" as W.W. Phelps did when the mobs in Jackson, MO tarred one cheek --he turned to make it easier to tar the other. = (It's been 30 years since I've been in Salt Lake City, but I = understand that strip clubs exist there--from reading certain news = groups!--and that alcohol is not illegal there. This government = tolerance of things inimical to the dominant religion would be = unthinkable in, say, Mecca.) = our basic attitude is very simple: we do not believe in the consumption of liquor, tea, coffee, and drugs including nicotine and caffeine. all members are not perfect, and many must restore their faith by repentance; however, we believe all non-members are free to practice _any_ religion of their choice, including in indulging in [legal] harmful substances. I, myself, live in Southern Utah in a rural high desert community of <150 families. I suspect it would be difficult to obtain a drink! The LDS position of war and conscientious objects is dual: if you profess to your Bishop you wish to be a conscientious objector (following the example in Alma), you will be supported; or, if you wish to be called to duty (as the striplings of Helaman who had not covenented to not raise arms). you will be supported, as this example from the Discourses of Brigham Young: "When we were right in the midst of Indians, who were said to be hostile, five hundred men were called to go to Mexico to fight the Mexicans, and, said Mr. Benton -- 'If you do not send them we will cover you up, and there will be no more of you.' "...The boys in that battalion performed their duty faithfully. I never think of that little company of men without the next thoughts being, "God bless them for ever and for ever." All this we did to prove to the Government that we were loyal. "...Thomas H. Benton, ...obtained the requisition to call for that battalion, and, in case of non-compliance with that requisition, to call on the militia of Missouri and Iowa, and other states, ...to destroy [us]. "This same Mr. Benton said to the President of the United States, in the presence of some other persons, 'Sir, they are a pestilential race, and ought to become extinct.'" [Discourses of Brigham Young 10:106] = There are of course other flavors of Islam, including arts-loving, = peace-loving, and scholarly sorts. The propagation of science and = math through the Dark Ages owes much to Arabic scholars, of course. = Hence, we cannot blanketly condemn Islam. = = However, for the sake of the discussion about terrorism, it's = important to recognize that some significant fraction of Muslims = believe these notions of martyrdom and are willing to engage in = horrific acts to accomplish certain ends. = = (The Arab world is very poorly connected to the Net at this time. = It'll be interesting to see what happens if and when they become = well-connected, with PGP, remailers, information markets, etc.) = currently, the Arabs are poorly connected to the Internet due to the fear of their despotic rulers that they will learn Western ways, including democracy --and, spread information and democracy to rise against these leaders. In Saudi Arabia, any usage of the InterNet goes thru the official state provided (a clear case for a satellite link). Of course, it is illegal to own weird satellite equipment. Attila 960704:2359 -- Fuck off, Uncle Sam. Cyberspace is where democracy lives! From frissell at panix.com Thu Jul 4 20:32:57 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 5 Jul 1996 11:32:57 +0800 Subject: Who was that Masked Cypherpunk? Message-ID: <2.2.32.19960705005731.00858d68@panix.com> OK, fess up. Who was it who amended the anti-key-escrow language of the Libertarian Party Platform live on CSPAN? Specific reference to cypherpunks. DCF From frissell at panix.com Thu Jul 4 20:34:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 5 Jul 1996 11:34:52 +0800 Subject: Moviepunks Message-ID: <2.2.32.19960705005530.00849e80@panix.com> Not much crypto or any networking in "Independence Day." It does have a code name, however, "ID4." Disabled the mothership with computer viruses (highly unlikely.) Used a Mac Powerbook but no Apple logos showed. Film has mass appeal, however and some good bits. Good for teaching people that if 15-mile-wide spacecraft position themselves above your town--leave. The Net did get me into the film however without waits. Fired up www.777film.com at 1600 hrs, ordered tickets for the 1700 hrs showing, get to the theater, walked past lines into the lobby to use ATM, stuck in card, got tickets, went into theater. Dodged mob scene. Saw a preview of "Ransom" starring Mel Gibson in a remake of the 1956 Glenn Ford film of the same name. First ransom "note" appears to be a multimedia file (delivered by the Net?). DCF "Somehow, I doubt William Jefferson Blythe Clinton would fly an F-15 against a monster alien craft." From jimbell at pacifier.com Thu Jul 4 20:47:16 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 5 Jul 1996 11:47:16 +0800 Subject: ecash thoughts Message-ID: <199607050111.SAA17969@mail.pacifier.com> At 08:26 PM 7/4/96 -0400, Mark M. wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >On Wed, 3 Jul 1996, jim bell wrote: > >> At 05:53 PM 7/3/96 -0400, Simon Spero wrote: >> Low, maybe a tenth of an American cent. But probabilistic payment should be >> used to allow the minimum average payment to go way below this, perhaps to >> an unlimited extent. The reason is simple: The cost of providing net >> transactions, and electronic transactions in general, can be expected to >> drop exponentially, just like the cost of telecommunications and CPU power >> do. Any arbitrary limit to how low they can go will act somewhat akin to >> the minimum wage: It will deter development of any product or service whose >> perceived value is less than this arbitrary minimum. > >If the value of a Turing is one tenth of an American cent, then it would >actually just be a pseudocurrency backed by U.S. dollars. I should have said, "about a tenth of a cent." I didn't mean to imply a linkage. >The inflation of >ecash would be the same as the inflation of U.S. money. However, I do agree >that the value of one unit should be low. > >You use Moore's Law to state that the cost of electronic transactions drops >exponentially. However, this is only true if the electronic transactions >use the same amount of bandwidth. As chip processing speed and transmission >bandwidth double, the cost of building the equipment also doubles. At any given time, that's true, but over time the cost of that processing (per unit transaction) will drop, probably in some exponential fashion. For an optical fiber transmission system, the cost of the fiber does NOT go up with the speed, since it's nowhere near its limiting capacity. End-termination systems will be more expensive, but I suspect that's a relatively small fraction of the overall cost. CPU cost will be significant, but then again the Moore's law trend will predominate. CPU's probably have 1000 times the power, per unit cost, than they did in 1980 or so. It would probably be over-optimistic to think that they'll drop the same ratio over the next 15 or so years, but it'll be enough of a reduction so that whatever costs appear to be limits today won't be then. Jim Bell jimbell at pacifier.com From raph at c2.org Thu Jul 4 21:51:07 1996 From: raph at c2.org (Raph Levien) Date: Fri, 5 Jul 1996 12:51:07 +0800 Subject: Announcing the release of premail 0.44 Message-ID: <199607050216.TAA16873@infinity.c2.org> The long awaited release of premail 0.44 is now available. This release integrates PGP and anonymous e-mail functions into Unix versions of Netscape 3.0's built-in mailer. It also does a pretty good job with Pine 3.94 (transparent integration of plain PGP mail, decoding of MIME protected mail requires a single command). For those of you interested in experimenting with S/MIME, it contains some S/MIME functions, but does not yet fully comply with the standard. The main premail Web page is: http://www.c2.net/~raph/premail.html The premail documentation is at: http://www.c2.net/~raph/premail/ I appreciate any bug reports, suggestions, or comments. Raph From sameer at c2.net Thu Jul 4 21:51:19 1996 From: sameer at c2.net (sameer) Date: Fri, 5 Jul 1996 12:51:19 +0800 Subject: Restrictions on crypto overseas In-Reply-To: Message-ID: <199607050215.TAA22048@atropos.c2.org> In many countries there are none. France is pretty bad. > Greetings. > > I am looking for a concise description of the restrictions overseas on the > use of cryptography, and how those restrictions affect the operation of a > cryptographically-enabled web server. > > I have been told that users of programs like PGP in france are required by > law to register their secret keys with the state security apparatus. Does > this mean that users of secure web servers need to register their secret > keys as well? Is anybody doing this? Is the law enforced? > > What about other nations that have recently passed restrictions on the use > of crypto? Other than Russia, which are they? Is there a list anywhere? > > Thanks. > > > ====== > Simson's Summer Info: > > Mailing: 304 Newbury Street, #503, Boston, MA 02115. 617-876-6111 > Summer Salon: 236 Marlborough St. #2 Boston MA 02116. > > -- Sameer Parekh Voice: 510-986-8770 Community ConneXion, Inc. FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From jimbell at pacifier.com Thu Jul 4 22:10:56 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 5 Jul 1996 13:10:56 +0800 Subject: Altair emulator? Message-ID: <199607050234.TAA20461@mail.pacifier.com> So you always wanted to run an Altair... http://www.nwlink.com/~tigger/altair.html Jim Bell jimbell at pacifier.com From vinnie at webstuff.apple.com Thu Jul 4 22:15:04 1996 From: vinnie at webstuff.apple.com (vinnie moscaritolo) Date: Fri, 5 Jul 1996 13:15:04 +0800 Subject: Lack of PGP signatures Message-ID: Folks it's time to shit or get off the pot. If what is holding us back is a PGPlib, (even though I personaly belive it's a bit late, S-MIME is becoming pretty popular) then either finish it, or make it available for someone else to finish it. I know that at least on the Mac if there was a there was a PGPlib, you would have seen more than one native email plug-in from the last Mac hack. Maybe Macintosh developers havent done crypto for a variety of reasons, whether it be NSA strong arming or not, BUT... I tell you as soon as someone releases a Mac CFM library that does crypto, thats when you will see interfaces that Joe-sixpack will use. And none of this silly telnet/unix shell I can't send my passphrase over the wire crap. Hello...Thats why they (we) make powerbooks. OH and I would suggest that you do make the interfaces/doc public in several well-known places (TM) ASAP. cause like the AT&T commercial says, have you ever been visited by the men with dark suits..you will. Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From llurch at networking.stanford.edu Thu Jul 4 22:17:47 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 5 Jul 1996 13:17:47 +0800 Subject: Philly Inquirer: More old, conterfactual "Hate on the Net" "news" Message-ID: This is fucking amazing. In the last month, the two most well-known young neo-Nazi activists on the net, having been exposed to a true diversity of opinion and true free speech on the Internet, repudiated their former beliefs (I'm buying one of them a beer next week); the most well-known neo-Nazi propagandist on the net, frustrated by having her daily newsletter posted publicly to Usenet, lashes out at DejaNews for building a case against her (she knows her own words are her best refutation); and serious attempts by neo-Nazis to rmgroup and vertical-spam two newsgroups where neo-Nazi movements are discussed and refuted failed without a single spam-cancel or account closure that could be mischaracterized as "censorship." And yet Reid comes out with the old Horsemen fear-mongering about "Hate on the Net." He even quotes an old piece from *former* net.nazi Milton Kleim WHICH MILTON NO LONGER SUPPORTS. The Dreaded Nazi Threat to the Net is in disarray, and the totally discredited and impotent kook Don Black (the man who would be king of the island of Dominica, but his coup failed) gets a front-page story in the Philadelphia Inqirer to sneer at America on July 4th. Unbelievable. No wonder Don was happy to send the full text of the article, below, to his ever-shrinking pool of supporters (and others) on his Stormfront mailing list (send "archive stormfront-l" in the body of a message to listserv at stormfront.org if you'd like to browse the last 100 messages, half of which talk about the recent breakdown in "the movement"). It seems they're determined to beat on the Four Horsemen even when it's patently obvious that they're dead. Reid Kanaley's email address is rkanaley at voicenet.com, but it seems he's only interested in talking to "experts" who are way, way out of touch with current events. -rich censor internet now! http://www.stanford.edu/~llurch/potw2/ boycott fadetoblack! http://www.fadetoblack.com/prquest.htm ---------- Forwarded message ---------- Date: Thu, 4 Jul 1996 11:13:53 GMT From: "don.black" To: rich at c2.org Subject: SF: More "Hate on the Net" news >From this morning's Philadelphia Inquirer ... Happy Independence Day! --Don Page One Thursday, July 4, 1996 Hate groups reaching vast Internet audience They are reaching a vast audience. Some Web sites are ``very, very slick says an observer. By Reid Kanaley INQUIRER STAFF WRITER Don Black, who was once national director of the Knights of the Ku Klux Klan and now runs a site on the World Wide Web called Stormfront, recognized early that the Internet was the place to be. ``The potential of the Net for organizations and for movements such as ours is enormous,'' Black, 42, of West Palm Beach, Fla., said in an interview. ``We're reaching tens of thousands of people who never before have had access to our point of view.'' Those who monitor the activities of extremists such as right-wing militias, neo-Nazis, Holocaust-denial groups and others agree that the Internet is proving irresistible to those organizations for communication, propaganda and recruitment. In a written response to an interview request e-mailed to Minuteman Press Online, a militia-oriented Web site, someone identified as R.A. Mann declined to be interviewed yesterday, but added: ``Militias use the Internet in the same way other groups do: data verification, urgent updates, tips on everything, legislation overviews, etc.'' Begun in the late 1980s as an electronic bulletin board for the so-called ``white nationalist'' movement, Stormfront was moved by Black to the Web in March 1995. The site is decorated with German-gothic text, white-pride graphics, and letters urging African Americans to thank whites for slavery. ``At the time of the Oklahoma City bombing [ in April 1995 ] , maybe two or three racist groups had Web pages,'' said Rick Eaton, senior researcher at the Simon Wiesenthal Center in Los Angeles. ``There are now dozens, if not over 100 outright racist Web pages. There's a lot of new players that we never saw before, and most importantly there is a sense of communication and instant gratification -- that they're not alone.'' And many of their online efforts amount to ``very sophisticated advertisements for their groups,'' said Paul V. Fleming, a mass communications graduate student at Oklahoma State University, who has co-authored a research paper on Internet hate speech. ``Some of these sites are just very, very slick,'' with good graphics and downloadable ``hate music,'' Fleming said. Several watchdog groups, including the Anti-Defamation League and the Wiesenthal Center, are attempting to closely monitor hate speech on the Internet. The Wiesenthal Center, Eaton said, now focuses up to 80 percent of its research activity on the worldwide linkage of computer networks where cheap, unfettered and often anonymous global discourse points up both the blessings and curses of free speech. Black said he oversees an e-mail discussion group with 380 subscribers and an electronic mailing list for 1,200 people. But since March of 1995 he says his web site has been visited by thousands more. ``What we've done is begin to break that monopoly'' of the mainstream media, said Black. ``Anyone, of course, can set up a Web page, and in our case we've been pretty successful at it as far as the traffic we've gotten.'' ``Up to now, you had a guy like Don Black . . . sitting there and basically playing at being a Nazi when the lights are out. Now all of a sudden there is a double sense of empowerment: Their message, theoretically, gets out to hundreds of thousands or millions of people . . . and they're in touch with each other instantaneously,'' said Mark Weitzman, director of the Wiesenthal Center's Task Force Against Hate. Groups serious about using violence are not likely to be using the relatively insecure Internet to communicate, several experts said. Eaton said he had not previously heard the names of any of those arrested this week as part of an alleged plot by the Viper Militia in Arizona to bomb buildings in Phoenix. Were the Vipers on the Internet? ``Nope, I can't find 'em,'' said Richard Bash of Portland, Oregon, who maintains an electronic mailing list for the academic discussion of terrorism, and is writing a doctoral dissertation about militias. Most extremist-group members are ``blowhards'' who migrated from such innocuous activities as ``bowling leagues.'' Rarely, he said, do they pose a threat to society. Weitzman said, however, that increasing electronic communication among these extremists could be inspiring more to violence. ``With the arrests in Arizona, you see more people willing to go to the extreme,'' he said. ``As the communications increase between them, there is a sense: We have this link, we can start doing something about society.'' He said impressionable young people are the propaganda targets of many extremist groups. ``They see the Internet as an incredible recruiting tool. It is wide open for kids and, essentially, the younger the better, because they can get them before they develop all the intellectual resources to combat what they're saying,'' Weitzman said. ``Organizations have recruited through Stormfront, and through their Web pages that we've linked to,'' said Black. Some experts say that the nature of the Internet makes it difficult to stumble upon extremist material without looking for it. But Eaton contests that. He pointed out that a Web search for the term ``Talmud'' on the Infoseek service turns up a page from Stormfront titled ``The Talmud: Judaism's holiest book documented and exposed,'' in the top 10 of 353 references. In another search, the first and third of 415 references found for the word, ``Auschwitz,'' were links to the Web site of an organization that denies the Holocaust took place. And an online essay by white supremacist Milton Kleim Jr., 25, of Roseville, Minn., urges a campaign by ``cyber guerrillas'' to proselytize in the Internet discussion groups called Usenet news groups: ``Usenet offers enormous opportunity for the Aryan Resistance to disseminate our message to the unaware and the ignorant . . . We MUST move out beyond our present domain, and take up positions on `mainstream' groups.'' In his paper titled ``An Examination of Hate Speech, Censorship and the First Amendment on the Internet,'' presented in March to a Las Vegas conference on American popular culture, Fleming and co-author Torey Lightcap said, ``The Internet is accused of not only giving hate groups an uncontrolled platform but also legitimizing them.'' But the paper concludes that ``like the non-electronic world, citizens of cyberspace will probably have to live with hate speech as one of its liabilities in order to enjoy the wide range of benefits the Internet offers.'' Cyberspace libertarians severely criticized the Wiesenthal Center earlier this year when it sent thousands of letters to Internet service providers asking them to deny Web space to hate groups. Eaton said he was disappointed that barely a score of providers responded. ``We would like to see providers say, `This stuff is crap, and we're not going to put it on,''' he said. ------------------------------------------------------------------------ To: Multiple recipients of the Stormfront-L Mailing List Host: Don Black Finger for PGP public key. Post to 'Stormfront-L at stormfront.org' with 'SF:' prepending the subject. To unsubscribe, send e-mail to 'Listserv at stormfront.org' with the line 'unsubscribe Stormfront-L' in the message BODY, not the subject. ------------------------------------------------------------------------ ----- Processed with Listserv v2.92 for Wildcat v4 From ponder at freenet.tlh.FL.us Thu Jul 4 22:22:56 1996 From: ponder at freenet.tlh.FL.us (P. J. Ponder) Date: Fri, 5 Jul 1996 13:22:56 +0800 Subject: InfoTrends ISTrends - Issue 55 (fwd) Message-ID: Anybody know what this is about? I noticed it in the current issue of Information Society Trends. Thanks. Happy Independence Day USA! ---------- Forwarded message ---------- Date: Tue, 2 Jul 1996 16:00:49 +0200 From: ISPO Administrator To: istrends at www.ispo.cec.be Subject: InfoTrends ISTrends - Issue 55 Information Society Trends Issue number: 55 - (13.6.96 - 27.6.96) [big piece snipped out here] TECHNOLOGY The Japanese Ministry of International trade and Industry (MITI) is planning the launch in 1997 in collaboration with Japanese electronics and computer firms of trials for an electronic certification system which would be used for the transmission of formal documents as well as to provide a high level of security for electronic commerce. [more stuff snipped out here] __________________________________________________________________________ DGXIII - The content of "Information Society Trends" does not necessarily reflect the European Commission's views. Also available electronically: http:/www.ispo.cec.be/ispo/press.html E-mail subscription: Majordomo at www.ispo.cec.be; enter SUBSCRIBE ISTRENDS + your e-mail address From vinnie at webstuff.apple.com Thu Jul 4 22:35:20 1996 From: vinnie at webstuff.apple.com (vinnie moscaritolo) Date: Fri, 5 Jul 1996 13:35:20 +0800 Subject: Net and Terrorism. Message-ID: Since this has become terror-punks I guess I should throw my e$.02 into the fray. I have to agree with the entity that call himself snow that one of the reasons that you don't see so much civil induced terrorism in the US, (as oposed to terrorism the Feds do) is because there is so many channels for free speach here. This helps to vent and depresurize the situations. There is little need for organizations to underground, since most things can (or used to be) be better done out in the open. In fact you will attract less governement attention that way. Take Greedpiece (typo) GreenPeace for instance, they are able to perform thier forms of terrorism very overtly, same for Anti-Abortionists. Sometimes I am astounded by the lack common sense that government officials display. Bill Klinton and his media budies (Ted Copulate etc) are the best recruiters for Militia groups, After the OKC bombing, his accusations of Militia involvement pissed off so many middle of the roaders that memberships showed a marked increase. Thanks to Sen Fineswine, Semi-Auto purchases had a record year in California. (does she have stock in Norinco?) There is no conspiricy on the governements part, just plain stupidity. >Then why do you float ideas such as buying out the Soviet arsenal if you >think it isn't possible? actually I know of an individual who did just that: he bought out an DDR arsenal, and flew it into Ohio on a Soviet transport. Scared the shit out of the ATC working the airport that day. Result: large supply of Soviet SKS, Moisan-Naggant and AK's for gunshops, just in time for the Fineswine blue light special. he made big bucks. >however, we will probably > see that again in parts of the world as many cultures do not have the >basic > respect for life we do. the first time you witness a small child begging > for chocolate exploded by a remote control pressed by her father, you > understand --you do not necessarily like it, it's just survival. > and faced with a decision of giving up 'n' "friendlies" for 1000n, or even > more, to survive, I know where I stood, and still stand Yes it does have a way of changing the way you look at the world. I only wish the clowns in office who make the decisions that the grunts guarding the embassies should have empty mags, could see any of this shit. War does suck, and suck in a big way, and when your there, and I don't mean watching it on CNN, you ARE in a world of hurt. > if the U.S does adopt the police state tactics Bubba > is espousing, the U.S. will be faced with _real_ terror, not staged > incidents to justify the martial law, etc. Roger that, an I for one don't want to see that war fought on US soil. This is the part that scares me the most. So my point is, the more the government inflates a non existant problem, the bigger the problem gets. The part that really bothers me is that too many times these are all diversion from important issues. The American people seem to be on a steady diet of OJ and CNN, when the war, the real war that will shape the future gets no media coverage. Things like education, and economic strategy are just not sexy enough for TV. >However, you will never be able to buy out the religious terrorists > --they are on a "mission." I was always taught They have nothing left to lose..make em happy and send em to Allah (or whatever) as quickly as you can. >There is no cure for the "revolutionary" terrorists .. > If we do not even print their obit, there is no glory! Tim, you are asking for the liberal media to act responsibly.. what were you thinking? speaking of liberal media, I have lost all creditibility with my Bostonian friends this week trying to tell em about the feature I saw in the San Jose TV news, where some animal expert actually suggested admininstrating tranquilizers to the family poodle in preparation for 4th of July festivities..something do with fireworks. OK maybe in Santa Cruz the animals (at least the ones downtown) are already on tranquilizers. But who wants a dog that can't deal with loud noises anyways, he'd be useless for huntin. But what do I know.. I just practice law Samoan style. Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From scmayo at rschp2.anu.edu.au Thu Jul 4 23:14:17 1996 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Fri, 5 Jul 1996 14:14:17 +0800 Subject: What remains to be done: keeping info free Message-ID: <199607050336.UAA07204@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Hal Finney writes.. > From: Black Unicorn > > A. Methods to run secure websites on insecure servers. > > [...] > > A software solution which permits local decryption makes traffic analysis > > less useful, presents the opportunity to use front end and disposable www > > pages on domestic ISPs while imposing no liability on the ISP itself, and > > opens several more effective traffic analysis deterants. > I don't quite understand what is being proposed here. If the > information on the web site is encrypted, who is supposed to be able to > decrypt it? Just one person, or some select group of people? My If the objective is to keep information available then check out Ross Andersons "eternity service" proposal (http://www.cl.cam.ac.uk:80/users/rja14/#Lib) which outlines a "highly distributed, resilient and anonymous file store. Once a document is published on it, the courts will simply not be able to find and delete all the copies" Sherry -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBMdyPeOFu4n6w1qeBAQF4igP/bhD22woqB8W2kglF6r6Z4rdUVDzGrXk4 N9Iav/KnUtAlmWb/yItHg9+uwAPRtomkTeOZye5UcmJzYI8WERyBYi5Y4OghA48a vo9C/Qo4znljc2J3+J1nWuuDp1khSVB/b+B1/r2zqN/Uv7YvwkF9cext/bf8XV/G uxPJz0DvSLE= =jiix -----END PGP SIGNATURE----- From AwakenToMe at aol.com Fri Jul 5 00:44:36 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 5 Jul 1996 15:44:36 +0800 Subject: Word lists for passphrases Message-ID: <960705010023_427891194@emout09.mail.aol.com> In a message dated 96-07-04 16:37:24 EDT, fair at clock.org (Erik E. Fair) writes: >You could just snarf up a week's worth of netnews... > > Erik > > > There are many out there. And I doubt the net would have anything like Antidisestablishmentarianism heheh I believe it was an 8 meg wordlist I got off the net. Just use the good ole search utils!! From mixmaster at remail.obscura.com Fri Jul 5 01:10:32 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Fri, 5 Jul 1996 16:10:32 +0800 Subject: Mix for PC: Mixmaster Remailer FAQ Message-ID: <199607050451.VAA12470@sirius.infonex.com> -----BEGIN PGP SIGNED MESSAGE----- Frequently Asked Questions about Mixmaster Remailers FAQ Verson 1.8 July 4 1996 by Lance Cottrell This document is a semi-technical discussion of Mixmaster remailers. I wrote this to answer questions often asked by new users of Mixmaster, and to explain why you would want to use Mixmaster remailers. ***Announcements*** 4 July 1996: Mixmaster for Dos and Windows is now available! I am pleased to announce the release of Mixmaster 2.0.3 It contains many bug fixes, and a much improved Makefile which makes compiling a snap! ***What is Mixmaster?*** Mixmaster is a new class of anonymous remailers. Inspired by the existing "cypherpunk" remailers and discussions on the Cypherpunk mailing list (cypherpunks at toad.com). Mixmaster is the next generation in the evolution of remailer technology. ***What is an anonymous remailer?*** Quoting from Andre Bacard's remailer FAQ: An anonymous remailer (also called an "anonymous server") is a free computer service that privatizes your e-mail. A remailer allows you to send electronic mail to a Usenet news group or to a person without the recipient knowing your name or your e-mail address. For a non-technical introduction to remailers (not including Mixmaster), I recommend Andre's FAQ. It is posted regularly to: alt.privacy alt.privacy.anon-server alt.anonymous or you can get it by sending mail to: To: abacard at well.com Subject: Help1 Message: [Ignored] There is also a version on the World Wide Web at . ***What do I need to use Mixmaster remailers?*** Unlike other remailers, you can't just make your own message and send it to the remailer. Mixmaster's security comes in part from using a special message format. The disadvantage of this is that you need a special program to make the message for you. Once you have that program (the client) remailing is as easy as running the program, and telling it which remailers you want to use. ***How do I get the Mixmaster client software?*** There are two sites for distribution. The first is at my site , or ftp to ftp.obscura.com and read /pub/remail/README.no-export. The other is by anonymous ftp to jpunix.com. You will have to follow the instructions there to get Mixmaster. Because Mixmaster contains cryptography, it may not be exported from the U.S and Canada. The reason for the circuitous route to download Mixmaster is to show my good faith efforts to keep Mixmaster from being exported. I understand that Mixmaster may be available in Europe from ftp://utopia.hacktic.nl/pub/replay/pub/remailer ***How do I get the software to run a Mixmaster remailer?*** The remailer software is available from the same sites as the client. ***But I only see one Mixmaster distribution?*** The same program is used for both the client and the remailer. The only difference is in the installation. For the client you just compile it and you are ready to go. For the remailer, you need to set up mail forwarding and cron jobs. ***What kinds of computers does Mixmaster run on?*** Unfortunately, not PCs or Macs. But it is being ported to those right now. Mixmaster runs under UNIX. The only machine it is known not to work on is Dec Alpha. It has been tested on Linux, FreeBSD, SunOS 4.1.3, Solaris, and several others. It has been compiled and tested on Netcom. If you use it on a machine or service not on this list, please let me know so I can add it. ***How does Mixmaster work, and why should I use it?*** You should use Mixmaster if you want the highest level of anonymity available, or if your are tired of building remailer messages your self. A discussion of how Mixmaster provides this level of security is beyond the scope of this FAQ, but I put an essay on the subject on my home page. ***Does Mixmaster use PGP?*** No, Mixmaster uses the rsaref package from RSA. Mixmaster uses its own keys and key file formats. To add a key to a key ring, simply append the key to your key file using your favorite text editor. ***Can Mixmaster post to News?*** Yes, like older remailers some Mixmaster remailers can post to news. Also like older remailers, not all Mixmaster remailers can post to news. Request the remailer's help file to check if it supports posting. Do this by sending mail to the remailer with the subject line remailer-help ***When Was Mixmaster Released?*** Mixmaster was originally released on an experimental basis in late 1994. There were only ever two remailers running Mixmaster 1.0. Mixmaster 2.0 was released on May 3, 1995. There are now 18 publicly available Mixmaster remailers. ***What is the latest version of Mixmaster?*** Version 2.0.3 for Dos and Windows was released July 4 1996. Version 2.0.3 was released on Nov 27, 1995. This version uses a new Makefile, which makes compiling it a snap. Several bugs were also fixed, and some esoteric functions added. Version 2.0.2 was released on Sept 22, 1995. Mixmaster remailers can now accept messages containing multiple Mixmaster packets. Mixmaster can be told to choose a random set of remailers to chain your message through. It will now route multiple packet messages over independant chains. Several minor bugs were fixed. Version 2.0.1 was released on May 27, 1995. The only changes from 2.0 are some improvements in the documentation, and the inclusion of a more up to date list of remailers. ***What remailers run Mixmaster?*** The most recent list of remailers is available on my homepage, along with the remailer list and key file for Mixmaster. You can simply replace your current type2.list and pubring.mix files with these. They are also available from . My list is simply a mirror of the one on Jpunix, which is maintained (through much hard work) by John Perry.

Please send any questions you think should be here to: loki at obscura.com. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdxm51Vkk3dax7hlAQGfwgP9FediBro7gdVMMjCffWToLyhr6HUagxSI qcHhQU4jL1EWdebMwR6wqUBWuxDgrAsrSRT4WhftfSxTtCHCiSk9yXqg7HlRVPkx VQ+7SCF5/gnTE3a/rvj+EbH2hjBdRZWLEOdOnv+Ej00rhCB4A9T2ASQjpcZZB1iT zT+cSIlW3go= =qKtd -----END PGP SIGNATURE----- From rp at rpini.com Fri Jul 5 02:07:39 1996 From: rp at rpini.com (Remo Pini) Date: Fri, 5 Jul 1996 17:07:39 +0800 Subject: Computer-Aided Revolution Message-ID: <1.5.4.32.19960705062727.008f8f04@www.nextron.ch> >> I've thought of an application for a "revolutionary" program for peaceful >> protest, but one that requires that a substantial number (1000) of people >> have access to computer time synchronized to 1 second, ideally 0.1 second. >> How good would a time sync over the net typically be? Well, in Europe you could just buy a 40$ hardware (DCF-77 receiver) which syncs with the standardized broadcasted atomic clock. you could sync the stations every second with an accuracy of better than 10^-3 secs, like a GPS, only much cheaper. (although, you wouldn't know you geographic location ;-) ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From tcmay at got.net Fri Jul 5 02:19:55 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 5 Jul 1996 17:19:55 +0800 Subject: Word lists for passphrases Message-ID: At 5:00 AM 7/5/96, AwakenToMe at aol.com wrote: >In a message dated 96-07-04 16:37:24 EDT, fair at clock.org (Erik E. Fair) >writes: > >>You could just snarf up a week's worth of netnews... >> >> Erik >There are many out there. And I doubt the net would have anything like >Antidisestablishmentarianism heheh >I believe it was an 8 meg wordlist I got off the net. Just use the good ole >search utils!! The standard "large data base" of modern American English words is the "Brown corpus." Search the Web for this and you'll get a few hundred hits, including some downloadable files. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Jul 5 02:41:28 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 5 Jul 1996 17:41:28 +0800 Subject: Net and Terrorism. Message-ID: At 2:37 AM 7/5/96, vinnie moscaritolo wrote: >>There is no cure for the "revolutionary" terrorists .. >> If we do not even print their obit, there is no glory! > >Tim, you are asking for the liberal media to act responsibly.. what were >you thinking? I did not write that. However, I wouldn't think that "not printing their obit" is acting responsibly. As far as I'm concerned, I want the full news, or at least some reasonable approximation of it, not propaganda. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Jul 5 02:48:34 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 5 Jul 1996 17:48:34 +0800 Subject: ecash thoughts Message-ID: First, I'm not very convinced that probabalistic payments are needed. And I'm mostly convinced that most users of digital money will be skeptical too. A few comments: At 9:18 PM 7/4/96, Steve Reid wrote: >Suppose someone is surfing the web or whatever, and various sites are >charging, say, 0.1 cents per web page, via probabilistic payments. >Suppose there is a 1 in 10 chance that the person will pay 1 cent. > >The person wanders around the web, acting as though he's perfectly willing >to pay, and participating in the fair coin tosses. Except, he really has >no intention of paying. He will gain free access to 9 out of 10 sites, and >on the ones that he loses the 1/10 gamble, he just backs out of the deal >and doesn't pay anything. The end result is that instead of seeing all of >the web at 0.1 cents per page, he sees 90% of the web completely for >free. If everyone does this, the sites will go broke. I cannot imagine _any_ protocol for probabalistic payments which "allows" someone to back out of the deal once they've seen the outcome of the coin toss (or whatever). That just makes no sense. Exactly how the deal works to force completion is another matter (maybe escrow, maybe the symmetric payment scheme described here recently, etc.). >The obvious solution would be to require that the person pay the 1 cent, >then if he wins the 9/10 bet, he gets the 1 cent back. But that will just >move the problem from the user to the server- the site can welsh on the >bet and refuse to pay back the one cent. They will get ten times the >payment that they are supposed to get. Reputations matter, too, so sites or customers who renege will have their reps diminished, in the ways we talk about so often here. (Analogies in the physical world today: casinos who fail to pay off winnings, customers of casinos who fail to pay off their markers, etc.) I don't believe probabalistic payments have any special problems with renege rates. However, I also don't think this is a promising area. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From llurch at networking.stanford.edu Fri Jul 5 03:46:43 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 5 Jul 1996 18:46:43 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 4 Jul 1996, vinnie moscaritolo wrote: > Sometimes I am astounded by the lack common sense that government officials > display. Bill Klinton and his media budies (Ted Copulate etc) are the best > recruiters for Militia groups, After the OKC bombing, his accusations of > Militia involvement pissed off so many middle of the roaders that > memberships showed a marked increase. Thanks to Sen Fineswine, Semi-Auto Middle of the roaders? Some road. :-) I get your drift, and I'm behind you, but I think you're deluding youurself if you think you're anywhere near the mainstream. Most people aren't that intelligent. Yeah, I'm sure some good people like we'all joined the militia, but I'm worried about the losers and loons like the "Vipers Militia." When the barely literate who can't hold a job at a donut shop are convinced that it's *K00L* to play with guns and bombs and prepare to fight The New World Order, we have a problem. Even the very few real Nazis (as opposed to everybody the SWC thinks are Nazis) are worried about the proportion of unstable loons in their midst. There are good people in that racket who don't want to see people hurt; I'm happy to have made some friends. Of course you're right, much of the blame for that problem lies with the stoopid gubmint that lacks a proper regard for the Bill of Rights, not to mention a Sense of Huumor. Absent the fearmongering, the Viperweenies would have turned to something else antisocial, buut they wouldn't have had a "movement" to cling to. (Or maybe they would have... in another era, they would have joined up with the Weathermen or the Symbionese Liberation Army.) Fortunately, and despite what, say, the SWC says in its fundraising materials, the middle of the road among the militias isn't that kooky. Bo Gritz and the leaders of the Michigan Militia were heard calling the Freemen a bunch of lying scum; I've observed more mainstream (if that's the word) militiafolk distancing themselves from the Viperweenies both online and on shortwave. > purchases had a record year in California. (does she have stock in > Norinco?) I'm sure it's a blind trust. > There is no conspiricy on the governements part, just plain > stupidity. Absolutely, on both sides of that walnut. > So my point is, the more the government inflates a non existant problem, > the bigger the problem gets. Government or whomever... > >However, you will never be able to buy out the religious terrorists > > --they are on a "mission." > > I was always taught They have nothing left to lose..make em happy and send > em to Allah (or whatever) as quickly as you can. Since the two muslims who used to give a shit about this list seem to have left in disgust, I suppose I should register my "That ain't representative of Islam, any more than Pete Peters is representative of Christianity or Lenin is representative of atheism." I think this falls under the category of "the more you inflate a nonexistent problem, the bigger it gets." Yes there is an unusually high proportion of loons in charge of movements that call themselves Islamic Fundamentalist, but do you really think it's in your interest to talk like, well, a bigot and turn the rest of the muslims against you? - -rich http://www.c2.org/~rich/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMdzGDZNcNyVVy0jxAQFDAQH/cy1hWsH29dj3AHWaH8Z5I9BxDgoPtbYB 4cVL5T0mOLiP5aW/OjP05e4yF9Y1r4af+iI0x9u8yuc6ly8NOzOK9g== =Qoe2 -----END PGP SIGNATURE----- From erehwon at c2.org Fri Jul 5 04:55:03 1996 From: erehwon at c2.org (William Knowles) Date: Fri, 5 Jul 1996 19:55:03 +0800 Subject: Word lists for passphrases Message-ID: Greg, >Are there any publically available word lists which contain just about >every word in the English language? It's not absolutley necessary, >but I'd also like the list to include english names. I would try this site out, It is very complete and should fill the bill. ftp://sable.ox.ac.uk/pub/wordlists/ Good Luck! -William Knowles erehwon at c2.org Finger for public key -- From llurch at networking.stanford.edu Fri Jul 5 05:40:36 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 5 Jul 1996 20:40:36 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Fri, 5 Jul 1996, Timothy C. May wrote: > At 2:37 AM 7/5/96, vinnie moscaritolo wrote: > > >>There is no cure for the "revolutionary" terrorists .. > >> If we do not even print their obit, there is no glory! > > > >Tim, you are asking for the liberal media to act responsibly.. what were > >you thinking? > > I did not write that. > > However, I wouldn't think that "not printing their obit" is acting > responsibly. As far as I'm concerned, I want the full news, or at least > some reasonable approximation of it, not propaganda. The issue here is that terroristic actions *are* propaganda. Does every idiot with a bomb deserve to be really big news? Anyway, I don't think Vinnie was suggesting that the news be censored -- just that the press doesn't have an obligation to print the obituary the "martyrs" want. There's a spectrum from "the popular front for the liberation of kooks, which believed blah blah blah because blah blah blah, just blew up a building" to "some kook just blew up a building." The latter is usually sufficient. If I care about the kooks, I can look them up, but I don't think the fact that they blew up a building gives them the right to propagandize the front page of my newspaper. -rich From jimbell at pacifier.com Fri Jul 5 05:41:45 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 5 Jul 1996 20:41:45 +0800 Subject: ecash thoughts Message-ID: <199607051008.DAA03805@mail.pacifier.com> At 02:18 PM 7/4/96 -0700, Steve Reid wrote: >The person wanders around the web, acting as though he's perfectly willing >to pay, and participating in the fair coin tosses. Except, he really has >no intention of paying. He will gain free access to 9 out of 10 sites, and >on the ones that he loses the 1/10 gamble, he just backs out of the deal >and doesn't pay anything. The end result is that instead of seeing all of >the web at 0.1 cents per page, he sees 90% of the web completely for >free. If everyone does this, the sites will go broke. > >It's the equivalent of welshing on a bet. > >The obvious solution would be to require that the person pay the 1 cent, >then if he wins the 9/10 bet, he gets the 1 cent back. But that will just >move the problem from the user to the server- the site can welsh on the >bet and refuse to pay back the one cent. They will get ten times the >payment that they are supposed to get. If you're a store and I want to buy something that costs, say, $4.50, and we want to eliminate the need for change (for whatever reason) then I would pay $4.00 up front and we'll flip the electronic coin for the rest. At that point, you already have $4 so I'd have no reason to welsh on the remaining 50 cents. It obviously doesn't work this way if the minimum coin is larger than the current purchase... Jim Bell jimbell at pacifier.com From jgrasty at gate.net Fri Jul 5 09:21:25 1996 From: jgrasty at gate.net (Joey Grasty) Date: Sat, 6 Jul 1996 00:21:25 +0800 Subject: Libertarian Anti-GAK Platform Message-ID: <199607051311.JAA14454@osceola.gate.net> Y'all: Just got an e-mail from Jim Ray, who added the anti-GAK provision to the Libertarian Party Platform yesterday. So, yes, it WAS one of us. Good job, Jim! Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From camcc at abraxis.com Fri Jul 5 09:29:06 1996 From: camcc at abraxis.com (camcc at abraxis.com) Date: Sat, 6 Jul 1996 00:29:06 +0800 Subject: Word lists for passphrases Message-ID: <2.2.32.19960705131244.00687f3c@smtp1.abraxis.com> At 02:12 AM 7/5/96 -0700, you wrote: :Greg, : :>Are there any publically available word lists which contain just about :>every word in the English language? : :I would try this site out. It is very complete and should fill the bill. : :ftp://sable.ox.ac.uk/pub/wordlists/ : :Good Luck! : : :-William Knowles : erehwon at c2.org : Finger for public key : I am not sure of your purposes, but I suggest you take a look at Arnold Reinhold's Diceware page. http://world.std.com/~reinhold/diceware.page.html The list it contains certainly is not "every word in the English language," but the list he offers is large and well set up; I load mine from Wordpad. It is part of a randomness system he espouses. Alec From talon57 at well.com Fri Jul 5 10:48:28 1996 From: talon57 at well.com (talon57 at well.com) Date: Sat, 6 Jul 1996 01:48:28 +0800 Subject: Net and Terrorism Message-ID: <199607051432.HAA25401@well.com> Tim May wrote: >Again, the Sarin attack in Tokyo had nothing to do with former >U.S.S.R. CBW weapons. Chemical and biological agents are cheap to >make, especially in the quanties needed to kill only a few >thousand people, and in the non-battlefield delivery environment. Actually Tim, the Aum Supreme truth cult was using a Russian formula for it's production of sarin, and was spending vast amounts of time and money trying to obtain Russian NBC expertise. They supposedly had an estimated 30,000 followers in the former Soviet union. I recently finished an excellent book "The cult at the end of the world" about all this and highly recommend it to my fellow cypherpunks. Brian From geoff at commtouch.co.il Fri Jul 5 10:51:05 1996 From: geoff at commtouch.co.il (geoff) Date: Sat, 6 Jul 1996 01:51:05 +0800 Subject: Lack of PGP signatures Message-ID: <19960705135901328.AAB217@[194.90.26.119]> -----BEGIN PGP SIGNED MESSAGE----- To: bshantz at nwlink.com, markm at voicenet.com, cypherpunks at toad.com Date: Fri Jul 05 17:10:11 1996 On 7/3 Brad Shantz Wrote: > Once upon a time last year or the year before, Tim May posted why he > doesn't use PGP very often. And I have always stood by that same > sentiment. Yes, it is a good encryption product, but it is not > integrated seamlessly into other applications. Tim, feel free to > whack me if you think I'm speaking for you. If, as cypherpunks, we > want to spread the use of strong crypto, we need to have a better > interface than what currently exists on PGP 2.6.2. I strongly urge anyone who uses PGP on a regular basis to take a look at Pronto Secure. It is a fully featured Windows e-mail client with complete & seamless PGP integration in its native implementation. Security features include: Single click for encrypt sign or decrypt, on the fly authentication, key management, talks to the keyservers, intuitive & flexible certification / trust management, automated key exchange between Pronto Secure clients & more. The product is in final beta & this will probably be the last opportunity to get a free registered copy. We believe that we have a pretty secure e-mail client. However before releasing Pronto Secure to a less security aware public, we would like to submit the product for additional scrutiny by the members of this list. With this objective in mind, we have decided to extend our special offer to beta testers: Any tester providing us with feedback on the product will automatically be eligible for a free copy of the soon to be released Pronto Secure 1.0. For a detailed specification see http://www.commtouch.com/s-mail.html To check out what our existing beta testers have said about Pronto Secure: http://www.commtouch.com/testers.htm To apply for the beta send signed mail to secure at commtouch.com. Also please attach your PGP key. I take this opportunity to thank all members of the list who have up to now assisted in beta-testing the product. Your input has helped make Pronto Secure into what we believe is a truely usable secure e-mail client. - --------------------------------------------------------------- Geoff Klein, Pronto Secure Product Manager; www.commtouch.com My PGP public Key 1814AD45 can be obtained by sending a message to geoff at commtouch.co.il with "Get Key" as the subject. - ---------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMd0iTELv5OMYFK1FAQG8dQQAo2pgG+JIyHFLT/g6stvFnb+MAIpr8Ut7 43uPtRP6xSCztG1T48V/a4jIHzCYcXiYOrGdalJSRc+alpndFfehD+Ky+nzAsgKu WZPISfieWb0wQDUygi1DFkKTddzhjlStAdtwZ0J0E4fHHrZgc3NpzfoRvyVUvdtS cgmH6neWNjs= =yUlH -----END PGP SIGNATURE----- From reagle at rpcp.mit.edu Fri Jul 5 10:57:32 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Sat, 6 Jul 1996 01:57:32 +0800 Subject: Net and Terrorism. Message-ID: <9607051439.AA07350@rpcp.mit.edu> At 05:43 PM 7/4/96 -0700, Timothy C. May wrote: >Anyway, I should point out that Mormons (or Latter Day Saints, I guess) are >spreading quickly around the world...all WITHOUT using "conversion by the >sword," as some other well-known religions are wont to do. Perhaps you've read this before (or it's even been mentioned here before) but an excellent book exists that discusses some of the points you touch upon (suicide, martyrs, religion (meme) propagation). See Bloom, "The Lucifer Principle." _______________________ Regards, He who knows others is wise. He who knows himself is enlightened. Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From reagle at rpcp.mit.edu Fri Jul 5 11:04:40 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Sat, 6 Jul 1996 02:04:40 +0800 Subject: What remains to be done. Message-ID: <9607051439.AA07353@rpcp.mit.edu> At 12:58 PM 7/4/96 +0000, Deranged Mutant wrote: >Another need is for file/disk-encryption utilities. I'm not familiar >with what's out there for Macs, but for PCs there's SFS and ASPICRYP >for SCSI drives (with no source!) and SFS, SecureDrive and SecureDevice >for HD (or FD). The latter won't work on Win95. AFAIK, SFS and >SecureDrive aren't 100% friendly with Win95 either, though they'll work. I'll just add that Jetico puts out BCrypt, which works perfectly with Win95. Of course it costs, but one can try out the software only version, then upgrage to hardware encryption! _______________________ Regards, He who knows others is wise. He who knows himself is enlightened. Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From ota+ at transarc.com Fri Jul 5 11:20:27 1996 From: ota+ at transarc.com (Ted Anderson) Date: Sat, 6 Jul 1996 02:20:27 +0800 Subject: Fwd: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: Message-ID: See the sig at the end. -ota ---------- Forwarded message begins here ---------- Date: Thu, 4 Jul 1996 08:41:35 +0000 (GMT) From: jonathon To: "Mark M." cc: David Rosoff , Declan McCullagh , cypherpunks at toad.com Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port On Wed, 3 Jul 1996, Mark M. wrote: > On Wed, 3 Jul 1996, David Rosoff wrote: > > I've wondered .. could a creative child circumvent these filter programs > If the child is creative enough, he will be able to boot DOS from a bootdisk > and remove the line from config.sys that starts up the filtering software. Even more creative kids will find the Dos-based web browser that bypasses whatever is in the config.sys file, that is supposed to prevent them from seeing those "naughty" websites. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From um at c2.org Fri Jul 5 11:40:20 1996 From: um at c2.org (Ulf Moeller) Date: Sat, 6 Jul 1996 02:40:20 +0800 Subject: Restrictions on crypto overseas Message-ID: <9607051504.AA50380@public.uni-hamburg.de> > What about other nations that have recently passed restrictions on the use > of crypto? Other than Russia, which are they? Is there a list anywhere? http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm From hlin at nas.edu Fri Jul 5 11:43:48 1996 From: hlin at nas.edu (Herb Lin) Date: Sat, 6 Jul 1996 02:43:48 +0800 Subject: SAFE forum -- remarks of Herb Lin Message-ID: <9606058365.AA836589679@nas.edu> You're entitled to any spin you wish (see your [...] below). But my original intent was to say the part about "and it is" in any event; unfortunately, the audience started snickering before I got to it. In the future, I will say "Crime prevention ought to be, and is, a part of the FBI's mission", thereby pre-empting premature snickering by an audience pre-disposed to be unfriendly or derisive to law enforcement. Begin personal comment from herb: The "overview and recommendations" document summarizing the report notes that "Input from [..] diverse sources demonstrated to the committee a considerable amount of confrontation and disconnect between interest groups (e.g., information technology vendors, businesses, law enforcement, private individuals, national security) that fail to understand or appreciate the validity of each other's policy needs and interests with respect to cryptography. . . . Public debate based on hyperbole is unproductive. All of the stakes described above -- privacy for individuals, protection of sensitive or proprietary information for businesses, ensuring the continuing reliability and integrity of nationally critical information systems and networks, law enforcement access to stored and communicated information for purposes of investigating and prosecuting crime, and national security access to information stored or communicated by foreign powers or other entities and organizations whose interests and intentions are relevant to the national security and the foreign policy interests of the United Statesare legitimate; informed public discussion of the issues must begin by acknowledging the legitimacy both of information security for law-abiding individuals and businesses and of information gathering for law enforcement and national security purposes." My experience with the FBI and other law enforcement officials is that they are honorable people trying to do a very hard job. You may disagree with them on policy grounds -- indeed, the NRC report does disagree with the Administration in certain important ways -- but in my personal opinion, law enforcement deserves credit rather than censure for trying to anticipate a future problem, You may believe the proposed solution to be inappropriate, but I'd ask those of you who follow the debate to engage it on substantive rather than ad hominem grounds, Many of you in the cypherpunk community have done so, and I applaud such efforts. [End personal comment] herb == On Wed, 3 Jul 1996, Herb Lin wrote: > Folks -- I object to the characterization of my remarks about crime prevention > being made with sarcasm. The complete remark was "Crime prevention ought > to be part of the FBI's mission, ... and it is -- ask them, and they acknowledge > that." OK, sorry, my reading. I'd certainly hate to jeopardize any professional relationships by implying that you'd been poking fun at them on purpose. There's already far too much distrust to go around. As I recall, the sequence went "Crime prevention ought to be part of the FBI's mission [audience snickers, Herb realizes what he just said and smiles]... and it is -- ask them, and they acknowledge that." The best standup comics are the genuine straight men, I guess. To avoid any trouble, I'll be using that line *without* specific attribution from now on. -rich From Clay.Olbon at dynetics.com Fri Jul 5 12:03:36 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Sat, 6 Jul 1996 03:03:36 +0800 Subject: Lack of PGP signatures Message-ID: >It is not possible to clear-sign binaries with PGP. The point of clear- >signing >is to have signed text that is readable to people who don't have the >software >necessary to process the text. It would make sense to clearsign a file that >is base64'ed or uuencoded, which wouldn't alter the contents of the file. I >can't see how such an option would be harmful, except that it might lose >some >characters that are important to the context of the message. > Mark, Of course you can use pgp to sign binaries. How else did the pgp binary itself get signed? You can either sign it in a separate file, or in the same file. PGP sorts it out for you. What do you use it for? Same reasons you sign text. "I signed this file" means that you vouch for it in some undefined way (maybe I wrote and compiled it, or somesuch). Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From wendigo at gti.net Fri Jul 5 12:16:39 1996 From: wendigo at gti.net (Mark Rogaski) Date: Sat, 6 Jul 1996 03:16:39 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <1.5.4.16.19960704232548.0b77fbf4@arc.unm.edu> Message-ID: <199607051544.LAA20442@apollo.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be David Rosoff wrote: : : > That "creative child" would have to be pretty damn smart to do : >what you described. : : It would actually take less creativity to do the other things, bypass the : config.sys, etc. The child would thus be perhaps a little TOO creative. :) : 2 short replies in one post: A) Who said anything about a creative child? How about a creative c'punk? B) Forget the CONFIG.SYS ... what about kids using Macs or some future "Kid Safe" system that has the filters in an eeprom? I'm talking about bypassing the censorship on the client-server level. Relatively platform independent. - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMd04PA0HmAyu61cJAQHaPwP/VkH9kMZkZGXe5Njz9HRLzPep+EwRGSBf zfX5z8VPxMpDUdBWSKHyZgakckkWWg5e6zNUXtOI6diKtIuPXboVC8/5wY1PN5vX qyEGzN8L97MFOvkKNmQVmWTdfou7Tyd8sd5GfBpYt6WoIYmux2ovz+hRhW5Pg2g+ MhImPjT3k7Q= =EilI -----END PGP SIGNATURE----- From frissell at panix.com Fri Jul 5 12:22:26 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 6 Jul 1996 03:22:26 +0800 Subject: The Net and Terrorism Message-ID: <2.2.32.19960705153701.0082c960@popserver.panix.com> At 06:33 PM 7/3/96 -0700, Timothy C. May wrote: >My article made my points, so I won't rewrite it here. You are of course >not required to agree. You are free to live in crowded cites--near "soft >targets." You are welcome to lobby for world peace and for economic changes >to lessen terrorism. > >(I think this is mostly hopeless. No matter how "nice" conditions get, for >game-theoretic reasons there will be some groups seeking changes.) I am not sure who is right in this debate. I know that the "why can't we all just get along?" crowd is asking a stupid question. There are lots of reasons people can't get along and there have been enough "top-down" imposed social changes this century to suggest that "changing society" won't preserve the peace. On the other hand, I'm not sure that Tim's pessimism is warranted. This argument that cities will become completely unlivable and the only way to survive is to move out into less populated areas has been going on in the libertarian, survivalist, and right-wing-nut communities since the 1960s. The magazines Vonulife and Libertarian Connection used to talk a lot about the relative merits of Nomadism or Troglodytism, suitcase nukes, and such. Those who took the advice and moved into caves in 1969 have sure had an uncomfortable 30 years. Mel Tappan (author of Survival Guns) may have died from a heart attack which he could have survived had he not moved into the boonies. I note as well that Tim is not all that far away from civilization and its discontents. North Dakota or Labrador would be better choices if separation were really desired. Those of us in the Techno-Libertarian Panglossian Community argue that it is at least possible that the spread of markets will serve to bend the world's population to bourgeois values before nanotech gives everyone the power to destroy the world. Note that markets (like networks) can expand faster than outside observers can believe once a critical mass of participants is achieved. We see that happening all around the world in the case of both markets and networks. Even hard cases like Africa and the Middle East will find themselves swept up in a short time (by historical standards). It's hard to get people who are making lots of dough to strap dynamite to their bodies and go blow up a bus. Then Larry said: >>because it is a fact of life, is erroneous in my view. it is a common >>libertarian argument that goes, "criminality is everywhere, so why try >>to stop it?" a rather juvenile ideology. In all my years of reading and listening to libertarian agitprop, I've never heard this argument. And back to Tim: >(And my point about moving out of cities referred to what *I* am doing; >others are of course free to mingle in crowded markets, hoping that the >bombs won't come that day. Others are free to send their children to day >care centers located in likely targets for ZOG's enemies to bomb, and so >on.) Kids sent to day care centers operated by the federal government or schools operated by local governments are going to be in a bad way in any case whether or not they are blown up or shot (as in Stockton and Scotland). I *love* the Volvo ads which feature mom driving her kids to school in a Volvo with all of its safety features and then turing the kids over to the government for indoctrination. Much better she should drive them to private schools in a Chevy Corvair. They'll live longer (certainly in the spiritual sense of "live"). DCF From cyberia at cam.org Fri Jul 5 12:50:55 1996 From: cyberia at cam.org (CyberEyes) Date: Sat, 6 Jul 1996 03:50:55 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Wed, 3 Jul 1996, snow wrote: > 2) When they _are_ exposed, let them fight the fuck back. Rules of > engagment are simple. When fired on, shoot to kill. If the shot > comes from a building, take out the building. If from a crowd, > well, do you best, but _get the shooter_. Basically, what you're saying is that one armed person in a crowd of a hundred needs to be killed no matter what happens to the lives of the other 99? Give me a break, we're not living in the 1800's anymore, we want to STOP wars, not create them! > If the US were to offer Russia $3 billion (or whatever) > in a one time take it or leave it for their entire chemical weapon stock, > it might get the soviet shit off the market. The nuclear stuff is a little > easier to store (I think) and it would be a harder sell. You'll never see it happen. First of all, a lot of the chemical weapons in the former Soviet Union are probably not even owned by the government, some are probably owned by private individuals. Secondly, the former Soviet Union would never give up all their chem. weapons for the same reason, that the U.S.A would not give up theirs (they'd be left defenseless, or very open). Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From cyberia at cam.org Fri Jul 5 13:20:24 1996 From: cyberia at cam.org (CyberEyes) Date: Sat, 6 Jul 1996 04:20:24 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: Message-ID: On Thu, 4 Jul 1996, jonathon wrote: > Even more creative kids will find the Dos-based web browser > that bypasses whatever is in the config.sys file, that is > supposed to prevent them from seeing those "naughty" websites. I think you're talking about Lynx. If you are, they'd need a shell account to access it. Most ISP's like AOL, CompuServe, Prodigy, and others don't offer that. They'd also have to set it up through a communications program in DOS. Anyways, if you're NOT talking about Lynx, what DOS-based Web browser is there? Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From cyberia at cam.org Fri Jul 5 13:32:42 1996 From: cyberia at cam.org (CyberEyes) Date: Sat, 6 Jul 1996 04:32:42 +0800 Subject: Net and Terrorism. In-Reply-To: <199607040558.WAA07424@primenet.com> Message-ID: On Thu, 4 Jul 1996, attila wrote: > "denied zones" (we were never there) is no longer in vogue. however, we > will probably see that again in parts of the world as many cultures do > not have the basic respect for life we do. What is your last comment supposed to mean exactly? Just because some Islamic militants decide to kill a few people in a terrorist attack does not mean that the entire believer population of Islam does not have respect for life. Just who is "we"? Americans? Europeans? All industrialized nations? Every country except those Third World ones? Uh... I don't see your point very clearly here... The only culture I can think of that might now have respect for life are cannibals, and they DO have respect for life in a way, they don't kill each other (I don't think), and they do it because it's their lifestyle, but they don't perform cannibalistic acts out of malice. Correct me here if I'm wrong. Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From markm at voicenet.com Fri Jul 5 13:32:57 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 6 Jul 1996 04:32:57 +0800 Subject: Lack of PGP signatures In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jul 1996, Clay Olbon II wrote: > Mark, > > Of course you can use pgp to sign binaries. How else did the pgp binary > itself get signed? You can either sign it in a separate file, or in the > same file. PGP sorts it out for you. > > What do you use it for? Same reasons you sign text. "I signed this file" > means that you vouch for it in some undefined way (maybe I wrote and > compiled it, or somesuch). I didn't say that binaries couldn't be signed. I said they couldn't be *clear*-signed. There is a difference between clearsigning and creating a signature certificate that is either concatenated with the data or written to a separate file. If somebody who doesn't have PGP gets a file that is signed by PGP, the file is completely useless to that person. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMd1G47Zc+sv5siulAQEjvQQAg57AF6FAZbQ8EeOJ2CH9UCTDB5rfNl3B e5OUIgLMHLnkix8xQchoTEXo0f4spBRjddUu5fy16nP5k9ZNiyKCAYOYZZeiR7n9 cG/reikrCbW02/kAlCJcdoNIsTFXuauf3qity+Co1x2afu0Nl/V4vwvaAzxyLHRK tYECCec7pNY= =iR57 -----END PGP SIGNATURE----- From liberty at gate.net Fri Jul 5 13:47:14 1996 From: liberty at gate.net (Jim Ray) Date: Sat, 6 Jul 1996 04:47:14 +0800 Subject: I confess [Was: Who was that Masked Cypherpunk?] Message-ID: <199607051657.MAA67090@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Duncan Frissell wrote: >OK, fess up. Who was it who amended the anti-key-escrow language of the >Libertarian Party Platform live on CSPAN? Specific reference to >cypherpunks. 'Twas me, the guardian of the *original* definition of the fine old term "escrow" against the slick denizens of Newspeak. I have found this Libertarian convention to be a super-fun experience, and I will be demonstrating PGP, Private Idaho, and lots of other fun stuff on Saturday at 3PM. All are invited to attend. Watch for "Pennies for Perot" this afternoon! ;) JMR -- Dade Chairman and Florida Delegate. Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "It is long past time to end the laughable presumption that voters who can easily cope with the choices offered at Burger King are somehow 'confused' by more than two choices at the voting booth." -- me [From my Miami Herald article.] "Truth is stranger than fiction, especially when 'truth' is being defined by the O.J. Simpson Defense Team." -- Dave Barry 6/16/96 ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray Coming soon, "Pennies For Perot" page! CYA with http://www.anonymizer.com ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMd1Ii21lp8bpvW01AQEBWAQAoWqyLNe921Dx9HXbMFVoW2ReNGp0Qo6r mZd3FvNcJDw4bOeI434sekDwAEg9G2SiCCnBMBFrilZnKscMZpZp0XdNV6+b52FN MtyYW9yYQSRRgixjf3+j6O6jecPynztdugnnWY7Y8jWcb3ukipYYt4cQAVL13sX4 Aknxd4DXtzc= =lvW8 -----END PGP SIGNATURE----- From jimbell at pacifier.com Fri Jul 5 13:47:29 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 6 Jul 1996 04:47:29 +0800 Subject: Net and Terrorism. Message-ID: <199607051652.JAA15062@mail.pacifier.com> At 07:29 AM 7/5/96 -0700, Timothy C. May wrote: >At 2:37 AM 7/5/96, vinnie moscaritolo wrote: > >>>There is no cure for the "revolutionary" terrorists .. >>> If we do not even print their obit, there is no glory! >> >>Tim, you are asking for the liberal media to act responsibly.. what were >>you thinking? > >I did not write that. > >However, I wouldn't think that "not printing their obit" is acting >responsibly. As far as I'm concerned, I want the full news, or at least >some reasonable approximation of it, not propaganda. >--Tim May Well, whoever wrote those two lines above, he hit upon something I've long believed: The ability to force other people to (in effect) ignore dissent up to and including "terrorism" is extraordinarily valuable. Remember the old philosophical question, "If a tree falls in the forest and there's nobody there to hear, does it make a sound?" Scientifically, the answer's obvious. But _politically_ it isn't so obvious: If an act of "terrorism" occurs and the government can cover it up (or merely cover up the terroristic cause), the government is probably actually better off (considering _only_ the government's own interests) ignoring it and not exposing an embarrassing vulnerability, or possibly an embarrassing guilt, which induced the terrorist to attack. The government would probably have much preferred, for example, for 160+ people to be killed in an airliner that just happened to disappear off the radar screen and fall into the ocean, than the bombing in Oklahoma City, because the latter incident puts a powerful onus on the government to "do something" while an unexplained event (or one where the cause is covered up) has no such imperative. And I'm not talking primarily of retribution or punishment, either: Today, the government's under some pressure to simply stop doing things that would be expected to lead to retribution, like Waco and Ruby Ridge, and the government's misbehavior is highlighted by incidents such as the OKC bombing. In addition, a potential "terrorist" is less likely to try something if the government is likely to be able to cover it up. Ironically, this probably tends to induce such people to do things (like huge bombings) which _can't_ be covered up, rather than smaller, more individualized strikes. That makes the non-governmental public less safe, which is a serious conflict of interest between the government and the citizenry. I consider it axiomatic that whoever bombed the OKC building, he would have preferred killing one to two dozen people most responsible for Waco or Ruby Ridge than those who actually died. The public has every reason to prefer this alterative as well. The only people who can be expected to disapprove are government employees, who don't want to be held responsible (legally or "illegally") for what they did. If anything, I think the public would be far better off if there was a mechanism to allow even these "terrorists" to speak directly to the public, without censorship by the governments or heightened risk of capture. Jim Bell jimbell at pacifier.com From tcmay at got.net Fri Jul 5 13:59:45 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 6 Jul 1996 04:59:45 +0800 Subject: The Net and Terrorism Message-ID: At 3:37 PM 7/5/96, Duncan Frissell wrote: >On the other hand, I'm not sure that Tim's pessimism is warranted. This >argument that cities will become completely unlivable and the only way to >survive is to move out into less populated areas has been going on in the >libertarian, survivalist, and right-wing-nut communities since the 1960s. >The magazines Vonulife and Libertarian Connection used to talk a lot about >the relative merits of Nomadism or Troglodytism, suitcase nukes, and such. > >Those who took the advice and moved into caves in 1969 have sure had an >uncomfortable 30 years. Mel Tappan (author of Survival Guns) may have died >from a heart attack which he could have survived had he not moved into the >boonies. I note as well that Tim is not all that far away from civilization >and its discontents. North Dakota or Labrador would be better choices if >separation were really desired. Duncan, I said no such thing. Puh-leeeese. :-} What I _said_ was that _my_ response to increasing crime, the growing threat of serious terrorist actions, and the generally ratcage-like nature of large urban areas has been to move away from such urban centers. (Not that towns like Santa Cruz are crime-free. But they are not prime targets, when more tempting, fatter, softer targets are so nearby.) I've never said cities are "completely unlivable," just that, for me, better options exist. And in the vein of Harry Browne's "How I Found Freedom in an Unfree World," I think a better response to terrorist actions is not to crack down further on civil liberties, but to decentralize. Personally, if not nationally. A variant which might be called "How I Found Security in an Insecure World." >And back to Tim: > >>(And my point about moving out of cities referred to what *I* am doing; >>others are of course free to mingle in crowded markets, hoping that the >>bombs won't come that day. Others are free to send their children to day >>care centers located in likely targets for ZOG's enemies to bomb, and so >>on.) Well, there it is. You quote my clarification to Detweiler's mischaracterizations. I'm not saying that cities are unlivable for all, just that concentratios draw attackers of various sorts, and I expect such attacks to increase in the future. And small cities are not unlivable, either. Last night, for example, I celebrated the Fourth at a free Beach Boardwalk concert with the Drifters. Fine music, resonating even in the Rap Generation's skulls, judging by the wild reaction from tens of thousands of folks crowded on the beach... (Now _that_ was a "soft target," in which a lobbed grenade could've taken out 20 or 40 people....Lots of such soft targets, and little that even a police state can do to stop it. Personal avoidance, by whatever measures one deems important, are the best bet.) If there's any meta-point I'm making is that people are best served by making their own security arrangements, be it home protection, financial security, health security, or the security from rioters, criminals, and terrorists being talked about here. Turning over increased powers to a government to do these things is a recipe for failure, at very high costs (economic and civil liberties costs). --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From Clay.Olbon at dynetics.com Fri Jul 5 14:23:04 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Sat, 6 Jul 1996 05:23:04 +0800 Subject: Lack of PGP signatures Message-ID: Mark M. wrote: >I didn't say that binaries couldn't be signed. I said they couldn't be >*clear*-signed. There is a difference between clearsigning and creating a >signature certificate that is either concatenated with the data or written >to a separate file. If somebody who doesn't have PGP gets a file that is >signed by PGP, the file is completely useless to that person. > My mistake. I guess I still don't understand your point however. Of what use is a signature on a file to someone who cannot check its validity? It seems to me that a separate signature file for a binary would serve the same purpose ("gee, it LOOKS like somebody signed it"). Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From WlkngOwl at unix.asb.com Fri Jul 5 15:05:27 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 6 Jul 1996 06:05:27 +0800 Subject: Moviepunks [NOISE] Message-ID: <199607051823.OAA08772@unix.asb.com> Didn't see either of those flicks, but saw "The Cable Guy" a week ago. Actually has more 'net relevance, even though no one there uses the 'net. If you imagine the utopian 'everything delivered by cable' (phone, TV, 'net, video games, shopping, etc.) and mix with the power a psychotic and corrupt cable installer has, the plot has potential. (It's actualisation was something else, though.) The movie is apparently such a flop that it turned out the group of friends I was with were the only people who wanted to see it that day, so we had the theatre all to ourselves. A rare opportunity indeed... I only with the movie was worse than it actually was so we could have made it into a kind of MST3K thing... but it actually held our interest. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Fri Jul 5 15:15:22 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 6 Jul 1996 06:15:22 +0800 Subject: Shrink-Wrap Lic. uphelo by courts. From Edupage, 4 July 1996 Message-ID: <199607051823.OAA08769@unix.asb.com> ------- Forwarded Message Follows ------- Date: Thu, 4 Jul 1996 17:27:43 -0400 (EDT) From: Edupage Editors Subject: Edupage, 4 July 1996 ***************************************************************** Edupage, 4 July 1996. Edupage, a summary of news items on information technology, is provided three times each week as a service by Educom, a Washington, D.C.-based consortium of leading colleges and universities seeking to transform education through the use of information technology. ***************************************************************** [..] "SHRINK-WRAP" LICENSES OKAYED BY COURT The validity of the "shrink-wrap" licenses that many software publishers rely on for copyright protection was bolstered by a recent appellate court ruling in Chicago. Last month, the Seventh Circuit Court of Appeals reversed a lower court's finding that shrink-wrap agreements were unenforceable. Plaintiffs in the case, ProCD vs. Zeidenberg et al., charged the defendants with distributing the software program via the Internet. The defendants had argued that they couldn't be held to the license terms because they'd had no chance to negotiate or object to parts of the agreement. They also said the license agreement should be printed on the outside of the box, where it could be read before purchasing. The latest ruling found this suggestion to be an onerous burden, but did say the box must have a notice saying there's a licensing agreement inside, and that buyers should be able to return the software if they don't agree to the license once they read it. (Investor's Business Daily 3 Jul 96 A5) From jamesd at echeque.com Fri Jul 5 15:21:18 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Sat, 6 Jul 1996 06:21:18 +0800 Subject: rsync and md4 Message-ID: <199607051844.LAA27223@dns1.noc.best.net> At 02:05 AM 7/1/96 -0400, David F. Ogren wrote: > I stand by my statements. When you are deep in a hole, it is time to quit digging. > The problems that you bring up have to do with situations > where an active attacker develops a slightly different > pair of documents with the same hash. > > Although this is highly undesirable characteristic for a > hash function, [...] No kidding. Current state of the art is that MD4 is broken for signing documents prepared by other people, and MD5 may be broken soon, but MD4 is not broken as proof of authorship. So if everyone was using MD4 for PGP signing, which they are not, it would still not be a problem for most people. But it would be a problem for authors of software, who should know that a security bug that sinks only *some* people is still a security bug. Therefore no author of software should employ MD5 or MD4 in new software, but existing users of software that employs MD5 and MD4 should not panic. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From markm at voicenet.com Fri Jul 5 15:25:58 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 6 Jul 1996 06:25:58 +0800 Subject: Lack of PGP signatures In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jul 1996, Clay Olbon II wrote: > Mark M. wrote: > > >I didn't say that binaries couldn't be signed. I said they couldn't be > >*clear*-signed. There is a difference between clearsigning and creating a > >signature certificate that is either concatenated with the data or written > >to a separate file. If somebody who doesn't have PGP gets a file that is > >signed by PGP, the file is completely useless to that person. > > > > My mistake. I guess I still don't understand your point however. Of what > use is a signature on a file to someone who cannot check its validity? It > seems to me that a separate signature file for a binary would serve the > same purpose ("gee, it LOOKS like somebody signed it"). A signature is of absolutely no use to someone who doesn't have PGP. However, somebody who doesn't have PGP can still read this message I am writting right now. That is why clear-signing is a Good Thing. You are correct that a separate signature file for a binary is just about the same as a clear-signed message.(In fact they are the same thing. The only difference is that a signature of text that is going to be clear-signed is calculated over the text with CRLF's and dashes and "From_"'s escaped out. The "PGP SIGNATURE" part is exactly the same as a seperate signature's "PGP MESSAGE".) OK, now the point of this message: somebody pointed out that if a binary was clear-signed using an option that would strip it down to 7 bits, the binary would be corrupted and therefore, such an option on PGP would be a Bad Thing. Then, I pointed out that not only would there be no point in a clear signature, since that would make the binary useless to someone without PGP anyway. It is best to sign a binary and extract the certificate to a separate file, which you noted above. So an option that would strip data down to 7 bits would not affect the ability to sign a binary. Such an option would probably be a Good Thing. All this is giving me a severe headache. Please excuse any run-on sentences. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMd1hMLZc+sv5siulAQHChQP/faS+DKcGht/SxCB+N0UlunSGcAcgUGaw hX/3qB4pzqwBfCoT6GsMdiQ+wJsSBs7cYm3NMEcPQHNj08cc8Vt5G7lmegjKdhcM hZBbpscafAnXf/+OcXp8KUIUbGWxEviyKfSskKoQC2IU9m607TRxMG45QHQr59Fc MEweGyt4Jsk= =TvfP -----END PGP SIGNATURE----- From frissell at panix.com Fri Jul 5 15:26:28 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 6 Jul 1996 06:26:28 +0800 Subject: I confess [Was: Who was that Masked Cypherpunk?] Message-ID: <2.2.32.19960705182536.008209bc@popserver.panix.com> At 12:56 PM 7/5/96 -0400, Jim Ray wrote: >'Twas me, the guardian of the *original* definition of the fine old >term "escrow" against the slick denizens of Newspeak. I have found >this Libertarian convention to be a super-fun experience, and I will >be demonstrating PGP, Private Idaho, and lots of other fun stuff on >Saturday at 3PM. All are invited to attend. Since no one has mentioned exactly what happened at the LP Convention, I will relate it from memory and JR can correct me. They were going to vote on adopting a platform plank that upheld the right of everybody to use any crypto they wanted and export it an everything and also opposing the proposal for a requirement that people use a key escrow system set up by the government. JR offered an amendment which changed the language to refer to "so-called Key Escrow (actually government access to keys GAK)" and he also explained that "escrow" is where you place something with a trusted third party and the government is neither trusted nor a third party. He mentioned cypherpunks live on CSPAN. Maybe when JR finished the Con he can post the original proposed language of the LPs plank and the final language as amended. DCF From attila at primenet.com Fri Jul 5 15:45:21 1996 From: attila at primenet.com (attila) Date: Sat, 6 Jul 1996 06:45:21 +0800 Subject: Net and Terrorism Message-ID: <199607051834.LAA13579@primenet.com> Addressed to: CyberEyes Cypherpunks CyberEyes pontificated at 07/05/96 12:29pm -0400 = On Thu, 4 Jul 1996, attila wrote: = = > "denied zones" (we were never there) is no longer in vogue. however, we = > will probably see that again in parts of the world as many cultures do = > not have the basic respect for life we do. = = What is your last comment supposed to mean exactly? Just because = some Islamic militants decide to kill a few people in a terrorist attack = does not mean that the entire believer population of Islam does not have = respect for life. Just who is "we"? Americans? Europeans? All = industrialized nations? Every country except those Third World ones? Uh... = I don't see your point very clearly here... The only culture I can think = of that might now have respect for life are cannibals, and they DO have = respect for life in a way, they don't kill each other (I don't think), and = they do it because it's their lifestyle, but they don't perform = cannibalistic acts out of malice. Correct me here if I'm wrong. = let me phrase it another way: there are circumstances where the lives of 'n' innocent people are of less consequence than the enemy --in other words, try to keep collateral damage to a minimum, but get the target before he executes more harm (this applies to hostage situations, as well) in general, this does not mean wipe out an entire 100 story building to find a single sniper, but sometimes a commander is faced with the choice: send a team in with a 10% chance of accomplishing the mission (i.e. the team is killed or the target escapes) or waste the village. until you have experience the death of men in combat, you will never understand this principle. I certainly did not, and even as a graduate of Harvard and an active member of the LDS Church, I found it only takes once to _clearly_ understand that it is 'to kill or be killed.' don't sit in your ivory tower and pontificate until you walk the mile in my shoes. I also had the responsibility for as many as 1600 additional 'black shirts' in a fire zone --think about it. oh, sure, I (or anyone else) will never convince you --but maybe you will think about it. war is hell, son; and war zones are somewhere beyond. if you go, just pray that you come back understanding that and not with scrambled eggs for brains. -attila -- "Don't hunt wild game, hunt lawyers! They provide better sport, suffer from severe overpopulation; and, they taste just like chicken!! From markm at voicenet.com Fri Jul 5 16:05:32 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 6 Jul 1996 07:05:32 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <199607051544.LAA20442@apollo.gti.net> Message-ID: On Fri, 5 Jul 1996, Mark Rogaski wrote: > An entity claiming to be David Rosoff wrote: > : > : > That "creative child" would have to be pretty damn smart to do > : >what you described. > : > : It would actually take less creativity to do the other things, bypass the > : config.sys, etc. The child would thus be perhaps a little TOO creative. :) > : > > 2 short replies in one post: > > A) Who said anything about a creative child? How about a creative > c'punk? I'm not following you. I don't think many people on this list are faced with the problem of getting around software used to filter out pornography, drug info, and other evil things tearing at the moral fiber of today's youth. (Hint: I write this with tongue firmly in cheek.) > > B) Forget the CONFIG.SYS ... what about kids using Macs or some future > "Kid Safe" system that has the filters in an eeprom? I'm talking > about bypassing the censorship on the client-server level. Relatively > platform independent. Using a hardware based filter is about as bad as using the IP security header fields for content descriptions. It's not at the level where filtering belongs. Filtering should be at the software level where it currently is. Since this can easily be broken, it might be better to have "Kid Safe" ISP's that would use a firewall to filter data. -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00000.pgp Type: application/octet-stream Size: 284 bytes Desc: "PGP signature" URL: From gary at systemics.com Fri Jul 5 16:25:00 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 6 Jul 1996 07:25:00 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: <199607051544.LAA20442@apollo.gti.net> Message-ID: <31DD6A5E.28D95ABC@systemics.com> Mark Rogaski wrote: > > B) Forget the CONFIG.SYS ... what about kids using Macs or some future > "Kid Safe" system that has the filters in an eeprom? I'm talking > about bypassing the censorship on the client-server level. Relatively > platform independent. Or, more likely, the filter being at the ISP end. If set up well it would only be possible to bypass with outside help. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From hallam at Etna.ai.mit.edu Fri Jul 5 17:05:24 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sat, 6 Jul 1996 08:05:24 +0800 Subject: Noise: Re: Those Evil Republicans In-Reply-To: <31DBA835.6EEA4806@systemics.com> Message-ID: <9607052005.AA05904@Etna.ai.mit.edu> >First of all, "parasitic" is a very derogatory term to apply to these >nations. They are no more parasitic than out of town supermarkets. A parasite is omething that lives off a host to its detriment. It is easy for a small island nation to be parasitic off larger ones. The problem for the USA, UK, Germany etc is that there are no larger nations for them to be parasites of, nor are their native peoples to steal land from or colonies to exploit. In short someone, somewhere has to do some work. >Second, you suggest Liechenstein as a useful model for a modern >industrial society that has no control over its currency, but then go >on to criticise Andorra as a useful model. Why? Actually I discounted both as models. I don't consider the ecconomy of a country of less than a million to be particularly informative in considering the ecconomies of countries of fifty or a thousand times that number for the reasons advanced above. >Third, you have missed the point I was making, that of Goodhearts law, >which loosely states that "attempts by the government to regulate or >tax one channel of banking business quickly lead to the same business >being conducted through a different channel which is untaxed or >unregulated". Surely the fact that every large nation has its >banking tax havens (eg. UK has the Channel Islands, the US has the >Caribbean islands) is proof of this? I'm very skeptical about any idea that is referred to as a "law". The experience of science is that natural laws are no more constant than human ones. In the social sciences such terms tend to indicate no more than the existence of physics envy. The greatest danger is when the title "law" causes the importance of an effect to be mistaken. Just because an effect can be observed and explained does not mean that it is the only effect. To call something a "law" is almost guaranteed to lead to biased analysis. Goodhearts theorem is overbroad as stated. The banking industry will clearly attempt to move to the most beneficial channels. That does not necessarily mean unregulated. A banker's main product is trust. The fact that a bank is regulated by government increases consumer confidence and trust. If I place my money in Midland bank UK I know that those deposits are guaranteed by the government of the UK. Even if the bank itself becomes illiquid I can recover my money. The cost of this security is regulation which I am as a customer happy to take the benefit of. The fact that a proportion of money is diverted through tax havens does not imply that all money will be so diverted. The major banking centers of the world continue to be London, Geneva, New York and Tokyo, all of which are heavilly regulated. The final factor you exclude is that of ecconomic imperialism. Small countries don't have unlimited opportunities to exercise their sovereignty as the govt. of Panama discovered. While a country has the theoretical right to become a drug trafficing haven it faces the risk of sanctions ranging from ecconomic pressure to invasion and occupation. Similarly the Swiss govt no longer offers the same anonymity it once did. Phill From cyberia at cam.org Fri Jul 5 17:12:34 1996 From: cyberia at cam.org (CyberEyes) Date: Sat, 6 Jul 1996 08:12:34 +0800 Subject: Word lists for passphrases In-Reply-To: <31dbf02b.66263803@pop.mis.net> Message-ID: On Thu, 4 Jul 1996, Greg Miller wrote: > Are there any publically available word lists which contain just > about every word in the English language? It's not absolutley > necessary, but I'd also like the list to include english names. You can find a list of reliable (sic) FTP and WWW sites in the alt.2600 FAQ beta version 0.13. That in itself is available at my FTP site ftp.cam.org /users/cyberia. The English language is 450,000 words in its entirety, not including (I believe) proper names. So the file you're looking for (if it exists) would be very large. Good luck. Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From tcmay at got.net Fri Jul 5 17:18:07 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 6 Jul 1996 08:18:07 +0800 Subject: I confess [Was: Who was that Masked Cypherpunk?] Message-ID: At 6:25 PM 7/5/96, Duncan Frissell wrote: >Since no one has mentioned exactly what happened at the LP Convention, I >will relate it from memory and JR can correct me. > >They were going to vote on adopting a platform plank that upheld the right >of everybody to use any crypto they wanted and export it an everything and >also opposing the proposal for a requirement that people use a key escrow >system set up by the government. I'm now watching the LP convention on C-SPAN, and taping it for a friend (who may have a book contract to do a book related to something along these lines). The one LP event I ever attended was the California LP annual convention, some years ago, and found it crushingly boring. This looks a bit more exciting. I suspect the LP will continue to get 3-4% of the vote, maybe a tad more this year due to widespread dissatisfaction with Dinton and Clole and with the obvious charisma of Harry Browne. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Fri Jul 5 17:19:16 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 6 Jul 1996 08:19:16 +0800 Subject: Net and Terrorism In-Reply-To: <199607051432.HAA25401@well.com> Message-ID: <4kuLqD1w165w@bwalk.dm.com> talon57 at well.com writes: > > > Tim May wrote: > > >Again, the Sarin attack in Tokyo had nothing to do with former > >U.S.S.R. CBW weapons. Chemical and biological agents are cheap to > >make, especially in the quanties needed to kill only a few > >thousand people, and in the non-battlefield delivery environment. > > Actually Tim, the Aum Supreme truth cult was using a Russian > formula for it's production of sarin, and was spending vast amounts > of time and money trying to obtain Russian NBC expertise. They > supposedly had an estimated 30,000 followers in the former Soviet > union. > > I recently finished an excellent book "The cult at the end of the > world" about all this and highly recommend it to my fellow > cypherpunks. > > Brian > > I used to do work for the company that distributed AUM literature in Russia. Curiously, the same people distribute Baha'i literature. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sandfort at crl.com Fri Jul 5 17:46:53 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 6 Jul 1996 08:46:53 +0800 Subject: Noise: Re: Those Evil Republicans Message-ID: <2.2.32.19960705212051.0076d260@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 04:05 PM 7/5/96 -0400, hallam at Etna.ai.mit.edu wrote: >A parasite is omething that lives off a host to its >detriment. It is easy for a small island nation to be >parasitic off larger ones...In short someone, somewhere >has to do some work. Maybe I missed something here, but only small nations that are on the dole (i.e., foreign aid) can be said to be parasitic, and even they may be giving something in return (e.g., land concessions for military bases). The service industries in these little countries--banking tourism, etc.--are free traders giving value for value. This is not parasitism by any stretch of the imagination. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From llurch at networking.stanford.edu Fri Jul 5 17:50:48 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sat, 6 Jul 1996 08:50:48 +0800 Subject: Net and Terrorism. In-Reply-To: <199607051652.JAA15062@mail.pacifier.com> Message-ID: On Fri, 5 Jul 1996, jim bell wrote: > If anything, I think the public would be far better off if there was a > mechanism to allow even these "terrorists" to speak directly to the public, > without censorship by the governments or heightened risk of capture. Er, they have that. It's just that most people don't give a shit for their kind of nonsense, so they don't listen, so the kooks turn to bombings as PR stunts. Nobody would have read the UnaSpew if Uncle Ted hadn't bombed a few people. Nobody is going to listen to Jim Bell until you claim credit for killing some people. -rich From blancw at accessone.com Fri Jul 5 18:28:38 1996 From: blancw at accessone.com (blanc) Date: Sat, 6 Jul 1996 09:28:38 +0800 Subject: The Net and Terrorism Message-ID: <01BB6A82.856C9880@blancw.accessone.com> From: Timothy C. May If there's any meta-point I'm making is that people are best served by making their own security arrangements, be it home protection, financial security, health security, or the security from rioters, criminals, and terrorists being talked about here. Turning over increased powers to a government to do these things is a recipe for failure, at very high costs (economic and civil liberties costs). ...................................................................... This is what I also understood Tim's point to be. As long as transforming the whole world into a "kinder, gentler", safer, mix of countries, economies, politics, races, religions, recipes for living, etc., is but a remote possibility in a far-off future galaxy, and knowing that governments are typically unprepared to deal with the dangerous states of mind incited by their very own policies, then (as always) it is wise and adviseable that a person take up some responsibility for preparing themselves, mentally and otherwise, for dealing with threats of terrorism, the kind of which we are all aware of by now. This is not fatalism; it is facing the facts. .. Blanc From coryt at rain.org Fri Jul 5 19:15:44 1996 From: coryt at rain.org (coryt at rain.org) Date: Sat, 6 Jul 1996 10:15:44 +0800 Subject: New Member Registration Message-ID: <199607052258.RAA14283@fs1.houston.sccsi.com> Requested Account Name: whitney Requested Password: elbows THIS MEMBER HAS BEEN ADDED TO THE UPDATE LIST From bryce at digicash.com Fri Jul 5 19:27:42 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sat, 6 Jul 1996 10:27:42 +0800 Subject: Announce: Ecash(tm) Software Developer's Kit Beta 2 release Message-ID: <199607052316.BAA27884@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- The Ecash(tm) Software Developer's Kit is available now for download from "http://www.digicash.com/api". The major improvement it that it now _accepts_ payments as well as makes them. Accounts at the "Beta Research Bucks" Bank (dc.digicash.com:9666) are available upon request. Here's the README: - ----- begin included README ----- Announce! This is the second beta release of the Ecash(tm) Software Developer's Kit. It includes: * the beta 2 release of ecashlib * a simple test client with source code for reference * a simple TCP/IP library for use with the test client Changes since the last release: * Importantly: The EC_pocket_begin_accept_payment() function works. * Unimportantly: Some internals got upgraded. EC_main_get_ver_string() implemented. Some parameters moved from EC_pocket_new() to EC_pocket_begin_open_account(), which is their natural habitat. A small bug or two was squelched. How to download: Option 1: Menu Visit the directory structure at "http://www.digicash.com/api/distrib" and take whatever you like. Option 2: MRE For Windows (Win32 DLL): "http://www.digicash.com/api/ecashlib.zip" For FreeBSD (static lib): "http://www.digicash.com/api/ecashlib-freebsd.tar.gz" For Linux (shared ELF lib): "http://www.digicash.com/api/ecashlib-linux.tar.gz" For others: e-mail us What do I do next? Visit: "http://www.digicash.com/api" for the latest release. Subscribe to: "ecash-dev at digicash.com" for news and views. Send e-mail to: "bryce at digicash.com" for developer support. Withdraw from: the BRB Bank dc.digicash.com:9666. You'll have to send us e-mail explaining why we should allocate any of our precious Beta Research Bucks to you, and what you want your account name(s) to be. Create: innovative net applications using Ecash(tm) -- the only secure, privacy-protecting, token-based digital payment system! - ----- end included README ----- Bryce Ahoy! PGP sig ahead! -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd2iNkjbHy8sKZitAQEGbgMAkDRKou6yt5ESqtAvJUsgDpf5xGBw0S8A zTPnC4mwVIFbyo0P8rGaiR434OkmqwkZYtkcg3Bt+6QU5b3lVx7qD0JFNp31PGyn Yn8F7dLmTr8yJhU1aCHHkZjPvwt1IcM5 =iTG3 -----END PGP SIGNATURE----- From hallam at ai.mit.edu Fri Jul 5 20:21:20 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Sat, 6 Jul 1996 11:21:20 +0800 Subject: Shrink-Wrap Lic. uphelo by courts. From Edupage, 4 July 1996 In-Reply-To: <4rk4j2$qdr@life.ai.mit.edu> Message-ID: <31DDAECD.41C6@ai.mit.edu> Deranged Mutant wrote: > >The latest > ruling found this suggestion to be an onerous burden, but did say the box > must have a notice saying there's a licensing agreement inside, and that > buyers should be able to return the software if they don't agree to the > license once they read it. (Investor's Business Daily 3 Jul 96 A5) Perhaps Prof Froomkin could provide an opinion. It sounds to me however as if the defendants were simply ripping off the copyright of the plaintif and attempting to get arround it by claiming to have "bought" rights to resell along with the software by wrangling over the shrink wrap agreement. Or were the defendants reselling the software unopened to foreign customers via the Internet? Seems to me that that might well be open to further challenge. If a "contract" clause is expressed in a manner that means that it would not be encountered by a party which it attempts to bind there might be argument as to whether acceptance was possible. I suspect that the claims the plaintifs were making lay very definitely within the range of what people in the trade would usually expect to be the licensing terms for software purchased off the shelf. Just as there is an expectation when purchasing a book that one has purchased an instance and not the rights to the copyright. Consider the analogy with purchasing a book that is wrapped in shrink wrap film and that consequently one was unable to read the "all rights reserved" legend. The question that I am interested in is whether someone could claim that a shrink wrap license can bind a user to terms that are less widely expected in the industry. For example clauses which prohibit reverse engineering, transfer to other users etc. Might be interesting to know the precise rulling made and its terms. Phill From bal at peradam.cs.colorado.edu Fri Jul 5 20:53:28 1996 From: bal at peradam.cs.colorado.edu (Brian LaMacchia) Date: Sat, 6 Jul 1996 11:53:28 +0800 Subject: Shrink-Wrap Lic. uphelo by courts. From Edupage, 4 July 1996 In-Reply-To: <31DDAECD.41C6@ai.mit.edu> Message-ID: <199607060042.RAA00849@toad.com> Date: Fri, 05 Jul 1996 20:09:49 -0400 From: Hallam-Baker X-Mailer: Mozilla 2.01 (X11; I; OSF1 V3.2 alpha) Mime-Version: 1.0 References: <4rk4j2$qdr at life.ai.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-cypherpunks at toad.com Precedence: bulk Deranged Mutant wrote: > >The latest > ruling found this suggestion to be an onerous burden, but did say the box > must have a notice saying there's a licensing agreement inside, and that > buyers should be able to return the software if they don't agree to the > license once they read it. (Investor's Business Daily 3 Jul 96 A5) Perhaps Prof Froomkin could provide an opinion. It sounds to me however as if the defendants were simply ripping off the copyright of the plaintif and attempting to get arround it by claiming to have "bought" rights to resell along with the software by wrangling over the shrink wrap agreement. Actually, defendant was exercising his right to copy uncopyrightable material as per _Feist_. Plaintiff sued, claiming inter alia that the shrinkwrap license on the box prohibited the defendant from such copying. (I'm simplifying here; read the cases for the gory details.) The case is ProCD v. Zeidenberg. The district court decision (ruling in favor of Zeidenberg) may be found at 908 F.Supp. 640. The ruling of the 7th Circuit Court of Appeals (in favor of ProCD) may be found at 1996 U.S. App. LEXIS 14951. What was at issue, if I recall correctly, was telephone book data for six states surrounding Wisconsin. ProCD took the phone books for that area, copied the data (name, address, phone numbers) out of them and published CD-ROMs with the resulting database. Zeidenberg purchased copies of the ProCD CD-ROMs, along with similar CDs from other publishers, and put the intersection of the data up on the Web for free. Now, neither ProCD nor Zeidenberg needed permission of the previous publisher of the data, *from the perspective of copyright*, in order to reuse it. This is because the Supreme Court ruled in Feist Publications, Inc. v. Rural Telephone Service Co., 499 U.S. 340,113 L. Ed. 2d 358, 111 S. Ct. 1282 (1991), that telephone book listings lacked the originality required to qualify as copyrightable subject matter under 17 USC 102. So ProCD couldn't claim copyright infringement because their *data* was uncopyrightable. (ProCD also had some searching software on the CD, but that software wasn't copied or distributed by Zeidenberg and thus there were no copyright infringement issues.) They thus resorted to claims based on the shrink-wrap license on the box. I suspect that the claims the plaintifs were making lay very definitely within the range of what people in the trade would usually expect to be the licensing terms for software purchased off the shelf. Just as there is an expectation when purchasing a book that one has purchased an instance and not the rights to the copyright. Consider the analogy with purchasing a book that is wrapped in shrink wrap film and that consequently one was unable to read the "all rights reserved" legend. When I purchase a copy of a book in the bookstore, I gain rights to that particular copy. This is what's known as "first sale doctrine." No, I can't make copies of my copy, and I can't distribute my copy to the public, but I can resell my copy. Furthermore, if the copy of the book I purchase contains uncopyrightable material, I can do what I want with that material (again, from a copyright point of view). When I buy software off-the-shelf, I gain certain rights to that copy of the software, including the right to make copies for archival purposes (17 USC 117). What concerns me about the 7th Circuit's decision is that they appear to be giving publishers a way to "extent" copyright protection to uncopyrightable subject matter, which is supposed to be pre-empted by 17 USC 301. But I'm not a copyright attorney (I'm not even an attorney at all), so I will defer to those more knowledgeable than I. --bal From EALLENSMITH at ocelot.Rutgers.EDU Fri Jul 5 20:53:37 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sat, 6 Jul 1996 11:53:37 +0800 Subject: E-cash & G10 in the news Message-ID: <01I6Q75MZDP0984P39@mbcl.rutgers.edu> It's interesting but actually unsurprising that they're looking at the cash cards before they are the Internet money exchange stuff. They haven't spotted exactly how much of a difference the latter can make - the former will act about like cash at "worst" from their viewpoint. -Allen > Reuters New Media > _ Friday July 5 12:27 PM EDT _ >G10 mulls effect of E-cash on policy and fraud > ZURICH - The threat of fraud, money laundering and tax evasion from > new electronic payment systems will be high on the agenda of Monday's > monthly meeting of Group of 10 (G10) central bankers at the Bank for > International Settlements (BIS). > The central bank governors will be briefed on two reports that examine > the implication of emerging forms of payment -- electronic purses, > e-cash, cybercash -- on monetary policy and whether it will open the > way to widespread fraud. > With big banks already waging a fierce battle to set a new global > standard for electronic cash, central bankers want to stay on top of a > technology that is not only likely to destabilize monetary aggregates, > but also holds out the promise a cashless society and threatens the > monopoly of central banks to issue notes and coins. > William McDonough, president of the New York Federal Reserve and > chairman of the G10 Committee on Payment and Settlement Systems, will > brief his colleagues on electronic money and fraud, money laundering, > counterfeiting, tax and legal issues. > The other report, to be presented by Charles Freedman, Bank of Canada > deputy governor, explores the issue of electronic money and monetary > policy. > Whether G10 governors take action or merely note the reports and let > them fade into the BIS archives is uncertain. An initial decision will > probably be taken at the meeting. > The two reports will focus mainly on the implications of prepaid cards > rather than so-called network money, cybercash or digital cash as the > latter is less developed. [...] > The concept of electronic money covers a wide range of new payment > methods ranging from multi-purpose, rechargeable prepaid cards, such > as Mondex, to forms of digital cash or cybermoney that enable shoppers > to pay for goods over the Internet. [...] > Copyright, Reuters Ltd. All rights reserved From EALLENSMITH at ocelot.Rutgers.EDU Fri Jul 5 21:03:52 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sat, 6 Jul 1996 12:03:52 +0800 Subject: C2's Anonymizer in Reuters Message-ID: <01I6Q712ED5S984P39@mbcl.rutgers.edu> Not the most friendly of articles... but still pretty good. As usual, edited to stay within fair use. -Allen > Reuters New Media > _ Friday July 5 12:28 PM EDT _ >Web Surfing Incognito > HOLLYWOOD - Ever felt like browsing without leaving those footprints > that site designers, your school and your employer are increasingly > inclined to harvest? > A service being offered at http://www.anonymizer.com purports to give > Web surfers the freedom to travel at will without leaving tell-tale > signs that they've been where they've been. [...] > The visited site's layout and design can be altered, so you are > probably not seeing it in all its glory -- and it is displayed within > a field with hot buttons to take you back to the anonymizer site, a > FAQ or to make a bug report (like, for example, you've reached a site > which isn't preceded by the anonymizer URL). > Privacy is one of those issues veteran Netizens take very seriously -- > it used to be called "anonymous" FTP after all. But many > sites now depend on demographics passively collected, rather than just > the number of hits, to attract advertisers. > Copyright, Reuters Ltd. All rights reserved From erleg at sdinter.net Fri Jul 5 21:44:05 1996 From: erleg at sdinter.net (Erle Greer) Date: Sat, 6 Jul 1996 12:44:05 +0800 Subject: Word lists for passphrases Message-ID: <2.2.32.19960706015358.00712dec@pop3.sdinter.net> Word-List Builder (this is not an ad) I have a small(5k) program(WordList.EXE) that will extract from any file and append the new words to a textfile(MainList.TXT). It is in early beta, but does the job nicely. I simply drag-n-drop multiple files onto the icon and let it do its dirty work. It prints new words to the screen and echos "." when it encounters old words again. It will, of course, accept parameters from DOS. This is totally free to anyone who wants it. Just email and I will send the latest version. Suggestions are certainly considered. Imagine building a word-list just from your /Netscape/Cache subdirectory! Future versions will include: Larger multiple file handling, *.* in same directory support, better binary file support, and list sorting. From vinnie at webstuff.apple.com Fri Jul 5 21:44:36 1996 From: vinnie at webstuff.apple.com (vinnie moscaritolo) Date: Sat, 6 Jul 1996 12:44:36 +0800 Subject: Net and Terrorism Message-ID: >Absent the fearmongering, the Viperweenies would >have turned to something else antisocial, buut they wouldn't have had a >"movement" to cling to. (Or maybe they would have... in another era, they >would have joined up with the Weathermen or the Symbionese Liberation Army.) last time I chacked there were at least two Leftist Militia's in the SantaCruz area. (now ain't that a scary thought... Liberals with guns). These people, both Right and Left don't get it. Blowing shit up and running around in the woods with cheap ChiCom rifles palying army does nothing for your cause. It just distances you from the mainstream morons. This makes it easier for the Feds to get away with kicking in your door, gassing your kids and shooting your wives. all in time for the 6PM news. I guess I dont understand this fascination with Militias and woods, Maybe these guys forgot how much fun it was to toast marshmellows in the woods, assuming you have the proper permit from the CA state parks. >Fortunately, and despite what, say, the SWC says in its fundraising >materials, the middle of the road among the militias isn't that kooky. The SWC arent kooks, they are con men >Bo Gritz and the leaders of the Michigan Militia were heard calling the >Freemen >a bunch of lying scum; I've observed more mainstream (if that's the word) >militiafolk distancing themselves from the Viperweenies both online and on >shortwave. Col Gritz actually does have some interesting stuff to say, He is really a very caring guy. But I do think he could use a (better) PR person. I like about 99% of what he has to say, I just filter out the stuff about UN and weather control. (the UN can't even control it's bowels much less the weather). But hey Bo is old enough to take care of himself. >Anyway, I don't think Vinnie was suggesting that the news be censored -- >just that the press doesn't have an obligation to print the obituary the >"martyrs" want. Absolutely. Something like "some asshole terrorist just blew up a building. No cause was sited, is enough" Don't quote thier organization, don;t quote thier cause. just make look like the kook they are. Oh and offering citizens some bounty money for thier hydes is a good idea. Or better yet, when you catch the fuckers, give em a fair trial, and a public hanging. Same goes for terrorists that shoot pregnant women if you know what I mean, but thats my opinion. As for a solution to governement problems, I have always and still belive in the ballot box first. And the only way to win votes is to appeal to the morons out there who do vote.. Maybe there is hope in the next generation of internet literate kids.. or maybe I am just a dreamer. Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From ceridwyn at wolfenet.com Fri Jul 5 22:36:38 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Sat, 6 Jul 1996 13:36:38 +0800 Subject: hard drive encryption Message-ID: <2.2.32.19960704052640.006a79d8@gonzo.wolfenet.com> Thank you all for your comments... to those who suggested I remove and hide the drive, I was intending to do so, but still want a way to encrypt it's contents. Call me paranoid... For those who suggested software, thank you, I'll be d/ling and evaluating all of it, and appreciate the varied responses.. //cerridwyn// From snow at smoke.suba.com Sat Jul 6 01:45:48 1996 From: snow at smoke.suba.com (snow) Date: Sat, 6 Jul 1996 16:45:48 +0800 Subject: [NOISE] Re: Net and Terrorism. In-Reply-To: Message-ID: On Fri, 5 Jul 1996, CyberEyes wrote: > On Wed, 3 Jul 1996, snow wrote: > > 2) When they _are_ exposed, let them fight the fuck back. Rules of > > engagment are simple. When fired on, shoot to kill. If the shot > > comes from a building, take out the building. If from a crowd, > > well, do you best, but _get the shooter_. > Basically, what you're saying is that one armed person in a crowd > of a hundred needs to be killed no matter what happens to the lives of the > other 99? Give me a break, we're not living in the 1800's anymore, we want > to STOP wars, not create them! Tell that to the person on the recieving of the terrorist bullets/ gernades. The idea is have a very simple policy about terrorism/guerilla warfare/ lone kooks shooting shit up. They will be eliminated. No other changes will be made. No midnight house to house searchs, no pograms, no concentration camps, justa simple rule. You shoot at armed people you will die (remember this was in the context of terrorist attacks against military and harder targets). It is done _immediately_ if not sooner. Possibly it would have the side effect that people in a crowd would take down the guy next to them that was pulling the gun becasue they know what will happen if they don't. i Petro, Christopher C. petro at suba.com snow at crash.suba.com From snow at smoke.suba.com Sat Jul 6 01:48:08 1996 From: snow at smoke.suba.com (snow) Date: Sat, 6 Jul 1996 16:48:08 +0800 Subject: Net and Terrorism. In-Reply-To: Message-ID: On Fri, 5 Jul 1996, CyberEyes wrote: > On Thu, 4 Jul 1996, attila wrote: > > "denied zones" (we were never there) is no longer in vogue. however, we > > will probably see that again in parts of the world as many cultures do > > not have the basic respect for life we do. > > What is your last comment supposed to mean exactly? Just because > some Islamic militants decide to kill a few people in a terrorist attack > does not mean that the entire believer population of Islam does not have > respect for life. Just who is "we"? Americans? Europeans? All At this point I believe that attila was refering to the situation in South East Asia. Mostly Hindu/Bhuddist/Shinto(?). > industrialized nations? Every country except those Third World ones? Uh... > I don't see your point very clearly here... The only culture I can think > of that might now have respect for life are cannibals, and they DO have > respect for life in a way, they don't kill each other (I don't think), and > they do it because it's their lifestyle, but they don't perform > cannibalistic acts out of malice. Correct me here if I'm wrong. Most tribes place a high value on their members and little if any on the members of other tribes. Life is as live does, and it is often cheap. Petro, Christopher C. petro at suba.com snow at crash.suba.com From erleg at sdinter.net Sat Jul 6 01:48:55 1996 From: erleg at sdinter.net (Erle Greer) Date: Sat, 6 Jul 1996 16:48:55 +0800 Subject: Word lists for passphrases Message-ID: <2.2.32.19960706061818.006bbe8c@pop3.sdinter.net> At 12:09 AM 7/6/96 -0500, snow at smoke.suba.com wrote: >On Fri, 5 Jul 1996, Erle Greer wrote: > >> Word-List Builder (this is not an ad) >> I have a small(5k) program(WordList.EXE) that will extract from any >> file and append the new words to a textfile(MainList.TXT). It is in early >> beta, but does the job nicely. I simply drag-n-drop multiple files onto the >> icon and let it do its dirty work. It prints new words to the screen and >> echos "." when it encounters old words again. It will, of course, accept >> parameters from DOS. > > Is the source code available for porting to other platforms? Sure, I'm not a Unix guru, but if you can port Turbo Pascal, more power to you! I will send the source if someone specifically asks. >> This is totally free to anyone who wants it. Just email and I will send the >> latest version. Suggestions are certainly considered. > > Unixi, recursively scanning directories. Unix, you can do, but the recursive subdirs aren't a prob for me. A final dream would be to convert it to VB4, use MS's WWW custom control, and unleash it as a spider. >> Imagine building a word-list just from your /Netscape/Cache subdirectory! > > Imagine building a word list from /usr/spool/news/* > >Petro, Christopher C. >petro at suba.com >snow at crash.suba.com From snow at smoke.suba.com Sat Jul 6 01:50:45 1996 From: snow at smoke.suba.com (snow) Date: Sat, 6 Jul 1996 16:50:45 +0800 Subject: Word lists for passphrases In-Reply-To: <2.2.32.19960706015358.00712dec@pop3.sdinter.net> Message-ID: On Fri, 5 Jul 1996, Erle Greer wrote: > Word-List Builder (this is not an ad) > I have a small(5k) program(WordList.EXE) that will extract from any > file and append the new words to a textfile(MainList.TXT). It is in early > beta, but does the job nicely. I simply drag-n-drop multiple files onto the > icon and let it do its dirty work. It prints new words to the screen and > echos "." when it encounters old words again. It will, of course, accept > parameters from DOS. Is the source code available for porting to other platforms? > This is totally free to anyone who wants it. Just email and I will send the > latest version. Suggestions are certainly considered. Unixi, recursively scanning directories. > Imagine building a word-list just from your /Netscape/Cache subdirectory! Imagine building a word list from /usr/spool/news/* Petro, Christopher C. petro at suba.com snow at crash.suba.com From grafolog at netcom.com Sat Jul 6 02:08:23 1996 From: grafolog at netcom.com (jonathon) Date: Sat, 6 Jul 1996 17:08:23 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: Message-ID: On Fri, 5 Jul 1996, CyberEyes wrote: > NOT talking about Lynx, what DOS-based Web browser is there? Net-Tamer. Requires a PPP connection, and precious little else. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From unicorn at schloss.li Sat Jul 6 04:40:33 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 6 Jul 1996 19:40:33 +0800 Subject: What remains to be done. In-Reply-To: <31DBB50A.5656AEC7@systemics.com> Message-ID: On Thu, 4 Jul 1996, Gary Howland wrote: > Black Unicorn wrote: > > > > A. Methods to run secure websites on insecure servers. [...] > I fully agree with all of your comments, but, encrypted proxying issues > aside, what is wrong with SSL? Is it because the encryption is for > the whole server, not individual users? It provides no protection to the individual who must run on a server he does not have in a secure location with TEMPEST specs. > > Is anyone considering work on these? > With regard to the local decryption idea, then I don't see this as > much of a problem. How much interest is there in this? We already > have something similar running, but it would still need a bit of work > to make more general. What do you have running exactly? > > Gary > -- > pub 1024/C001D00D 1996/01/22 Gary Howland > Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 > From unicorn at schloss.li Sat Jul 6 04:45:49 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 6 Jul 1996 19:45:49 +0800 Subject: What remains to be done. In-Reply-To: <199607042102.OAA26752@jobe.shell.portal.com> Message-ID: >From: Black Unicorn >> A. Methods to run secure websites on insecure servers. >> [...] >> A software solution which permits local decryption makes traffic >> analysis less useful, presents the opportunity to use front end and >> disposable www pages on domestic ISPs while imposing no liability on >> the ISP itself, and opens several more effective traffic analysis >> deterants. >I don't quite understand what is being proposed here. If the >information on the web site is encrypted, who is supposed to be able to >decrypt it? Just one person, or some select group of people? My >concern is the difficulty of keeping keys secret if they are made >available to more than one or two people. >Once the keys are known to those who would oppose the publication of >the information they can go to the ISP just as easily as if the >information were not encrypted, and get them to take it down if it is >illegal. >It would seem that an equally effective method would be to use no >encryption, but just a secret URL, one which is not linked to from >elsewhere - an "island in the net", so to speak (apologies to Bruce >Sterling). >Hal I was concerned with an entirely different problem really. Given the assumption that you and three of your best friends wish to use WWW to share information, how can you do so without exposing the page to the ISP? Today, as far as I know, if you wish to hide what you have on a page you have to control the server. If you wish to try and deter traffic analysis you have to own the servers in front of the server. Cumbersome, expensive and still not entirely effective. If instead you could prevent the owner of the server from reading the stuff in the first place, while allowing it to be read at leasure by the users... It would also be much easier to construct remailer type proxies in that each server in the chain would be denied the content of data passing through. What I am hoping can be done is to stretch the points in "point to point encryption" out past the ISP. Now, if your concern is exposure by a member you have given access to the webpage, the discussion becomes an issue of certification, and signatures. An important point, but something of an overkill where the ISP has full access to your webpage whatever your passwords might be. Create a page where the data is locally encrypted, and which only accepts connections from valid certificates and you go a long way to being able to communicate via WWW securely even over insecure channels. You also free up the method to those who don't have time, or cannot afford to run their own WWW server. If the location of your page is exposed, so what? Spend the $11 a month to open a page on another ISP. In the "island on the net" example, you have to reroute the entire deal. In addition, you have now eliminated what must be the number 1 problem in running an "iffy" page. ISP intereference. You have removed their liability. How were they supposed to know what it was you were doing? They don't have the keys. Now if you really wanted to be slick about it, you would use a form of encryption to multiple users option and encrypt the page to the public keys of individuals. Sure, they could release the keys and spill the beans, but they would be compromising their own keys in the process. Mileage on this deterant will vary according to what they may have done with the key beforehand, and it requires a multiple purpose to those keys (as with PGP). From unicorn at schloss.li Sat Jul 6 04:50:26 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 6 Jul 1996 19:50:26 +0800 Subject: What remains to be done. In-Reply-To: <199607040558.WAA07414@primenet.com> Message-ID: On Thu, 4 Jul 1996, attila wrote: > Addressed to: Black Unicorn > Cypherpunks > > ** Reply to note from Black Unicorn 07/03/96 10:17pm -0400 > > good "white paper." > > modularity is the key. use of standardized encryption libraries > permitting user selection of one or more formats. Agreed. > message pools would be great from satellite channels --how do you > regulate (read this as "pay for") since someone must receive the messages to > uplink? -otherwise you have the dropouts of USENET. I think that one of the faults of the mentality of development is that people think "who will pay" first, rather than making a hack first, and then trying to apply it to a more commercial context. Seems to have worked with PGP/Netscape/Yahoo/. > user interface is the achilles heel for most programmers --the time is > spent making the code 'work.' with the tools available which allow multi- > platform development, the *functional* GUI should be done by someone who > creates "artitstic" interfaces. Concur. > I agree-- if encryption can be made so simple, and with a clean user > interface, it will be used by joe sixpack (who rarely likes uncle, anyway > --but for different reasons). once joe sixpack starts to use (probably > dropping his private keys...), then it is too pervasive to stop --even if > there are a few high level prosecutions. Exactly. > one of our greatest failings v/v encryption as a group (including > coderpunks) is we are satisfied with our access to encrytion. PGP is a > nusiance, and the instructions are not clear --so we experiment until we get > the results: on the command line. Concur most strongly. > our satisfaction makes us insular; we need to think in global terms --mass > marketing of a free product which will hold appeal for everyone. encryption > is no different than the students in China --no, they do have it, but how long > can Father Deng (and his successors) hang on against technology and quest for > knowledge? All most important questions to consider. I think if people begin to write modularly there will be nice front ends for almost everything. > -- > Fuck off, Uncle Sam. Cyberspace is where democracy lives! > > From anthony at direct.it Sat Jul 6 06:44:39 1996 From: anthony at direct.it (Anthony Daniel) Date: Sat, 6 Jul 1996 21:44:39 +0800 Subject: What remains to be done. Message-ID: <2.2.32.19960706113239.006942a4@betty.direct.it> Hi there Should try SECURE DESK-TOP as well (PC only), it can encrypt (DES and IDEA) any: - file - directory - groups of directories - Hard Disk - Floppy - Removable drive And it can add PEM capabilities to most e-mail clients and it's WIN95 and user friendly. Try it at: http://www.systems.it/secure There are NO export restrictions on it as well because it's Italian made. ciao Anthony ------------------------------------------- >At 12:58 PM 7/4/96 +0000, Deranged Mutant wrote: >>Another need is for file/disk-encryption utilities. I'm not familiar >>with what's out there for Macs, but for PCs there's SFS and ASPICRYP >>for SCSI drives (with no source!) and SFS, SecureDrive and SecureDevice >>for HD (or FD). The latter won't work on Win95. AFAIK, SFS and >>SecureDrive aren't 100% friendly with Win95 either, though they'll work. > > I'll just add that Jetico puts out BCrypt, which works perfectly >with Win95. Of course it costs, but one can try out the software only >version, then upgrage to hardware encryption! >_______________________ >Regards, He who knows others is wise. > He who knows himself is enlightened. >Joseph Reagle http://rpcp.mit.edu/~reagle/home.html >reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E > From anonymous-remailer at shell.portal.com Sat Jul 6 06:45:03 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sat, 6 Jul 1996 21:45:03 +0800 Subject: CCC Crypto Lock Message-ID: <199607061110.EAA02640@jobe.shell.portal.com> MicroPatent, 4 July 96 Systems and methods for protecting software from unlicensed copying and use (Assignee -- Convex Computer Corporation) Abstract: Disclosed systems and methods for protecting a software program from unauthorized use and copying through the removal at least one of a plurality of instructions comprising a software program, and encrypting the removed instruction utilizing an encryption algorithm to produce an encrypted instruction, the encryption algorithm responsive to a randomly generated key. Ex Claim Text: A processing system for protecting a software program from unauthorized use, said software program including one or more unencrypted instructions stored in memory associated with said software program, said processing system comprising: a processing unit operable to: remove at least one selected said unencrypted instruction from an executable area in said memory associated with executable portions of said program; encrypt said at least one selected unencrypted instruction removed from said software program utilizing an encryption algorithm to produce an encrypted instruction; store said encrypted instruction within a first non-executable data area in said memory associated with said software program; and insert at least one trappable instruction in place of said encrypted instruction within said executable area in memory allowing said software program to be linked with one or more other programs. Assignee: Convex Computer Corporation Patent Number: 5530752 Issue Date: 1996 06 25 Inventor(s): Rubin, Robert J. If you would like to purchase a copy of this patent, please call MicroPatent at 800-984-9800. Copyright 1996, MicroPatent From bryce at digicash.com Sat Jul 6 09:02:30 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 00:02:30 +0800 Subject: Need PGP-awareness in common utilities Message-ID: <199607061311.PAA08700@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- I just got a letter back from majordomo at thumper.vmeng.com because my easy-PGP script had clearsigned my outgoing message to it, and majordomo didn't know what to do with the clearsigned message. I really don't see why programs like majordomo, UseNet moderation-bots, and most noticeably the PGP key distribution program are PGP-unaware. Okay, fine. Having waited for FIVE YEARS or however long it has been, you who are responsible for such handy dandy programs may now convincingly argue that you might as well wait for another few months to get PGPlib. But I sincerely hope that once PGPlib arrives we don't wait another five years before using it. (There is another argument that people sometimes make-- that it is too complicated to ensure pubkey<->True Name. SO WHAT! Pubkey<->True Name mapping is an advanced feature that depends upon the existence of some kind of public key infrastructure. Many people, myself included, wouldn't even USE pubkey<->True Name mapping if we had it! Just implement some basic privacy/authentication functions (trivial, using PGP 2.6 under Unix) and MitCH be damned! If we had started with the simple stuff five years ago we might HAVE a complete, secure infrastructure by now.) As an example of this sad state of affairs, no less of a cryptographic enthusiast than Robert Hettinga runs a mailing list (several actually) which breaks every PGP clear-signature that it encounters. Really pitiful, that even our own mailing lists are incompatible with PGP. Regards, Bryce PGP sig follows: [If you see garbage beyond this line, it means you are an anachronistic troglodyte. If you see a "PGP sig okay!" it means you are hi- tech. If you see "PGP sig not okay!" it means some mail-handling software between me and you is written/maintained by anachronistic troglodytes. :-)] -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd5l40jbHy8sKZitAQHZZAL7BUlItvGLZaTfBgTORFATkPM141R0P6Ux mOkQY3IG0/Vmf9nJEOg8bubdaCuYmuVCJhAek6boyQsmd6VTxqxVChniSWN1Uhth Ony1VSmufCdeqFbCGBqcAM5rfF8KM49h =9obd -----END PGP SIGNATURE----- From AwakenToMe at aol.com Sat Jul 6 09:10:06 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Sun, 7 Jul 1996 00:10:06 +0800 Subject: Word lists for passphrases Message-ID: <960706092922_350344400@emout18.mail.aol.com> I have a util that will create a word list starting from aaaaaaaaaaa on up to anythingggggggg basically you could do every combination. Let me know if ya want it. From pgut001 at cs.auckland.ac.nz Sat Jul 6 09:39:49 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sun, 7 Jul 1996 00:39:49 +0800 Subject: Transforming variable- to fixed-length keys Message-ID: <199607061347.BAA08574@cs26.cs.auckland.ac.nz> In preparing the next version of cryptlib (which is going to have some cool features when it's ready, which should be before the end of the millenium), I've run into a problem in writing a general-purpose n-byte input to m-byte output transformation function. What this does is take an arbitrary-length user key and transform it to a fixed-length encryption key (for example an entered passphrase into a 112-bit triple-DES key). The constraints on memory usage are: - The input (user) key can't be altered (you can't change data passed in by the caller) - The user key can't be copied to an internal buffer (it can be of arbitrary length, and is sensitive material so shouldn't be copied elsewhere) In other words there's no temporary storage available apart from what's provided in the output key. This is almost always a different length from the input key. Some other constraints are: - The transformation must be algorithm-independant (it shouldn't, for example, rely on SHA1 to transform an input string into a fixed output of 160 bits and assume you'll never need a key longer than 160 bits). This means you can't just use a single pass of a hash function to generate the output key, since the output can be smaller or larger than the hash function output. - The transformation must be able to be iterated to make a password-guessing attack harder to perform. This one is tricky, since the lack of temporary buffer space means you can't just feed the output back to the input and iterate. Here's my initial approach, if anyone has any comments to make on this or knows of a better way to do it, please let me know. Peter. -- Snip -- Initially, the user key is passed in as a byte string: +-------------------------------------------------------+ | User Key | +-------------------------------------------------------+ The first stage in the key hashing prepends the length of the string as a big-endian 16-bit count to the user key: +------+-------------------------------------------------------+ |Length| User Key | +------+-------------------------------------------------------+ The aim of the hashing is to reduce this variable-length input string to a fixed-length key appropriate to the encryption algorithm being used. This is done by treating the user encryption keys as circular buffers and repeatedly hashing chunks of the user key and xoring the result into the output buffer. Thus the first chunk of the encryption key would be obtained with: +------+-------------------------------------------------------+ |Length| User Key | +------+-------------------------------------------------------+ | | | _ / | Hash _ / | _ / | / | | +-----------------------+ | Encryption Key | +-----------------------+ The second chunk of the enryption key would be obtained with: +------+-------------------------------------------------------+ |Length| User Key | +------+-------------------------------------------------------+ | | | _ / | Hash _ / | _ / | / | | +-----------------------+ | Encryption Key | +-----------------------+ Since the input to the hash function is much larger than its output, a significant amount of the user key affects each chunk of the encryption key. The size of each "chunk" is determined by the hash function being used. For example with the MD4 hash function, 64 bytes of user key affect each 16 bytes of encryption key. Once the end of the user key or encryption key buffer is reached, the hash function wraps around to the start of the buffer and takes its data from there. A pass over the user key is considered complete when the hash function input has wrapped around completely and is back at the start of the buffer. The amount of wraparound depends on the length of the user and encryption keys. For example with 8-byte (strictly speaking 56-bit) DES keys even a single application of MD4 will wrap around the encryption key buffer twice, shrinking up to 64 bytes down to 8 bytes in a single operation. On the other hand a 4-byte user key will wrap the user key buffer around twice, expanding it to fill 8 bytes of the encryption key buffer (without, however, actually giving 8 bytes of effective key space). In order to avoid repeatedly hashing the same data (which results in the output key cancelling out every second round), the input data is varied by adding the iteration count mod 256 to each byte before it is hashed. Therefore for five rounds of key hashing the user key "This is a key" would give the following effective input to the hash function: \x00\x0DThis is a user key \x01\x0EUijt!jt!b!vtfs!lfz \x02\x0FVjku"ku"c"wugt"mg{ \x03\x10Wklv#lv#d#xvhu#nh| \x04\x11Xlmw$mw$e$ywiv$oi} [Is this nice? Problems are that you might be able to perform some sort of related-key attack, and that if you know the input value to round n you can get the input value to round n+m without having to go through all m rounds. However I can't see how this would aid an attacker]. From perry at piermont.com Sat Jul 6 10:07:59 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 7 Jul 1996 01:07:59 +0800 Subject: Word lists for passphrases In-Reply-To: <960706092922_350344400@emout18.mail.aol.com> Message-ID: <199607061436.KAA05825@jekyll.piermont.com> AwakenToMe at aol.com writes: > I have a util that will create a word list starting from aaaaaaaaaaa on up to > anythingggggggg > basically you could do every combination. Let me know if ya want it. That would really be of great use for doing wordlist crack runs. It must have taken you a long time to write -- generous of you to offer it. From amehta at giasdl01.vsnl.net.in Sat Jul 6 11:20:00 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sun, 7 Jul 1996 02:20:00 +0800 Subject: Net and Terrorism. Message-ID: <1.5.4.32.19960706205650.002d27d0@giasdl01.vsnl.net.in> At 00:37 05/07/96 -0700, Rich Graves wrote: >Since the two muslims who used to give a shit about this list seem to have >left in disgust, I suppose I should register my "That ain't representative >of Islam... Not so long ago, when Moslems were fighting the Soviet Union in Afghanistan, they were heroes to the western world, supplied arms and money enough to destabilise the whole region. Once the Soviet menace faded, the same fighters were branded terrorists. Mixed signals like this are responsible for much of the animosity that one finds in the Islamic world (possibly even in other parts of the world) against the US. Arun Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://mahavir.doe.ernet.in/~pinaward/arun.htm From froomkin at law.miami.edu Sat Jul 6 11:26:22 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Sun, 7 Jul 1996 02:26:22 +0800 Subject: Shrink-Wrap Lic. uphelo by courts. From Edupage, 4 July 1996 In-Reply-To: <31DDAECD.41C6@ai.mit.edu> Message-ID: [My name is invoked] There has been a lengthy discussion of this issue on the cyberia-l list. I'm not an intellectual property specialist, so I stay out it... to join the cyberia-l list, send a subscribe cyberia-l to listserv at listserv.aol.com A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From vinnie at webstuff.apple.com Sat Jul 6 11:29:39 1996 From: vinnie at webstuff.apple.com (vinnie moscaritolo) Date: Sun, 7 Jul 1996 02:29:39 +0800 Subject: Net and Terrorism Message-ID: >On Fri, 5 Jul 1996, vinnie moscaritolo wrote: > As for a solution to governement problems, I have always and still belive > in the ballot box first. And the only way to win votes is to appeal to the > morons out there who do vote.. Maybe there is hope in the next generation > of internet literate kids.. or maybe I am just a dreamer. > >snow at crash.suba.com wrote > You are a dreamer. Netscape, TV for the internet. BS. I am not being that idealistic. look all I am saying is that maybe the net just offers kids the ability to see a variety of views instead of the mainstream liberal (or whatever it will be next week) controlled media. For now anyways any entity that has something to say and can write his way out of a paper bag has pretty much the same ability to influence on the net (at least newsgroups) as say Ted Copulate does. Maybe freedom we have here wont last for long, maybe the Pointcast of the future will just create another MTV generation...but at least for now we have a voice. Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From declan+ at CMU.EDU Sat Jul 6 11:30:02 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sun, 7 Jul 1996 02:30:02 +0800 Subject: I confess [Was: Who was that Masked Cypherpunk?] In-Reply-To: <2.2.32.19960705182536.008209bc@popserver.panix.com> Message-ID: <0lrciHu00YUu03vlY0@andrew.cmu.edu> Excerpts from internet.cypherpunks: 5-Jul-96 Re: I confess [Was: Who was.. by Duncan Frissell at panix.co > JR offered an amendment which changed the language to refer to "so-called > Key Escrow (actually government access to keys GAK)" and he also explained > that "escrow" is where you place something with a trusted third party and > the government is neither trusted nor a third party. He mentioned > cypherpunks live on CSPAN. > > Maybe when JR finished the Con he can post the original proposed language of > the LPs plank and the final language as amended. I was sitting not far from Jim when he offered the amendment; I remember it passing overwhelmingly. However, I don't think think the word "GAK" was in there -- just "government access to keys." The change to the platform, including Jim's amendment, passed unanimously. -Declan From perry at piermont.com Sat Jul 6 11:38:11 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 7 Jul 1996 02:38:11 +0800 Subject: Word lists for passphrases In-Reply-To: <199607061436.KAA05825@jekyll.piermont.com> Message-ID: <199607061553.LAA05917@jekyll.piermont.com> "Perry E. Metzger" writes: > > AwakenToMe at aol.com writes: > > I have a util that will create a word list starting from > > aaaaaaaaaaa on up to anythingggggggg basically you could do every > > combination. Let me know if ya want it. > > That would really be of great use for doing wordlist crack runs. It > must have taken you a long time to write -- generous of you to offer > it. I want to apologize to everyone for being gratuitously nasty here. It wasn't called for. From dlv at bwalk.dm.com Sat Jul 6 12:21:51 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 7 Jul 1996 03:21:51 +0800 Subject: Word lists for passphrases In-Reply-To: <199607061436.KAA05825@jekyll.piermont.com> Message-ID: <1cJNqD2w165w@bwalk.dm.com> "Perry E. Metzger" writes: > AwakenToMe at aol.com writes: > > I have a util that will create a word list starting from aaaaaaaaaaa on up > > anythingggggggg > > basically you could do every combination. Let me know if ya want it. > > That would really be of great use for doing wordlist crack runs. It > must have taken you a long time to write -- generous of you to offer > it. K3wl Hack, D00dz! Why don't you post it to coderpunks - it's probably way too technical for cypherpunks. I wonder if the util comes with the source code, and what language it's written in. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From declan at well.com Sat Jul 6 12:27:14 1996 From: declan at well.com (Declan McCullagh) Date: Sun, 7 Jul 1996 03:27:14 +0800 Subject: NYT/CyberTimes on CWD article Message-ID: "We are writers, not crytographers." -Declan --- http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html July 6, 1996 Reporters Claim to Have Lists of Blocked Sites By PAMELA MENDELS Reporters Brock N. Meeks and Declan B. McCullagh say they've got a little list. Several actually. The lists are of Internet sites that, in the eyes of several companies making parental control software, could be considered inappropriate to children. The lists are supposed to be secret. But Meeks and McCullagh say they have obtained lists compiled by Microsystems Software, Inc., the Framingham, Mass.-based manufacturer of Cyber Patrol; Los Altos, Calif.-based SurfWatch Software, a subsidiary of Spyglass, Inc., and Santa Barbara, Calif.-based Solid Oak Software, Inc., maker of CYBERsitter -- three of the leading producers of parental- control filtering software. McCullagh said that he and Meeks were able to view the complete Cyber Patrol and CYBERsitter lists and part of the SurfWatch list. In an article published this week in CyberWire Dispatch, a report on Internet-related issues distributed through e-mail, Meeks and McCullagh wrote that they had taken a peek at some of the sites contained on the lists and had then contacted groups that might be concerned about the listings. Representatives of organizations ranging in advocacy from feminism to gun lobbying to animal rights said they been disturbed to learn that some sites they endorse had made the lists. Kim A. Gandy, executive vice president of the National Organization for Women, said Friday that she was upset to learn that CYBERSitter blocks access to NOW's Web site. Further, she said she did not like the company's rationale: that the NOW site contains links to, among other things, sites about homosexuality. "It's ridiculous," Gandy said. "It's insulting. And I think most parents would not approve of that kind of censorship. Lots of parents don't want children surfing pornography, but would not think of denying them access to legitimate information." Marc E. Kanter, director of marketing for Solid Oak, confirmed Friday that NOW's site had been included on the CYBERsitter not-for-children list because of its links leading to "sexual preferentation" sites. "This is what our users want," he said. "If they don't want to restrict access to this material, they don't have to buy it or they can simply turn it off. We are not trying to play any political role. We are simply providing a tool for parents." Officials of the Gay & Lesbian Alliance Against Defamation were also upset that the Cyber Patrol list blocked several Internet discussion groups devoted to news of interest to the gay community. "We feel that this is the kind of thing important to gay and lesbian youth, to read about our community," said Lauren R. Javier, director of information systems for the Gay & Lesbian Alliance, adding that the newsgroups contained little if any sexually explicit material. Javier added that Cyber Patrol officials had been responsive in the past to complaints, so he wanted to give them "the benefit of the doubt" and intended to contact them about the matter. For his part, Nigel R. Spicer, president of Microsystems, said he had not examined the reasons that all the gay newsgroup sites named by the article were included on the Cyber Patrol list. The one site he did check after reading Meeks' report, however, was on the list because it contained links to personals ads, he said. McCullagh is keeping mum about how he and Meeks got the lists in the first place, although he denies that either of them personally decoded the software. "Brock and I are not cyptographic analysts," he said. "We don't spend our days de-encrypting files. We are writers, not crytographers." Spicer was less than happy about the prospect that Cyber Patrol's list may have fallen into outsiders' hands. He said that, so far, he had been unable to confirm whether the reporters had the true list for Cyber Patrol and, if so, how they had managed to obtain it. "It's always a concern if you believe people are getting access to material you've gone to the trouble to not make available," he said. "If we believe the encryption scheme has been compromised, we will make another one." Kanter, of CYBERsitter, said the list mentioned in the Cyberwire Dispatch article was, indeed, his company's. "I hope that list doesn't get out beyond where it was," he said. Jay S. Friedland, vice president of marketing for SurfWatch products, said Friday that he had not yet read the article. He said the blocking companies keep their lists secret for two reasons: to prevent their misuse and to keep their competitive edge. "Clearly, each company has a proprietary advantage," Friedland said. "One of our competitors could take and use the same information." ### From WlkngOwl at unix.asb.com Sat Jul 6 13:09:39 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 7 Jul 1996 04:09:39 +0800 Subject: CCC Crypto Lock Message-ID: <199607061734.NAA18987@unix.asb.com> On 6 Jul 96 at 4:10, anonymous-remailer at shell.port wrote: > MicroPatent, 4 July 96 [..] > Abstract: Disclosed systems and methods for protecting a > software program from unauthorized use and copying > through the removal at least one of a plurality of > instructions comprising a software program, and > encrypting the removed instruction utilizing an > encryption algorithm to produce an encrypted instruction, > the encryption algorithm responsive to a randomly > generated key. Would certain computer viruses be considered prior art here? (Be it that they encrypt for the purposes of hiding rather than copy protection though.) Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sat Jul 6 13:19:47 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 7 Jul 1996 04:19:47 +0800 Subject: What remains to be done. Message-ID: <199607061734.NAA18984@unix.asb.com> On 6 Jul 96 at 13:32, Anthony Daniel wrote: > Should try SECURE DESK-TOP as well (PC only), it can encrypt (DES and IDEA) [..] > And it can add PEM capabilities to most e-mail clients and it's WIN95 and PGP capabilities would be nice. :) > user friendly. Try it at: > > http://www.systems.it/secure > > There are NO export restrictions on it as well because it's Italian made. Well, it can't be downloaded from a US site to a non-US site anyway. It's nice to see some non-US strong crypto in that it will be all the more impetus to relax ITAR. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From ichudov at algebra.com Sat Jul 6 13:40:07 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 7 Jul 1996 04:40:07 +0800 Subject: Word lists for passphrases In-Reply-To: <960706092922_350344400@emout18.mail.aol.com> Message-ID: <199607061744.MAA31864@manifold.algebra.com> AwakenToMe at aol.com wrote: > > I have a util that will create a word list starting from aaaaaaaaaaa on up to > anythingggggggg > basically you could do every combination. Let me know if ya want it. > Here's the C++ prog that I wrote 1.5 yrs ago for my friend who needed it for genetic experiments on evidence in OJ "ZAEBAL" Simpson trial: void nested_loops(int max_depth, int *lower, int *upper, void (*action)(int *indexes, int depth)) /* calls (*action) for every combination of numbers of size max_depth o max_depth - size of all combinations o lower - lower boundaries for indices 0 -- max_depth - 1 o upper - upper boundaries for indices 0 -- max_depth - 1 o action - called for every combination Example: int lwr[] = { 'a', 'a' }; int upr[] = { 'b', 'b' }; nested_loops( 2, lwr, upr, some_action ); calls some_action for every combination aa ab ba bb */ { int *indexes = new int[max_depth]; int cur_depth = 0; indexes[cur_depth] = lower[cur_depth]; do { if( indexes[cur_depth] < upper[cur_depth] ) { if( cur_depth == max_depth - 1 ) { (*action)( indexes, cur_depth ); // Acting only deep enough indexes[cur_depth]++; } else { cur_depth++; indexes[cur_depth]=lower[cur_depth]; } } else { if( --cur_depth >= 0 ) indexes[cur_depth]++; } } while( cur_depth >= 0 ); delete [] indexes; } - Igor. From alano at teleport.com Sat Jul 6 13:51:23 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 7 Jul 1996 04:51:23 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <2.2.32.19960706175510.00f3a638@mail.teleport.com> At 06:27 AM 7/6/96 +0000, you wrote: >On Fri, 5 Jul 1996, CyberEyes wrote: > >> NOT talking about Lynx, what DOS-based Web browser is there? > > Net-Tamer. > > Requires a PPP connection, and precious little else. The problem is getting PPP to work under DOS. If your kid can do that, then he will have no problem in disabling any sort of filtering, as well as wiping the hard drive and installing Linux with X11R6. DOS stacks are a pain to get functioning, usually have little to no useful instructions, and tend to be harder than hell to find. (Or as Homer Simpson once said: "Mmmmmm! Packet drivers!") I expect to see a case where some kid gets in trouble for filtering out what his parents can see, read, or hear. Or sets the school filter to only allow going to porno sites. I find it humorous how many people think that they can use technology to babysit their kids when the kids understand the technology much better than they do in most cases... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From ichudov at algebra.com Sat Jul 6 14:06:26 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 7 Jul 1996 05:06:26 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: <199607061311.PAA08700@digicash.com> Message-ID: <199607061753.MAA31894@manifold.algebra.com> bryce at digicash.com wrote: > I really don't see why programs like majordomo, UseNet > moderation-bots, and most noticeably the PGP key distribution > program are PGP-unaware. My moderation bot STUMP is not only PGP-aware, it is also doing a lot of PGP-related things. Among them: 1) For posters who voluntarily chose additional protection, STUMP allows only messages with a valid PGP signature to be posted. All posts from these people that do not have a PGP sig or have an invalid sig, are automatically rejected. It protects them from forgeries. 2) All exchange between my modbot and human moderators is PGP-signed (and encrypted when necessary), to insure integrity of moderation email traffic. 3) All message approved for posting to usenet get signed with Greg Rose's PGPMoose program. 4) There is an additional service for those who post through anonymous remailers BUT want to have an identity and reputation. The idea is that they submit their PGP keys to the robomoderator, and later robomod takes the user id from the PGP key, replacing meaningless anonymous addresses with their identity. We currently have at least two posters whose real life identities are unknown, who use this feature and have sent us their PGP keys. STUMP is currently working in production mode seemingly with no problems. For details, look at http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html - Igor. From WlkngOwl at unix.asb.com Sat Jul 6 14:07:30 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 7 Jul 1996 05:07:30 +0800 Subject: Need PGP-awareness in common utilities Message-ID: <199607061837.OAA19841@unix.asb.com> On 6 Jul 96 at 15:11, bryce at digicash.com wrote: [..] > I really don't see why programs like majordomo, UseNet > moderation-bots, and most noticeably the PGP key distribution > program are PGP-unaware. > Okay, fine. Having waited for FIVE YEARS or however long it has > been, you who are responsible for such handy dandy programs may now > convincingly argue that you might as well wait for another few > months to get PGPlib. But I sincerely hope that once PGPlib arrives > we don't wait another five years before using it. Good point... > There is another argument that people sometimes make-- that > it is too complicated to ensure pubkey<->True Name. SO WHAT! I've never seen that argument. It's a non-issue for making programs PGP-aware. [..] --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sat Jul 6 14:15:29 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 7 Jul 1996 05:15:29 +0800 Subject: Transforming variable- to fixed-length keys Message-ID: <199607061837.OAA19848@unix.asb.com> On 7 Jul 96 at 1:47, pgut001 at cs.auckland.ac.nz wrote: [..] > I've run into a problem in writing a general-purpose n-byte input to m-byte > output transformation function. What this does is take an arbitrary-length > user key and transform it to a fixed-length encryption key (for example an > entered passphrase into a 112-bit triple-DES key). The constraints on memory > usage are: > > - The input (user) key can't be altered (you can't change data passed in by the > caller) > - The user key can't be copied to an internal buffer (it can be of arbitrary > length, and is sensitive material so shouldn't be copied elsewhere) > > In other words there's no temporary storage available apart from what's > provided in the output key. This is almost always a different length from the > input key. > > Some other constraints are: > > - The transformation must be algorithm-independant (it shouldn't, for example, [..] > - The transformation must be able to be iterated to make a password-guessing > attack harder to perform. Hmm. What about the following: Use a constant (non-weak) key for a cipher (perhaps the hash of the passphrase under certain circumstances?) For iteration-0, CFB (or some other feedback mode)-encrypt the passphrase from the input buffer to the output buffer (assuming the library doesn't require that the plaintext and ciphertext be in the same buffer) For following iterations, repeatedly CFB-encrypt the buffer, using a counter in data bytes. This method could use hash algorithms in MDC or Luby-Rackoff forms as well as block ciphers (and perhaps some stream ciphers). Another method might be to seed a PRNG similar to that used in PGP 2.x with the passphrase, have it stir the bytes a number of times, and then use the output as the key: randPoolAddBytes(passphrase, passlen); for(i=0;i Here's my initial approach, if anyone has any comments to make on this or knows > of a better way to do it, please let me know. [..] > The first stage in the key hashing prepends the length of the string as a > big-endian 16-bit count to the user key: > > +------+-------------------------------------------------------+ > |Length| User Key | > +------+-------------------------------------------------------+ > > The aim of the hashing is to reduce this variable-length input string to a > fixed-length key appropriate to the encryption algorithm being used. This is > done by treating the user encryption keys as circular buffers and repeatedly > hashing chunks of the user key and xoring the result into the output buffer. [..] > Since the input to the hash function is much larger than its output, a > significant amount of the user key affects each chunk of the encryption key. > The size of each "chunk" is determined by the hash function being used. For > example with the MD4 hash function, 64 bytes of user key affect each 16 bytes > of encryption key. [..] Questions: Are you using the previous chaining-variables/hash for each successive chunk? How do you pad passphrases that are smaller than the minimum input for a hash function? Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From alano at teleport.com Sat Jul 6 14:21:53 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 7 Jul 1996 05:21:53 +0800 Subject: [RANT] Re: CWD -- Jacking in from the "Keys to the Kingdom" Port Message-ID: <2.2.32.19960706181747.00987320@mail.teleport.com> At 03:27 PM 7/5/96 -0400, Mark M. wrote: >> B) Forget the CONFIG.SYS ... what about kids using Macs or some future >> "Kid Safe" system that has the filters in an eeprom? I'm talking >> about bypassing the censorship on the client-server level. Relatively >> platform independent. > >Using a hardware based filter is about as bad as using the IP security header >fields for content descriptions. It's not at the level where filtering >belongs. Filtering should be at the software level where it currently is. >Since this can easily be broken, it might be better to have "Kid Safe" ISP's >that would use a firewall to filter data. Or even better yet, they could actually teach thier children to deal with such information instead of sheltering them from it. I have dealt with a number of parents who have the idea that they can filter everything the kid hears or sees. The type of intelectual and emotional basketcases that result are not very plesant to interact with. They tend to go through alot of rough times when they have to go out into the world and see a wide variety of views, instead of just seeing what mommy and daddy want them to. What happens from there is generally not very pretty or very fun for the person involved. I do not believe that these types of filters are good. If you have that much concern about what your child can see, then you should not give them net access at all. (And remember to also not to leave them at the library where they might find just as much filth...) "If you don't want your kids to be hit by information, then don't let them play on the information superhighway." Without contradictoy viewpoints, children do not learn how to decern between them. They get indoctrinated into the idea that they must accept ideas as they are fed to them. That learning consists of taking what is provided and not to go out and find those ideas which might be "harmful" or "dangerous" without perental supervision. What we are getting is a bunch of emotional cripples who cannot handle anything intelectually sharper than a rubber ball. (And it must be a ball bigger than two inches in diameter, else they might choke on it.) With these sort of tools, we are conditioning our children that it is OK if someone filters their information before they see it. (Without even knowing the *KIND* of information being filtered, because even *THAT* level of knowledge is harmful and/or proprietary.) That it is OK for some parental figure to eliminate all the "nasty" and "awful" information before someone can hurt themselves with it. That itt is OK to prevent others from viewing information to complex for their childlike minds. We are becoming a nation of the babysat. Anything that our nannys deem harmful is hidden away in the bedrooms of the parental units. And maybe it is harmful. They have to scan through it all day long and look what kind of self-righous pricks they have become! At least I am able to instill some sort of love of knowledge and exploration into my daughter. Hopefully it will stick before the control freaks in this culture are able to knock it out of her... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From fiedorow at math.ohio-state.edu Sat Jul 6 15:07:52 1996 From: fiedorow at math.ohio-state.edu (Zbigniew Fiedorowicz) Date: Sun, 7 Jul 1996 06:07:52 +0800 Subject: MacPGP 2.6.3 released Message-ID: I have changed the method of distribution of FatMacPGP 2.6.3. It is now available by anonnymous FTP from Mike Johnson's ITAR compliant crypto archives at ftp://ftp.csn.net/mpj/. My web page http://www.math.ohio-state.edu/~fiedorow/PGP now contains detailed instructions and URL links explaining how to obtain the software from Mike Johnson's site, rather than the software itself. In particular, it is no longer necessary to have a previous version of PGP in order to get FatMacPGP 2.6.3. Note: my system administrators have changed the IP address of www.math.ohio-state.edu this weekend. If your DNS server has difficulty finding the site, you might try http://128.146.111.31/~fiedorow/PGP Feel free to redistribute FatMacPGP 2.6.3 to friends, acquaintances, etc and to put it up on local BBS's. It is your personal responsibility to insure you don't to violate any laws or international treaties doing so. Zig Fiedorowicz From iang at cs.berkeley.edu Sat Jul 6 15:15:19 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Sun, 7 Jul 1996 06:15:19 +0800 Subject: Netscape 3.0b5 can unanonymize Anonymizer Message-ID: <199607061933.MAA07654@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- The new netscape has this "feature" where the RHS of KEY=value pairs in tags can contain inline Javascript, which is evaluated to get the actual RHS. For example, the HTML: Did you really think you could be anonymous? will open a new, unanonymized, window (you don't even have to click on the link). The main problem is that the Anonymizer doesn't filter out the new way of embedding Javascript: &{this.is("javascript code")}; So, if you use the Anonymizer with netscape 3.0b5, _disable_ Javascript until this is fixed (better yet, disable Javascript and Java entirely, but that's another story for another time...). - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMd6/nEZRiTErSPb1AQGEPgQAu9NaxafrQDrqdTLUkzQ7k0D6Pq8FxIx1 7Mo3j6ACs6Flp2Tq+2szh6Ch+U0r21LL5NuC3zQ/BA9j/UmqU+c5XM7NRFFGEEhY f1RakLlaiWp+gnxv3dgWWMUZ30iB01kNbIGcl4X3FPLUpyavK45KoqjRJh13s/K+ ACWmg1pgmXk= =23r4 -----END PGP SIGNATURE----- From tphilp at bfree.on.ca Sat Jul 6 15:17:56 1996 From: tphilp at bfree.on.ca (Tim Philp) Date: Sun, 7 Jul 1996 06:17:56 +0800 Subject: CCC Crypto Lock Message-ID: <19004146800633@bfree.on.ca> The fact that this patent was issued indicates to me that the patent office does not understand computer technology. There is nothing new here that I was not using for other purposes at least 20 years ago. Unfortunately, once a patent is issued, it cost a great deal of money to break. Tim Philp At 04:10 AM 7/6/96 -0700, you wrote: >MicroPatent, 4 July 96 > > >Systems and methods for protecting software from >unlicensed copying and use (Assignee -- Convex Computer >Corporation) > > >Abstract: Disclosed systems and methods for protecting a >software program from unauthorized use and copying >through the removal at least one of a plurality of >instructions comprising a software program, and >encrypting the removed instruction utilizing an >encryption algorithm to produce an encrypted instruction, >the encryption algorithm responsive to a randomly >generated key. > >Ex Claim Text: A processing system for protecting a >software program from unauthorized use, said software >program including one or more unencrypted instructions >stored in memory associated with said software program, >said processing system comprising: a processing unit >operable to: remove at least one selected said >unencrypted instruction from an executable area in said >memory associated with executable portions of said >program; encrypt said at least one selected unencrypted >instruction removed from said software program utilizing >an encryption algorithm to produce an encrypted >instruction; store said encrypted instruction within a >first non-executable data area in said memory associated >with said software program; and insert at least one >trappable instruction in place of said encrypted >instruction within said executable area in memory >allowing said software program to be linked with one or >more other programs. > >Assignee: Convex Computer Corporation > >Patent Number: 5530752 > >Issue Date: 1996 06 25 > >Inventor(s): Rubin, Robert J. > >If you would like to purchase a copy of this patent, >please call MicroPatent at 800-984-9800. > >Copyright 1996, MicroPatent > > From AwakenToMe at aol.com Sat Jul 6 15:39:23 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Sun, 7 Jul 1996 06:39:23 +0800 Subject: Word lists for passphrases Message-ID: <960706155139_428652398@emout15.mail.aol.com> In a message dated 96-07-06 14:25:18 EDT, perry at piermont.com (Perry E. Metzger) writes: << "Perry E. Metzger" writes: > > AwakenToMe at aol.com writes: > > I have a util that will create a word list starting from > > aaaaaaaaaaa on up to anythingggggggg basically you could do every > > combination. Let me know if ya want it. > > That would really be of great use for doing wordlist crack runs. It > must have taken you a long time to write -- generous of you to offer > it. I want to apologize to everyone for being gratuitously nasty here. It wasn't called for. >> Thats funny. I thought you were being completely serious and I sent you this file. You are exactly right. it is of GREAT use for doing wordlist crack runs. Why dont ya check out some realllyyy secure systems and find out what utils they use to test their own security. I ALWAYS use created segments of this when trying to brute force my way into my OWN machine. It helps finding bugs that overwrite the stack..etc. But... apology accepted. You may learn from it. From bryce at digicash.com Sat Jul 6 15:51:00 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 06:51:00 +0800 Subject: more about the usefulness of PGP Message-ID: <199607061957.VAA21682@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Here's an idea that I always wanted to implement but never did yet. I thought I'd share and if someone else has already done it let me have a copy. I should be able to execute scripts remotely by sending e-mail to an account. Simple mail-handling scripts at that account should check the PGP signature (and timestamp/counter to prevent replay/delay attacks) and then pass the contents to a full script-language interpreter. Perl is a natural choice of interpreter. Has anybody implemented this (hopefully complete with replay/delay prevention)? Thanks! Bryce P.S. No, actually I can't think of any good use for this trick. But maybe if I had it I would find good uses for it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7FIEjbHy8sKZitAQHhRQMAmZoekRgmUKSYv89/QrkzRFdTUZLZHK8a tlaXLtyJXrOjajxJRVvXWY7Rum6mVXe/4eHTPCGzzWQdXMJB/TJSQeRmTuSiSd9i 0DtWcQSmP4q5AFor48NtNvqAOEonf5Vi =My90 -----END PGP SIGNATURE----- From bryce at digicash.com Sat Jul 6 15:53:18 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 06:53:18 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: <199607061753.MAA31894@manifold.algebra.com> Message-ID: <199607061950.VAA21507@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- An entity calling itself ichudov at algebra.com probably wrote something like: > > My moderation bot STUMP is not only PGP-aware, it is also doing > a lot of PGP-related things. Among them: > > 1) For posters who voluntarily chose additional protection, STUMP allows > only messages with a valid PGP signature to be posted. > 2) All exchange between my modbot and human moderators is PGP-signed > (and encrypted when necessary) > 3) All message approved for posting to usenet get signed with Greg > Rose's PGPMoose program. > 4) There is an additional service for those who post through anonymous > remailers BUT want to have an identity and reputation. > We currently have at least two posters whose real life identities are > unknown, who use this feature and have sent us their PGP keys. > > STUMP is currently working in production mode seemingly with no problems. Okay Igor, that is an impressive list of features! Now what I want to know (and what I want other people here to hear) is: _How_ difficult was it to incorporate these PGP features into your software? My guess is that it was a simple matter of making a couple of system calls to PGP, plus maybe extra defense against replay attacks (you _do_ have defense against replay attacks don't you?) and the fact that you have more debugging work because you have more features. Regards, Bryce Return-Path: ichudov at manifold.algebra.com Received: from galaxy.galstar.com (galaxy.galstar.com [204.251.80.2]) by digicash.com (8.6.11/8.6.10) with ESMTP id TAA15575 for ; Sat, 6 Jul 1996 19:54:16 +0200 Received: from manifold.algebra.com (manifold.algebra.com [204.251.82.89]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id MAA12554; Sat, 6 Jul 1996 12:52:30 -0500 Received: (from ichudov at localhost) by manifold.algebra.com (8.7.5/8.6.11) id MAA31894; Sat, 6 Jul 1996 12:53:02 -0500 Message-Id: <199607061753.MAA31894 at manifold.algebra.com> Subject: Re: Need PGP-awareness in common utilities To: bryce at digicash.com Date: Sat, 6 Jul 1996 12:53:02 -0500 (CDT) Cc: cypherpunks at toad.com, e$@thumper.vmeng.com Reply-To: ichudov at algebra.com (Igor Chudov) In-Reply-To: <199607061311.PAA08700 at digicash.com> from "bryce at digicash.com" at Jul 6, 96 03:11:48 pm From: ichudov at algebra.com (Igor Chudov @ home) X-No-Archive: yes X-Mailer: ELM [version 2.4 PL24 ME7] Content-Type: text bryce at digicash.com wrote: > I really don't see why programs like majordomo, UseNet > moderation-bots, and most noticeably the PGP key distribution > program are PGP-unaware. My moderation bot STUMP is not only PGP-aware, it is also doing a lot of PGP-related things. Among them: 1) For posters who voluntarily chose additional protection, STUMP allows only messages with a valid PGP signature to be posted. All posts from these people that do not have a PGP sig or have an invalid sig, are automatically rejected. It protects them from forgeries. 2) All exchange between my modbot and human moderators is PGP-signed (and encrypted when necessary), to insure integrity of moderation email traffic. 3) All message approved for posting to usenet get signed with Greg Rose's PGPMoose program. 4) There is an additional service for those who post through anonymous remailers BUT want to have an identity and reputation. The idea is that they submit their PGP keys to the robomoderator, and later robomod takes the user id from the PGP key, replacing meaningless anonymous addresses with their identity. We currently have at least two posters whose real life identities are unknown, who use this feature and have sent us their PGP keys. STUMP is currently working in production mode seemingly with no problems. For details, look at http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html - Igor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7Dj0jbHy8sKZitAQGkIAMAxr5F3Lqv2cUBekFz3KRam1H4uE4qKrHx cv7DwvRUXVX89TK0TFVlt/T3nwD8NBTwMtMG+xnlltHCLcjrSC0gd+3Pu2B8o0nD 0JnXWitvZtAm405YPKaN7sX6hCGGyNOX =U+4Q -----END PGP SIGNATURE----- From ichudov at algebra.com Sat Jul 6 16:08:01 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 7 Jul 1996 07:08:01 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: <199607061950.VAA21507@digicash.com> Message-ID: <199607062013.PAA00038@manifold.algebra.com> bryce at digicash.com wrote: > An entity calling itself ichudov at algebra.com probably wrote > something like: > > > > My moderation bot STUMP is not only PGP-aware, it is also doing > > a lot of PGP-related things. Among them: > > > > 1) For posters who voluntarily chose additional protection, STUMP allows > > only messages with a valid PGP signature to be posted. > > > 2) All exchange between my modbot and human moderators is PGP-signed > > (and encrypted when necessary) > > > 3) All message approved for posting to usenet get signed with Greg > > Rose's PGPMoose program. > > > 4) There is an additional service for those who post through anonymous > > remailers BUT want to have an identity and reputation. > > > We currently have at least two posters whose real life identities are > > unknown, who use this feature and have sent us their PGP keys. > > > > STUMP is currently working in production mode seemingly with no problems. > > > Okay Igor, that is an impressive list of features! Now what thanks > I want to know (and what I want other people here to hear) is: > _How_ difficult was it to incorporate these PGP features into > your software? Almost nothing is dufficult, in general. In particular, implementation of these features was easy. Coming up with how they should work was not that easy. Thanks to members of Cypherpunks list for their suggestions, by the way. You know, this stuff is easy to do in perl and sh. > My guess is that it was a simple matter of > making a couple of system calls to PGP, plus maybe extra > defense against replay attacks (you _do_ have defense against > replay attacks don't you?) and the fact that you have more > debugging work because you have more features. Depends on what replay attacks you are talking about. If you are more specific, I can talk about it. Some of it is discussed at http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html - Igor. From tcmay at got.net Sat Jul 6 16:29:26 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 7 Jul 1996 07:29:26 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: At 6:17 PM 7/6/96, Alan Olsen wrote: >With these sort of tools, we are conditioning our children that it is OK if >someone filters their information before they see it. (Without even knowing >the *KIND* of information being filtered, because even *THAT* level of >knowledge is harmful and/or proprietary.) That it is OK for some parental >figure to eliminate all the "nasty" and "awful" information before someone >can hurt themselves with it. That itt is OK to prevent others from viewing >information to complex for their childlike minds. > >We are becoming a nation of the babysat. Anything that our nannys deem >harmful is hidden away in the bedrooms of the parental units. And maybe it >is harmful. They have to scan through it all day long and look what kind of >self-righous pricks they have become! The doublethink and hypocrisy of modern society is astounding. A friend of mine has an 8-year-old son, whom he has custody of on weekends. Sometimes his son wants to have his friend stay over Saturday, as kids like to do. When the mother (a single mother, as this is California) drops her son off with my friend (also single, of course), she includes several "Ritalin" capsules with instructions on how to dose her son with this depressant/behavior modification drug. My friend ignores these Ritalins, which upsets the Mom greatly the next day when she realizes her son has not been given the tranks that are also known as "Mother's little helpers." I've been over visiting my friend to see some of this. The Ritalin-sodden kid arrives like a zombie. When the Ritalin wears off, he's rambunctuous, but all kids are. My friend Paul has had to discipline him a bit to keep him from--as the psychobabbles would say--"acting out." This discipline sets him straight, but it's not something his New Age "supermom" would ever think of doing. Hence the kid throws temper tantrums, acts out, calls her "You fucking asshole" (remember, he's only 8 or so), and so on. So she cranks up his dose of Ritalin and he's zoned out for a while. Frankly, I think telling the kid that if throws a tantrum he'll get punished for it is a whole lot more normal--ever notice that a dog smacks her puppies when they get out of line, or that a cat swats her kittens the same way? It establishes the rules of the game. (No, I'm not talking about "child abuse," the sadistic beltings and lashings which some parents give. However, here in Kalifornia it is essentially illegal for parents to use corporal punishment. Heavy doses of drugs are, after all, the California way!) "Just say no to drugs!" is the mantra of these doublethinkers, as they dose their kids at school and at home with tranquilizers and behavior modification drugs. The kids grow up thinking pills are the answer to everything. Also in California, the public schools dispense these mind control drugs to a growing fraction of the school population. Apparently this has become the largest part of the job of "school nurses." I believe parents are involved in this dosing regimen, but I would not be surprised if this changes. After all, such medical procedures as abortion are now handled "discreetly" by the school nurses, without any requirement that the parent be notified. Whatever one thinks of abortion, this is surely a strange state of affairs, where the public school system is taking on such a role and is actively deceiving a parent. The connection with the themes of our list is that this linguistic doublethink is what allows Big Brother's control of our communications and private files to be called by the relatively benign name of "escrow." --Tim Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From eli+ at gs160.sp.cs.cmu.edu Sat Jul 6 17:02:40 1996 From: eli+ at gs160.sp.cs.cmu.edu (eli+ at gs160.sp.cs.cmu.edu) Date: Sun, 7 Jul 1996 08:02:40 +0800 Subject: NYT/CyberTimes on CWD article In-Reply-To: <+cmu.andrew.internet.cypherpunks+olrdBjW00UfAI10EoP@andrew.cmu.edu> Message-ID: <199607062057.NAA16062@toad.com> >http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html > "If we believe the encryption scheme has > been compromised, we will make another > one." Heh. It seems that these companies are going to have a problem as long as they use lists of *excluded* sites. Forget insight into company policy; these are global indices of "smut" on the net. (The lists of the more liberal companies are probably most attractive to those not titillated by NOW position papers.) They have to give you the list, and they have to give you software that uses it, so there's no way to achieve complete secrecy. I think the best they can do is to distribute a list of hashed URLs. -- Eli Brandt eli+ at cs.cmu.edu From bryce at digicash.com Sat Jul 6 17:15:06 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 08:15:06 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: <199607062013.PAA00038@manifold.algebra.com> Message-ID: <199607062117.XAA25154@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- You know, Igor... (It has been a few months since I was hot on this idea, but hearing about your practical PGP successes has gotten me interested again...) If you have a moderation bot for a Usenet group (and could it be pressed into service as a mailing list handler I wonder?), this would be a nice tool to start with in order to implement full-fledged content/author ratings. Anybody wanna hack a perl script or two to produce/consume content/author ratings for cypherpunks (it could surely use some!). We can use my dormant mailing list, c2punks at c2.net, as a parallel channel to transmit cypherpunk (and maybe other) ratings. Let me know. We _could_ adopt the ridiculously simple NoCeM protocol, or the ever-mutating public key certificates being designed in a nearby mailing list, or some protocol of our own. (Shouldn't be too hard to come up with an implementable, useful protocol.) (And of course we can mix Ecash(tm) in...) Bryce P.S. Look for demo in a second. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7XyUjbHy8sKZitAQG37QL7Br0vNB2xx4rwyGmXUqP8YYkY3GV5Q2Cv Ut0PmkdKTlmDkM0nFzZEYTuOhvPwabglpq385Dzp6vjUratILMhOQLulqueumj/C zOz4KcUEPqinK7KMg5ZnkZPy6d02goh2 =OBSL -----END PGP SIGNATURE----- From ichudov at algebra.com Sat Jul 6 17:28:05 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 7 Jul 1996 08:28:05 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: <199607062117.XAA25154@digicash.com> Message-ID: <199607062132.QAA00782@manifold.algebra.com> bryce at digicash.com wrote: > You know, Igor... > (It has been a few months since I was hot on this idea, but > hearing about your practical PGP successes has gotten me > interested again...) > > If you have a moderation bot for a Usenet group (and could it be > pressed into service as a mailing list handler I wonder?), this Yes, it can be. When I was writing it I had in mind that I want to write a general moderation bot that can be _applied_ to USENET. There is a script processApproved which is called when a message should get posted. If you replace the usenet version of processApproved to mailing list version, you will be done. > would be a nice tool to start with in order to implement > full-fledged content/author ratings. Well, STUMP is a generic moderation tool. > Anybody wanna hack a perl > script or two to produce/consume content/author ratings for > cypherpunks (it could surely use some!). We can use my dormant > mailing list, c2punks at c2.net, as a parallel channel to transmit > cypherpunk (and maybe other) ratings. So, what you want is a tool that accepts "unmoderated" cpunks list, selects messages by authors with high ratings, and forwards only these into the "filtered" list? That's neat _if_ ratings are done by people whose tastes are similar to mine.. > Let me know. We _could_ adopt the ridiculously simple NoCeM > protocol, or the ever-mutating public key certificates being > designed in a nearby mailing list, or some protocol of our own. > (Shouldn't be too hard to come up with an implementable, useful > protocol.) ????? - Igor. From bryce at digicash.com Sat Jul 6 17:40:07 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 08:40:07 +0800 Subject: demo rating Message-ID: <199607062159.XAA28958@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Certificate-Type: Chudov/Wilcox Content/Author Rating Rating-Type: Content Object-ID: Date: Sat, 06 Jul 1996 23:16:59 +0200/From: bryce at digicash.com Topicality: 10 Entertainment: 10 Value: 10 Signer: 0x2c2998ad Timestamp: Sat Jul 6 23:59:15 MET DST 1996 Signature: -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7hzkjbHy8sKZitAQE2EgL/SzCdEDihADRwDnGMy/GmkUF/3z082FRz uv0QbyR32Se15q+nkNZoj0vrMB9oFdFDv5fFON7oun3kLN+BukCAQTwta2+CYaIQ F6CwqeZz5TdAFYLB8lrgM0jAQDNaIiI6 =q+l+ -----END PGP SIGNATURE----- From norm at netcom.com Sat Jul 6 17:52:53 1996 From: norm at netcom.com (Norman Hardy) Date: Sun, 7 Jul 1996 08:52:53 +0800 Subject: NYT/CyberTimes on CWD article Message-ID: At 9:17 AM 7/6/96, Declan McCullagh wrote: >"We are writers, not crytographers." > >-Declan .... This seems to be an application for Bloom filters. See page bottom of page 561 in Knuth's "Searching and Sorting", First Edition. (Vol 3 of Art of Computer Programming) With a Bloom filter you can hide which URLs you reject yet quickly rejecting particular URLs. Compute SHA(URL) yielding 160 bits. Divide that into 16 ten bit quantities b[i], for 0<=i< 10. Reject the access if P[b[i]] = 1 for each i. P is an array of 1024 bits computed by someone with the index prohibitorum. (pardon my Latin) Yes, this excludes 1/1024 "falsely accused" URLs, but you get the idea. From bryce at digicash.com Sat Jul 6 17:55:19 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 08:55:19 +0800 Subject: ratings Message-ID: <199607062201.AAA29101@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Of course a real rating would be signed by my ratings private key and not by my e-mail private key. I might start a service where I will pay you for your ratings and then distribute them for a fee. (Note that you get paid for generating ratings, as long as your ratings get good meta-ratings. You have to pay to use other people's ratings. This is how it should be.) Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7iRkjbHy8sKZitAQGTEQL+IchRcLv9r7/WpDQb8tmJ0QJD7tN8KUNG AEX/UtzApwffH2kS90ThHVnsVt/8WKgI+WfsZ0Z0PtYoE5uLwBUJDzXydbZ8zHEx B5Ti4pfF0wuXwWD6kA/ISYyhZHRewcol =Dwsd -----END PGP SIGNATURE----- From bryce at digicash.com Sat Jul 6 18:04:32 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 09:04:32 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: <199607062132.QAA00782@manifold.algebra.com> Message-ID: <199607062156.XAA28423@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- An Igor-like entity wrote something like this: > > Yes, it can be. When I was writing it I had in mind that I want > to write a general moderation bot that can be _applied_ to USENET. > > There is a script processApproved which is called when a message > should get posted. If you replace the usenet version of processApproved > to mailing list version, you will be done. Nice design. :-) > > Anybody wanna hack a perl > > script or two to produce/consume content/author ratings for > > cypherpunks (it could surely use some!). We can use my dormant > > mailing list, c2punks at c2.net, as a parallel channel to transmit > > cypherpunk (and maybe other) ratings. > > So, what you want is a tool that accepts "unmoderated" cpunks list, > selects messages by authors with high ratings, and forwards only > these into the "filtered" list? That's neat _if_ ratings are done > by people whose tastes are similar to mine.. Hm. That might be an interesting addition to my plan, but the first step is to generate ratings and to consume them at each individual's mail-handling site. So I, for example, would run a script every time I received mail (or every hour, or every day, etc) which looked for ratings certificates, PGP-verified them, and saved the rating in a database. Then I would run another script (every time I received mail, or every hour, etc.) which identified incoming messages and _did_ something to them if there were sufficient ratings in the database to merit _doing_ something to them (e.g. delete, promote to a "well-rated" folder, demote to a "poorly-rated" folder, forward to my friends, forward to my enemies, etc.). Now as you astutely note, this is only valuable if you like the ratings. Thus it is necessary to have meta-ratings. The simplest meta-rating is "rate raters by hand". That is, you manually make a list of (potential) raters and put their public key ID and a coefficient indicating how much you value their ratings into a meta-ratings database. More complicated meta-ratings include "how often did I agree with them", true (acquired from other people) meta-ratings, and... um.. automated textual analysis or whatever other whacky heuristic you want to plug in. This could be so much fun... Bryce P.S. Oh yeah... The demo. Just a sec. Return-Path: ichudov at manifold.algebra.com Received: from galaxy.galstar.com (galaxy.galstar.com [204.251.80.2]) by digicash.com (8.6.11/8.6.10) with ESMTP id XAA26531 for ; Sat, 6 Jul 1996 23:35:45 +0200 Received: from manifold.algebra.com (manifold.algebra.com [204.251.82.89]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id QAA11089; Sat, 6 Jul 1996 16:32:06 -0500 Received: (from ichudov at localhost) by manifold.algebra.com (8.7.5/8.6.11) id QAA00782; Sat, 6 Jul 1996 16:32:39 -0500 Message-Id: <199607062132.QAA00782 at manifold.algebra.com> Subject: Re: Need PGP-awareness in common utilities To: bryce at digicash.com Date: Sat, 6 Jul 1996 16:32:38 -0500 (CDT) Cc: ichudov at algebra.com, cypherpunks at toad.com, e$@thumper.vmeng.com Reply-To: ichudov at algebra.com (Igor Chudov) In-Reply-To: <199607062117.XAA25154 at digicash.com> from "bryce at digicash.com" at Jul 6, 96 11:16:59 pm From: ichudov at algebra.com (Igor Chudov @ home) X-No-Archive: yes X-Mailer: ELM [version 2.4 PL24 ME7] Content-Type: text bryce at digicash.com wrote: > You know, Igor... > (It has been a few months since I was hot on this idea, but > hearing about your practical PGP successes has gotten me > interested again...) > > If you have a moderation bot for a Usenet group (and could it be > pressed into service as a mailing list handler I wonder?), this Yes, it can be. When I was writing it I had in mind that I want to write a general moderation bot that can be _applied_ to USENET. There is a script processApproved which is called when a message should get posted. If you replace the usenet version of processApproved to mailing list version, you will be done. > would be a nice tool to start with in order to implement > full-fledged content/author ratings. Well, STUMP is a generic moderation tool. > Anybody wanna hack a perl > script or two to produce/consume content/author ratings for > cypherpunks (it could surely use some!). We can use my dormant > mailing list, c2punks at c2.net, as a parallel channel to transmit > cypherpunk (and maybe other) ratings. So, what you want is a tool that accepts "unmoderated" cpunks list, selects messages by authors with high ratings, and forwards only these into the "filtered" list? That's neat _if_ ratings are done by people whose tastes are similar to mine.. > Let me know. We _could_ adopt the ridiculously simple NoCeM > protocol, or the ever-mutating public key certificates being > designed in a nearby mailing list, or some protocol of our own. > (Shouldn't be too hard to come up with an implementable, useful > protocol.) ????? - Igor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7hAkjbHy8sKZitAQGGwwMAtgHInUGs0ugyLJKSzigjNoZ3Tdu3NW7X NgQkc+1ZyJz8ev43FM2knFmp7F8pImP5wZU9l6swJKsSXuzc7TRi6rObaLdOIVEY 4j0y/UWGGE6O+vGtavzjYOLiuVG7uoWk =RwfO -----END PGP SIGNATURE----- From strick at versant.com Sat Jul 6 18:20:51 1996 From: strick at versant.com (strick (henry strickland)) Date: Sun, 7 Jul 1996 09:20:51 +0800 Subject: shell script (Word lists for passphrases) In-Reply-To: Message-ID: <9607062251.AA17697@vp.versant.com> # From: "Erik E. Fair" (Time Keeper) # # You could just snarf up a week's worth of netnews... This is trival and, in practice, work great. Feed it mail, news, man pages, etc. You can cascade results to eliminate huge sorts. The final grep is my hueristic for english; you can delete or modify it. Happy hacking. strick cat "$@" | tr A-Z a-z | grep -v "^message-id:" | grep -v "^received:" | tr -c "a-zA-Z" " " | grep -v "^$" | sort | uniq | grep -v "[bcdfghjklmnpqrtvwxz][bcdfghjklmnpqrtvwxz][bcdfghjklmnpqrtvwxz][bcdfghjklmnpqrtvwxz]" From llurch at networking.stanford.edu Sat Jul 6 18:42:40 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sun, 7 Jul 1996 09:42:40 +0800 Subject: CCC Crypto Lock In-Reply-To: <19004146800633@bfree.on.ca> Message-ID: On Sun, 7 Jul 1996, Tim Philp wrote: > The fact that this patent was issued indicates to me that the patent office > does not understand computer technology. Gee. Next you'll be telling us that the US Congress isn't always sensitive to libertarian issues. -rich From ichudov at algebra.com Sat Jul 6 19:15:02 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 7 Jul 1996 10:15:02 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607062339.SAA02129@manifold.algebra.com> > At 6:17 PM 7/6/96, Alan Olsen wrote: > >With these sort of tools, we are conditioning our children that it is OK if > >someone filters their information before they see it. (Without even knowing > >the *KIND* of information being filtered, because even *THAT* level of > >knowledge is harmful and/or proprietary.) That it is OK for some parental > >figure to eliminate all the "nasty" and "awful" information before someone > >can hurt themselves with it. That itt is OK to prevent others from viewing > >information to complex for their childlike minds. What annoys me to NO END is the laws that require that children under age of 13 (?) must always be under parental supervision. These laws even say that leaving children unsupervised is child abuse. Well, i can grant that there are dangers associated with leaving children alone. But being constantly supervised is way worse. It is like being in jail. igor From ichudov at algebra.com Sat Jul 6 19:18:06 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 7 Jul 1996 10:18:06 +0800 Subject: more about the usefulness of PGP In-Reply-To: <199607061957.VAA21682@digicash.com> Message-ID: <199607062333.SAA02110@manifold.algebra.com> make sure that you are protected from replay attacks. a good idea would be to make the server to send cookies by request of the remote user (you can limit the number of people to whom the server sends cookies) and make sure that messages without the latest cookie will NOT be executed. igor bryce at digicash.com wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Here's an idea that I always wanted to implement but never did > yet. I thought I'd share and if someone else has already done > it let me have a copy. > > > I should be able to execute scripts remotely by sending e-mail > to an account. Simple mail-handling scripts at that account > should check the PGP signature (and timestamp/counter to prevent > replay/delay attacks) and then pass the contents to a full > script-language interpreter. > > > Perl is a natural choice of interpreter. Has anybody > implemented this (hopefully complete with replay/delay > prevention)? > > > Thanks! > > Bryce > > P.S. No, actually I can't think of any good use for this > trick. But maybe if I had it I would find good uses for it. > > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2i > Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 > > iQB1AwUBMd7FIEjbHy8sKZitAQHhRQMAmZoekRgmUKSYv89/QrkzRFdTUZLZHK8a > tlaXLtyJXrOjajxJRVvXWY7Rum6mVXe/4eHTPCGzzWQdXMJB/TJSQeRmTuSiSd9i > 0DtWcQSmP4q5AFor48NtNvqAOEonf5Vi > =My90 > -----END PGP SIGNATURE----- > - Igor. From wb8foz at nrk.com Sat Jul 6 19:24:39 1996 From: wb8foz at nrk.com (David Lesher) Date: Sun, 7 Jul 1996 10:24:39 +0800 Subject: Radiological Survey Meter (fwd) Message-ID: <199607062350.TAA03661@nrk.com> If you want such for random #'s.... Tony S. Patti <103514.36 at CompuServe.COM> of Cryptosystems Journal mentioned he'd found a meter as follows: RESOURCES UN-LTD. 800-810-4070. Victoreen Model 1 from 1964, in the original box. $39.00 -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From shamrock at netcom.com Sat Jul 6 19:35:18 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 7 Jul 1996 10:35:18 +0800 Subject: Need PGP-awareness in common utilities Message-ID: At 23:56 7/6/96, bryce at digicash.com wrote: >Hm. That might be an interesting addition to my plan, but the >first step is to generate ratings and to consume them at each >individual's mail-handling site. So I, for example, would run a >script every time I received mail (or every hour, or every day, >etc) which looked for ratings certificates, PGP-verified them, >and saved the rating in a database. Then I would run another >script (every time I received mail, or every hour, etc.) which >identified incoming messages and _did_ something to them if >there were sufficient ratings in the database to merit _doing_ >something to them (e.g. delete, promote to a "well-rated" >folder, demote to a "poorly-rated" folder, forward to my >friends, forward to my enemies, etc.). As has been discussed in numberous previous threads on this topic, even a passive rating system is very hard to implement. The computer doesn't know if you hit delete because the post was garbage or because you are running late on some project. An active rating system is virtually impossible to implement, given the added workload on the readers. Good lucky anyway, -- Lucky Green PGP encrypted mail preferred. Disclaimer: My opinions are my own. From bryce at digicash.com Sat Jul 6 20:25:05 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sun, 7 Jul 1996 11:25:05 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: Message-ID: <199607070030.CAA05537@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Lucky wrote something like: > > As has been discussed in numberous previous threads on this topic, even a > passive rating system is very hard to implement. The computer doesn't know > if you hit delete because the post was garbage or because you are running > late on some project. What's the difference? All practical measure of value is in comparison to competing objects. This _does_ mean that your "approvalness" coefficient goes up and down as your situation changes, but it doesn't mean that your rating becomes meaningless. Hm. If it happened that a bunch of prolific raters got busy, ratings across the board would go down. (Seems statistically unlikely, but still...) Then when they went back up there would be a "burst of activity" effect. :-) Possibly what I like most about ratings and micropayments is how the quantify previously unquantified human behavior. We've all seen the "burst of activity" on a mailing list or at a party, or on a stock market, right? Well that is just people's ratings all pushing each other up! > An active rating system is virtually impossible to > implement, given the added workload on the readers. Which is where the small payments to ratings producers from ratings consumers comes in. Again this is just the quantification of a phenomena that we all take for granted. (Namely, that people who produce quality ratings are producing a value and trading/contributing it to others.) ("'Just' the quantification", I said !! That might seem like a hilarious understatement someday.) Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd8FO0jbHy8sKZitAQEBoQMAmMtQg0cTrdXpHf07p1sYVUPAnJq+Jp1v /g6CqYu/YwIRHmnHyLmCehqB74xYJ6sjOLmKaYXd12f1oFUJL9rsx2LAEiPNeAMb gSClZhpUu++CE+PfH8GlOZ1E/75ZcIx0 =V0z6 -----END PGP SIGNATURE----- From mpd at netcom.com Sat Jul 6 20:27:14 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 7 Jul 1996 11:27:14 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607062339.SAA02129@manifold.algebra.com> Message-ID: <199607070045.RAA24335@netcom5.netcom.com> tcmay at got.net (Timothy C. May) writes: > The doublethink and hypocrisy of modern society is > astounding. > When the mother (a single mother, as this is California) > drops her son off with my friend (also single, of course), > she includes several "Ritalin" capsules with instructions on > how to dose her son with this depressant/behavior > modification drug. > My friend ignores these Ritalins, which upsets the Mom > greatly the next day when she realizes her son has not been > given the tranks that are also known as "Mother's little > helpers." This, of course, is justified by the psychiatric profession's invention of dozens of bogus diseases, syndromes, and disorders for children. These are not caused by any organic pathology, of course, but are instead defined solely by the child belonging to the upper five percent of those exhibiting perfectly normal behaviors which annoy people who have money to hire psychiatrists. For kids, that's parents and teachers, and the afflicted population jumps to ten percent if you happen to be a kid unlucky enough to be under the care of Mormons. Refuse to go to a crappy public school and you are suffering from "School Phobia." Don't jump to follow the orders of the nearest adult, or disagree with an adult, and its "Oppositional-Defiant" Disorder. Not to mention the plethora of ADD/ADDH nonsense that is used to label any kid who is bored to tears by eight hours a day of political indoctrination from the NEA and AFT. Drugs for the poor, and therapy for the rich who can afford it, are of course the way the psychiatric profession offers to "cure" these invented maladies. And since every population of children will have an upper five percent (ten percent, for Mormons), a neverending supply of patients is assured. > This discipline sets him straight, but it's not something > his New Age "supermom" would ever think of doing. Hence the > kid throws temper tantrums, acts out, calls her "You fucking > asshole" (remember, he's only 8 or so), and so on. So she > cranks up his dose of Ritalin and he's zoned out for a > while. Actually, I think calling someone who force-feeds you a mind-numbing drug "A Fucking Asshole" is, to borrow one of Tim's favorite words, "Unremarkable." :) This Soviet-style "Medicalization of Dissent", while applied primarily to children today, historically has been done by the psychiatric profession on behalf of anyone who could write their name on a large check. It wasn't too long ago that they even had an official mental disorder whose symptoms were "an abnormal desire for freedom" on the part of a Black man. Slave owners must have been just as happy with that as Ritalin-dispensing parents and teachers are today. > The connection with the themes of our list is that this > linguistic doublethink is what allows Big Brother's control > of our communications and private files to be called by the > relatively benign name of "escrow." Indeed. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From markm at voicenet.com Sat Jul 6 22:55:14 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 7 Jul 1996 13:55:14 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607070045.RAA24335@netcom5.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 6 Jul 1996, Mike Duvos wrote: > This, of course, is justified by the psychiatric profession's > invention of dozens of bogus diseases, syndromes, and disorders > for children. These are not caused by any organic pathology, of > course, but are instead defined solely by the child belonging to > the upper five percent of those exhibiting perfectly normal > behaviors which annoy people who have money to hire > psychiatrists. For kids, that's parents and teachers, and the > afflicted population jumps to ten percent if you happen to be a > kid unlucky enough to be under the care of Mormons. While the psychiatric profession has invented many bogus diseases, that does not mean that the profession has no credibility. Remember that psychology is little more than philosophy. Abnormal behavior patterns don't necessarily mean that a child has a disorder or disease. However, if the child experiences physical symptoms, then a chemical imbalance in the brain is not that farfetched. > > Refuse to go to a crappy public school and you are suffering from > "School Phobia." Don't jump to follow the orders of the nearest > adult, or disagree with an adult, and its "Oppositional-Defiant" > Disorder. Not to mention the plethora of ADD/ADDH nonsense that > is used to label any kid who is bored to tears by eight hours a > day of political indoctrination from the NEA and AFT. First of all, a child is considered to have "school phobia" when the child refuses to go to school and also has severe anxiety attacks, vomiting, and nausea. It's a lot more than refusing to go to a "crappy public school." Attention Deficit Disorder is hardly nonsense; it's a disorder found to be partly hereditary and strongly linked with clinical depression. [...] > > Actually, I think calling someone who force-feeds you a > mind-numbing drug "A Fucking Asshole" is, to borrow one of Tim's > favorite words, "Unremarkable." :) > > This Soviet-style "Medicalization of Dissent", while applied > primarily to children today, historically has been done by the > psychiatric profession on behalf of anyone who could write their > name on a large check. It wasn't too long ago that they even had > an official mental disorder whose symptoms were "an abnormal > desire for freedom" on the part of a Black man. Slave owners > must have been just as happy with that as Ritalin-dispensing > parents and teachers are today. > > > The connection with the themes of our list is that this > > linguistic doublethink is what allows Big Brother's control > > of our communications and private files to be called by the > > relatively benign name of "escrow." > > Indeed. I do agree that Ritalin, like Prozac, is being used inappropriately as a sort of cure-all drug. And I also agree that inventing malodies for anything undesirable to society has Orwellian implications. Everyone who doesn't agree with the State is obviously mentally ill and must be "cured." There are real illnesses, and there are fake ones. Just because the psychiatic profession does attribute certain behavior to some non-existent illness doesn't mean there is any reason to not believe in any psychological maladies. There are many severe and very painfull illnesses such as depression, schizophrenia, obsessive-compulsive disorder, and multiple personality disorder. There are also psychological disorders such as anorexia, phobias, and mood disorders. It's surprising to me that people consider the Unabomber "insane" but yet do not believe that many very real mental illnesses and disorders exist. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMd8rRLZc+sv5siulAQGw4gQAmCLWrkz1Cql7tpPXypzfoGRS6PL2cjIQ TDa+Q/htq1OV5PjKYo7a06jfMQbpoR+fLmXHi9dc4DOVNfSeExXSEc5Y1RLu7ZvH lLAmKdefLUZ7BuYAWgPxSYCHzWk9hEqK4A7Vj2rhpDQ7r9TpplQ3otkf0mZyul5X EIIdF1jGfEY= =GIrL -----END PGP SIGNATURE----- From AwakenToMe at aol.com Sat Jul 6 23:38:45 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Sun, 7 Jul 1996 14:38:45 +0800 Subject: Word lists for passphrases Message-ID: <960706235319_428841777@emout16.mail.aol.com> In a message dated 96-07-06 21:46:03 EDT, stend at grendel.austin.texas.net (Firebeard) writes: << It's also trivial enough to be done by 99% of the people on cypherpunks in their sleep. As for realy secure systems, they aren't on the net, they don't have dialups, and you access them from vaults. >> Yes. But let me ask you this. Have you done it yet?? I doubt it. And if ya needed it.. and someone had it...wouldnt you just say.. Uh.. OK.. Ill take it rather than spend my precious time on it. Exactly. Later. From jamesd at echeque.com Sun Jul 7 00:56:32 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 7 Jul 1996 15:56:32 +0800 Subject: Net and Terrorism. Message-ID: <199607070519.WAA14764@dns1.noc.best.net> At 09:03 PM 7/6/96 +0500, Arun Mehta wrote: > Once the Soviet menace faded, the same > fighters were branded terrorists. Mixed signals like this are responsible > for much of the animosity that one finds in the Islamic world (possibly even > in other parts of the world) against the US. Some of them *were* and are terrorists. Some of them are not. If Islamic freedom fighters refrained from murdering monks and sixteen year old girls then people would refrain from calling them terrorists. It is not the mixed signals, it is the mixed behavior. The islamic fundamentalists have a thoroughly well deserved reputation for malevolent evil, for rape and the deliberate individual personal murder of women and children as an instrument of terror. While the guys fighting the Israelis in Lebanon are more or less honorable men who fight according to the laws of war, the Islamic fundamentalists in Algeria are simply vicious subhuman monsters who deserve to die, each and every one, and their pals in Egypt and the Sudan are not much better. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From dlv at bwalk.dm.com Sun Jul 7 01:02:32 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 7 Jul 1996 16:02:32 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607062339.SAA02129@manifold.algebra.com> Message-ID: <52FoqD17w165w@bwalk.dm.com> ichudov at algebra.com (Igor Chudov @ home) writes: > What annoys me to NO END is the laws that require that children under > age of 13 (?) must always be under parental supervision. These laws > even say that leaving children unsupervised is child abuse. Igor, it was safe to leave childred alone in Russia because in Russia perverts and child molesters were jailed and/or castrated. Here in the U.S. perverts have 'civil rights'. Hence the children must be protected from them. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From cyberia at cam.org Sun Jul 7 01:33:52 1996 From: cyberia at cam.org (CyberEyes) Date: Sun, 7 Jul 1996 16:33:52 +0800 Subject: Word lists for passphrases In-Reply-To: <1cJNqD2w165w@bwalk.dm.com> Message-ID: On Sat, 6 Jul 1996, Dr.Dimitri Vulis KOTM wrote: > K3wl Hack, D00dz! Why don't you post it to coderpunks - it's probably way > too technical for cypherpunks. I wonder if the util comes with the source > code, and what language it's written in. It's 10K long (the exe file), so it's probably programmed in Pascal, not Assembler, which would probably be more efficient. Ryan A. Rowe - Montreal, Quebec /Seeking Internet-related job!/ aka CyberEyes, Rubik'S Cube I will relocate _ANYWHERE_. Tel. -> +1-514-626-0328 | __o o E-Mail -> cyberia at cam.org | _ \<_ <\ WWW -> http://www.cam.org/~cyberia | __/\o_ (_)/(_) /> IRC -> #CAli4NiA, #Triathlon, #Surfing | FTP -> ftp.cam.org /users/cyberia | swim bike run Read my C.V. at http://www.cam.org/~cyberia/resume-e.html "In lieu of experience, I have a willingness to learn." "Everyone has their day, mine is July 15th, 1998." From furballs at netcom.com Sun Jul 7 02:25:52 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Sun, 7 Jul 1996 17:25:52 +0800 Subject: CCC Crypto Lock In-Reply-To: <199607061734.NAA18987@unix.asb.com> Message-ID: On Sat, 6 Jul 1996, Deranged Mutant wrote: > On 6 Jul 96 at 4:10, anonymous-remailer at shell.port wrote: > > > MicroPatent, 4 July 96 > [..] > > Abstract: Disclosed systems and methods for protecting a > > software program from unauthorized use and copying > > through the removal at least one of a plurality of > > instructions comprising a software program, and > > encrypting the removed instruction utilizing an > > encryption algorithm to produce an encrypted instruction, > > the encryption algorithm responsive to a randomly > > generated key. > > Would certain computer viruses be considered prior art here? (Be it > that they encrypt for the purposes of hiding rather than copy > protection though.) > > > > Rob. > Possibly, when looked on in a narrow venue. Polymorphic viruses exhibit this as only one characteristic though. It would be a tough sell in my book. Unless the patent's author stipulates in his method that this issue is the basis for the claim and that his claim is unique because of this method - then it just one step of many from point A to B. As a hunch, I would suspect that Vault Corp. may have existing code that might qualify as prior art. Dave Lawrence and a few of his coding buddies spent several years staying one step ahead of software products like copyright, and it is concievable that some of this methodology may have been employed to do so. ...Paul From furballs at netcom.com Sun Jul 7 02:47:32 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Sun, 7 Jul 1996 17:47:32 +0800 Subject: CCC Crypto Lock In-Reply-To: Message-ID: On Sat, 6 Jul 1996, Rich Graves wrote: > On Sun, 7 Jul 1996, Tim Philp wrote: > > > The fact that this patent was issued indicates to me that the patent office > > does not understand computer technology. > > Gee. Next you'll be telling us that the US Congress isn't always sensitive > to libertarian issues. > > -rich > Don't rush to judge too quickly. Software patents (For the most part) are *not* really understood by the patent office. Why do you think Compton's slid one by on Multi-media ? Fortunately, there was so much fuss set up over that one, the office pulled it for review. All it takes is someone "skilled in the art" to backup your claim that method "A" is provably workable... ...Paul From mpd at netcom.com Sun Jul 7 03:40:37 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 7 Jul 1996 18:40:37 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607070742.AAA26296@netcom5.netcom.com> "Mark M." writes: > While the psychiatric profession has invented many bogus > diseases, that does not mean that the profession has no > credibility. Remember that psychology is little more than > philosophy. Abnormal behavior patterns don't necessarily > mean that a child has a disorder or disease. However, if > the child experiences physical symptoms, then a chemical > imbalance in the brain is not that farfetched. There are, of course, real mental illnesses with underlying pathology, like schizophrenia, bipolar disorder, and clinical depression. I'm not sure the existence of genuine mental illness makes the psychiatric profession credible, however, when they are all too willing to climb in bed with the latest political fad. Recall those "experts" during World War I who explained with prefect seriousness to the American public that the reason the Germans' heads fit so well into those pointy helmets was that their brains were missing the part that distinguished right from wrong. Adolescent Psychiatric Imprisonment and Insurance Fraud are a multi-million dollar well-organized business in the United States, and talk shows are filled with women who split into 1,000 different personalities, some of them alien visitors, after being traumatized by some sexual oddity. > First of all, a child is considered to have "school phobia" > when the child refuses to go to school and also has severe > anxiety attacks, vomiting, and nausea. Goodness gracious, you make these people sound almost reasonable. I remember last year one local TV station did a piece on "school phobia", and the wonderful drugs that could be used to treat it. The kid profiled simply didn't like school, and refused to attend it, and the list of symptoms given to help parents recognize the disorder were entirely attendance related. Of course, with enough Mellaril in your system, you can probably put up with just about anything. > Attention Deficit Disorder is hardly nonsense; it's a > disorder found to be partly hereditary and strongly linked > with clinical depression. ADD people are simply the upper 5-10% of the population with regard to behavioral traits which make learning more difficult. Of course such things can be hereditary and of course people who can't live up to expectations placed upon them sometimes get clinically depressed. The thing to remember here is that we are looking at things which show continuous normal variation in any population, like height and hatsize, and the people who are being labeled and treated here are hardly some huge number of standard deviations away from the norm. > There are real illnesses, and there are fake ones. Just > because the psychiatic profession does attribute certain > behavior to some non-existent illness doesn't mean there is > any reason to not believe in any psychological maladies. Which of course is not the issue here. No one has stated that legitimate mental illness does not exist, merely that the profession has a tendency to use creative imagination where a market or political pressure exists. > It's surprising to me that people consider the Unabomber > "insane" but yet do not believe that many very real mental > illnesses and disorders exist. Insanity is a legal term which by its very construction, is an almost impossible set of criteria to meet. It has nothing to do with any scientific definition of mental illness. You can be completely bonkers and carrying on meaningful conversations with wall ornaments, and the government will be more than happy to fry you in the electric chair. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From ses at tipper.oit.unc.edu Sun Jul 7 08:37:17 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Sun, 7 Jul 1996 23:37:17 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: On Sat, 6 Jul 1996, Timothy C. May wrote: > > When the mother (a single mother, as this is California) drops her son off > with my friend (also single, of course), she includes several "Ritalin" > capsules with instructions on how to dose her son with this > depressant/behavior modification drug. Er... Tim... Ritalin is an amphetamine. --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From ses at tipper.oit.unc.edu Sun Jul 7 08:46:11 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Sun, 7 Jul 1996 23:46:11 +0800 Subject: NYT/CyberTimes on CWD article In-Reply-To: Message-ID: Actually, no matter what scheme you use, you are always vulnerable to a quite practical brute force attack- simply treat the filter as an oracle, and feed it the result of a 'web-crawl'. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From sandfort at crl.com Sun Jul 7 10:09:59 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 8 Jul 1996 01:09:59 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 7 Jul 1996, Simon Spero wrote: > On Sat, 6 Jul 1996, Timothy C. May wrote: > > > > ...she includes several "Ritalin" > > capsules with instructions on how to dose her son with this > > depressant/behavior modification drug. > > Er... Tim... Ritalin is an amphetamine. Yes, normally, but doesn't it have a paradoxical reaction for hyperactive children (i.e., it acts as a depressant for them)? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dlv at bwalk.dm.com Sun Jul 7 11:09:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 8 Jul 1996 02:09:25 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: Simon Spero writes: > On Sat, 6 Jul 1996, Timothy C. May wrote: > > > > When the mother (a single mother, as this is California) drops her son off > > with my friend (also single, of course), she includes several "Ritalin" > > capsules with instructions on how to dose her son with this > > depressant/behavior modification drug. > > Er... Tim... Ritalin is an amphetamine. Yes, it's an _anti-depressant, supposedly turning up those pieces of the brain responsible for "tuning out" outside interference, and letting the hyperactive kid concentrate. But a true cypherpunk never lets any facts interfere with his political agenda. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mpd at netcom.com Sun Jul 7 11:10:28 1996 From: mpd at netcom.com (Mike Duvos) Date: Mon, 8 Jul 1996 02:10:28 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607071543.IAA26229@netcom22.netcom.com> Sandy writes: > Yes, normally, but doesn't it have a paradoxical reaction for > hyperactive children (i.e., it acts as a depressant for them)? So the medical profession tells us. It's a curious message. College students who take methamphetamine during exam week to increase their alertness and performance are criminals, and bomber pilots and kids who take this or a similar drug for the same reasons are not. "Just Say No to Drugs Big Brother Doesn't Give You" -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From owner-mblvd at telebase.com Sun Jul 7 11:13:13 1996 From: owner-mblvd at telebase.com (owner-mblvd at telebase.com) Date: Mon, 8 Jul 1996 02:13:13 +0800 Subject: Exciting News on Music Boulevard Message-ID: <199607071407.KAA01680@telebase.com> Dear Friends of Music Boulevard: We're excited to announce a major redesign of Music Boulevard, the Ultimate Online Music Store(tm). We invite you - as someone who has visited and/or opened an account with us - to check out our new look at WWW.MUSICBLVD.COM! Many of the changes and improvements we have made are in response to your feedback. The new Music Boulevard is faster, contains more content, and is easier to navigate. Our fantastic collection of music magazines and Billboard(r) charts are now available to everyone! We think you'll really enjoy shopping in our new environment. We are also pleased to introduce the Music Boulevard Frequent Buyers Club. Membership in the Frequent Buyers Club is free. Once you sign-up, you will be rewarded with a free CD of your choice for every 10 you purchase! As always, we continue to provide the best Customer Service of any site on the internet. We have recently added more customer service representatives who will be glad to assist you with your inquiries. We'd like to thank you for visiting Music Boulevard, and we'd be very interested in your feedback on our new interface. If you have any questions, feel free to contact us at 1.800.216.6000 or 610.293.4793. Our email address is service at musicblvd.com. Sincerely, The Music Boulevard Staff From tcmay at got.net Sun Jul 7 12:42:52 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 8 Jul 1996 03:42:52 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: At 1:14 PM 7/7/96, Simon Spero wrote: >On Sat, 6 Jul 1996, Timothy C. May wrote: >> >> When the mother (a single mother, as this is California) drops her son off >> with my friend (also single, of course), she includes several "Ritalin" >> capsules with instructions on how to dose her son with this >> depressant/behavior modification drug. > >Er... Tim... Ritalin is an amphetamine. Whatever. It acts as a calmant/tranquilizer/depressant on many. (As with many drugs, there are apparently paradoxical effects. Alcohol is a downer for some, and upper for others.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Jul 7 12:48:04 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 8 Jul 1996 03:48:04 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: At 3:06 PM 7/7/96, Dr.Dimitri Vulis KOTM wrote: >Simon Spero writes: >> Er... Tim... Ritalin is an amphetamine. > >Yes, it's an _anti-depressant, supposedly turning up those pieces of the brain >responsible for "tuning out" outside interference, and letting the hyperactive >kid concentrate. But a true cypherpunk never lets any facts interfere with his >political agenda. Vulis, time to put you back in my killfile. Gratuitous insults, especially those not based on important factual points, is your standard mode. (As Sandy S. also noted, Ritalin has "paradoxical" effects. (I saw Sandy's remark after sending off my reply to Simon.)) I've _seen_ the kid on Ritalin, and he's zombie. When it wears off, he's back to being alert and active. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rah at shipwright.com Sun Jul 7 13:08:32 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 8 Jul 1996 04:08:32 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: At 10:25 AM -0400 7/7/96, Sandy Sandfort wrote: > > Er... Tim... Ritalin is an amphetamine. > > Yes, normally, but doesn't it have a paradoxical reaction for > hyperactive children (i.e., it acts as a depressant for them)? Yes. And for some of *them*, it makes them monomaniacal SOBs. ;-). I get more work done with Ritalin, but I'm *much* nicer without it. I've decided to live with ADD rather than treat it, which is what most people (including "Dr. ADD", Richard(?) Hallowell) do. Jolt cola is also popular. :-). Like a lot of pop-psychopharmacology, "syndromes" frequently get defined by whether the right drug has the desired effect. If prozac works, you're depressed, if Ritalin does, you're an ADDer, and so on. By Tim's anecdotal evidence, the little hellion (hey, *I* was one...) must be ADD because Ritalin works. You can actually see ADD with a PET scan, but the proper way to get a diagnosis of ADD is to get tested for it, which, in the case of ADD, is an expensive man-day or two with with some clinical shrink in your face, and a bunch of frustrating (if you're ADD) tests of your attention and ability to focus in the presence of a lot of distractions. Oddly enough, *another* pop-psychologist from Harvard was on "20/20" this week talking about "emotional" intellegence, and one of the determinants was inability to understand delayed gratification. Like most kids with ADD, I must have been a drooling idiot, in that case. However, I practically agree with Tim on all of his screed. (A good one, I might add. He probably only reread it once for punctuation and spelling before he did a command-e to send it on its way. After wiping the foam from his mouth, that is. ;-)) It seems to me that the very *last* person to be allowed to diagnose ADD is some crypto-socialist, fucking-statist, control-freak, industrial-mode, human-warehouse-zookeeping "educator". The humorous irony of all this is, of course, that my wife is a senior education bureaucrat for the People's Republic of Massachusetts. An "equal time" marriage indeed. And *she* pays the health insurance, because I couldn't keep a *steady* job if my life depended on it. (A compensatory mechanism?) Well, maybe if my *life* depended on it. That *might* get my attention. BarelyObCrypto: ADD is more about lack of attention *control* than lack of attention itself. Hyperfocus is also a trait of ADHD, and computers tend to cause hyperfocus for a lot of ADDers. How many easily distracted knee-jiggling wunderkind hackers do *you* know? Care to guess how many ADDers there are on cypherpunks? Wiping foam from *my* mouth, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From WlkngOwl at unix.asb.com Sun Jul 7 13:13:34 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 8 Jul 1996 04:13:34 +0800 Subject: NYT/CyberTimes on CWD article Message-ID: <199607071744.NAA25788@unix.asb.com> On 6 Jul 96 at 16:56, eli+ at gs160.sp.cs.cmu.edu wrote: > >http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html > > "If we believe the encryption scheme has > > been compromised, we will make another > > one." [..] > They have to give you the list, and they have to give you software > that uses it, so there's no way to achieve complete secrecy. I think > the best they can do is to distribute a list of hashed URLs. What? After they paid for the rights to use "Infinite Vigniere Key" Technology.... I'm surprised that they went so far as to try to encrypt the naughty URLs list (but some kids would get off on just reading the list alone anyway). Hashing could be problematic... how to differentiate between a site and it's users. www.pornopix.com is obvious, but the directory tree of www.localisp.com/~perv/mypix/ is harder to filter out with hashing if subdirectories or specific images are called up, unless the software has a way to differentiate between sites and specific users or directories on those sites. (I wonder if the software can tell that ~perv/ and /users/home/perv/ or /home/perv/ can be the same directory on some systems? That would be an interesting flaw. Has anyone hacked with the software?) Another problematic with Net-Nurse type software: a database of naughty sites and naughty users... a real goldmine for prosecutors. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sun Jul 7 13:17:35 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 8 Jul 1996 04:17:35 +0800 Subject: Oh no! No ratings again... (Re: Need PGP-awareness in common uti Message-ID: <199607071744.NAA25792@unix.asb.com> On 6 Jul 96 at 23:16, bryce at digicash.com wrote: > If you have a moderation bot for a Usenet group (and could it be > pressed into service as a mailing list handler I wonder?), this > would be a nice tool to start with in order to implement > full-fledged content/author ratings. [..] Bad idea unless the list is rating authors who are not on the list. It would be equivalent to setting up a reputation web. Or is this a stab at humor? Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sun Jul 7 13:31:54 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 8 Jul 1996 04:31:54 +0800 Subject: Need PGP-awareness in common utilities Message-ID: <199607071744.NAA25785@unix.asb.com> On 6 Jul 96 at 23:56, bryce at digicash.com wrote: [..] > Hm. That might be an interesting addition to my plan, but the > first step is to generate ratings and to consume them at each > individual's mail-handling site. So I, for example, would run a > script every time I received mail (or every hour, or every day, > etc) which looked for ratings certificates, PGP-verified them, > and saved the rating in a database. Then I would run another > script (every time I received mail, or every hour, etc.) which > identified incoming messages and _did_ something to them if > there were sufficient ratings in the database to merit _doing_ > something to them (e.g. delete, promote to a "well-rated" > folder, demote to a "poorly-rated" folder, forward to my > friends, forward to my enemies, etc.). Some lists require plenty of time to read each day (let alone if I go on a vacation for a few days and want to catch up). Managing a rating system would double the work if I were to do it by hand-rating the raters, etc. It's easier to put certain people or subject threads in a twit-list folder and delete the rest by hand rather than put twice that effort into a rating system... chances are most people who quickly tire of maintaining it, let the rating system run on autopilot and then disable it when they realize they missed something really important or interesting. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jya at pipeline.com Sun Jul 7 14:13:36 1996 From: jya at pipeline.com (John Young) Date: Mon, 8 Jul 1996 05:13:36 +0800 Subject: Wiretapping Rises EYE_son Message-ID: <199607071830.SAA23675@pipe4.ny3.usa.pipeline.com> The Wash Post today has page one lead story on the sharp rise in wiretapping by the Clinton administration. Former restraints due to high cost have been overcome with more money and more efficeint technology, eagerly supported by a bipartisan Congress and grateful LEA and DoJ cartelest conspiracists. And, there is a lengthy Op-Ed on the "growing stealth slice of the shrinking defense pie." Lots and lots of secrets, can't get enough of them, can't tell the public what they are, about real and imaginary terrorists and anti-terrorists -- and bypass the private citizens that threaten budgets and jobs and inner sanctum privileges. See at: http://www.washingtonpost.com No Web access? Or hate snooping newspapers, and spies traffic-analyzing? Send us via Ross Anderson's true anonymizer end-to-end encrypted spize-only top secret E-mail with the subject: EYE_son From minow at apple.com Sun Jul 7 14:14:53 1996 From: minow at apple.com (Martin Minow) Date: Mon, 8 Jul 1996 05:14:53 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: Simon Spero comments on Tim May's Ritalin rant: >On Sat, 6 Jul 1996, Timothy C. May wrote: >> >> When the mother (a single mother, as this is California) drops her son off >> with my friend (also single, of course), she includes several "Ritalin" >> capsules with instructions on how to dose her son with this >> depressant/behavior modification drug. > >Er... Tim... Ritalin is an amphetamine. > Yup, and it was the illegal drug of choice in Sweden in the 1960's, making its use as a convenient way to quiet down rambuncious kids a bit strange -- but the "medical professionals" have an explanation. Interestingly, it is illegal to hit kids in Sweden -- the courts call it assault, just as if you hit an adult. When I lived there (in the '60 and '70s), I took an informal survey and found only one person who had ever been spanked as a child -- and only once, for breaking her brother's violin. A good friend would infrequently give her infant a pat on the bottom (when he tried climbing on the stove), but was always careful to aim for the well-padded diaper. You may wish to consider whether Sweden's low murder rate is related to the lack of parent-child violence. Martin Minow minow at apple.com From blackavr at aa.net Sun Jul 7 14:19:07 1996 From: blackavr at aa.net (Michael Myers) Date: Mon, 8 Jul 1996 05:19:07 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <2.2.32.19960707181403.0068e0c4@aa.net> At 07:25 AM 7/7/96 -0700, Sandy Sandfort wrote: >Yes, normally, but doesn't it have a paradoxical reaction for >hyperactive children (i.e., it acts as a depressant for them)? As one of those "ADD" kids back in the '70's, the dextroamphetamine I was given actually did seem to calm me down. Of course, coffee also put me to sleep then. Happily, that situation has reversed itself as I've grown older. *grin* -- /^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\ Michael Myers Vote Libertarian....you'll sleep better! Don't like abortion? Don't have one. Don't like guns? Don't buy one. blackavr at aa.net E-mail for PGPv2.6.2 public key \____________ http://www.aa.net/~blackavr/homepage.htm ________________/ From jamesd at echeque.com Sun Jul 7 14:30:49 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 8 Jul 1996 05:30:49 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <199607071816.LAA19127@dns1.noc.best.net> > > Er... Tim... Ritalin is an amphetamine. At 07:25 AM 7/7/96 -0700, Sandy Sandfort wrote: > Yes, normally, but doesn't it have a paradoxical reaction for > hyperactive children (i.e., it acts as a depressant for them)? Not really: Ordinary college students who use it to facilitate cramming report that it has the same effect on them as on hyperactive children. A well known symptom of amphetamine abuse is that the abusers will cheerfully persist in pointless and boring activities for hours on end, such as folding paper bags or stirring long overcooked spaghetti. Furthermore, people generally have to be forced by the threat of violence to take depressant drugs, especially neuroleptics, whereas everyone cheerfully takes their Ritalin. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From AwakenToMe at aol.com Sun Jul 7 14:31:42 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 8 Jul 1996 05:31:42 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960707143334_429064903@emout08.mail.aol.com> Did I miss something?? I fisrt came here and asked something about protected mode and was yelled at for asking it in this newsgroup. Now we're onto mind control drugs? uhhhhhh ok. From markm at voicenet.com Sun Jul 7 15:22:31 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 8 Jul 1996 06:22:31 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607070742.AAA26296@netcom5.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This will be my last comment on this thread. On Sun, 7 Jul 1996, Mike Duvos wrote: > Goodness gracious, you make these people sound almost reasonable. > I remember last year one local TV station did a piece on "school > phobia", and the wonderful drugs that could be used to treat it. > The kid profiled simply didn't like school, and refused to attend > it, and the list of symptoms given to help parents recognize the > disorder were entirely attendance related. Then the list of symptoms given was incorrect. The list I got was from _Living with Fear_ by Isaac M. Marks, M.D. > ADD people are simply the upper 5-10% of the population with > regard to behavioral traits which make learning more difficult. > Of course such things can be hereditary and of course people who > can't live up to expectations placed upon them sometimes get > clinically depressed. > > The thing to remember here is that we are looking at things which > show continuous normal variation in any population, like height > and hatsize, and the people who are being labeled and treated > here are hardly some huge number of standard deviations away from > the norm. That still doesn't mean it isn't a disorder. People with ADD _want_ to get better and be able to concentrate more. Drugs such as ritalin help them do just this. Dyslexia is also something that is a normal variation. Somehow, since it isn't psychologically related, no one would object if a drug was discovered that could cure it and was administered to children with dyslexia. Many people with ADD do not want to act the way they do, so it doesn't make sense to not treat it as a disorder. > > > There are real illnesses, and there are fake ones. Just > > because the psychiatic profession does attribute certain > > behavior to some non-existent illness doesn't mean there is > > any reason to not believe in any psychological maladies. > > Which of course is not the issue here. No one has stated that > legitimate mental illness does not exist, merely that the > profession has a tendency to use creative imagination where a > market or political pressure exists. Who decides which mental illnesses or disorder are legitimate? I think both school phobia and ADD are disorders that can be treated if the person with the disorder is willing to be treated. You are, of course, free to believe that these disorders are illegitimate, but the millions of people afflicted with these would tend to disagree. > > > It's surprising to me that people consider the Unabomber > > "insane" but yet do not believe that many very real mental > > illnesses and disorders exist. > > Insanity is a legal term which by its very construction, is an > almost impossible set of criteria to meet. It has nothing to do > with any scientific definition of mental illness. You can be > completely bonkers and carrying on meaningful conversations with > wall ornaments, and the government will be more than happy to fry > you in the electric chair. People who use the term to describe people who are abnormal don't know that. The word "sane" comes from the same root as "sanitary" which means clean or disease-free. Hence, insane means ill. It is true that the legal term "insane" is different from the scientific term "mentally ill", most people use insane as a diminutive term for someone they believe to be abnormal. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeAExbZc+sv5siulAQHVeAQAhrXpJLpvvjGJC1eU7zckqHROBsPEmc2Y d5f1URfKOp4bxiL48vrGqiCzX3GSEgZ8XabvPPDa4NK14mvyF6D2ReILAtfGpDOw CG71cMZVOq8PXjJlTBN8Z4TQ0m4D+duA//eCqhJUiLgGOdznPcNY4ZOl9FWxf2gh 78d6Bbv4fjg= =cpBT -----END PGP SIGNATURE----- From markm at voicenet.com Sun Jul 7 15:38:46 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 8 Jul 1996 06:38:46 +0800 Subject: SAFE Forum--some comments In-Reply-To: <199607031912.MAA08980@netcom8.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 3 Jul 1996, Bill Frantz wrote: > I hear this as the server sends out a key which the client uses to encrypt > the username/password. This algorithm makes less sense than the one I > thought I heard at the SAFE forum on Monday which was: True. That algorithm is completely useless. > > (1) The server sends out a challenge/salt (different each time) > (2) The client uses a secure hash to compute hash(salt||password) and > returns the username and the hash. > (3) The server computes hash(salt||password) and compares the hashes. > > Given that there is still some interest in algorithms and protocols on this > list, can you describe what is really happening? That one makes more sense. If the salt is completely random, then an attacker will not be able to use a replay attack. Since the password is hashed, there is no way to find it out given the output. This does require the server to maintain a list of cleartext passwords, but that's not any worse then Kerberos which requires a KDC store everyone's DES key. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeAGBrZc+sv5siulAQEzGwQAp6rB1eJ5DIzn9Zs5LlEDFu3K7XFRcl7S /9MQ5ykCmvgnOqgN1Pud/KYLsZuY2x+G5W68EF0kTVfwarS2ZCT2wYVhH5cMaEQs 2YfxtoK9opB73GiMP3OJUTZlNPnwCCe/y/iHJN7HqAv/YLi+gdIc9rGXtfegE/eY sASbbC7C1oY= =NJSu -----END PGP SIGNATURE----- From tcmay at got.net Sun Jul 7 16:00:42 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 8 Jul 1996 07:00:42 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: At 5:02 PM 7/7/96, Robert Hettinga wrote: >Like a lot of pop-psychopharmacology, "syndromes" frequently get defined by >whether the right drug has the desired effect. If prozac works, you're >depressed, if Ritalin does, you're an ADDer, and so on. By Tim's anecdotal >evidence, the little hellion (hey, *I* was one...) must be ADD because >Ritalin works. Probably so, and I think I recall my friend mentioning that this was the kid needed the dose. Whether it's an upper or a downer or whatever is immaterial: it acts as a downer for this kid. A zombie drug, at least on this kid. (And I gather that this is the main effect on the many California schoolchildren who are getting their school-administered doses of mind control drugs.) >You can actually see ADD with a PET scan, but the proper way to get a >diagnosis of ADD is to get tested for it, which, in the case of ADD, is an >expensive man-day or two with with some clinical shrink in your face, and a >bunch of frustrating (if you're ADD) tests of your attention and ability to >focus in the presence of a lot of distractions. Oddly enough, *another* >pop-psychologist from Harvard was on "20/20" this week talking about >"emotional" intellegence, and one of the determinants was inability to >understand delayed gratification. Like most kids with ADD, I must have been >a drooling idiot, in that case. >From what I've read--and I'm no expert, having long had essentially the _opposite_ of "attention deficit disorder," assuming it really even exists!--most children getting Ritalin are just being sedated. Behavior control in its purest form. While the kids stop their wandering attention and constant physical motions, it's because they're in a mental fog, just one step away from drooling. (The 8-year-old friend of my friend's son is so zoned out he can't play video games well at all...until the drugs wear off.) >However, I practically agree with Tim on all of his screed. (A good one, I >might add. He probably only reread it once for punctuation and spelling >before he did a command-e to send it on its way. After wiping the foam >from his mouth, that is. ;-)) It seems to me that the very *last* person to Au contraire, I almost _never_ rework my posts. They are sent out as I write them, just as conversation is not reworked and edited. For an informal list, the conversational mode works best for me. (I get a kick out of John Young's obscure stuff, but if he _talks_ this way, whoah!) >BarelyObCrypto: ADD is more about lack of attention *control* than lack of >attention itself. Hyperfocus is also a trait of ADHD, and computers tend to >cause hyperfocus for a lot of ADDers. How many easily distracted knee-jiggling >wunderkind hackers do *you* know? Care to guess how many ADDers there are >on cypherpunks? BTW, I saw a comment that Bill Gates is almost certainly an ADD person...or maybe the comment was that he is borderline autistic? (I think it was the latter, based on his focus on things, his physical mannerisms, etc. Perhaps growing up in rainy Seattle made him a kind of "rain man.") --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From raph at cs.berkeley.edu Sun Jul 7 16:03:15 1996 From: raph at cs.berkeley.edu (Raph Levien) Date: Mon, 8 Jul 1996 07:03:15 +0800 Subject: NYT/CyberTimes on CWD article In-Reply-To: Message-ID: <31E03A02.15F4A87C@cs.berkeley.edu> Declan McCullagh wrote: > > "We are writers, not crytographers." > > -Declan Well done. Very well done. I'm not sure why Brock is constructing this hard-drinking bad-boy persona (perhaps he's trying to become the Trent Reznor of crypto journalism), but the piece was great. This work sends a very clear message (which is obvious to cypherpunks, but not to the pro-censorship side): that in practice, what exactly gets censored has a lot more to do with politics, and a lot less to do with the original good intentions of the pro-censorship forces, than appears on the surface. There's no reason to believe that government-sponsored censorship would be any more carefully done than the privately available software packages of today. In fact, there is ample evidence to believe the contrary; these programs are subject to the discipline of the marketplace. Sorry for the mini-rant. Keep up the good work. Raph From drosoff at arc.unm.edu Sun Jul 7 16:09:40 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Mon, 8 Jul 1996 07:09:40 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <1.5.4.16.19960707191849.330f2470@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 07.25 AM 7/7/96 -0700, Sandy Sandfort wrote: >On Sun, 7 Jul 1996, Simon Spero wrote: >> Er... Tim... Ritalin is an amphetamine. > >Yes, normally, but doesn't it have a paradoxical reaction for >hyperactive children (i.e., it acts as a depressant for them)? Yes. I once had a friend who took it, and it calmed him down, but after I had known him for a few years, it began to have the opposite effect; and "they" decided he didn't need it anymore. =============================================================================== David Rosoff (nihongo ga sukoshi dekiru) ---------------> drosoff at arc.unm.edu PGP public key 0xD37692F9 -----> finger drosoff at acoma.arc.unm.edu or keyservers 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. -------------- If it's not PGP-signed, I didn't write it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMeAJxhguzHDTdpL5AQGuPAP/T8aBKGwnNSEjv0VW/Kn8+lYgkRPxEB39 1zKPxuAzwfF+dnPpTKp5R5kdGHtv/KvRGhKRQt0V+ocUdAFHVIhI2AghxunUIPjv 9hLbzJx635LwUuHQBAONdV4tzTC6D5MqH+V5WqOWgPWe1Oqa8bHrSiDVdBX31M4P N7T2cii/s3E= =ebXI -----END PGP SIGNATURE----- From alano at teleport.com Sun Jul 7 16:18:56 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 8 Jul 1996 07:18:56 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <2.2.32.19960707194409.00f12000@mail.teleport.com> At 06:10 PM 7/7/96 -0700, Timothy C. May wrote: >(As Sandy S. also noted, Ritalin has "paradoxical" effects. (I saw Sandy's >remark after sending off my reply to Simon.)) > >I've _seen_ the kid on Ritalin, and he's zombie. When it wears off, he's >back to being alert and active. Stimulants tend to have an odd effect on children. Instead of making them more active, they tend to do just the opposite. (My daughter used to have that problem with caffiene. Used to put her to sleep.) This makes the situation even more scary, considering how little is known about the brain chemistry of growing children. I am expecting the long term effects of these drugs will be "interesting". (And not in a good way.) I know a woman who was tranq'ed as a kid. She is nice and sweet, cannot dream at all, and is a total and unrepentant sociopath. Your results may vary. --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From tcmay at got.net Sun Jul 7 16:37:43 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 8 Jul 1996 07:37:43 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: At 6:33 PM 7/7/96, AwakenToMe at aol.com wrote: >Did I miss something?? I fisrt came here and asked something about protected >mode and was yelled at for asking it in this newsgroup. Now we're onto mind >control drugs? >uhhhhhh ok. I did not yell at you. Bear in mind that there are many subscribers, with many views of what is interesting and what is important to talk about. There are only so many times that a particular thread can be talked about meaningfully, and some of the more crypto-related threads (which no one is stopping anyone from starting!) have covered the same ground through dozens of cycles. Thus, while "Where can I get SFS to encrypt my hard drive?," as an example, may _seem_ to be list-relevant than discussions of Ritalin and the use of it in public schools for behavior modification, I think the former thread is "tired," and generates little response, where the latter thread has obviously generated a lot of responses. This speaks for itself, as I see it. But, then, I view the list as partly a social community of reasonably like-minded folks, with a shared interest in several obvious things, and not just a place to discuss C++ code or where to find SFS and PGP. Personally, I'm just as glad the list is not a clone of Libernet or Commienet, but most political threads die out quickly enough. The "Ritalin" thread will die out eventually, In the meantime, it appears to interest quite a few people, and some readers may not have previously known that the public schools are sending out the message of "Just say "No!" to drugs!" while simultaneously using mind-control drugs to dose kids into submission. Sort of like the Feds calling for strict controls on privacy technology while freely passing around confidential FBI dossiers of their political enemies. The foxes guarding the henhouses. All of these examples are useful for our agenda. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sun Jul 7 16:40:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 8 Jul 1996 07:40:07 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > At 3:06 PM 7/7/96, Dr.Dimitri Vulis KOTM wrote: > >Simon Spero writes: > > >> Er... Tim... Ritalin is an amphetamine. > > > >Yes, it's an _anti-depressant, supposedly turning up those pieces of the bra > >responsible for "tuning out" outside interference, and letting the hyperacti > >kid concentrate. But a true cypherpunk never lets any facts interfere with > >political agenda. > > Vulis, time to put you back in my killfile. Gratuitous insults, especially > those not based on important factual points, is your standard mode. I don't believe you. > (As Sandy S. also noted, Ritalin has "paradoxical" effects. (I saw Sandy's > remark after sending off my reply to Simon.)) > > I've _seen_ the kid on Ritalin, and he's zombie. When it wears off, he's > back to being alert and active. This has no cryptographic relevance, but... What about _other kids? You have 1 kid unlucky enough to be born hyperactive (genetic predisposition + idiot parents) and 40 kids unlucky enough to be stuck in class with one jerk who won't let them learn. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jya at pipeline.com Sun Jul 7 17:38:38 1996 From: jya at pipeline.com (John Young) Date: Mon, 8 Jul 1996 08:38:38 +0800 Subject: DEA Intercepts Message-ID: <199607072119.VAA10773@pipe1.t2.usa.pipeline.com> Would anyone know more about the DEA "process the intercepts by computer" in the excerpt below from today's Wash Post? Any connection to Peter Neuman's remarks at the CRISIS press conference about LEA training and technology as alternatives to breaking strong crypto? This new funding has been a factor in making possible increased use of electronic surveillance. Federal wiretaps cost more than $70,000 a month to operate and generate hundreds of hours of labor for monitors, transcribers, surveillance teams and investigators. Larger budgets mean cost is less of an obstacle. Building for the future, the DEA is carrying out a $33 million program to replace single-line wiretapping gear with new equipment that can monitor 40 lines simultaneously and process the intercepts by computer. The FBI is plowing millions into developing new intercept techniques for digital lines and expanding its cadre of agents who use the bureau's high tech surveillance gear. "I don't think J. Edgar Hoover would contemplate what we can do today in terms of technology," Reno testified during a Senate hearing in May. The total number of federal wiretaps is just one measure of the rise in federal surveillance. The build-up also is evident in the increased use of electronic devices that record the numbers dialed by a target telephone, and the origin of calls to it. These devices allow agents to identify a person's associates. Beginning in 1993, Justice agencies began using the court-authorized monitors more often and leaving them installed for longer periods of time, according to a Justice Department report. From tcmay at got.net Sun Jul 7 17:43:27 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 8 Jul 1996 08:43:27 +0800 Subject: Style gettting in the way of clear reporting Message-ID: At 10:28 PM 7/7/96, Raph Levien wrote: >Declan McCullagh wrote: >> >> "We are writers, not crytographers." >> >> -Declan > > Well done. Very well done. I'm not sure why Brock is constructing >this hard-drinking bad-boy persona (perhaps he's trying to become the >Trent Reznor of crypto journalism), but the piece was great. I found it unreadable. No doubt some fine reporting, but the "faux Chandler" touches made it unreadable for me. "The last gin joint in cyberspace, and I had to to be the one to break it the babe, a thirty-two bit floozy with gams as long as, well, let's just say they made me forget about the Feds waiting to send me up the river for the long one..." With no _personal_ criticism of either Brock or Declan, I find that most modern cyberspace journalism--much more so than the mainstream press--is this kind of "performance piece" stuff, where pastiches of Chandler, Hunter S. Thompson, Jack Kerouac, and all the like are lathered all over the articles. The clearest and most extreme examples of this trend are the columns by Spencer S. Katt, Robert X. Cringely, and the other rumor-mongers of the trade weeklies, where a few morsels of actual reporting are buried in vast amounts of phony stuff. Such as endless crap about "Pammy," a dingbat--and utterly fictional--Valley Girl who one of these columnists uses to pads his columns with. This New Journalism kind of stuff is also rampant in "Wired." I suppose some people like it. I call them easily impressed. Or as Raymond S. might put it, "She was the kind of dame impressed by a paint by numbers Mona Lisa." Sadly, simple expository prose must be considered to be too boring, too banal. (Actually, were only a few writers doing this, it might be mildy tolerable. Speaking for myself, that is. But so _many_ "cyberspace journalists" are doing bad pastiches of famous stylists that the reportage is being lost in the noise. "A screaming comes across the screen." Wake up, Brock and Declan! And all the other too clever by half New Journalists. I'd like to read some of your stuff, not hit the delete key as soon as see the style-laden ersatz Chandler larding up the article. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sun Jul 7 17:50:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 8 Jul 1996 08:50:22 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607071816.LAA19127@dns1.noc.best.net> Message-ID: "James A. Donald" writes: > > > > Er... Tim... Ritalin is an amphetamine. > > At 07:25 AM 7/7/96 -0700, Sandy Sandfort wrote: > > Yes, normally, but doesn't it have a paradoxical reaction for > > hyperactive children (i.e., it acts as a depressant for them)? > > Not really: Ordinary college students who use it to facilitate > cramming report that it has the same effect on them as on hyperactive > children. > > A well known symptom of amphetamine abuse is that the abusers will > cheerfully persist in pointless and boring activities for hours > on end, such as folding paper bags or stirring long overcooked > spaghetti. Please don't shit on speed. One of the brightest people I know is 70+ years old. He's been eating several grams of speed a day since WW2. He's brilliant and doesn't look a day over 40. Disclaimer: I don't take speed - I don't need any drugs to be the way I am. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From merriman at amaonline.com Sun Jul 7 18:00:53 1996 From: merriman at amaonline.com (David K. Merriman) Date: Mon, 8 Jul 1996 09:00:53 +0800 Subject: EYE_son Message-ID: <2.2.32.19960707074506.0069c9c0@mail1.amaonline.com> From adam at homeport.org Sun Jul 7 18:45:58 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 8 Jul 1996 09:45:58 +0800 Subject: Restrictions on crypto overseas In-Reply-To: <199607050215.TAA22048@atropos.c2.org> Message-ID: <199607072344.SAA00327@homeport.org> http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm is Bert-Jaap Koops Crypto Law Survey. Seems pretty good, but I haven't tried to verify any of it. | > Greetings. | > | > I am looking for a concise description of the restrictions overseas on the | > use of cryptography, and how those restrictions affect the operation of a | > cryptographically-enabled web server. | > | > I have been told that users of programs like PGP in france are required by | > law to register their secret keys with the state security apparatus. Does | > this mean that users of secure web servers need to register their secret | > keys as well? Is anybody doing this? Is the law enforced? | > | > What about other nations that have recently passed restrictions on the use | > of crypto? Other than Russia, which are they? Is there a list anywhere? -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at got.net Sun Jul 7 19:07:15 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 8 Jul 1996 10:07:15 +0800 Subject: DEA Intercepts Message-ID: At 9:19 PM 7/7/96, John Young wrote: >Would anyone know more about the DEA "process the intercepts by computer" >in the excerpt below from today's Wash Post? Any connection to Peter >Neuman's remarks at the CRISIS press conference about LEA training and >technology as alternatives to breaking strong crypto? > and process the intercepts by computer. The FBI is plowing > millions into developing new intercept techniques for > digital lines and expanding its cadre of agents who use the > bureau's high tech surveillance gear. I have no way of knowing (and I doubt anybody knows and can also speak publically about it), but my informed speculation would be that the FBI is continuing its cooperation with the NSA (as noted by Ken Bass at last week's SAFE forum) and is using COMINT processing gear and programs developed at the Agency. It has been widely reported, from Bamford on, that much of the Agency's computer power is devoted to keyword analysis from audio intercepts. While computer translation programs may not have progressed much beyond "The vodka is strong, but the meat is rotten" stage, it is quite reasonable to assume that computers can mark for later analysis vast amounts of audio surveillance material, based on words said, voiceprints of known targets, etc. The trend of the next few decades is likely to be the turning of the government's Big Ears and Big Eyes on its _real enemies_, namely, the people. > "I don't think J. Edgar Hoover would contemplate what we > can do today in terms of technology," Reno testified during > a Senate hearing in May. Actually, I think Hoover could well imagine the capabilities. Minaret and such programs were in place while he was alive, and his use of confidential dossiers as an instrument of power predated the current use by the Clintons by several decades. > The total number of federal wiretaps is just one measure of > the rise in federal surveillance. The build-up also is > evident in the increased use of electronic devices that > record the numbers dialed by a target telephone, and the > origin of calls to it. > > These devices allow agents to identify a person's > associates. Beginning in 1993, Justice agencies began using > the court-authorized monitors more often and leaving them > installed for longer periods of time, according to a > Justice Department report. Needless to say, key escrow is quite useful in compiling contact lists. A virtual pen register, as it were. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From AwakenToMe at aol.com Sun Jul 7 19:32:00 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 8 Jul 1996 10:32:00 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960707193940_232651692@emout12.mail.aol.com> Tim, You have a very good point about what goes on in this thread. I wasnt speaking about you yelling at me.. some of the members decided to write me 'personal' memos..one idiot being 'AOL SUCKS KILL ALL AOL SUCKS' or some stupid idiotic undereducated statement like that. Thanks for the response though..it was appreciated. :) Adam From jamesd at echeque.com Sun Jul 7 20:53:11 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 8 Jul 1996 11:53:11 +0800 Subject: Style gettting in the way of clear reporting Message-ID: <199607080050.RAA05944@dns2.noc.best.net> Believe it or not, this has some very slight cypherpunk relevance. (Gasp) At 10:06 PM 7/7/96 -0700, Timothy C. May wrote: > Sadly, simple expository prose must be considered to be too boring, too banal. > > (Actually, were only a few writers doing this, it might be mildy tolerable. > Speaking for myself, that is. But so _many_ "cyberspace journalists" are > doing bad pastiches of famous stylists that the reportage is being lost in > the noise. When news media were concentrated into fewer and fewer hands during the twentieth century, the appearance of neutrality, objectivity, and authoritativeness became a major selling point, and so media adopted a tone and manner of neutrality, with an accompanying "just-the-facts" style, though in reality they became far less neutral Now that everyone can grab the megaphone, people are not so worried about objectivity. If something is unfair to Nazis or blacks or evil polluting capitalists, they know they will hear about it from the Nazis, the blacks or the evil polluting capitalists. As a result, people no longer value the superficial appearance of neutrality and objectivity. Suddenly colorful and openly biased reporting has become popular. This has led to some people engaging in florid excesses of colorful style and concocting totally phony attitudes., just as when word processing programs first gained the capability to handle a wide variety of fonts, some people produced memos that looked like ransom notes. Soon enough they will settle down. English prose was at its greatest in the eighteenth and nineteenth centuries, when many voices could be heard, and some of them were on the florid side. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From tcmay at got.net Sun Jul 7 21:32:50 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 8 Jul 1996 12:32:50 +0800 Subject: Style gettting in the way of clear reporting Message-ID: At 12:40 AM 7/8/96, James A. Donald wrote: >When news media were concentrated into fewer and fewer hands during >the twentieth century, the appearance of neutrality, objectivity, >and authoritativeness became a major selling point, and so media >adopted a tone and manner of neutrality, with an accompanying >"just-the-facts" style, though in reality they became far less neutral An interesting point. You are probably right that journalism is becoming more florid as "amateurs" flood the market. However, I don't quite buy the concentration argument, as things were pretty concentrated in the Hearst era, and the explosion of magazines in the past few decades has not been as concentrated. (In any case, these are hard things to quantify without more research, which I for one am unlikely to pursue.) >Now that everyone can grab the megaphone, people are not so worried >about objectivity. If something is unfair to Nazis or blacks or evil >polluting capitalists, they know they will hear about it from the >Nazis, the blacks or the evil polluting capitalists. > >As a result, people no longer value the superficial appearance of >neutrality and objectivity. Suddenly colorful and openly biased >reporting has become popular. I still think of "The Wall Street Journal" and "The Economist," two of my favorites, as being _careful_ in their reporting (careful is different from unbiased). But my main focus in this thread was on the _styles_, and this I think is more explained by faddishness. And advertising. To get "mind space," as with "shelf space," the packaging must entice, fool, and trick the reader. >This has led to some people engaging in florid excesses of colorful >style and concocting totally phony attitudes., just as when word >processing programs first gained the capability to handle a wide >variety of fonts, some people produced memos that looked like >ransom notes. Yes, and many of the newsletters we're seeing--as many are cc:ed or forwarded to our list--are the kissing cousins of "zines." Same faux style, same emphasis on "flash" over substance. (Not all of them of course.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From root at edmweb.com Sun Jul 7 22:12:16 1996 From: root at edmweb.com (Steve Reid) Date: Mon, 8 Jul 1996 13:12:16 +0800 Subject: more about the usefulness of PGP Message-ID: > make sure that you are protected from replay attacks. > a good idea would be to make the server to send cookies by request of > the remote user (you can limit the number of people to whom the server > sends cookies) and make sure that messages without the latest cookie > will NOT be executed. A simpler solution would be for the user to number each message. He would send message #1, then message #2, then #3, etc... Skipping some numbers should not be a problem. The server would just have to keep track of the most recently recieved message number, and only accept messages with a larger number. The user would also have to keep track... It would be very easy to do; the user could number each message based on date and time. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From bdavis at thepoint.net Sun Jul 7 22:23:18 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 8 Jul 1996 13:23:18 +0800 Subject: NYT/CyberTimes on CWD article In-Reply-To: <199607071744.NAA25788@unix.asb.com> Message-ID: On Sun, 7 Jul 1996, Deranged Mutant wrote: > > Another problematic with Net-Nurse type software: a database of > naughty sites and naughty users... a real goldmine for prosecutors. My soon-to-be-former colleagues hardly need such software to find naughty sites. Anyway, that takes all the fun out of it! Brian > > > Rob. > --- > No-frills sig. > Befriend my mail filter by sending a message with the subject "send help" > Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) > AB1F4831 1993/05/10 Deranged Mutant > Send a message with the subject "send pgp-key" for a copy of my key. > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!! From fletch at ain.bls.com Mon Jul 8 00:04:39 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Mon, 8 Jul 1996 15:04:39 +0800 Subject: Style gettting in the way of clear reporting [borderline NOISE] In-Reply-To: Message-ID: <9607080328.AA10834@outland.ain_dev> > I still think of "The Wall Street Journal" and "The Economist," two of my > favorites, as being _careful_ in their reporting (careful is different from > unbiased). But my main focus in this thread was on the _styles_, and this I > think is more explained by faddishness. > > And advertising. To get "mind space," as with "shelf space," the packaging > must entice, fool, and trick the reader. This might can be tied back in with Tim's other RANT about prozac/ritalin/Haagen Daas/[insert your favorite mood altering substance here] and ADD. Today's kids supposedly can't concentrate on anything for more than the duration of a music video or the first "act" of Baywatch. But it's all just simpler to dope them up and let 'em watch Pamela Sue jiggle than try to raise them properly. > Yes, and many of the newsletters we're seeing--as many are cc:ed or > forwarded to our list--are the kissing cousins of "zines." Same faux style, > same emphasis on "flash" over substance. (Not all of them of course.) But media in general is becomming a meme-eat-meme world. If you don't entertain enough to hook the reader they won't bother with you (and your meme never propagates). Who cares if CSPAN is broadcasting hearings on changes to some law that could fundamentally change American society as we know it, there's an infomercial on for that amazing new flameproof car wax that cures baldness and predicts the future more accurately than Dionne Warwick. The Sci-Fi Channel needs to update their "Max Headroom" episodes from "20 minutes into the future..." to only about ten (if that). Now where'd I leave my Zik Zak . . . :) --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From vince at offshore.com.ai Mon Jul 8 00:07:08 1996 From: vince at offshore.com.ai (Vincent Cate) Date: Mon, 8 Jul 1996 15:07:08 +0800 Subject: Hurricane Bertha hitting Offshore Information Services Message-ID: Hurricane Bertha is almost certainly going to hit Anguilla, where Offshore Information Services is located. It will probably be at the strongest about 9 am Eastern time Monday morning. This is still not a really big hurricane, so we will not get anything like the trouble we had with Luis last year. Still, there is some chance that we will be offline at some time. If so please understand why. I have about 8 hours of battery backup. If power is out at our location for longer than that I will relocate the server to another location, as I did after Luis. There is little chance that power will go out everywhere for longer than 8 hours. There is a good chance that we get through this without going down, but I just wanted to let people know what our status is. Be patient if sometime tomorrow you can not get to our site. -- Vince Cate Offshore Information Services, Ltd. Anguilla http://online.offshore.com.ai/ From jimbell at pacifier.com Mon Jul 8 01:35:33 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 8 Jul 1996 16:35:33 +0800 Subject: Style gettting in the way of clear reporting Message-ID: <199607080519.WAA16763@mail.pacifier.com> At 06:38 PM 7/7/96 -0700, Timothy C. May wrote: >At 12:40 AM 7/8/96, James A. Donald wrote: > >>When news media were concentrated into fewer and fewer hands during >>the twentieth century, the appearance of neutrality, objectivity, >>and authoritativeness became a major selling point, and so media >>adopted a tone and manner of neutrality, with an accompanying >>"just-the-facts" style, though in reality they became far less neutral > >An interesting point. You are probably right that journalism is becoming >more florid as "amateurs" flood the market. However, I don't quite buy the >concentration argument, as things were pretty concentrated in the Hearst >era, and the explosion of magazines in the past few decades has not been as >concentrated. (In any case, these are hard things to quantify without more >research, which I for one am unlikely to pursue.) It is probably true that journalism was more concentrated in the late 1800's and early 1900's, since it consisted of a few newspapers. However, I think a good argument could be made that because government was dramatically smaller than today, that concentration was not nearly as detrimental as it would be today under similar circumstances. Jim Bell jimbell at pacifier.com From enquirer at alpha.c2.org Mon Jul 8 02:49:33 1996 From: enquirer at alpha.c2.org (enquirer at alpha.c2.org) Date: Mon, 8 Jul 1996 17:49:33 +0800 Subject: Cypherpunk Enquirer Message-ID: <199607080632.XAA09042@infinity.c2.org> I finally lost the tail somewhere around the docks, and slowly worked my way into Chiba, watching my back all the way. I dumped the chip in the saddlebag of a bike messenger who almost ran me down in front of the Jarre, figured he'd get a good scare out of a midnight visit from the NSA goons who'd been using it to follow my tracks out of Tokyo. They weren't going to like the way I rearranged the facial features of their buddy who tried to waylay me outside of the pachinko parlor. One last glance behind me, and I ducked into the Chatsubo. She was waiting for me there, a vision of pure lust in a red mini-dress with cleavage all the way down to her waist and legs all the way down to the floor. I tried to stay casual as I sauntered over to the bar next to her. "Vodka martini. Shaken, not stirred," I said to Ratz, the regular bartender. Ratz slammed the drink down on the counter in front of me. "Shaken enough for you, Dick?" he said. "Dick. Nice name." She had a voice that sounded like wind blowing through pine trees on a hot summer night. Low. Breathy. Wet. "He's being an asshole. Dick's American slang for a PI. Mind if I join you?" "Suit yourself." I pulled up a stool, surreptitiously slipping her PGP signature into my PDA. It checked out. Good. Now if she just had the merchandise. I hadn't come 5,000 miles just to check out her pectoral development. I leaned over close, trying not to stare at that pair of 38Ds. "You got anything else you'd like to show me?" Her emerald green eyes bored into mine, and then slowly dropped down to the level of my zipper. She slowly slid the hem of her dress up her creamy thigh, just high enough so that I could see that she wasn't wearing any panties. And there it was. Tucked into the top of her silk stocking, just next to the black lace garter. "That floppy's got the source to Declan McCullagh and Ian Goldberg's crack of the Surfwatch database. Worth a small fortune to anyone with the cojones to spam a sample to K12." She licked her lips like she was getting ready to go down on a double dip of Cherry Garcia. "Would you like to come up to my room and take a closer look?" (OK, Nobody, knock it off. You got rid of Tim May three paragraphs ago. Let's get on with it, huh?) (Shit, boss, just trying to have a little fun ... ) THE CYPHERPUNK ENQUIRER "Encyphering minds want to know." Fresh on the heels of the Chicago Bull's triumph in the NBA finals, Michael Jordan has announced the release of his new signature Internet encryption product, Michael Jordan's Awfully Good Snake Oil. Based on a tried and tested but proprietary algorithm, AGSO is guaranteed to provide superior 40 bit encryption of all important Internet traffic. Michael himself personally guarantees that AGSO will integrate perfectly with the Eudora mailer, and used no 14 year old Nicaraguan programmers like that inferior Kathy Lee Gifford shit, and no feminine frou-frou like with Liz Taylor's Black Perl. Jim Bell was injured today when a mail exploder went off in his hands. Doctors at the Bethesda Naval Hospital reported that the mail exploder had been upgraded from critical to stable condition and was resting comfortably in a private room. After a visit from fellow patient Louis Freeh, the mail exploder commented, "It's surprising how well he's learned to talk through that proctoscope." Matt Blaze has finally come clean, and agreed to provide a partial transcript of the NSA's famous "If you knew what we know, you'd support key escrow" presentation, which according to Mr. Blaze starts out, "If you knew about the video tapes we have of you with that 16 year old blonde at the Motel Six ... " Due to continuing controversy over the Michael Jackson case, and bowing to extreme election year pressure from the religious right, President Clinton today announced a new policy to prevent child abuse in the music industry. The Rock Musicians Penis Escrow Bill would require all musicians selling more than 10,000 CDs to file photographs of their (presumably tumescent) genitals with the FBI so that they could be examined and identified in the event of accusations of lascivious behavior with minors. Leon Panetta was reportedly flying to Chicago for discussions with the presently retired Plaster Casters, hoping to garner their support for the bill, while the Wall Street Journal announced an investigation into rumors that Chelsea has a standing request with the FBI for multiple copies. The Libertarian Party immediately announced its whole-hearted support for the plan after Jim Ray snuck the plank into the party platform when no one was looking. Tim May's experimental plan to reduce the noise level on the Cypherpunk Mailing List was declared a resounding success after massive doses of Ritalin actually caused Perry Metzger to apologize for flaming a clueless AOLer. In related news, AwakenToMe has finally figured out protected mode, and has announced the first Pentium condom that actually fits over the cooling fan. Sameer Parkesh announced that c2.org is now hosting an "Unanimizer" web browser, which makes web servers think that the entire population of the WhoWhere search engine has just accessed their pages. Next in the Enquirer: Bob Dole on the dangers of the abacus virus. From amehta at giasdl01.vsnl.net.in Mon Jul 8 03:13:40 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Mon, 8 Jul 1996 18:13:40 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <1.5.4.32.19960708130935.002db9e0@giasdl01.vsnl.net.in> I sent Tim's original post to a psychiatrist friend, who responded: Ritalin is a lifesaver for a small % of children who suffer from a condition characterized by hyperactivity and poor attention span. These kids (usually boys) may be bright as hell but fail in school because they can't sit still or pay attention; they get made fun of, they behave badly, get depressed, it's a mess. Some of them (milder cases) respond to behavior modification therapies which involve training of the parents and teachers to have realistic expectation, recognize the specific difficulties the kids have, set them goals, reward them for achieving them, give them disincentives for misbehaving etc. Others really do need Ritalin. It's a relief not just for the parents and teachers but for the kids to be able to sit still and pay attention and learn and succeed and be liked etc. Most of them grow out of it by their mid-teens. However, there are many more kids on Ritalin than there need to be; some teachers pressure parents to get kids put on it... I know one very bright little girl who's bored out of her mind in school, the school refuses to move her up a grade or give her more challenging work to do, instead complain that she is not paying attention and suggested that she be put on Ritalin... mother was furious. Some of the kids who use foul language (a very small %) have Tourette's disease, and also need medicine (a different one)... by and large the politically correct thing is sometimes to label a kid as sick rather than bad or spoiled, this is probably why drugs are over-used. But we can't throw the baby out with the bathwater! By the way, some old people who are severely depressed after a stroke also do well with Ritalin and don't respond to any other antidepressants... Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://mahavir.doe.ernet.in/~pinaward/arun.htm The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From enquirer at alpha.c2.org Mon Jul 8 03:17:30 1996 From: enquirer at alpha.c2.org (enquirer at alpha.c2.org) Date: Mon, 8 Jul 1996 18:17:30 +0800 Subject: Cypherpunk Enquirer Message-ID: <199607080632.XAA09082@infinity.c2.org> I finally lost the tail somewhere around the docks, and slowly worked my way into Chiba, watching my back all the way. I dumped the chip in the saddlebag of a bike messenger who almost ran me down in front of the Jarre, figured he'd get a good scare out of a midnight visit from the NSA goons who'd been using it to follow my tracks out of Tokyo. They weren't going to like the way I rearranged the facial features of their buddy who tried to waylay me outside of the pachinko parlor. One last glance behind me, and I ducked into the Chatsubo. She was waiting for me there, a vision of pure lust in a red mini-dress with cleavage all the way down to her waist and legs all the way down to the floor. I tried to stay casual as I sauntered over to the bar next to her. "Vodka martini. Shaken, not stirred," I said to Ratz, the regular bartender. Ratz slammed the drink down on the counter in front of me. "Shaken enough for you, Dick?" he said. "Dick. Nice name." She had a voice that sounded like wind blowing through pine trees on a hot summer night. Low. Breathy. Wet. "He's being an asshole. Dick's American slang for a PI. Mind if I join you?" "Suit yourself." I pulled up a stool, surreptitiously slipping her PGP signature into my PDA. It checked out. Good. Now if she just had the merchandise. I hadn't come 5,000 miles just to check out her pectoral development. I leaned over close, trying not to stare at that pair of 38Ds. "You got anything else you'd like to show me?" Her emerald green eyes bored into mine, and then slowly dropped down to the level of my zipper. She slowly slid the hem of her dress up her creamy thigh, just high enough so that I could see that she wasn't wearing any panties. And there it was. Tucked into the top of her silk stocking, just next to the black lace garter. "That floppy's got the source to Declan McCullagh and Ian Goldberg's crack of the Surfwatch database. Worth a small fortune to anyone with the cojones to spam a sample to K12." She licked her lips like she was getting ready to go down on a double dip of Cherry Garcia. "Would you like to come up to my room and take a closer look?" (OK, Nobody, knock it off. You got rid of Tim May three paragraphs ago. Let's get on with it, huh?) (Shit, boss, just trying to have a little fun ... ) THE CYPHERPUNK ENQUIRER "Encyphering minds want to know." Fresh on the heels of the Chicago Bull's triumph in the NBA finals, Michael Jordan has announced the release of his new signature Internet encryption product, Michael Jordan's Awfully Good Snake Oil. Based on a tried and tested but proprietary algorithm, AGSO is guaranteed to provide superior 40 bit encryption of all important Internet traffic. Michael himself personally guarantees that AGSO will integrate perfectly with the Eudora mailer, and used no 14 year old Nicaraguan programmers like that inferior Kathy Lee Gifford shit, and no feminine frou-frou like with Liz Taylor's Black Perl. Jim Bell was injured today when a mail exploder went off in his hands. Doctors at the Bethesda Naval Hospital reported that the mail exploder had been upgraded from critical to stable condition and was resting comfortably in a private room. After a visit from fellow patient Louis Freeh, the mail exploder commented, "It's surprising how well he's learned to talk through that proctoscope." Matt Blaze has finally come clean, and agreed to provide a partial transcript of the NSA's famous "If you knew what we know, you'd support key escrow" presentation, which according to Mr. Blaze starts out, "If you knew about the video tapes we have of you with that 16 year old blonde at the Motel Six ... " Due to continuing controversy over the Michael Jackson case, and bowing to extreme election year pressure from the religious right, President Clinton today announced a new policy to prevent child abuse in the music industry. The Rock Musicians Penis Escrow Bill would require all musicians selling more than 10,000 CDs to file photographs of their (presumably tumescent) genitals with the FBI so that they could be examined and identified in the event of accusations of lascivious behavior with minors. Leon Panetta was reportedly flying to Chicago for discussions with the presently retired Plaster Casters, hoping to garner their support for the bill, while the Wall Street Journal announced an investigation into rumors that Chelsea has a standing request with the FBI for multiple copies. The Libertarian Party immediately announced its whole-hearted support for the plan after Jim Ray snuck the plank into the party platform when no one was looking. Tim May's experimental plan to reduce the noise level on the Cypherpunk Mailing List was declared a resounding success after massive doses of Ritalin actually caused Perry Metzger to apologize for flaming a clueless AOLer. In related news, AwakenToMe has finally figured out protected mode, and has announced the first Pentium condom that actually fits over the cooling fan. Sameer Parkesh announced that c2.org is now hosting an "Unanimizer" web browser, which makes web servers think that the entire population of the WhoWhere search engine has just accessed their pages. Next in the Enquirer: Bob Dole on the dangers of the abacus virus. From amehta at giasdl01.vsnl.net.in Mon Jul 8 03:50:39 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Mon, 8 Jul 1996 18:50:39 +0800 Subject: The Net and Terrorism Message-ID: <1.5.4.32.19960708130958.002e8e58@giasdl01.vsnl.net.in> At 19:52 02/07/96 -0500, John Deters wrote: >Even so, there are a couple of problems with even attempting "to take away >the root causes", not the least of which is the Constitutionally protected >right to free speech. I am allowed to teach my kid to hate anyone for any >reason. I can blame this or that group for this set of troubles, and that >the best way to deal with this is not only to scare them away, but to kill >as many of them as possible. It may be morally repugnant, but it is >protected speech. I think we've all been exposed to awful teaching in some aspects of our upbringing, but experience taught us otherwise. I love the anarchist poster that says, "We are the people whom our parents used to warn us about." Just because you were taught hate, doesn't mean you won't outgrow it. My mother was active in the freedom struggle against the British, and told me enough horror stories that I grew up hating them. But once I met some perfectly decent specimens, it evaporated. If the hate persists, there is likely to be reinforcement in the form of injustices, further bad experiences, etc. India is a large, diverse country with lots of injustice, poverty and other problems. When we analyze what breeds terrorism, we find aspects such as: - Severe neglect by the government (i.e. problems keep getting worse): For instance, the north east (which is east of Bangladesh, and has a long history of militant opposition) had to agitate for a long time to even get a railway line to connect them to the rest of the country. - Meddling by politicians: in Punjab, there was a Sikh regional party that was quite strong. To erode its popular base, Indira Gandhi encouraged the fundamentalists on its right. Similarly, Rajiv Gandhi's government helped train the Tamil LTTE. Both paid for these blunders with their lives, at the hands of the very groups they had once tried to foster. - Disenfranchisement: In Kashmir, most elections were rigged, as the central government pretty much admits now. Interestingly, some of the leaders of the terrorists were polling agents at the time of the previous elections, and were quite disgusted at what they saw. >The countries that sponsor terrorists have not been noted for their >successful educational systems. And they certainly are not going to listen >to Western discussions on how best to solve their "problems". No, but give the people the conviction that they can get their problems redressed legally, that they can win political power peacefully, and basically not let problems fester for so long that all trust in government is lost, and people will be far less likely to take to arms. Phoolan Devi (seen "Bandit Queen"? Great movie) was a dacoit, supposedly responsible for serious massacres. She went to jail, now she is an elected member of the federal Parliament. That is a great message to send to the poor and deprived. The cynic in me sees this as a way of depriving the poor suffering masses of their leaders, by co-opting them into the ruling elite. But there is no shortage of followers eager and willing to take their place. >The U.S. has a level of tolerance for diversity that I >only recently came to >appreciate. We hosted a foreign exchange student from Scotland (hardly >culture shock to him), but he surprised me when he commented on how >surprised he was that different groups of people were mixed together I've had a similar experience. I was part of the Indian delegation to a couple of Amnesty International International Council meetings. In this organisation, multiracialism and multiculturalism are heavily promoted. But if you looked at delegations from Europe, even from countries with sizable racial minorities, they were typically all-white. The US delegation, on the other hand, had blacks, different kinds of Asians, Hispanics... and not by design -- the US section leadership is highly "mixed", so they did not have to think about multiracialism, it just happened. Of course, given the "melting pot" ethos in the US, this is hardly surprising. However, every society has its blind spots. Communism is a real US phobia. The way you treat puny Cuba I find truly amazing. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://mahavir.doe.ernet.in/~pinaward/arun.htm The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From WlkngOwl at unix.asb.com Mon Jul 8 04:34:01 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 8 Jul 1996 19:34:01 +0800 Subject: DEA Intercepts Message-ID: <199607080850.EAA28667@unix.asb.com> On 7 Jul 96 at 23:59, Timothy C. May wrote: > At 9:19 PM 7/7/96, John Young wrote: [..] > > "I don't think J. Edgar Hoover would contemplate what we > > can do today in terms of technology," Reno testified during > > a Senate hearing in May. A double-edged quote, isn't it? [Tim's sort-of techie comments deleted.] Who needs high-tech for a surveillance state? I remember several years back a Soviet-history class that put a lot of emphasis on the Czar's totalitarian regime, much of which was already in place when the Bolshviks took power (and one of the reasons they held it). Irregardless of the literacy rate (which I'm guessing was low anyway), it was apparently common practice in many European countries in the early 19th century (incl. Russia) to have 'black offices' in the post offices that would steam open EVERY piece of mail to be read for intelligence and surveillance purposes. And back then there was probably a higher proportion of meaningful mail since there was no telephone, radio, or (very little) direct-mail marketing. Generally such offices were used for political purposes. Oddly enough the secret police organizations spied heavily on those in power as well: sometimes I wonder if Americal political scandals are (or will ever be) linked to US intelligence agencies listening in one some pol's calls. This is akin in some ways to building a postal system where there's a black office in every station. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From declan+ at CMU.EDU Mon Jul 8 07:53:48 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Mon, 8 Jul 1996 22:53:48 +0800 Subject: NYT/CyberTimes on CWD article In-Reply-To: <199607071744.NAA25788@unix.asb.com> Message-ID: Excerpts from internet.cypherpunks: 7-Jul-96 Re: NYT/CyberTimes on CWD a.. by "Deranged Mutant"@unix.a > (I wonder if the software can tell that ~perv/ and /users/home/perv/ > or /home/perv/ can be the same directory on some systems? That would > be an interesting flaw. Has anyone hacked with the software?) The software can't tell. Take webcom.com, where some ~perv directories are blocked and some /users/perv directories are blocked by CyberPatrol. -Declan From m5 at vail.tivoli.com Mon Jul 8 08:45:45 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 8 Jul 1996 23:45:45 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port In-Reply-To: Message-ID: <31E0FC31.4E1C@vail.tivoli.com> Michael H. Warfield wrote: > > Scenario: [ naughty parents allow nice kids access to the nasty > > internet ] > Scenario update: Replace all instances of Bart's computer and > internet connections with Playboy or Penthouse (or worse - Hustler!) > magazines found in a drawer in the house. You then discover this to be > the shear and utter gibberish that it really is... Of course it's a ridiculous situation, but "the Internet" is the Daemon Du Jour. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * pain is inevitable m5 at tivoli.com * m101 at io.com * * suffering is optional From raph at CS.Berkeley.EDU Mon Jul 8 11:33:27 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 9 Jul 1996 02:33:27 +0800 Subject: List of reliable remailers Message-ID: <199607081350.GAA31890@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"treehole"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (c2 alpha) (flame replay) (alumni portal) Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Note: The remailer list now includes information for the alpha nymserver. Last update: Mon 8 Jul 96 6:48:30 PDT remailer email address history latency uptime ----------------------------------------------------------------------- alumni hal at alumni.caltech.edu *+*#+*#-*### 3:36 100.00% replay remailer at replay.com **+*******+* 4:23 99.99% jam remailer at cypherpunks.ca ******** 16:45 99.98% c2 remail at c2.org +-++++++-+++ 46:47 99.97% nemesis remailer at meaning.com +*********** 17:25 99.97% nymrod nymrod at nym.jpunix.com #+#-##*##### 2:49 99.97% lead mix at zifi.genetics.utah.edu ++++++++++++ 38:37 99.96% vegas remailer at vegas.gateway.com *___.+#*+#*+ 4:34:27 99.95% mix mixmaster at remail.obscura.com .------+++++ 5:42:01 99.92% flame remailer at flame.alias.net .-++---+--++ 3:59:13 99.91% haystack haystack at holy.cow.net +###+#* #+## 3:07 99.80% lucifer lucifer at dhp.com +++ -+++++++ 48:41 99.78% ncognito ncognito at rigel.cyberpass.net .__.___-... 24:13:12 99.68% extropia remail at miron.vip.best.com ----.----.- 7:38:28 99.39% amnesia amnesia at chardos.connix.com ---- -----+ 3:42:52 99.31% alpha alias at alpha.c2.org +++*****++++ 38:39 99.29% penet anon at anon.penet.fi ...--....- 27:11:56 99.00% ecafe cpunk at remail.ecafe.org --##* ### 1:26:57 98.73% portal hfinney at shell.portal.com #+*####- ## 3:52 98.05% treehole remailer at mockingbird.alias.net +++- --+ + 2:18:51 97.06% exon remailer at remailer.nl.com **+**** ** 4:35 95.60% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From jamesd at echeque.com Mon Jul 8 12:39:55 1996 From: jamesd at echeque.com (James A. Donald) Date: Tue, 9 Jul 1996 03:39:55 +0800 Subject: The Net and Terrorism Message-ID: <199607081534.IAA07424@dns1.noc.best.net> At 01:16 PM 7/8/96 +0500, Arun Mehta wrote: >India is a large, diverse country with lots of injustice, poverty and other >problems. When we analyze what breeds terrorism, we find aspects such as: > >- Severe neglect by the government (i.e. problems keep getting worse): For >instance, the north east (which is east of Bangladesh, and has a long >history of militant opposition) had to agitate for a long time to even get a >railway line to connect them to the rest of the country. this is totally back to front. The primary cause of terrorism, and indeed the primary party guilty of terrorism in India *is* the government. For example the war upon the Sikhs started off with government sponsored terror against Sikh civilians, similar to Krystalnacht. We mostly see terrorism in countries with a large and intrusive government, not in countries like Hong Kong where there is massive government "neglect" >- Disenfranchisement: In Kashmir, most elections were rigged, as the central >government pretty much admits now. Oh wow: So the Muslims of Kashmir were more upset by rigged elections than by the murder of women and children. If that is true, why do we not see terror in Hong Kong (no elections until recently) and Singapore, (rigged elections) > The US delegation, on the > other hand, had blacks, different kinds of Asians, Hispanics... and not by > design -- the US section leadership is highly "mixed", so they did not have > to think about multiracialism, it just happened. Pull the other leg. They even have a black lesbian quota. US ambassadorships had gay quota even under Reagan, though not a black lesbian quota. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From bryce at digicash.com Mon Jul 8 13:44:10 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Tue, 9 Jul 1996 04:44:10 +0800 Subject: Laughing my ass off Message-ID: <199607081617.SAA25649@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Holy Exon that was good!! Please publish a PGP pubkey so that I may send you a token of my appreciation. (A token which is exchangeable for a national currency, perhaps.) Bryce - -----BEGIN PGP SIGNED MESSAGE----- Certificate-Type: Chudov/Wilcox Content/Author Rating Rating-Type: Content Object-ID: Date: Sun, 7 Jul 1996 23:32:37 -0700/From: enquirer at alpha.c2.org Topicality: 10 Entertainment: 10 Value: 8 Signer: 0x2c2998ad Signature: - -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMeE0U0jbHy8sKZitAQF6QwMAqj1CTsV7VzSLBxbwL8vZKG93a1nG8nrn p6WQB7BXQ/0shyjKpaKhfQKiiYVAAcINvfS2Df8ZcAYaEbIzoh3R6jMFvEye3ocp qI1ipX08vdUp8H01CqtDugjfmGt1ZcM6 =Wnyy - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMeE0kUjbHy8sKZitAQEKIAL+IGV5vlaKU9PL6fGdr2dCGUsDoLNnl+un oWowEa4+Wtw3lAoPN68kEaXd+UPedS+oaxuTNwvFz7SHmS25+BvhTOylYVhs+ASx L0+Cv/BCDqCx22r2EfGm9JSncidwmF9G =mP3K -----END PGP SIGNATURE----- From eadams at voyager.net Mon Jul 8 14:02:39 1996 From: eadams at voyager.net (Eric Adams) Date: Tue, 9 Jul 1996 05:02:39 +0800 Subject: Computing Message-ID: <31E15B77.2888@voyager.net> I am a new person here, so I am not directing this message to any specific person. Answer freely. It seems to me that the computing age is advancing too quickly. I bought an excellent Pentium 75Mhz system about one and a half years ago. Now, I can buy a laptop of the same setup for the same price. I do computer programming and just bought a copy of Borland C++ 5.0 for $300. I expect it to be out-dated very quickly. I dodn't bother with Windows '95, because it is way too buggy and Windows '97 is soon to come. '95 was simply an introduction to what Microshaft can already do. I don't fall for the daily updates, or bug changes, because I know that none of my internet software or printer software will run on it. I wouldn't mind, however, making a program for '95 that would make me a few buck$. I have observed that in the time that the P6 came out, Motorola (if that's how you spell it) has signed with another company to make a Gigabyte RAM chip. Won't that be interesting? From tcmay at got.net Mon Jul 8 14:11:13 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 9 Jul 1996 05:11:13 +0800 Subject: Technology- vs. Human-based Surveillance Message-ID: At 4:35 AM 7/8/96, Deranged Mutant wrote: >Who needs high-tech for a surveillance state? I remember several >years back a Soviet-history class that put a lot of emphasis on the >Czar's totalitarian regime, much of which was already in place when >the Bolshviks took power (and one of the reasons they held it). ... A human-based surveillance state is very expensive, even by the standards of modern America and its bloated government. The recent example of the DDR's "Staasi" provides an example. Hard to hide the extent of the surveillance when so many people are involved. Better, think the Thought Police, to use technology to do the intercepts and pre-screening of the take. Also, the right technology (right for them, not us) makes widespread tapping possible, where human-based systems are not. (As but one example, hard to get human spies into companies on short notice to monitor a target.) In short, technology-based surveillance is "scalable" in a way that human-based surveillance is not. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From perry at piermont.com Mon Jul 8 14:42:17 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 05:42:17 +0800 Subject: Word lists for passphrases In-Reply-To: <960706155139_428652398@emout15.mail.aol.com> Message-ID: <199607081635.MAA10394@jekyll.piermont.com> AwakenToMe at aol.com writes: > > > I have a util that will create a word list starting from > > > aaaaaaaaaaa on up to anythingggggggg basically you could do every > > > combination. Let me know if ya want it. > > > > That would really be of great use for doing wordlist crack runs. It > > must have taken you a long time to write -- generous of you to offer > > it. > > I want to apologize to everyone for being gratuitously nasty > here. It wasn't called for. > > Thats funny. I thought you were being completely serious and I sent you this > file. You are exactly right. it is of GREAT use for doing wordlist crack > runs. If you generate every possible word, you aren't getting any advantage by using crack and not just trying every possibility in your cracker itself. The whole point of trying english words is to try to reduce the search space. I would try to explain this to you, but it probably isn't worth while. Furthermore, generating every possible word is trivial -- its the sort of assignment you give to kids in their first week of programming. No one needs to be given such a program -- its only about four or five lines of C. > Why dont ya check out some realllyyy secure systems and find out what > utils they use to test their own security. Don't teach granpaw to suck eggs, sonny. Perry From Steven.J.Vaughan-Nichols at access.digex.net Mon Jul 8 14:45:47 1996 From: Steven.J.Vaughan-Nichols at access.digex.net (Steven J. Vaughan-Nichols) Date: Tue, 9 Jul 1996 05:45:47 +0800 Subject: Style gettting in the way of clear reporting Message-ID: <199607081653.MAA17946@access5.digex.net> May complains loudly about Meek and other writers style. Meek hardily needs my defense, he's the best in the biz (speaking as another writer, I add, damn it!) But, your problem is simply one of style, not of substance. Like it or not, Meek does communicate well with the vast majority of his readers. His faux-Chandler isn't for everyone, but he makes his points loud and clear. Steven Steven J. Vaughan-Nichols sjvn at access.digex.net http://www.access.digex.net/~sjvn/vna.html QOTD: "You have a job. I work for a living" -- sjvn, freelance writer From perry at piermont.com Mon Jul 8 14:57:33 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 05:57:33 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607070045.RAA24335@netcom5.netcom.com> Message-ID: <199607081653.MAA10428@jekyll.piermont.com> > tcmay at got.net (Timothy C. May) writes: > The doublethink and hypocrisy of modern society is > astounding. > > When the mother (a single mother, as this is California) > drops her son off with my friend (also single, of course), > she includes several "Ritalin" capsules with instructions on > how to dose her son with this depressant/behavior > modification drug. > > My friend ignores these Ritalins, which upsets the Mom > greatly the next day when she realizes her son has not been > given the tranks that are also known as "Mother's little > helpers." Ritalin is not a tranquilizer or anything like a tranquilizer. It is an amphetamine -- it is a close chemical analog to speed and could only be characterized as a tranquilizer by someone without any knowledge of the drug or its effects. Most people would become very "up" on the stuff, but it has a paradoxical, completely reverse effect on some people who have problems with their dopamine/norephinepherine (sorry, I may have the spellings wrong) systems in their brains that cause them to have difficulty focusing or to become hyperactive -- it calms and focuses such children and adults. The support newsgroup on Usenet for people with ADD discusses this in detail. Most people would have no particular urge to stop a child with diabetes from taking her insulin. Your friend seems to have the sick idea that they know better than the child's parents whether the child should be taking their meds or not, simply because the medication is for a "mental" problem. This isn't your friend's child. Its someone else's child. They have no right to make such decisions. Oh, and by the way, Ritalin has never been known in slang as "mother's little helper". That would be a tranquilizer taken by the mother to help her get through her own day. Perry From perry at piermont.com Mon Jul 8 14:58:48 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 05:58:48 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607081713.NAA10490@jekyll.piermont.com> Timothy C. May writes: > At 1:14 PM 7/7/96, Simon Spero wrote: > >On Sat, 6 Jul 1996, Timothy C. May wrote: > >> > >> When the mother (a single mother, as this is California) drops her son off > >> with my friend (also single, of course), she includes several "Ritalin" > >> capsules with instructions on how to dose her son with this > >> depressant/behavior modification drug. > > > >Er... Tim... Ritalin is an amphetamine. > > Whatever. It acts as a calmant/tranquilizer/depressant on many. Only those who have ADD, which you claim doesn't exist. > (As with many drugs, there are apparently paradoxical effects. Alcohol is a > downer for some, and upper for others.) Alcohol is a CNS depressant for all. Lowering inhibitions tends to make people relax and "party", but it doesn't have particularly paradoxical effects. .pm From perry at piermont.com Mon Jul 8 15:01:17 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 06:01:17 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607081710.NAA10477@jekyll.piermont.com> Sandy Sandfort writes: > On Sun, 7 Jul 1996, Simon Spero wrote: > > > On Sat, 6 Jul 1996, Timothy C. May wrote: > > > > > > ...she includes several "Ritalin" > > > capsules with instructions on how to dose her son with this > > > depressant/behavior modification drug. > > > > Er... Tim... Ritalin is an amphetamine. > > Yes, normally, but doesn't it have a paradoxical reaction for > hyperactive children (i.e., it acts as a depressant for them)? 1) If you believe that Ritalin has a different effect on hyperactive children, that would seem to indicate that the May hypothesis that hyperactivity isn't a biological phenomenon is false. 2) Yes, it appears that Ritalin has s different effect on children with ADD, in that it reduces their symptoms. "depressant", though, isn't the right term. 3) Of course, this isn't a crypto mailing list any more, so why NOT discuss every topic under the sun. .pm From perry at piermont.com Mon Jul 8 15:30:08 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 06:30:08 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607081725.NAA10514@jekyll.piermont.com> Timothy C. May writes: > From what I've read--and I'm no expert, having long had essentially the > _opposite_ of "attention deficit disorder," assuming it really even > exists!--most children getting Ritalin are just being sedated. Speed is not a sedative. Ritalin is amphetamine, not a barbituate. For most people, its like drinking lots of coffee -- it seriously increases attention and lowers your ability to sleep. > Behavior control in its purest form. While the kids stop their > wandering attention and constant physical motions, it's because > they're in a mental fog, just one step away from drooling. Thats not what Ritalin does to *anyone*. If anything, amphetamines are abused by people who want to remain awake and alert. Perry From tcmay at got.net Mon Jul 8 15:35:56 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 9 Jul 1996 06:35:56 +0800 Subject: The Net and Terrorism Message-ID: Thanks for the fine comments (and the comments from your shrink-wrapped friend on Ritalin). A very few comments: At 8:16 AM 7/8/96, Arun Mehta wrote: >because you were taught hate, doesn't mean you won't outgrow it. My mother >was active in the freedom struggle against the British, and told me enough >horror stories that I grew up hating them. But once I met some perfectly >decent specimens, it evaporated. This is my experience, too, with using common sense in deciding which races, if any, to hate. >India is a large, diverse country with lots of injustice, poverty and other >problems. When we analyze what breeds terrorism, we find aspects such as: > >- Severe neglect by the government (i.e. problems keep getting worse): For >instance, the north east (which is east of Bangladesh, and has a long >history of militant opposition) had to agitate for a long time to even get a >railway line to connect them to the rest of the country. A case, of course, where the government set the policy on who to connect, based on votes and influence. In a market economy, regions get connected by rail when a market for goods to be shipped appears likely, when customers will pay for tickets, etc. (Until the last several decades, this is the way railroads and shipping in the U.S. expanded. J.J. Hill built the "Great Northern" rail line across the northern part of the U.S. without a dime of subsidy and without much interference by government.) >- Meddling by politicians: in Punjab, there was a Sikh regional party that >was quite strong. To erode its popular base, Indira Gandhi encouraged the >fundamentalists on its right. Similarly, Rajiv Gandhi's government helped >train the Tamil LTTE. Both paid for these blunders with their lives, at the >hands of the very groups they had once tried to foster. This "tactical move" of pitting one religious or ethnic group against another should be a lesson for the rest of us. Much better to take a hands-off attitude and essentially pretend that differences don't matter. (As opposed, say, to giving special privileges to Baptists, blacks, Catholics, etc.) In this regard, I think the U.S. got it "right" (though we are drifting toward a "minority rights" situation, which is sowing the seeds of Indian-style sectarian conflict, e.g., the riots in Los Angeles a few years ago). (Arun is now quoting someone else) >>The U.S. has a level of tolerance for diversity that I >>only recently came to >>appreciate. We hosted a foreign exchange student from Scotland (hardly >>culture shock to him), but he surprised me when he commented on how >>surprised he was that different groups of people were mixed together > >I've had a similar experience. I was part of the Indian delegation to a >couple of Amnesty International International Council meetings. In this >organisation, multiracialism and multiculturalism are heavily promoted. But >if you looked at delegations from Europe, even from countries with sizable >racial minorities, they were typically all-white. The US delegation, on the >other hand, had blacks, different kinds of Asians, Hispanics... and not by >design -- the US section leadership is highly "mixed", so they did not have >to think about multiracialism, it just happened. Of course, given the >"melting pot" ethos in the US, this is hardly surprising. Indeed, Americans are often branded as racist yahoos by the enlightened, racially-tolerant folks of Europe. They cluck at our "racial problems." However, America is a melting pot, as Arun notes. On a daily basis we interact with blacks, Asians, Mexicans, whites of all flavors, etc. Blacks, for example, are very well-represented in so many areas (not science and technology, for educational/cultural/image reasons--see Note if you want to hear why). For anyone who buys the UNESCO line about how American is a fundamentally racist society, a visit for a few weeks should clarify things. There is still a lot of racial separation, by choice and not by law, and economic disparities. But the fact is that the races mix on a daily basis, with little or no conflict. Music, sports, entertainment, business, etc. (Note: For various cultural and image reasons, science and technology are _not_ emphasized as careers for black children. Contrast the image of science in predominantly black environments with the image of science in, say, predominantly Jewish environments. The result is clear: blacks are severely underrepresented in these areas, and Jews are overrepresented in these same areas. Hey, I'm just citing a basic truth of our times, at least in this country. Similar statistics apply to Asians, with more than half of all U.C. Berkeley science and engineering undergrad students being Asian, and something less than 3% of them being black. The figures for who _graduates_ are even more skewed. There are various reasons for this. One of my pet peeves is how the terms "dweeb," "nerd," and "geek" are used to characterize science and engineering majors and professionals. Hardly terms that are likely to make a brother in the hood consider studying science!) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From habs at warwick.com Mon Jul 8 15:54:55 1996 From: habs at warwick.com (Harry S. Hawk) Date: Tue, 9 Jul 1996 06:54:55 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607081725.NAA10514@jekyll.piermont.com> Message-ID: <199607081628.MAA16827@cmyk.warwick.com> I've taken Ritalin as both an adult and a child. It is by experiance not a sedative. It helps me focus more and increase my attention span. It is as perry indicates a amphetamine. > > > Timothy C. May writes: > > From what I've read--and I'm no expert, having long had essentially the > > _opposite_ of "attention deficit disorder," assuming it really even > > exists!--most children getting Ritalin are just being sedated. > > Speed is not a sedative. Ritalin is amphetamine, not a barbituate. For > most people, its like drinking lots of coffee -- it seriously > increases attention and lowers your ability to sleep. > > > Behavior control in its purest form. While the kids stop their > > wandering attention and constant physical motions, it's because > > they're in a mental fog, just one step away from drooling. > > Thats not what Ritalin does to *anyone*. If anything, amphetamines are > abused by people who want to remain awake and alert. > > Perry > -- Harry Hawk, Manager of Interactive Communications Warwick Baker O'Neil, 212 941 4438, habs at warwick.com "the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects" "As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from governmental intrusion" Philadelphia Federal Judges Panel ( Dolores K. Sloviter, chief judge of the 3rd U.S. Circuit Court of Appeals, and U.S. District Court Judges Ronald L. Buckwalter and Stewart Dalzell.) From sunder at dorsai.dorsai.org Mon Jul 8 16:24:59 1996 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Tue, 9 Jul 1996 07:24:59 +0800 Subject: What remains to be done. In-Reply-To: <199607041710.NAA00995@unix.asb.com> Message-ID: On Thu, 4 Jul 1996, Deranged Mutant wrote: > There's a need for something that will work under Win95, WinNT, > and/or OS/2 for encrypting partitions. Aside from a few commercial > or shareware apps which use some variant of DES, there's little out there. > (One problem is that DD kits for Win95/NT and OS/2 cost $$$.) Yeah, I'm kinda lusting after something that would work under NT as well as under 95. Too bad NT won't allow the use of BIOS INT 13 calls so that one may load the SecureDrive TSR. :( I don't have OS/2, but if I did you could easily add that to the list. I'm constantly switching between NT and 95 and have them installed on the same drive. Would be cool to have some low level driver to encryption from the Master Boot Record for example to get around unfriendly OS's- but then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure as hell wont, etc.... that was the whole idea of having a BIOS in the first place, but woe is us. ========================================================================== + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK|AK| do you not understand? |======= ===================http://www.dorsai.org/~sunder/========================= Key Escrow Laws are the mating calls of those who'd abuse your privacy! From hua at XENON.chromatic.com Mon Jul 8 16:51:58 1996 From: hua at XENON.chromatic.com (Ernest Hua) Date: Tue, 9 Jul 1996 07:51:58 +0800 Subject: SAFE forum -- remarks of Herb Lin In-Reply-To: <9606058365.AA836589679@nas.edu> Message-ID: <199607081836.LAA23597@server1.chromatic.com> > My experience with the FBI and other law enforcement officials is that > they are honorable people trying to do a very hard job. Very good point. However, their primary representatives are still Louie Freeh, Jim Kallstom (sp?) and a few others who specialize in technologically-inaccurate hype. They have special backdoor access priviledges to Congress which none of us have (at least on the scale with which they can summon). They do NOT have to answer to anyone, except on warm and fuzzy Congressional hearings during which the technical inaccuracy of their words are rarely challenged. I would give a lot to have a public one-on-one discussion/debate with Freeh or Kallstrom. The problem is that they will stick to the obvious sound bites of "child pornographers" and "terrorists" instead of discussing the technical issues. I do agree that, if Freeh and cypherpunks would stop the hyperbole, and start discussing what would help privacy as well as law enforcement, then much more useful If Freeh and Kallstom played fair, and did not insist on behind-the-scene lobbying for Digital Telephony and GAK, then I might even consider compromising my hard-line stance against GAK and encryption regulation. However, they insisted on pushing it even when they could not get enough public support. Right now, THEY have the power, THEY have the access, THEY do not have to answer to us (and the Devil is always in the details), so I think it is a bit unfair to say that some cypherpunk is being too harsh on the FBI. They (the FBI) are supposed to serve us. Instead, they are taking away our own control of our lives. It reminds me much of the power-hungry MIS suit who swoops in and takes away all of our root passwords without setting up the backups and the firewalls and add to our productivity. We can get some solutions for both sides, but it takes work, and Freeh and Kallstrom (and Clinton) cannot get political credits for these more subtle solutions, so they must choose between highly-visible (but technically wrong) solutions and real (but possibly thankless) solutions. I get the feeling I know what they are choosing right now. Ern From dp at tir.com Mon Jul 8 17:27:50 1996 From: dp at tir.com (dp) Date: Tue, 9 Jul 1996 08:27:50 +0800 Subject: doubleclick monitoring web browsing habits Message-ID: <199607081942.PAA15748@tir.com> How do I get off the list....... From janke at unixg.ubc.ca Mon Jul 8 17:44:30 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Tue, 9 Jul 1996 08:44:30 +0800 Subject: Pseudo-DC-net Project Message-ID: <199607081845.LAA00269@clouds.heaven.org> -----BEGIN PGP SIGNED MESSAGE----- I am working on a project to implement a variation of a DC-net to be run over the Internet. I am posting this summary to find out if it overlaps with projects others are working on; to see what members of the lists think of the general ideas for the network I have in mind; and to see if anyone is interested in helping me out. The variation of a DC-net I have in mind will vary in three important ways from a true DC-net: Difference (1) (Pseudo-random numbers) It will use pseudo-random numbers in place of true random numbers. Difference (2) (Star shaped network) The graph of the network will be star shaped instead of completely connected. Difference (3) (MACs) Messages broadcast on the pseudo-DC-net will have a MAC appended in a key shared by the channel participants. Difference (4) (Encryption) Messages sent to the channel will be encrypted in a key shared by the participants. Because of these difference from a true DC-net I will refer to the network I have in mind as a "pseudo-DC-net". Difference (1) is desirable since current techniques for generating true random numbers on PC's are slow, and distribution of the resulting true random numbers is enormously consumptive in terms of bandwidth. Difference (2) is made possible by the use of pseudo-random number generators, and is desirable since it reduces the total number of messages that need to transferred. Difference (3) is desirable to identify messages broadcast by unauthorized parties to the network, and, as a side benefit, to help clients filter out collisions--- when two parties try to broadcast at the same time. Difference (4) is desirable so that eavesdroppers cannot determine what messages are being broadcast to the network. Difference (1) implies a downgrading of the level of anonymity from unconditional to cryptographic, and difference (2) opens the possibility for protocol attacks. I would like to break this project up into three parts: a formal protocol specification, a client implementation or implementations, and a server implementation or implementations. I would like the formal protocol specification to be publicly available to allow anyone to write their own clients and servers, and to communicate their criticisms of the protocol. The protocol will not dictate what pseudo-random number generator is to be used, although there will be a note of a rule to ensure that pairs of users are using the same generator for the "coin flips" they share. Similarly, the protocol should be flexible enough to allow the use of any reasonable length MAC. A general outline of the protocols I have in mind are as follows: Protocol (1) (Channel registration protocol) Channels will be registered with the server. A channel will be specified by a time frame in which a pseudo-DC-net is to be run; the IP address and port to which clients are to connect to join the channel; the length of each message block to be transmitted to the channel; and a channel ID. Protocol (2) (Pseudo-DC-net real-time protocol) The protocol for running the channel will consist of a series of "rounds". Each round will consist of the following steps: Step (1) The transmission of a round synchronization number from the server to the clients, along with a string of bits specifying the set of users connected. Old clients should make sure that the synchronization number is consistent with the synchronization number of the previous round. Step (2) Receipt by the server from each client of a block of input for that round. (If the user does not wish to broadcast, this will be the XOR sum of the next blocks in the the pseudo-random number streams shared by the user with the other users (call this sum S). If the user wishes to broadcast, it will be the encryption of the following: the XOR of S with a message consisting of the concatenation of the channel id, round number, message length, message, message padding, and MAC of these five components.) Step (3) Transmission from the server to each client of the XOR sum of the blocks received. Protocol (3) (Optional Payment Protocol) I would like to add the option for the server to charge e-cash for the administration of the channel. I have also thought about an extension in which messages to the server would be signed so that the server could prevent an unauthorized user from hijacking a connection and disrupting a channel. If you would like to help me out with this project, if it overlaps with something you are already doing or have done, or you just think my ideas are no good (or good! :) ), please let me know. I am especially interested in attacks in which the server lies about the round number or set of connected users. If this project is works out well, I would like to later work on protocols for voting using a pseudo-DC-net. Leonard Janke (pgp key id 0xF4118611) -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBMeFVY0MBIFf0EYYRAQErKwf+OcQjqoODovlRJZtrXuqTGeiRHTobFDa+ DFWEmGl+yditRBt9nAlCgXGiRkCXhqroX30M+SEVw02trc1eBMCeJUSvxB9d0pN6 9x3vDN/XB4Kj6kAuAypulBCa0f74Uim4nJvZDw7boEW/hXY3Yuf7d3mgOsNY/LRT p62FL24wnz8aeBAVYnE6SJp59u9Yssrvb2lez1IuKIdN8Rqx590Fwn1VBZ2oqGk8 6UucJkvTht7XmKPuckND+Lhq7jv1vVZKZD3NRe4Uy21JstwKwwpuVXVX98YlNc+Y a15wW4WstZIzsKuPrYVsLsb+wXsETp1sgp5jDkKQABfit7XS8FVC9g== =KZsI -----END PGP SIGNATURE----- From gary at systemics.com Mon Jul 8 17:57:30 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 9 Jul 1996 08:57:30 +0800 Subject: [Announcement] - Crypto library for Java available Message-ID: <31E159E2.1CFBAE39@systemics.com> The Systemics Cryptix crypto library for Java is now available for download at http://www.systemics.com/software/ The library is FREE FOR COMMERCIAL AND NON-COMMERCIAL USE. Apart from much tidying up, there have been several signigicant additions to the library, including a Blowfish implementation, RSA encryption (including key generation routines), CFB and CBC block cipher mode modules, and a cryptographically secure random InputStream. Enjoy! CRYPTIX 1.1 - CRYPTOGRAPHIC EXTENSIONS FOR JAVA _________________________________________________________________ DESCRIPTION This library contains a suite of cryptographic classes for Java. Some of the classes have been implemented in native code for performance reasons, and have been tested on Windows 95, Windows NT, Solaris, Linux and IRIX. The package documentation is available on line. FEATURES All of the following have been implemented: * java.crypt.BlockCipher This class is a base class for all block ciphers. * java.crypt.Blowfish (based on code from A.M. Kuchling, Bryan Olson and Bruce Schneier) An implementation of Bruce Schneier's Blowfish block cipher. * java.crypt.CipherFeedback A class for implementing the cipher feedback mode of block cipher encryption. * java.crypt.CSRandomStream A cryptographically secure pseudo random input-stream. * java.crypt.DES (based on code from Eric Young) An implementation of the DES block cipher. * java.crypt.HashMD5 An class encapsulating MD5 hashes. * java.crypt.HashSHA An class encapsulating SHA hashes. * java.crypt.IDEA An implementation of the IDEA block cipher algorithm. Based on native libraries. * java.crypt.MD5 (based on code from RSA Data Security, Inc.) An implementation of the MD5 message digest algorithm. Based on native libraries. * java.crypt.MD5OutputStream An output stream the creates an MD5 hash of its input. * java.crypt.MessageDigest A base class for all messsage digest algorithms. * java.crypt.MessageDigestOutputStream A class for using message digest functions to hash an output stream. * java.crypt.MessageHash A base class for classes encapsulating hashes. * java.crypt.rsa.PublicKey An RSA public key. * java.crypt.rsa.RSAKeyGen A class for generating RSA public/secret key pairs. * java.crypt.rsa.SecretKey An RSA secret key. * java.crypt.SHA (based on code from NIST and Peter C. Gutmann) An implementation of NISTs SHA message digest algorithm. Based on native libraries. * java.crypt.SHAOutputStream An output stream the creates an SHA hash of its input. * java.crypt.StreamCipher A base class for stream ciphers. * java.math.BigInteger (based on code from Eric Young). This class implements arbitrary length integers and some associated mathematical functions. Based on native libraries. * java.math.MPI A class for converting BigIntegers to and from MPI format integers. * java.math.PRNG A class for generating a pseudo random sequence with a period of 2**160. * java.math.RandomStream An input stream that is random. * java.math.TestPrime A class for testing the primality of BigIntegers. COPYRIGHT This library includes (or is derived from) software developed by (and owned by) the following: * Peter C. Gutmann * A.M. Kuchling * NIST * Bryan Olson * RSA Data Security, Inc. * Bruce Schneier * Eric Young <eay at mincom.oz.au> Other parts of the library are covered by the following licence: Copyright (c) 1995, 1996 Systemics Ltd (http://www.systemics.com/) All rights reserved. This library and applications are FREE FOR COMMERCIAL AND NON-COMMERCIAL USE as long as the following conditions are adhered to. Copyright remains with Systemics Ltd, and as such any Copyright notices in the code are not to be removed. If this code is used in a product, Systemics should be given attribution as the author of the parts used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Systemics Ltd (http://www.systemics.com/) THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] _________________________________________________________________ From Ryan.Russell at sybase.com Mon Jul 8 18:08:05 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Tue, 9 Jul 1996 09:08:05 +0800 Subject: Web redirector to defeat kiddie-filters? Message-ID: <9607082055.AA23265@notesgw2.sybase.com> Well, sort of..... http://www.mordor.com/neslon/decide/ Ryan From wendigo at gti.net Mon Jul 8 18:21:31 1996 From: wendigo at gti.net (Mark Rogaski) Date: Tue, 9 Jul 1996 09:21:31 +0800 Subject: The Net and Terrorism In-Reply-To: Message-ID: <199607082044.QAA20776@apollo.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be Timothy C. May wrote: : : (Note: For various cultural and image reasons, science and technology are : _not_ emphasized as careers for black children. Contrast the image of : science in predominantly black environments with the image of science in, : say, predominantly Jewish environments. The result is clear: blacks are : severely underrepresented in these areas, and Jews are overrepresented in : these same areas. Hey, I'm just citing a basic truth of our times, at least : in this country. Similar statistics apply to Asians, with more than half of : all U.C. Berkeley science and engineering undergrad students being Asian, : and something less than 3% of them being black. The figures for who : _graduates_ are even more skewed. There are various reasons for this. One : of my pet peeves is how the terms "dweeb," "nerd," and "geek" are used to : characterize science and engineering majors and professionals. Hardly terms : that are likely to make a brother in the hood consider studying science!) : I attended a school in the Pittsburgh area that had an active recruiting effort centered in Philadelphia. Thus, most of the black students were from inner-city Philly. What I noticed about their failure to show up in upper level math/science classes was that they had to spend too much time in remedial classes to undo the damage done by city schools. Considering the percentage of America's black population that lives in urban areas, that seems to explain the lack of black representation. Even more distressing on the whole was the lack of female students in the Comp. Sci. department ... but that's another story. As for the slang, I don't think it's going to attract white kids from the suburbs either. Screw the stereotypes, it's a little too close to the "They could but they don't have the drive/will/intelligence" arguments to say that Dilbert cartoons are going to turn off a "brother in the hood" to math/science. Also, most of the Asian students at my school were not US citizens. Most were from China or Japan. mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMeFzDg0HmAyu61cJAQFSqgP/YH7+mjoAqIcGcyM5OfciOdfebjBPfPK7 f7hIUdxO55E2JDusOqJUtmxq9SRaBvYoNh95T2yKvK6PQZm2ott5E2nP9f4YbOAy ejRD4WX3pdxJTFEcbJgaQeNCsDl8n59HMV/Q76PY4CluIzARSYFt7kN1oyB4oIhU hCxdiNEkeLY= =KksE -----END PGP SIGNATURE----- From snow at smoke.suba.com Mon Jul 8 18:23:27 1996 From: snow at smoke.suba.com (snow) Date: Tue, 9 Jul 1996 09:23:27 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <1.5.4.32.19960708130935.002db9e0@giasdl01.vsnl.net.in> Message-ID: On Mon, 8 Jul 1996, Arun Mehta wrote: > Ritalin is a lifesaver for a small % of children who suffer from a condition ^^^^^^^ Key word here. ||||||| > Ritalin... mother was furious. > > Some of the kids who use foul language (a very small %) have Tourette's > disease, and also need medicine (a different one)... by and large the Bullshit. Most kids (these days) who use profanity are simply undisiplined louts. Yes, I use profanity today, at 28. However, I would NEVER have called my mother a "Fucking Asshole" under ANY circumstances, My father would have torn my head off. In fact if my father had caught me speaking like that to ANYONE at 8 years of age, I would have had trouble sitting for a couple days at least. Of course my parents made sure not to talk like that around me. > politically correct thing is sometimes to label a kid as sick rather than > bad or spoiled, this is probably why drugs are over-used. But we can't > throw the baby out with the bathwater! On the other hand, if only 20% of the children that are being drugged need it, that means that we are sacrificing 80% of these children to save 20%. Drugs are supposed to be for fun, not for long term behavior modification. People need to learn to deal with life. Petro, Christopher C. petro at suba.com snow at crash.suba.com From winn at Infowar.Com Mon Jul 8 18:36:22 1996 From: winn at Infowar.Com (winn at Infowar.Com) Date: Tue, 9 Jul 1996 09:36:22 +0800 Subject: InfoWarCon V: DC Message-ID: <199607081810.OAA23694@mailhost.IntNet.net> * * * * * * * P L E A S E D I S T R I B U T E W I D E L Y * * * * * * * InfoWarCon 5, 1996 Electronic Civil Defense for the 21st. Century The Convergence of the Commercial and the Military Sectors: Vulnerabilities, Capabilities and Solutions September 5-6, 1996 Washington, DC Sponsored by: Winn Schwartau, Interpact, Inc./Infowar.Com National Computer Security Association/NCSA.Com Robert Steele, OPEN SOURCE SOLUTIONS, Inc./OSS.Net Sponsoring Organizations: Command Software Systems Digital Equipment Corporation Norman Data Defense IBM Phillips Publications Jane's Information Group Historically, civil defense has meant to protect citizenry against hostile military actions. Today, with the specter of Information Warfare representing new challenges to late-industrial and information age nation-states, the rules have radically changed. Societies are rapidly migrating to increased dependance upon four critical interrelated infrastructures and adequate methods of protection must be developed: - The Power grid is the basis of most of modern society. With it gone, not much else happens. If you think this is just a matter of building more generators, think again--what happens if the factories that *make* the generators are taken down, too? - The Communications infrastructure: land, sea, air and satellite. 95% of military communications go over the public networks, and 100% of all financial and industrial communications. Is it worth protecting? - The Global Financial structure depends upon the first two infrastructures, and is perhaps the most vulnerable to theft and denial of service attack. 99+% of all "wealth" is digital--what happens if it vaporizes? - Transportation systems rely upon the other three. The air traffic systems require both power and communications to manage the thousands of airplanes in the sky. What happens to the thousands of airplanes in the air if air traffic control across an entire country goes down? Without all of these infrastructures properly and reliably functioning, the private sector and the national security community cannot function. No heat, no air conditioning, no food distribution, no light, no radio or TV, no Internet. Are we prepared? Do we have a a crisis response for the day money as we know it vanishes? Electronic Civil Defense will soon become a critical component of any nation's well being while the needs of both the private sector and government converge. The convergence of military and civilian interests that Mr. Schwartau predicted two years ago is happening before our eyes. Defensive and commercial postures have so intertwined as to make them indistinguishable. This Fifth International Conference on Information Warfare is an unclassified, open source forum, and will examine the myriad questions of Electronic Civil Defense from the US, International and multi-cultural perspectives. Our seasoned experts will work with InfoWarCon5 delegates to outline a framework for the vulnerabilities, threats, risks and solutions for Electronic Civil Defense. From this conference participants will be able to draw critical insights which will improve their own legislative, regulatory, financial, and operational readiness and security. Last year's Washington InfoWarCon brought together over 600 people and was covered by CNN among other major media organizations. This year key world players in information warfare from the economic, military, and law enforcement communities of over 30 countries are expected to participate. Be prepared for highly interactive sessions with plenty of audience participation. Please bring your opinions and be ready to discuss them with us all! PRELIMINARY SCHEDULE September 4, 1996 16:00 - 20:00 Registration Begins 18:00 - 20:00 Sponsored Reception for attendees, speakers, sponsors and the press. Light food fare and liquid refreshments. Meet Mr.Schwartau, Mr. Steele, Dr. Kabay and many of our other world-class speakers. September 5, 1996 6:30 - 7:50 Registration 7:50 - 8:00 Welcoming Comments and Administration: Dr. Peter Tippett, NCSA Winn Schwartau, Interpact, Inc. 8:00 - 8:30 Keynote Presentation: "National Security in the Information Age" Senator William Cohen (R-Maine) * 8:30 - 9:00 "A Commander in Chief's View of Rear-Area, Home-Front Vulnerabilities and Support Options." General John J. Sheehan, U.S. Supreme Allied Commander, Atlantic, Commander-in-Chief Atlantic Command 9:00 - 9:30 "Global Finance: Protection in the Age of Electronic Conflict" Colin Cook, V.P. Information Security, Citibank * 9:30 - 10:00 "We Can't Do It Without the Private Sector" Ken Minihan, Director, NSA * 10:00-10:30 Break 10:30-11:45 National Policy Reviews of Electronic Civil Defense Programs Ms. Sally Katzen, Administrator for Information and Regulatory Affairs, Office of Management and Budget, USA Dr. Anders Eriksson and Peter Wallstroem, National Defence Research Establishment, Dept. of Defence Analysis: Sweden Dr. Leroy Pearce, Canada, What is the current thinking in Electronic Civil Defense? How do plan on protecting our citizens against invisible unnamed assailants? What are the top policy makers planning for? International experts will present their views as well. 11:45 - 13:15 Sponsored Lunch 12:30 - 13:00 Luncheon Address 13:15 - 14: 30 Breakout Sessions A1 - A4 A1 A Military Briefing: The Electronic Projection of Power in a C4I World Moderated by General Jim McCarthy, USAF (Ret) Barry Horton, Principle Deputy Assistant Secretary of Defense for C3I * Captain Patrick Tyrrell, Assistant Director, Information Warfare Policy, Ministry of Defence, United Kingdom A2 Protecting the Global Financial and Communications Infrastructures: Weaknesses at the Transport Layer Ron Eward, Martech, Inc. One scary session. Forget about HERF Guns and hackers. Mr. Eward will tell us how to wreak disaster with a few well placed pick- axes, from New York to Palermo to Taipei. An incredible research effort with global on the generally forgotten physical underpinnings of Cyberspace. Do not miss his tremendously important findings. Messrs. Eward and Schwartau upcoming book on this overlooked topic will shake the financial global community. A3 Media Manipulation, Perception Management and PsyOps Moderated by Dr. Mich Kabay, NCSA Mark Bender, ABC News * Jim Roberts, SOLIC Neil Munro, Washington Technology How can a nation-state use the media to bend the will of an adversary, or leverage its own position prior to, in or after a conflict? Who is really using who? A4 National Defense University Session Moderator - Dr. Dan Kuehl, Professor, NDU Top students from the School of Information Warfare and Strategy, the Nation's top-level school for potential flag officers in the IW arena, will discuss their findings and concerns. 14:30 - 15:00 Break 15:00 - 16:15 Breakout Sessions B1-B4 B1 - Emergency/Disaster Planning for the Effects of Information Warfare: Moderator: Mark Aldrich, Chief Infosec Engineer, GRC International, Inc. Michael Logan, Federal Planning Associate, American Red Cross William W. Donovan, CISSP, FEMA Ken Barksdale, Association of Contingency Planners Assume the worst happens, and an infowar assault takes down major life sustaining portions of the infrastructure. What do we do about it? How do we minimize the damage and protect the victims and citizens? These esteemed experts will tell you what they think and then invite your comments. B2 Legal Liabilities and Responsibilities in Information Warfare Danielle Cailloux, Judge, Committee on Intelligence, Belgium Charles Dunlap, Judge Advocate, USAF Kenneth Bass III, Cyber-Attorney, Washington If a company is attacked and it loses significant assets, what are the recourses of the stakeholders? How do we measure and evaluate the losses and responsibility? On the military side, what constitutes an Act of War and what steps are necessary to formulate a response? B3 The Forensics of Information Wafare for Law Enforcement Moderated by Michael Anderson, New Technologies Investigation Division Howard Schmidt, Director, AF Office of Special Investigations Ken Rosenblat, Santa Clara County Prosecutor, Author "High-Technology Crime: Investigating Cases Involving Computers" How can you tell you are under attack? Once you determine you are, how do you make a case which will stand up in court? How do you collect evidence? How do you involve law enforcement without compromising your efforts? Experts share years of experience with you. B4 Naval Postgraduate School Session Moderator: Dr. Fred Levien, NPS Top field grade students from the Naval Postgraduate School in Monterey, California will present InfoWar papers and concepts. 16:15 - 16:45 Break 16:45 - 18:00 The Hacker/Underground and Social Engineering Moderated by: Nic Chantler, Australian Intelligence (Ret) Andy Mueller-Maguhn, CHAOS Computer Club, Germany Chris Goggans, co-founder, Legion of Doom, USA John Gilmore, Electronic Frontier Foundation If you've ever wanted to know how hackers think; what makes them tick and how they became the first Information Warriors, here are the people who can answer your questions. These sessions are among the most popular at every InfoWarCon. Gilmore will present his unique concepts for Defensive Information Warfare. 18::00 - 20:30 Sponsored Reception/"Live Hackers" Off-Line September 6, 1996 6:30 - 7:50 Continental Breakfast 7:50 - 8:00 Opening Remarks and Administration 8:00 - 8:30 "Domestic Law Enforcement and Electronic Civil Defense" Louis Freeh, Director, FBI * 8:30 - 9:00 "The Convergence of Military and Civilian Defense" General Jim McCarthy, USAF (Ret) 9:00 - 9:30 "What is National Security?" Michael R. Nelson, Ph.D. Special Assistant for Information Technology White House Office of Science and Technology Policy 9:30 - 10:00 "Building a Society from the Net Up" Pedrag Pale, Chairman of the InfoTech Coordinating Committee, Ministry of Science, Technology and Informatics, Croatia 10:00-10:30 Break 10:30-11:45 The Russians are Coming Moderated by: Greg Treverton, Director of National Security Program, Rand Corporation From academia to the military to their business community, the Russians have been thinking long and had about Information Warfare. Here's what they have to say. Get front row seats and be ready to ask your questions. Dr. Victor I. Solntsev, Assoc. Prof. Moscow State Tech. Univ. "Information Warfare and Human-Operator Security" Dr. Dmitry Chereshkin Russian Academy of Sciences; Editorial Board, "Information Infrastructure and Policy." Dr. Georgy Smolian Russian Academy of Sciences and Scientific Council "Democratization of Russia and Information Security." 11:45 - 13:15 Sponsored Lunch 12:30 - 13:00 Luncheon Address 13:00 - 14: 15 Breakout Sessions C1-C4 C1 Corporate Civil Defense: Moderated by Don Sortor, Director Security Prgms, Corp. InfoSec., Motorola, Inc. A team of cross-industry experts from the primary infrastructures, will examine how industry and government can and should interact in the event of an Electronic Pearl Harbor. What is the role of the company and its management? What policies should be put into place to prepare for the malicious Acts of Man? How should the government work with the private sector to mitigate damages? These experts will set you on the right track. C2 Denial of Service in the Private Sector: The Nuclear Weapons of the Information Age: Magnetic Weapons from the Military to Electronic Pipe Bombs Carlo Copp, Defense Analyst, Australia Kelly Goen, Penetration and Security Engineer Get Seats Early! Magnetic weapons; directed energy weapons; HPM; HERF Guns; electromagnetic pulse cannons and EMP. Learn about the latest in high energy weapons systems and how they can be used to attack and destroy critical electronically based infrastructures. Then find out what the terrorist can do with home-brew electronic pipe bombs. C3 The Net Under Attack Dr. Dorothy Denning, Chair, Computer Science Dept., Georgetown Univ. Jim Christy, Permanent Subcommittee Investigations U.S. Senate (And USAF OSI) What makes an attack on the Internet and what do we do about it? Ms. Denning is an internationally recognized expert who will guide us and her panel of experts through the maze of possibilities. Incredibly valuable for security professionals. C4 USAF School of Advanced Airpower Studies Moderated by Col. Richard Szafranski, USAF, Air War College National Military Strategy Col. Szafranski and his top students will discuss their views, opinions on Information Warfare. The USAF SAAS has produced some of the most revolutionary papers in IW, including the now globally recognized papers on taking down telecommunications and national power systems. 14:30 - 15:00 Break 15:00 - 16:15 Breakout Sessions D1-D4 D1 Anonymous Global Banking: Pitfalls and Solutions Moderated by Bruce Schneier Kelly Goen, Security Engineer Eric Hughes, Cypherpunks Phil Zimmermann * How does anonymous international banking work? Is it merely a front for Criminal Central? Or is there a true value? How do conventional banking institutions view it? What about cryptographic solutions? Are your funds "naked on the Net today? Come see for yourself! D2 The Ethics of Information Warfare Moderated by Winn Schwartau Col. Phil Johnson, Judge Avocate, USAF Dr. Dan Kuehl, NDU While CNN is looking over your shoulder, as a military commander, here is your choice: either use a precision smart bomb which will immediately kill 20 civilians for the world to see. Or, use a non-lethal IW weapon, no immediate TV deaths, but a predicted 200 civilian collateral fatalities within 30 days. What do you do? The Ethical conundra of Information Warfare will be examined from all perspectives. Or: you have been attacked anonymously--you suspect one party, without proof--another attack is coming. What now? Should we develop new intelligence capabilities to permit precision detection and response in cyberwar? D3 National Information Assurance: Cooperation is the Key to Safeguarding Communications, Power and Transportation Moderated by: Major Brad Bigelow, Office of the Manager, National Communications System Jeff Sheldon, General Counsel, Utilities Telecommunications Council Steve Fabes, Director of Electronic Delivery Services, BankAmerica Carl Ripa, VP National Security/Emergency Preparedness, Bellcore Experts from the major civilian infrastructures will discuss how past cooperation between industry and government has echoed economic realities. The bulk of the nations information infrastructure is not under the economic or regulatory control of the Federal government. So, how do we maintain a healthy balance between private initiative and legislative and regulatory actions? Today there is no "due diligence" standard which requires that communications and computing services be guaranteed in terms of security and data integrity. Our panel will provoke an active discussion of remedial cooperative measures. D4 "Understanding and Defending Against Industrial Espionage and Information Terrorism." Tom Fedorek, Managing Director, Kroll Associates New York* Matt DeVost TITLE COMING Charlies Swett, Acting Deputy Director for Low-Intenstity Conflict Policy, Office of the Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict A look at how modern espionage and information is conducted, why it's done and who's doing it. How much can it cost your company and how can you tell if you're targeted? Do not miss this fascinating session which is expected to feature the Kroll Managing Directors from Paris, London, and New York. 16:15 - 16:30 Break 16:30 - 17:00 Wrap Up: "What is War?" Moderated by Dr. Mich Kabay, NCSA General Jim McCarthy, USAF (Ret) John Petersen, President, The Arlington Institute You - The Audience An exciting 'don't miss' interactive audience session. What a closing! (* Speakers with an * have been invited but have not confirmed as of June 28, 1996.) HOTEL INFORMATION: Crystal Gateway Marriott 1700 Jefferson Davis Highway Arlington, VA 22202 The Crystal Gateway Marriott is offereing a special conference rate of $129 single/$139 double occupancy. This rate is good until August 14, 1996. 703-920-3230 (Voice) 703-271-5212 (Fax) CANCELLATION POLICY After August 9th, any cancellation will incur a $100.00 processing fee. If the reservation is not cancelled and no one attends, the full registration price will be charged. Substitute attendees are welcome. InfoWarCon '96 Registration Form: Name: ___________________________________________________________ Title: ___________________________________________________________ Org: ___________________________________________________________ Address: ___________________________________________________________ Address: ___________________________________________________________ City: ___________________________________________________________ State: _______________________________ Zip: _____________________ Country: __________________________ Email: ________________________ Phone: __________________________ Fax: _________________________ FEES: Payment made BEFORE August 9, 1996: ( ) 595.00 NCSA Members/OSS '96 Attendees ( ) 645.00 All others Payment made AFTER August 9, 1996: ( ) 645.00 NCSA Members/OSS '96 Attendees ( ) 695.00 All others Make checks payable to NCSA, or Charge to: ( ) VISA ( ) MasterCard AMEX ( ) Number: ___________________________________________ Exp date: ___________________________ Signature: ___________________________________________ MAIL OR FAX OR EMAIL REGISTRATION TO: National Computer Security Association 10 South Courthouse Avenue Carlisle, PA 17013 Phone 717-258-1816 or FAX 717-243-8642 EMAIL: conference at ncsa.com For more information about NCSA: WWW: http://www.ncsa.com CompuServe: GO NCSA EMail: info at ncsa.com Version: 1.10 Peace Winn Winn Schwartau - Interpact, Inc. Information Warfare and InfoSec V: 813.393.6600 / F: 813.393.6361 Winn at InfoWar.Com From anonymous-remailer at shell.portal.com Mon Jul 8 18:42:39 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Tue, 9 Jul 1996 09:42:39 +0800 Subject: [RANT] Giving Mind Control Drugs to Children [RitalinPunks] Message-ID: <199607082103.OAA07069@jobe.shell.portal.com> Something like 10% of ALL public school students in Tennessee are on Ritalin. Presumably, the percentages are similar in other states. I have trouble believing there are so many kids suddenly suffering from a disorder that wasn't even discovered until a few years ago. The following rant from a Ritalin user may be of interest (though not too relevant to cryptography): ************************************************************************* Occasionally I will see something about the practice of giving kids RITALIN for alleged attention-deficit disorder. I can't think of better evidence that the owners of the schools and the world are trying to destroy the kids in this country. I was big drug-taker. I've also had occasion to receive medication by prescription. I wil admit that I took a lot of amphetamines. Speed that is. I liked it and took it frequently, so I can attest that it has some very attractive char-acteristics that anyone taking it could not help but like at the time. It also has a gigantic letdown that is nearly intolerable. This discomfort leads ANYONE to do something to alleviate it. It's probably a matter of personal preference as to whether the discomfort of the letdown outweighs the positive feeling of the high. If not, people will keep taking speed. Now for reasons, I also had a prescription for ritalin. You know it's a controlled substance. The fact is it's an amphetamine derivative and imparts nearly the exact same experience, though not as sharp-edged. It has the high and the letdown. And people undoubtedly make the same kinds of decisions as is the case with amphetamines. They say that ritalin has a paradoxical effect on kids - meaning, I suppose, that the reasons that make it a controlled substance for adults doesn't apply to kids. Then they say in the same breath that ritalin treats disorders in the ability to concentrate or to pay attention, which are the exact things that speed and ritalin accomplish in adults. Both of these allow someone to focus exclusively on one task in an enjoyable state of mind and body and accomplish it. Any nervousness is just left over from the channeling of all the generated energy into one task. What is created is not only the false sense of security but the false ability to accomplish things. As time goes on, one aspect of the letdown is the now- understood knowledge that speed is generating false successes. This is a depressing realization that can have detrimental ramifications beyond anything to do with the drug. In college, say, false successes on exams are acceptable and desired because this is one occasion in which performance is measured. But when someone's life consists of false successes, false interactions, and false experiences - and the fact that these are false is well-realized - the result can be a very unhealthy individual self-conception whose validity is proved and reproved constantly as amphetamine use continues. I heard recently that now educators and other quacks find that ritalin enhances performance for everyone (I just said that), and they're thinking of prescribing it for that reason. This kind of poisoning of the self-concepts being developed by kids will create a generation of suicidal invalids. The idea is outrageous. This has gotten extremely long, and I wasn't planning on it. But this ritalin thing is so insidious and is so OBVIOUSLY meant to do harm that I have to write this long thing about it. The whole attention-deficit disorder is a fabrication that traitors use to pump kids full of controlled substances. Now i saw yesterday that kids not on ritalin are paying those who have it, stealing to get it, killing to get it, and on and on. Ritalin is speed, and the idea that educators, doctors, and other alleged public servants are colluding in this way to cripple kids into thinking they have no innate skills and no ability to function without a drug is one of the worst things I have come across in my entire life. From janke at unixg.ubc.ca Mon Jul 8 18:47:42 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Tue, 9 Jul 1996 09:47:42 +0800 Subject: Synchronization Attack on Pseudo-DC-net's Message-ID: <199607082122.OAA00405@clouds.heaven.org> -----BEGIN PGP SIGNED MESSAGE----- Here's an easy attack on a pseudo-DC-net that I thought up over lunch if the clients trust the server to be honest in telling both the round number and who is on. Let Stephanie be the person running the server, and let Alice and Bob be two users. Let f(n) be the pseudo random function they share. Assume that Stephanie knows their secret encryption key. It is then possible for her to compromise their anonymity as follows: First Alice joins the net, and Stephanie tells her that it is round 100 and Bob is on. Alice sends a messages. Stephanie sends back some random junk to Alice to convince her that there was a collision. Alice backs off for a few rounds. Stephanine now receives f(101), f(102), f(103), etc. and then tells Alice that Bob has left. Alice leaves now. Later Bob joins. Stephanine tells him that it is round 101 and Alice is here. Bob starts talking right away, sending three message: f(101) xor M1, f(102) xor M2, and f(103) xor M3. From this Stephanie is able to recover M1, M2, and M3 by xor'ing f(101), f(102), and f(103), which she has from before, back in. Bob has completely lost his anonymity! Thus, it looks like trusting the server for both who is on and the round number is a bad idea! It might be possible to remove the need for a round number if the number of seconds since channel creation is used instead, and the clients are time synchronized. In that case running the pseudo-DC-net on top of UDP might be preferable to running it on top of TCP. Can anyone think of an attack if the server is just trusted for a list of who is on? If there is one, I guess new clients could ask for signed messages of who is on: "It is 456 seconds since channel creation, and, I---Alice---am on. (signature)". That would complicate the protocol, of course, and cost Nancy---a new client---some time in verifying the signatures. Good attacks so far! Keep 'em coming. :) Leonard Janke (pgp key id 0xF4118611) -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBMeF6nUMBIFf0EYYRAQGITQf/U0Wjpsyb7XpG6uCVFCPNaAYVIJpLeEyk Mxl6X/TQPhJFRclbRJwFoWfwH46M2le/QKHu6nFFjioyYbXofaLWqDeOa61XY5/c 4law80/xxAg9IdzoQp4mAz6QOvToMCOlNE21MCL8YlPrrdhIL4MfAH9gpU8+Otui IH1S5VB7TGE6ttZEx18sKdBUxYeJeU4jrXb4Uj2HEN5inLrhJBic/fsZ0hZXjCAH 5kbZLI8sf+leLyoW03qILeVl8jjYuPy/z16MsY2SDzJ3hFv8nngT9+fzVItX7sO2 ngvqvyUW4SIWfK8XwRWUiMFW7i7gyMcKteSSEJBaEdOZNcGUvXY+5Q== =jmVk -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Mon Jul 8 18:47:53 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 9 Jul 1996 09:47:53 +0800 Subject: What remains to be done. Message-ID: <199607082124.RAA09624@unix.asb.com> On 8 Jul 96 at 14:12, Ray Arachelian wrote: [..] > I'm constantly switching between NT and 95 and have them installed on the > same drive. Would be cool to have some low level driver to encryption > from the Master Boot Record for example to get around unfriendly OS's- but > then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure > as hell wont, etc.... that was the whole idea of having a BIOS in the > first place, but woe is us. BIOS was written for real mode... part of the problem. Another is the not-made-here syndrome, and in a sense Linux, OS/2, NT and 95 are different types of operating systems, so a shared BIOS is unfeasible. It would be nice to develop an encrypted filesystem that could be ported across operating systems for those of us with multiple OS's. BTW, Linux 2.0 is making a nice step in that direction by adding support for mounting a file (which contains a filesystem), specifically to allow encrypted file systems as well as things like testing out iso9660-fs before buring CD-ROMs, etc. In theory something similar can be done with Win95/NT and OS/2, but it hasn't been done the proper way (SecureDevice is really a hack in that sense). --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From ncognito at gate.net Mon Jul 8 19:22:01 1996 From: ncognito at gate.net (Ben Holiday) Date: Tue, 9 Jul 1996 10:22:01 +0800 Subject: Word lists for passphrases In-Reply-To: <199607081635.MAA10394@jekyll.piermont.com> Message-ID: On Mon, 8 Jul 1996, Perry E. Metzger wrote: > If you generate every possible word, you aren't getting any advantage > by using crack and not just trying every possibility in your cracker I'm not sure if anyone actually still cares about getting wordlists, if not you can delete this now.. :) Someone probably mentioned this anyway, but just in case.. If you have access to a shell, and to the news spool, you can generate some quick lists by hopping into the directory of any newsgroup that interests you and doing: cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist With most unixes that will generate an alphabetized list of all the unique words in your source text, converted to lowercase. I've had some problems with tr on a few machines, however. Adding a '-c' after 'uniq' will tell you how many times each word occured (useful for grepping out words that appear too infrequently, or too frequently) .. Incidentally, if you're running crack against a particular person it might be useful to check dejanews for posts by the individual, and generate your wordlists from that, I havn't had occasion to actually try this but it seems like a good idea. --nc From cme at clark.net Mon Jul 8 19:26:19 1996 From: cme at clark.net (Carl Ellison) Date: Tue, 9 Jul 1996 10:26:19 +0800 Subject: TACDFIPSFKMI (fwd) Message-ID: <199607082152.RAA14280@clark.net> Date: Mon, 08 Jul 1996 16:36:09 -0400 From: Elaine Frye Subject: Announcement re New TAC July 8, 1998 Note To: Key Escrow Distribution List From: Ed Roback Subject: Establishment of the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure (TACDFIPSFKMI) FYI, the following notice was published today in the Federal Register. --------- Published 7-8-96 in the Federal Register, Volume 61, Number 131 U.S. DEPARTMENT OF COMMERCE Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure In accordance with the provisions of the Federal Advisory Committee Act, 5 U.S.C. App. 2, and the General Services Administration (GSA) rule on Federal Advisory Committee Management, 41 CFR Part 101-6, and after consultation with GSA, the Secretary of Commerce has determined that the establishment of the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure is in the public interest in connection with the performance of duties imposed upon the Department by law. The Committee will advise the Secretary on the development of a draft Federal Information Processing Standard for the Federal Key Management Infrastructure. The Committee will consist of no more than twenty-four members to be appointed by the Secretary to assure balanced representation among individuals with established expertise in cryptography and the implementation and use of cryptographic systems. The Committee will function solely as an advisory body, and in compliance with provisions of the Federal Advisory Committee Act. The charter will be filed under the Act, fifteen days from the date of publication of this notice. Interested parties are invited to submit comments regarding the establishment of this committee to Edward Roback, Computer Security, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone: 301-975-3696. Dated: June 27, 1996 Mark Bohannon Chief Counsel for the the Technology Administration [FR Doc. 96-16896, Filed 7-5-96; 8:45 a.m.] ***************************************************** Elaine Frye Computer Security Division National Institute of Standards and Technology Bldg. 820, M.S. Room 426 Gaithersburg, MD 20899-0001 Voice: 301/975-2819 Fax: 301/948-1233 ***************************************************** From frantz at netcom.com Mon Jul 8 19:34:06 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 9 Jul 1996 10:34:06 +0800 Subject: NYT/CyberTimes on CWD article Message-ID: <199607082221.PAA27343@netcom8.netcom.com> At 3:01 PM 7/6/96 -0800, Norman Hardy wrote: >At 9:17 AM 7/6/96, Declan McCullagh wrote: >>"We are writers, not crytographers." >> >>-Declan >.... >This seems to be an application for Bloom filters. >See page bottom of page 561 in Knuth's "Searching and Sorting", First Edition. >(Vol 3 of Art of Computer Programming) > >With a Bloom filter you can hide which URLs you reject yet quickly rejecting >particular URLs. > >Compute SHA(URL) yielding 160 bits. Divide that into 16 ten bit quantities >b[i], for 0<=i< 10. >Reject the access if P[b[i]] = 1 for each i. P is an array of 1024 bits >computed by someone >with the index prohibitorum. (pardon my Latin) > >Yes, this excludes 1/1024 "falsely accused" URLs, but you get the idea. As Norm knows, we used this algorithm to provide a label search function (What Unix people use grep for) for an IBM OS back in the 1970s. SHA is probably overkill for the hash function, but you need something better than a barber poll hash. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From vznuri at netcom.com Mon Jul 8 19:52:51 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 9 Jul 1996 10:52:51 +0800 Subject: DIAL: directed information assembly line Message-ID: <199607082052.NAA02741@netcom6.netcom.com> over the past few months I've been intermittently posting some snippets and fragments of ideas on a new information processing system. I've codified most of what I was talking about into a semi-formal protocol description. I think this has tremendous potential for wide applications, and I suspect many of these ideas below are already being used in many diverse contexts but have not been unified into a single specification (which I think will increase their value and use signficantly). I suspect something like the following is actually going to be a natural, inevitable evolution of the current "information infrastructure" and cyberspace-- i.e. something like the following is going to evolve whether I personally work on it or not, or whether future designers see this particular essay or not. anyway, I will try to incorporate comments from correspondents into future revisions. I would love to put together a group of people interested in continuing to develop this although that's probably premature at this point. thanks to everyone who has (unwittingly) contributed to this so far based on responding to my earlier essays. === DIAL = introduction = terminology: flits, floutes & bloxes = fault tolerance = tracing = time estimation = common bloxes = implementation = examples introduction == The industrial revolution was driven by specific technologies. Similarly, the "information revolution" is now in full pace using a different array of new tools. However, it is unlikely that all information processing tools have been invented yet. This paper is a preliminary sketch of one such potentially significant tool called DIAL. DIAL stands for "directed information assembly line". This document contains a description of this novel information processing architecture. This proposal outlines the idea and contrasts it with existing systems, showing how it highlights certain aspects of data processing that are not specifically addressed in, but seem to be implied by, other existing tools. The system can be viewed variously as a programming environment, a monitoring system, a revision control system, a quality assurance and quality control mechanism, a fault tolerant computing system, a workflow (re)engineering technology, a company intranet routing algorithm, an operating system based on virtual reality, etc. terminology == DIAL is something like a "dataflow" oriented system. This document will not describe any specific implementation of the DIAL concepts (such as giving a language syntax) but instead focus on its abstract properties which can be implemented in multiple ways. There are 3 basic components in the DIAL universe: "flit" - a flit is a unit of information that has an associated DIAL state. The information can change over time. One aspect of state is "location". "flit" stands for "fleeting bit", i.e. a piece of data that can "move". The number of binary bits allocated to a flit may vary per flit or over time. "floute" - a floute is a "flit route" or a path that a flit can take. Conceptually flits move through the flouts. A flout can be implemented in various ways, such as "last in, first out", "first in, last out", a pool of data, etc. "blox" - a blox is a "black box" or a component that changes the information content of a flit. Bloxes are connected to floutes. The DIAL system is recursive in that any of the 3 basic objects can be contained or encoded in the 3 objects. For example, flits can contain flits, bloxes can contain further floutes and bloxes, etc. Conceptually, a DIAL system is a directed graph, with nodes called "bloxes", edges called "floutes", and a superimposed set of things called "flits" that can, over time, "move through" the network. In many cases flits have a natural analogy to messages being passed through the system. Bloxes contain a single internal state, like a regular automaton. They can send requests, and respond to, memory bloxes. DIAL is unlike a programming language in that "time" is considered a key property of what it models. Many languages handle the concept of time implicitly through the use of variables. But programming languages have a computation-centric view of processing, such that programs are seen as directing and operating on data. In DIAL, data is seen as flowing through components, a data-centric view. fault tolerance == To be implemented correctly, the state of a DIAL system at any given time is incorruptable. All operations have total integrity. The system is designed to coordinate unreliable subprocesses and must itself be reliable. In DIAL, a blox is roughly analogous to some kind of process. The process may or not be entirely computational. The blox models an unreliable process. The process is activated when a flit approaches the blox from a connecting floute, at which point the flit "enters" the blox. DIAL handles the protocol of informing the blox (or rather, the process represented by the blox) of the presence of the flit. DIAL keeps track of all flits that are currently being processed by bloxes. The blox should process the flit and push the flit into some other floute which signals it has successfully operated on the flit. Combinations of flits at inputs can be processed, and multiple outputs are supported. The DIAL system allows processing time limit rules to be associated with flits, floutes, and bloxes, such as a floute assigning time limits to flits that move through it, time limits associated with all flits going through particular bloxes, or time limits attached to flits. (The system will have a precedence to these rules.) The motion of flits through floutes is handled by the DIAL system and is incorruptable. Flits can "pile up" in floutes if not processed by connecting bloxes as rapidly as they accumulate. All bloxes may have different amounts of processing times on incoming flits. When a blox fails to "return" a flit in the time limit, the DIAL system can be programmed to automatically take particular countermeasures. The countermeasure programs are associated with flits in the same way the expiration time is (via the flit, a floute, or a blox, and having precedence rules). - DIAL can ask the blox, "have you heard of this flit". The blox can reply, (1) "yes, I am still working on it", or (2) "no, I have not heard of it". The rules can specify possibilities such as resubmitting the flit, cancelling the flit processing and redirecting it elsewhere, propagating other flits into floutes (which might represent message(s) sent to "failure controllers"), etc. - The blox may reply, "the flit has corrupted the blox". This may happen in systems without transaction integrity. Again rules can automatically be followed to try to "clean up" the system by propagating new flits to particular floutes or possibly resubmit the flit. - The blox may not reply. Again, rules for countermeasures can be programmed into the DIAL system. tracing == All flits have unique IDs that can be traced. At any time a query can be sent to the DIAL system, "where is so-and-so flit?" and the system will describe the exact location of the flit. Flits can never vanish, even when bloxes fail to operate correctly. Every flit has a history as well. The flit may contain different information at different times. The system allows some number of earlier information states of the flit to be accessed. Information about the past flow-path of the flit and each associated change in contents (prior and subsequent to entry and exit of a blox) is available. This could be called a "replay" feature. In a query of a DIAL system, it may actually reply, "the flit was deleted", although its earlier states would still be accessable. Another possible response is, "the flit moved out of this DIAL system", but again some number of its penultimate states, while it was still "inside", would still be accessable. Again, customizable rules determine how much history is available. General queries such as "locate all type [y] flits that have not moved within [x] time period" are supported. Past histories of the flits that have moved through flouts and bloxes are also available. The system can support some degree of "global or local rollbacks" in which prior processing flows are reset, redirected, restarted, etc. An ability to locate components based on traffic is supported, such as floutes where current flit queue lengths are of some size, etc. The system allows the assignment of arbitrary version numbers with particular flit states that are also allowed in queries. time estimation == An implementer of a DIAL system might support specialized queries called "time estimates". A flit is passed into a system with a special flag that indicates processing time should be estimated but results should not be computed. The flit flows as far through the system as possible and records time estimates as it passes the bloxes. When it finally emerges, cumulative statistics on the time estimates that would be associated with an actual processing of the flit are available to the requester. Common bloxes == - extracter/combiner Bloxes to extract flits, floutes, or bloxes encoded in flits are available, as well as to create flits that encode any of the same objects. - warehouse The DIAL system can support a flit warehouse in which all flits are stored when they are not being propagated elsewhere through the system. The warehouse is a blox that responds to flit queries in the form, "move flit [x] into floute [y]". (The motion of the flits into and out of the warehouse resembles the checkin and checkout task of RCS software.) - create bloxes In a static DIAL system, all bloxes and floutes are predetermined and fixed. In a dynamic system, the bloxes and floutes may change over time. This is accomplished by feeding special flits into bloxes that can create other bloxes and floutes as their result. Other bloxes can connect them in specified ways. The dynamic system is far more complex and is reserved for specialized situations. - rerouter A special rerouter blox is useful for dealing with new versions of other bloxes. A frequent problem that arises with new versions of software (i.e. a new blox) is that it is incompatible or has bugs. The rerouter blox is capable of rerouting a request to a new version of a blox to an older version when problems arise in the processing. - tester Often results output from bloxes are to be tested for consistency to ensure the bloxes are functioning properly and not returning spurious results. - tester/comparer/rerouter Another useful blox for fault tolerance can take the results of two other bloxes and compare them for discrepancies. Flits output from a new version of a blox could be compared with the flits from the previous version, and automatic actions be taken on any discrepancy (such as passing through the old version while flagging the exception). The comparer allows the system designer to more elegantly deal with regular "upgrades". In fact it is the embodiment of automated regression testing. - isolater Often input of flits is batched into groups, and some flit in the group may cause problems in the processing, but further detail in revealing the exact "bad" flit is not available. The isolater can automate this process in an algorithm that resembles the classic linear search. The input batch into a blox is consecutively split into halves by the isolater until the smallest erroneous pieces are isolated and hilighted. - global versioner Often a system with many bloxes has new versions of the bloxes, and there is need in globally switching control to new bloxes. This can be accomplished with the use of a special global versioner blox. It can keep track of the different versions of all bloxes in a given DIAL configuration, and switch between configurations. - bad blox isolater Combining many of the previous bloxes, a special system that automatically isolates new versions of bloxes that fail to be backward and/or forward compatible is possible. This is a direct implementation of the software development pipeline. implementation == The DIAL system should be implemented graphically and visually. A corresponding language specification to describe a DIAL network is possible and desirable, but a visual or graphical interface to any operation should always be possible; likewise a representation of all DIAL states should be supported. Ideally, the DIAL universe could be visualized in a 3d virtual reality, and a person could physically "grasp" and manipulate all the basic objects (flits, floutes, bloxes). The one-to-one visual representation of DIAL and its states is a key aspect of its accessability and usefulness. There should be in principle no memory limits on the core DIAL entities: flits, floutes, or bloxes. Limits in implementations such as "a maximum of 50 queued flits per floute is supported" are antithetical to the basic design principles. However there may be various memory limits associated with particular uses of the entities that model a particular application. The DIAL system internally must have many protections that maintain its internal consistency at all times to prevent corruption of its state. However, unreliability of all components it models is allowed (and specifically designed for). The states of components are allowed to be inconsistent to some degree, such that a state like "blox went down" might arise at a random time. Typically in implementations, the "last known state" of a blox would be tracked, along with protocols to retrieve the most recent state and allow resetting or other manipulations of the state. Recent new technologies such as the Web and Java may be excellent environments for implementing aspects of the DIAL specification. Recent widespread interest and developments in intranets, workflow analysis, and reengineering may be very tangibly furthered through the introduction and use of DIAL systems. examples == 1. a DIAL system can be used to model the workflow of a company. Individual flits can be thought of as documents, and bloxes are the operations that transform the documents. The history mechanisms are identical to revision control. Floutes represent interactions or communication paths between people or departments. This is the primary "information assembly line" application of the DIAL concept. In this system, the "paperwork" cannot be lost because of the inherent properties of DIAL. In fact it is in these sitations that history, tracing, and "timeout" mechanisms are most valuable. The estimation feature gives an approximation of "how long will this take when submitted". 2. a DIAL system could reflect the internal state of packets on a network. Individual computers, routers, etc. are seen as bloxes, and messages are the flits, and floutes are the network routes. The DIAL tracing features are especially useful in this context. 3. a DIAL system could represent a large, complex software project. Individual bloxes are the components in the program. The versioning capabilities deal with the development pipeline. Regression testing and the process of moving to new versions is explicitly built into the system. 4. the DIAL system might represent data being sent over the World Wide Web. 5. the DIAL system could represent a distributed computing system in which the bloxes are spread out over the Internet (the floutes), and socket communication is used to transport flits. 6. In many debugging situations, "bad data" is detected without any knowledge of its history and complex measures are employed to try to deduce the prior processes that led to it. The history mechanism in DIAL allows a user to trace prior states of the flit and find the exact point or blox where the corruption occured. Also, the capability of putting a "rider" on a flit that detects when it is modified in some way is possible. 7. There is a natural correspondence between every computer language and the DIAL system. Subroutines or arithmetic operations are like bloxes, and parameters are passed in floutes. Variables are the contents of specific "floutes" at various points in processing. From mccoy at communities.com Mon Jul 8 20:10:45 1996 From: mccoy at communities.com (Jim McCoy) Date: Tue, 9 Jul 1996 11:10:45 +0800 Subject: Pseudo-DC-net Project Message-ID: janke at unixg.ubc.ca writes: > I am working on a project to implement a variation of a DC-net to be run > over the Internet. I am posting this summary to find out if it overlaps > with projects others are working on; to see what members of the lists think > of the general ideas for the network I have in mind; and to see if anyone > is interested in helping me out. Short version: Your proposal will not work and is trivial for a TLA to break. Long version: There are two problems with this proposal, the star topology collapses the DC network into a two-party version of the DC-net protocol (in which collusion is trivial) and the shared PRNG allows _any_ participant to compromise a target member of the network (or evesdrop at the server and decode all traffic.) A simple example of such an attack would be for the TLA to register a host on the network and get the shared secret key for the PRNG. The TLA then taps in either to the server's internet connection or any point in the network which divides the client graph into two parts, the server and a single client on one side and the remaining clients on the other. The TLA then just XORs out the blinding data (which it knows because it is a member of the network) and it has all of the connections. Additionally, having a MAC is just plain silly, the objective is to hide who is sending and having a MAC defeats the entire purpose of the proposal. You have basically created a simple packet anonymizer, which is not bad in and of itself, but it is not even close to a true DC-net (at least I am assuming so, based upon the initial description.) You have not mentioned whether or not all traffic exits the network at the server, if this is the case you are better off having each client establish a secure link to the server, running a PRNG constantly that is mirrored by the server, and XORing all of their traffic in to this stream. The constant PRNG stream hides when the client is sending or receiving and the secure channel to the server discourages passive evesdropping. This does not defeat traffic analysis at the server, but then again neither does your proposal. Some other tips from someonw who has spent too much time thinking about DC-net implementations: Ignore collision detection, just use ALOHA or a similar protocol. Until you get up to serious bandwidth the computational cost is not worth the effort. Don't abandon the ring topology (this is where the DC-net gets its security.) Use multiple small (4-7 host) rings with overlap between the rings, think of each ring as a LAN and hosts which are on multiple rings as bridges/routers and you should get the picture... Bandwidth economy will always suck, you can use hash trees to get around a few of the problems but for the most part you have to accept the costs and work around them in other areas. You really, really need to read the 1987 Eurocrypt proceedings. jim From perry at piermont.com Mon Jul 8 20:13:35 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 11:13:35 +0800 Subject: [RANT] Giving Mind Control Drugs to Children [RitalinPunks] In-Reply-To: <199607082103.OAA07069@jobe.shell.portal.com> Message-ID: <199607082237.SAA10948@jekyll.piermont.com> anonymous-remailer at shell.portal.com writes: > Something like 10% of ALL public school students in Tennessee are on > Ritalin. I don't know whether this figure is true, but regardless... > Presumably, the percentages are similar in other states. I have > trouble believing there are so many kids suddenly suffering from a > disorder that wasn't even discovered until a few years ago. Actually, it and the treatment have been around for a very long time. You are probably right that there are many cases in which the drugs are given incorrectly because it is often easier to medicate than to deal with problems by other means. However, that does not mean that it is always a bad idea to medicate. As for the long rant from the drug addict that took up the balance of your posting, Ritalin isn't prescribed for ADD in quantities that get someone "high", nor are its effects the same on such people. > This has gotten extremely long, and I wasn't planning on it. > But this ritalin thing is so insidious and is so OBVIOUSLY > meant to do harm that I have to write this long thing about > it. The whole attention-deficit disorder is a fabrication > that traitors use to pump kids full of controlled substances. The person writing this doesn't sound exactly rational. Perry From perry at piermont.com Mon Jul 8 20:21:40 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 11:21:40 +0800 Subject: Word lists for passphrases In-Reply-To: <960708182934_352578480@emout18.mail.aol.com> Message-ID: <199607082320.TAA10998@jekyll.piermont.com> AwakenToMe at aol.com, in a profound display of stubbornness, continues to insist that his program to enumerate all possible words of length N (that is, aaaaa, aaaab, aaaac, etc.) is somehow interesting. I am therefore forced to drive in the nail with a sledgehammer. Forgive me. He writes: > > > > It's [...] trivial enough to be done by 99% of the people on > > > > cypherpunks in their sleep. > > > > > > Yes. But let me ask you this. Have you done it yet?? > > > > Most of us don't bother writing up four line programs and shipping > > them out, no. > > really? Wow. four lines of code? You must be a really good programmer. duh. Hardly. A ten year old could do it. I know, since I wrote substantially more sophisticated stuff when I was ten. Since you insist, here is less than a minute's work. Yes, I timed it. ------Cut Here------ /* This could be more elegant, but the point is obviousness. */ #include int main() { char i[6]; for (i[0] = 'a'; i[0] < 'z'; i[0]++) for (i[1] = 'a'; i[1] < 'z'; i[1]++) for (i[2] = 'a'; i[2] < 'z'; i[2]++) for (i[3] = 'a'; i[3] < 'z'; i[3]++) for (i[4] = 'a'; i[4] < 'z'; i[4]++) printf("%s\n", i); } ------Cut Here------ The operative portion of the program is six lines ling, and five of those lines are virtually identical. You can write the thing much more elegantly, without redundant code. However, I have elected to leave it as utterly brainless as possible to demonstrate that ANYONE could write the thing. > Youd be surprised at the # of requests from people who actually had a good > use for it, and didnt have the time to spend writing it themselves. Human stupidity is never a surprise. Perry From janke at unixg.ubc.ca Mon Jul 8 20:35:10 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Tue, 9 Jul 1996 11:35:10 +0800 Subject: Pseudo-DC-net Project In-Reply-To: Message-ID: Thank you for the comments, but I'm not sure I fully understand them all. First of all what is a TLA? Second of all, and this seems to be something I was unclear about in my first post---I need *not* mean to suggest that all clietns shared the same PRNG. Every pair of clients will have their own. By star-shapped, I meant the configuration of the communications network, not the abstract connection that exist between cleints by virtue of the PRNG's. As for a MAC being silly, well it would be if everyone used a different one, but I meant for it to be shared by all participants, so that the most the MAC would reveal is that *someone* on the network sent the message. Your paragraph that I have created a simple packet anonymizer is probably based on the misunderstanding of the points I mentioned above. I do like the idea of encrypting the link to the server with a PRNG, and since I will be running lots anyway... :) (O(N) not 1 for each client! :) ) it might be worth adding. Then again, I do not want to regard the server as a trusted party in any way... Collision detection is easy with a MAC, so I think I will keep it. I hadn't thought of using a ring topology... Interesting. I'll think about that one some more. How do hash trees help? Is that mentioned in the paper you cite? I'll take a look at that one before long. What's the title and author? -- Leonard Janke (pgp key id 0xF4118611) From smith at sctc.com Mon Jul 8 20:44:15 1996 From: smith at sctc.com (Rick Smith) Date: Tue, 9 Jul 1996 11:44:15 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <199607082232.RAA19604@shade.sctc.com> Tim writes about Ritalin: >I've been over visiting my friend to see some of this. The Ritalin-sodden >kid arrives like a zombie. When the Ritalin wears off, he's rambunctuous, >but all kids are. My friend Paul has had to discipline him a bit to keep >him from--as the psychobabbles would say--"acting out." This discipline >sets him straight, but it's not something his New Age "supermom" would ever >think of doing. Hence the kid throws temper tantrums, acts out, calls her >"You fucking asshole" (remember, he's only 8 or so), and so on. So she >cranks up his dose of Ritalin and he's zoned out for a while. Frankly, I >think telling the kid that if throws a tantrum he'll get punished for it is >a whole lot more normal--ever notice that a dog smacks her puppies when >they get out of line, or that a cat swats her kittens the same way? It >establishes the rules of the game. It sounds to me like the mom is abusing the drug -- Ritalin is tricky stuff and you can really mess up a kid by overdosing. That's child abuse, IMHO, not some benigh paddling. Alex, our 8 year old son, uses Ritalin. He doesn't need Ritalin to concentrate. He can get caught up in a building project for hours and create a masterpiece. He can focus so thoroughly you can't pry him loose. What Alex *can't* do is get comfortably through a day of grammar school. I sympathise -- I was the same way when I was that age. I had a tough time and I saw Alex having problems similar to mine. So I sic'ed the educational establishment on the problem. Alex ended up with a Ritalin prescription. At least for now. And it's been pretty effective. With Ritalin he finds it much easier to concentrate on drivel, an important skill to make it through school, or sports. The problem is that Ritalin isn't some useful, generically wholesome substance like milk or peanut butter -- you risk more than "acting out" if you're not incredibly careful. Sleep disorders at least. But I don't like the downside of doing nothing, so we're trying it out. I've *never* seen Alex zoned out on Ritalin. Rick. From WlkngOwl at unix.asb.com Mon Jul 8 21:07:06 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 9 Jul 1996 12:07:06 +0800 Subject: Technology- vs. Human-based Surveillance Message-ID: <199607090024.UAA13729@unix.asb.com> On 8 Jul 96 at 9:20, Timothy C. May wrote: [..] > A human-based surveillance state is very expensive, even by the standards > of modern America and its bloated government. The recent example of the > DDR's "Staasi" provides an example. Hard to hide the extent of the > surveillance when so many people are involved. Very true, but many totalitarian countries don't try to hide it. Q: are surveillance tools (sophisticated analysys and search engines, miniature cameras and microphones and other electronics) under the same countrols as crypto? de facto controls or on paper only? It would seem that 'emerging democracies' in the East Bloc can obtain sophisticated Western tech to strengthen and hide surveillance systems (perhaps in ways that even J.Edgard Hoover would have found repulsive, if that was possible). I wonder if anyone has any stats about foreign countries or orgs purchasing such equipment. Yet another arg for liberal crypto-export rules, perhaps. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From mpd at netcom.com Mon Jul 8 21:31:43 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 9 Jul 1996 12:31:43 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607081653.MAA10428@jekyll.piermont.com> Message-ID: <199607090052.RAA03839@netcom14.netcom.com> Perry Writes: > Most people would have no particular urge to stop a child with > diabetes from taking her insulin. Your friend seems to have the sick > idea that they know better than the child's parents whether the child > should be taking their meds or not, simply because the medication is > for a "mental" problem. This isn't your friend's child. Its someone > else's child. They have no right to make such decisions. Since diabetes has an organic cause, this analogy with syndromes and disorders defined solely by behavioral percentages fails. A better model might be height, which follows a basically continuous distribution once outliers due to functional endocrine problems are eliminated. We could, of course, define a "vertical deficit disorder" (VDD) which 10% of the population have by definition, and for which the treatment would be synthetic human growth hormone given regularly during the growing years. People with VDD would probably want to be taller, and be as successful as their peers at important things like basketball. The specified treatment would certainly demonstrate effectiveness in accomplishing this goal. People with VDD would argue that their disease was real, since it was hereditary, and could be measured with complex scientific instrumentation, like PET^H^H^HYardsticks. Nonetheless, reputable scientists usually only perscribe HGH for persons many standard deviations away from the norm, or who have medical disorders which interfere with normal production of the substance. Any doctor who started handing out perscriptions to everyone in the shortest 10% of the population would probably be up on malpractice charges posthaste. Amphetamines have demonstrated themselves to be a tricky medication even for psychological disorders for which they were once considered appropriate. ADD and its treatment plays very well into a society that seems to feel that each and every one of life's misfortunes must be given a name and called a disease. Of course, no amount of reason will disuade the True Believers from embracing yet another disease model, and we shouldn't expect that it would. But I think it is clear to many people that the forced medication of children for the convenience of those who take care of them is getting a bit out of control. From jfricker at vertexgroup.com Mon Jul 8 21:37:30 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Tue, 9 Jul 1996 12:37:30 +0800 Subject: What remains to be done. Message-ID: <2.2.32.19960709010452.00c71718@vertexgroup.com> At 05:09 PM 7/8/96 +0000, you wrote: >On 8 Jul 96 at 14:12, Ray Arachelian wrote: >[..] >> I'm constantly switching between NT and 95 and have them installed on the >> same drive. Would be cool to have some low level driver to encryption >> from the Master Boot Record for example to get around unfriendly OS's- but >> then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure >> as hell wont, etc.... that was the whole idea of having a BIOS in the >> first place, but woe is us. > >BIOS was written for real mode... part of the problem. Another is the >not-made-here syndrome, and in a sense Linux, OS/2, NT and 95 are >different types of operating systems, so a shared BIOS is unfeasible. > >It would be nice to develop an encrypted filesystem that could be >ported across operating systems for those of us with multiple OS's. > >BTW, Linux 2.0 is making a nice step in that direction by adding >support for mounting a file (which contains a filesystem), >specifically to allow encrypted file systems as well as things like >testing out iso9660-fs before buring CD-ROMs, etc. In theory >something similar can be done with Win95/NT and OS/2, but it hasn't >been done the proper way (SecureDevice is really a hack in that >sense). > One of these days Microsoft will officially release NT's IFS SDK. A few "preliminary" and incomplete copies of a 1993 beta release do float around but for a mere $50K there's a company that will sell you the complete source for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the Installable File System is one of the great powers of NT. So, if someone is interested in coughing up the $50K I know a couple NT programmers just chomping at the bit to build cool IFS's like PGPDrive, etc. --j From AwakenToMe at aol.com Mon Jul 8 21:42:26 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Tue, 9 Jul 1996 12:42:26 +0800 Subject: wordlists and al that bologna Message-ID: <960708211433_430007579@emout17.mail.aol.com> In a message dated 96-07-08 19:27:44 EDT, perry at piermont.com (Perry E. Metzger) writes: << Just so you understand this, most adults very quickly notice when they are in danger of looking foolish, and stop talking so as to prevent themselves from looking even worse. You have to be fairly stupid to keep ranting when you have nothing to back you up. I suggest learning this lesson now. If you are in fact an adult, my apologies to your parents -- tragic mental impairments strike even the best of homes. .pm >> In danger of looking foolish? Man.. you said it all. Young child?? Hardly. Nothing to back me up? Hardly a clue is what you have. 16 people so far asked me for the program. Obviously they had a use for it. for SOMEEEE reason that is beyond you to comprehend. If it doesnt work for you.. then it shoudlnt be for ANYONE. Wow.. you sound like some of the politicians I get to see logs of trying to regulate encryption..etc. I wonder if you are one of them!! My..wouldnt that be a funny coincidence. In a message dated 96-07-08 19:27:44 EDT, perry at piermont.com (Perry E. Metzger) writes: << If you are in fact an adult, my apologies to your parents -- tragic mental impairments strike even the best of homes. .pm >> As they say in your case... Sad But True From sopwith at redhat.com Mon Jul 8 22:02:35 1996 From: sopwith at redhat.com (Elliot Lee) Date: Tue, 9 Jul 1996 13:02:35 +0800 Subject: What remains to be done. In-Reply-To: Message-ID: On Mon, 8 Jul 1996, Ray Arachelian wrote: > I'm constantly switching between NT and 95 and have them installed on the > same drive. Would be cool to have some low level driver to encryption > from the Master Boot Record for example to get around unfriendly OS's- but > then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure > as hell wont, etc.... Linux, however, does have the cfs (crypted filesystem), which will let you do the same thing. Supposedly lets you plug in your own encryption method and all that... Also allows different users to encrypt with different passwords, and such (or just the root user encrypt the whole partition). Find the web page for more info. \\\| Elliot Lee |\\\ || "Claim to fame": \\\| Red Hat Software |\\\ || Live in only town in the \\\| Webmaster www.redhat.com, |\\\ || USA with an unlisted ZIP \\\| Programmer, etc. |\\\ || code. From frissell at panix.com Mon Jul 8 22:25:58 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 9 Jul 1996 13:25:58 +0800 Subject: [RANT] Giving Mind Control Drugs to Children [RitalinPunks] Message-ID: <2.2.32.19960709014612.0085625c@panix.com> At 02:03 PM 7/8/96 -0700, anonymous-remailer at shell.portal.com wrote: >Something like 10% of ALL public school students in Tennessee are on >Ritalin. Presumably, the percentages are similar in other states. Imagine how much worse slave schools would be if you *weren't* drugged. DCF From jya at pipeline.com Mon Jul 8 23:15:29 1996 From: jya at pipeline.com (John Young) Date: Tue, 9 Jul 1996 14:15:29 +0800 Subject: TACDFIPSFKMI (fwd) Message-ID: <199607090140.BAA16245@pipe6.t2.usa.pipeline.com> Date: Mon, 08 Jul 1996 16:36:09 From: Elaine Frye Subject: Announcement re New TAC [Snip Carl's forward] [Distribution relocated from header] To: Dunn at podesta.com (Elizabeth Dunn), Ditoston at btec.com, ereed at novell.com, cameron at novell.com, jwinston at tis.com (Joan Winston), ptd at tis.com (Peter Dinsmore), denny at tis.com (Denny Branstad), steve at tis.com (Steve Walker), kam at tis.com, landgrave at aol.com (Landgrave Smith), perillo at dockmaster.ncsc.mil, anne.shepherd at nist.gov (Anne Enright Shepherd), 100126.3650 at COMPUSERVE.COM, roz at mtb.com (Roszel Thomsen), abd at cdt.org, kkonechy at rnbo.com (Ken Konechy), pfh at netscape.com (Peter Harter), romeror at frb.gov (Ray Romero), karen.randall at att.com (Karen Randall), jeff at netscape.com (Jeff Treuhaft), exp at mk.ibek.com (E. J. Prior), rplesser at pipermar.com (Ron Greg_Garcia at aeanet.org (Greg Garcia), csmith at steptoe.com (Clint Smith), William_Baugh at cpqm.saic.com (William Baugh), fred_mailman at hpatc1.desk.hp.com (Fred Mailman), uscibproh at delphi.com (Melanie Janin), KaneS at wangfed.com (Steve Kane), hill at po3.bb.unisys.com (John Hill), peasley at worldbank.org (Peter Easley), foreilly at worldbank.org (Frank O'Reilly), maitgmu at aol.com (Tucker Cox), ghilborn at csc.com (Gene Hilborn), padgett at tccslr.dnet.mmc.com (Padgett Peterson), whitfield.diffie at Eng.Sun.Com (Whitfield Diffie), jeff.rulifson at Eng.Sun.Com (Jeff Rulifson), ankney at emc2-tao.fisc.com (Richard Ankney), rmedlock at mitre.org (Roberta Medlock), JNGUYEN at MILCHEV.COM (Jonathan Nguyen-Duy), ttobin at atl.ge.com (Tim Tobin), csmother at atl.ge.com (Carl Smothers), randy at mci.net (Randy Catoe), denning at cs.cosc.georgetown.edu (Dorothy Denning), jya at pipeline.com (John Young), dn at pipeline.com (Deborah Natsios), brow at clark.net, mbohannon at banyan.doc.gov (Mark Bohannon), ads012 at email.mot.com (Don Sorter), Mary_Smolenski at ita.doc.gov (Mary Smolenski), lshomo at hqops.hq.nasa.gov (Lawrence Shomo), Jean_M_Baronas at co.xerox.com (Jean Baronas), jag at jgvandyke.com (Jonathan Gloster), rsabett at spyrus.com (Randy Sabett), Martin.Ferris at treas.sprint.com (Martin Ferris), Karla.King at treas.sprint.com (Karla King), lthrash at hqamc.army.mil (Lawrence Thrash), trstsc at tevm2.nsc.com (Russ Tobolic), steve.katz at citicorp.com (Steve Katz), jill.oliver at citicorp.com (Jill Oliver), jgrabo at infsec.com (John Grabowsky), madavids at us.oracle.com (Mary Ann Davidson), palamber at us.oracle.com (Paul Lambert), geiter at mitre.org (Jisoo Geiter), Ezzy_Dabbish-AMTE09 at email.corp.mot.com (Ezzy Dabbish), BFlowe at MCiMail.com (Ben Flowe), sking at mitre.org (Sue King), ablee at mitre.org (Annabell Lee), murray2 at vnet.ibm.com (Vera Murray), french at zeke.ENET.dec.com (Roger French), pescatore at idcg.com (John Pescatore), barker at st1.ncsl.nist.gov (Elaine Barker), FKeenan_+wshsr02+1Florence_Keenan+r%PGFM at mcimail.com (Florence Keenan), SROSE42008 at aol.com (Steve Rose), john at ipower.nsc.com (John Power), david.bicknell at rbp.co.uk (David Bicknell), mschneck at phoenix.Princeton.EDU (Melanie Schneck), lhg at nrc.gov (Louis Grossman), RAVENIS at novell.wd.cubic.com (Joe Ravenis), stw at boeing.com (Steve Whitlock), corcorane at Washpost.com (Elizabeth Corcoran), hoffman at seas.gwu.edu (Lance Hoffman), Thorne_Graham at ccmail.irs.gov (Thorne Graham), lovornj at dyncorp.com (Jan Lovorn), Squires at arpa.gov (Stephen Squires), davido at cylink.com (David O'Brien), al.williams at gsa.gov (Al Williams), JDRANDALL at vnet.ibm.com (James Randall), RHDANCK at DELPHI.COM (Renee Danckwerth), Kpauley at pipermar.com (Kay Pauley), PFarrell at gmu.edu (Pat Farrell), darnstein at hns.com (Donald Arnstein), Thomas_C_Jones at ccm.ch.intel.com (Tom Jones), P26730 at email.mot.com (Helen Hammond), hpodell at ids2.idsonline.com (Harold Podell), beccag at bsa.org (Becca Gould), mccord at nosc.mil (Marion McCord), orestib/dcpo/bruceh%mcimail.com at micf.nist.gov (Bruce Heiman), elaine.frye at nist.gov, cme at acm.org (Carl Ellison), jhalpert at pipermar.com (J. Halpert), ads012 at email.mot.com (Don Sorter), paradise at wellsfargo.com (Jane Paradise), Lynn.McNulty at internetmci.com (Lynn McNulty), lawrence.shomo at hq.nasa (Larry Shomo) [End] From declan at well.com Mon Jul 8 23:21:04 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 9 Jul 1996 14:21:04 +0800 Subject: HotWired -- "Third Choice" for Netizens may be Libertarian Party Message-ID: ---------- Forwarded message ---------- Date: Mon, 8 Jul 1996 19:46:34 -0700 (PDT) From: Declan McCullagh To: fight-censorship+ at andrew.cmu.edu Subject: HotWired -- "Third Choice" for Netizens may be Libertarian Party HotWired: The Netizen http://www.hotwired.com/netizen/ "Third Choice" -- Campaign Dispatch by Declan McCullagh (declan at well.com) Washington, DC, 8 July The nervous sweat of US voters forced to choose between character-impaired Clinton and vision-impaired Dole may distill into fuel for the Libertarian Party. At the party's ragtag convention last week, Harry Browne began to make a case that the Libertarian Party isn't just for cyberheads and conspiracy theorists. [...] It was a refreshing departure from the highly scripted 1992 Democratic National Convention - more an exercise in infotainment than anything else - where party insiders worked quietly to block a loudmouth Jerry Brown from speaking unless he signed an agreement pledging fealty to Bill Clinton... Not so with the Libertarian convention, which netizens attended in force. Phil Zimmermann, author of Pretty Good Privacy, appeared at a privacy workshop on Saturday where delegates received PGP on floppies. On Thursday, Jim Ray, a cypherpunk and Libertarian delegate from Coral Gables, Florida, introduced a motion to strengthen the party's stance on encryption by condemning "government access to keys" - a mandatory backdoor for the Feds. "Or GAK, as we call it on Cypherpunks," Ray told the other delegates, who passed the revised crypto plank unanimously. [...] The so-called Year of the Net marches on, but the Libertarian Party now stands as the only serious political party with a commitment to defending the rights of netizens. ### From jfricker at vertexgroup.com Mon Jul 8 23:31:44 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Tue, 9 Jul 1996 14:31:44 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <2.2.32.19960709030143.00c14778@vertexgroup.com> At 05:32 PM 7/8/96 -0500, you wrote: >Tim writes about Ritalin: > >>I've been over visiting my friend to see some of this. The Ritalin-sodden >>kid arrives like a zombie. When the Ritalin wears off, he's rambunctuous, >Alex, our 8 year old son, uses Ritalin. He doesn't need Ritalin to >concentrate. He can get caught up in a building project for hours and >create a masterpiece. He can focus so thoroughly you can't pry him >loose. > >What Alex *can't* do is get comfortably through a day of grammar >school. I sympathise -- I was the same way when I was that age. I had Errrrr. Ever hear of home schooling? Seems like if your child needs drugs to go to school than perhaps school is the problem not that your child's body lacks Ritalin. Sheesh. So it happens that I was talking with a fellow Saturday who grew up on Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for drugs, you know. They were natural. Like the body is made for different laboratory made molecules with dubious effects. He never got into the hard stuff (like the opiates) like the anti-drug people promised though. Also turns out that he now has a neurological disorder that is untreatable and uncurable. So now he's goes through his days in constant pain courtesy of the best childhood his wealthy Pacific Palisades Parents could buy. I wonder if there are any other Ritalin side affects that don't become prominent until 30 years later? But than someone who thinks milk is wholesome needs some lessons is nutrition, anatomy and physiology. --j From ichudov at algebra.com Mon Jul 8 23:32:21 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 9 Jul 1996 14:32:21 +0800 Subject: Word lists for passphrases In-Reply-To: Message-ID: <199607090210.VAA07394@manifold.algebra.com> Ben Holiday wrote: > If you have access to a shell, and to the news spool, you can generate > some quick lists by hopping into the directory of any newsgroup that > interests you and doing: > > cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist > > With most unixes that will generate an alphabetized list of all the unique > words in your source text, converted to lowercase. I've had some problems > with tr on a few machines, however. Adding a '-c' after 'uniq' will tell > you how many times each word occured (useful for grepping out words that > appear too infrequently, or too frequently) .. Actually I am fairly sure that your selection of words will be mediocre at best. There are words (such as nethermost, insatiable, insufferable) that are almost never used in news. - Igor. From markm at voicenet.com Mon Jul 8 23:48:05 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 9 Jul 1996 14:48:05 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- OK, so I lied. However, I can fit some crypto relevance into this. > On Mon, 8 Jul 1996, Arun Mehta wrote: > > Ritalin is a lifesaver for a small % of children who suffer from a condition > ^^^^^^^ > Key word here. ||||||| > > > Ritalin... mother was furious. > > > > Some of the kids who use foul language (a very small %) have Tourette's ^^^^^^^^^^^^^^ > > disease, and also need medicine (a different one)... by and large the As long as we're talking about "key words", the "very small %" is very small indeed. In the next paragraph you say "most kids" which is not at all contradictory to "a very small %". I may have my facts mixed up, but Tourette's disease is an illness where one tends to say things that one was thinking but not meaning. > > Bullshit. Most kids (these days) who use profanity are simply > undisiplined louts. Yes, I use profanity today, at 28. However, I would > NEVER have called my mother a "Fucking Asshole" under ANY circumstances, > My father would have torn my head off. In fact if my father had caught me > speaking like that to ANYONE at 8 years of age, I would have had trouble > sitting for a couple days at least. > > Of course my parents made sure not to talk like that around me. You are forgetting that this is a _disease_. That means that someone cannot be cured of it by discipline or common sense. It's no different from diabetes or any other disease. > > > politically correct thing is sometimes to label a kid as sick rather than > > bad or spoiled, this is probably why drugs are over-used. But we can't > > throw the baby out with the bathwater! > > On the other hand, if only 20% of the children that are being drugged > need it, that means that we are sacrificing 80% of these children to save > 20%. That wasn't the point. The point is instead of dopping every kid that doesn't pay attention in school up with Ritalin, kids should instead be diagnosed as having ADD before receiving Ritalin treatment. It can be helpful for the kids who actually have ADD. > > Drugs are supposed to be for fun, not for long term behavior > modification. People need to learn to deal with life. Someone with a disease such as bipolar disorder would disagree with you. There are some bipolar people who, without lithium, will end up with large wounds caused by razor blades on the arms and legs. Others that use sleeping pills give them to a trusted third party (see the crypto relevance) who will prevent them from overdosing. Some people with ADD need Ritalin to be able to be successful and function. You can wax philosophical about how drugs alter a person's personality making them a zombie, but people voluntarily take drugs that can help them dramatically. Some people cannot learn to "deal with life." OK, now for the real crypto relevance. Snow seems to be in denial about psychological illnesses. This is the "it will never happen to me" attitude. Such an attitude is very common and is human nature. However this can be very dangerous, especially when applied to governments. People may eventually believe that it is OK for the government to violate the civil liberties of those suspected of committing a crime. After all, law abiding citizens are never suspects in crimes. Mandatory key escrow is perfectly all right. The only people that will get wiretapped are the people who are criminal types. And even if a law abiding citizen is wiretapped, it won't matter because that citizen unit never breaks the law. Tyranny can effect anyone and everyone. It's not limited to criminals. This is why strong crypto is necessary. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeHDmbZc+sv5siulAQG8mQP8C3b1U5K2/7EKf3SJ9mw5n2AtNqaTlJGS 5AJzeAAbltuKRLSzFtViFFb2ztqrbSp1u/gqiwgf/GNpwaVYqm6LbMUvFltYP0C6 CBrWF5w0eUIvyoipXbnJIyFayo1HIuoMv0y2uFYIMHc8DfiDq4prVb8HirquoZdZ AqPBuo4RUkE= =H74N -----END PGP SIGNATURE----- From AwakenToMe at aol.com Tue Jul 9 00:04:00 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Tue, 9 Jul 1996 15:04:00 +0800 Subject: Word lists for passphrases Message-ID: <960708210619_430002397@emout13.mail.aol.com> perry at piermont.com (perry e. metzger) In a message dated 96-07-08 19:21:11 EDT, you write: << Human stupidity is never a surprise. Perry >> I know. Just look at your posting a private message to a newsgroup because of something thats just beyond your use. So... you can't handle it and become like a baby.. and start something so utterly pointless as this.. by writing me back to begin with. You dont like the program..or think its so trivial (which it is... big fuc*in deal ) then thats fine. EVERYONE has their opinion. Some people find a use out of it...obviously you dont. Its Ok man. Just take some prozac (or is the topic ritalin now??) and youll be A OK From AwakenToMe at aol.com Tue Jul 9 00:17:23 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Tue, 9 Jul 1996 15:17:23 +0800 Subject: Word lists for passphrases Message-ID: <960708232828_352927495@emout16.mail.aol.com> In a message dated 96-07-08 23:10:44 EDT, perry at piermont.com (Perry E. Metzger) writes: << > Youd be surprised at the # of requests from people who actually had a good > use for it, and didnt have the time to spend writing it themselves. Human stupidity is never a surprise. Perry >> Just goes to show.look at the name right above. It says PERRY Didnt I say it was rude to post private email to group? Guess an arrogant very self-opinionated asshole such as yourself doesnt care. From perry at piermont.com Tue Jul 9 00:54:05 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 15:54:05 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <2.2.32.19960709030143.00c14778@vertexgroup.com> Message-ID: <199607090434.AAA11302@jekyll.piermont.com> John F. Fricker writes: > Seems like if your child needs drugs to go to school than perhaps school is > the problem not that your child's body lacks Ritalin. > > Sheesh. > > So it happens that I was talking with a fellow Saturday who grew up on > Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for > drugs, you know. They were natural. Like the body is made for different > laboratory made molecules with dubious effects. Yeah, you know, I bet your body doesn't get infected for lack of penicillin, either. I suspect that taking Penicillin prepares you for drug dependancies. Why, next, you might take insulin to deal with diabetes, or worse! Thank god most of those heroin addicts never had Ritalin as kids -- you never know how much worse off they might be now. And if they'd gotten antibiotics, why, forget it. Quit from modern medicine cold turkey. Its the only way. Perry From markm at voicenet.com Tue Jul 9 01:08:16 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 9 Jul 1996 16:08:16 +0800 Subject: Word lists for passphrases In-Reply-To: <199607090210.VAA07394@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 8 Jul 1996, Igor Chudov @ home wrote: > Ben Holiday wrote: > > If you have access to a shell, and to the news spool, you can generate > > some quick lists by hopping into the directory of any newsgroup that > > interests you and doing: > > > > cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist > > > > With most unixes that will generate an alphabetized list of all the unique > > words in your source text, converted to lowercase. I've had some problems > > with tr on a few machines, however. Adding a '-c' after 'uniq' will tell > > you how many times each word occured (useful for grepping out words that > > appear too infrequently, or too frequently) .. > > Actually I am fairly sure that your selection of words will be mediocre > at best. There are words (such as nethermost, insatiable, insufferable) > that are almost never used in news. According to Altavista: nethermost - 45 insatiable - 200 insufferable - 200 I know I have too much free time. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeHp9bZc+sv5siulAQHjCgP6A/OuKaX/NwlkO9zhzbX2sBdKzajdKHHC FegZI5jIMd9hSFUb1iPUzw5H8YVaCQFDrighNnxLYvncAHB5dxAnRz52XjH4PFxj kDsH3CC3fN+x3Oh88HOwfcDKMiEAFbUkj+xSR5w6yxPt3mg9E27/xPef1Yg8bUWl gbsK/V0emcU= =Pr0B -----END PGP SIGNATURE----- From perry at piermont.com Tue Jul 9 01:24:43 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 16:24:43 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090052.RAA03839@netcom14.netcom.com> Message-ID: <199607090419.AAA11279@jekyll.piermont.com> Mike Duvos writes: > Perry Writes: > > > Most people would have no particular urge to stop a child with > > diabetes from taking her insulin. Your friend seems to have the sick > > idea that they know better than the child's parents whether the child > > should be taking their meds or not, simply because the medication is > > for a "mental" problem. This isn't your friend's child. Its someone > > else's child. They have no right to make such decisions. > > Since diabetes has an organic cause, this analogy with syndromes and > disorders defined solely by behavioral percentages fails. 'fraid not. ADD has an organic cause, and can be detected with reproduceable biological tests. Admittedly, ADD is nonfatal, and I will agree that the analogy breaks down there. I will also agree that it may be overdiagnosed -- that is, misdiagnosed by sloppy practitioners. That does not mean it isn't real. > A better model might be height, which follows a basically continuous > distribution once outliers due to functional endocrine problems are > eliminated. > > We could, of course, define a "vertical deficit disorder" (VDD) which > 10% of the population have by definition, and for which the treatment > would be synthetic human growth hormone given regularly during the > growing years. Why eliminate the people with endocrine problems? You need not invent a new syndrome. The folks with severe deficits of growth hormone are an actual group, and are a perfectly fine group to give growth hormones to. Now, you are correct that some people might abuse those hormones, and some lazy doctors might diagnose a statistical outlier as someone suffering from dwarfism. However, that doesn't mean that growth hormone isn't needed for the people whom you choose to dismiss in your first paragraph as though they were not a valid place to draw the analogy. > Of course, no amount of reason will disuade the True Believers from > embracing yet another disease model, and we shouldn't expect that it > would. But I think it is clear to many people that the forced medication > of children for the convenience of those who take care of them is > getting a bit out of control. Has it occurred to you that many of the children in question are happy being medicated, as are many adults? In any case, who are you to tell other people what's good for them? Perry From jfricker at vertexgroup.com Tue Jul 9 01:28:23 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Tue, 9 Jul 1996 16:28:23 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <2.2.32.19960709050234.00c7e930@vertexgroup.com> At 12:34 AM 7/9/96 -0400, you wrote: > >John F. Fricker writes: >> Seems like if your child needs drugs to go to school than perhaps school is >> the problem not that your child's body lacks Ritalin. >> >> Sheesh. >> >> So it happens that I was talking with a fellow Saturday who grew up on >> Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for >> drugs, you know. They were natural. Like the body is made for different >> laboratory made molecules with dubious effects. > >Yeah, you know, I bet your body doesn't get infected for lack of >penicillin, either. I suspect that taking Penicillin prepares you for >drug dependancies. Why, next, you might take insulin to deal with >diabetes, or worse! > >Thank god most of those heroin addicts never had Ritalin as kids -- you >never know how much worse off they might be now. And if they'd gotten >antibiotics, why, forget it. > >Quit from modern medicine cold turkey. Its the only way. > >Perry > Perry, you're typically vitriolic wit fails you. What's up? Lost your prescription? Snide pills spill in the toilet again? From ichudov at algebra.com Tue Jul 9 01:35:08 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 9 Jul 1996 16:35:08 +0800 Subject: Word lists for passphrases In-Reply-To: <199607082320.TAA10998@jekyll.piermont.com> Message-ID: <199607090422.XAA08435@manifold.algebra.com> Perry Metzger, in a profound display of stubbornness, continues educating AwakenToMe at aol.com. But how about this C prog: z(int d,char*s){for(*s='a';*s<='z';(*s)++)d?z(d-1,s-1):puts(s);} BS(s){char *S=(char*)malloc(s+1);S[s]=0;z(s-1,S+s-1);free(S);} main(){BS(2);} is there anything shorter and no less efficient? most of time is wasted in puts of course igor Perry E. Metzger wrote: > > > AwakenToMe at aol.com, in a profound display of stubbornness, continues > to insist that his program to enumerate all possible words of length N > (that is, aaaaa, aaaab, aaaac, etc.) is somehow interesting. I am > therefore forced to drive in the nail with a sledgehammer. Forgive me. > > He writes: > > > > > It's [...] trivial enough to be done by 99% of the people on > > > > > cypherpunks in their sleep. > > > > > > > > Yes. But let me ask you this. Have you done it yet?? > > > > > > Most of us don't bother writing up four line programs and shipping > > > them out, no. > > > > really? Wow. four lines of code? You must be a really good programmer. duh. > > Hardly. A ten year old could do it. I know, since I wrote substantially more > sophisticated stuff when I was ten. > > Since you insist, here is less than a minute's work. Yes, I timed it. > > ------Cut Here------ > /* > This could be more elegant, but the point is obviousness. > */ > #include > > int main() > { > char i[6]; > > for (i[0] = 'a'; i[0] < 'z'; i[0]++) > for (i[1] = 'a'; i[1] < 'z'; i[1]++) > for (i[2] = 'a'; i[2] < 'z'; i[2]++) > for (i[3] = 'a'; i[3] < 'z'; i[3]++) > for (i[4] = 'a'; i[4] < 'z'; i[4]++) > printf("%s\n", i); > } > ------Cut Here------ > > The operative portion of the program is six lines ling, and five of > those lines are virtually identical. > > You can write the thing much more elegantly, without redundant > code. However, I have elected to leave it as utterly brainless as > possible to demonstrate that ANYONE could write the thing. > > > Youd be surprised at the # of requests from people who actually had a good > > use for it, and didnt have the time to spend writing it themselves. > > Human stupidity is never a surprise. > > Perry > - Igor. From lzirko at c2.org Tue Jul 9 01:35:25 1996 From: lzirko at c2.org (Lou Zirko) Date: Tue, 9 Jul 1996 16:35:25 +0800 Subject: Secure Computing extends deal with NSA for E-mail system Message-ID: <199607090501.WAA08487@infinity.c2.org> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Jul 09 00:01:32 1996 Following is an article from PC Week that some might find of interest. Also available at this URL - http://www.pcweek.com/news/0708/08escc.html Secure Computing Corp. has signed a $15 million deal with the National Security Agency to develop the agency's secure network server system for Department of Defense employees' E-mail. Officials of the St. Paul, Minn., company announced that Secure Computing will take about a year to complete the project, which will ensure security within the Defense Department E-mail system. The agreement is an extension of a deal Secure Computing first signed with the National Security Agency in 1992, according to company officials. Lou Zirko (502)383-2175 Zystems lzirko at c2.org "We're all bozos on this bus" - Nick Danger, Third Eye -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 iQEVAwUBMeHntstPRTNbb5z9AQEAfggAmM16zuktn2KeIsr4WNIYP69LZ1lZ4veY bqllaZfccr17NIvffqSINrxY62Xl5daVHnLcpy7y0QSMa3pksj3+FKT5X8C+GYQ6 tCOlTPO8VC0mXONXAmsZSvHEqQrHYHwJDZ9ljciXOyjajaPoElzTm3XScKLGR9p9 tac+3HIMuKmdXrVJ23Z8OmEvvKAiUqQdZtgS+FE+hwP2vzVh68Tqv+yUM5Ac6gAS i3Z5YxJ+0Ycugqa0BLyoJi1aOe2PqC6EbEzPI0LG2WNPA25MRFSDMJxWr2pulEas pBqZmzbAVSVI/JqaMU50LRKFIGb58gl+47QLFmCWqFWKlarDs6NcvA== =LbOA -----END PGP SIGNATURE----- From markm at voicenet.com Tue Jul 9 01:36:03 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 9 Jul 1996 16:36:03 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090052.RAA03839@netcom14.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 8 Jul 1996, Mike Duvos wrote: > Since diabetes has an organic cause, this analogy with syndromes and > disorders defined solely by behavioral percentages fails. Incorrect. I am not certain if ADD has been definitely linked to a lack of a certain neurotransmitter, but since it shows up on a PET scan, it probably is. You say that a disorder defined only by behavioral percentage in not a real disorder. If the number was far less than 10%, would you then consider it a disease. In an earlier message, you claimed that depression is an actual disease. One-third of all Americans have some form of clinical depression. Your logic escapes me. > People with VDD would probably want to be taller, and be as successful > as their peers at important things like basketball. The specified > treatment would certainly demonstrate effectiveness in accomplishing > this goal. People with VDD would argue that their disease was real, > since it was hereditary, and could be measured with complex scientific > instrumentation, like PET^H^H^HYardsticks. First of all, being tall is not really important in today's society. It used to be that people who had certain weaknesses and disorders were killed off according to evolution. Since we live in a developed society, evolution no longer has any effect on humans. It seems that the only people who think that drug treatment is bad for people with disorders that can cause that person to not reach his or her potential are those who have never even been afflicted with a mental disorder. Nor do they know much about the subject. > Amphetamines have demonstrated themselves to be a tricky medication even > for psychological disorders for which they were once considered > appropriate. ADD and its treatment plays very well into a society that > seems to feel that each and every one of life's misfortunes must be > given a name and called a disease. People have lost jobs because of ADD. Everyone has to do something undesirable at one point or another. For an ADD person, stopping a task that is very interesting to that person to do boring work can be very difficult. Rather than blaming the public schools, it is much more productive to find a way to work around such a barrier. Ritalin is often the best way to do that. > Of course, no amount of reason will disuade the True Believers from > embracing yet another disease model, and we shouldn't expect that it > would. But I think it is clear to many people that the forced medication > of children for the convenience of those who take care of them is > getting a bit out of control. I guess I am a True Believer. I believe that ADD exists. I also believe in the theory of Relativity. Both of these are backed by hard evidence and nearly unanimous agreement among specialists in these fields. There is a middle ground between believing that every kid who is hyperactive or has a short attention span should be on Ritalin, and saying that ADD doesn't exist and it is just a simple misfortune. Of course, it's rather easy to dismiss something as a misfortune which doesn't effect you personally. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeHn8LZc+sv5siulAQHc+QP+ND3ObVaTbm1/rvDC3J9O0Yst/S1w792r AArgL/r57K5VoR66gxB0zW8jegu6Yt7Qe1BDCgkrKKBkuaphCu5wdTZ/CF75xd1K pIErVKwOOd3dTonN7MrXDw+u3UWw3c0Hj4ja+H13TsguqB2zlxj7OKfo+dW7RIdZ lnZJVT5rFRg= =LE0i -----END PGP SIGNATURE----- From perry at piermont.com Tue Jul 9 01:37:32 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 16:37:32 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <2.2.32.19960709050234.00c7e930@vertexgroup.com> Message-ID: <199607090509.BAA11381@jekyll.piermont.com> John F. Fricker writes: > you're typically vitriolic wit fails you. What's up? Lost your > prescription? Snide pills spill in the toilet again? I thought I was rather on the money. Perhaps you just don't find my vitriol funny when I direct it at you. I'm sick of you, Tim and other people telling folks how to treat their problems. Tim is happy saying that he thinks people's lives are their own business, but opportunities to stick his nose into the ways that his neighbors raise children are just peachy to him. I'd say that the lot of you are self-satisfied busybodies, and poorly educated ones at that. If someone out there has their life improved by Ritalin, its not any of your business to tell them not to take it. There are kids out there, and adults, who have psychological problems that are well treated if not cured by medicines. Sure, its nice to do things "naturally" and "without drugs", but I'll point out that two thirds or more of the people reading this message would be dead now because of infections they forgot they had twenty years ago, or because of indoor plumbing assuring a clean water supply, or a million other artificial interventions into the natural course of life, which is, naturally, death at 20 or 25 without a tooth left in your head, cowering in a cave, surrounded by the other savages. So, go right ahead. Discourage people from using their medicines. Make fun of the parents of the "poor little zombie" taking Ritalin because otherwise his life, from his own perspective, is a living hell. Heck, TAKE AWAY HIS MEDICINE, the way Tim cheers on. Then please go home and throw away that aspirin. The natural way to deal with a headache is to suffer. When you break your arm, swear off medical attention and crawl around in pain for a while. Its the "Right Thing" to do. In any case, even if all this stuff isn't real, I'm sure you are completely above taking drugs to help you get along in life. I'm sure you never drink coffee to get you up in the morning, for instance. Because if you have, you are a hypocrite. Not, of course, that anyone here would fit that description. Perry From mpd at netcom.com Tue Jul 9 01:37:41 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 9 Jul 1996 16:37:41 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090419.AAA11279@jekyll.piermont.com> Message-ID: <199607090459.VAA24458@netcom14.netcom.com> "Perry E. Metzger" writes: > Why eliminate the people with endocrine problems? You need > not invent a new syndrome. The folks with severe deficits of > growth hormone are an actual group, and are a perfectly fine > group to give growth hormones to. The point was that the group with endocrine problems was an appropriate group to give growth hormone to, whereas the shortest 10% of the population was not. Similarly while there might very well be some disorder of cognition for which amphetamines would be appropriate medication, prescribing them on the basis of which 10% of the population performs least well in the traditional "cells and bells" school environment is not it. The fact that some claim to be able to demonstrate ADD by "repeatable biological tests" carries no more weight than the ability to repeatably demonstrate that a person is short of stature by "repeatable tape measure tests." > However, that doesn't mean that growth hormone isn't needed > for the people whom you choose to dismiss in your first > paragraph as though they were not a valid place to draw the > analogy. There is a difference between giving medication for a verifiable organic problem, like insulin for diabetes, or growth hormone for a pituitary defect, and giving it to the 10% shortest, or the 10% most likely to call their teachers bleep words. > Has it occurred to you that many of the children in > question are happy being medicated, as are many adults? In > any case, who are you to tell other people what's good for > them? Again, to return to the height analogy, doctors have to throw short parents seeking human growth hormone for their perfectly healthy short children off their doorsteps every day. Same goes for patients seeking antibiotics inappropriate for their illnesses, and countless other things. The price of giving the patient (or the patient's parents) everything they want is disease-resistant microorganisms, a country where everyone is over six feet tall, and classrooms full of obedient citizen-units in Soma-induced trances. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From markm at voicenet.com Tue Jul 9 01:54:08 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 9 Jul 1996 16:54:08 +0800 Subject: Pseudo-DC-net Project In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 8 Jul 1996 janke at unixg.ubc.ca wrote: > > Thank you for the comments, but I'm not sure I fully understand them > all. First of all what is a TLA? Second of all, and this seems to be A TLA is a Three Letter Acronym. Such examples would be FBI, NSA, DEA, and CIA. > > I hadn't thought of using a ring topology... Interesting. I'll think > about that one some more. The ring topology is definitely more secure. A DC-Net has to have at least three hosts to be of any use. When a centralized server is used, the security is basically lost. > > How do hash trees help? Is that mentioned in the paper you cite? I'll > take a look at that one before long. What's the title and author? Hash trees help by preventing collisions while preserving anonymity. The property of hash trees is that it takes log 2(N) number of elements of the tree to verify where N is the total number of elements in the tree. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeHwUrZc+sv5siulAQG9SAQAm7vPPFGjM/x0ntXTk9SZhNZ98WoRzHDT 6o1r+iWdZPBx1loAb8AGq+i8OumSrdDvVfdjGCDOp5smlFwJH/jSUBDHyi2Fkwp9 duzvukxHgazX7CQY9p585UX+y6Uu1d/Dfj74DzIIbyPBIwJNW9qzbAbUGQqXM1zR zzuVA7RxPWI= =qNZe -----END PGP SIGNATURE----- From ogren at cris.com Tue Jul 9 01:54:33 1996 From: ogren at cris.com (David F. Ogren) Date: Tue, 9 Jul 1996 16:54:33 +0800 Subject: A case for 2560 bit keys Message-ID: <199607090309.XAA00077@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Mon Jul 08 23:06:11 1996 Here is a few thoughts on RSA key sizes. There is nothing new or revolutionary herein, but I think it does provide a good case for using large RSA keysizes. Traditionally, we examine the threat model and determine the approximate ability of the attacker to factor secret keys. Then a keylength is selected that exceeds the attackers ability to factor in a reasonable amount of time. For example, if we assume that the NSA can factor any number with the speed of the special number sieve, and has 10^9 mips of computing power (doubling every 1.5 years) we can make the following estimations:_1_ Using these assumptions, the NSA could crack a 1024 bit key in ~11 days, a 1536 bit key in 10 years and a 2048 bit key in 26 years. _2_ Note that this would require the full resources of the NSA, however. Thus, even the mighty resources of the NSA could only crack 42 1024 bit keys in 1996 (including Moore's law). _3_, _4_ Similarly, a large corporation with 10^7 mips in computing power (and the same super-efficient factoring algorithm) could crack a 1024 bit key in 2 years, a 1536 bit key in 20 years, and a 2048 bit key in 36 years. My interpretation of these results: 1024 bit is probably safe for most reasonable threat models. Only individuals with extremely high threat models should be concerned about 1024 bit keys in 1996. Even those with extremely high threat models should be satisfied with 1536 bit keys. Despite the above, there are convincing arguments for longer RSA keys. Instead of asking "Why should we have longer keys?", perhaps we should be asking "Why _shouldn't_ we have longer keys?" In a hybrid cryptosystem such as PGP, very little of the computational process is consumed by RSA encryption. Only a tiny fraction of the message is RSA encrypted (the session key), and thus the time-critical operation is the symmetric crypto system (IDEA for PGP). As an experiment generate a 2047 bit PGP key and a 512 bit PGP key. Encrypt a file (preferably of a reasonable size) using both keys. Depending on the computer you are using, the time difference between the two keys will be a matter of few seconds or even a fraction of a second. And so we have to ask ourselves, why _not_ use a 2047+ bit key. It has greater longevity and greater security. Why not be overcautious when the cost is so small? It seems foolish that we use RSA keys that are less secure than our IDEA session keys. Our RSA keys are much more valuable than our session keys. I will use my RSA key to encode hundreds of messages. Each session key I will use only once. An attacker who learns one of my IDEA session keys can decrypt only that message. An attacker who learns my RSA key can decrypt any of my messages, past or present. (He can also impersonate my signature, but that's another discussion entirely.) If I send one message weekly that my attacker is interested in, and change my RSA key every two years, my RSA key is at least 104 times more valuable than any individual key. Does it not make sense that the RSA key should ideally be 104 times more difficult to crack? If increasing the RSA keylength was overly cumbersome to the process then designing the RSA keylength to meet minimum acceptable standards could be understood. But since increased RSA keylengths are cheap in terms of computing power, would it not be better to pick RSA keylengths that are more secure than the session keys? And thus, 2560 bit keys are not unreasonable. They are not significantly slower to use (most of PGP's time is spent IDEA encrypting), and yet are effectively invulnerable. By "invulnerable" I mean that any attacker capable of cracking your RSA key would have an easier time hacking your individual IDEA session keys, and would never have any need to hack the RSA key itself. And if you have threat models this severe you are a) hopelessly paranoid, b) SOL. Footnotes: _1_ These approximations of factoring difficulties and the computing resources are taken directly from Applied Cryptography by Bruce Schneier, page 161. _2_ Taking into account Moore's law, the amount of processing power spent during a period of time is the integral of Power * 2^(t/1.5)dt (from 0 to x) = Power * 1.5 / (ln 2) 2 ^(t/1.5) (also evaluated from 0 to x). Which is approximately equal to Power * 2.164 * (2^(x/1.5) - 1). Thus in three years a corporation starting with 10^7 mips could produce 10^7 * 2.164 * (2^(3/1.5)-1) = 6.492 * 10^7 mips-years. _3_ Any attempt to determine the computing power and cryptanalysis power of the NSA should be taken with a grain of salt. There are several very critical and arbitrary assumptions made in order to obtain these numbers. _4_ Additionally, any attempt to discern the future of cryptanalysis should also be taken with a grain of salt. Who can tell what computers will like be in ten years? - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeHMpOSLhCBkWOspAQH4gwf+NiP184ve2W06ClO92uEfjbaHpn3l9zAz 1ckt8PE8kMxkq8etcq/NM/IZ3QuTIBbeOr4ey6dIptQafmarb7sSMAx0KGgPALp8 v6a77as2RUCaJYjjviYlXh/0OIt+c7c+w9HbVZCmgpru/VQjT7++6eAa1f4K+225 K12wEX2TXou4s8+qYVUAT3B0iesuq/Z2iBzO942+v3u7rkCHLMghYlLIXR+SP43l E15IQRez5nHkMb7VB9kL8ku/aDlXfKjURDQji8LBm+V+3i/9tcR/9+4EjKAqo1nB qnXCFBKrzWRev4bbI9tbVnTc83VWeJRXGZxlpXhzc40kov7GbrT9Bg== =B0h0 -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Tue Jul 9 02:17:45 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 9 Jul 1996 17:17:45 +0800 Subject: What remains to be done. Message-ID: <199607090608.CAA27451@unix.asb.com> On 8 Jul 96 at 18:04, John F. Fricker wrote: [..] > One of these days Microsoft will officially release NT's IFS SDK. A few > "preliminary" and incomplete copies of a 1993 beta release do float around > but for a mere $50K there's a company that will sell you the complete source > for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the > Installable File System is one of the great powers of NT. > > So, if someone is interested in coughing up the $50K I know a couple NT > programmers just chomping at the bit to build cool IFS's like PGPDrive, etc. Coughing up a mere $200-500 (depending on the cmpany) to write a few freeware drivers for Windows NT/95 or OS/2 is a bit much for poor hackers like myself. A GNU/FSF project should be to develop freeware DDKs for Windows or OS/2. There'd be many grateful people out there. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From alano at teleport.com Tue Jul 9 02:19:08 1996 From: alano at teleport.com (Alan Olsen) Date: Tue, 9 Jul 1996 17:19:08 +0800 Subject: Word lists for passphrases Message-ID: <2.2.32.19960709044304.00b09650@mail.teleport.com> At 09:10 PM 7/8/96 -0500, Igor Chudov @ home wrote: >Ben Holiday wrote: >> If you have access to a shell, and to the news spool, you can generate >> some quick lists by hopping into the directory of any newsgroup that >> interests you and doing: >> >> cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist >> >> With most unixes that will generate an alphabetized list of all the unique >> words in your source text, converted to lowercase. I've had some problems >> with tr on a few machines, however. Adding a '-c' after 'uniq' will tell >> you how many times each word occured (useful for grepping out words that >> appear too infrequently, or too frequently) .. > >Actually I am fairly sure that your selection of words will be mediocre >at best. There are words (such as nethermost, insatiable, insufferable) >that are almost never used in news. If the purpose is for use with "Crack" or some similar program, it might be better than you would think. You won't get the "unusual" words, but you will also get the words in common usage that do not appear in dictionaries. (Such as fnord, jedi, killfile, and the like...) You will also get alot of proper names, which may have been used as passwords. The idea is that words in common usage may be more likely to be used as passwords. Another thing to look for when choosing dictionaries/wordlists for crack is not sticking to english. If you have a userbase that is known to have a certain percentage of people of a non-english background, you will want to find lists of words from that background. (I had a sysadmin asking me about Yiddish and Hebrew wordlists for just that reason.) These can be a bit harder. (Especially for unusual languages.) But knowing your userbase can make all the difference in what it might take to crack the passwords from the outside. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From proff at suburbia.net Tue Jul 9 02:27:02 1996 From: proff at suburbia.net (Julian Assange) Date: Tue, 9 Jul 1996 17:27:02 +0800 Subject: ACLU: NJ Alert! Personal Data Chip in DL! (fwd) Message-ID: <199607090515.PAA17618@suburbia.net> Forwarded message: >From notes at igc.org Tue Jul 9 15:12:01 1996 Date: Mon, 08 Jul 1996 19:48:10 -0700 (PDT) Reply-To: Moderator of conference "justice.polabuse" From: Bob Witanek Subject: ACLU: NJ Alert! Personal Data Chip in DL! To: Recipients of pol-abuse Message-ID: X-Gateway: conf2mail at igc.apc.org Errors-To: owner-pol-abuse at igc.apc.org Precedence: bulk Lines: 32 Posted: sspnj at exit109.com *Computer Chips in Driver Licenses?* NEWARK, N.J. -- The Associated Press reported today that drivers may soon be using a new high-tech driver's license to pay tolls and do banking in New Jersey. The soon to be tested "Smart Card" will carry a data packed computer chip that will provide authorities with access to private information including fingerprints and medical records. The pilot cards will be limited to standard driver's license information. By the time the cards are issued to all New Jersey drivers in July 1997, they would also contain fingerprints and an "electronic purse" to be used to pay bus and train fares, the AP said. Civil libertarians said the new licenses raise privacy concerns. Ultimately, the AP said, the license will contain arrest records, medical records, vehicle registration, and could be used as a debit card to pay for groceries and do banking. "I think citizens should be extremely scared about loss of privacy," David Rocah of the New Jersey ACLU told AP. "They could store tax data. They could store medical data. They could store driver's records, insurance data, virtually any data in the government's possession." The ACLU also warned that the potential for misuse of the information --government surveillance or telemarketing research - - could pose potential problems. ---------------------------------------------------------------- -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From stevenw at best.com Tue Jul 9 02:31:29 1996 From: stevenw at best.com (Steven Weller) Date: Tue, 9 Jul 1996 17:31:29 +0800 Subject: Word lists for passphrases Message-ID: >AwakenToMe at aol.com, in a profound display of stubbornness, continues >to insist that his program to enumerate all possible words of length N >(that is, aaaaa, aaaab, aaaac, etc.) is somehow interesting. I am >therefore forced to drive in the nail with a sledgehammer. Forgive me. >------Cut Here------ >/* > This could be more elegant, but the point is obviousness. >*/ >#include > >int main() >{ > char i[6]; > > for (i[0] = 'a'; i[0] < 'z'; i[0]++) > for (i[1] = 'a'; i[1] < 'z'; i[1]++) > for (i[2] = 'a'; i[2] < 'z'; i[2]++) > for (i[3] = 'a'; i[3] < 'z'; i[3]++) > for (i[4] = 'a'; i[4] < 'z'; i[4]++) > printf("%s\n", i); >} >------Cut Here------ > >Perry I agree with you, but it could also be correct. Since the char array is allocated on the stack as an auto, its contents are not guaranteed. So i[5]='\0'; is needed as the first statement. And of course it will never include a 'z' because the '<' will not permit it. Replace all the '<' with '<='. Plus there is the small matter of non-ASCII character representations breaking the increments and comparisons. Oh, and don't forget that main() returns an integer. This will generate at least a warning from the compiler, since the code does not return anything. It may well return a random number or something that will be interpreted as an error code. (also less than a minute's work) ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From mpd at netcom.com Tue Jul 9 02:34:38 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 9 Jul 1996 17:34:38 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607090550.WAA28057@netcom14.netcom.com> In the message after his "Last Message on the Topic", "Mark M." writes: >> Since diabetes has an organic cause, this analogy with >> syndromes and disorders defined solely by behavioral >> percentages fails. > Incorrect. I am not certain if ADD has been definitely > linked to a lack of a certain neurotransmitter, but since it > shows up on a PET scan, it probably is. Even thinking about math shows up on a PET scan. Nothing disordered about that. I do it all the time. You seem to feel that if something can be detected scientifically, then it has some tangible existance beyond behavior and percentiles. Silly, because these things are tools of measurement too. Being able to reliably tell people apart based on some fallacious criteria does nothing to make the criteria less fallacious. > You say that a disorder defined only by behavioral percentage in > not a real disorder. If the number was far less than 10%, would > you then consider it a disease. No. I would look at the population distribution. If it was smooth and continuous and similar to other distributions associated with continuous normal variation of physical characteristics, I certainly wouldn't call it a disease. If some poor soul was sitting five standard deviations away from the norm, with a verifiable organic problem, then the hypothesis of disease would certainly be one worthy of investigation. > In an earlier message, you claimed that depression is an > actual disease. One-third of all Americans have some form > of clinical depression. Your logic escapes me. Depression is a normal human emotion as long as it is related to something sad in ones environment. Depression becomes a disease only when serious and inappropriate self-destructive behavior is likely, or when the mental state becomes endogenous, and unrelated to ones circumstances. Again, if I tried to define depression as "The least happy 33% of the population", that would be silly, regardless of whether true clinical depression existed. > It seems that the only people who think that drug treatment > is bad for people with disorders that can cause that person > to not reach his or her potential are those who have never > even been afflicted with a mental disorder. Nor do they > know much about the subject. Medicating a disease is fine. Recreational uses of relatively harmless intoxicants and are also fine. It is the inappropriate use of strong medicines with serious side effects by clueless people for vague criteria like "reaching his or her potential" that I have a problem with. > People have lost jobs because of ADD. People have lost jobs because they weren't physically strong, smelled bad, didn't have hair, or spoke English with an accent no one could understand. Do these people get "deficit disorders" too? Do we allow them to ingest potentially life-threatening and toxic chemicals in a vain attempt to pass everyone else in the Big Race Of Life(TM)? Face it. People are not all alike. Shit happens. Learn to adjust. Someday you'll find something you are good at, even if it's not public school. > I guess I am a True Believer. I believe that ADD exists. I believe that large feet exist. But I don't walk around with an axe trying to correct the problem and save the large-footed people the shame that comes from not being able to excel in the world of ballet dancing. > I also believe in the theory of Relativity. But can you derive it from a Lagrangian density without having to peek in the book? :) > Both of these are backed by hard evidence and nearly > unanimous agreement among specialists in these fields. There is absolutely no similarity between a hard science, like physics, and a collection of people who make money selling flim-flam to their disciples. > Of course, it's rather easy to dismiss something as a > misfortune which doesn't effect you personally. So the short, smelly, bald, big-footed people who can't do tensor calculus tell me. :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From panzer at dhp.com Tue Jul 9 02:49:08 1996 From: panzer at dhp.com (Matt) Date: Tue, 9 Jul 1996 17:49:08 +0800 Subject: Grubor remailer? (Was Re: Lucifer remailer) In-Reply-To: <199606272114.RAA04139@phoenix.iss.net> Message-ID: <4rsugh$evg@dhp.com> The joys of having mailing lists gatewayed to news, you find this stuff weeks late.... Sorry for the delay Alex F (alexf at iss.net) wrote: : > dhp is not "Grubor's domain," it's just a Pittsburgh ISP : > with liberal terms of service (which is why it can run : > remailers). Perhaps you're thinking of "manus.org"? : > : I thought that DHP is mostly Canadian. I know that Panzer deals w/ : them & he is running from Pitt. but I think that the others are : mostly from Canada. I work w/ a few of them, but they are not here : to ask about this (at the moment. They just went out for dinner). I : don't think that DHP (Data Haven Project) is really an ISP per se... DHP is an ISP. We are small, but this is mostly because we have a small dialin pool and are not trying to compete with all the local providers for people who are "learning the 'net". We are looking for people who are interested in a second account for privacy, and are at least competent to know what a "shell account" is. If you would want some more info, feel free to hit our web page (though it's partially out of date), or drop me some email. As to "grubor's domain" I'll be more than happy to tell you that DHP.COM is not his domain. Refer to the Grubor faq for more information on the number of Pittsburgh ISP's he's joined, etc... -- -Matt (panzer at dhp.com) DI-1-9026 "That which can never be enforced should not be prohibited." From perry at piermont.com Tue Jul 9 02:49:18 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 9 Jul 1996 17:49:18 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090459.VAA24458@netcom14.netcom.com> Message-ID: <199607090604.CAA11704@jekyll.piermont.com> Mike Duvos writes: > Similarly while there might very well be some disorder of > cognition for which amphetamines would be appropriate medication, > prescribing them on the basis of which 10% of the population > performs least well in the traditional "cells and bells" school > environment is not it. Fine, lets say that you are right, and that some number of children could use Ritalin. Is it your opinion that Tim May is qualified to diagnose children who do and don't need it? He appears to be claiming that he can. I will note, of course, that your contention about percentages and the likelyhood that something is a disease doesn't really wash very well. By your lights, then, heart disease couldn't be a "real" illness given that a lot more than 10% of the population suffers from it to one extent or another. Of course, we could simply redefine dying of a heart attack as "normal" and then we could be done. Sure, its possible that ADD is grotesquely overdiagnosed. Maybe its possible that 10% of the population has it and that most of them barely make it through life. Maybe its something in between. How do you know? Have you done any studies? Have you even read the scientific literature? > The fact that some claim to be able to demonstrate ADD by > "repeatable biological tests" carries no more weight than the > ability to repeatably demonstrate that a person is short of > stature by "repeatable tape measure tests." > > There is a difference between giving medication for a verifiable > organic problem, like insulin for diabetes, or growth hormone for > a pituitary defect, and giving it to the 10% shortest, or the 10% > most likely to call their teachers bleep words. How about giving people with hypertension blood pressure medication? I mean, they are just "out of the norm", right? I mean, there is a continuum of blood presures, yes? Why should we give the people at the top of the spectrum medications, just because high blood pressures are associated with vascular accidents? I suppose you don't understand what it might be like for someone to be unable to do their work no matter how heavy the threat against them if they don't, and no matter how easy it is. There are people out there who can't get themselves to pay a phone bill or throw out the newspapers for months on end -- they just can't get themselves to dance around into the task no matter how hard they try, no matter how great the threat (job loss, etc) to them is. Perhaps you would call such a person "crazy". After all, you reason, YOU never had any trouble doing any of those things. Maybe they are just complete fakers -- they just need a kick in the ass, right. Well, fine. Many such people, given a small dose of Ritalin, miraculously recover from their "crazyness", or their "faking" or whatever it is. They start paying their bills, writing the overdue reports at the office, listening in school, etc. They cease to play incessantly with fidget toys and they get on with their lives. Maybe you would prefer to "help" them by not letting them get medication. Maybe its "unnatural". Could you explain to me, however, how you are making their lives better by not giving them their meds? I mean, what concretely is better about their lives? > > Has it occurred to you that many of the children in > > question are happy being medicated, as are many adults? In > > any case, who are you to tell other people what's good for > > them? > > Again, to return to the height analogy, doctors have to throw > short parents seeking human growth hormone[...] You miss the point. You spoke of involuntarily medicated kids. Most of the kids aren't involuntarily medicated. > The price of giving the patient (or the patient's parents) > everything they want is [...] classrooms full of obedient > citizen-units in Soma-induced trances. Ritalin does not induce a zombie-like trance, as the numerous people on this mailing list who take it can tell you. Perry From jti at i-manila.com.ph Tue Jul 9 02:52:14 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 9 Jul 1996 17:52:14 +0800 Subject: Metered Phone Message-ID: <01BB6DA5.6DF00AE0@ip137.i-manila.com.ph> Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured... From jti at i-manila.com.ph Tue Jul 9 03:17:01 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 9 Jul 1996 18:17:01 +0800 Subject: Metered Phone Message-ID: <01BB6DA7.D17CBE80@ip75.i-manila.com.ph> Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured... From jti at i-manila.com.ph Tue Jul 9 03:20:57 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 9 Jul 1996 18:20:57 +0800 Subject: Metered Phone Message-ID: <01BB6DA6.38C8C0E0@Jerome Tan> Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured... From WlkngOwl at unix.asb.com Tue Jul 9 03:28:22 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 9 Jul 1996 18:28:22 +0800 Subject: FUD-Con V: DC Message-ID: <199607090640.CAA11873@unix.asb.com> On 8 Jul 96 at 14:10, winn at Infowar.Com wrote: [..] > Historically, civil defense has meant to protect citizenry against hostile > military actions. Today, with the specter of Information Warfare representing > new challenges to late-industrial and information age nation-states, the rules [..] Are these really "new" challenges? > - The Power grid is the basis of most of modern society. With it gone, > not much else happens. If you think this is just a matter of building more > generators, think again--what happens if the factories that *make* the > generators are taken down, too? You haven't lived in a hurricane prone area and lost your electricity for most of a month, have you? Many of the generators are already in place. The power grid is not centralised, so it's difficult to take down everything for a long period of time (long enough to be truly detrimental to a lot of people) quickly enough (that would require some non-informational real-life bombing and warfare). > - The Communications infrastructure: land, sea, air and satellite. 95% > military communications go over the public networks, and 100% of all financial > and industrial communications. Is it worth protecting? Is it so easy to take a whole network down? What about various radio operations (HAMs, Marineband, FM, etc.)? And don't forget automobiles and roads as last-resort communications. > - The Global Financial structure depends upon the first two > infrastructures, and is perhaps the most vulnerable to theft and denial of > service attack. 99+% of all "wealth" is digital--what happens if it vaporizes? I'm skeptical of that figure (many institutions maintain several printouts and have contingencies to do things by hand... for no other reason than computers go down without human interference). > - Transportation systems rely upon the other three. The air traffic [..] Not really. Automobiles and buses rely on very little. In major disasters there are ways to keep limited air and train traffic running. > Without all of these infrastructures properly and reliably functioning, the > private sector and the national security community cannot function. No heat, no [..] You sound as if you have not been in a place hit by natural disasters such as earthquakes, hurricanes, major floods, etc. These cause much more damange to infrastructures as well as human life than any organized action could, save for an all-out physical war. Life still manages to go on. > air conditioning, no food distribution, no light, no radio or TV, no Internet. > Are we prepared? Do we have a a crisis response for the day money as we know > it vanishes? Isn't that what FEMA is for? Do you want FEMA involved with the 'net? Or would you rather get the DoD, NSA, FBI also involved with "Emergency Management"?!? > Electronic Civil Defense will soon become a critical component of any nation's > well being while the needs of both the private sector and government converge. > The convergence of military and civilian interests that Mr. Schwartau predicted Yes... it's called key escrow. > two years ago is happening before our eyes. Defensive and commercial postures > have so intertwined as to make them indistinguishable. That still implies empowering the state rather than allowing entities (individuals and corporations) to protect themselves. I'm skeptical of much of the InfoWar hype. Yes, there are important security issues (data integrity and preservation). But these also cross over with non-info disaster preparations. I also question whether large corporations and banks have compatible interests with individuals. It seems entirely possible that measures could be taken to protect the former at the expense of the latter. It's also dangerous to give LEA's another bogeyman to use. Very dangerous. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jti at i-manila.com.ph Tue Jul 9 03:40:30 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 9 Jul 1996 18:40:30 +0800 Subject: Metered Phone Message-ID: <01BB6DA7.33F3C3C0@ip75.i-manila.com.ph> Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured... From jti at i-manila.com.ph Tue Jul 9 03:41:29 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 9 Jul 1996 18:41:29 +0800 Subject: Metered Phone Message-ID: <01BB6DA8.9B1FB3A0@ip75.i-manila.com.ph> Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured... From mpd at netcom.com Tue Jul 9 03:50:18 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 9 Jul 1996 18:50:18 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090604.CAA11704@jekyll.piermont.com> Message-ID: <199607090706.AAA03569@netcom14.netcom.com> "Perry E. Metzger" writes: > Fine, lets say that you are right, and that some number of > children could use Ritalin. Is it your opinion that Tim May > is qualified to diagnose children who do and don't need it? > He appears to be claiming that he can. I believe he is claiming that children are being overmedicated for the purposes of controlling their behavior, and that the hard scientific justification for this practice is lacking. > I will note, of course, that your contention about > percentages and the likelyhood that something is a disease > doesn't really wash very well. By your lights, then, heart > disease couldn't be a "real" illness given that a lot more > than 10% of the population suffers from it to one extent or > another. Of course, we could simply redefine dying of a > heart attack as "normal" and then we could be done. Again, I said that one should NEVER define a disease solely by percentages and subjective behavioral observations. Not that 10% was some sort of dividing point in doing so. Again, no one would try and define heart disease by the subjective observations of suddenly dropping dead, or of claiming chest pain. You would be lumping lots of diseases into one and learning nothing about their etiology. [snip] > How about giving people with hypertension blood pressure > medication? I mean, they are just "out of the norm", right? > I mean, there is a continuum of blood presures, yes? Why > should we give the people at the top of the spectrum > medications, just because high blood pressures are > associated with vascular accidents? Sorry, Perry. It is perfectly normal for blood pressure to vary all over the range for which medication is given. Some people need medication, others are just hyper because they hate going to the doctor, or because the elevator was broken and they just ran up several flights of stairs. Some of these people have vascular damage. Others do not. Again, we don't simply measure blood pressure and give pills to the people who fall in the top X%. Pressure anomalies have many many causes, and doctors do complete workups and a differential diagnosis, based on the best models of disease processes they have available, before prescribing medication. > I suppose you don't understand what it might be like for > someone to be unable to do their work no matter how heavy > the threat against them if they don't, and no matter how > easy it is. Such people may need to find more interesting work. There is such a thing as being bored out of ones skull, you know. > There are people out there who can't get themselves to pay a > phone bill or throw out the newspapers for months on end -- > they just can't get themselves to dance around into the task > no matter how hard they try, no matter how great the threat > (job loss, etc) to them is. > Many such people, given a small dose of Ritalin, > miraculously recover from their "crazyness", or their > "faking" or whatever it is. They start paying their bills, > writing the overdue reports at the office, listening in > school, etc. Some people would make the same claim for small doses of opiates. Or small doses of benzodiazepines, or phenothiazines, or ethanol. Ritalin was developed because there were political problems with medicating people for performance-related problems with methamphetamines while trying to conduct a loud and noisy War on Drugs(TM). > They cease to play incessantly with fidget toys and they get > on with their lives. Maybe you would prefer to "help" them > by not letting them get medication. Maybe its "unnatural". > Could you explain to me, however, how you are making their > lives better by not giving them their meds? I mean, what > concretely is better about their lives? If someone has some sort of cognitive disability which can be diagnosed and for which treatment with medication is appropriate, I have no problem with that. But vague claims that "Johnny won't sit still" hardly constitute such a workup. > You miss the point. You spoke of involuntarily medicated > kids. Most of the kids aren't involuntarily medicated. Let's see. At the beginning of this message, you were questioning Tim's qualifications to suggest kids were overmedicated. Now you are telling us that the kids are qualified to give informed consent to the very same thing. Hardly consistant, even for you Perry. > Ritalin does not induce a zombie-like trance, as the > numerous people on this mailing list who take it can tell > you. I think you need to cut your dose in half. :) Seriously, though, the really dumb thing in all of this is the constant pretending that drugs both do and don't have the ability to enhance performance. We vascilate between "Drugs are never the solution" and "Take this pill twice a day with a glass of water." This is a very mixed message indeed. One of the brightest guys I ever knew was a PhD Computer Scientist who was flying on cocaine 24 hours a day. His output was phenomenal, but I doubt he will be reading this message. He looked like a concentration camp inmate 10 years ago, and I doubt that he is alive today. TANSSAAFL, IMHO. From blancw at accessone.com Tue Jul 9 04:34:05 1996 From: blancw at accessone.com (blanc) Date: Tue, 9 Jul 1996 19:34:05 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <01BB6D31.67602580@blancw.accessone.com> From: Mike Duvos Of course, no amount of reason will disuade the True Believers from embracing yet another disease model, and we shouldn't expect that it would. But I think it is clear to many people that the forced medication of children for the convenience of those who take care of them is getting a bit out of control. ........................................................................ From a.brown at nexor.co.uk Tue Jul 9 05:03:03 1996 From: a.brown at nexor.co.uk (Andy Brown) Date: Tue, 9 Jul 1996 20:03:03 +0800 Subject: What remains to be done. Message-ID: <01BB6D79.86C7C4D0@mirage.nexor.co.uk> On 09 July 1996 02:04, John F. Fricker[SMTP:jfricker at vertexgroup.com] wrote: > One of these days Microsoft will officially release NT's IFS SDK. A few > "preliminary" and incomplete copies of a 1993 beta release do float around > but for a mere $50K there's a company that will sell you the complete source > for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the > Installable File System is one of the great powers of NT. You can do this with the existing device driver kit since they supply the entire source code to the AT hard disk driver. I took a look and decided that it would be too much work for me alone. They also seem to suggest that you can write "filters" that extend the capability of existing drivers. > So, if someone is interested in coughing up the $50K I know a couple NT > programmers just chomping at the bit to build cool IFS's like PGPDrive, etc. I'm one of them, but this low level device driver stuff makes me shudder! - Andy From blancw at accessone.com Tue Jul 9 05:22:08 1996 From: blancw at accessone.com (blanc) Date: Tue, 9 Jul 1996 20:22:08 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <01BB6D3B.DA8A10C0@blancw.accessone.com> From: Perry E. Metzger I suppose you don't understand what it might be like for someone to be unable to do their work no matter how heavy the threat against them if they don't, and no matter how easy it is. There are people out there who can't get themselves to pay a phone bill or throw out the newspapers for months on end -- they just can't get themselves to dance around into the task no matter how hard they try, no matter how great the threat (job loss, etc) to them is. ...................................................................... Drugs create a picture of coercion - where the mind is coerced into a state arrived at not by thoughtful consideration, but by round-about ways of achieving the desired result. This is what makes some people wary of them, but make them appealing to others who find this very feature attractive - that they can get results without having to think about it. There are times when people have been totally unmotivated to take care of themselves or the mundane matters in life because they were not involved in the pursuits which were of true value to them, and life "lost its meaning". Putting one's priorities into perspective can do a lot towards feeling motivated to attend to life's minor contingencies, while elevating the lesser items to the top of the hierarchy can totally dissipitate one's energies and interest. What if someone was working at a "practical" kind of job, living the kind of life prescribed by someone else, when what they really wanted to do was something related to fine art or other field, living a different kind of "life-style"? This could be so depressing that subconsciously they would finally rebel from supporting that false existence, and find themselves with no energy to move. Maybe Ritalin could make them forgot their true interest which was lying dormant, pushed away by who-knows-what kind of arguments against it, and help them to start paying attention again to those mundane, irrelevant aspects of existence. Maybe it could help them forget the *point* of their existence and they could attend to ordinary things which are easily understood and accomplished without too much creative energy. Maybe Ritalin could help force them to pay attention, in spite of the protest from their submerged psychology. Maybe. In taking 'beneficial' drugs there's always a question of whether someone's mind is being helped into awareness or overpowered into submission, even if the results seem to be acceptable to everyone. You're right, Perry, that no one should be making that decision for others. I do think, though, that achieving self-command by a conscious knowledge of what is right for one's nature is actually the most beneficial (and less controversial). (But I wonder how this would apply to crypto. Hmmmmmmm - only in reference to those evil old men in the govmt who......might allow it to be prescribed indiscriminately.) .. Blanc From JR at ns.cnb.uam.es Tue Jul 9 05:25:56 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Tue, 9 Jul 1996 20:25:56 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960709113758.21004cc9@ROCK.CNB.UAM.ES> "Perry E. Metzger" says: >Timothy C. May writes: >> At 1:14 PM 7/7/96, Simon Spero wrote: >> >On Sat, 6 Jul 1996, Timothy C. May wrote: >> >> >> >> When the mother (a single mother, as this is California) drops her son off >> >> with my friend (also single, of course), she includes several "Ritalin" >> >> capsules with instructions on how to dose her son with this >> >> depressant/behavior modification drug. >> > >> >Er... Tim... Ritalin is an amphetamine. >> >> Whatever. It acts as a calmant/tranquilizer/depressant on many. > >Only those who have ADD, which you claim doesn't exist. > >> (As with many drugs, there are apparently paradoxical effects. Alcohol is a >> downer for some, and upper for others.) > >Alcohol is a CNS depressant for all. Lowering inhibitions tends to >make people relax and "party", but it doesn't have particularly >paradoxical effects. > >.pm > Sorry, but that's wrong. There must be some understanding of what's actually going on. Brain is not just a simple linear device. It's complex. And that goes to Tim's original point: Society is made by humans with brains that are complex but which try to use simple models to understand reality. Let me show with your own example. Alcohol *is* a depressant. But it doesn't act equally on all the CNS. It acts faster on one part of it whose role is to depress all the rest of the CNS. So, first alcohol depresses a depressor and therefore acts as a stimulant. If you maintain your levels of alcohol there the rest of your brain will be above its threshold and keep stimulated. Only if you pass that threshold the rest of the brain will be depressed. That's what alcohol drinking cultures like mine call "knowing how to drink". But then we don't know about taking cocaine (like some centroamerican cultures do) for instance. Same happens when you take other drugs (in their own context). It's only when you simplify or make a generalization that it gets dangerous. And same goes for society. If you have a society that teachs people how to drink you'll have less problems than one that doesn't. Or that teachs how to eat coca leaves avoiding the pure drug. Or that teaches you that curare is OK eaten -as it is- but letal in the blood (which allows survival for many tribes). That's were Tim's argument comes into cypherpunkish arena. If you teach people that it is easier to calm down hyperactive people, or solve all problems by increasing mind control and surveillance you can't complain of a police state. OTOH if you can teach people were to stop (as with alcohol) and that simple models just don't work you'll be on the road to a better system. I agree there is people that can benefit from drugs. But being a MD PhD myself too, I also know that the amount that really needs them is a minuscule proportion. Most times it is just a convenience for doctors, family, fathers or society. Though good doctors agree it would be better if they could avoid the drugs at all in most cases of mental disease. Same happens with surveillance: we benefit from some control to stop those few, exceptional, deep criminals that are better stopped in advance, but we don't really need as much as we have. There are better solutions, but it's far more convenient for power-holders to increase surveillance than to really address the underlying problems. But, IMHO, as long as we keep allowing many people to use simple and "convenience" models to quickly fix symptomps instead of addressing the real problem (like, e.g. making a greater effort in the education of their children), we are stating the basis for a future, more restrictive, controlling and "convenience" system. We need both, to educate people on a more responsible course of action, and develop tools to stop or make more difficult or less convenient the easy and fast solution of increasing surveillance instead of addressing the underlying problem. And that's where cryptography comes to help equate the balance and increases presure on power-holders into worrying more by decreasing the convenience of surveillance. That is, all in my most very humble opinion. jr From erehwon at c2.org Tue Jul 9 05:55:23 1996 From: erehwon at c2.org (William Knowles) Date: Tue, 9 Jul 1996 20:55:23 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On July 8th, 1996 Herr Doctor Duvos wrote: >Medicating a disease is fine. Recreational uses of relatively >harmless intoxicants and are also fine. It is the inappropriate >use of strong medicines with serious side effects by clueless >people for vague criteria like "reaching his or her potential" >that I have a problem with. I have a problem with people like Mike Duvos who think that folks like myself and others on this list with ADD use having ADD as a crutch for being fidgety, not getting their work done on time, or worst yet, Fired. I wish people like Mr. Duvos could walk a mile in my shoes before making off the cuff remarks, I wish I could get jobs done on time, I wish that I could finish one project before starting three more! My office looks like someone tossed a hand grenade in it, Proposals to the left, Job quotes to the right, jobs is various states of completion, Lost jobs to my inattentivness to my clients, Lost good clients because of having ADD and not knowing it! I wish I would have known about ADD eariler than now, I might not have been the complete fuck-up that I was in school, and worst than that, The nearly ten years after high school. One of my wishes did come true, and that was finding out that I do have ADD. Ritalin has been a godsend, I am able to dialin when I have to. Ritalin is not the only drug for treating ADD, Prozac works for some. There are times when I need the boundless energy to find time to be creative and I stop taking my meds, but its only for short periods, I remember all too well what I was like without knowing what the problem was with work, love, and life in general. Below is a list of famous people with Attention Deficit Disorders and/or Learning Disorders, and I'd be willing to bet that Perry Metzger either has, or knows someone with ADD. Albert Einstein, Galileo, Mozart, Wright Brothers, Leonardo da Vinci, Bruce Jenner, Tom Cruise, Charles Schwab, Henry Winkler, Danny Glover, Walt Disney, John Lennon, Winston Churchill, Henry Ford, Stephen Hawkings, Jules Verne, Alexander Graham Bell, Woodrow Wilson, Hans Christian Anderson,Beavis, Nelson Rockefeller, Thomas Edison, Gen. George Patton, Agatha Christie, John F. Kennedy, Whoopi Goldberg, Rodin, Thomas Thoreau, David H. Murdock, Dustin Hoffman, Pete Rose, Russell White, Jason Kidd, Russell Varian, Robin Williams, Louis Pasteur, Werner von Braun, Dwight D. Eisenhower, Robert Kennedy, alberto Tnmba Prince Charles, Gen. Westmoreland, Eddie Rickenbacker, Gregory Boyington, Harry Belafonte, F. Scott Fitzgerald, Steve McQueen, George C. Scott, Tom Smothers, Lindsay Wagner, George Bernard Shaw, Beethoven, Carl Lewis, Jackie Stewart, "Magic" Johnson, Weyerhauser family, Wrigley, John Corcoran. One can only wonder how much more great some of the people on this list would be today if they knew ADD back then. William Knowles erehwon at c2.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMeI+wgURbnwsNLz5AQHM6AP/Zln3eu50jKdhkER4Go3uBp0a4zlVUYti pW71AHLR8VydFaMM7iJFhYmv7vgFeuA1cAo27Hq1Pb8LZ/uucPRACKI8ku/XsVHh 9wdPsEKXMo0pHftnVHmuFb3dVtAA9jYKfGw3SwpktNkACQMvGHU2Z5+DkbetvSZm xrMSjCpxlvM= =ucXF -----END PGP SIGNATURE----- -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- From unicorn at schloss.li Tue Jul 9 06:26:05 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 9 Jul 1996 21:26:05 +0800 Subject: Pseudo-DC-net Project In-Reply-To: Message-ID: On Tue, 9 Jul 1996, Mark M. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On 8 Jul 1996 janke at unixg.ubc.ca wrote: > > > > > Thank you for the comments, but I'm not sure I fully understand them > > all. First of all what is a TLA? Second of all, and this seems to be > > A TLA is a Three Letter Acronym. Such examples would be FBI, NSA, DEA, and > CIA. Yes, but it _stands_ for Three Letter Agency. (Or at least I always thought so) From JR at ns.cnb.uam.es Tue Jul 9 06:26:56 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Tue, 9 Jul 1996 21:26:56 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960709122701.21003a36@ROCK.CNB.UAM.ES> "Perry E. Metzger" says: Mike Duvos writes: > Perry Writes: > > > Most people would have no particular urge to stop a child with > > diabetes from taking her insulin. Your friend seems to have the sick ... ... > Since diabetes has an organic cause, this analogy with syndromes and > disorders defined solely by behavioral percentages fails. 'fraid not. ADD has an organic cause, and can be detected with reproduceable biological tests. Agreed, but the point is IMHO that not everybody that takes it do actually need it, and that it is worst for them as well as for the rest of us (indirectly). And I don't think there's any point in denying there is a strong and widespread abuse of "easy solutions" (like government mandated key scrow for instance). >Admittedly, ADD is nonfatal, and I will agree that the analogy breaks >down there. I will also agree that it may be overdiagnosed -- that is, >misdiagnosed by sloppy practitioners. That does not mean it isn't real. > That's it. Agreed again. .... >Has it occurred to you that many of the children in question are happy >being medicated, as are many adults? In any case, who are you to tell >other people what's good for them? > >Perry Wrong. Many people feel happy taking antibiotics for a cold. But it is worst for the vast majority of them. A cold is produced by viruses on which no antibiotic is effective. But they kill their natural baterial barrier, making them more prone to a serious disease. And they select AB-resistant bacteria which will spread to other innocent people later. Anyway, I'm nobody to tell them to stop killing themselves. But *I* am ENTITLED to tell them not to kill *ME* by selecting resistant microorganisms when they take antibiotics they shouldn't. For *I* will have to stand those myself later. I don't tell them what's good for them. I do tell them what's BAD for ME. As well as I tink I'm not entitled to forbid anyone to smoke, but I am to expect they not to in my presence and to respect my health if I politely ask them so. I am not entitled to say which crypto anyone has to use. But I am entitled to expect no one will force me into using one that will be worst for me in the long run. And would rather prefer if people knew what they do and the extent on which they can rely on crypto when they use it. jr From JR at ns.cnb.uam.es Tue Jul 9 06:34:55 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Tue, 9 Jul 1996 21:34:55 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960709124751.21003a36@ROCK.CNB.UAM.ES> Hey Perry, I think you are taking this too far. I believe that almost nobody (there are always some exceptions) will deny the existence of disease. And while Tim may not be a great doctor and even totally wrong in the case he stated, the original point was not to discuss a specific medical case. You may -or not- agree that there is abuse. You may -or not- be esceptical on the statistics. But there is no point in denying that it is far easier in most cases to fix the symptoms than actually solve the problem. Not that I say doctors do. God forbids. And from the very onset Tim explained his point in not building a mental control society. And there's no point in denying that it is far easier for most societies to have full mental control of their subjects (to which technology aids) than to fix the big social problems. If you can't see the parallel, I'd advise a visit to the doctor. Not to consult him, but to stay with her or him for a while and see what patients demand and how well educated is our society into looking deep to the problems instead of taking shortcuts. My experience as MD before I switched to computing was very illustrating. Long ago, granted, but interesting indeed. jr From JR at ns.cnb.uam.es Tue Jul 9 06:38:40 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Tue, 9 Jul 1996 21:38:40 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960709120112.21003a36@ROCK.CNB.UAM.ES> > >Yeah, you know, I bet your body doesn't get infected for lack of >penicillin, either. I suspect that taking Penicillin prepares you for >drug dependancies. Why, next, you might take insulin to deal with >diabetes, or worse! > Or worse! You could take penicillin for an infection. Why the hell do you think we need doctors? And antibiotics beyond penicillin? Just because too many damn schmuck take it for almost anything, and have been creating resistences giving the rest of us worst, resisting diseases that were originally easy to treat and are now letal. >Thank god most of those heroin addicts never had Ritalin as kids -- you >never know how much worse off they might be now. And if they'd gotten >antibiotics, why, forget it. > >Quit from modern medicine cold turkey. Its the only way. > >Perry The thing to remember is always that there's a place for everything under the sun, but that one shouldn't allow it to extend beyond reasonable ground or look upon it as some magic solution to everything. There's a place for crypto. It's been OK while only a few guys used it because only a few guys needed it. But when we talk about allowing the government to impose a crypto policy that will allow them to have more power than needed, we are stating the basis for future, worst diseases. You speak of insulin. Most diabetics can just manage with a good diet. Even insulin dependant ones can make dietary excesses from time to time if they know how to. Giving those who don't need it insulin or forbidding the occasional party to those who depend on insulin -as has been done by doctor for years- is teaching people to depend on "doctor's control magic" or "drug control magic". It's as bad encouraging people who don't need a drug to take it as encouraging people to believe doctors won't make mistakes. It's as bad to let people believe that strong crypto for them will solve their problems as encouraging them to believe that they should leave all crypto control on the government's hands because they won't make mistakes or abuses. So what? We need strong crypto as we need strong antibiotics, but we also need to teach people when and how to use it, what its pros and cons are, and form people into a more conscious use of technology and not to believe in crypto- drug- or technology-magic at all. jr From asgaard at sos.sll.se Tue Jul 9 06:55:03 1996 From: asgaard at sos.sll.se (Asgaard) Date: Tue, 9 Jul 1996 21:55:03 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090550.WAA28057@netcom14.netcom.com> Message-ID: Regarding the 'paradoxical' effect of speed on children: It seems that age might not be the deciding factor. Scanning abstracts of Medline articles on the subjects of methylfenidate AND , 469 hits in English, I found the one below. Perhaps the Swedish speed epidemia in the 60-70's, now having sort of a comeback, was/is partly self-medication. Note that this is about ADULTS and that the research was made in 'The Peoples Republic of Massachusetts' (as someone just called it). That these guys calm down on a drug that makes most people the other way around suggests a structural difference; that some of us are suffering from 'Ritalin deficiency'. *********************************************************************** Spencer T. Wilens T. Biederman J. Faraone SV. Ablon JS. Lapey K. Pediatric Psychopharmacology Unit, Massachusetts General Hospital, Boston, USA. A double-blind, crossover comparison of methylphenidate and placebo in adults with childhood-onset attention-deficit hyperactivity disorder. Archives of General Psychiatry. 52(6):434-43, 1995 Jun. Abstract BACKGROUND: There are few controlled studies of methylphenidate hydrochloride in adults with attention-deficit hyperactivity disorder (ADHD), and their results have been equivocal. The discrepancies among these studies may be related to low doses, diagnostic uncertainties, and lack of attention to comorbid disorders. METHODS: We conducted a randomized, 7-week, placebo-controlled, crossover study of methylphenidate in 23 adult patients with DSM-III-R ADHD using standardized instruments for diagnosis, separate assessments of ADHD and depressive and anxiety symptoms, and a robust daily dose of methylphenidate hydrochloride, 1.0 mg/kg per day. RESULTS: We found a marked therapeutic response for methylphenidate treatment of ADHD symptoms that exceeded the placebo response (78% vs 4% P < .0001). Response to methylphenidate was independent of gender, psychiatric comorbidity with anxiety or moderate depression, or family history of psychiatric disorders. CONCLUSION: Robust doses of methylphenidate are effective in the treatment of adult ADHD. *********************************************************************** Asgaard From gdunn at sciborg.uwaterloo.ca Tue Jul 9 08:53:58 1996 From: gdunn at sciborg.uwaterloo.ca (Graham Dunn) Date: Tue, 9 Jul 1996 23:53:58 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <9607091205.AA12696@mailserv.kirin.co.jp> At 2:32 96.7.9 -0700, William Knowles wrote: >Below is a list of famous people with Attention Deficit Disorders >and/or Learning Disorders, and I'd be willing to bet that Perry Metzger >either has, or knows someone with ADD. > >Albert Einstein, Galileo, Mozart, Wright Brothers, Leonardo da Vinci, >Bruce Jenner, Tom Cruise, Charles Schwab, Henry Winkler, Danny Glover, >Walt Disney, John Lennon, Winston Churchill, Henry Ford, >Stephen Hawkings, Jules Verne, Alexander Graham Bell, Woodrow Wilson, >Hans Christian Anderson,Beavis, Nelson Rockefeller, Thomas Edison, >Gen. George Patton, Agatha Christie, John F. Kennedy, Whoopi Goldberg, >Rodin, Thomas Thoreau, David H. Murdock, Dustin Hoffman, Pete Rose, >Russell White, Jason Kidd, Russell Varian, Robin Williams, Louis Pasteur, >Werner von Braun, Dwight D. Eisenhower, Robert Kennedy, alberto Tnmba >Prince Charles, Gen. Westmoreland, Eddie Rickenbacker, Gregory Boyington, >Harry Belafonte, F. Scott Fitzgerald, Steve McQueen, George C. Scott, >Tom Smothers, Lindsay Wagner, George Bernard Shaw, Beethoven, Carl Lewis, >Jackie Stewart, "Magic" Johnson, Weyerhauser family, Wrigley, John Corcoran. > >One can only wonder how much more great some of the people on this list would >be today if they knew ADD back then. > > >William Knowles >erehwon at c2.org OTOH, one could argue that their lack of attention to daily matters was what allowed them to be 'great' in the first place. Picture a Mozart on Ritalin. Boss - "Hey, Wolfgang, thanks for getting that presentation together so quick, it really impressed our client. And that was a really snappy jingle you wrote for the opening slide show, too ..." So, he's a 'great' worker at the office, and undoubtably undergoes nowhere near the mental stress he would off Ritalin. But I cannot, for the life of me, imagine _this_ man writing the music that the non-medicated Mozart did. So should the medication you take be decided by the area in which you want to be successful ? (or even better, vice versa: Personality engineering, here we come). Regards, Graham Dunn --- No PGP signature. Who would _want_ to impersonate me ? From pgut001 at cs.auckland.ac.nz Tue Jul 9 09:06:17 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Wed, 10 Jul 1996 00:06:17 +0800 Subject: Transforming variable- to fixed-length keys Message-ID: <199607091229.AAA22215@cs26.cs.auckland.ac.nz> >For iteration-0, CFB (or some other feedback mode)-encrypt the passphrase from >the input buffer to the output buffer (assuming the library doesn't require >that the plaintext and ciphertext be in the same buffer) This doesn't work because the input and output buffer will almost always be of different lengths. >Questions: Are you using the previous chaining-variables/hash for each >successive chunk? No. Each chunk is a new hash with , where defaults to SHA1. Since (for SHA1) 64 bytes of input affect each 20 bytes of output, I don't think there's much need for chaining. I'm trying to keep the specification as simple and easy to check as possible (one of the problems with the PGP data management was that it was rather complex and hard to follow. I suspect it would be difficult to implement a compatible version going only from a written specification). >How do you pad passphrases that are smaller than the minimum input for a hash >function? The input wraps, just like the output, so for example the letter "a" would be hashed as: aaaaaa[...] >Hash the user's input, prepended with a 0x00. Use this for the first 0..160 >bits of key. If more than 160 bits is needed, write over the 0x00 with 0x01. >Hash again. This is much like your solution, but no wrapping. Note there is no >problem truncating hash output. That's another possibility. The only thing here is that you're only changing one byte for each pass, and I'm not sure if this is healthy. I'll see what the sci.crypt crowd (those who've survived the spamming) has to say about this - it may actually be stronger than my increment-by-one method if you're worried about related-key cryptanalysis. Peter. From JR at ns.cnb.uam.es Tue Jul 9 10:45:01 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Wed, 10 Jul 1996 01:45:01 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960709155621.21003a36@ROCK.CNB.UAM.ES> >One can only wonder how much more great some of the people on this list would >be today if they knew ADD back then. > That a fallacy. First, there's no way to know what they suffered if anything at all. Second, there's no way to know what would have happened. Third, there's what they themselves said. I know of many people who has your same signs. Hey you should see *my* office. And you should have seen it when I could devote myself to interesting things instead of XXXX(whateverI don't like) crap. Someone said about a kid not concentrating on grammar. Hell, I couldn't stand half of my professors in class, though I would perfectly listen to the same subject with other people. I don't know about you and don't pretend to tell you anything. But there are lots of cases in which the problem is *on the other side* (society, teachers, work, parents, priests, erroneous expectatives). I wonder how can we know from the external manifestations that those people were ADD and not just brilliant guys with dull teachers. As for those people you mentioned. Maybe if they had prozac they would have been perfect, quiet and compliant citizens, concentrated on what the power-that-be asked them to do. Think of Einstein happily working for Hitler, not worried about other themes (like ethical implications for instance). Thing is, it's very easy to keep everybody uniform. Easier than giving equal opportunities to less-good workers or allowing one to attempt many projects lest one succeeds and changes the stablishment! Let's make everyone into a uniform clone, and those who can't be made -say Down syndrome people- be exterminated. Let's enterprising people be forced into non-creative jobs, and if they don't like, be given drugs. Yeah! Let's monitor what everybody says, detect those guys who spend too much time at work reading cypherpunks or worrying about politics (which is not their job) and control them. Let's tap all their conversa- tions and force them to fit our idea of a uniform world of mediocre wits who just work perfectly in what we tell them and never question anything. I also wonder how those people you mentioned would have been allowed to do such great discoveries and destroy the grounds of their societies under the society we are heading to. "The World turning around the Sun? C'mon! Everybody knows it is flat and the Center of the Universe. That Galileo guy is obviously sick. Let's calm him down with some drugs so he can concentrate on Theology as it should well be"... Sorry, I think we need unfitted people, feeling unhappy about the society to make it evolve. jr From smith at sctc.com Tue Jul 9 11:15:19 1996 From: smith at sctc.com (Rick Smith) Date: Wed, 10 Jul 1996 02:15:19 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: At 8:01 PM 7/8/96, John F. Fricker wrote: >Ever hear of home schooling? Home schooling has its own set of disadvantages. I've done enough teaching to respect it as a profession, especially when dealing with a small, evolving set of students. I also respect my own limitations. >Seems like if your child needs drugs to go to school than perhaps school is >the problem not that your child's body lacks Ritalin. I tend to agree, but it doesn't make the problem any easier to solve. Another alternative to Ritalin would simply be to let him struggle with school. It worked for me, I guess. >So it happens that I was talking with a fellow Saturday who grew up on >Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for >drugs, you know. They were natural. I definitely see that as a risk. Without knowing how his parents and associated medical gurus (if any) were managing the drug, it's hard to tell if the situations are parallel. Life without Ritalin prepared me for a life as a coffee addict, I guess. Rick. From hua at XENON.chromatic.com Tue Jul 9 11:16:11 1996 From: hua at XENON.chromatic.com (Ernest Hua) Date: Wed, 10 Jul 1996 02:16:11 +0800 Subject: stupid national security excuse again ... Message-ID: <199607091410.HAA28836@ohio.chromatic.com> Ok. Not that I really care, at this point, who really killed Kennedy or whether there was this or that conspiracy, but I am really sick of this bull shit "national security" excuse. What kind of "national security" excuse could there be for the CIA to say whether they confirm or deny the employment of some guy (whom they could easily discredit by saying that they have nothing to do with him)? This sort of maneuvoring by (insert your favorite TLA) is just exactly why I am so against encryption regulation by the government. They can snowjob anyone just by saying "national security". Ern -------- COURT REJECTS BID FOR FACTS ON ALLEGED KENNEDY PLOTTER REUTERS SAN FRANCISCO - A federal appeals court Monday rejected a bid to force the Central Intelligence Agency (CIA) to disclose whether it employed a man who claimed he was involved in the murder of President John F. Kennedy. The 9th U.S. Circuit Court of Appeals in San Francisco denied an appeal by a California judge who sued to try to force the CIA to disclose information about Claude Capehart. Capehart, who died in 1989, claimed to have been a CIA agent involved in the November 1963 assassination of Kennedy in Dallas, according to the court ruling. In February 1992, David Minier, a municipal court judge in Chowchilla, California but acting as a private citizen in this case, made a Freedom of Information Act request to the CIA to say whether the agency had ever employed Capehart. Minier, 61, later asked the CIA for all records of the ''activities, assignments, actions and whereabouts of (Capehart) during the month of November 1963,'' according to the Appeals Court ruling. The CIA denied Minier's request, saying that to confirm or deny a relationship between the CIA and Capehart ``would jeopardize national security and compromise CIA sources and methods,'' the ruling said. ... From maldrich at grci.com Tue Jul 9 12:19:35 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Wed, 10 Jul 1996 03:19:35 +0800 Subject: FUD-Con V: DC In-Reply-To: <199607090640.CAA11873@unix.asb.com> Message-ID: On Tue, 9 Jul 1996, Deranged Mutant wrote: > You sound as if you have not been in a place hit by natural disasters > such as earthquakes, hurricanes, major floods, etc. These cause much > more damange to infrastructures as well as human life than any > organized action could, save for an all-out physical war. Life still > manages to go on. > > > air conditioning, no food distribution, no light, no radio or TV, no Internet. > > Are we prepared? Do we have a a crisis response for the day money as we know > > it vanishes? > > Isn't that what FEMA is for? Do you want FEMA involved with the > 'net? Or would you rather get the DoD, NSA, FBI also involved with > "Emergency Management"?!? > I'm running one of the panels at this conference, and it's exactly these issues that I, too, was wondering about. I've got the head of INFOSEC for FEMA and a National Planning Associate for the American Redcross on the panel with me. These are the guys who DO the stuff you're talking about - making sure that we can survive a hurricane, etc., with the minimal damage. In working with them on the INFOWAR issues, I don't think that anyone's going to be really pleased with what they have to say. Expecting FEMA to be covering national INFOSEC disasters would be logical, but I don't know if anyone mentioned it to _them_. And, if you think the DoD *ISN'T* involved in emergency management, you're wrong. I was very surprised, when working with the American Redcross National HQ on this conference, how much classified information the Redcross handles, and how tightly integrated they are with DoD 'liason' offices. And if Dole wins (God forbid), just wait and see what happens. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From stevenw at best.com Tue Jul 9 12:40:08 1996 From: stevenw at best.com (Steven Weller) Date: Wed, 10 Jul 1996 03:40:08 +0800 Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability Message-ID: Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability From: CERT Bulletin Newsgroups: comp.security.announce, rec.humor ============================================================================= CERT(sm) Advisory CA-96.13 July 4, 1996 Topic: ID4 virus, Alien/OS Vulnerability - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports of weaknesses in Alien/OS that can allow species with primitive information sciences technology to initiate denial-of-service attacks against MotherShip(tm) hosts. One report of exploitation of this bug has been received. When attempting takeover of planets inhabited by such races, a trojan horse attack is possible that permits local access to the MotherShip host, enabling the implantation of executable code with full root access to mission-critical security features of the operating system. The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1 or later, and all versions of Microsoft's Windows/95. CERT advises against initiating further planet takeover actions until patches are available from these vendors. If planet takeover is absolutely necessary, CERT advises that affected sites apply the workarounds as specified below. As we receive additional information relating to this advisory, we will place it in ftp://info.cert.org/pub/cert_advisories/CA-96.13.README We encourage you to check our README files regularly for updates on advisories that relate to your site. - ----------------------------------------------------------------------------- I. Description Alien/OS contains a security vulnerability, which strangely enough can be exploited by a primitive race running Windows/95. Although Alien/OS has been extensively field tested over millions of years by EvilAliens, Inc., the bug was only recently discovered during a routine invasion of a backwater planet. EvilAliens notes that the operating system had never before been tested against a race with "such a kick-ass president." The vulnerability allows the insertion of executable code with root access to key security features of the operating system. In particular, such code can disable the NiftyGreenShield (tm) subsystem, allowing child processes to be terminated by unauthorized users. Additionally, Alien/OS networking protocols can provide a low-bandwidth covert timing channel to a determined attacker. II. Impact Non-privileged primitive users can cause the total destruction of your entire invasion fleet and gain unauthorized access to files. III. Solution EvilAliens has supplied a workaround and a patch, as follows: A. Workaround To prevent unauthorized insertion of executables, install a firewall to selectively vaporize incoming packets that do not contain valid aliens. Also, disable the "Java" option in Netscape. To eliminate the covert timing channel, remove untrusted hosts from routing tables. As tempting as it is, do not use target species' own satellites against them. B. Patch As root, install the "evil" package from the distribution tape. (Optionally) save a copy of the existing /usr/bin/sendmail and modify its permission to prevent misuse. - --------------------------------------------------------------------------- The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for providing information for this advisory. - --------------------------------------------------------------------------- If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (FIRST). We strongly urge you to encrypt any sensitive information you send by email. The CERT Coordination Center can support a shared DES key and PGP. Contact the CERT staff for more information. Location of CERT PGP key ftp://info.cert.org/pub/CERT_PGP.key CERT Contact Information - ------------------------ Email cert at cert.org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30-5:00 p.m. EST (GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 USA CERT publications, information about FIRST representatives, and other security-related information are available for anonymous FTP from http://www.cert.org/ ftp://info.cert.org/pub/ CERT advisories and bulletins are also posted on the USENET newsgroup comp.security.announce To be added to our mailing list for CERT advisories and bulletins, send your email address to cert-advisory-request at cert.org Copyright 1996 Carnegie Mellon University This material may be reproduced and distributed without permission provided it is used for noncommercial purposes and the copyright statement is included. CERT is a service mark of Carnegie Mellon University. -- Moderators accept or reject articles based solely on the criteria posted in the Frequently Asked Questions. Article content is the responsibility of the submittor. Submit articles to ahbou-sub at acpub.duke.edu. To write to the moderators, send mail to ahbou-mod at acpub.duke.edu. ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From smith at sctc.com Tue Jul 9 12:44:20 1996 From: smith at sctc.com (Rick Smith) Date: Wed, 10 Jul 1996 03:44:20 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <199607091507.KAA21447@shade.sctc.com> Tim writes more about Ritalin: >From what I've read--and I'm no expert, having long had essentially the >_opposite_ of "attention deficit disorder," assuming it really even >exists!--most children getting Ritalin are just being sedated. Behavior >control in its purest form. While the kids stop their wandering attention >and constant physical motions, it's because they're in a mental fog, just >one step away from drooling. (The 8-year-old friend of my friend's son is >so zoned out he can't play video games well at all...until the drugs wear >off.) That's very interesting, especially the part about video games. It sounds like overdosing to me. My wife says that a Ritalin overdose can also affect your heart rate and ability to sleep. Regarding video games, we went through some elaborate assessment process before Alex ended up on Ritalin. The school people did an assessment declaring he wasn't "learning disabled" but may have ADHD. Then he saw a behavioral psychologist for a few hours of observation, yielding the diagnosis. Lastly a different psychologist measured his behavior using some computer based game/test. The actual dosage was calibrated according to his effectiveness on the game/test, which involved memory, coordination, and ability to concentrate on something fundamentally boring. The test was performed 3 times to compare his performance before and after dosage. The point of all this is that there are other ways of using Ritalin. I don't think I'd tolerate its use on Alex if I didn't trust my wife. She has a much better background in such things than I, as well as a family doctor's experience with seeing the results of drug abuse. >>BarelyObCrypto: ADD is more about lack of attention *control* than lack of >>attention itself. Hyperfocus is also a trait of ADHD, and computers tend to >>cause hyperfocus for a lot of ADDers. >BTW, I saw a comment that Bill Gates is almost certainly an ADD person...or >maybe the comment was that he is borderline autistic? This matches my own experiences with ADHD. That's the thing about the raw phenomenon and its overall lifestyle effect: you either find your niche and do OK, or you get sidelined. Rick. From jfricker at vertexgroup.com Tue Jul 9 12:47:43 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Wed, 10 Jul 1996 03:47:43 +0800 Subject: What remains to be done. Message-ID: <2.2.32.19960709151241.0079c304@vertexgroup.com> At 09:32 AM 7/9/96 +0100, Andy Brown wrote: >On 09 July 1996 02:04, John F. Fricker[SMTP:jfricker at vertexgroup.com] wrote: > >> One of these days Microsoft will officially release NT's IFS SDK. A few >> "preliminary" and incomplete copies of a 1993 beta release do float around >> but for a mere $50K there's a company that will sell you the complete source >> for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the >> Installable File System is one of the great powers of NT. > >You can do this with the existing device driver kit since they supply the >entire source code to the AT hard disk driver. I took a look and decided >that it would be too much work for me alone. They also seem to suggest that >you can write "filters" that extend the capability of existing drivers. > >> So, if someone is interested in coughing up the $50K I know a couple NT >> programmers just chomping at the bit to build cool IFS's like PGPDrive, etc. > >I'm one of them, but this low level device driver stuff makes me shudder! > > >- Andy > > That's why the IFS SDK is so important. Writing device drivers is one thing and nasty at that but the IFS is higher level and exactly what is needed to create a PGPDrive that could exist on scsi, ide, tape, network drives, floppies, cd-roms, etc. A device driver implementation would be married to a particular controller type. --j From sunder at dorsai.dorsai.org Tue Jul 9 13:04:28 1996 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Wed, 10 Jul 1996 04:04:28 +0800 Subject: Put Uncle Sam in your Calling Circle Message-ID: Hey guys, I just got a really cool poster from RSA. It's a big circle split off into several sections showing people talking to each other, the upper right hand corner shows two NSA dweebs looking like Bevis & Butthead in suits, one smoking, the other seated infront of an old 60's reel to reel audio tape recorder, a sign on the wall behind them says "Key Escrow" There are several logos for various government agencies including our friends at No Such Agency and the FBI, a small quote next to the Copyright (C) RSA notice says "One of a series of public relations posters that never made it out of Fort Mede." Very very funny! Many many thanks to the cool person(s) at RSA who sent it my way. ========================================================================== + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK|AK| do you not understand? |======= ===================http://www.dorsai.org/~sunder/========================= Key Escrow Laws are the mating calls of those who'd abuse your privacy! From smith at sctc.com Tue Jul 9 13:39:01 1996 From: smith at sctc.com (Rick Smith) Date: Wed, 10 Jul 1996 04:39:01 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <199607091539.KAA23533@shade.sctc.com> erehwon at c2.org (William Knowles) writes: >Ritalin has been a godsend, I am able to dialin when I have to. >Ritalin is not the only drug for treating ADD, Prozac works for >some. I use coffee, or else I just managed to grow out of the worst effects. In any case, I drink more coffee than just about anyone I know, and it doesn't "wire" me at all. Rick. From perry at piermont.com Tue Jul 9 13:58:13 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 10 Jul 1996 04:58:13 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090706.AAA03569@netcom14.netcom.com> Message-ID: <199607091535.LAA13709@jekyll.piermont.com> Mike Duvos writes: > > They cease to play incessantly with fidget toys and they get > > on with their lives. Maybe you would prefer to "help" them > > by not letting them get medication. Maybe its "unnatural". > > Could you explain to me, however, how you are making their > > lives better by not giving them their meds? I mean, what > > concretely is better about their lives? > > If someone has some sort of cognitive disability which can be > diagnosed and for which treatment with medication is appropriate, > I have no problem with that. But vague claims that "Johnny won't > sit still" hardly constitute such a workup. You are dodging the point. There are lots of people for whom it is easily demonstrated that a small dose of Ritalin makes a dramatic change in their quality of life. The scientific studies are numerous, and unless you are prepared to tell me what flaws you find in the studies you have not even examined, I do not see that you have evidence backing your opinion. Given that there are people who are demonstrably helped in their lives by Ritalin, could you explain to me why it is that they should not be taking the medication? Please back your statement up with documentation published in a refereed journal or conference paper -- not with Mike Duvos' off the cuff opinion based on his years as a computer professional. > > You miss the point. You spoke of involuntarily medicated > > kids. Most of the kids aren't involuntarily medicated. > > Let's see. At the beginning of this message, you were > questioning Tim's qualifications to suggest kids were > overmedicated. Now you are telling us that the kids are > qualified to give informed consent to the very same thing. > > Hardly consistant, even for you Perry. Totally consistant. It is a person's own business, not a third party's business, to decide what they should be ingesting and when. Tim is supposedly a libertarian and supposedly opposed to drug laws that prohibit people from taking what they want when they want, or, presumably, deciding for their children what they should be consuming. He also supposedly thinks that people should keep their nose out of the personal choices made by others, and gets downright cantakerous when anyone voices the least opinion about how he runs his life. However, if a family, with the willing consent of their child, decides to make a choice about how to best watch out for the welfare of their own child, Tim sanctimoniously chimes in, along with the rest of the peanut gallery. I mean, Tim would be offended if anyone told him what to take, but he feels perfectly happy telling other people how to run THEIR lives. So, yes, I'm consistant. Its my business, and mine alone, if I shoot morphine, or take Penicillin, or decide to do none of these things. I may choose to consult with a doctor about my condition on the premise that he is a qualified professional and can render me an educated opinion. Tim's opinion is, however, neither educated nor wanted. He should mind his own business with the zealous rage he applies to those who attempt to mind his business. I'm consistant. Tim, and possibly you, are hypocrites. > Seriously, though, the really dumb thing in all of this is the > constant pretending that drugs both do and don't have the ability > to enhance performance. We vascilate between "Drugs are never > the solution" and "Take this pill twice a day with a glass of > water." This is a very mixed message indeed. You don't hear me giving it, do you? Drugs are wonderful things at times. A dose of morphine a few times a day can make the difference between unbearable pain and being able to function. A tablet of common aspirin can utterly change your day from an experience filled with headache to a productive and happy one. A dose of any one of several antidepressants can take people who have repeatedly attempted suicide and at the very least give them enough time to work out their problems and learn to deal with life. Of course, drugs can also be damaging. One tablet of Tylenol is not so bad. 100 destroy your liver. An occassional drink rarely hurts. Being falling down drunk at all times is unlikely to improve your life. Drugs are sometimes of use, sometimes not of use. Any use has to be evaluated by the person contemplating taking the drug. Any mixed message does not originate from me. Perry From alano at teleport.com Tue Jul 9 14:04:33 1996 From: alano at teleport.com (Alan Olsen) Date: Wed, 10 Jul 1996 05:04:33 +0800 Subject: stupid national security excuse again ... Message-ID: <2.2.32.19960709160022.00f5eed0@mail.teleport.com> At 07:10 AM 7/9/96 -0700, Ernest Hua wrote: >Ok. Not that I really care, at this point, who really killed Kennedy >or whether there was this or that conspiracy, but I am really sick of >this bull shit "national security" excuse. > >What kind of "national security" excuse could there be for the CIA to >say whether they confirm or deny the employment of some guy (whom they >could easily discredit by saying that they have nothing to do with >him)? It has always seemed to me that when they say "National Security" what they mean is "Job Security". Usually this involves some sort of behaviour that the government (or in-duh-viduals in it) do not want revealed, lest the scandal might drive them from their job or get them demoted. (Or their boss might demand "a peice of the action".) Sometimes it is just a relex action to a request for information. I remember such excuses being given during the Iran Contra hearings. They kept refering to "Country 1" and "Country 2", while the Pacifica commentator was in the background telling you what each country was and who most of the "unnamed players" were. The information was not unknown. It had been reported in the foriegn press already. It was known to other governments. The only people it was being kept from was the American people. Makes you wonder just who they are trying to remain secure from... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From perry at piermont.com Tue Jul 9 14:33:20 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 10 Jul 1996 05:33:20 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <960709155621.21003a36@ROCK.CNB.UAM.ES> Message-ID: <199607091614.MAA13761@jekyll.piermont.com> JR at ns.cnb.uam.es writes: > Someone said about a kid not concentrating on grammar. Hell, I > couldn't stand half of my professors in class, though I would perfectly > listen to the same subject with other people. I bet you go up to people in near suicidal states and tell them "hey, get a life", don't you. Perry From janke at unixg.ubc.ca Tue Jul 9 14:41:55 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Wed, 10 Jul 1996 05:41:55 +0800 Subject: Active Attacks on DC-nets Message-ID: I haven't read the paper on active attacks yet, but here is an easy example that I thought of, that others might find illuminating: When there is a round with no messages the server sends garbage to all but one of the participants so they think collisions occured. The other participant is sent zero so that he or she thinks the channel is open. The participants who think colllisions occured are then likely to back off for a number of rounds, so that if a message is sent it is most likely from the participant who wasn't lied to. What do people think of the idea of clients signing all input to the dcnet and the server signing all output and keeping logs so that it could be verified afterward (after the damage was done! :) ) whether or not everything was carried out properly or not. With Schnorr signatures and precomputation the clients could still be reasonably quick. The server will have to do alot of work, but the signature verifications could be done in parallel on a multiprocessor computer. Verification of the proceedings would also be long, but it could be done off-line. -- Leonard Janke (pgp key id 0xF4118611) From sunder at dorsai.dorsai.org Tue Jul 9 14:53:26 1996 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Wed, 10 Jul 1996 05:53:26 +0800 Subject: What remains to be done. In-Reply-To: Message-ID: On Mon, 8 Jul 1996, Elliot Lee wrote: > On Mon, 8 Jul 1996, Ray Arachelian wrote: > > > I'm constantly switching between NT and 95 and have them installed on the > > same drive. Would be cool to have some low level driver to encryption > > from the Master Boot Record for example to get around unfriendly OS's- but > > then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure > > as hell wont, etc.... > > Linux, however, does have the cfs (crypted filesystem), which will let you > do the same thing. Supposedly lets you plug in your own encryption method > and all that... Also allows different users to encrypt with different > passwords, and such (or just the root user encrypt the whole partition). > Find the web page for more info. Not quite what I'm looking for I'm afraid. What I want is a big partition that's encrypted, but accessible from Windows NT, 95, and Linux. In other words, I need an encrypted drive device driver for all of the above operating systems that's compatible across them. So when I'm running NT, I can use the drive, when I'm running 95 I can use the drive, when I'm running Linux I can use the drive. Now linux has a nice UMS which lets me access DOS drives. If that were merged with - say SecureDrive, and if SecureDrive were rewritten as a 32 bit VxD minidriver for 95, and if there were a version of the same for NT, >THAT< would be cool. :) ========================================================================== + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK|AK| do you not understand? |======= ===================http://www.dorsai.org/~sunder/========================= Key Escrow Laws are the mating calls of those who'd abuse your privacy! From alano at teleport.com Tue Jul 9 14:57:18 1996 From: alano at teleport.com (Alan Olsen) Date: Wed, 10 Jul 1996 05:57:18 +0800 Subject: Put Uncle Sam in your Calling Circle Message-ID: <2.2.32.19960709165403.00e1349c@mail.teleport.com> At 11:15 AM 7/9/96 -0400, you wrote: >Hey guys, > >I just got a really cool poster from RSA. It's a big circle split off >into several sections showing people talking to each other, the upper >right hand corner shows two NSA dweebs looking like Bevis & Butthead in >suits, one smoking, the other seated infront of an old 60's reel to reel >audio tape recorder, a sign on the wall behind them says "Key Escrow" > >There are several logos for various government agencies including our >friends at No Such Agency and the FBI, a small quote next to the >Copyright (C) RSA notice says "One of a series of public relations >posters that never made it out of Fort Mede." Very very funny! > >Many many thanks to the cool person(s) at RSA who sent it my way. You got one too... I recieved one in the mail with no return address. There is another poster in that series which says "A good marketing organization listens to its customers... WE HEAR YOU!". The woman is being tapped by the same two government agents. The posters are done by Tom Tommorow, who also does a cartoon called "This Modern World" which appears far too infrequently in a number of papers and _Processed World_. Incredible political cynicysm... Thanks again to RSA for a couple of cool posters! --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From perry at piermont.com Tue Jul 9 15:14:33 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 10 Jul 1996 06:14:33 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <01BB6D3B.F25E8780@blancw.accessone.com> Message-ID: <199607091555.LAA13724@jekyll.piermont.com> blanc writes: > > I suppose you don't understand what it might be like for someone to be > > unable to do their work no matter how heavy the threat against them if > > they don't, and no matter how easy it is. There are people out there > > who can't get themselves to pay a phone bill or throw out the > > newspapers for months on end -- they just can't get themselves to > > dance around into the task no matter how hard they try, no matter how > > great the threat (job loss, etc) to them is. [...] > There are times when people have been totally unmotivated to take care > of themselves or the mundane matters in life because they were not > involved in the pursuits which were of true value to them, and life > "lost its meaning". Blanc, you really aren't listening. There are people out there who are desperately unhappy. They can't concentrate at all. They love what they do for a living, if only they could actually manage to do it four days out of five. They are not in the least scared of cleaning their homes, except for the fact that they are frightened of the fact that they can't manage to do it no matter what they try. They'd like to pay the light bill -- really -- but every time they start they get distracted, or they get distracted before they start. Sometimes they get bursts of hyperconcentration and they can work for two days straight on some project, and they end it and realize that the phone's been cut off because they completely spaced dealing with it or anything else. Sometimes they feel very pissed off because people tell them to just "apply themselves" more or "manage their time" better or "get a more motivating job". Such people aren't upset that life has lost its meaning. They are often perfectly intelligent, capable of being happy in their pursuits, and not bad individuals. They suffer, however, from an inability to keep from twitching. They ritualistically play with common objects -- rubber bands, paperclips, etc, folding and unfolding them, winding and unwinding them, etc. You can spot them -- they're the people who even as adults can be placed in a nearly empty room and will find a small object to play with. Their workspaces are littered with small fidget toys they have purloined or created. These people aren't unhappy with their jobs except for the fact that they wish they could get their work done, they sit in front of their work for hours on end, and can't get anywhere. They don't need new pursuits. Even with newere and "better" jobs, most people on earth have to occassionally maintain their attention long enough to pay their landlord or what have you. > Putting one's priorities into perspective can do a lot towards feeling > motivated to attend to life's minor contingencies, while elevating the > lesser items to the top of the hierarchy can totally dissipitate one's > energies and interest. Look, quit trying to tell people who have ADD that they are in the wrong jobs, that they are unmotivated, that they are "lazy", or whatever. Calling them "nuts" is actually far better. It at least acknowledges that there is something wrong that isn't readily fixed by the nostrums of people who have no idea whatsoever what they are going through. Perhaps, of course, we can just get all the suicidal people on earth to quit wanting to kill themselves by intoning to them "don't be sad" over and over again. I doubt it, though. > Maybe Ritalin could make them forgot their true interest which was lying > dormant, pushed away by who-knows-what kind of arguments against it, and > help them to start paying attention again to those mundane, irrelevant > aspects of existence. Or maybe, when they take it, the noise in their heads stops, the world focuses and clears up, and suddenly it doesn't seem like its so hard to finish that two paragraph status summary after all. Maybe they take it and suddenly they can function long enough to finish their resume and get another job. Maybe you should quit telling other people how to get through life when you haven't lived inside their heads. > You're right, Perry, that no one should be making that decision for > others. I do think, though, that achieving self-command by a conscious > knowledge of what is right for one's nature is actually the most > beneficial (and less controversial). Its always better to not need to use chemicals to help yourself out. However, we acknowledge in our society that when someone has an infected leg we decide that they aren't being "bad" by taking drugs to stop the infection. Perry From mpd at netcom.com Tue Jul 9 15:23:59 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 10 Jul 1996 06:23:59 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607091507.KAA21447@shade.sctc.com> Message-ID: <199607091632.JAA20423@netcom22.netcom.com> William Knowles writes: > I have a problem with people like Mike Duvos who think that > folks like myself and others on this list with ADD use > having ADD as a crutch for being fidgety, not getting their > work done on time, or worst yet, Fired. Welcome to ADD-Punks folks. > I wish people like Mr. Duvos could walk a mile in my shoes > before making off the cuff remarks, I wish I could get jobs > done on time, I wish that I could finish one project before > starting three more! My office looks like someone tossed a > hand grenade in it, Proposals to the left, Job quotes to the > right, jobs is various states of completion, Lost jobs to my > inattentivness to my clients, Lost good clients because of > having ADD and not knowing it! Sounds like my office. Of course, I usually force myself to get things done on time, and to be polite to the clients, but the hand grenade description is perfectly accurate. > One of my wishes did come true, and that was finding out > that I do have ADD. This is really a telling statement, isn't it? After all, we rarely hear people saying their greatest wish is to find out that they have liver disease, or cancer, or heart trouble. The problem here is that we live in a society that won't cut any slack for normal human diversity unless you have some sort of official disease defined by the medical profession. So there is constant pressure to "medicalize" all sorts of odd things, so that the people who exhibit certain characteristics don't get lumped in with the rest of the supposedly unproductive malcontents. When you get to the point where, all other things being equal, a diagnosis makes your life bearable again, it is time to make some serious changes in your environment. > Below is a list of famous people with Attention Deficit > Disorders and/or Learning Disorders, and I'd be willing to > bet that Perry Metzger either has, or knows someone with > ADD. [snip] > One can only wonder how much more great some of the people > on this list would be today if they knew ADD back then. "Albert, you're doing very well on your Ritalin. Your attendance has been perfect since you started taking it, and you've finished every task we've given you on time. I think you're ready to be promoted to SENIOR clerk-typist, with a $1 an hour raise in pay. "Keep taking the medication your doctor prescribes, and you won't have any more problems dreaming all day about non positive definite 4-manifolds and null geodesics." Right. :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From alano at teleport.com Tue Jul 9 15:33:45 1996 From: alano at teleport.com (Alan Olsen) Date: Wed, 10 Jul 1996 06:33:45 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <2.2.32.19960709164455.00b3878c@mail.teleport.com> At 10:39 AM 7/9/96 -0500, Rick Smith wrote: >erehwon at c2.org (William Knowles) writes: > >>Ritalin has been a godsend, I am able to dialin when I have to. >>Ritalin is not the only drug for treating ADD, Prozac works for >>some. Prozac works on a different set of brain chemestry. (Prozac messes with the seretonin level of the brain and how it is reabsorbed.) There is a whole series of chemicals similar to Prozac that are prescribed. It takes a bit to determine just which one is best for the person involved. (I have far too many friends on variations of those drugs.) The reactions when they come off them is quite "interesting". Prozac is not a stimulant however. (Not in the usual concept of a stimulant.) >I use coffee, or else I just managed to grow out of the worst effects. >In any case, I drink more coffee than just about anyone I know, and it >doesn't "wire" me at all. "It is by caffiene alone I set my mind in motion. It is by the beans of Java that the thoughts acquire speed, the hands acquire shakes, the shakes become a warning. It is by caffiene alone I set my mind in motion." You can build a resistance to caffiene. (As well as one hell of an addiction.) So far I am up to a gram a day of the stuff. Mix that with the Seldane-Ds I take every morning (for hay fever) and you get more than a small amount of stimulants. (I have found that the Seldane-Ds have a positive psychoactive effect as well. They seem to allow me to focus better. Probibly because I am not sneezing.) The long term effects of any stimulant is problbiy not very good. What needs to be looked at is what the long term benifits and risks are, for the individual, not just for the society. What these sorts of chemicals do to small children 10-30 years down the road is pretty unknown at this point. (If any of the things i have seen so far are any indication, they are not good.) But then, I suspect the government of drugging our kids with school lunches laced with lead paint, not with mind control drugs. (Lead paint is cheaper.) ]:> Alan Olsen Minister of Forced Caffinization - DNRC --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From camcc at abraxis.com Tue Jul 9 16:26:25 1996 From: camcc at abraxis.com (camcc at abraxis.com) Date: Wed, 10 Jul 1996 07:26:25 +0800 Subject: Word lists for passphrases Message-ID: <2.2.32.19960709165921.006856d0@smtp1.abraxis.com> At 07:20 PM 7/8/96 -0400, you wrote: :Human stupidity is never a surprise. : :Perry Perry is a significant factor I include when I decide every day whether or not to check my cypherpunk's mail. I'm glad I did today. What a hoot! Alec From ecgwulf at worldnet.att.net Tue Jul 9 16:28:29 1996 From: ecgwulf at worldnet.att.net (Ecgwulf) Date: Wed, 10 Jul 1996 07:28:29 +0800 Subject: Style gettting in the way of clear reporting Message-ID: <199607091740.RAA02157@mailhost.worldnet.att.net> -----BEGIN PGP SIGNED MESSAGE----- To: tcmay at got.net, cypherpunks at toad.com Date: Tue Jul 09 10:37:11 1996 In a reply to James A. Donald, Tim May wrote: > . . . You are probably right that journalism is becoming more florid as > "amateurs" flood the market. However, I don't quite buy the > concentration argument, as things were pretty concentrated in the > Hearst era, and the explosion of magazines in the past few decades has > not been as concentrated. I wonder what golden age of journalism these guys have in mind. Journalism is garbage and it always has been. After all, it is what connects you with your culture. It's a dirty job. > I still think of "The Wall Street Journal" and "The Economist," two of > my favorites, as being _careful_ in their reporting (careful is > different from unbiased). But my main focus in this thread was on the > _styles_, and this I think is more explained by faddishness. A couple of more fully fascist rags would be hard to find. Misinformation, disinformation and total lack of substance -- it's all style. The L.A. Times is a close runner-up with its one hundred year history of self interest, red-baiting of organized labor and political "enemies" broken only by a few periods of acting as a propaganda mill and inspiring a few race riots. Take a look at the masthead of, say, a 1943 edition. > Yes, and many of the newsletters we're seeing--as many are cc:ed or > forwarded to our list--are the kissing cousins of "zines." Same faux > style, same emphasis on "flash" over substance. Does 'faux style' mean 'fucked style'? If so, then kissing is appropriate. There are multiple issues of relevance: 1. The coding and decoding of messages in apparent plaintext. 2. Assumptions about the authenticity of sources and motives in message creation. 3. The separation of form and content in written language which I suggest cannot be separated. 4. The apparent political center of gravity of message subscribers. Let's say, this mailing list for instance. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 iQB1AwUBMeKYyj/g5HTtoLA5AQFBNQMA3F/njYiTvcRCkqrLqnD0Tqa3RIQoozYl LtNc82V+8Wkl1b2dgXFas4SjuNoSeB/hq1UwdgJz97GIOH3VvEMeYayFVHnD1IKi /W+7lVIJ+62bypryoTP+eQH7hVARztLB =Gnrt -----END PGP SIGNATURE----- From mpd at netcom.com Tue Jul 9 16:33:18 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 10 Jul 1996 07:33:18 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607091535.LAA13709@jekyll.piermont.com> Message-ID: <199607091726.KAA01626@netcom6.netcom.com> "Perry E. Metzger" writes: > Of course, drugs can also be damaging. One tablet of > Tylenol is not so bad. 100 destroy your liver. An > occassional drink rarely hurts. Being falling down drunk at > all times is unlikely to improve your life. I will never take Tylenol. Acetaminophen is an interesting compound. It is a potent hepatotoxin, but is broken down "just in time" by liver enzymes when it is taken in small quantities. Hence it usually doesn't kill you. The Catch-22 here is that people whose livers are impaired for various reasons may not be able to metabolize it before it does its damage, and their livers may be destroyed. These people may not have any other symptoms which indicate to them that they have liver disease. There have been a number of cases of liver damage requiring transplantation, one which involved taking only a couple of tablets more than the recommended daily dose. Coincidentally, one of the morning shows had a piece today on a baby that required a liver transplant for a Tylenol overdose, just before I read your message. Seems the package of Tylenol said to consult a physician for the correct dosage if a child was under two years of age. The mom called the doctor and he gave her the dosage for "Children's Tylenol." The mother, unfortunately, was using "Infant Tylenol", which is slightly more concentrated, and the baby lost her liver as a result of this unfortunate miscomunication. Despite the marketing hype, the risks of acetaminophen just aren't worth it for a medication whose only purpose is to serve as a mild analgesic. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From vince at offshore.com.ai Tue Jul 9 16:39:30 1996 From: vince at offshore.com.ai (Vincent Cate) Date: Wed, 10 Jul 1996 07:39:30 +0800 Subject: Offshore Information Services is Back after Bertha Message-ID: Hurricane Bertha hit Anguilla just perfectly to do the most damage. Just north of the storm the counterclockwise spin and westward movements add for maximum destructive power, and we were just north of it. Don't know of any people or houses that were hurt, but a bunch of power and phone lines have been damaged. We lost power, ran for about 10 hours on battery, and then shut down. But about 24 hours later we are back online to stay. We are temporarily located in the Cable and Wireless building in town. Thanks Cable and Wireless! And thanks to everyone for your patience, Vince Cate Offshore Information Services Ltd Anguilla, Eastern Caribbean http://online.offshore.com.ai/ From unicorn at schloss.li Tue Jul 9 16:40:57 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 10 Jul 1996 07:40:57 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: On Tue, 9 Jul 1996, William Knowles wrote: > Below is a list of famous people with Attention Deficit Disorders > and/or Learning Disorders, and I'd be willing to bet that Perry Metzger > either has, or knows someone with ADD. > > Albert Einstein, Galileo, Mozart, Wright Brothers, Leonardo da Vinci, > Bruce Jenner, Tom Cruise, Charles Schwab, Henry Winkler, Danny Glover, > Walt Disney, John Lennon, Winston Churchill, Henry Ford, > Stephen Hawkings, Jules Verne, Alexander Graham Bell, Woodrow Wilson, > Hans Christian Anderson,Beavis, Nelson Rockefeller, Thomas Edison, > Gen. George Patton, Agatha Christie, John F. Kennedy, Whoopi Goldberg, > Rodin, Thomas Thoreau, David H. Murdock, Dustin Hoffman, Pete Rose, > Russell White, Jason Kidd, Russell Varian, Robin Williams, Louis Pasteur, > Werner von Braun, Dwight D. Eisenhower, Robert Kennedy, alberto Tnmba > Prince Charles, Gen. Westmoreland, Eddie Rickenbacker, Gregory Boyington, > Harry Belafonte, F. Scott Fitzgerald, Steve McQueen, George C. Scott, > Tom Smothers, Lindsay Wagner, George Bernard Shaw, Beethoven, Carl Lewis, > Jackie Stewart, "Magic" Johnson, Weyerhauser family, Wrigley, John Corcoran. Considering that most of these examples existed, even thrived before the existance of the medications being discussed, it would seem to me you just shot yourself in the foot with a rather large bore weapon. I'd also like to know how one diagnoses an entire family with a condition that is rarely, if ever, passed on genetically. Look, perhaps a certain medication has helped you. Fine. I'm sure alt.medication.advocacy will be interested. Even as this may be so, lumping all learning disabilities in with ADD (an overdiagnosed condition generally the result of second career housewives who to our collective misfortunes managed to get a master's in social work and read a few booklets on ink-blot testing and aquire a job at the local middle school by means not at all related to their intellectual capacity) is both a mistake, and misleading. So too is the implication that drips from your post that medications could have helped all the people you list above. If anything, the list indicates that the importance of medication is slight. And will someone please tell me how Leonardo da Vinci was diagnosed either with ADD or a Learning Disorder? Or why "Beavis" was included? I used to think Mr. Metzger was just being an old fuddie duddie when he complained about topicality. I keep looking around wondering if the list is being trolled. (Anyone else notice Mr. Duvos' username is "mpd"?) > One can only wonder how much more great some of the people on this list would > be today if they knew ADD back then. This is a list for discussing cryptography and the occasional political offshoots thereof. Given your post above, it's fairly clear that your medication has done little to keep your thoughts on track. So, your post is entirely off topic, and lacking in any logical support for what it is you proport to advocate. I would prefer an unmedicated Stephen Hawkings, thank you. > William Knowles > PGP mail welcome & prefered / KeyID 1024/2C34BCF9 > PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD > Finger for public key -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From rah at shipwright.com Tue Jul 9 16:48:31 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 10 Jul 1996 07:48:31 +0800 Subject: Word lists for passphrases In-Reply-To: <2.2.32.19960709165921.006856d0@smtp1.abraxis.com> Message-ID: At 12:59 PM -0400 7/9/96, camcc at abraxis.com wrote: > At 07:20 PM 7/8/96 -0400, you wrote: > > :Human stupidity is never a surprise. > : > :Perry > > Perry is a significant factor I include when I decide every day whether or > not to check my cypherpunk's mail. I'm glad I did today. What a hoot! Amen to that. Get 'em, Perry. In Tim's defense, however, I agree that it seems the vehemence of his arguments stem more from repugnance at state-sponsored psychochemical social control than anything else. That, and the *utter* certainty of his opinions, of course. ;-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From markm at voicenet.com Tue Jul 9 17:09:43 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 10 Jul 1996 08:09:43 +0800 Subject: A case for 2560 bit keys In-Reply-To: <199607090309.XAA00077@darius.cris.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 8 Jul 1996, David F. Ogren wrote: > Despite the above, there are convincing arguments for longer RSA keys. > Instead of asking "Why should we have longer keys?", perhaps we should be > asking "Why _shouldn't_ we have longer keys?" > > In a hybrid cryptosystem such as PGP, very little of the computational > process is consumed by RSA encryption. Only a tiny fraction of the message > is RSA encrypted (the session key), and thus the time-critical operation is > the symmetric crypto system (IDEA for PGP). > > As an experiment generate a 2047 bit PGP key and a 512 bit PGP key. > Encrypt a file (preferably of a reasonable size) using both keys. > Depending on the computer you are using, the time difference between the > two keys will be a matter of few seconds or even a fraction of a second. Now try decrypting the file, or signing another file. I have a 486-66 which is now considered hopelessly sluggish by today's standards. It takes about 5 seconds, while doing the same operation with a 512-bit key takes less than a second. I sign every one of my messages, so such a time delay gets quite annoying. I do have a 2048-bit key and encourage people to encrypt messages with it, but I won't be signing messages with that key anytime soon unless there is a much faster mpilib for PGP. Other than that, I do completely agree with what you have written. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeKcCLZc+sv5siulAQERzwP/UblIctGSBcQ+ZPxvhBchcUoEfaERUHcN GKdJhZGV5Pb2GeQfAhG3Hsn0eHMKJFNP1AgB4Q6E4VoOhQzfOClOd4x3m9DOEmCC ezJFg7/YxlJ7kzk8e8XYD6pXKYMWGLlsQi6lrS0wZcmsi6rmWGqr7ao7tlQA9+vg rxNCd30uw6Y= =yZm+ -----END PGP SIGNATURE----- From perry at piermont.com Tue Jul 9 17:25:06 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 10 Jul 1996 08:25:06 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607091632.JAA20423@netcom22.netcom.com> Message-ID: <199607091807.OAA13871@jekyll.piermont.com> Mike Duvos writes: > > One of my wishes did come true, and that was finding out > > that I do have ADD. > > This is really a telling statement, isn't it? After all, we > rarely hear people saying their greatest wish is to find out that > they have liver disease, or cancer, or heart trouble. A total distortion of the man's point. Imagine someone suffering from an unknown ailment for years. One day, he is finally diagnosed, a treatment is given, and he feels better. All you can do is try to argue that he shouldn't be treated. > The problem here is that we live in a society that won't cut any > slack for normal human diversity unless you have some sort of > official disease defined by the medical profession. Did you listen to that guy at all? He was in pain and anguish over the fact that his life was totally screwed up in spite of his best efforts to make a go at work he loved. Now he can function. You want him to be "diverse" and go on not functioning. He doesn't want that. Who are you to tell him how live his own life? Perry From tcmay at got.net Tue Jul 9 17:49:40 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 10 Jul 1996 08:49:40 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: At 10:47 AM 7/9/96, JR at ns.cnb.uam.es wrote: >Hey Perry, > > I think you are taking this too far. I believe that almost nobody >(there are always some exceptions) will deny the existence of disease. And >while Tim may not be a great doctor and even totally wrong in the case he >stated, the original point was not to discuss a specific medical case. Indeed. In reading the comments here, it seems that some are setting up a straw man series of arguments, and then knocking them down: -- "Tim says Attention Deficit Disorder does not exist." -- "Tim says Ritalin does not work." -- "Tim claims to know better than doctors." -- "Tim is against using aspirin, penicillin, and other drugs." -- "Tim wishes to interfere with the choices of others." And so on. In actuality, I have made *none* of these points. Instead, what I recounted was a telling anecdote about the over-medication--in my opinion of course, based on direct observation--of the child of a friend of mine. And my larger point was the _hypocrisy_ issue, that we tell our children to "Just say No! to drugs" while popping pills in their mouths. We are teaching children to "self-medicate." Whether these children continue to self-medicate later in life is unknown. As to choice, I am not interfering in any way, despite a strange claim to the contrary. My friend simply refuses to be a pill dispenser to keep a kid "controllable," especially when he has seen the kid in an "unmedicated" state and finds him much more personable, happy, and eminently controllable. The mother, Vickie, simply cannot impose discipline on him and, in our opinion, uses his Ritalin dose to control him. Quibbling about whether Ritalin is or is not a depressant, or a stimulant, or whatever, misses the main points. I personally never got into the drug thing, and my only drugs of choice are caffeine (taken straight, in caffeine tablets) and alcohol (preferably in the form of bourbon or Kentucky sour mash). But if I were advising a child--my own, or others--I would never lie to them about how horrible all drugs are, and especially I would challenge "D.A.R.E." programs which use school time to brainwash them. I sometimes wear a t-shirt I bought over the Net: "D.A.R.E. I turned in my parents and all I got was this lousy t-shirt." (Explanation for non-U.S. persons: "D.A.R.E." stands for "Drug Abuse Resistance Education," a multi-week school program which brings in local law enforcement officers to explain the evils of all drugs and which teaches children how to contact school officials, local law enforcement, and Child Protective Services should they detect drugs in their homes. This part has been very controversial, as children turn in their parents for smoking pot. Even the schools and cops realized things had gotten out of hand when children were contacting the authorities for wine-drinking and other such legal drug consumptions. Not surprisingly, civil libertarians draw parallels with the case of Pavel Morozov, the "Young Hero" of the Soviet Union who turned in his parents to Stalin's secret police. Hence the message of the t-shirt.) Personally, I think these issues are related to Cypherpunk themes. Telling children to "Just say No! to drugs" without providing nuanced interpretations of which specific drugs are dangerous, and why, is esentially lying to them. Dosing them with uppers and downers contradicts the simplistic message. And teaching them to narc out their parents is despicable. Anyone for "C.A.R.E."? Crypto Abuse Resistance Education. "So, boys and girls, be sure to tell your teacher if you see your Dad or your Mom using any illegal computer codes. It's for their own good, and they'll thank you for helping them to be reeducated." > And from the very onset Tim explained his point in not building >a mental control society. And there's no point in denying that it is far >easier for most societies to have full mental control of their subjects >(to which technology aids) than to fix the big social problems. Indeed. My original points seem to be have gotten distorted by others. (And you ought to see a couple of foaming-at-the-mouth personal messages I have gotten, including one from a woman "on lithium" (no, not any of the few regular women posters here). Hey, if "lithium" works, fine. But I wouldn't pop lithium pills in a child's mouth without some real careful consideration.) My point about the mother I mentioned is that she _appears_ to be using Ritalin to make her child more sedate and more controllable, when my friend finds that old-fashioned methods work quite well. And my friend has no plans to be the dispenser of uppers and/or downers to his son's friends. Children on drugs will have to find their methods of delivery. And to all those on this list who assume I am "insulting" their ADD condition, go back and reread my post. I never claimed that ADD does or does not exist. Maybe it does. Maybe it is partly exaggerated. In any case, my point was that we cannot tell children that all drugs are evil and then give them mind-altering drugs. And believe me, most children are bright enough to eventually see the hypocrisy. (I should stop now, but I just have to mention the LSD scares of the mid-60s. As LSD hit the mainstream media, we were bombarded by stories of how people thought they could fly out of buildings while on LSD. One famous case, that of Art Linkletter (the Oprah Winfrey of his day). His daughter, he claimed, flew out of a building while on LSD. Many years later he admitted--as I recall--that she had long been suffering from major depression, and that it was most probably a standard suicide...tragic, but not really caused by LSD. In any case, people in the 60s heard these scare stories, saw the reality of how their friends behaved on acid, and realized they'd been fed a line of scare-mongering hype. The dangers of crying "Wolf!" falsely. This process was repeated a decade or so later with the media propagating tales of people on "angel dust" (PCP) putting babies in microwave ovens and committing suicide in horrific ways. True or not, for whatever twisted reasons, these cases were used to "manufacture consent" about the dangers of PCP. And then there were the "crack babies," which more recent analysis shows largely to be a myth. And so on. The Four Horsemen are riding high.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mpd at netcom.com Tue Jul 9 17:58:02 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 10 Jul 1996 08:58:02 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607091945.MAA21866@netcom14.netcom.com> Black Unicorn writes: > I keep looking around wondering if the list is being > trolled. (Anyone else notice Mr. Duvos' username is "mpd"?) Pretty obvious it's my initials, as opposed to one of the other thousand or so acronyms it collides with. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From mike at fionn.lbl.gov Tue Jul 9 18:08:37 1996 From: mike at fionn.lbl.gov (Michael Helm) Date: Wed, 10 Jul 1996 09:08:37 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <199607091814.LAA11007@fionn.lbl.gov> On Jul 9, 9:21am, Rick Smith wrote: > >Seems like if your child needs drugs to go to school than perhaps school is > >the problem not that your child's body lacks Ritalin. One thing we need to remember is that life, not just school, is full of boring, repetitive tasks, even for the hi & mity. You have to figure out how to do them. This is one very difficult *lifetime* problem for those with add-like behaviors. Also, add people need credentials & good jobs like everyone else, so they have to be able to perform well enuf in school to get good recs & good marks in subjects that interest them. They didn't make this system, but they do have to adapt to it somewhat. From dbell at maths.tcd.ie Tue Jul 9 18:17:47 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Wed, 10 Jul 1996 09:17:47 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607081653.MAA10428@jekyll.piermont.com> Message-ID: <9607092013.aa28178@salmon.maths.tcd.ie> In message <199607081653.MAA10428 at jekyll.piermont.com>, "Perry E. Metzger" writ es: >Oh, and by the way, Ritalin has never been known in slang as "mother's >little helper". That would be a tranquilizer taken by the mother to >help her get through her own day. I think this refers to Valium. ObCrypto: I see some Australian researchers have made an advance in quantum crypto. Derek From mpd at netcom.com Tue Jul 9 18:27:18 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 10 Jul 1996 09:27:18 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607091807.OAA13871@jekyll.piermont.com> Message-ID: <199607091902.MAA18000@netcom14.netcom.com> "Perry E. Metzger" > A total distortion of the man's point. Imagine someone > suffering from an unknown ailment for years. One day, he is > finally diagnosed, a treatment is given, and he feels > better. > All you can do is try to argue that he shouldn't be treated. I think the problem here is in making the "diagnosis" the all-singing all-dancing point around which everything else revolves. If we have safe and effective medications which increase alertness in the school and in the workplace, why shouldn't everyone be able to take them in small doses as the need arises? We only need to invent a "syndrome" or a "disorder" around such things because we make such an enormous distinction between "medicines", which are good, and "drugs", which are bad. Inventing mythological ailments and "politicizing dissent" has other disadvantages as well. Little Johnny's perfectly valid criticisms of the local NEA stormtrooper can be easily dismissed by an explanation that Johnny has "Authority Defiance Disorder", or some other convenient thing that permits Johnny to be tranked senseless whenever he might say something awkward in public. This has close ties to the way those in authority, and their minions, regularly diagnose people like us with labels like "anti-government" as in "The anti-Government Freemen", "The anti-Government Militias", or "The anti-Government Crypto-Anarchists." > Did you listen to that guy at all? He was in pain and > anguish over the fact that his life was totally screwed up > in spite of his best efforts to make a go at work he loved. > Now he can function. You want him to be "diverse" and go on > not functioning. He doesn't want that. Who are you to tell > him how live his own life? The human body is a homeostatic system. Let's see what this guy's mood looks like in 30 years and see how he feels about Ritalin taking then. By that time, he may be taking the same dose he is today just to feel as rotten as he did before he started taking it at all. Not uncommon at all in the "drugs help me function" crowd. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From JR at ns.cnb.uam.es Tue Jul 9 18:31:26 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Wed, 10 Jul 1996 09:31:26 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960709215703.21003a36@ROCK.CNB.UAM.ES> >I bet you go up to people in near suicidal states and tell them "hey, >get a life", don't you. > Sorry, Perry, but that's a cultural matter. Here we consider one has right over his/her own life up to decide to suicide. And so it is not ilegal here. What that reflects is that I respect their right to dispose of their lifes. I do care though, and if I can help I'll do my best. That's why I studied Medicine in the first place. Just as I try to convince people to learn, increase their political awareness, overcome their limitations and get better. That's why I defend defensive use of crypto against technological mind-control. I still won't force anyone into using this or that algorithm or taking this or that drug. As long as they have a free will. Then comes disease, when one is not able to decide by him/herself. If I were to make a blood transfusion to someone refusing it on religious grounds I wouldn't be much different from the gov't imposing some crypto scheme on the basis of its own moral grounds. Is it that what you are proposing? It would be quiet another thing if I saved the life of someone who can't tell me at all his/her religious beliefs. Not to say I wouldn't 'cos I'd. But I don't think goverments can say we are not able to express our preferences, do they? In short, I may think otherwise and try to convince people not to suicide, even do my best. But in the end it's their choice. Just the same I believe the gov't can try to convince us, but it should be in the end our choice to chose how we live (or what crypto we use). So, are you saying that to avoide the society collapsing by terrorism and go to its suicide we should give the government total control? jr From froomkin at law.miami.edu Tue Jul 9 18:44:09 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Wed, 10 Jul 1996 09:44:09 +0800 Subject: [Poster] Add Uncle Sam to Your Circle of Friends and Family Message-ID: http://www.rsa.com/rsa/gallery/circle1.gif A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. PLUS: Bertha Watch From tcmay at got.net Tue Jul 9 19:09:15 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 10 Jul 1996 10:09:15 +0800 Subject: Contracts, Responsibilities, and Drug-Dispensing Message-ID: There have been some statements here that "Tim is interfering in the choices of others." In particular, Perry has been saying I am a hypocrite, that I wish to interfere with the choices of others, and so and so forth. Let's make something clear: -- I have no "contract" to supply drugs to anyone, nor does the friend I have been discussing, who makes a choice _not_ to dose the friends of his son who are in his house. -- This "contractarian" analysis should be important to any libertarian or believer in civil rights. -- If someone makes a contract, formal or informal (with some caveats), to supply a dose of drugs, alcohol, whatever, at some specified time, then this is fine. But if no contract exists, not supplying the drugs is not interference in choice. (Is, for a example, a Mormon interfering in the rights of a friend by refusing to supply a drink to a visiting friend? Am I interfering in the choice of others by refusing to allow cigarette smoking in my home? Examples like this are easy to find.) -- If someone claims there is an _implied_ contract in this case, this falls apart after the first "refusal" to supply the dose. That is, Vickie, the mother, is well aware that my friend is returning the Ritalins to her unused, in the kid's backpack. That she continues to send the kid over, absent the drug dose she would have preferred her son to be given, means she has effectively made a choice that maybe the Ritalin dose is not so important after all (or at least that my friend is able to "control" and "handle" the kid without the drug...maybe this is giving her some second thoughts about dosing the kid into compliance even on the weekends?). [A cynic might suggest she is letting the alleged violations of her son's rights "pile up" so she can bring a lawsuit and get some of his money! :-}] So, I reject the straw man arguments that I am interfering with the "rights" of others. My house, my rules. My friend's house, his rules. And one of his rules is that he refuses to become a pill dispenser for mind-altering drugs. Vickie can accept these rules, or not. Her choice. (And part of this, as perhaps I did not make clear enough, is that he doesn't like the idea of his _own_ son seeing his Dad dispensing mind-control drugs to make a kid more compliant and passive. He is obviously well within his rights to refuse to be a drug supplier. His house, his rules. Would this apply if the visiting kid needed an injection of insulin? Maybe, maybe not. It would depend. Speaking for myself, I would refuse to supply injections of insulin to a child--I'd tell the mother or father to not expect me to administer medical treatments beyond simple things like aspirins or band-aids on cuts and scrapes. My house, my rules.) It's always useful in discussing "rights," as Perry is doing, in terms of contracts and agreements. To paraphrase Lysander Spooner, I can't find my name or the name of my friend on any contract about supplying drugs to visiting children. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Tue Jul 9 19:13:32 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 10 Jul 1996 10:13:32 +0800 Subject: Rep. Sonny Bono speaks at NPC on online copyright Message-ID: Date: Tue, 9 Jul 1996 15:07:41 -0500 To: fight-censorship+ at andrew.cmu.edu From: declan at well.com (Declan McCullagh) Subject: Rep. Sonny Bono speaks at NPC on online copyright I just got back from hearing Rep. Sonny Bono (R-Calif) speak at the National Press Club this afternoon. The topic was "Intellectual Property" -- timely enough since Bono sits on the House subcommittee considering the online copyright bill (HR2441) I've railed against in the past. As a former member of the entertainment industry, he's a stauch supporter of that ill-advised legislation, which is opposed by the Digital Future Coalition. Given the topic of his speech, I kinda expected him to talk about, well, maybe intellectual property. I was wrong. He spent most of an hour rambling incoherently about his life ("I had to lug beef to get started in the music business") and how he really wasn't a politican after all. Not to put too fine a point on it, he's a bit of a dimwit. (Someone sitting at my table told me that a recent Washingtonian mag dubbed him the dumbest member of Congress.) Bono is one of the few politians that could make Bob Dole sound intelligent and eloquent. I brought a friend along to the banquet. (Since I'm a member of the NPC -- actually the first cyber-journalist to be admitted to the club -- I can bring one guest.) She slipped me a note halfway through: "He is honest. If he were smarter, and honest, probably no one would listen to him." She's right. Bono did seem honest. He was truly convinced, in some kind of inchoate way, that intellectual property piracy online was really a problem. So he supports this wretched legislation without grokking what it would do to the Net. Unfortunately, the question I submitted ("What are the major concerns the entertainment industry has regarding copyright and the Net?") didn't get asked, so instead we were treated to hearing Bono talk about Cher. "I hope she doesn't put on any more tattoos." And if he'd sing a song for the audience: "I've got you babe!" *sigh* -Declan From eli+ at gs160.sp.cs.cmu.edu Tue Jul 9 19:24:30 1996 From: eli+ at gs160.sp.cs.cmu.edu (eli+ at gs160.sp.cs.cmu.edu) Date: Wed, 10 Jul 1996 10:24:30 +0800 Subject: Metered Phone In-Reply-To: <+cmu.andrew.internet.cypherpunks+wlsUPSm00UfAA10MIt@andrew.cmu.edu> Message-ID: <199607092018.NAA19923@toad.com> In article <+cmu.andrew.internet.cypherpunks+wlsUPSm00UfAA10MIt at andrew.cmu.edu>, Jerome once again writes: >Every dial will be counted, every seconds will be measured... Every gratuitous repost will be *penalized*... From maldrich at grci.com Tue Jul 9 19:33:29 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Wed, 10 Jul 1996 10:33:29 +0800 Subject: Put Uncle Sam in your Calling Circle In-Reply-To: Message-ID: On Tue, 9 Jul 1996, Ray Arachelian wrote: > I just got a really cool poster from RSA. It's a big circle split off > into several sections showing people talking to each other, the upper > right hand corner shows two NSA dweebs looking like Bevis & Butthead in > suits, one smoking, the other seated infront of an old 60's reel to reel > audio tape recorder, a sign on the wall behind them says "Key Escrow" > > Many many thanks to the cool person(s) at RSA who sent it my way. THE QUESTION THAT (therefore) BEGS TO BE ASKED: How can all the rest of us get copies, or are you just rubbing our collective noses in the "I got one and you don't" dirt? :) ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From steve at miranova.com Tue Jul 9 19:59:39 1996 From: steve at miranova.com (Steven L Baur) Date: Wed, 10 Jul 1996 10:59:39 +0800 Subject: Word lists for passphrases [vocabularypunks] In-Reply-To: Message-ID: >>>>> "Mark" == Mark M writes: Mark> According to Altavista: Mark> nethermost - 45 Mark> insatiable - 200 Mark> insufferable - 200 Mark> I know I have too much free time. According to Dejanews: Individual word hit counts * nethermost: 185 * insatiable: 1191 * insufferable: 752 * antidisestablishmentarianism: 142 :-) -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone except you in November. From perry at piermont.com Tue Jul 9 20:04:13 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 10 Jul 1996 11:04:13 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607091902.MAA18000@netcom14.netcom.com> Message-ID: <199607092034.QAA14218@jekyll.piermont.com> Mike Duvos writes: > Inventing mythological ailments and "politicizing dissent" has > other disadvantages as well. Little Johnny's perfectly valid > criticisms of the local NEA stormtrooper can be easily dismissed > by an explanation that Johnny has "Authority Defiance Disorder", > or some other convenient thing that permits Johnny to be tranked > senseless whenever he might say something awkward in public. The abuse of psychiatry as an instrument of opression is not new, of course. The Soviet Union used it regularly. However, if anything, Ritalin gives a person with ADD the tools with which to more effectively subvert authority. Its very hard to smash the state, or even plot to get even with your boss, when you can't concentrate sufficiently to execute your plans. It may be true that someone will be less likely to impulsively act out against authority under its influence, but such impulses rarely actually produce any sort of lasting impact -- they only get one in trouble. By contrast, effective subversion requires patience and self discipline, which is precisely what an ADD sufferer does not have. In short, if one really was trying to narcotize a troublemaker, tranquilizers and the like are probably far better than Ritalin and other amphetamines, which, in spite of Tim's pronouncements, do not act as tranquilizers. > > Did you listen to that guy at all? He was in pain and > > anguish over the fact that his life was totally screwed up > > in spite of his best efforts to make a go at work he loved. > > Now he can function. You want him to be "diverse" and go on > > not functioning. He doesn't want that. Who are you to tell > > him how live his own life? > > The human body is a homeostatic system. Let's see what this > guy's mood looks like in 30 years and see how he feels about > Ritalin taking then. By that time, he may be taking the same > dose he is today just to feel as rotten as he did before he > started taking it at all. Actually, some ADD sufferers actually need less medication with time, as the ability to concentrate for prolonged periods gives them the chance to work on non-drug based coping strategies which are difficult to work on without the meds. Perhaps you ought to examine the scientific literature rather than simply deciding to guess. Perry From perry at piermont.com Tue Jul 9 20:14:57 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 10 Jul 1996 11:14:57 +0800 Subject: Contracts, Responsibilities, and Drug-Dispensing In-Reply-To: Message-ID: <199607092044.QAA14236@jekyll.piermont.com> Timothy C. May writes: > -- If someone makes a contract, formal or informal (with some caveats), to > supply a dose of drugs, alcohol, whatever, at some specified time, then > this is fine. But if no contract exists, not supplying the drugs is not > interference in choice. (Is, for a example, a Mormon interfering in the > rights of a friend by refusing to supply a drink to a visiting friend? Am I > interfering in the choice of others by refusing to allow cigarette smoking > in my home? Examples like this are easy to find.) If you bring a child to someone's home, and you tell them "here are the kids' meds -- you'll give them to the kid on time, right?" and you say "No" right then, thats fine. However, your friend accepted custody of the medication and of the child, did not indicate that they had no intention of dispensing the child's medication on time, and in essense failed to comply with normal standards of behavior -- contractual behavior, as it were. It appears that you are trying very hard to retrofit this behavior into your theory of what's acceptable for people to do based on your personal distaste for a particular treatment -- a treatment you do not understand for a condition you do not understand, impacting a child that is not your own. > -- If someone claims there is an _implied_ contract in this case, this > falls apart after the first "refusal" to supply the dose. That is, Vickie, > the mother, is well aware that my friend is returning the Ritalins to her > unused, in the kid's backpack. I agree that the mother at that point understands what is going on and shouldn't be sending the child over. However, I'd say that as a social matter, the person refusing to give the child their medicine is not doing anyone a favor. "You see, my son, I'm demonstrating that I can be Holier than Thou by refusing to give your playmate the medication his parents instructed me to give him. Since I have a right not to do so, I can exercise that right and create stress and demonstrate how little regard I have for the way people choose to raise their own children. Someday you can follow in my footsteps." > It's always useful in discussing "rights," as Perry is doing, I believe I was discussing a cognitive problem, actually, and not rights. The only right I discussed in detail was every person's right to tell you to mind your own business, just as you loudly tell everyone else. Perry From bart.croughs at tip.nl Tue Jul 9 20:24:11 1996 From: bart.croughs at tip.nl (Bart Croughs) Date: Wed, 10 Jul 1996 11:24:11 +0800 Subject: DS: The Net and Terrorism Message-ID: <01BB6DE1.F2CE5BE0@groningen06.pop.tip.nl> On monday 8 july 1996, Mark Rogaski wrote: An entity claiming to be Timothy C. May wrote: : : (Note: For various cultural and image reasons, science and technology are : _not_ emphasized as careers for black children. Contrast the image of : science in predominantly black environments with the image of science in, : say, predominantly Jewish environments. The result is clear: blacks are : severely underrepresented in these areas, and Jews are overrepresented in : these same areas. Hey, I'm just citing a basic truth of our times, at least : in this country. Similar statistics apply to Asians, with more than half of : all U.C. Berkeley science and engineering undergrad students being Asian, : and something less than 3% of them being black. The figures for who : _graduates_ are even more skewed. There are various reasons for this. One : of my pet peeves is how the terms "dweeb," "nerd," and "geek" are used to : characterize science and engineering majors and professionals. Hardly terms : that are likely to make a brother in the hood consider studying science!) : I attended a school in the Pittsburgh area that had an active recruiting effort centered in Philadelphia. Thus, most of the black students were from inner-city Philly. What I noticed about their failure to show up in upper level math/science classes was that they had to spend too much time in remedial classes to undo the damage done by city schools. Considering the percentage of America's black population that lives in urban areas, that seems to explain the lack of black representation. Even more distressing on the whole was the lack of female students in the Comp. Sci. department ... but that's another story. As for the slang, I don't think it's going to attract white kids from the suburbs either. Screw the stereotypes, it's a little too close to the "They could but they don't have the drive/will/intelligence" arguments to say that Dilbert cartoons are going to turn off a "brother in the hood" to math/science. Also, most of the Asian students at my school were not US citizens. Most were from China or Japan. mark - -- I wonder why you don't mention the fact that blacks on average have a lower i.q. than whites, while jews and Asians have a higher i.q. than (non-jewish) whites. If we talk about achievement in science, these facts seem rather important. And why is the lack of female students in the Comp.Sci. department distressing? It's what you can expect: on average, women are less talented than men in dealing with abstractions. Bart bart.croughs at tip.nl From jimbell at pacifier.com Tue Jul 9 20:24:30 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 10 Jul 1996 11:24:30 +0800 Subject: A case for 2560 bit keys Message-ID: <199607092058.NAA05528@mail.pacifier.com> At 11:09 PM 7/8/96 -0400, David F. Ogren wrote: >And so we have to ask ourselves, why _not_ use a 2047+ bit key. It has >greater longevity and greater security. Why not be overcautious when >the cost is so small? I don't think it's going to make a great deal of difference. We've "all" shifted to 1024-bit keys, even though it's unlikely anybody will have the resources to crack them for decades if not centuries. And the moment any government prosecutes anyone with information obtained by a decrypt of a 1024-bit key, the (then) stragglers will join the rest of us at 1500 or 2000+. The government knows this and there's nothing it can do about it, except possibly for GAK and it isn't making much headway in that. The most negative part of a long key is the false sense of security it may engender in the weak-minded: All key sizes are equally insecure from a computer black-bag job or a specially-engineered virus. If you're really interested in your future security, probably the best thing you can do is to convince Congress to write legislation to ban negotiations and/or treaties with other countries which in any way ban or restrict encryption, preventing Klinton from doing an end-run around the Bill of Rights with regard to the 1st amendment. Maybe it's just too much of a wish-list item, but a I'd like to see a legal prohibition on the government attempting to decrypt any information that it didn't (legally; with authorization) have the key to when it collected that information. Jim Bell jimbell at pacifier.com From frantz at netcom.com Tue Jul 9 21:07:06 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 10 Jul 1996 12:07:06 +0800 Subject: Contracts, Responsibilities, and Drug-Dispensing Message-ID: <199607092212.PAA15529@netcom7.netcom.com> I think the really interesting question underlying this whole discussion is how a minor child makes the legal transition to a competent adult. This issue comes up again and again. We see it in "parental consent" laws requiring parental consent for a minor girl to get an abortion. We also see it in issues like when a minor child may throw off the "protection" of products like SurfWatch. ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)? ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From wombat at mcfeely.bsfs.org Tue Jul 9 21:25:11 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 10 Jul 1996 12:25:11 +0800 Subject: [Complete Noise] Re: [RANT] In-Reply-To: <199607090550.WAA28057@netcom14.netcom.com> Message-ID: > > So the short, smelly, bald, big-footed people who can't do tensor > calculus tell me. :) She was a three-of-five on the Duvos Scale if ever there was one, but it had been a long day at the office, and Bob was well into his third Martini ... From rah at shipwright.com Tue Jul 9 21:34:22 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 10 Jul 1996 12:34:22 +0800 Subject: July Freedom Forum Meeting Message-ID: --- begin forwarded text Date: Tue, 09 Jul 1996 17:48:35 -0500 From: Jack Shimek MIME-Version: 1.0 To: Subject: July Freedom Forum Meeting ******** FREEDOM FORUM ******* July Meeting Announcement ********************************** July 15, 1996, 7-9 PM, Newbridge Cafe, Nashua, New Hampshire E$ ---- Electronic Money and Commerce Robert Hettinga, Digital Commerce Society of Boston --------------------------------------- Banks have been doing "electronic funds transfers" for years, and now ATM transactions have skyrocketed, due to their convenience. What happens when you can take complete control by saving your e-money right in your own personal computer's hard drive? Will there be competing e-currencies? Will transactions become invisible? The internet and new encryption techniques make the possibilities absolutely enthralling. Hear Bob Hettinga explore all the technologies and possibilities at the July Freedom Forum! (For directions, see our web page at: http://www.mv.com/ipusers/jaqboot/Freedom/Forum.html apologies to this month's speaker for not creating a full web page on his talk. Will catch up after the talk. Jack Shimek --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From perry at piermont.com Tue Jul 9 22:09:16 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 10 Jul 1996 13:09:16 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <960709215703.21003a36@ROCK.CNB.UAM.ES> Message-ID: <199607092048.QAA14244@jekyll.piermont.com> JR at ns.cnb.uam.es writes: > >I bet you go up to people in near suicidal states and tell them "hey, > >get a life", don't you. > Sorry, Perry, but that's a cultural matter. Ah, so presumably that IS what you do with people who feel depressed. Comforting them would be too humane, I suppose. The right thing to do is to kick them in the balls and teach them a lesson, right? > As long as they have a free will. Then comes disease, when one is > not able to decide by him/herself. If I were to make a blood transfusion > to someone refusing it on religious grounds I wouldn't be much different > from the gov't imposing some crypto scheme on the basis of its own moral > grounds. Is it that what you are proposing? No. I am proposing that people who wish to voluntarily take a medicine that they feel improves their condition be left the hell alone by busybodies like you, Tim May, et al. Perry From jwilk at iglou.com Tue Jul 9 22:09:48 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Wed, 10 Jul 1996 13:09:48 +0800 Subject: PGP ICON Message-ID: Does anyone no where I can get a PGP icon for my web page?? Tanks a mil! --- From adamsc at io-online.com Tue Jul 9 22:11:09 1996 From: adamsc at io-online.com (Chris Adams) Date: Wed, 10 Jul 1996 13:11:09 +0800 Subject: Moviepunks Message-ID: <199607092350.QAA24217@toad.com> On 4 Jul 96 20:44:14 -0800, frissell at panix.com wrote: >"Somehow, I doubt William Jefferson Blythe Clinton would fly an F-15 against >a monster alien craft." He'd wait to finish shredding those files before leaving... // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From gkuzmo at ix.netcom.com Tue Jul 9 22:12:09 1996 From: gkuzmo at ix.netcom.com (George Kuzmowycz) Date: Wed, 10 Jul 1996 13:12:09 +0800 Subject: MSoft crypto API's Message-ID: <199607092319.QAA00934@dfw-ix2.ix.netcom.com> The June 10, 1996 Network World carried a story on page 8 under the title "Microsoft breaks crypto barrier", which starts off as follows: " Microsoft Corp. last week said it will include cryptography-based security technology in its operating systems, messaging product and Web browser through a new set of APIs that will be available both in the U.S. and overseas. " The fact that the National Security Agency is allowing Microsoft to export the cryptographic APIs is somewhat of a coup for the software vendor, although the NSA did nothing to alter the current export ban on strong encryption." Later on, it says: " Microsoft's Crypto APIs will be available to third-party vendors writing applications with embedded security. But the hardware or software Crypto-engines for these applications will need to be digitally signed by Microsoft before they will work with the APIs. Under an unusual arrangement with the NSA, Microsoft will act as a front man for the powerful U.S. spy agency, checking on whether the vendors' products comply with U.S. export rules." I was a bit surprised not to see any discussion of this here. Is it just old news? Or maybe people here don't read Network World? I didn't paste in the whole article for copyright reasons. Since they seem to be on a one-month lag with posting back articles on their Web site, it just this week became available at www.nwfusion.com. An MS/NSA alliance? -gk- From markm at voicenet.com Tue Jul 9 22:17:19 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 10 Jul 1996 13:17:19 +0800 Subject: Advances in Quantum crypto In-Reply-To: <9607092013.aa28178@salmon.maths.tcd.ie> Message-ID: On Tue, 9 Jul 1996, Derek Bell wrote: > ObCrypto: > > I see some Australian researchers have made an advance in quantum > crypto. What kinds of advances? Last I heard, British Telecom was using quantum crypto on 10 kilometer fiber optic cables. -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00001.pgp Type: application/octet-stream Size: 288 bytes Desc: "PGP signature" URL: From jonl at well.com Tue Jul 9 22:58:55 1996 From: jonl at well.com (jonl at well.com) Date: Wed, 10 Jul 1996 13:58:55 +0800 Subject: Eric Hughes at EF Forum Message-ID: <199607100011.RAA22500@well.com> Cypherpunk/cryptographer Eric Hughes will join yours truly at this week's Electronic Frontiers Forum, Thursday, 6PM Pacific Daylight Time. javachat at http://talk.wired.com or telnet to talk.wired.com -- Jon Lebkowsky http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays From jya at pipeline.com Tue Jul 9 23:09:26 1996 From: jya at pipeline.com (John Young) Date: Wed, 10 Jul 1996 14:09:26 +0800 Subject: Advances in Quantum crypto Message-ID: <199607100137.BAA24375@pipe5.t1.usa.pipeline.com> On Jul 09, 1996 20:30:11, '"Mark M." ' wrote: >On Tue, 9 Jul 1996, Derek Bell wrote: > >> I see some Australian researchers have made an advance in quantum >> crypto. > >What kinds of advances? Last I heard, British Telecom was using quantum >crypto on 10 kilometer fiber optic cables. Yes, Derek and Mark, provide more detail, maybe source citations, on both these references, if you have them handy. From weidai at eskimo.com Tue Jul 9 23:09:46 1996 From: weidai at eskimo.com (Wei Dai) Date: Wed, 10 Jul 1996 14:09:46 +0800 Subject: Contracts, Responsibilities, and Drug-Dispensing In-Reply-To: <199607092212.PAA15529@netcom7.netcom.com> Message-ID: On Tue, 9 Jul 1996, Bill Frantz wrote: > ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)? Interesting threat model... What can one do in the total absense of physical security? We've talked about mental cryptography before, but I think we agreed that it isn't very practical. Perhaps security through obscurity is a better solution here, since many parents are less computer literate than their children. Perhaps in the future kids will get non-removable tamperproof microchip implants behind their parents' backs. :) Wei Dai From perry at alpha.jpunix.com Tue Jul 9 23:16:02 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Wed, 10 Jul 1996 14:16:02 +0800 Subject: New type2.list/pubring.mix Message-ID: Hello again Everyone! I have just updated the type2.list/pubring.mix combination on jpunix.com to reflect middleman coming out of the closet. as well as the new key for mixmaster at alpha.c2.org. The files are available by FTP from ftp.jpunix.com and by WWW from www.jpunix.com not to mention they are available via premail-0.44! John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. From rochberg at GS84.SP.CS.CMU.EDU Tue Jul 9 23:24:24 1996 From: rochberg at GS84.SP.CS.CMU.EDU (David Rochberg) Date: Wed, 10 Jul 1996 14:24:24 +0800 Subject: Put Uncle Sam in your Calling Circle In-Reply-To: <+cmu.andrew.internet.cypherpunks+klsfp0q00UfAI10Oxk@andrew.cmu.edu> Message-ID: "Mark O. Aldrich" writes: [Tom Tomorrow RSA posters] > > THE QUESTION THAT (therefore) BEGS TO BE ASKED: > > How can all the rest of us get copies, or are you just rubbing our > collective noses in the "I got one and you don't" dirt? :) > You can find EPS and GIF versions at http://www.rsa.com/rsa/gallery/gallery.htm -david From mike at fionn.lbl.gov Tue Jul 9 23:27:34 1996 From: mike at fionn.lbl.gov (Michael Helm) Date: Wed, 10 Jul 1996 14:27:34 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <199607100140.SAA15188@fionn.lbl.gov> On Jul 9, 12:02pm, Mike Duvos wrote: > If we have safe and effective medications which increase > alertness in the school and in the workplace, why shouldn't > everyone be able to take them in small doses as the need arises? So? I hate to be flip, but is there a coffee shortage in your area? Stimulants don't have the same effect on everybody. "Normal" people who take stimulants tend to act a lot like untreated hyperactives: jittery, unfocussed, irritable. Your point about long term use is well taken, many people find the positive effects wear down after a while. Sometimes this is alrite, because in the meantime they have been able to learn coping strategies they were unable to learn before. Sometimes it is not alrite, because their problems are too severe, & they need other treatment. From ichudov at algebra.com Tue Jul 9 23:36:38 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 10 Jul 1996 14:36:38 +0800 Subject: ADD and Unix, + Ritalin Questions Message-ID: <199607100204.VAA15489@manifold.algebra.com> 1. Unix aggravates the Attention Deficit Syndrome. Do you agree? 2. USENET aggravates the Attention Deficit Syndrome. Do you agree? Also 3. Are there any long term effects from Ritalin, and can it be discontinued easily? - Igor. From tphilp at bfree.on.ca Tue Jul 9 23:41:17 1996 From: tphilp at bfree.on.ca (Tim Philp) Date: Wed, 10 Jul 1996 14:41:17 +0800 Subject: Giving Mind Control Drugs to Children (Last Word?) Message-ID: <02143460700334@bfree.on.ca> I have been watching (ie deleting) all this stuff about children and drugs. Personally, I think that if you leave children alone they will grow up and decide what drugs of choice they want to use. (insert favourite recreational drug here) As for myself, I follow the "bunghole" (tm) theory of raising children. This involves putting the child into a large barrel when they are born and sealing up the barrel. Food, water, and air are given to the child through the bunghole in the barrel. At the age of 18, you drive in the bung! Sorry folks, I couldn't resist! Warmly, Tim Philp From blancw at accessone.com Tue Jul 9 23:52:45 1996 From: blancw at accessone.com (blanc) Date: Wed, 10 Jul 1996 14:52:45 +0800 Subject: FW: [RANT] Giving Mind Control Drugs to Children Message-ID: <01BB6DD2.7F742B20@blancw.accessone.com> [for some reason this went out without my comments earlier] From: Mike Duvos Of course, no amount of reason will disuade the True Believers from embracing yet another disease model, and we shouldn't expect that it would. But I think it is clear to many people that the forced medication of children for the convenience of those who take care of them is getting a bit out of control. ........................................................................ From mcarpent at mailhost.tcs.tulane.edu Wed Jul 10 00:09:27 1996 From: mcarpent at mailhost.tcs.tulane.edu (Matthew Carpenter) Date: Wed, 10 Jul 1996 15:09:27 +0800 Subject: more about the usefulness of PGP In-Reply-To: <199607061957.VAA21682@digicash.com> Message-ID: <199607092115.QAA78592@rs6.tcs.tulane.edu> bryce at digicash.com wrote: > > Here's an idea that I always wanted to implement but never did > yet. I thought I'd share and if someone else has already done > it let me have a copy. > > > I should be able to execute scripts remotely by sending e-mail > to an account. Simple mail-handling scripts at that account > should check the PGP signature (and timestamp/counter to prevent > replay/delay attacks) and then pass the contents to a full > script-language interpreter. > > > Perl is a natural choice of interpreter. Has anybody > implemented this (hopefully complete with replay/delay > prevention)? > > > Thanks! > > Bryce > > P.S. No, actually I can't think of any good use for this > trick. But maybe if I had it I would find good uses for it. > I'd been thinking of something along those lines as well, but never got around to actually trying it. But I had some free time yesterday and got a system setup which uses procmail to pass on the message to a perl script which then decrypts the message if necessary and checks the signature. If the signature is good it then executes the scrypt, encrypts the output from the script, and mails it back. I haven't had a chance to do any extensive testing, and it doesn't have any replay/delay prevention yet. I should have some time in a day or two to clean it up though. Just wanted to let you know that someone is working on it. I don't want to distribute it yet, since it is still rather messy and possibly buggy. --Matt -- mcarpent at mailhost.tcs.tulane.edu From EALLENSMITH at ocelot.Rutgers.EDU Wed Jul 10 00:16:09 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Wed, 10 Jul 1996 15:16:09 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <01I6VLB17Q2O984QJY@mbcl.rutgers.edu> From: IN%"perry at piermont.com" 9-JUL-1996 07:29:49.72 >get on with their lives. Maybe you would prefer to "help" them by not >letting them get medication. Maybe its "unnatural". Could you explain >to me, however, how you are making their lives better by not giving >them their meds? I mean, what concretely is better about their lives? Quite. Besides which, what's wrong with something being "unnatural"? If you define doing something to modify how one naturally thinks/behaves/whatever as "unnatural", then all education is unnatural, child raising is unnatural, etcetera; all these modify neural patterns in the long run. All this is more in the area of transhumanism than of cypherpunks, BTW, although I can see some _possible_ relevance. Mike Duvos writes: >> Again, to return to the height analogy, doctors have to throw >> short parents seeking human growth hormone[...] >You miss the point. You spoke of involuntarily medicated kids. Most of >the kids aren't involuntarily medicated. I wasn't, and I won't be when I go back on it (shortly, I hope). I noticed the difference that it made (as did my teachers), and I preferred it. >> The price of giving the patient (or the patient's parents) >> everything they want is [...] classrooms full of obedient >> citizen-units in Soma-induced trances. >Ritalin does not induce a zombie-like trance, as the numerous people >on this mailing list who take it can tell you. Most definitely agreed. While on it, I found myself much better able to do what _I_ ultimately wanted to do. -Allen P.S. Thank you, Perry. From markm at voicenet.com Wed Jul 10 00:23:13 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 10 Jul 1996 15:23:13 +0800 Subject: A case for 2560 bit keys In-Reply-To: <199607092058.NAA05528@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 9 Jul 1996, jim bell wrote: > I don't think it's going to make a great deal of difference. We've "all" > shifted to 1024-bit keys, even though it's unlikely anybody will have the > resources to crack them for decades if not centuries. And the moment any > government prosecutes anyone with information obtained by a decrypt of a > 1024-bit key, the (then) stragglers will join the rest of us at 1500 or > 2000+. The government knows this and there's nothing it can do about it, > except possibly for GAK and it isn't making much headway in that. Wiretaps aren't always used as evidence. It's a very effective way to snoop on people under suspect and get some information on where some incriminating information may be, but they rarely produce hard evidence. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeL7lrZc+sv5siulAQGAeQP9GWDx/lapMeBCUW+0+P24uf/Il5eJUg+S 4RSZb8owZvWJ0queF+ygfFjSI8DV+HJNFryOJ87vNRmINvTCTuepNJzod1QG8+tk B2NMJ59rO7AFGWhikqlLLA4QOc5qX5Uvti/Rwu8BmqS/TAt3RFjqciRiDakJA2Pa SCVhOh3GnwQ= =mVY8 -----END PGP SIGNATURE----- From jimbell at pacifier.com Wed Jul 10 00:37:38 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 10 Jul 1996 15:37:38 +0800 Subject: MSoft crypto API's Message-ID: <199607100335.UAA01215@mail.pacifier.com> At 07:19 PM 7/9/96 -0400, George Kuzmowycz wrote: > The June 10, 1996 Network World carried a story on page 8 under the >title "Microsoft breaks crypto barrier", which starts off as follows: > > " Microsoft Corp. last week said it will include cryptography-based >security technology in its operating systems, messaging product and >Web browser through a new set of APIs that will be available both in >the U.S. and overseas. > > " The fact that the National Security Agency is allowing Microsoft >to export the cryptographic APIs is somewhat of a coup for the >software vendor, although the NSA did nothing to alter the current >export ban on strong encryption." > > Later on, it says: > >" Microsoft's Crypto APIs will be available to third-party vendors >writing applications with embedded security. But the hardware or >software Crypto-engines for these applications will need to be >digitally signed by Microsoft before they will work with the APIs. >Under an unusual arrangement with the NSA, Microsoft will act as a >front man for the powerful U.S. spy agency, checking on whether the >vendors' products comply with U.S. export rules." Unexplained: What if the program Microsoft is asked to sign is not intended for export? Presumably, NSA has no authority, then, and thus presumably Microsoft shouldn't be able to refuse to sign anything they're asked. Question: Doesn't this set up an action by Microsoft which would be actionable under anti-trust laws (if it wasn't done at the behest of government?) Couldn't somebody IMPORT a piece of encryption software, have it signed by Microsoft, then take the XOR of the signed and unsigned software and export it? (It's not a tool capable of encryption...) Or: Microsoft presumably has foreign branches, or at least it could easily afford to set up one. What's to stop Microsoft from signing foreign encryption software outside of the US? The software is never exported (since it's already outside the country...), so there's no USA-law involv ement. Jim Bell jimbell at pacifier.com From perry at alpha.jpunix.com Wed Jul 10 00:42:07 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Wed, 10 Jul 1996 15:42:07 +0800 Subject: MiddleMan comes out of the closet! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone! After a lot of testing, I've come to discover that the middleman reliability problems are vastly due to the nymserver front-end. With this in mind, I've decided to drop the nym for middleman and announce it's actual presence. I am middleman and I wrote the patches to mixmaster to make it work with premail. I want to see the middleman remailer work as a viable remailer and I feel that having the nym front-end has caused a less than acceptable remailer in terms of usability. With this, I'm announcing the new email address for the middleman remailer. It is now middleman at jpunix.com. What does this affect? The middleman remailer can be used as a front-end remailer and you don't have to question who is running it. The middleman remailer will still NEVER be the remailer on the end, hence the problems with discovery and persecution by entities that wish to go after "the remailer on the end" hopefully will not occur. Of course anyone wishing to run a middleman remailer can still opt to use a nym, but at the price of a decrease in performance. I will continue to work with Matt Ghio to get the nymserver code to be more reliable. I admit, it needs a facelift. If you have any questions or comments please feel free to email me at perry at alpha.jpunix.com. Flames go to /dev/null. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMeLqZFOTpEThrthvAQGsggP9EQfhtEb3/ovlzt2gq/skK8YnqJvagisY 2NMYP6X3mL+AkDArDuEYoXwrFIk6fsg7l2a8kOk8FdxezpChTXczyvo85wvV3WSx SHEzGJelI8MIil0tT/noIfS/nrLJzVb5nG8r68tNV0lH5hmMqDC73StWL05xlouc 2NUPZURjIG8= =/0kY -----END PGP SIGNATURE----- From support at vocaltec.com Wed Jul 10 00:44:11 1996 From: support at vocaltec.com (support at vocaltec.com) Date: Wed, 10 Jul 1996 15:44:11 +0800 Subject: Setting up Internet wave Message-ID: <199607100350.XAA24797@vocaltec.com> Dear Steve Cypherpunk, Thank you for your interest in the Internet Wave technology from VocalTec. As the Internet Wave is currently in beta-testing, we will keep you informed about new releases of the server utilities and client application. If you don't want to get such information, then send us an Email. In order to get the Internet Wave Encoder utility and server CGI you should follow these steps: 1. Go to the url http://www.vocaltec.com/server.htm (This is the same URL of the form you filled in order to get this Email reply) 2. Click the download reference. 3. You will be be asked for a username and password. enter: username: iwave password: 7365583 4. You will now start downloading the package. 5. Unzip the file, and read the readme.txt file for information on using the CGI utility and encoder. Yours, VocalTec Staff. From WlkngOwl at unix.asb.com Wed Jul 10 00:47:32 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 10 Jul 1996 15:47:32 +0800 Subject: A case for 2560 bit keys Message-ID: <199607092154.RAA24946@unix.asb.com> On 8 Jul 96 at 23:09, David F. Ogren wrote: [..] > Despite the above, there are convincing arguments for longer RSA keys. > Instead of asking "Why should we have longer keys?", perhaps we should be > asking "Why _shouldn't_ we have longer keys?" > In a hybrid cryptosystem such as PGP, very little of the computational > process is consumed by RSA encryption. Only a tiny fraction of the message > is RSA encrypted (the session key), and thus the time-critical operation is > the symmetric crypto system (IDEA for PGP). > > As an experiment generate a 2047 bit PGP key and a 512 bit PGP key. > Encrypt a file (preferably of a reasonable size) using both keys. > Depending on the computer you are using, the time difference between the > two keys will be a matter of few seconds or even a fraction of a second. Depends on the computers one uses, and who you are computing with. I've heard some horror stories of people using PGP modified to handle 4kbit or 8kbit keys on 286s that waited days to generate keys and hours to sign or decrypt messages. If you're exchanging messages with people using fast computers, lerger key sizes are practical. Otherwise you need to take the issue of key-size/speed tradoff seriously. > It seems foolish that we use RSA keys that are less secure than our IDEA > session keys. Our RSA keys are much more valuable than our session keys. [..] If very improved factoring methods are discovered, it might not matter. If a new method of cryptanalysis against IDEA comes out, that might make RSA key-sizes a non-issue. AFAIK, PGPlib will support multiple public key and private key algorithms. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From adamsc at io-online.com Wed Jul 10 00:53:22 1996 From: adamsc at io-online.com (Chris Adams) Date: Wed, 10 Jul 1996 15:53:22 +0800 Subject: CWD -- Jacking in from the "Keys to the Kingdo Message-ID: <199607092315.QAA28715@cygnus.com> On 5 Jul 96 12:41:54 -0800, wendigo at gti.net wrote: >: It would actually take less creativity to do the other things, bypass the >: config.sys, etc. The child would thus be perhaps a little TOO creative. :) >B) Forget the CONFIG.SYS ... what about kids using Macs or some future > "Kid Safe" system that has the filters in an eeprom? I'm talking > about bypassing the censorship on the client-server level. Relatively > platform independent. I doubt it will ever happen, for two reasons: 1) people always forget passwords and/or have system problems. There will always be a need for system disks or CDs. If parents don't trust their kids (and the ones most worred don't; if they trust their kids, they're not going to worry about what they're doing in the first place) chances are they're still not going to lock up the CD and keep the kid from borrowing one from a friend, etc. Also, most parents tend to be sloppy with passwords - it's easy to observe them entering it, etc. 2) Most parents need the kid to keep the computer working. They a) don't have the knowledge/skill to keep the kid out and b) need to give him access to repair things. If their kid is in fixing a problem, dropping the security software is trivial (better yet: "Mom. Guess what! The bug was in NetNanny"). // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From sdirge at mail.concentric.net Wed Jul 10 00:56:16 1996 From: sdirge at mail.concentric.net (sdirge at mail.concentric.net) Date: Wed, 10 Jul 1996 15:56:16 +0800 Subject: Junk E-Mail Message-ID: <199607100403.VAA14293@dfw-ix11.ix.netcom.com> I know that this is off topic but.. How can I stop these idiot's sending me junk E-mail. I am posting this here because this group sounds like one of the only intelligent groups of people on the internet. Whatever mailing list I got on is sure working I am getting 2-3 junk e-mail's per day. Thanks Steve From EALLENSMITH at ocelot.Rutgers.EDU Wed Jul 10 00:56:38 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Wed, 10 Jul 1996 15:56:38 +0800 Subject: Edited Edupage, 9 July 1996 Message-ID: <01I6VN5HC4Y8984QJY@mbcl.rutgers.edu> From: IN%"educom at educom.unc.edu" 9-JUL-1996 18:15:10.81 ***************************************************************** Edupage, 9 July 1996. Edupage, a summary of news items on information technology, is provided three times each week as a service by Educom, a Washington, D.C.-based consortium of leading colleges and universities seeking to transform education through the use of information technology. ***************************************************************** >ISLAM AND THE INTERNET >Seven private Internet providers are now offering their services in Egypt, >and in Jordan an online service offers a forum where local residents can >talk to senior government officials; however, a number of government >officials, religious conservatives, and intellectuals in those countries do >not wish to the public to be exposed by the Internet to pornographic >materials or subjected to an invasion of ideas that could threaten >political stability and undermine Islamic culture. "If you have certain >values you don't want them to be neglected," says the secretary-general of >Egypt's Labor Party. "Our society is Islamic, and we have our own values, >which may not be the same as the West." (Christian Science Monitor 9 Jul >96) The Monitor's new web site is at < http://www.csmonitor.com >. Like China, various other countries are trying to get the Internet's benefits (such as technical information) without its other consequences (extension of civil liberties into countries that want to deny them). One idea that I've had for preventing such problems is to look for addresses from such countries that are posting to technical newsgroups, to technical mailing lists, or that are attempting to get access to web pages on technical subjects (which access they will hopefully be denied, although an alternate possibility). Then mail information to those addresses that those countries don't want getting into their countries, such as on human rights abuses (or well-written pornography...). One interesting (and somewhat cypherpunk) matter in this is making sure that the email in question can't be blocked by simple means such as who it appears to be from; faked email addresses, which wouldn't need to be unbreakable in this country - a definite advantage - would be necessary. One difficulty is that they might start searching on keywords for text. An extension of this for web sites, which I understand as possible but difficult, would be to swap anyone from such a country trying to get access to a technical web site to instead receive "subversive" information or pictures. (The pornography mentioned above would probably be more effective in picture format; other pictures might include information on human rights abuses). One attractive matter on the above is that it can be pretty easily done by individuals. TCMay, for instance, might want to set up a bot that would mail people in Sudan information on female castration/"circumcision". -Allen >Edupage is written by John Gehl & Suzanne Douglas >. Voice: 404-371-1853, Fax: 404-371-8057. >*************************************************************** >Edupage ... is what you've just finished reading. To subscribe to Edupage: >send mail to: listproc at educom.unc.edu with the message: subscribe edupage >Gabriel Daniel Fahrenheit (if your name is Gabriel Daniel Fahrenheit; >otherwise, substitute your own name). ... To cancel, send a message to: >listproc at educom.unc.edu with the message: unsubscribe edupage. (If you >have subscription problems, send mail to manager at educom.unc.edu.) From erleg at sdinter.net Wed Jul 10 00:57:28 1996 From: erleg at sdinter.net (Erle Greer) Date: Wed, 10 Jul 1996 15:57:28 +0800 Subject: Word lists for passphrases [vocabularypunks] Message-ID: <2.2.32.19960710040559.006a6328@pop3.sdinter.net> At 01:18 PM 7/9/96 -0700, you wrote: >>>>>> "Mark" == Mark M writes: > >Mark> According to Altavista: > >Mark> nethermost - 45 >Mark> insatiable - 200 >Mark> insufferable - 200 > >Mark> I know I have too much free time. > >According to Dejanews: > Individual word hit counts > * nethermost: 185 > * insatiable: 1191 > * insufferable: 752 > * antidisestablishmentarianism: 142 :-) > >-- >steve at miranova.com baur >Unsolicited commercial e-mail will be proofread for $250/hour. >Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone >except you in November. Ok fellas, I am usually against senseless arguing. Especially over a subject that certain individuals shouldn't even had wasted the time to reply to if they couldn't give a sh*t about it in the first place. Therefore, I assume that they are arguing JUST to argue, but they wait until a topic pops up that they have some background in, therefore standing a chance of winning. Well, you already lost when you assumed that something worthwhile or useful would come of your negative responses. Oh, excuse me; you did get replies to your responses, so I guess your investment did turn a profit. Well, stooping even further into your realm, I too visited my trusty search utility, MetaCrawler. It too found all four of your words. I decided to pluck five odd-looking words from my MAINLIST.TXT produced by Word-List Builder. The list is COMPLETELY untouched or altered by human hands. I ran all five of them through MetaCrawler and your DejaNews (ultra list source) and here are the results: Word MetaCrawler DejaNews -------------------- ----------- -------- DisplayWorkstationSe 0 0 SETUPPP 0 0 TmpDirPad 0 0 dsRegSetPads 0 0 TotalSwapReqdFromINF 0 0 (These words were all found in the first 1% of my list and then I got bored.) Logic tells me that a word that can be found ANYWHERE with a publicly-available search utility would not be the IDEAL passphrase to lock up my secrets. Well, now that I know where YOU will be assembling your list from, I can rest assured to pull one from my list instead. -fin From WlkngOwl at unix.asb.com Wed Jul 10 01:03:01 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 10 Jul 1996 16:03:01 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <199607092154.RAA24955@unix.asb.com> On 9 Jul 96 at 0:19, Perry E. Metzger wrote: [..] > Has it occurred to you that many of the children in question are happy > being medicated, as are many adults? In any case, who are you to tell > other people what's good for them? Whether or not the medication works for some (or all) people, whether or not it ruins or improves their lives, etc. etc, is not really the issue. A problem is in giving children medication when they lack the legal freedom (and possibly emotional or mental maturity) to make their own decisions to take it or not. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From geeman at best.com Wed Jul 10 01:13:57 1996 From: geeman at best.com (geeman at best.com) Date: Wed, 10 Jul 1996 16:13:57 +0800 Subject: FW: MSoft crypto API's Message-ID: <01BB6DDF.0FFA0A00@geeman.vip.best.com> ---------- From: George Kuzmowycz[SMTP:gkuzmo at ix.netcom.com] Sent: Tuesday, July 09, 1996 4:19 PM To: cypherpunks at toad.com Subject: MSoft crypto API's ...... The June 10, 1996 Network World carried a story on page 8 under the title "Microsoft breaks crypto barrier", which starts off as follows: " Microsoft Corp. last week said it will include cryptography-based security technology in its operating systems, messaging product and Web browser through a new set of APIs that will be available both in the U.S. and overseas. They said this quite some time ago! Later on, it says: " Microsoft's Crypto APIs will be available to third-party vendors writing applications with embedded security. But the hardware or software Crypto-engines for these applications will need to be digitally signed by Microsoft before they will work with the APIs. Under an unusual arrangement with the NSA, Microsoft will act as a front man for the powerful U.S. spy agency, checking on whether the vendors' products comply with U.S. export rules." > They got it wrong, no big surprise. MSFT explicitly says export compliance is the developer's responsibility, and any notion that MSFT is going to front for NSA in somehow validating crypto code is ludicrous. The signature function is so the OS can validate the code and make sure it's not been tampered with. Period. Excuse me, er, NW, how is MSFT going to sign hardware? heheheheh. I was a bit surprised not to see any discussion of this here. Is it just old news? Or maybe people here don't read Network World? > Both. An MS/NSA alliance? > Perhaps, but this ain't it. From jimbell at pacifier.com Wed Jul 10 01:37:29 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 10 Jul 1996 16:37:29 +0800 Subject: Contracts, Responsibilities, and Drug-Dispensing Message-ID: <199607100517.WAA07051@mail.pacifier.com> At 05:33 PM 7/9/96 -0700, Wei Dai wrote: >On Tue, 9 Jul 1996, Bill Frantz wrote: > >> ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)? > >Interesting threat model... What can one do in the total absense of >physical security? We've talked about mental cryptography before, but I >think we agreed that it isn't very practical. Perhaps security through >obscurity is a better solution here, since many parents are less computer >literate than their children. All the kids need to do is to put their secrets in a file named "README.TXT" and put it in the root directory! Jim Bell jimbell at pacifier.com From rah at shipwright.com Wed Jul 10 01:38:50 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 10 Jul 1996 16:38:50 +0800 Subject: Important UK court case Message-ID: >From the strong-network/weak-transaction model hits the wall dept.... Cheers, Bob Hettinga --- begin forwarded text To: set-discuss at commerce.net Subject: Important UK court case Date: Tue, 09 Jul 1996 12:13:28 +0100 From: Ross Anderson Sender: owner-set-talk at commerce.NET Precedence: bulk +----------------------------------------------------+ Addressed to: set-discuss at commerce.net +----------------------------------------------------+ At a trial in England yesterday, a judge decided that if a bank was not prepared to let their computer systems be examined by a hostile expert witness, then they could not even present bank statements in evidence. At least SET has been done right - I believe it is the first significant banking protocol to have undergone an open design review. I hope that there will be implementations that have also undergone credible scrutiny. I append a note of the case that I posted to our supporters. Ross Anderson ********************************************************************* John Munden is acquitted at last! At twenty past two today, John Munden walked free from Bury Crown Court. This resolved a serious miscarriage of justice, and ended an ordeal for John and his family that has lasted almost four years. In a judgment loaded with significance for the evidential value of cryptography and secure systems generally, His Honour Justice John Turner, sitting with two assessors, said that when a case turns on computers or similar equipment then, as a matter of common justice, the defence must have access to test and see whether there is anything making the computers fallible. In the absence of such access, the court would not allow any evidence emanating from computers. As a result of this ruling, the prosecution was not in a position to proceed, and John Munden was acquitted. John was one of our local policemen, stationed at Bottisham in the Cambridge fenland, with nineteen years' service and a number of commendations. His ordeal started in September 1992 when he returned from holiday in Greece and found his account at the Halifax empty. He complained and was told that since the Halifax had comfidence in the security of its computer system, he must be mistaken or lying. When he persisted, the Halifax reported him to the police complaints authority for attempted fraud; and in a trial whose verdict caused great surprise, he was convicted at Mildenhall Magistrates' Court on the 12th February 1994. I told the story of this trial in a post to comp.risks (see number 15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1). It turned out that almost none of the Halifax's `unresolved' transactions were investigated; they had no security manager or formal quality assurance programme; they had never heard of ITSEC; PIN encryption was done in software on their mainframe rather than using the industry-standard encryption hardware, and their technical manager persisted in claiming (despite being challenged) that their system programmers were unable to get at the keys. Having heard all this, I closed my own account at the Halifax forthwith and moved my money somewhere I hope is safer. But their worships saw fit to convict John. An appeal was lodged, but just before it was due to be heard - in December 1994 - the prosecution handed us a lengthy `expert' report by the Halifax's accountants claiming that their systems were secure. This was confused, even over basic cryptology, but it was a fat and glossy book written by a `big six' firm with complete access to the Halifax's systems - so it might have made an impression on the court. We therefore applied for, and got, an adjournment and an order giving me - as the defence expert witness - `access to the Halifax Building Society's computer systems, records and operational procedures'. We tried for nine months to enforce this but got nowhere. We complained, and the judge ordered that all prosecution computer evidence be barred from the appeal. The Crown Prosecution Service nonetheless refused to throw in the towel, and they tried to present output such as bank statements when the appeal was finally heard today. However, the judge would have none of it. For the computer security community, the moral is clear: if you are designing a system whose functions include providing evidence, it had better be able to withstand hostile review. Ross ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This message was sent by set-discuss at commerce.net. For a complete listing of available commands, please send mail to 'majordomo at commerce.net' with 'help' (no quotations) contained within the body of your message. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From WlkngOwl at unix.asb.com Wed Jul 10 01:39:18 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 10 Jul 1996 16:39:18 +0800 Subject: A case for 2560 bit keys Message-ID: <199607100502.BAA06102@unix.asb.com> On 9 Jul 96 at 13:57, jim bell wrote: [..] > The most negative part of a long key is the false sense of security it may > engender in the weak-minded: All key sizes are equally insecure from a > computer black-bag job or a specially-engineered virus. If you're really Good point... but why limit false sense of security as to what governments or corporations can do. Poor passphrases, leaving plaintext files around (perhaps not wiping them), and even having incriminating conversations with folks on the 'net one doesn't know under the belief that encryption makes it safe, etc. etc. are probably more dangerous security holes. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From blancw at accessone.com Wed Jul 10 01:55:51 1996 From: blancw at accessone.com (blanc) Date: Wed, 10 Jul 1996 16:55:51 +0800 Subject: FW: [RANT] Giving Mind Control Drugs to Children Message-ID: <01BB6DE5.F2B1D660@blancw.accessone.com> Well, again my earlier message went out without my comments. I think I've discovered a feature in MS Exchange: true stego! Oh, well. The gist of my comment was: As Tim said, the selective application of drugs or persecution regarding their use points to a great hypocrisy (and deterioration of character), and the more widespread the acceptance of hypocritical double-standards, the higher the rate-o-meter goes up in favor of statism. At the very least, all the confusion surrounding drug use will create "disrespect for Authority" (which in turn will inspire statists to propose further crack-downs, pardon the pun, on "criminals"). It makes me think of those Communist countries (remember them?) where political dissenters were been labelled insane - the protesters were the ones identified as having the problems, not the State. The imprisoned troublemakers were then drugged, thus taking care of their "irrational" behavior and lack of appreciation. ...................................................................... Otherwise, replying to Perry, who remonstrated: Look, quit trying to tell people who have ADD that they are in the wrong jobs, that they are unmotivated, that they are "lazy", or whatever. Calling them "nuts" is actually far better. It at least acknowledges that there is something wrong that isn't readily fixed by the nostrums of people who have no idea whatsoever what they are going through. It's pretty easy to get caught up in a controversial thread like this one and begin to make all sorts of recommendations. I realize it's not for me, a stranger removed from the life of one who suffers from something like ADD, to categorize and condemn them. I was just presenting the example that sometimes problems are not what some people think they are, and therefore the solutions are not necessarily the best, either. But, this subject as Tim brought it up was concerning the relationship of drugs to society, hypocricy, and little helpless neighbor children (very controversial). In regards to an individual's personal self-made choice to use drugs or other chemical substances on themselves, what else could a cold, cruel, anarcho-capitalist libertarian type do but defer to their decision? .. Blanc From enzo at ima.com Wed Jul 10 02:07:40 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Wed, 10 Jul 1996 17:07:40 +0800 Subject: MSoft crypto API's In-Reply-To: <199607092319.QAA00934@dfw-ix2.ix.netcom.com> Message-ID: On Tue, 9 Jul 1996, George Kuzmowycz wrote: > The June 10, 1996 Network World carried a story on page 8 under the > title "Microsoft breaks crypto barrier", which starts off as follows: > > " Microsoft Corp. last week said it will include cryptography-based > security technology in its operating systems, messaging product and > Web browser through a new set of APIs that will be available both in > the U.S. and overseas. > > " The fact that the National Security Agency is allowing Microsoft > to export the cryptographic APIs is somewhat of a coup for the > software vendor, although the NSA did nothing to alter the current > export ban on strong encryption." > > Later on, it says: > > " Microsoft's Crypto APIs will be available to third-party vendors > writing applications with embedded security. But the hardware or > software Crypto-engines for these applications will need to be > digitally signed by Microsoft before they will work with the APIs. > Under an unusual arrangement with the NSA, Microsoft will act as a > front man for the powerful U.S. spy agency, checking on whether the > vendors' products comply with U.S. export rules." > > I was a bit surprised not to see any discussion of this here. Is it > just old news? Or maybe people here don't read Network World? > > I didn't paste in the whole article for copyright reasons. Since > they seem to be on a one-month lag with posting back articles on > their Web site, it just this week became available at > www.nwfusion.com. > > An MS/NSA alliance? > > -gk- > More details are available from MS' web pages at: http://www.microsoft.com/win32dev/apiext/capi4.htm and: http://www.microsoft.com/intdev/security/cryptapi.htm I understand that NSA may have accepted the arrangement because only signed CSP's will be loaded under the CAPI, and MS will only sign them in Redmond. So, strong CSP modules developed outside the US will not be useable there because, once gone to Redmond, won't be re-exportable. On the other hand, I suspect that writing a binary-compatible CAPI emulator shouldn't be that difficult. That would allow to use the same CAPI-compliant applications anywhere in the world, running over different implementations of the crypto engine. The interesting part is that the basic, but crippled, CSP (PROV_RSA_FULL) will be supplied for free by MS: --http://www.microsoft.com/win32dev/apiext/capi4.htm -- 8< ----------- [...] Microsoft licensed cryptographic technology from RSA Data Security to create the base or default software CSP that ships with the operating system. The Microsoft RSA Base provider consists of a software implementation PROV_RSA_FULL provider type (see accompanying table of provider types). This CSP supports both public-key and symmetric (or "conventional") cryptography. It is exportable and will ship everywhere that the CryptoAPI is present. [...] ------------------------------------------------------- 8< ----------- That should free the developers of secure application from the need of buying licences from RSADSI, at least for export-grade functionality. Enzo From jimbell at pacifier.com Wed Jul 10 02:10:38 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 10 Jul 1996 17:10:38 +0800 Subject: A case for 2560 bit keys Message-ID: <199607100607.XAA09583@mail.pacifier.com> At 08:38 PM 7/9/96 -0400, Mark M. wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >On Tue, 9 Jul 1996, jim bell wrote: > >> I don't think it's going to make a great deal of difference. We've "all" >> shifted to 1024-bit keys, even though it's unlikely anybody will have the >> resources to crack them for decades if not centuries. And the moment any >> government prosecutes anyone with information obtained by a decrypt of a >> 1024-bit key, the (then) stragglers will join the rest of us at 1500 or >> 2000+. The government knows this and there's nothing it can do about it, >> except possibly for GAK and it isn't making much headway in that. > >Wiretaps aren't always used as evidence. It's a very effective way to snoop >on people under suspect and get some information on where some incriminating >information may be, but they rarely produce hard evidence. I'm well aware of that. However, I think we will shortly be entering an era where wiretaps are useless, and it will not be considered worth the risk to do them illegally, because the probability of being able to decrypt them will be so low. Jim Bell jimbell at pacifier.com From unicorn at schloss.li Wed Jul 10 02:13:28 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 10 Jul 1996 17:13:28 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607091945.MAA21866@netcom14.netcom.com> Message-ID: On Tue, 9 Jul 1996, Mike Duvos wrote: > Black Unicorn writes: > > > I keep looking around wondering if the list is being > > trolled. (Anyone else notice Mr. Duvos' username is "mpd"?) > > Pretty obvious it's my initials, as opposed to one of the other > thousand or so acronyms it collides with. I wasn't touting conspiracy theories, just making what I thought was an amusing observation. My apologies to Mr. Duvos. I didn't at all mean to suggest he was in any way responsible for this silliness, rather to point out the degree to which the conversation has sunk into the sewer. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From hal at martigny.ai.mit.edu Wed Jul 10 02:30:04 1996 From: hal at martigny.ai.mit.edu (Hal Abelson) Date: Wed, 10 Jul 1996 17:30:04 +0800 Subject: MIT harassed over publication of PGP book Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The following message is written on my own behalf; it is not an official statement of MIT. Over the past few weeks, MIT has been negotiating a research framework agreement with Sandia Labs. A framework agreement does not fund any particular piece of research. Rather it establishes policies and procedures under which future research will be funded and carried out. This saves MIT and Sandia the trouble of working out a separate agreement for each new contract. We have several such agreements in place with various organizations. Sandia has also set up agreements with universities in the past, and is currently setting then up with several more universities, including MIT. In the current round of negotiations, Sandia is requesting to add language to the agreement, giving them right of prior review over any publications arising from their sponsored research at MIT, in order that Sandia can review these for possible violation of US export control regulations. When our contract people queried this, they were put in touch with Bruce Winchell, a Sandia lawyer. Winchell told them that the State Department had "made it clear" to DOE that the Department was very concerned that "MIT did not have procedures in place to monitor the dissemination of material that is subject to export controls." Winchell went on to say that a recent MIT publication by "a Philip Zimmermann" came very close to violating export control laws. As far as we know, Sandia has not been discussing such a clause with other universities with which it is negotiating contracts. I assume that Mr. Winchell's comment above refers to the publication of the PGP source code book by MIT Press. Before publishing the PGP book, the Press wrote the State Department, informing them of our intent to publish the PGP book and giving them the opportunity to let us know if they thought this would raise an export control problem. We never received a response. Since publication, MIT has never (to my knowledge) heard from State that they had any objection to the PGP publication. Now, we learn of a back channel communication from State to DOE to Sandia, which has prompted Sandia to want to act as a policeman for MIT vis a vis export controls. This is troubling for what it says about how the State Department is dealing with export issues surrounding information about cryptography, and about the extent to which policies are being administered in a clear and above-board manner. Hal Abelson Prof. of Comp. Sci. and Eng. MIT -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMeNIKviGKLV9Y6XFAQFeRwP6ArPEyMTY3IgfuAQGcCCfmbuc5D/505N/ +x/9hhVZOIv33sEummQ5UtJeSAyH9gLg0GMOxKCpQOqsBsed5YAO9xVRjIW3dXfQ Xgo975qFHHmlRA3cxa5EZFg7Q/39V3QVKlCrcZ8jyYW9ECgNJtbMSvcvaO3Qzgom lgo4OB6g7eo= =QABK -----END PGP SIGNATURE----- From deviant at pooh-corner.com Wed Jul 10 02:39:23 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 10 Jul 1996 17:39:23 +0800 Subject: Contracts, Responsibilities, and Drug-Dispensing In-Reply-To: <199607092212.PAA15529@netcom7.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 9 Jul 1996, Bill Frantz wrote: > Date: Tue, 9 Jul 1996 15:15:26 -0700 > From: Bill Frantz > To: cypherpunks at toad.com > Subject: Re: Contracts, Responsibilities, and Drug-Dispensing > > I think the really interesting question underlying this whole discussion is > how a minor child makes the legal transition to a competent adult. This > issue comes up again and again. We see it in "parental consent" laws > requiring parental consent for a minor girl to get an abortion. We also > see it in issues like when a minor child may throw off the "protection" of > products like SurfWatch. > > ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)? > personaly, being legally a minor child (but only for 10 more months), i've never used programs like SurfWatch, and I don't really think i've been completely deranged by it. My parents don't know what I see on the net, and pretty much they don't try to regulate it.. Yet i'm still normal, I make good grades (ok, decent at best in some classes, but I do suffer from ADHD/Learning Disibilities), and I'm not some complete pervert. Sure, i've seen my share of porn, but everybody's seen SOME porn... anybody that says they've never done ANYTHING like that is either godly, or a complete social outcast who sits around and, as my AP Bio teacher would have put it, comtemplates their naval, all of the time. It just doesn't happen. The important part is that people be mature about it. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeNQXzAJap8fyDMVAQEH6Qf8DQHPMFTlxcMuYArD834ImgSWCemCLAq8 UnNDyll59/6DLuIoTg5iYSfqRWFRi/9CGKicK6CtjxTBhwnuzbPTuYOAmIvMxlTM TViUVmXxjs/T5MDCvhJUxVD28V1Yg5jLK34U55HK+OlTPn79mEmixYQM/9ulNz91 3EJtXR9LGa5L/CFbX+kbC4MTH4BBsWR7GoUHOhFeICuFplX1GU1WrUgjIwh+OhqL BLBqkYIRpuJv7T1J4LWY8l0g3eTRnxALeAjIvlv7wEHush4f4uvO5NRFs4Q5AN2n J6q+xU8ckV5mVSbG1qPVXEIxqtJk0kCZo4iDgNzD0RwJ5x/hqLNmxw== =Yd2H -----END PGP SIGNATURE----- From amehta at giasdl01.vsnl.net.in Wed Jul 10 02:42:01 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Wed, 10 Jul 1996 17:42:01 +0800 Subject: Minitel "saved" by hackers? Message-ID: <1.5.4.32.19960710115147.002ccb8c@giasdl01.vsnl.net.in> I'm reviewing "Cultures of Internet: Virtual Spaces, Real Histories, Living Bodies" edited by Rob Shields. Chapter 2, "The Labyrinth of Minitel" by Andre Lemos tells a fascinating story, after you get past the verbiage in the introduction (sample: "If modernity refused the artificial, and deepened separations and dichotomies, postmodernity tries to surpass well-established dichotomies, not in the dialectical sense through sublimation and synthesis, but more in the direction of making a place for dialogical complexity"). This may be old hat to cypherpunks, but it seems that the system, conceived as a videotex system, was hacked: "At the end of 1981 the messaging software ... was pirated by some users planning to communicate between each other in real time. Through this detournement -- literally, a 'hijacking' was born the messagerie." These included games dialogs in real time and postings. Soon there was the "messagerie rose", the sex stuff -- which generated most of the revenues. As Claire Ancelin notes,"the public has not hesitated to manifest tastes often opposed to those foreseen by experts, this public has not hesitated to make a serious information tool into a frivolous communication tool." So, shocked by this, what does the government do? Being unable to distinguish between different kinds of messageries, the government put a 30% tax in 1989 on all, and raised it to 50% in 1991! No wonder the Internet is gaining rapid popularity in France. My questions: 1) are any of those 1981 French hackers on this list or known to people here? 2) I checked out "Minitel history" on Alta Vista, and since my French is very modest, downloaded http://www.dlib.org/dlib/december95/12kessler.html, The French Minitel: Is There Digital Life Outside of the "US ASCII" Internet? A Challenge or Convergence? by Jack Kessler, and http://tklab6.informatik.uni-bremen.de/nii/Conference/Abstracts/berne.html THE MINITEL SUCCESS by Dr. Michel Berne. Surprisingly, neither mentioned the 1981 hijack. Can anyone suggest better references? 3) Kessler raised a controversial point: "Centralized control -- its political as well as its social and economic manifestations -- is relatively untested. Some fans of the Internet even deny the possibility of centralized control in their version of "Cyberspace". Yet such control is the single greatest issue of networked information to many Asians. Minitel's approach, which is so different from the Internet's celebrated de-centralized structure, provides useful comparisons for both systems to consider. ... The question for networking's next generation is what will scale up for Asia? To meet this challenge, some "convergence" -- some pooling of talents and approach, combining the sophisticated with the simple, the academic with the commercial, the decentralized and chaotic with the centralized and bureaucratic and controlled -- might not be such a bad idea for both the Internet and the Minitel to pursue now." Do you know of any country in Asia or elsewhere favoring the Minitel "centralized and bureaucratic" model over the Internet? From inglem at adnetsol.com Wed Jul 10 02:42:18 1996 From: inglem at adnetsol.com (Mike Ingle) Date: Wed, 10 Jul 1996 17:42:18 +0800 Subject: MSoft crypto API's In-Reply-To: <199607100335.UAA01215@mail.pacifier.com> Message-ID: <199607100645.XAA03352@adnetsol.adnetsol.com> It's even easier than that. Remember, signatures are detachable from the data. You import the software, MS signs it, you export the signature, and reattach it to the software. Mike > Couldn't somebody IMPORT a piece of encryption software, have it signed by > Microsoft, then take the XOR of the signed and unsigned software and export > it? (It's not a tool capable of encryption...) > > Or: Microsoft presumably has foreign branches, or at least it could easily > afford to set up one. What's to stop Microsoft from signing foreign > encryption software outside of the US? The software is never exported > (since it's already outside the country...), so there's no USA-law involv > ement. > Jim Bell > jimbell at pacifier.com > From deviant at pooh-corner.com Wed Jul 10 03:19:14 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 10 Jul 1996 18:19:14 +0800 Subject: July Freedom Forum Meeting In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 9 Jul 1996, Robert Hettinga wrote: > Date: Tue, 9 Jul 1996 19:04:46 -0400 > From: Robert Hettinga > To: dcsb at ai.mit.edu > Cc: cypherpunks at toad.com > Subject: July Freedom Forum Meeting > [stuff rm'd] > Banks have been doing "electronic funds transfers" for years, and now > ATM transactions have skyrocketed, due to their convenience. What > happens when you can take complete control by saving your e-money right > in your own personal computer's hard drive? Will there be competing > e-currencies? Will transactions become invisible? The internet and new > encryption techniques make the possibilities absolutely enthralling. this SHOULD never happen, for the same reason that money cards (the one's with the chip embedded in the plastic) should never happen. I'll use the card as an example of why not... ok, say I DID get a money card... here's the process that makes the encryption, and/or any other security, useless. 1) get a bank loan, and transfer the $$ onto the card.. lets say $100,000... 2) copy the chip. 3) now go cash both at seperate ATM machines, the same day. 4) pay off your loan. (you decided you didn't NEED a house after all) 5) move to switzerland, because this is VERY tracable. you now have $100,000 CASH, and a small paper trail. No cryptanalisys required. Of course, this would require some equipment, but anybody who can afford the equipment, with, say a small loan, can pay back their loan that day, and still have a bit of spending cash. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeNWdDAJap8fyDMVAQGkxAf9G+OQ1k93vrQH7Mo5uTIUjA7D7RmFZarJ jG/ul8AVBy3Ca6HL8xo0ZZKGNSatrcG/85rN6U9WJJIwoW3bxoW+1PearB8wwzvE 1iHBTvovzPy1QE2wjTy3wgtml/hDXW7tEfApp6CxxA26vcCRHyQ27xr2o5KGqjIi 3tEGOx+fMYwP9FGOMjyy63C2dzBG2MvXihvFF5jPiiZUinvv4W/qO/tCIKrBle+s edc+sVaLDZLxL7CGwIpeSU2ADQlb4fBypBT4OErdnm5KcGEwQ3lnLooCWHTsc1Gp vZ9gW5jqBzWtMOVg73PrGuyxwUC4hWLaA93aSJtkrOS1ZwRbNtikLg== =Qf6K -----END PGP SIGNATURE----- From erehwon at c2.org Wed Jul 10 03:21:15 1996 From: erehwon at c2.org (William Knowles) Date: Wed, 10 Jul 1996 18:21:15 +0800 Subject: Privacy & Anonymous service providers? In-Reply-To: Message-ID: I'm working on a web page that would include a list of Internet providers that offer anonymous accounts, or a better degree of privacy not usually seen by regular providers. Below is a list I have been able to put together, I'm wondering if there is some that I'm missing. To avoid noise on the list, please reply via e-mail. Community Connexion http://www.c2.org Paranoia http://www.paranoia.com Panhandle Web Services http://www.shellback.com Data Haven Project http://www.dhp.com L0pht Heavy Industries http://www.l0pht.com Offshore Information Services http://offshore.com.ai/ Thanks in advance! William Knowles erehwon at c2.org -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- From unicorn at schloss.li Wed Jul 10 03:33:33 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 10 Jul 1996 18:33:33 +0800 Subject: MSoft crypto API's In-Reply-To: <199607092319.QAA00934@dfw-ix2.ix.netcom.com> Message-ID: On Tue, 9 Jul 1996, George Kuzmowycz wrote: [...] > " Microsoft's Crypto APIs will be available to third-party vendors > writing applications with embedded security. But the hardware or > software Crypto-engines for these applications will need to be > digitally signed by Microsoft before they will work with the APIs. > Under an unusual arrangement with the NSA, Microsoft will act as a > front man for the powerful U.S. spy agency, checking on whether the > vendors' products comply with U.S. export rules." > > I was a bit surprised not to see any discussion of this here. Is it > just old news? Or maybe people here don't read Network World? [...] > An MS/NSA alliance? > > -gk- This is a very deft and sly move, if it was indeed planned, by the NSA. Clearly they have got the message. Political efforts to curtail crypto are doomed to failure. Economic strangulation is the way to go. Well here you are folks, months of bitching about how stupid the NSA must be has paid off. Not only is this clever, its insidious. 1. It's too difficult for Joe Sixpack to understand. 2. It preys on the market leader already, rather than attempting to bootstrap (as with clipper). 3. It uses as its implementation a private, rather than a public entity. Now this strikes me as something truely frightening. The NSA has become an intelligence agency which is effectively working in concert with private interests to conduct internal security operations by proxy. And what has microsoft gained? Nothing. They are still subject to export laws, they even have to kiss NSA ass more now less their little bit of largess be yanked away from them. While in past using a corporation such as E-Systems as a front and a constitutional end around was expected, this is the pre-empting of a major pre-existing entity. Does not bode well. Netscape, are you listening? You are being battered around in the press and on the market as being a flash in the pan. Yes, you got there first, but you are now giving it up to MicroSoft, or so say the writers. I was brutal and hard on you on this list for a reason before, and that was because the above was my fear. Netscape, are you listening? Now would be a good time to announce that you are not working for the NSA like some other companies. God, I wish someone in Netscape PR would wake the hell up. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From WlkngOwl at unix.asb.com Wed Jul 10 04:15:56 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 10 Jul 1996 19:15:56 +0800 Subject: MSoft crypto API's Message-ID: <199607100906.FAA27981@unix.asb.com> On 9 Jul 96 at 20:34, jim bell wrote: [..] > Unexplained: What if the program Microsoft is asked to sign is not > intended for export? Presumably, NSA has no authority, then, and thus They could insist on only signing exportable software, and in theory use that as ITAR-relaxing leverage. Methinks it's a bad move to only have MS sign software... presumably they won't outright refuse to sign competitors software. It would be a conflict of interest for them not to... very usable as evidence against MS in an anti-trust suit. Independent CA's would be better. IMO, it gives a false sense of sucurity to even require crypto apps to be signed. A lot of folks would want a developer's kit (probably cost $$$) to get around that requirement... nice loophole, BTW, for those that can afford it. Or until somebody patches the code to ignore bad signatures of lack of them and releases the patch. Oh yeah... false sense of security in that if an app is signed, it must be secure. Will the new Windows wipe all temporary files and the swap file? Otherwise it makes a CryptoAPI meaningless. There'll be a problem with PGPlib as well... what if people want to compile their own version? Assuming MS will even sign it... that will be a quagmire. It's likely that if strong crypto is not implemented in the MS API (or it is done so in an insecure fashion), hardly anyone will use it. > presumably Microsoft shouldn't be able to refuse to sign anything they're > asked. Why? Assuming there were no export restrictions... if it's signed by MS, people will take it to mean that MS is vouching for it. If they sign a library that does 'naughty things' or is an incredibly incompetant implementation of an algorithm, it could turn out to be bad PR for them. (Hm... they could use this as an excuse to read competitor's source code.) [..] > Couldn't somebody IMPORT a piece of encryption software, have it signed by > Microsoft, then take the XOR of the signed and unsigned software and export > it? (It's not a tool capable of encryption...) Under that logic, I could do the same to a PGP distribution. I doubt the state department would look at it that way, or a jury for that matter. If you want to risk a few years in Federal Prison, go ahead... though chances are crypto-apps seem to make it out of the country anyway... --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From deviant at pooh-corner.com Wed Jul 10 04:23:34 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 10 Jul 1996 19:23:34 +0800 Subject: MSoft crypto API's In-Reply-To: <199607100335.UAA01215@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 9 Jul 1996, jim bell wrote: > Date: Tue, 09 Jul 1996 20:34:11 -0800 > From: jim bell > To: George Kuzmowycz , cypherpunks at toad.com > Subject: Re: MSoft crypto API's > [stuff moved to /dev/null] > > Couldn't somebody IMPORT a piece of encryption software, have it signed by > Microsoft, then take the XOR of the signed and unsigned software and export > it? (It's not a tool capable of encryption...) > Hrmm.. at this point I am reminded of when mit.edu refused to allow my brother to ftp the non-international version of PGP... To make a long story short, he promptly received the exact same file from a .de server. > Or: Microsoft presumably has foreign branches, or at least it could easily > afford to set up one. What's to stop Microsoft from signing foreign > encryption software outside of the US? The software is never exported > (since it's already outside the country...), so there's no USA-law involv > ement. > Jim Bell > jimbell at pacifier.com > > Perhaps the real question is this... Can MS reliablt develop a working and secure encryption package that we should all trust in the first place? I doubt it, and I'll wager so does the NSA if you catch my drift... --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeNvDDAJap8fyDMVAQG0cAf+MXQEE3sFOoymJOhnTegox58TK5Tc+iZj xK3qWObTvFwOTPzs0n9dgI60EJfxjjVmwiEvDWZQaNzxgxyCXLS6FFwrV8WHC5vT /HxGnskCU3gNTpDh5S2nsJk0Huhmj5snE1ViETIgyN9i1dUKt/KCHM+TXDOQvyd0 V25NnDgzHG6dVcLE7ATAoa/1p2XobEFB/ZOgiInYVr+tEO8EzIY3eoKKoOJ92le0 JrirB3NfXGBfEoajp34azxBs6549EKCqLI5vjfzNoMRFHVqKpmSJZLVwMTIOJ4Ks HE123I5xXx3heQrdNtzeg/m8XRKOko6HYkBrwNjgoO1+qW23LU89CA== =pCQy -----END PGP SIGNATURE----- From deviant at pooh-corner.com Wed Jul 10 04:24:55 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 10 Jul 1996 19:24:55 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607100140.SAA15188@fionn.lbl.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 9 Jul 1996, Michael Helm wrote: > Date: Tue, 9 Jul 1996 18:40:30 PDT > From: Michael Helm > To: Mike Duvos > Cc: cypherpunks at toad.com > Subject: Re: [RANT] Giving Mind Control Drugs to Children > > On Jul 9, 12:02pm, Mike Duvos wrote: > > If we have safe and effective medications which increase > > alertness in the school and in the workplace, why shouldn't > > everyone be able to take them in small doses as the need arises? > > So? I hate to be flip, but is there a coffee shortage in your area? > > Stimulants don't have the same effect on everybody. "Normal" people > who take stimulants tend to act a lot like untreated hyperactives: > jittery, unfocussed, irritable. Your point about long term use > is well taken, many people find the positive effects wear down after > a while. Sometimes this is alrite, because in the meantime they > have been able to learn coping strategies they were unable to learn > before. Sometimes it is not alrite, because their problems are too > severe, & they need other treatment. > > hrmm.. I'm certified ADHD, and I drink more than LD50 Caffeine in cokes per day.... what does that make me? ;) --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeNruzAJap8fyDMVAQHAbgf/TJ5TDJrkke3sMd1ogYyS+WS2aremtmo4 LRJY7TxMIE4cIZ/SES3c0dy2qrkCj7dKUManULFA13JOOBqW8gxwWRom9w+4Ew5i VuAQHfw+21GVaYtqeMyppzVDgC5w2wTmXN39pzbdm0N+aa/bFb0+NpsFTUsXKSUq PHtQVXhTnhV/rRMRRAWg4K0ugzbYE+7sWc/RFayCh+Setu0CyVza2X8p71eXel56 dspdENs+RgRIrZZb9IjjMGzxtrXfk8cMTHaH1aCVJ9z7eTmzmj5KzIR3uIToGebU eO1nrRnwacNgiU4V4q5+Hp+ejMzUiFC4SKrkWf5JL/2CJ0S3FsvqDw== =7R8s -----END PGP SIGNATURE----- From tcmay at got.net Wed Jul 10 04:51:16 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 10 Jul 1996 19:51:16 +0800 Subject: The Nature of the Cypherpunks Community and List Message-ID: At 6:11 AM 7/10/96, Black Unicorn wrote: >I wasn't touting conspiracy theories, just making what I thought was an >amusing observation. > >My apologies to Mr. Duvos. I didn't at all mean to suggest he was in any >way responsible for this silliness, rather to point out the degree to >which the conversation has sunk into the sewer. Please, Unicorn, people here are talking about what interests them, as directly demonstrated by the generation of articles and followups. If they were _more_ interested in discussing the IETF, or SFS, or Triple DES, for example, they _would_. (And at times they do, of course. All things have their times, and threads ebb and flow.) And, Unicorn, I recall you yourself generating several *dozen* long rants regarding Jim Bell, just a few months ago... I suggest to all people who claim that the list has become "sewerpunks" that the best way to change the focus of the list is to write essays which generate responses (as you did, Unicorn, several days ago in your excellent "What remains to be done" piece). Leading by example, as opposed to "leading by kvetching." It happens that I like to write essays, more so than to just add simple one-line comments, and it happens that some of my essays have triggered a lot of messages (recently, for example, the "Net and Terrorism," and "Mind Control Drugs" threads were started by my articles). If people, on the whole, would rather discuss _other_ topics, then....then they _would_. A simple concept. Railing against the interests people have is rarely effective. And claiming, as some do, that the "purpose" of the list is to discuss primarily the latest advances in cryptology is mis-stating the nature of the list. While there is no point in debating formal charters, people discuss what they think is important. Natural corrective forces tend to stop the discussion from getting too far afield. I cannot imagine someone writing about UFOs getting much response, but that so many people have thoughts on the "Ritalin" issue (and the role of the government schools in supporting the doping of students) indicates it is within the envelope of topics Cypherpunks think important. Perry has several times threatened to form his own list, where "real cryptography" will be the only topic allowed. I urge him to follow his bliss. And other lists have had other foci, including the "Coderpunks" list, which *is* explicitly about cryptography only. (Is the Coderpunks list still active? I haven't heard anyone here mention it in a long time.) And sci.crypt, sci.crypt.research, and dozens of security- and PGP-related newsgroups are still flourishing. The Cypherpunks folks started meeting in the summer of 1992, and our focus was and remains on a wide spectrum of topics related to crypto-privacy, politics of cryptography, PGP, anonymous remailers, and a bunch of related themes. It *never* was a list devoted solely to pure cryptography; plenty of academic and professional forums already serve that market--IACR/Journal of Cryptology, Crypto, Eurocrypt, Asiacrypt, sci.crypt.*, various other mailing lists, etc. Our focus was always on the more "outre" aspects, the frontiers not often dealt with in the academic journals. (Not that we are better mathematicians, though many on this list are world-class, but because our political focus informs our choice of topics to pursue. That is, we were the first group to look seriously at anonymous remailers (in terms of implementing Chaum's ideas), the first to really fool around with digital cash in a real world environment outside the lab (MagicMoney), and we have explored black information markets, offshore data havens, and so on. I don't think any of the "academic" groups, distinguished as they are, have made the kinds of demonstrations we have in some areas. (Perry will probably disagree, calling us all a bunch of pikers and deadbeats, as he has in the past, and claiming that the only "good" Cypherpunks were Matt Blaze and Steve Bellovin, both of whom he claims were "driven off the list" by people like me. Well, people join and leave lists for all sorts of reasons. Regardless, our list is what it is. If Perry thinks we're such worthless leeches and incompetents, he should create a mailing list more to his liking. Seems fair to me.) It is hardly surprising, nor inappropriate, that we "stray" from core topics. After all, some topics are "worn out" at any given time. I don't think the 8th cycle of discussions about cracking DES or the 13th cycle of debates about NSA surveillance is any more useful than the discussions some object to (but, interestingly, some of the most vocal critics of threads being "off-topic" end up writing the greatest number of posts on that topic :-}). In any case, people can learn to use killfiles to filter out entire threads, or the posts of people they dislike reading. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Wed Jul 10 05:04:37 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 10 Jul 1996 20:04:37 +0800 Subject: Another bad idea Message-ID: <199607100922.FAA28054@unix.asb.com> On 9 Jul 96 at 18:26, E. ALLEN SMITH wrote: [..] > Like China, various other countries are trying to get the Internet's > benefits (such as technical information) without its other consequences > (extension of civil liberties into countries that want to deny them). One idea > that I've had for preventing such problems is to look for addresses from such > countries that are posting to technical newsgroups, to technical mailing lists, > or that are attempting to get access to web pages on technical subjects (which > access they will hopefully be denied, although an alternate possibility). Then > mail information to those addresses that those countries don't want getting > into their countries, such as on human rights abuses (or well-written > pornography...). One interesting (and somewhat cypherpunk) matter in this is Great idea. Get some (possibly) innocent techie in an oppressive country thrown in jail or executed. Or perhaps s/he gets offended, contributing to the notion that all Westerners are evil perverts out to corrupt them. [..] > An extension of this for web sites, which I understand as possible > but difficult, would be to swap anyone from such a country trying to get access > to a technical web site to instead receive "subversive" information or > pictures. (The pornography mentioned above would probably be more effective in > picture format; other pictures might include information on human rights > abuses). Damn aggrevating for that user, and it could get him/her in trouble. On a wide-scale it could provoke responses from those countries. Imagine this list being bombarded with propaganda, or perhaps somebody here looking at an anti-censorship web page getting pro-censorship messages from religious fundamentalists. Or it could encourage them to use special firewalls which filter content and disallow graphics... (probably many US-based companies would be all-too-happy to sell them the software to do it), or even close themselves off from the Internet altogether, perhaps form separate, unconnected Family/Islamic/Chinese-values networks. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From JR at ns.cnb.uam.es Wed Jul 10 05:39:34 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Wed, 10 Jul 1996 20:39:34 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960710120333.21003a36@ROCK.CNB.UAM.ES> >No. I am proposing that people who wish to voluntarily take a medicine >that they feel improves their condition be left the hell alone by >busybodies like you, Tim May, et al. > And I say I don't care what they do with their lifes as long as it doesn't affect mine. When someone smokes besides me and I have to breath the smoke, s/he's affecting my health. When someone takes antibiotics s/he doesn't need and selects resistant bacteria, that affects me. When someone forces me into doing something, that affects me. All I ask is a say when whatever they do may harm me. If that's being a busybody, I guess I am. Sorry if that upsets you. jr From JR at ns.cnb.uam.es Wed Jul 10 06:25:41 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Wed, 10 Jul 1996 21:25:41 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <960710122900.21003a36@ROCK.CNB.UAM.ES> "mike at fionn.lbl.gov" wrote: >have to be able to perform well enuf in school to get good recs >& good marks in subjects that interest them. They didn't make this >system, but they do have to adapt to it somewhat. > Maybe they would be better off fighting against a system that alienates them than contributing to support it? Seems to me that's shooting their own foot. Now, I don't say they should do that. I understand there are many motivations, personalities, pressures, etc... and thet it's perfectly natural that one prefers to integrate in the whole than to be an alienate. But then, why do we worry about crypto here? Why not adapt to the system that the powers-that-be are imposing? Why do we not give up at all and let others make the system? I'd say that some level of inconformism still remains, from which I congratule. Yes, they (we) didn't make this system. But they (we) are making tomorrow's (and this one too). I agree with Perry, it's each one's choice how to live his/her life, but we all are contributing to how every other will be able to live, and we shouldn't forget that. jr From bryce at digicash.com Wed Jul 10 07:26:58 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Wed, 10 Jul 1996 22:26:58 +0800 Subject: more about the usefulness of PGP In-Reply-To: <199607092115.QAA78592@rs6.tcs.tulane.edu> Message-ID: <199607101116.NAA17386@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Cool stuff, Matthew. You've gotta think about replay and delay attacks though. A good start is to include a time-stamp in the authenticated message (I'm not sure if PGP's built-in timestamp is authenticated. Anyone?), save the latest timestamp which you have authenticated, and reject messages unless they have an authenticated time-stamp later than that one. What fun! Keep me informed. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMeORJ0jbHy8sKZitAQF/zgL9EbVUojASbX/TAY6YrS6hzUYR+6sE7bHI x01b12Yt2mQzWq//t636ROO1hzM/in9Co5jWjRhN6pQSnjNVI+OQC8iGw1eZm2c/ /lZ/MCqN+T5UvGgzNc62HyAWBZ9fIm/9 =2MGB -----END PGP SIGNATURE----- From Clay.Olbon at dynetics.com Wed Jul 10 09:26:25 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Thu, 11 Jul 1996 00:26:25 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: First, a disclaimer: I think adults should be allowed to ingest whatever substances they desire, and parents should be allowed to raise their kids without undue interference from the government. Having said that, I think that the major issue with Ritalin is that parents are giving it to their children in significant percentages of the population. Since Ritalin is "medicine" and is prescribed by doctors, it is assumed to be safe. However, I would bet that many parents whose children are on daily doses of Ritalin would not think of drinking coffee or alcohol while pregnant or nursing. It is important to consider that any drug used over a period of time may have lasting (possibly negative) effects, and that these effects are multiplied when the drugs are taken by still-developing children. While it is crucial for an adult to be able to function and maintain a job, is it really as important for a kid to be able to sit still in school? Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Jul 10 09:30:36 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 11 Jul 1996 00:30:36 +0800 Subject: [Poster] Add Uncle Sam to Your Circle of Friends and Family In-Reply-To: Message-ID: <199607101231.IAA15085@pdj2-ra.F-REMOTE.CWRU.Edu> Michael Froomkin writes: : http://www.rsa.com/rsa/gallery/circle1.gif A most useful gif! Thanks. What is the copyright status? I can think of some good uses for it. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From frissell at panix.com Wed Jul 10 11:49:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Jul 1996 02:49:52 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <2.2.32.19960710134531.0082ca14@popserver.panix.com> At 08:13 AM 7/10/96 -0400, Clay Olbon II wrote: >First, a disclaimer: I think adults should be allowed to ingest whatever >substances they desire, and parents should be allowed to raise their kids >without undue interference from the government. > >Having said that, I think that the major issue with Ritalin is that parents >are giving it to their children in significant percentages of the >population. My real problem with the whole thing is that Ritalin is being prescribed by government employees in most cases. It thus constitutes behavior modification of the population by the government which is certainly a human rights violation. It is arguably a First Amendment violation for the government to chemically prevent you from expressing yourself in certain ways. They should not even be allowed to advocate such treatment. Obviously, I have no problem if private individuals acting alone or in consultation with other private individuals decide to tank themselves up to the gills (as long as they buy their own drogas) but government "suggestions" for B-Mod should be very troubling to most of the readers of this list. Like religion, if you are crazy enough to ask your government what mind-altering drugs you should take, the government should say -- "No Comment. That's up to you." Government does not exist for the benefit of the governed. Public school Ritalin prescriptions do not exist for the benefit of the prescribees. Once there was a 7-year-old girl. The schools of Charlotte, NC diagnosed her as suffering from minimal brain dysfunction (MBD) and prescribed Ritalin. Instead, her parents sent her to a non-government school in another country where they did not employ Ritalin. They substituted teaching in its place. Within a few years, she could decline Latin nouns and everything. DCF "First God was the most important thing in men's lives so naturally men killed each other for God. Then the State became the most important thing in men's lives so naturally men killed each other for the State. Finally, Health became the most important thing in men's lives so naturally men killed each other for Health." From perry at piermont.com Wed Jul 10 12:40:06 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 11 Jul 1996 03:40:06 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607101459.KAA16411@jekyll.piermont.com> "Clay Olbon II" writes: > While it is crucial for an adult to be able to function and maintain a job, > is it really as important for a kid to be able to sit still in school? If he or she is going to learn anything, it is important to be able to pay attention, yes. Perry From minow at apple.com Wed Jul 10 13:12:40 1996 From: minow at apple.com (Martin Minow) Date: Thu, 11 Jul 1996 04:12:40 +0800 Subject: Minitel "saved" by hackers? In-Reply-To: <1.5.4.32.19960710115147.002ccb8c@giasdl01.vsnl.net.in> Message-ID: Arun Mehta describes the "hijacking" of Minitel (where users changed a videotex system into two-way communication medium) as a "hacking" (in the computer breakin sense). I think it might be more accurate to call this a "redirection" -- the people using Minitel "manifest[ing] tastes often opposed to those foreseen by experts" A similar thing happened to ARPANET in the late 1970's, with superficially frivolous newsletters such as SF-LOVERS and, of course, the proliferation of personal correspondance. Perhaps this is just another example of the cypherpunks manifesto: "information wants to be free." Martin Minow minow at apple.com From tiemann at cygnus.com Wed Jul 10 13:14:45 1996 From: tiemann at cygnus.com (Michael Tiemann) Date: Thu, 11 Jul 1996 04:14:45 +0800 Subject: what's up with GROW? In-Reply-To: <96Jul10.113046edt.20484@janus.algorithmics.com> Message-ID: <199607101536.IAA19557@cygnus.com> To follow up further...we are very interested in deeply embedding network security in all software components we deliver as "enterprise solutions". This is the commercial analog (I believe) of what cypherpunks want in their personal space. Our approach right now is to view Kerberos as a solution to two problems (user authentication and key management), and to extend basic services such as web servers, web clients, etc., with Kerberos to build a coherent solution. We believe that Java has effectively solved one of the problems that GROW was intended to address: ubiquitous extensibility. While some may argue the finer points of just how powerful the Java model is compared to the scheme model, there is a market momentum that argues for a level of ubiquity that we could not have hoped to achieve through Scheme. That said, perhaps it would be worthwhile to compare notes on current Cygnus and Cyberpunks projects and approaches, to see if there are any good synergies to tap. Mark Eichin (our long-time V5 technical lead) will be visiting from our Boston office the week of 7/22 for the Usenix network security conference. Perhaps we could have a mini meeting of minds around that time. Mark is eichin at cygnus.com. Michael P.S. If the above sounds like more smoke than cyberpunks are accustomed to, let me know in private email, and I'll continue follow-ups among those who give me a positive response. From geeman at best.com Wed Jul 10 13:23:19 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 11 Jul 1996 04:23:19 +0800 Subject: FW: MSoft crypto API's Message-ID: <01BB6E3D.CE7D5000@geeman.vip.best.com> but they don't sign the drivers. they sign the CSP. only. drivers are (can be) shipped as totally separate pieces of code. ---------- From: Deranged Mutant[SMTP:WlkngOwl at unix.asb.com] Sent: Tuesday, July 09, 1996 10:06 PM To: geeman at best.com Subject: Re: FW: MSoft crypto API's On 9 Jul 96 at 21:37, geeman at best.com wrote: [..] > Excuse me, er, NW, how is MSFT going to sign hardware? heheheheh. They'll sign the drivers. (Instead of DES software it might be a driver that uses a DES card.) Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From warlord at MIT.EDU Wed Jul 10 13:40:30 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 11 Jul 1996 04:40:30 +0800 Subject: more about the usefulness of PGP In-Reply-To: <199607101116.NAA17386@digicash.com> Message-ID: <199607101544.LAA26047@toxicwaste.media.mit.edu> > authenticated message (I'm not sure if PGP's built-in timestamp > is authenticated. Anyone?), save the latest timestamp which you Yes, the timestamp in a PGP signature is authenticated. The hash is run over the signature data. -derek From asgaard at sos.sll.se Wed Jul 10 13:46:47 1996 From: asgaard at sos.sll.se (Asgaard) Date: Thu, 11 Jul 1996 04:46:47 +0800 Subject: Mind-Altering Drugs Message-ID: In the aftermath(?) of the Ritalin thread, let us remember the Two Commandments of the late (recently) Timothy Leary: (approximately) 1# Thou shalt not alter thy fellow man's conciousness with drugs against his will. 2# Thou shalt not prevent thy fellow man from altering his conciousness with drugs at his will. Thinking of T. Leary in memoriam I looked around for the present psychedelic scene. Alta Vista sent me to where 'everything' seems to connect ... Santa Cruz, Ca. http://island.org/ Asgaard From rpowell at algorithmics.com Wed Jul 10 13:47:35 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Thu, 11 Jul 1996 04:47:35 +0800 Subject: what's up with GROW? In-Reply-To: <96Jul10.112032edt.20485@janus.algorithmics.com> Message-ID: <96Jul10.113046edt.20484@janus.algorithmics.com> >>>>> In article <199607101517.IAA19065 at cygnus.com>, Michael Tiemann writes: > I didn't post there specifically, but John Gilmore may have done so a > while ago. What specific problem are the cyberpunks trying to solve > that GROW would facilitate? Sorry, I've just recieved so much complete incompetence with this issue that talking to someone who was on the ball took some adjusting. Hope I wasn't too rude. One of the main issue on cypherpunks right now (Black Unicorn did a sort of "white paper" on it recently, as in two days ago) is integrating cryptography with other apps, in particular WWW apps. It just seemed to me that if the kind of exstensibility which Emacs is famous for was going to be a part of GROW, which apparently was the attention, this would be a Good Thing for cryptography integration. I good point in this direction is that the most popular way of using PGP with email is emacs-based (i.e. more people sign their posts to cypherpunks using Mailcrypt, the emacs-PGP interface, then all other signers combined, so it must be pretty easy to use). I've used it, and it's incredibly slick. I had hopes the GROW to go as far as emacs but with more network awareness. Oh well. This has been crossposted to cypherpunks, BTW. -Robin PS: You may want to go through and terf ALL the grow pages, not just some of them. From jimbell at pacifier.com Wed Jul 10 13:49:46 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 11 Jul 1996 04:49:46 +0800 Subject: MSoft crypto API's Message-ID: <199607101545.IAA29371@mail.pacifier.com> At 04:51 AM 7/10/96 +0000, Deranged Mutant wrote: >On 9 Jul 96 at 20:34, jim bell wrote: >[..] >> Unexplained: What if the program Microsoft is asked to sign is not >> intended for export? Presumably, NSA has no authority, then, and thus > >They could insist on only signing exportable software, and in theory >use that as ITAR-relaxing leverage. > >Methinks it's a bad move to only have MS sign software... presumably >they won't outright refuse to sign competitors software. It would be >a conflict of interest for them not to... very usable as evidence >against MS in an anti-trust suit. Independent CA's would be better. Yes, that's the anti-trust vulnerability I mentioned. It is unclear if Microsoft could legitimately refuse to sign any software presented to it, regardless of its legal exportability. >IMO, it gives a false sense of sucurity to even require crypto apps >to be signed. A lot of folks would want a developer's kit (probably >cost $$$) to get around that requirement... nice loophole, BTW, for >those that can afford it. Or until somebody patches the code to >ignore bad signatures of lack of them and releases the patch. I'm sure that will happen! >> presumably Microsoft shouldn't be able to refuse to sign anything they're >> asked. > >Why? Assuming there were no export restrictions... if it's signed by >MS, people will take it to mean that MS is vouching for it. If they >sign a library that does 'naughty things' or is an incredibly >incompetant implementation of an algorithm, it could turn out to be >bad PR for them. (Hm... they could use this as an excuse to read >competitor's source code.) What MS would be signing for is the GENUINENESS of the software, not its effectiveness. Sorta analogous to key-signatures in PGP. Jim Bell jimbell at pacifier.com From dm at amsterdam.lcs.mit.edu Wed Jul 10 13:58:05 1996 From: dm at amsterdam.lcs.mit.edu (David Mazieres) Date: Thu, 11 Jul 1996 04:58:05 +0800 Subject: MSoft crypto API's In-Reply-To: <199607092319.QAA00934@dfw-ix2.ix.netcom.com> Message-ID: <199607101610.MAA16287@extreme-discipline.lcs.mit.edu> What I don't underastand about this arangement is how other people are supposed to develop crypto software under capi. I mean, how is it possible to develop a software package if you need to go get it signed by microsoft every time you want to test it? Or do US customers get versions of the OS that will crypto code without verifying the signature? Somehow I doubt that, though, because then the NSA wouldn't be getting as much out of the deal. David From jya at pipeline.com Wed Jul 10 13:59:41 1996 From: jya at pipeline.com (John Young) Date: Thu, 11 Jul 1996 04:59:41 +0800 Subject: NIST on PKI Message-ID: <199607101524.PAA10562@pipe1.t2.usa.pipeline.com> Business Wire, 9 July 1996: Note To Editors: For more information on the NIST initiative, please refer to the NIST press release: "NIST, Industry Partners to Develop Specifications for Public Key Infrastructure," July 9, 1996. ---------- Certicom to Partner with NIST to Develop Specifications for a Public Key Infrastructure; Certicom signs agreement with NIST to contribute cryptographic expertise Toronto -- Certicom Corp. a leading information security company, today announced that it will participate in an initiative by the U.S. Commerce Department's National Institute of Standards and Technology (NIST) which will lead to the development of the elements of a public key infrastructure (PKI). A PKI will enable individuals and organizations who have never met to electronically send and receive documents which have been digitally signed. NIST announced today that it is partnering with several companies who bring specialized experience in providing products or services related to PKI components. "Certicom is excited about the establishment of this PKI project. It represents a proactive initiative by the Commerce Department to develop standards based on existing technology and commercial and government requirements by soliciting the active participation of key industry players," said Skip Hirsh, Director of U.S. Government Marketing for Certicom. "The strong leadership position taken by NIST will accelerate the deployment of practical public key infrastructures essential for the secure exchange of electronic data." "Certicom will contribute significant cryptographic experience to the partnership, particularly with the Elliptic Curve Cryptosystem (ECC) which is the most efficient public key technology available," commented Gary Hughes, president and CEO of Certicom. "ECC is a critical, enabling technology for this NIST project because of its efficiency in the high volume applications that are common in PKIs." ... Other partners that NIST has signed cooperative research and development agreements (CRADAs) with include: AT&T Government Markets, BBN Corp., Cylink Corp., DynCorp Information & Technology Inc., Information Resource Engineering Inc., Motorola, Northern Telecom Ltd. (Nortel), SPYRUS, Inc. and VeriSign, Inc. The goal of the partnership is to develop a minimum interoperability specification for the technical components of a PKI. The results will be shared with participating companies, the appropriate standards-making bodies, federal government agencies and industry organizations that are working on aspects of PKI development. A public key infrastructure relies on public key cryptography in which each user has a key pair consisting of a public and private key. The public key must be digitally signed by a central authority to ensure its authenticity. Digital signatures are cryptographic techniques which are used for data integrity, authentication and nonrepudiation. The process of digitally signing public keys is known as certification and is the main purpose of a public key infrastructure. Certicom expects to demonstrate the benefits ECC provides to large-scale PKIs in which numerous users are signing and verifying documents. Elliptic Curve Cryptosystems have the highest strength per bit of any known public key system, minimizing the requirement for large key sizes. Cryptographic processes based on ECC provide efficient computation techniques which reduce communications and computation time, thereby substantially reducing costs. Certicom is a developer of information security products and technologies and is the leader in Elliptic Curve Cryptosystems, the world's most efficient public key technology. The company specializes in applications where the combination of cryptographic strength and high efficiency are critical. Certicom's primary markets are in wireless, smart cards, banking and electronic commerce over the Internet. Visit Certicom's home page at www.certicom.ca. ----- From geeman at best.com Wed Jul 10 14:12:42 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 11 Jul 1996 05:12:42 +0800 Subject: MSoft crypto API's Message-ID: <01BB6E3D.CC74FCE0@geeman.vip.best.com> ok, last time: the deal was that Microsoft got the permission to ship a generalized API if the crypto-engines are signed to prevent code that conforms to export restrictions from being tampered with after the fact: hence the signing. This prevents code that is conformant from being patched, e.g. to turn a 40-bit key parameter into a usable one. Now I suppose it could be that there is a back-door deal that MSFT will provide to NSA info regarding the originators of the engines, but let's have some evidence of it before yet another conspiracy rant, OK? ---------- From: Black Unicorn[SMTP:unicorn at schloss.li] Sent: Tuesday, July 09, 1996 8:27 PM To: George Kuzmowycz Cc: cypherpunks at toad.com Subject: Re: MSoft crypto API's On Tue, 9 Jul 1996, George Kuzmowycz wrote: [...] > " Microsoft's Crypto APIs will be available to third-party vendors > writing applications with embedded security. But the hardware or > software Crypto-engines for these applications will need to be > digitally signed by Microsoft before they will work with the APIs. > Under an unusual arrangement with the NSA, Microsoft will act as a > front man for the powerful U.S. spy agency, checking on whether the > vendors' products comply with U.S. export rules." > > I was a bit surprised not to see any discussion of this here. Is it > just old news? Or maybe people here don't read Network World? [...] > An MS/NSA alliance? > > -gk- This is a very deft and sly move, if it was indeed planned, by the NSA. Clearly they have got the message. Political efforts to curtail crypto are doomed to failure. Economic strangulation is the way to go. Well here you are folks, months of bitching about how stupid the NSA must be has paid off. Not only is this clever, its insidious. 1. It's too difficult for Joe Sixpack to understand. 2. It preys on the market leader already, rather than attempting to bootstrap (as with clipper). 3. It uses as its implementation a private, rather than a public entity. Now this strikes me as something truely frightening. The NSA has become an intelligence agency which is effectively working in concert with private interests to conduct internal security operations by proxy. From mike at fionn.lbl.gov Wed Jul 10 14:15:03 1996 From: mike at fionn.lbl.gov (Michael Helm) Date: Thu, 11 Jul 1996 05:15:03 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607101612.JAA19500@fionn.lbl.gov> On Jul 10, 12:29pm, JR at ns.cnb.uam.es wrote: > Maybe they would be better off fighting against a system that > alienates them than contributing to support it? Seems to me that's > shooting their own foot. Maybe, but consider that they are unable to focus properly on any activity. Revolution requires long term focus & unusually good organizational skills, both are weak in add types. On Jul 10, 8:13am, "Clay Olbon II" wrote: > or alcohol while pregnant or nursing. It is important to consider that any > drug used over a period of time may have lasting (possibly negative) > effects, and that these effects are multiplied when the drugs are taken by > still-developing children. It's a serious question, no doubt about it. > While it is crucial for an adult to be able to function and maintain a job, > is it really as important for a kid to be able to sit still in school? Well, for the add child, they don't get a proper education by any measure, no matter what their symptoms are, without some kind of treatment. This does not necessarily include drugs, of course, but some appear to benefit from it. For the class, a hyperactive student -- ONE -- is more than sufficient to bring the house down & make it impossible for the rest of the class to learn anything much of the time. As a taxpayer or parent with children in such a classroom you may find this a matter of some concern. On Jul 10, 8:37am, The Deviant wrote: > hrmm.. I'm certified ADHD, and I drink more than LD50 Caffeine in cokes > per day.... what does that make me? ;) Probably a good candidate for this year's tooth decay poster child %^) From jimbell at pacifier.com Wed Jul 10 14:18:12 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 11 Jul 1996 05:18:12 +0800 Subject: MSoft crypto API's Message-ID: <199607101615.JAA01186@mail.pacifier.com> At this point, someone will probably claim that the export of a mere signature (or the XOR between a sig'd and a non-sig'd file) is, itself, prohibited from export under ITAR. However, I've pointed out in the past that even if that export is illegal, it could be done by an unknown "volunteer", possibly using means as innocuous as a paper envelope (with no return address?) mailed to a confederate outside the US. Later, it could be mailed back to the (foreign) company who wanted it in the first place. The foreign company would, of course, NOT be guilty of any export violation, because it had no part in the export, and it would just be a beneficiary of some (guilty) anonymous prankster's action. This tactic would not benefit a domestic, US manufacturer of crypto software, because it still would have to export thousands or even million of copies of that software. Also, another question occurred to me, today: Let's suppose a piece of software was written which is designed to run on a Microsoft API, IF SIGNED. If it isn't signed, it won't do anything. Does that mean that it's legal to export, since it can't actually do any encryption? If so, we may have the last laugh yet. At 11:45 PM 7/9/96 -0700, Mike Ingle wrote: >It's even easier than that. Remember, signatures are detachable from the >data. You import the software, MS signs it, you export the signature, and >reattach it to the software. > > Mike > >> Couldn't somebody IMPORT a piece of encryption software, have it signed by >> Microsoft, then take the XOR of the signed and unsigned software and export >> it? (It's not a tool capable of encryption...) >> >> Or: Microsoft presumably has foreign branches, or at least it could easily >> afford to set up one. What's to stop Microsoft from signing foreign >> encryption software outside of the US? The software is never exported >> (since it's already outside the country...), so there's no USA-law involv >> ement. >> Jim Bell >> jimbell at pacifier.com >> > > > > Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Wed Jul 10 14:44:12 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 11 Jul 1996 05:44:12 +0800 Subject: MSoft crypto API's Message-ID: <199607101639.JAA02677@mail.pacifier.com> At 01:04 PM 7/10/96 +0800, Enzo Michelangeli wrote: >> >> " Microsoft's Crypto APIs will be available to third-party vendors >> writing applications with embedded security. But the hardware or >> software Crypto-engines for these applications will need to be >> digitally signed by Microsoft before they will work with the APIs. >> Under an unusual arrangement with the NSA, Microsoft will act as a >> front man for the powerful U.S. spy agency, checking on whether the >> vendors' products comply with U.S. export rules." >More details are available from MS' web pages at: >http://www.microsoft.com/win32dev/apiext/capi4.htm >and: >http://www.microsoft.com/intdev/security/cryptapi.htm > >I understand that NSA may have accepted the arrangement because only >signed CSP's will be loaded under the CAPI, and MS will only sign them in >Redmond. So, strong CSP modules developed outside the US will not be useable >there because, once gone to Redmond, won't be re-exportable. However, see my commentary to Mike Ingle. If it's a foreign manufacturer we're talking about, then even though the export of the signed package might arguably be illegal, ONLY ONE copy of it needs to be exported, possibly by some anonymous person who has nothing to do with either company. The export will be illegal, but once exported any recipients would presumably be able to do anything they want with the program. >The interesting part is that the basic, but crippled, CSP (PROV_RSA_FULL) >will be supplied for free by MS: So they DIDN'T want their pieces of silver, huh? Jim Bell jimbell at pacifier.com From wb8foz at nrk.com Wed Jul 10 15:53:31 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 11 Jul 1996 06:53:31 +0800 Subject: [Poster] Add Uncle Sam to Your Circle of Friends and Family Message-ID: <199607101748.NAA02968@nrk.com> Michael Froomkin writes: : http://www.rsa.com/rsa/gallery/circle1.gif See the REST of that directory, also....... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From tcmay at got.net Wed Jul 10 16:32:38 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 11 Jul 1996 07:32:38 +0800 Subject: Mind-Altering Drugs Message-ID: At 3:48 PM 7/10/96, Asgaard wrote: >Thinking of T. Leary in memoriam I looked around for the >present psychedelic scene. Alta Vista sent me to where >'everything' seems to connect ... Santa Cruz, Ca. Guess where I live? Leary came to a Cypherpunks party, a little over a year ago, at the home of Doug Barnes. He was pretty frail-looking. I talked a bit to him, mostly about "Gravity's Rainbow." (Whose author lived anonymously near Santa Cruz, just over a ridge from me, for almost 10 years.) --Tim Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gary at systemics.com Wed Jul 10 16:35:56 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 11 Jul 1996 07:35:56 +0800 Subject: [ANNOUNCE] - PGP library for Perl Message-ID: <199607101852.UAA20882@internal-mail.systemics.com> PGP LIBRARY FOR PERL _________________________________________________________________ DESCRIPTION This library contains a suite of PGP modules for Perl. Many of the modules require the Systemics Cryptix 1.1 library. Although the library is quite usable, it is still a long way from being complete, and the interface subject to change. FEATURES This library contains the modules to do the following: * PGP ascii armouring * PGP conventional encryption * PGP public key encryption/decryption * PGP key generation, including vanity keys! Note - the current version cannot handle compressed data packets, does not handle signatures, and the key management is quite poor. The library can be downloaded from http://www.systemics.com/software/ Enjoy! From sfuze at sunspot.tiac.net Wed Jul 10 16:43:06 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Thu, 11 Jul 1996 07:43:06 +0800 Subject: July Freedom Forum Meeting In-Reply-To: Message-ID: Or for that matter, did anyone hear that New Jersey, beginning in 1997, will fully have implemented a drivers license which encloses a computer chip intended to contain medical, legal, etc. backgrounds "and eventually" will be used to contain cash transactions, bus passes, etc. For the 10% who know of it, let me know more. For the rest of the list: it's true. From frantz at netcom.com Wed Jul 10 16:57:45 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 11 Jul 1996 07:57:45 +0800 Subject: Contracts, Responsibilities, and Drug-Dispensing Message-ID: <199607101848.LAA28008@netcom7.netcom.com> At 5:33 PM 7/9/96 -0700, Wei Dai wrote: >On Tue, 9 Jul 1996, Bill Frantz wrote: > >> ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)? > >Interesting threat model... What can one do in the total absense of >physical security? We've talked about mental cryptography before, but I >think we agreed that it isn't very practical. Perhaps security through >obscurity is a better solution here, since many parents are less computer >literate than their children. Steganography still seems to be useful. However, I don't think total absence of physical security will last for long. Soon school children will be carrying their own portables, the way they now carry calculators. They will have private time alone with the hardware the same way their parents will. Parents and children divided into "armed camps" has always been a lousy way to run a family. Computers are just a new battle ground for families that chose to run that way. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From deviant at pooh-corner.com Wed Jul 10 17:24:05 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 11 Jul 1996 08:24:05 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607101612.JAA19500@fionn.lbl.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 10 Jul 1996, Michael Helm wrote: > Date: Wed, 10 Jul 1996 09:12:08 PDT > From: Michael Helm > To: The Deviant , cypherpunks at toad.com, > JR at ns.cnb.uam.es, Clay Olbon II > Subject: Re: [RANT] Giving Mind Control Drugs to Children > [stuff rm'd] > > Well, for the add child, they don't get a proper education by any > measure, no matter what their symptoms are, without some kind of > treatment. This does not necessarily include drugs, of course, but > some appear to benefit from it. For the class, a hyperactive student > -- ONE -- is more than sufficient to bring the house down & make it > impossible for the rest of the class to learn anything much of the > time. As a taxpayer or parent with children in such a classroom > you may find this a matter of some concern. > hrmm.. While what you say is SOMETIMES true, it usually is not. For instance, my older brother and I took American History in school the same year. I took it at a school for people with learning disabilites, he took it in a perfectly normal public school. EVERYBODY in my class had ADHD. EVERYBODY. He was the only person in his class who was afflicted with this. His teacher noted that he was one of the least trouble making students. My class got through the material, his class did not. See my point? BTW, in case it makes any difference, he was on ritalin (spelling? I dunno, neither of us can spell ;) at the time, and I was not, although most of the people in my class were. > > On Jul 10, 8:37am, The Deviant wrote: > > hrmm.. I'm certified ADHD, and I drink more than LD50 Caffeine in cokes > > per day.... what does that make me? ;) > > Probably a good candidate for this year's tooth decay poster child %^) > Hrmmm... doubtful... I've actually never had a cavaty... maybe the gengavitis poster child, but... --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeP/TzAJap8fyDMVAQFfTQf8D0INraQLhKxLQNdiNMr5l91Xwf/NBhj0 Zz6262NtVgSoimS5gnhz60QtL2Klqwe+3BzKx1omjT/19DBMP7wY9tqcqc6A4EZz A5/IYBxRJSDoC9g1ANCGK2TlXS5tEHKg1QQG5fBUOl/+8uDMq+dXLHnjqYwtLFuJ Cg2K4f1D9InIsfsnSkjHUKDj+saaOvR/Gfj/Pdg6veg3R0Vku9oqgxMbJs5Uq0rm uXjf8Eu4hzuVr2MZtHJC/ngPQoUnKnmgl7cVdMlvFK1D+q0rqrR32cLLIfjdXuu0 +VeRA1KFhGDSE612AzvomsIsxRJXWkkiRIGqdJxndLfiyYlBVqZYLw== =Hdq2 -----END PGP SIGNATURE----- From stig at hackvan.com Wed Jul 10 17:26:19 1996 From: stig at hackvan.com (Stig) Date: Thu, 11 Jul 1996 08:26:19 +0800 Subject: DES & IDEA built right into the Linux kernel... Message-ID: Nicholas Leon has created tools that allow DES and IDEA encryption at the device level for the Linux kernel. Some of the patches are in the 2.0.4 kernel, and the rest can be found at http://www.binary9.net/nicholas/linuxkernel/patches/ Stig From Alvaro_Ibanez at idg.encomix.com Wed Jul 10 18:09:22 1996 From: Alvaro_Ibanez at idg.encomix.com (Alvaro Iba–ez) Date: Thu, 11 Jul 1996 09:09:22 +0800 Subject: Spanish Crypto Resources Web Message-ID: <001032BE.fc@idg.encomix.com> Cpunks' There is a new Spanish Crypto Resources Web page [it�s enterely in Spanish] on the World Wide Web... This page contains information about crypto in Spain, specially links and info on spanish companies, magazines, associations, events... and also some info on security, privacy, hackers & crackers. Quite new right now, I hope it will be updated soon with info and support from other spanish-speaking crypto-fans. You will find some global links and references too. Please, distribute this URL and info freely. Alvaro Ibanez -- Author, Writer and... well ;-) amateur crypto-fan -- Madrid / Spain -- e-mail: <100021.1617 at compuserve.com> -- homepage: [Spanish] From vince at offshore.com.ai Wed Jul 10 18:28:52 1996 From: vince at offshore.com.ai (Vincent Cate) Date: Thu, 11 Jul 1996 09:28:52 +0800 Subject: Offshore is back in Old Ta Message-ID: They restored power to our usual address, "Old Ta", and we have now moved back there. So power was only out for 2 days. Angalec is doing a great job of restoring power. Thanks again to Cable and Wireless for letting me setup there till power was back here. -- Vince Cate Offshore Information Services http://online.offshore.com.ai/ From perry at piermont.com Wed Jul 10 18:32:52 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 11 Jul 1996 09:32:52 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <960710120333.21003a36@ROCK.CNB.UAM.ES> Message-ID: <199607102103.RAA16916@jekyll.piermont.com> JR at ns.cnb.uam.es writes: > >No. I am proposing that people who wish to voluntarily take a medicine > >that they feel improves their condition be left the hell alone by > >busybodies like you, Tim May, et al. > And I say I don't care what they do with their lifes as long as > it doesn't affect mine. When someone smokes besides me and I have to breath > the smoke, s/he's affecting my health. When someone takes antibiotics s/he > doesn't need and selects resistant bacteria, that affects me. Please inform me precisely how someone taking Ritalin impacts you. Perry From markm at voicenet.com Wed Jul 10 18:35:55 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 11 Jul 1996 09:35:55 +0800 Subject: Advances in Quantum crypto In-Reply-To: <199607100137.BAA24375@pipe5.t1.usa.pipeline.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 10 Jul 1996, John Young wrote: > On Jul 09, 1996 20:30:11, '"Mark M." ' wrote: > > >On Tue, 9 Jul 1996, Derek Bell wrote: > > > >> I see some Australian researchers have made an advance in quantum > >> crypto. > > > >What kinds of advances? Last I heard, British Telecom was using quantum > >crypto on 10 kilometer fiber optic cables. > > > Yes, Derek and Mark, provide more detail, maybe source citations, on both > these references, if you have them handy. I got the info w.r.t. British Telecom from Applied Cryptography. There is some interesting information on Quantum Crypto at BT Labs' page (http://www.labs.bt.com/search.htm). Run a search on "quantum cryptography". - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeQYr7Zc+sv5siulAQFi+wQAiRvKgIaUb2LpU/tOrKFLlEW++q96Qb8p UfExXBKk9XVvZb0Sl4TJwn37TMTFtgi+eAsEq7kazKq6eeqm1A9pna3d1tR8Gku7 WEIQTnisQTVrI6zfB4+2hGSd/av+yxwpBS8rdNYZGSWStdIWyxHpCdWxTw4nyJd7 FbQ8a5+YMeU= =pVio -----END PGP SIGNATURE----- From amehta at giasdl01.vsnl.net.in Wed Jul 10 18:36:06 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 11 Jul 1996 09:36:06 +0800 Subject: Minitel "saved" by hackers? Message-ID: <1.5.4.32.19960711023104.002d60f8@giasdl01.vsnl.net.in> At 08:10 10/07/96 -0700, Martin Minow wrote: >Arun Mehta describes the "hijacking" of Minitel (where users changed >a videotex system into two-way communication medium) as a "hacking" >(in the computer breakin sense). > >I think it might be more accurate to call this a "redirection" -- the >people using Minitel "manifest[ing] tastes often opposed to those foreseen >by experts" True, but as I understand it, there was also a hacking involved: they took the original software, modified it (what I would also call hacking) and made it freely available: that is what made the messageries possible. If I'm using the technical terminology wrong, thanks for the correction. I'd love to find out exactly what happened. >Perhaps this is just another example of the cypherpunks manifesto: >"information wants to be free." More than that, we do! Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://mahavir.doe.ernet.in/~pinaward/arun.htm The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From unicorn at schloss.li Wed Jul 10 18:39:41 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 11 Jul 1996 09:39:41 +0800 Subject: The Nature of the Cypherpunks Community and List In-Reply-To: Message-ID: On Wed, 10 Jul 1996, Timothy C. May wrote: > At 6:11 AM 7/10/96, Black Unicorn wrote: > > >I wasn't touting conspiracy theories, just making what I thought was an > >amusing observation. > > > >My apologies to Mr. Duvos. I didn't at all mean to suggest he was in any > >way responsible for this silliness, rather to point out the degree to > >which the conversation has sunk into the sewer. > > Please, Unicorn, people here are talking about what interests them, as > directly demonstrated by the generation of articles and followups. If they > were _more_ interested in discussing the IETF, or SFS, or Triple DES, for > example, they _would_. (And at times they do, of course. All things have > their times, and threads ebb and flow.) Point taken. > And, Unicorn, I recall you yourself generating several *dozen* long rants > regarding Jim Bell, just a few months ago... Touche. > I suggest to all people who claim that the list has become "sewerpunks" > that the best way to change the focus of the list is to write essays which > generate responses (as you did, Unicorn, several days ago in your excellent > "What remains to be done" piece). Leading by example, as opposed to > "leading by kvetching." I stand corrected, and agree. [...] > --Tim May -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From rah at shipwright.com Wed Jul 10 19:04:06 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 11 Jul 1996 10:04:06 +0800 Subject: Mind-Altering Drugs In-Reply-To: Message-ID: At 2:24 PM -0400 7/10/96, Timothy C. May wrote: > Leary came to a Cypherpunks party, a little over a year ago, at the home of > Doug Barnes. He was pretty frail-looking. My favorite Leary quote: "Adulthood is terminal." Mildly appropriate, given his death from prostate cancer(?). When I was in college at Mizzou, he came to speak. I went up to him for an autograph, and the only thing I could find for him to sign was my "Introduction to Aristotle" book. We had a laugh about that. I'd read about Gerry O'Neill before I saw Leary, but him showing slides of the inside of Bernal colonies got the, er, ball, rolling as far as my fascination with space development stuff is concerned. Glad to know he was still as focused on the crackpot fringe :-) in his later years as he was in midlife. Long may you wave, Dr. Leary... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From alano at teleport.com Wed Jul 10 19:16:55 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 11 Jul 1996 10:16:55 +0800 Subject: Encryption tools at www.windows95.com Message-ID: <2.2.32.19960710221817.00e08400@mail.teleport.com> www.windows95.com now has a section for Encryption tools! Check it out at: http://www.windows95.com/apps/encrypt.html Some snameoil here, but they have the latest edition of s-tools, as well as a number of PGP front ends listed. --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From erleg at sdinter.net Wed Jul 10 19:22:33 1996 From: erleg at sdinter.net (Erle Greer) Date: Thu, 11 Jul 1996 10:22:33 +0800 Subject: Word lists for passphrases > Apologies Message-ID: <2.2.32.19960710220552.006aa224@pop3.sdinter.net> My apologies if you thought that I was pinpointing you, Mark, as an individual. You actually did a good job of proving to Ben that his example words were useless in his argument. One should gather actual data before making statements. God knows everyone else will evaluate data ten-times more than the poster will. I was merely trying to state that negative comments (that have no direction or obvious support of the conversation) are not in the interest of the entire group. At most, they should be considered private and voiced via email. From WlkngOwl at unix.asb.com Wed Jul 10 19:26:53 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 11 Jul 1996 10:26:53 +0800 Subject: July Freedom Forum Meeting Message-ID: <199607102217.SAA10666@unix.asb.com> On 10 Jul 96 at 7:06, The Deviant wrote: [..] > this SHOULD never happen, for the same reason that money cards (the one's > with the chip embedded in the plastic) should never happen. [..] > ok, say I DID get a money card... here's the process that makes the > encryption, and/or any other security, useless. > > 1) get a bank loan, and transfer the $$ onto the card.. lets say > $100,000... > > 2) copy the chip. Number (2) is not so easy with smartcard tech. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From deviant at pooh-corner.com Wed Jul 10 19:34:11 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 11 Jul 1996 10:34:11 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607101459.KAA16411@jekyll.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 10 Jul 1996, Perry E. Metzger wrote: > Date: Wed, 10 Jul 1996 10:59:58 -0400 > From: "Perry E. Metzger" > To: Clay Olbon II > Cc: cypherpunks at toad.com > Subject: Re: [RANT] Giving Mind Control Drugs to Children > > > "Clay Olbon II" writes: > > While it is crucial for an adult to be able to function and maintain a job, > > is it really as important for a kid to be able to sit still in school? > > If he or she is going to learn anything, it is important to be able to > pay attention, yes. > > Perry > Thats a non-answer. Paying attention and sitting still are two different things. I can't sit still, but I can pay attention (well, in some classes) --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeQsmjAJap8fyDMVAQGreQf8DWOrX4stJXPheWqnnmXIx7eCGiRdwxhS YlOfy1pfakHeKJHdpGZGvsT4ojrXBMMqxeltisAYF1XukJDDwF6681T6/ekL46yd rZe8qzgIsBUbuIJdt1Lw5cbRYK772WHPu8LnZX0T+1Gg+vZ+Bu/TGRRZ+nATpuwH z1uiBH1q8znhD0NFQ/M6i+5gTBZx0Obil2ri6jaP2UAhcetauj6Vv3tvX1Ii6klf EubP8/NqgaZ4Atn1M9mrVODpjlqua3+t1FCy1dxSV+V33cGDZ6glAW3aM6N890ED IPY4rvvgJryjfsYpN92t76KPpQnieVenu4z+di108EqdGABhNGv5eA== =GGWS -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Wed Jul 10 20:56:27 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 11 Jul 1996 11:56:27 +0800 Subject: FW: MSoft crypto API's Message-ID: <199607102218.SAA10675@unix.asb.com> On 10 Jul 96 at 8:56, geeman at best.com wrote: > but they don't sign the drivers. they sign the CSP. only. drivers are (can be) shipped as totally separate pieces of code. You missed my point. The crypto-service program they sign might be a DES library. One implementation would be entirely in software; another would be a front-end interface with hardware (essentially a driver), perhaps as part of the kernel [Admittedly I'll have to re-read MS's specs]. So say you're a manufactuer or DES hardware... you sure would like to get that covetted 'Win95' logo on your package if you want to go mainstream. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Wed Jul 10 21:18:20 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 11 Jul 1996 12:18:20 +0800 Subject: MSoft crypto API's Message-ID: <199607110029.UAA14178@unix.asb.com> On 10 Jul 96 at 12:10, David Mazieres wrote: > What I don't underastand about this arangement is how other people are > supposed to develop crypto software under capi. I mean, how is it > possible to develop a software package if you need to go get it signed > by microsoft every time you want to test it? There would be a development kit or version of the OS for developers that doesn't require signatures. Problems are that forgeign developers will want this, and they'll cry foul if they can't get ahold of it. Another problem is that it might be bootlegged or pirated if enough people do not trust the system, or if adequate software if not available. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From mpd at netcom.com Wed Jul 10 21:19:18 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 11 Jul 1996 12:19:18 +0800 Subject: rsync and md4 In-Reply-To: <199607011419.KAA20986@jekyll.piermont.com> Message-ID: <199607110013.RAA07968@netcom17.netcom.com> "Perry E. Metzger" writes: > From cypherpunks-errors at toad.com Wed Jul 10 14:43:28 1996 > Subject: Re: rsync and md4 > Date: Mon, 01 Jul 1996 10:19:27 -0400 I think I've seen this message before. Perry must be in reruns for the summer. Stay tuned for more of "The Best of Perry." :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From snow at smoke.suba.com Wed Jul 10 23:23:12 1996 From: snow at smoke.suba.com (snow) Date: Thu, 11 Jul 1996 14:23:12 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090419.AAA11279@jekyll.piermont.com> Message-ID: On Tue, 9 Jul 1996, Perry E. Metzger wrote: > > Has it occurred to you that many of the children in question are happy > being medicated, as are many adults? In any case, who are you to tell > other people what's good for them? This might be a little out of context, but: I'd be willing to bet that about 75% of the people on this planet would be happy being meidicated, and at least 50% get that way on a regular basis. The real question is, is it a good idea to teach kids that drugs are the best answer to a problem? Again and again I will state that I do believe that ADD is a problem, but I'd bet that at least half the time you are medicating the kids because the parents have the problem. Petro, Christopher C. petro at suba.com snow at crash.suba.com From snow at smoke.suba.com Thu Jul 11 00:02:39 1996 From: snow at smoke.suba.com (snow) Date: Thu, 11 Jul 1996 15:02:39 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: On Mon, 8 Jul 1996, Mark M. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > OK, so I lied. However, I can fit some crypto relevance into this. > > On Mon, 8 Jul 1996, Arun Mehta wrote: > > > Ritalin is a lifesaver for a small % of children who suffer from a condition > > Key word here. ||||||| > > > Ritalin... mother was furious. > > > Some of the kids who use foul language (a very small %) have Tourette's > > > disease, and also need medicine (a different one)... by and large the > As long as we're talking about "key words", the "very small %" is very small > indeed. In the next paragraph you say "most kids" which is not at all > contradictory to "a very small %". I may have my facts mixed up, but > Tourette's disease is an illness where one tends to say things that one was > thinking but not meaning. Tourettes was brought up to explain one small boys behavior towards his mother. He would (IIRC) call her a "fucking asshole", yet he didn't seem to have these sorts of problems around his father. True tourettes is not an emotional problem, it is _very_ rare, and the person with tourettes does not curse at only one person. Undisiplined brats do have emotional problems. Parents who are under the ignorant mis-apprehension that children do not need disipline are the cause of more than a few of this societies problems. > > > > Bullshit. Most kids (these days) who use profanity are simply > > undisiplined louts. Yes, I use profanity today, at 28. However, I would > > NEVER have called my mother a "Fucking Asshole" under ANY circumstances, > > My father would have torn my head off. In fact if my father had caught me > > speaking like that to ANYONE at 8 years of age, I would have had trouble > > sitting for a couple days at least. > > > > Of course my parents made sure not to talk like that around me. > > You are forgetting that this is a _disease_. That means that someone cannot > be cured of it by discipline or common sense. It's no different from diabetes > or any other disease. It is a disease becasuse the people who get paid to diagnois and treat it call it a disease? Is it a crime because a cop thinks it is a crime? I will admit to the possibility of ADD being a "disease", but I think that the number of children who really have the disease is small compared to the number of childern recieving drugs for it. 15 years ago I would have been diagnoised as having ADD. I had trouble paying attention in class, I spent a lot of time looking out the window. I was a mild behavior problem. I didn't have ADD. I was simply bored by a system that either taught me stuff that was irrelevant (I thought so 15 years ago, and feel so today), that taught so badly as to seem irrelevant (like algebra & higher math) (notice SEEM, I feel much different now), or taught stuff that was simply wrong (I don't remember examples now, but I remember calling teachers on wrong info back in HS, and getting in trouble for it). > > > > > politically correct thing is sometimes to label a kid as sick rather than > > > bad or spoiled, this is probably why drugs are over-used. But we can't > > > throw the baby out with the bathwater! > > > > On the other hand, if only 20% of the children that are being drugged > > need it, that means that we are sacrificing 80% of these children to save > > 20%. > > That wasn't the point. The point is instead of dopping every kid that doesn't > pay attention in school up with Ritalin, kids should instead be diagnosed as > having ADD before receiving Ritalin treatment. It can be helpful for the kids > who actually have ADD. > Ok, so instead of arresting everyone who uses PGP as a child pornographer and throwing them in jail, we should arrest them, convict them (after all, they must be hiding something with that crypto) and then throw them in jail. Is that what you are saying? Hoz-a-bout we GIVE THE KIDS SOMETHING TO BE INTERESTED IN HUH? NO, WE CAN"T DO THAT THEY MIGHT ACTUALLY LEARN SOMETHING. Look at the difference between the numbers of ADD kids in private schools and public schools. > > Drugs are supposed to be for fun, not for long term behavior > > modification. People need to learn to deal with life. > Someone with a disease such as bipolar disorder would disagree with you. There > are some bipolar people who, without lithium, will end up with large wounds Uh.. That was a joke. Seriously tho' There is a difference between some one who takes Lithium to even out neurochemistry, and a person who takes prozac to even take the edges off. One is a medical condition, one is a psychological problem. > OK, now for the real crypto relevance. Snow seems to be in denial about > psychological illnesses. This is the "it will never happen to me" attitude. Last time I checked the only symptom of Bipolar Manic depression I didn't have was suicide ideation. I have homicidal ideation. I am not joking at this point. I'd be willindg to bet that I fall VERY near the "Manic Depressive" line. I just doubt that there are more than a small percentage of people out there who have mental illnesses that need strong drugs to combat. More people SHOULD just learn to deal with it. I have found a couple of things that really help take the edge off my problems. Regular exercise is one. I recently started bike riding again, and I am doing 22+ miles a day. For the first time in about 10 years I have been sleeping a semi-regular schedule (about 6 hours a night) I have been exercising about 3 weeks now, so we will see what happens. This gets into what you are about to say, but in my case I am dealing with my problems the best I can. It would be a hell of a lot easier to simple take that little pill and have a nice calm chemical existence. It would be a lot easier to allow GAK and escrow. It is much better on all levels to deal with it yourself as much as possible. I had never used PGP until today. Yes, I had D/Led it, compiled it, and installed it but never published a key, nor encrypted anything. An instance arose where someone else insisted I use it, so I figured it out. No problems. Part of the reason it was no problem is that I have spent a lot of time figuring shit out on my own, and only asking for help when I needed it, or to help point the way. Too many people don't want that. They want all the questions answered for them. They like their mental fog and feel threatened by people who don't. I'd bet that a lot of these so called "ADD" kids are the ones who ask the hard questions in class, the ones who threaten to wake the other students up. Can't have that. > Tyranny can effect anyone and everyone. It's not limited to criminals. This > is why strong crypto is necessary. Well, something we agree on anyway. Again, I am not saying that there are NO ADD kids, I know one, and he is a mess. However, there are many kids who are labeled ADD who aren't. I know what Speed does to a person, Been there. Liked that (remember the Manic Depressive? I _LIKE_ manic.), but speed is very dangerous stuff, and highly addicted. Got an ex-friend to testify to that. Or he would if he could breath. Petro, Christopher C. petro at suba.com snow at crash.suba.com From dlv at bwalk.dm.com Thu Jul 11 00:16:58 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 11 Jul 1996 15:16:58 +0800 Subject: electronic voting In-Reply-To: <199607101957.MAA09843@netcom7.netcom.com> Message-ID: <5ioVqD71w165w@bwalk.dm.com> "Vladimir Z. Nuri" writes: > [voting techniques] ... A few days ago I posted the following article to Usenet. It may be of interest. Subject: Implementing Dr. Grubor's proposals for overhauling Usenet votes Message-ID: Date: Thu, 04 Jul 96 00:57:36 EDT Recently, Dr. John M. Grubor proposed several improvements to the Usenet vote procedure. I've implemented Dr. Gurbor's proposals in C, with the objective to make this code easy to add to L.Ron Dippold's (spit) vote-counting software. I remind evertone the outline of Dr. Grubor's proposal: 1. The CFV will no longer contain the ballot. Instead it will instruct the voter to send an e-mail to a GruborBot and request an individualized ballot. Therefore, there can be no objection to resposting such CFV's. [To request a ballot for 'ngv', a prospective voter at uhost might e-mail ngv-ballot at uvv.org (content ignored) or e-mail votebot at uvv.bot and say 'send ngv-ballot' - either way is easy with procmail] 2. When asked for a ballot, the GruborBot will generate an individualized one by running a modified version of uvballot. The individualized ballot e-mailed to voter at uhost will differ in the following ways from the existing ballot: a) it will contain a ballot number. b) it will contain a copy of the CFV. c) it will contain a random challenge. The triple (voter at uhost,ballot number,correct response) will be recorded. [note that the ballot number and the challenge are not redundant ] [the patches for uvballot are posted below. The patches assume that the CFV is in the file ./cfvtext, the precomputed challenges are in ./chaldata, and the outgoing ballots are recorded in ./balrost, but it's easy to change.] 3. The voter is likely to have look at the CFV in order to answer the random challenge. Also s/he must have a reachable e-mail address. 4. Upon receipt of the ballot from voter at uhost, the modified version of uvvote will verify the following, in addition to the checks already there: a) was a ballot with this number number e-mailed to voter at uhost? b) is this the correct response to the challenge given in the ballot with this ballot number? It's possible for a user to request several ballots; all of them should be acceptable, but only the latest one should be counted, just like now. Thank you again, Dr. Grubor, for providing guidance for Usenet's growth. [While at it, someone should change UseVote 3.0 to use ANSI prototypes] ------------------------------------------------------------------------- /* prepchal.c This program reads the file named ./cfvtext and writes ./chaldata. It generates "challenges" for voters, which mkballot uses. */ #include #include #include #include #define MSG(x) fprintf( stderr, x ) /* it's safe to assume that no line in CFV is longer than 80 chars - see USEVOTE*/ #define MAX_CHAL_LINE_BUFFER 80 /* we don't want to use lines with more than this many words */ #define MAX_CHAL_WORDS_PER_LINE 20 /* using fewer words makes lines hard to find */ #define MIN_CHAL_WORDS_PER_LINE 5 /* maximum and minimum length of words for challenge - not too much typing, nor too easy to guess */ #define MAX_CHAL_WORD_LEN 14 #define MIN_CHAL_WORD_LEN 4 /* maximum challenges, really should have been dynamic */ #define MAX_CHALS 6000 typedef struct { char * word; char * line; char flag; } chal; chal this; chal chals[MAX_CHALS]; int num_chals; char line_buffer[MAX_CHAL_LINE_BUFFER]; int line_buffer_length; char word_begin[MAX_CHAL_WORDS_PER_LINE]; char word_length[MAX_CHAL_WORDS_PER_LINE]; /* these words are often too easy to guess - may be sorted if expanded */ char *easy_words[]={ "about","aren","because","could","couldn","didn","does","doesn","else", "hadn","hasn","have","just","like","must","mustn","only","shouldn","since", "some","such","than","that","their","them","then","there","these","they", "this","those","wasn","what","when","where","which","whose","will","with", "would","wouldn","your" }; #define NUM_EASY_WORDS (sizeof(easy_words)/sizeof(easy_words[0])) int find_words(void); int add_chal(int word_begin,int word_length); int save_chals(void); int generate_chals(void); FILE *infile,*outfile; int main(void) { if (NULL==(infile=fopen("cfvtext","r"))) { perror("fopen cfvtext"); return(1); } if (NULL==(outfile=fopen("chaldata","w"))) { perror("fopen chaldata"); return(1); } generate_chals(); if (num_chals==0) { MSG("No challenged generated\n"); return(1); } save_chals(); fclose(infile); fclose(outfile); return(0); } /* return the number of words in buffer, and save their beginnings and lengths */ int find_words(void) { int in_word,i,num_words; num_words=0; i=0; in_word=0; for(;;) { if (isalpha(line_buffer[i])) { if (!in_word) { if (num_words>=MAX_CHAL_WORDS_PER_LINE) return(0); /* this line is too complex for the challenge */ word_begin[num_words]=i; word_length[num_words]=1; in_word=1; } else /* in_word */ if ((word_length[num_words]++)>=MAX_CHAL_WORD_LEN) in_word=0; } else /* !isalpha */ { if (in_word) { in_word=0; if (word_length[num_words]>=MIN_CHAL_WORD_LEN) num_words++; } if (line_buffer[i]=='\0') break; } i++; } return (num_words>MIN_CHAL_WORDS_PER_LINE ? num_words : 0); } /* add the challenge to the data structure, verifying that it's not redundant */ int add_chal(int word_begin,int word_length) { int i; int hi,lo,m,md; this.word=this.line=NULL; if (NULL==(this.word=(char*)malloc(word_length+1))) { MSG("malloc word failed - partial results\n"); return(1); } if (NULL==(this.line=(char*)malloc(line_buffer_length+1))) { free(this.word); MSG("malloc line failed - partial results\n"); return(1); } /* copy the word, translating to lowercase */ for (i=0; i='A'&&line_buffer[word_begin+i]<='Z')? line_buffer[word_begin+i]+('z'-'Z'):line_buffer[word_begin+i]; this.word[word_length]=0; /* copy the line, replacing the word by underscores */ memcpy(this.line,line_buffer,line_buffer_length+1); memset(this.line+word_begin,'_',word_length); /* binary search: see if the word is too easy */ this.flag=2; lo=0; hi=NUM_EASY_WORDS-1; while (this.flag==2) { if (hi=MAX_CHALS) { MSG("MAX_CHALS exceeded - partial results\n"); free(this.word); free(this.line); return(1); } /* insert */ for (i=num_chals; i>lo; i--) chals[i]=chals[i-1]; chals[lo]=this; num_chals++; return(0); } /* continue searching */ md=(hi+lo)/2; m=strcmp(this.line,chals[md].line); if (m==0) { /* found - don't insert */ if (0!=strcmp(this.word,chals[md].word)) chals[md].flag=1; /* ambiguous */ free(this.word); free(this.line); return(0); } else if (m<0) hi=md-1; else lo=md+1; } } int save_chals(void) { int i,j; /* write the adjusted number of challenges */ j=num_chals; for (i=0; i #include #include #include #define MSG(x) fprintf( stderr, x ) FILE *cfvfile,*chalfile,*balfile; int main(int argc,char *argv[]) { char ballot_number[20]; int num_chals,num_skip,c; char word[11],line[81]; char *addr=argv[1]; if (argc!=2) { MSG("argv[1] should be user at host\n"); return(1); } /* randomize seed */ srand((unsigned)time(NULL)); /* open files */ if (NULL==(cfvfile=fopen("cfvtext","r"))) { perror("fopen cfvtext"); return(1); } if (NULL==(chalfile=fopen("chaldata","r"))) { perror("fopen chaldata"); return(1); } if (NULL==(balfile=fopen("balrost","a"))) { perror("fopen balrost"); return(1); } /* generate ballot number */ sprintf(ballot_number,"%d%d%d",rand(),rand(),rand()); /* pick a random challenge number */ fscanf(chalfile,"%d\n",&num_chals); num_skip=rand()%(num_chals-1); /* skip lines */ while(num_skip) if ('\n'==fgetc(chalfile)) num_skip--; fscanf(chalfile,"%[^,],%[^\n]\n",word,line); fclose(chalfile); /* remember the combination of user at host,ballot_number,word */ fprintf(balfile,"%s,%s,%s\n", addr,ballot_number,word); fclose(balfile); /* generate the individualized ballot - this needs to be there in addition to the code already in uvballot */ printf("\n\ This ballot is being e-mailed to: %s\n\ \n\ Ballot number: %s\n\ Missing word:\n\ \n\ The Call for Votes is attached after the ballot. Please read it carefully\n\ before voting. Then, find the line in the CFV that looks like this:\n\ %s\n\ and fill in the missing word in the ballot\n\ \n\n",addr,ballot_number,line); /* copy the CFV */ while (EOF!=(c=fgetc(cfvfile))) fputc(c,stdout); fclose(cfvfile); return(0); } ------------------------------------------------------------------------- patches for uvvote: /* functionality to be added to uvvote.c */ #include #include #include #include #define MSG(x) fprintf( stderr, x ) char addr[80]; char ballot_number[80], word[80]; FILE *balfile; /* return values: 0 - acceptable ballot 1 - no ballot ever e-mailed to this addr 2 - ballot(s) e-mailed to this addr, but no ballot_number matches 3 - wrong word in response to the challenge */ int ballot_check(void) { int rc; char this_addr[80],this_ballot_number[80],this_word[80]; /* anything other than sequential search isn't worth it here */ rewind(balfile); rc=1; while (rc&&(3==fscanf(balfile,"%[^,],%[^,],%[^\n]\n",this_addr,this_ballot_number,this_word))) if (0==strcmp(addr,this_addr)) { if (rc==1) rc=2; if (0==strcmp(ballot_number,this_ballot_number)) { if (rc==2) rc=3; if (0==strcmp(word,this_word)) rc=0; } } return(rc); } /* test main */ int main(void) { int i; if (NULL==(balfile=fopen("balrost","r"))) { perror("fopen balrost"); return(1); } for(;;) { printf("(uvvote would get these from the ballot it's processing)\n\ Type . to end demo\n\ addr: "); gets(addr); if (0==strcmp(addr,".")) break; printf("ballot_number: "); gets(ballot_number); printf("missing word: "); gets(word); /* remember to map the word to lowercase. It may be worthwhile to lowercase addr too (both here and in new uvballot) */ for (i=0; word[i]; i++) if (word[i]>='A'&&word[i]<='Z') word[i]+='a'-'A'; printf("ballot_check=%d\n",ballot_check()); } close(balfile); return(0); } --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From paul.elliott at hrnowl.lonestar.org Thu Jul 11 00:36:41 1996 From: paul.elliott at hrnowl.lonestar.org (Paul Elliott) Date: Thu, 11 Jul 1996 15:36:41 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? Message-ID: <31e46fa0.flight@flight.hrnowl.lonestar.org> -----BEGIN PGP SIGNED MESSAGE----- All software companies who sell (really licence) software must deal with the inevitability of software piracy. It is a brute fact that any usefully product sold in the U.S. will eventually appear as an unauthorized copy for sale abroad. This fact must be recognized in the software companies' business plan. The question occurs to me "why can not this fact be used to defeat the ITAR?" What is to prevent a U.S company to licence a foreign company to sublicence and distribute a Crypto product abroad, if that foreign company obtains that product on the pirate market? I am not a lawyer, but I look at the definition of "export" on page 612 of Applied Cryptography and nothing seems to obviously apply. The scenario I imagine is this: U.S. company produces a crypto product. To be generally useful, the product supports all languages. (Those CDROMs really do hold a lot of data.) After all, Americans do need to do business with foreigners. The company licences and distributes the product in the U.S. taking special care not to distribute the product to any foreign persons. When inevitability, the product appears in the pirate market outside the U.S., the company makes a contract with a foreign company allowing it to distribute it and sublicence it. The foreign company can get their copy from the pirate market, being authorized to get the copy by the U.S. company. When this deal is cut copies have already been exported and are already being sold by the pirates, against the will of the U.S. company. In this scenario, the U.S. company had done everything it possibly could to prevent the illegal export of its product. But when its efforts have inevitably failed, it makes money by sublicencing. When I look at the definition of Export on page 612 of applied cryptography, I see one clause that defines transferring registration as export, but only for aircraft, vessels and satellites. OK, cypherpunk legal types, there has got to be something wrong with this idea. There are a lot of smart people in the world, so if this idea was good, somebody else would have thought of it before now! But what is specifically is wrong with it? I want to be educated! - -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: cp850 iQCVAgUBMeR9nvBUQYbUhJh5AQGkYAP/bN0lmkjF6uZ92MmWIqdZwVmLmsiIUg9L XbtYaeawNCMdi2BnkDUu4j/G1rNngFuAmRwABE9UxKOnwjMU5lfmxHev5RP9/CBF 81AnYc1bWeh52EuKJCKu47LMDn9PqfiCIGBwfRehgkZ72gO0+ywIP1fZrkwNNCF+ Md76LqUE5Z4= =k7M5 -----END PGP SIGNATURE----- From caal at hopf.dnai.com Thu Jul 11 01:24:41 1996 From: caal at hopf.dnai.com (caal at hopf.dnai.com) Date: Thu, 11 Jul 1996 16:24:41 +0800 Subject: Information Message-ID: <199607110432.VAA05249@hopf.dnai.com> Dear Cypherpunks: I'm new here and without taking too much bandwidth, I'd like to ask you for some assistance. I am wondering if there is a precise way of figuring out where a web/mail server is based, or at least get some identifying information. I think I saw some messages on this list a few weeks ago about how easy it is to identify a server or ISP, with just an address (web or e-mail address). Is this possible and how? I would appreciate any guidance you may provide and I hope this request is not too much against the etiquette of this group. Thank you. Boris From snow at smoke.suba.com Thu Jul 11 02:02:10 1996 From: snow at smoke.suba.com (snow) Date: Thu, 11 Jul 1996 17:02:10 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090509.BAA11381@jekyll.piermont.com> Message-ID: On Tue, 9 Jul 1996, Perry E. Metzger wrote: > I'm sick of you, Tim and other people telling folks how to treat > their problems. Tim is happy saying that he thinks people's lives are > their own business, but opportunities to stick his nose into the ways > that his neighbors raise children are just peachy to him. Maybe we're just a bit afraid of how society treats it's members, and how parents treat our future employees/servants/neighbors. We are not trying to pass laws that say people _can't_ give their kids drugs, just questioning the wisdom of passing the pills out like they are candy to children. They same children we tell not to smoke a little pot because "we don't know how it affects young minds". Speed is a little more potent than Pot. Just a little. > If someone out there has their life improved by Ritalin, its not any > of your business to tell them not to take it. If someones life is being ruined because their parents are forcing them to take these pills. > There are kids out there, and adults, who have psychological problems > that are well treated if not cured by medicines. Sure, its nice to do > things "naturally" and "without drugs", but I'll point out that two > thirds or more of the people reading this message would be dead now > because of infections they forgot they had twenty years ago, or > because of indoor plumbing assuring a clean water supply, or a million > other artificial interventions into the natural course of life, which > is, naturally, death at 20 or 25 without a tooth left in your head, > cowering in a cave, surrounded by the other savages. No arguements here. I'd be the last to say "Do things Naturally", but chemical addictions suck really hard. > So, go right ahead. Discourage people from using their medicines. Make > fun of the parents of the "poor little zombie" taking Ritalin because > otherwise his life, from his own perspective, is a living hell. Heck, To a Heroin Addict, life without junk is living hell. > TAKE AWAY HIS MEDICINE, the way Tim cheers on. Then please go home and > throw away that aspirin. The natural way to deal with a headache is to > suffer. When you break your arm, swear off medical attention and crawl > around in pain for a while. Its the "Right Thing" to do. > > In any case, even if all this stuff isn't real, I'm sure you are > completely above taking drugs to help you get along in life. I'm sure > you never drink coffee to get you up in the morning, for > instance. Because if you have, you are a hypocrite. Not, of course, > that anyone here would fit that description. Quit taking Caffine 2 years ago, and quit smoking 2 weeks ago. Hell, since I quit working for one of the big 6 accounting firms, I rarely have headaches, so you could say that leaving the High Tech Hi-Rise life Style _did_ cure me to an extent. (that was a joke boy). I really don't think that anyone here is claiming that there are no mental problems, just that maybe it is best not to throw powerful drugs at people we don't even trust to drive a car. Petro, Christopher C. petro at suba.com snow at crash.suba.com From snow at smoke.suba.com Thu Jul 11 02:30:37 1996 From: snow at smoke.suba.com (snow) Date: Thu, 11 Jul 1996 17:30:37 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607090604.CAA11704@jekyll.piermont.com> Message-ID: On Tue, 9 Jul 1996, Perry E. Metzger wrote: > likelyhood that something is a disease doesn't really wash very > well. By your lights, then, heart disease couldn't be a "real" illness > given that a lot more than 10% of the population suffers from it to > one extent or another. Of course, we could simply redefine dying of a > heart attack as "normal" and then we could be done. A heart attack is (or used to be) a normal way of dying. Dying is natural. It is even (in some cases, and from certain perspectives) desirable. So are dreamers, so are doers. Poets, Priests and Garbage collectors. The problem is that in this society parents don't want (largely, painting with a BIG BIG brush and painting over some people) dreamers or garbage collectors, poets or artists. They want CPA's and Programmers, attentive little students, of course the kids nature has nothing to do with it. Remember a year or so an add for Joop Jeans? A "Yuppie" looking woman with a baby on a leash (like a dog collar and leash) with the words "A child, the ultimate pet". That seems to be the position that many parents seem to be taking these days. They don't have kids, they have prize pedegree Children. These children are expected to behave without training, to follow rules without being disiplined (funny how that word keeps popping up in these posts) and to perform in the 90th percentile in everything. On the other end we have growing pool of warm bodies whose parents are just barely warm bodies. They aren't taking prozac and ritilan to get thru school, with them it is coke, crack, pot, horse and alcohol. Their parents are barely even aware of their existance. IMO both of these are from the same mentality, the attitude of a child as a cute little pet. > How about giving people with hypertension blood pressure medication? I > mean, they are just "out of the norm", right? I mean, there is a > continuum of blood presures, yes? Why should we give the people at the > top of the spectrum medications, just because high blood pressures are > associated with vascular accidents? What causes this hypertension? Maybe rather than medicating you should eliminate the CAUSE of the problem. Of course that is more work than just taking a pill. > I suppose you don't understand what it might be like for someone to be > unable to do their work no matter how heavy the threat against them if > they don't, and no matter how easy it is. There are people out there > who can't get themselves to pay a phone bill or throw out the > newspapers for months on end -- they just can't get themselves to Actually, I would. > You miss the point. You spoke of involuntarily medicated kids. Most of > the kids aren't involuntarily medicated. I would worry more about a kid who _wants_ speed than one who doesn't. Correct me if I am wrong, but aren't children more sensative to chemicals than adults? > > The price of giving the patient (or the patient's parents) > > everything they want is [...] classrooms full of obedient > > citizen-units in Soma-induced trances. > Ritalin does not induce a zombie-like trance, as the numerous people > on this mailing list who take it can tell you. No, the responces indicated that it turned you into a person happy to focus on and perform repitive tasks hour after hour. Machine-like trance instead of Zombie. Great. Petro, Christopher C. petro at suba.com snow at crash.suba.com From snow at smoke.suba.com Thu Jul 11 02:31:31 1996 From: snow at smoke.suba.com (snow) Date: Thu, 11 Jul 1996 17:31:31 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: On Tue, 9 Jul 1996, Rick Smith wrote: > At 8:01 PM 7/8/96, John F. Fricker wrote: > >Seems like if your child needs drugs to go to school than perhaps school is > >the problem not that your child's body lacks Ritalin. > I tend to agree, but it doesn't make the problem any easier to solve. > Another alternative to Ritalin would simply be to let him struggle with > school. It worked for me, I guess. Maybe that is one of things that school is supposed to prepare us for. A life of struggle and beating our heads against wall after wall. Petro, Christopher C. petro at suba.com snow at crash.suba.com From snow at smoke.suba.com Thu Jul 11 02:34:59 1996 From: snow at smoke.suba.com (snow) Date: Thu, 11 Jul 1996 17:34:59 +0800 Subject: Put Uncle Sam in your Calling Circle In-Reply-To: <2.2.32.19960709165403.00e1349c@mail.teleport.com> Message-ID: On Tue, 9 Jul 1996, Alan Olsen wrote: > At 11:15 AM 7/9/96 -0400, you wrote: > >Hey guys, > The posters are done by Tom Tommorow, who also does a cartoon called "This > Modern World" which appears far too infrequently in a number of papers and > _Processed World_. Incredible political cynicysm... > > Thanks again to RSA for a couple of cool posters! So, how does one aquire a copy of these? Petro, Christopher C. petro at suba.com snow at crash.suba.com From wprice at primenet.com Thu Jul 11 02:38:15 1996 From: wprice at primenet.com (Will Price) Date: Thu, 11 Jul 1996 17:38:15 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download Message-ID: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download _______________________________________________________ MIT has released Philip Zimmermann's PGPfone 1.0b7 for Macintosh and 1.0b2 for Windows95 or NT. This new secure telephone product is now available for download at the MIT PGP distribution web site: http://web.mit.edu/pgp or: http://web.mit.edu/network/pgpfone Using PGPfone is like using a telephone, except no one else can eavesdrop on your conversation. PGPfone lets you whisper in someone's ear, even if their ear is a thousand miles away. Secure voice calls are supported over the Internet, or through a direct modem-to-modem connection, or even over AppleTalk networks. PGPfone uses Diffie-Hellman public-key technology to provide encryption keys for the user's selection of CAST, TripleDES, or Blowfish encryption algorithms. A unique biometric authentication feature uses spoken words to authenticate the Diffie-Hellman key exchange allowing easy authentication of secure calls. This new version introduces CAST, a fast and well-designed new encryption algorithm from Northern Telecom. The use of Diffie-Hellman in PGPfone allows secure calls to parties that are not previously known to the caller -- no prior key exchange over other channels is necessary. PGPfone 1.0b2 for Windows is an improved version which is now on par with the Macintosh version. It now supports silence detection, much improved sound quality, significantly reduced latency, completely new interface, faster call negotiation, and some important bug fixes. A commercial version of PGPfone will be available in the fall from Phil's new company, Pretty Good Privacy, Inc. The company may be contacted at 415 631-1747, or at http://www.pgp.com. From alano at teleport.com Thu Jul 11 03:08:21 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 11 Jul 1996 18:08:21 +0800 Subject: Put Uncle Sam in your Calling Circle Message-ID: <2.2.32.19960711064754.00ef9a34@mail.teleport.com> At 12:40 AM 7/11/96 -0500, snow wrote: >> Thanks again to RSA for a couple of cool posters! > > So, how does one aquire a copy of these? I recieved mine by sending an e-mail message to sales at rsa.com politely asking for one. Hopefully they still have some left. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From tcmay at got.net Thu Jul 11 04:17:27 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 11 Jul 1996 19:17:27 +0800 Subject: "White 'Punks on Dope" (w apologies to The Tubes) Message-ID: (The explanation of "White 'Punks on Dope" will come in the second part of this post, along with a baby's arm holding an Apple, for no fee or waybill.) At 1:14 AM 7/11/96, snow wrote: > Tourettes was brought up to explain one small boys behavior towards >his mother. He would (IIRC) call her a "fucking asshole", yet he didn't >seem to have these sorts of problems around his father. True tourettes is >not an emotional problem, it is _very_ rare, and the person with tourettes >does not curse at only one person. I of course never invoked "Tourette's Syndrome" as a likely reason for the kid's behavior. It is unlikely in the extreme, as I've seen the kid firsthand for several hours and he has never uttered a stereotypical Tourette's Syndrome sort of thing in my presence. The likely reason for his outburst is covered below. > Undisiplined brats do have emotional problems. Parents who are under >the ignorant mis-apprehension that children do not need disipline are the >cause of more than a few of this societies problems. Indeed, this is almost certainly why he screamed obscenities at his mother. He did it because he _could_ do it, that is, because she refuses to punish him. And he gets a reward out of it, namely, attention. This is a pattern as old as humanity, of course. Mostly such temper tantrums and outbursts are held in check by the threat of sanctions by the parents, e.g., confinement (grounding), corporal punishment (beltings), denial of food (going to bed hungry), etc. Children above a certain age--maybe 4 or so--are quite aware of the consequences of their actions and the "game-theoretic" tradeoffs involved. Most reduce their frequency and magnitude of "acting out". This has worked well for millenia. In recent decades, do-gooders have taken upon themselves to intervene in the parenting process and have essentially succeeded in making such sanctions harder for parents to impose. Schools routinely teach young children to inform on their parents if they have been spanked, touched, talked to "inappropriately," etc. Check out the parent's rights newsgroups (and father's rights) for tales of interrogations by agents of Child Protective Services, who are empowered to remove a child immediately and without court proceedings if they merely _suspect_ a child has been treated in ways the State has deemed no longer appropriate. (I'm sure many of us agree that children should not have their jaws broken, should not be burned by cigarette butts as punishment, and should not be confined in closets for weeks at a time. The laws are well-intentioned. But as with many such well-intentioned laws, the "law of unintended consequences" has given Child Protective Services almost Gestapo-like powers to enter private homes, to intervene in custody disputes, and to assume guilt until innocence is proven.) So, what to do with children who are otherwise uncontrollable? Ah, the State has the answer. And its name begins with "R." 'Nuff said. > I will admit to the possibility of ADD being a "disease", but I think >that the number of children who really have the disease is small compared >to the number of childern recieving drugs for it. This is the point I have been making. Not that ADD (aka ADHD, hyperactivity, etc.) does not sometimes exist, but that giving Ritalin and suchlike drugs to children has been a panacea for fidgeting, wandering attention, boredom, "cutting up" in class, class clowns, and so on. And perhaps worse, _parents_, such as the example I provided, are using it to control children. Where once they would've paddled the kid for using obscene language, or refusing to get dressed for school, now they pop a pill in the child's mouth. > 15 years ago I would have been diagnoised as having ADD. I had trouble >paying attention in class, I spent a lot of time looking out the window. I >was a mild behavior problem. I didn't have ADD. I was simply bored by a >system that either taught me stuff that was irrelevant (I thought so 15 I suspect this was true of 90% or more of us on this list...we're a bright lot, and it's hard to imagine that _any_ school could keep us from being bored a lot of the time. (And hard classes can be boring, too.) > Ok, so instead of arresting everyone who uses PGP as a child >pornographer and throwing them in jail, we should arrest them, convict them >(after all, they must be hiding something with that crypto) and then throw >them in jail. Is that what you are saying? Obviously any school child who refuses to open his backpack for the morning inspection has Privacy Fixation Syndrome. Any school child who refuses to discuss his thoughts about his or her budding sexuality with the school nurse has Privacy Fixation Syndrome. This Syndrome has become rampant in recent years, say psychiatrists and social workers. Some of these children are even using PGP to *encrypt* their files! This interferes with a wholesome and nurturing educational experience. Child Protective Services has begun to ask children if their parents are maintaining a proper environment at home. Use of PGP and other such tools of the paranoid crypto-militias is considered positive evidence of an unwholesome home environment. Fortunately, pediatric psychiatrists have discovered that Privacy Fixation Syndrome is treatable in the school environment with Prozac, Xanac, and Quaaludes. A moderate dose of these drugs appears to remove the compulsion to keep things secret, and assists in the child's ability to share his innermost thoughts with school nurses, teachers, and administrators. (Note to school administrators: A side benefit is that this lessening of "privacy anxiety" also makes investigation of the parental-units much easier. Prozac appears to be as effective as scopalaimine in extracting the details of home enviroments from children-units.) --Dr. Klaus von Ritalin, specializing in Privacy Fixation Syndrome From gary at systemics.com Thu Jul 11 08:32:51 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 11 Jul 1996 23:32:51 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download In-Reply-To: Message-ID: <31E4E92A.62FFD016@systemics.com> Will Price wrote: > > ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download > _______________________________________________________ > > MIT has released Philip Zimmermann's PGPfone 1.0b7 for Macintosh and > 1.0b2 for Windows95 or NT. This new secure telephone product is now > available for download at the MIT PGP distribution web site: Can anyone tell me if the specs available for the PGPfone protocol? Is there an implementation available, with source? Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From sopwith at redhat.com Thu Jul 11 10:35:59 1996 From: sopwith at redhat.com (Elliot Lee) Date: Fri, 12 Jul 1996 01:35:59 +0800 Subject: Information In-Reply-To: <199607110432.VAA05249@hopf.dnai.com> Message-ID: On Wed, 10 Jul 1996 caal at hopf.dnai.com wrote: > Dear Cypherpunks: > > I'm new here and without taking too much bandwidth, I'd like to ask you for > some assistance. I am wondering if there is a precise way of figuring out > where a web/mail server is based, or at least get some identifying > information. I think I saw some messages on this list a few weeks ago about > how easy it is to identify a server or ISP, with just an address (web or > e-mail address). Is this possible and how? Put your brain and the 'whois' command together. Marvelous things can happen. ;-) \\\| Elliot Lee |\\\ || "Claim to fame": \\\| Red Hat Software |\\\ || Live in only town in the \\\| Webmaster www.redhat.com, |\\\ || USA with an unlisted ZIP \\\| Programmer, etc. |\\\ || code. From bshantz at nwlink.com Thu Jul 11 14:45:50 1996 From: bshantz at nwlink.com (Brad Shantz) Date: Fri, 12 Jul 1996 05:45:50 +0800 Subject: It's more than "White Punks on Dope" Message-ID: <199607111437.HAA18788@montana.nwlink.com> Tim May Wrote: > In recent decades, do-gooders have taken upon themselves to intervene > in the parenting process and have essentially succeeded in making such > sanctions harder for parents to impose. Schools routinely teach young > children to inform on their parents if they have been spanked, touched, > talked to "inappropriately," etc. Check out the parent's rights > newsgroups (and father's rights) for tales of interrogations by agents of > Child Protective Services, who are empowered to remove a child > immediately and without court proceedings if they merely _suspect_ a > child has been treated in ways the State has deemed no longer >appropriate. ...yadda yadda yadda...more on how we all agree that burning children is not a viable option....etc. It is so much more than what the "State" deems appropriate. Having grown up with both parents being teachers in the public school system and my wife a teacher in a private Montessori school system, I've seen that the feeling in society is, "Everyone is a victim." In seattle a few years ago, there was a teenager who killed his girlfriend. (beat her face in with a rock) Yes, he was caught, yes he went to trial. This 19 year old lame-o used this as his defense, "Fetal Alcohol Syndrome." THEY LET THE MURDERER GO ON THE PRECEDENT IT WAS HIS MOTHER'S FAULT BECAUSE SHE HAD A FEW DRINKS WHILE SHE WAS PREGNANT WITH HIM. So, he wasn't in control of his own actions? I say bullshit to that. At my wife's school the kids are being taught that the definition of harassment is if someone is doing something to you that you don't like. Oh, the third graders have a heyday with this one. "Chris is looking at me and I don't like it." Immediately, Chris is repremanded because he is harassing the other kid. What's wrong with this picture? Well, it's not Chris' problem, is it? The teachers need to be a little more understanding of what harassment is. Chris could turn around and say, "By reprimanding me, you are harassing me for something totally stupid." There are so many different "syndromes" and "conditions" that you can't keep track of them all. ADD, Hyperactivity, Fetal Alchohol Syndrome, Chronic Fatigue, Repetitive Stress (which is a physical ailment, but it came to mind), they are all names to psychological conditions. Some because they are serious problems...like ADD in some children, but not all. Some however are lame attempts by psychologists to put the human psyche into a bunch of prepackaged little boxes. Eventually, you could build the perfect beast by just grabbing a handfull of syndromes from this box over here, mixing them with a few neuroses from this box over here. Pour in a little Free Love, a little Self Preservation and give the entity a stopwatch in the shape of a heart and a scroll for a brain and you've got an average human being. Sorry, no, thank you. We are more a part of our environment than that. Some people grow up to be just like their parents. Some grow up to be the exact opposite. However, our "raising" does have an effect on us. > So, what to do with children who are otherwise uncontrollable? > > Ah, the State has the answer. And its name begins with "R." 'Nuff said. At my wife's school, they do not use Ritalin. They have started using a product called PhytoBears. Don't laugh. These are GummiBears made out of all natural vegetable extracts. One of those, "100% of all the vitamins and minerals needed by the human body and mind in a day" kind of things. Apparently, the kids who were on Ritalin are now getting on much better with PhytoBears than they were with Ritalin. >> I will admit to the possibility of ADD being a "disease", but I >> think that the number of children who really have the disease is small >> compared to the number of childern recieving drugs for it. Yes, I've read this entire thread, I don't need loads of flame mail telling me to go back and read the ENTIRE THREAD again. I just want to say that in many schools, at least in Washington, ADD is no longer being treated strictly with drugs. Someone mentioned being put in a "special" class while his brother was in a regular class (or the other way around). That is more common than an automatic prescription for Ritalin. I still claim that ADD is a syndrome that is serious in some kids and for others it's a crutch. The diagnoses in Washington are getting better. > This is the point I have been making. Not that ADD (aka ADHD, > hyperactivity, etc.) does not sometimes exist, but that giving Ritalin > and suchlike drugs to children has been a panacea for fidgeting, > wandering attention, boredom, "cutting up" in class, class clowns, > and so on. Dr. Cynthia Tobias (who just happens to be from Seattle Pacific University, just a coincidence) has done studies for her entire doctoral carreer on the subject of learning patterns. Her findings are interesting. They aren't practical in a public school system, but interesting nonetheless. There are a number of different learning styles. I won't go into all of them for the sake of brevity (I know, too late.) One of the learnign styles that she has spent much time working on is the Kinetic/Kinesthetic learner. These are the kids who wander around, and fidget as Tim put it. The goal of the teacher with a Kinetic learner is not to get them to sit down, but to get them to not distract others. If the kid likes to do his work laying on the floor and he's not bothering anyone, let him. There are some people (like me) who can't stand to sit at a desk all day long. I get my work done, but I often lay on the floor, sit on the desk, walk around the office, etc. Anyway, my point is that there are teaching practices that could be used to teach the child without resorting to labelling (as I think ADD is sometimes used) or drugs. > And perhaps worse, _parents_, such as the example I provided, are using > it to control children. Where once they would've paddled the kid for > using obscene language, or refusing to get dressed for school, now they > pop a pill in the child's mouth. That is only in the example you provided, Tim. Yes, if one person is doing it, there are probably more. (It's like Cockaroaches....where there's one...) > I didn't have ADD. I was simply bored by a system that either taught > me stuff that was irrelevant > > I suspect this was true of 90% or more of us on this list...we're a > bright lot, and it's hard to imagine that _any_ school could keep us from > being bored a lot of the time. (And hard classes can be boring, too.) Agreed. The teachers at my High School and even at Oregon State University always had trouble convincing me of the validity of some of the topics we were learning. I'm sure it bugged them when I asked. Brad From williams at va.arca.com Thu Jul 11 14:54:28 1996 From: williams at va.arca.com (Jeff Williams) Date: Fri, 12 Jul 1996 05:54:28 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download Message-ID: <3257270267.87025315@va.arca.com> Will Price writes: > PGPfone uses Diffie-Hellman public-key technology to provide encryption > keys for the user's selection of CAST, TripleDES, or Blowfish > encryption algorithms Does the Blowfish implementation address the weakness described below? --Jeff ------------------------ Warning: Blowfish can be cracked. (I apologize for the sensationalism. I also apologize if this has been mentioned before. This needs your attention.) I have found a way to crack 80 bytes of ciphertext encrypted with the blowfish algorithm (ECB mode), 25% of the time. Blowfish, as printed in "Applied Cryptography, Second Edition", and as corrected in Bruce Schneier's Errata Sheet, using a randomly generated 64 bit key, can be cracked in much less than 10 minutes on a Pentium 120MHz (10 minutes is worst case). According to my calculations, with optimizations, I could cut this down to about 5 seconds to 2.5 minutes worst case. Previously, I wrote: >... >I have come up with several sets of vectors, >{k1,k2,pl,pr,cl,cr} such that when you use >k1 or k2 to encrypt pl and pr you will always >get cl, and cr, where k1={b10,b11,b1...,b1n}, >where b1i is the ith byte in the key k1, and >where n is divisible by 4. >... > > >Mike Morgan I investigated this further, and it turned out to be a source code implementation error. There is an implementation error in published Blowfish Code. The program chokes on the commented "choke" statement, below: bfinit(char *key,int keybytes) { unsigned long data; ... j=0; ... data=0; for(k=0;k<4;k++){ data=(data<<8)|key[j];/* choke*/ j+=1; if(j==keybytes) j=0; } ... } It chokes whenever the most significant bit of key[j] is a '1'. For example, if key[j]=0x80, key[j], a signed char, is sign extended to 0xffffff80 before it is ORed with data. For examle, when: (j&0x3)==0x3 (that is j=0x3,0x7,0xf, etc.) - -and- (key[j]&0x80)==0x80 (or when k[j]=0x80,0x81,etc.) data=0xffffff80 (0xffffff81,etc.) upon exit from the above "for(k=...)" loop. ORing all of these 1's into data effectively wipes out 3/4 of the key characters! (that is, 3/4 of the key characters are known to be set to 1 when the 4th key byte to be ORed into data has a 1 in the most significant bit.) For a randomly selected 32-bit key, there is a 50% chance that 3/4 of the key could be considered as all '1's, even if they weren't that way to begin with. This is obviously a security issue. Note, contrary to my previous statement, the key length in bytes _does not_ need to be divisible by 4 to exploit this implementation flaw. The following fix has been verified to work: data<<=8; data|=(unsigned long)key[j]&0xff; Another fix is to declare 'key' as 'unsigned char *'. Other fixes are possible. NOTE: Most test vectors will not check for this bug because they use keys comprised of ASCII (value<0x80) strings. This bug does not show up when every character in the key has a value less than 0x80. This should be corrected and noted in the source code for blowfish. Also, test vectors with unsigned character values greater than 0x80 should be generated and published. I did not notice this bug in the "Applied Cryptography" errata. It should be noted there, too. This flaw may or may not be present in other implementations of the Blowfish algorithm. Thanks to non-standard use of the 'union' construct, I think others who use blowfish may or may not have avoided this bug. In cases where this bug has been avoided, it may have been done purposefully or inadvertantly. Regards, Mike Morgan, Hardware Engineer Digi International, mmorgan at dgii.com - -- I do not speak for my company in this post. From norm at netcom.com Thu Jul 11 17:47:12 1996 From: norm at netcom.com (Norman Hardy) Date: Fri, 12 Jul 1996 08:47:12 +0800 Subject: Metered Phone Message-ID: At 9:19 PM 7/6/96, Jerome Tan wrote: >Does anyone have any ideas about this metered phone? I am from Philippines >and heard some news that it will be existing in 1997. Quite a big problem! >Every dial will be counted, every seconds will be measured... Better that the phone count calls (as in the Netherlands) than record the number called (as in the United States). From sandfort at crl.com Thu Jul 11 18:41:19 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 12 Jul 1996 09:41:19 +0800 Subject: JULY BAY AREA MEETING Message-ID: <2.2.32.19960711170452.0087ec64@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, We will be hosting a Cypherpunk meeting this Saturday the 13th. Late notice, but better late than never. Be prepared to bring up your own topics, but I propose we spend some time discussion the meta-question of list dynamics. Is the Cypherpunks list a "sewer"? Is there anything we can do to improve signal-to-noise? Do we need to? Etc. The meeting location will be at the Flatiron building in San Francisco, aka 544 Market, aka 1 Sutter. The building sits on Market and Sutter at Sansome and near 2nd. It is right above the eastern end of the Montgomery BART station. We will try to have someone in the lobby to let you in the 1 Sutter entrance, but if no one is there, call the office so someone can come down (415-392-0526). We will be in the offices of Simple Access on the 5th floor. The time is noon to 6:00 or so. S a n d y P.S.1. We may have a surprise visitor. P.S.2. If you don't know about Cypherpunk Thai brunch on Sundays, ask me. This Sunday, we are going shooting after we eat. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From perry at piermont.com Thu Jul 11 18:46:08 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 12 Jul 1996 09:46:08 +0800 Subject: rsync and md4 In-Reply-To: <199607110013.RAA07968@netcom17.netcom.com> Message-ID: <199607111657.MAA02031@jekyll.piermont.com> Mike Duvos writes: > "Perry E. Metzger" writes: > > > From cypherpunks-errors at toad.com Wed Jul 10 14:43:28 1996 > > Subject: Re: rsync and md4 > > Date: Mon, 01 Jul 1996 10:19:27 -0400 > > I think I've seen this message before. Perry must be in reruns > for the summer. > > Stay tuned for more of "The Best of Perry." :) Some host out there is reposting cypherpunks mail. I haven't tracked it down yet. .pm From markm at voicenet.com Thu Jul 11 18:54:10 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 12 Jul 1996 09:54:10 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? In-Reply-To: <31e46fa0.flight@flight.hrnowl.lonestar.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 11 Jul 1996, Paul Elliott wrote: > All software companies who sell (really licence) software > must deal with the inevitability of software piracy. It > is a brute fact that any usefully product sold in the U.S. > will eventually appear as an unauthorized copy for sale > abroad. This fact must be recognized in the software companies' > business plan. > > The question occurs to me "why can not this fact be used to > defeat the ITAR?" > > What is to prevent a U.S company to licence a foreign company > to sublicence and distribute a Crypto product abroad, if that > foreign company obtains that product on the pirate market? Just because the company didn't break any laws doesn't mean that they aren't going to be harassed by the government. This is similar to the Philip Zimmermann case. A grand jury investigation could be carried on for as long as the statute of limitations dictates and then the prosecutor of the case decided at the last minute not to indict. This is the reason that Netscape has not yet made a browser with 128-bit encryption available on the Internet. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeUz3bZc+sv5siulAQE8HwQAmBdr9ELdZk8s8GQ9rTKhYrp43KcOiCGJ Xn0FeTxdliWzWzwB3YoqW0HD8MGZnRFxmuW8l8bnHvQrbVIZxq40USPJnbFwhDXO 2bQciufQyJ+NitAyyl7ZuoqhIzwfht8D7rP9ov7C7di2f07XAOM8gTGYhdu9ja4P wVvG7nRr3vg= =iN90 -----END PGP SIGNATURE----- From mike at fionn.lbl.gov Thu Jul 11 19:02:38 1996 From: mike at fionn.lbl.gov (Michael Helm) Date: Fri, 12 Jul 1996 10:02:38 +0800 Subject: "White 'Punks on Dope" (w apologies to The Tubes) Message-ID: <199607111723.KAA29657@fionn.lbl.gov> On Jul 10, 10:12pm, Timothy C. May wrote: > And perhaps worse, _parents_, such as the example I provided, are using it [Ritalin] > to control children. Where once they would've paddled the kid for using > obscene language, or refusing to get dressed for school, now they pop a > pill in the child's mouth. There are certainly legitimate arguments about the level of use of Ritalin or other drugs, their benefits & their costs, but this straw man is just ridiculous, & betrays the author's lack of knowledge. Unfortunately a similar misunderstanding is reflected in the writings of 1 or 2 others on this topic too. Parental (or other) control is not at issue at all with add; self control is the main problem. From jimbell at pacifier.com Thu Jul 11 20:02:04 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 12 Jul 1996 11:02:04 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? Message-ID: <199607111740.KAA19755@mail.pacifier.com> At 04:06 AM 7/11/96 +0000, Paul Elliott wrote: >What is to prevent a U.S company to licence a foreign company >to sublicence and distribute a Crypto product abroad, if that >foreign company obtains that product on the pirate market? > >I am not a lawyer, but I look at the definition of "export" >on page 612 of Applied Cryptography and nothing seems to >obviously apply. > >The scenario I imagine is this: U.S. company produces a crypto >product. To be generally useful, the product supports all languages. >(Those CDROMs really do hold a lot of data.) >After all, Americans do need to do business with foreigners. >The company licences and distributes the product in the U.S. >taking special care not to distribute the product to any foreign persons. >When inevitability, the product appears in the pirate market outside >the U.S., the company makes a contract with a foreign company >allowing it to distribute it and sublicence it. The foreign company >can get their copy from the pirate market, being authorized to get >the copy by the U.S. company. When this deal is cut copies >have already been exported and are already being sold by the >pirates, against the will of the U.S. company. I raised this type of idea on CP, twice, and didn't hear a peep about it! (As recently as a couple of days ago.) It doesn't entirely eliminate the illegality; it merely transfers that illegality to an unknown and thus unprosecutable person. But yes, it appears that nothing would prevent this technique from working very well. Any attempted prosecution would fare even less well than the example of Zimmermann and PGP 1.0: There would be no illusion that an encryption product sold in hundreds of stores nationwide could be kept within the borders of the US, so the domestic manufacturer is safe. The foreign distributor isn't violating any of his own country's laws, and probably not arguably any of the US. Both companies could enthusiastically invite the USG to prosecute whoever actually exported the software, laughing all the way to the bank. Jim Bell jimbell at pacifier.com From llurch at networking.stanford.edu Thu Jul 11 20:39:09 1996 From: llurch at networking.stanford.edu (Richard Charles Graves) Date: Fri, 12 Jul 1996 11:39:09 +0800 Subject: Irony on strong encryption in Australia Message-ID: <199607111950.MAA28899@Networking.Stanford.EDU> The Australian Broadcasting Authority's report on Internet regulation issues recommends that ISPs be required to support unescrowed strong encryption for their users' privacy and security. Electronic Frontiers Australia is opposed to this idea because it puts too much of a burden on the ISP. http://www.efa.org.au/ -rich From kip at monroe.lib.mi.us Thu Jul 11 20:40:38 1996 From: kip at monroe.lib.mi.us (Kip DeGraaf) Date: Fri, 12 Jul 1996 11:40:38 +0800 Subject: Green Paper on PICS from ALA Message-ID: <2.2.32.19960711192405.014093b4@monroe.lib.mi.us> Does anyone still have a copy of the Green Paper on PICS usage in a library setting by Magpantay that was yanked from the ALA web site? I would be interested in reading a copy of it. From anonymous-remailer at shell.portal.com Thu Jul 11 20:46:04 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 12 Jul 1996 11:46:04 +0800 Subject: test Message-ID: <199607112037.NAA29245@jobe.shell.portal.com> Could someone please post the correct syntax to remove unwanted keys from the secret ring (if there is a way)? From eric at clever.net Thu Jul 11 21:13:44 1996 From: eric at clever.net (Cyberdog) Date: Fri, 12 Jul 1996 12:13:44 +0800 Subject: New Mac Web Server Security Hole Discovered Message-ID: Try adding /M_A_C_H_T_T_P_V_E_R_S_I_O_N to any of the URL's at http://www.netcraft.co.uk/Survey/Reports/960701/ALL/WebSTAR.html and each server will leak information like --- http://europa.nadc.navy.mil//M_A_C_H_T_T_P_V_E_R_S_I_O_N --- WebSTAR, Copyright �1995 Chuck Shotton, Portions �1995 StarNine Technologies, Inc. and its Licensors. All rights reserved. PowerPC (CW) version totalCon 343, maxCon 30, listening 29, current 1, high 8, busy 0, denied 0, timeout 0, maxMem 1140640, currMem 1117024, minMem 1090208, bytesSent 1218888, port 80, maxTimeout 300, verboseMessages false, disableLogging false, hideWindow false, refuseConnections false, upSince 07/11/96:10:48, version 1.2.5(PowerPC (CW)) -- Anyone can use this for denial of service becase this backdoor is so well hidden it won't show up in the logs! The vendor has not commited to an instant fix, but they have told their users not to discuss this on public lists lest their obscurity become unsecure. p.s. The copyright part was their lawyer's idea! From jimbell at pacifier.com Thu Jul 11 23:29:06 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 12 Jul 1996 14:29:06 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? Message-ID: <199607112332.QAA09668@mail.pacifier.com> At 01:03 PM 7/11/96 -0400, Mark M. wrote: >> What is to prevent a U.S company to licence a foreign company >> to sublicence and distribute a Crypto product abroad, if that >> foreign company obtains that product on the pirate market? > >Just because the company didn't break any laws doesn't mean that they aren't >going to be harassed by the government. This is similar to the Philip >Zimmermann case. A grand jury investigation could be carried on for as long >as the statute of limitations dictates and then the prosecutor of the case >decided at the last minute not to indict. This is the reason that Netscape >has not yet made a browser with 128-bit encryption available on the Internet. I think the government's ability to "harass" writers of good crypto software has been severely limited by their failure to indict Zimmermann. Remember, today they pretty much have to accept the fact that anybody can write any software, DOMESTICALLY, without any sort of legal impediment by the laws including ITAR. This is particularly true of a company like Netscape, which presumably has the bucks and/or the political clout to make it a difficult target. Any case against Netscape would probably take years if not decades to resolve, and long before this happened the world would have adopted good encryption regardless. Look what happened when MIT put PGP on the Web: "Nothing." Jim Bell jimbell at pacifier.com From snow at smoke.suba.com Fri Jul 12 03:32:53 1996 From: snow at smoke.suba.com (snow) Date: Fri, 12 Jul 1996 18:32:53 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607120448.AAA02773@jekyll.piermont.com> Message-ID: On Fri, 12 Jul 1996, Perry E. Metzger wrote: > snow writes: > > On Wed, 10 Jul 1996, Perry E. Metzger wrote: > > > "Clay Olbon II" writes: > > > > While it is crucial for an adult to be able to function and maintain a jo > b, > > > > is it really as important for a kid to be able to sit still in school? > > > If he or she is going to learn anything, it is important to be able to > > > pay attention, yes. > > If they were teaching anything, I bet the kid _would_ sit still. > I doubt it. Let me put that another way. Be much more attentive. Petro, Christopher C. petro at suba.com snow at crash.suba.com From blackavr at aa.net Fri Jul 12 03:38:50 1996 From: blackavr at aa.net (Michael Myers) Date: Fri, 12 Jul 1996 18:38:50 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: <2.2.32.19960712012906.006e6390@aa.net> At 10:39 AM 7/9/96 -0500, Rick Smith wrote: >erehwon at c2.org (William Knowles) writes: > >>Ritalin has been a godsend, I am able to dialin when I have to. >>Ritalin is not the only drug for treating ADD, Prozac works for >>some. > >I use coffee, or else I just managed to grow out of the worst effects. >In any case, I drink more coffee than just about anyone I know, and it >doesn't "wire" me at all. Coffee usage seconded here...I've tapered down to about two pots or so a day from four or more, due to the tolerance I was developing. It's about the only thing that gets anything done on time. While I can understand and agree with Tim and Mike's points about government control and "making creative people fit in", there is a point where creativity is the only thing possible, to the exclusion of all else, such as paying bills on time, doing necessary work, or just interacting with others. -- /^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\ Michael Myers Vote Libertarian....you'll sleep better! Don't like abortion? Don't have one. Don't like guns? Don't buy one. blackavr at aa.net E-mail for PGPv2.6.2 public key \____________ http://www.aa.net/~blackavr/homepage.htm ________________/ From snow at smoke.suba.com Fri Jul 12 03:41:23 1996 From: snow at smoke.suba.com (snow) Date: Fri, 12 Jul 1996 18:41:23 +0800 Subject: "White 'Punks on Dope" (w apologies to The Tubes) In-Reply-To: <199607111723.KAA29657@fionn.lbl.gov> Message-ID: On Thu, 11 Jul 1996, Michael Helm wrote: > Ritalin or other drugs, their benefits & their costs, but this straw > man is just ridiculous, & betrays the author's lack of knowledge. > Unfortunately a similar misunderstanding is reflected in the writings > of 1 or 2 others on this topic too. > Parental (or other) control is not at issue at all with add; self > control is the main problem. No, the POINT IS MIS-DIAGNOSIS. Children who are either brighter than their classmates and figured out the assignement with in minutes of the teacher giving it, or children with _no_ boundries implemented by their parents (people are like fractals, very subject to initial conditions) hence they keep pushing and pushing so the parents respond by instituting chemical control. Most of the people who are arguing "against" ritilan ADMIT there are (or might be) some cases where certain chemicals are the way to go, but we feel that there are FAR to many cases out there. Petro, Christopher C. petro at suba.com snow at crash.suba.com From adamsc at io-online.com Fri Jul 12 03:45:41 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 12 Jul 1996 18:45:41 +0800 Subject: A case for 2560 bit keys Message-ID: <199607120142.SAA19572@cygnus.com> On 9 Jul 96 17:46:00 -0800, markm at voicenet.com wrote: >> As an experiment generate a 2047 bit PGP key and a 512 bit PGP key. >> Encrypt a file (preferably of a reasonable size) using both keys. >> Depending on the computer you are using, the time difference between the >> two keys will be a matter of few seconds or even a fraction of a second. > >Now try decrypting the file, or signing another file. I have a 486-66 which >is now considered hopelessly sluggish by today's standards. It takes about >5 seconds, while doing the same operation with a 512-bit key takes less than a >second. I sign every one of my messages, so such a time delay gets quite check your setup. I used to run a 386-20 (5MB RAM) and it took about 3 seconds for a 1024 bit key. Given it didn't even have a copro (not sure when/if PGP uses one) and that it was off of a Stackered drive, I'd expect you to have much better times. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From chag at moneyworld.com Fri Jul 12 03:56:57 1996 From: chag at moneyworld.com (chag at moneyworld.com) Date: Fri, 12 Jul 1996 18:56:57 +0800 Subject: Chancellor Group (symbol = CHAG) Message-ID: <199607120153.SAA16483@toad.com> http://chancellor.stockpick.com Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings. SGA Goldstar issued a "buy" recommendation. I understand other investment advisors are looking to recommend CHAG. The company has a strong book value. The short sellers need to cover. This looks like a good situation to me. What do you think? They are located at: http://chancellor.stockpick.com Bob Williams, 206-269-0846 To terminate from my Investment Opportunities, Reply to chag at moneyworld.com with "remove" in the subject field. From jimbell at pacifier.com Fri Jul 12 04:10:53 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 12 Jul 1996 19:10:53 +0800 Subject: I@Week on crypto export loophole 6/24/96 Message-ID: <199607120544.WAA29691@mail.pacifier.com> At 10:30 PM 7/11/96 -0400, Will Rodger wrote: >>At 04:06 AM 7/11/96 +0000, Paul Elliott wrote: >>>What is to prevent a U.S company to licence a foreign company >>>to sublicence and distribute a Crypto product abroad, if that >>>foreign company obtains that product on the pirate market? >>> >>>I am not a lawyer, but I look at the definition of "export" >>>on page 612 of Applied Cryptography and nothing seems to >>>obviously apply. > >Elliott appears to be absolutely correct. > >Jim Bell replied: >>I raised this type of idea on CP, twice, and didn't hear a peep about it! > >You were ahead of your time, Jim. >There was a cover story peep about the idea in Interactive Week June 24, in >fact. The story followed Bidzos' announcement that NTT would soon be >producing 3-DES chips en masse. >It's at: http://www.zdnet.com/intweek/print/960624/cover/doc1.html I just read the article, and it's very interesting. My first note on the subject was posted June 4, and follows below: At 10:54 AM 6/4/96 GMT, John Young wrote: >Connecting Declan's three dots [...]: > The New York Times, June 4, 1996, pp. D1, D4. > Japanese Chips May Scramble U.S. Export Ban > By John Markoff > Washington, June 3 -- The Nippon Telegraph and Telephone > Corporation has quietly begun selling a powerful data- > scrambling chip set that is likely to undermine the Clinton > Administration's efforts to restrict the export of the > fundamental technology for protecting secrets and commerce > in the information age. > An executive at NTT America said that although there were > no restrictions on the export of cryptographic hardware or > software from Japan, his company was still anxious to > obtain software from RSA Data to use in its chips. That > software is still controlled by United States export law, > he said. Maybe it's just me, but the solution to NTT's problem is obvious. Even assuming that the export of this software would be against the law, why doesn't somebody simply violate that law? RSA would publish that software, possibly encrypted with NTT's public key, on a public system protected against direct export. "Somebody" would download it, write it to a floppy (taking care not to leave any fingerprints, and wetting both the stamp and the envelope with tap water, rather than licking them) and mail that floppy off to NTT in Japan. (Naturally, you don't put a return address on that envelope. The truly paranoid would first take that floppy to some store's PC section, and cross-load the data onto a floppy written by some other floppy drive.) NTT finds that envelope in their mail, opens it, reads the floppy, decrypts the data, and say, "Wow! It's the data we wanted to get!" It verifies that the data is valid by emailing a copy back to RSA in America, who say, "Amazing! Somebody has illegally exported our software!" As far as I know, there is nothing wrong with NTT using this software even if it is assumed to have been exported illegally. Obviously, NTT won't _ask_ for somebody to do this, because then the government will claim it was all a conspiracy, but that doesn't prevent NTT from being the beneficiary of somebody else's activities. Jim Bell jimbell at pacifier.com From jon at aggroup.com Fri Jul 12 04:34:14 1996 From: jon at aggroup.com (Yanni) Date: Fri, 12 Jul 1996 19:34:14 +0800 Subject: New Mac Web Server Security Hole Discovered Message-ID: <9607111927.AA01556@jon.clearink.com> > Try adding /M_A_C_H_T_T_P_V_E_R_S_I_O_N The simple ( unsupported ) fix is to change the strings (they show up twice in the resources) with a resource editor such as resedit. Regards, -jon Jon (no h) S. Stevens yanni at clearink.com ClearInk WebMagus http://www.clearink.com/ finger pgp at sparc.clearink.com for pgp pub key We are hiring! http://www.clearink.com/clearink/home/job.html From stewarts at ix.netcom.com Fri Jul 12 04:40:39 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 12 Jul 1996 19:40:39 +0800 Subject: rsync and md4 Message-ID: <199607120654.XAA19128@toad.com> At 02:05 AM 7/1/96 -0400, "David F. Ogren" wrote: >Irregardless, this argument is moot. This thread is titled "rsync and >md4". It is a discussion about which hash function suits this particular >purpose and he is not particularly concerned with resistance to deliberate >attack. In this case MD4 will function adequately. There are three issues with MD4/5 relevant to rsync 1) Collision probability - if you're concerned that a damaged packet will have the same hash as the original correct packet, that's 2^-128. If you're concerned that you may find a damaged packet with the same hash as _some_ correct packet out there, that's a birthday problem, and approaches 2^-64 if you've really got lots of packets that you can keep track of at once, but in reality the probability is much lower since you won't be keeping 2^64 packets around to collide with. 2) Deliberate collisions, and 3) speed - If I understand the description of rsync, it needs a checksum to detect packets with different values so it can determine whether to send an update packet. It's concerned with people changing _data_ in non-malicious ways that you want to detect, so the security issues about MD4 and MD5 aren't relevant, though systematic changes to data resonating with the hash function are. You can use _much_ simpler hash functions than MD5 - go check out a book on error correcting codes and related math. Most error detection applications these days use 32-bit polynomials, since they're good detectors and can be implemented very efficiently on 32-bit hardware. They're useless for security, since you can invert them, but that's irrelevant. If that's not reliable enough for you (and it may not be), there are polymomials in lengths like 64 bits or 128 bits that should have good change detection, not be too sensitive to patterns in data, and be _far_ faster than MD4 or MD5. If I remember right, rsync was looking at using 16- and 32-bit checksums to get a quick probable result and MD4 as a backup; you can save yourself work by just calculating the 128-bit function and using the first 32 bits as a quick check. If you're _sure_ you're not worried about birthday problems in your collisions, a 64-bit checksum is fine, and will be even faster. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Re-delegate Authority! From tcmay at got.net Fri Jul 12 04:52:05 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 12 Jul 1996 19:52:05 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? Message-ID: At 12:30 AM 7/12/96, jim bell wrote: >Look what happened when MIT put PGP on the Web: "Nothing." > Go back an read Hal Abelson's message of just a few days ago. MIT may lose out on a large contract with Sandia becuase of their publishing of a _book_ containing PGP code. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Jul 12 04:54:39 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 12 Jul 1996 19:54:39 +0800 Subject: Destabilizing China's Government with Strong Crypto Message-ID: At 4:40 AM 7/12/96, Arun Mehta wrote: ... >2) Encourage the production of simple, cheap devices such as a PGP phone >that they can manufacture in Hongkong and other parts of China, which will >allow secure communications. Basically, people without a computer, Internet >connection or sufficient literacy should be able to use effective >encryption. Cheap. > >3) Find people who beam radio transmissions into China (Rupert Murdoch via >his Star TV satellite is one ;-) and ask them to devote an "Internet hour" >in which people can mail or phone in messages (via remailers and encryption >too) to be broadcast. The whole thing can be automated, and *everybody* has >access to radio. More on this subject later. Good ideas, all. And deploying steganography is a natural fit to this situation. And this is yet another example of the negative effects of the U.S. restrictions on crypto export: where widespread crypto tools might be used to destabilize repressive governments, the lack of these tools integrated into common applications makes it harder for freedom-fighters in China, Burma, Iran, France, etc., to use them. I often think the American CIA and NSA are actually just enforcers of the status quo, preferring a New World Order of crypto-restricted citizen-units to a more diverse, anarchic world in which private citizens and corporations can thwart the desires of central governments. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From daniel.salber at imag.fr Fri Jul 12 05:05:15 1996 From: daniel.salber at imag.fr (Daniel Salber) Date: Fri, 12 Jul 1996 20:05:15 +0800 Subject: Minitel "saved" by hackers? In-Reply-To: <1.5.4.32.19960711023104.002d60f8@giasdl01.vsnl.net.in> Message-ID: At 2:37 AM +0500 on 7/11/96, Arun Mehta wrote: > True, but as I understand it, there was also a hacking involved: they took > the original software, modified it (what I would also call hacking) and made > it freely available: that is what made the messageries possible. If I'm > using the technical terminology wrong, thanks for the correction. > > I'd love to find out exactly what happened. This so-called "hijack" happened in Strasbourg on the GRETEL server (which was sponsored by the local newspaper). "Hacking" is inaccurate: the users were not necessarily computer-litterate but just found another way to use the help feature of the server. Rheingold's Virtual Community has a pretty accurate account of the facts (see chapter 8, also online as ). As Minow pointed out, this is not the only case of "hijacking". The telephone was first intended as a way to listen to remote concerts. Then users found out they could use it for one-to-one conversations. In a previous post, you said: > So, shocked by this, what does the government do? Being unable to > distinguish between different kinds of messageries, the government put a 30% > tax in 1989 on all, and raised it to 50% in 1991! No wonder the Internet is > gaining rapid popularity in France. I think this is wrong. These taxes were only for sex messageries and the 30% tax didn't actually stop most of them from making money. I think the 50% tax wasn't actually enforced and the tax rate remains at 30% (see http://www.univ-paris8.fr/~babelweb/voltaire/v_no23.htm -- this is in french, sorry). You must realize that the government has no interest in stopping all messageries: France Telecom is (at least for the coming few months) a government agency and makes a lot of money from the messageries. The Internet is not so successful in France mainly because the Minitel is still widely used and sufficient for most casual uses. Remember France Telecom kick-started the Minitel by giving away the Minitel terminals. France Telecom doesn't seem to be willing to give away computers to kick-start the Internet :-) You also asked: > Do you know of any country in Asia or elsewhere favoring the Minitel > "centralized and bureaucratic" model over the Internet? The Minitel is no more "centralized and bureaucratic" than the Internet was only a while ago (ie, when NSF was in charge of most of the core infrastructure). The Minitel may look centralized and bureaucratic because anyone who wishes to open a server has to go through France Telecom (which delivers unique names like Internic). But the structure is not really centralized: all traffic goes through the public packet-switching X25 network. Server operators (there are more than 20,000 of them today) are legally responsible for the content they serve. It may also look centralized because there is only one telco in France, but that's another problem. There were even some experiments of a european Minitel system linking several european videotex services a few years ago. I think they fell short because the videotex technology has been so quickly outdated. Daniel From rodger at interramp.com Fri Jul 12 05:06:21 1996 From: rodger at interramp.com (Will Rodger) Date: Fri, 12 Jul 1996 20:06:21 +0800 Subject: I@Week on crypto export loophole 6/24/96 (was:Re: Can the inevitability of Software privacy be used to defeat the ITAR?) Message-ID: <1.5.4.32.19960712023018.00683a80@pop3.interramp.com> -----BEGIN PGP SIGNED MESSAGE----- >At 04:06 AM 7/11/96 +0000, Paul Elliott wrote: >>What is to prevent a U.S company to licence a foreign company >>to sublicence and distribute a Crypto product abroad, if that >>foreign company obtains that product on the pirate market? >> >>I am not a lawyer, but I look at the definition of "export" >>on page 612 of Applied Cryptography and nothing seems to >>obviously apply. Elliott appears to be absolutely correct. Jim Bell replied: >I raised this type of idea on CP, twice, and didn't hear a peep about it! You were ahead of your time, Jim. There was a cover story peep about the idea in Interactive Week June 24, in fact. The story followed Bidzos' announcement that NTT would soon be producing 3-DES chips en masse. It's at: http://www.zdnet.com/intweek/print/960624/cover/doc1.html Bidzos' pending deal brought forth several questions: 1 - Could others try something like the DES deal with stuff under copyright and still make money doing it? 2 - If so, was the administration aware of it? and; 3 - Who, if anyone, would be the first to try it? The answers were: 1 - Yes, someone else could try it. 2- The administration wouldn't comment, but had an official reply that showed it grasped all the implications within 15 minutes of our asking. 3 - No one's stepping forward, but Ken Bass, atty. for Phil Karn and Phil Zimmermann, among others, said he knew some folks were considering moves along those lines, though he gave few details. Steptoe & Johnson cyberspace atty. Stewart Baker suggested such a move would be "extremely aggressive advice," though "not quite insane." if I remember correctly. A few caveats to any US citizen who finds himself trying to help such a situation occur: 1) The loophole can be closed by executive order with little or no notice, and 2) Any citizen aiding the export of such software will of course, be brought up on some pretty serious felony charges if caught. Foreign nationals are doubtless subject to the same laws if on US soil while the deed gets done. Then again, Baker said, "if one gets away with it, dozens will try it, too." I won't be the first to try. Will Rodger Washington Bureau Chief Interactive Week. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeXiJUcByjT5n+LZAQFFEQgAxabELJIV0W5IQW8xBc2fNd/22sV4xlaw KGMHK6waHIQcC12lKJ3Y2nx67kZQUXmlpf6Xu+CmI8wzE5CJPgHmaQCfa8XJxryK PtJkSfCyn+EZvMMLAab3azaJkGAFfzLTOtfajRjAd0TSnmGCb5FRNc1sNZv5HXqO VR3Hmy6xcA3bxtihaAyW71rK1HZ1yXMrbejMtT/MhYWRgtigQFktYnaWG8kn2LD0 m26QgEKNiOIg9qCI5fc1Ivq1jSLyZ9FYcbzwQidaqyJ6LxJNPjmPgoK6RK1V0UU7 7i1EoIJDhC8hadtz/BaFeXLPMD558D1mJySL/J39ySpDer3VitsUMg== =5APc -----END PGP SIGNATURE----- From AwakenToMe at aol.com Fri Jul 12 05:28:31 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 12 Jul 1996 20:28:31 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download Message-ID: <960711234718_236000855@emout19.mail.aol.com> if anyone knows the site address and file name.please let me know =-} Thanks Adam From declan at well.com Fri Jul 12 05:32:08 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 12 Jul 1996 20:32:08 +0800 Subject: HotWired -- "A Browne Study" Message-ID: Date: Thu, 11 Jul 1996 12:10:44 -0500 To: fight-censorship+ at andrew.cmu.edu From: declan at well.com (Declan McCullagh) Subject: HotWired -- "A Browne Study" When Harry Browne was in my office for an interview on Tuesday, he talked a good line, stressing his unabashed support for free speech (online and offline) and government nonintervention in crypto. Read the full article in today's HW/Netizen at the URL below for details... Also in today's Netizen, John Heilemann reports on how "wired" Dick Lamm is, saying that as long as Lamm's politics are in touch with the future, it's good for the Net: http://www.hotwired.com/netizen/96/28/index3a.html I happen to disagree; I think that if a candidate for president wants to portray himself as "wired," he should venture into c-space himself. At least we know Browne's cyber-clueful -- after all, he told me he bookmarked HotWired. :) -Declan --- HotWired, The Netizen http://www.hotwired.com/netizen/96/28/campaign_dispatch3a.html "A Browne Study" Campaign Dispatch by Declan McCullagh Washington, DC, 10 July The newly anointed Libertarian candidate for president dropped by HotWired's Washington bureau yesterday. With netizens appropriately regulation-shy after the Communications Decency Act brouhaha, the White House's Clipper III proposal, and calls from the Justice Department for a new cabinet-level agency to rein in the Net, it was clear the guy knows how to woo online voters. "Can you imagine if I got to the debates, and I made Bill Clinton and Bob Dole justify censoring the Internet - made them justify their blatant disregard for the First Amendment of the Constitution?" Harry Browne asked. No doubt about it, the Libertarian party has its flaws - little things, like that they'd gut environmental laws and auction off America's national parks and wildlife refuges if given half a chance. But it's also pretty obvious that this is the only party that actually understands the Net. [...] From snow at smoke.suba.com Fri Jul 12 06:07:49 1996 From: snow at smoke.suba.com (snow) Date: Fri, 12 Jul 1996 21:07:49 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: <199607101459.KAA16411@jekyll.piermont.com> Message-ID: On Wed, 10 Jul 1996, Perry E. Metzger wrote: > "Clay Olbon II" writes: > > While it is crucial for an adult to be able to function and maintain a job, > > is it really as important for a kid to be able to sit still in school? > If he or she is going to learn anything, it is important to be able to > pay attention, yes. If they were teaching anything, I bet the kid _would_ sit still. I sure would have been a lot less distracted. Petro, Christopher C. petro at suba.com snow at crash.suba.com From perry at piermont.com Fri Jul 12 06:18:11 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 12 Jul 1996 21:18:11 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: <199607120448.AAA02773@jekyll.piermont.com> snow writes: > On Wed, 10 Jul 1996, Perry E. Metzger wrote: > > "Clay Olbon II" writes: > > > While it is crucial for an adult to be able to function and maintain a jo b, > > > is it really as important for a kid to be able to sit still in school? > > If he or she is going to learn anything, it is important to be able to > > pay attention, yes. > > If they were teaching anything, I bet the kid _would_ sit still. I doubt it. Perry From scmayo at rsc.anu.edu.au Fri Jul 12 06:21:28 1996 From: scmayo at rsc.anu.edu.au (Sherry Mayo) Date: Fri, 12 Jul 1996 21:21:28 +0800 Subject: Irony on strong encryption in Australia Message-ID: <199607120421.VAA17567@toad.com> > The Australian Broadcasting Authority's report on Internet regulation issues > recommends that ISPs be required to support unescrowed strong encryption for > their users' privacy and security. > > Electronic Frontiers Australia is opposed to this idea because it puts too > much of a burden on the ISP. Are you sure you have this right. I've just joined the EFA, and am concerned about this, but I can't find any such comment on the EFA site. The relevant portion of the ABA document is as follows "The ABA considers that users with particular requirements for privacy should be able to obtain advice from their service providers on the use of encryption and the availability of suitable products to render messages unreadable by unauthorised persons." This is hardly a huge burden and I would be surprised if the EFA objects to it. I looked at their press release concerning the ABA report but saw no mention of any problems with this "encryption advice" policy. Maybe I'm looking in the wrong place? Anyway, the main problem for the EFA at the moment is the "Son of CDA" legislation currently being proposed by the NSW attorney-general. Sherry From WlkngOwl at unix.asb.com Fri Jul 12 06:48:27 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 12 Jul 1996 21:48:27 +0800 Subject: Another bad idea Message-ID: <199607120517.BAA02703@unix.asb.com> On 12 Jul 96 at 9:40, Arun Mehta wrote: [..] > As I see it, the Chinese communist government will not live to see more > than a few years (if any) of the 21st Century. We are all aware of the > devastating impact of telecommunications, TV and computers on authoritarian > regimes. E.g. in the fall of the Berlin Wall, the Easterners watching West > German TV was a significant contributory factor. Some say Hong Kong might be a contributing factor. > Satellite TV is available all over China.The government may, for a while, be > able to ban satellite dishes, but soon their size will reduce to that of a BTW, similar problems in Iran fro what I've heard. I remember hearing a blurb that VOA Chinese Programs explained how to make a setellite dish out of aluminum foil, so pick up special VOA boradcasts I'm sure... (That's rather intersting, because you can crumple it up or wrap leftovers in it immediately.) [..] > What that does is give us a window of opportunity. Hongkong has one > remaining year of guaranteed unfettered flow of information. China still > has the Internet. What can we do? I'm told by some friends that the Chinese, in large part due to the writing system, prefer FAXs over the internet. That's something to keep in mind. Hm... interesting project: a graphics program that works with PGP or PGPlib. One can import scanned images or draw onto the screen and then encrypt it for mailing. Are there any secure FAX protocols that could be worked into communications software and standard modems? > 1) Collect the e-mail addresses as Allen suggested (including those in > Hongkong), and send them a single, short message offering to teach them free > of cost how to use pgp and all the goodies at > http://www.eskimo.com/~joelm/cbsw.html Might be condescending. 'Civilized white man brings PGP to the barbarians...' They may well know about PGP, but not in a position to make that knowledge widely known. And if I were in a 'totalitarian' or restrictive country I'd be damn suspicious, maybe frightened by this ('are the secret police setting me up?' or 'will the notice if I reply?'). What if that person like the way their country is? They could inform the local authorities and set in motion a crackdown that would not have happened, perhaps. I'd leave the specifics to activists who are already familiar with the respective cultures, societies, politics, etc.... chances are they are already doing things along those lines. Otherwise, if you don't know what you're doing, you can unintentionally mess up somebody else's life, if not your own. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Fri Jul 12 06:52:36 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 12 Jul 1996 21:52:36 +0800 Subject: Singapre Sling? FWD "Singapore Unveils Internet Guidelines" Message-ID: <199607120931.FAA24430@unix.asb.com> >From LI newsday World Briefs, 12 July, p. 21: "Singapore Unveils Internet Guidelines" Singapore unveild steps yesterday to regulate political and religious content on the Internet, and keep its cyberspace free of pornography. According to the Singapore Broadcast Authority, the guidelines, effective after July 15, require all operators to register with the SBA. From jimbell at pacifier.com Fri Jul 12 07:17:51 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 12 Jul 1996 22:17:51 +0800 Subject: I@Week on crypto export loophole 6/24/96 Message-ID: <199607120403.VAA24122@mail.pacifier.com> At 10:30 PM 7/11/96 -0400, Will Rodger wrote: >Bidzos' pending deal brought forth several questions: >1 - Could others try something like the DES deal with stuff under copyright >and still make money doing it? >2 - If so, was the administration aware of it? and; >3 - Who, if anyone, would be the first to try it? > >The answers were: >1 - Yes, someone else could try it. >2- The administration wouldn't comment, but had an official reply that >showed it grasped all the implications within 15 minutes of our asking. >3 - No one's stepping forward, but Ken Bass, atty. for Phil Karn and Phil >Zimmermann, among others, said he knew some folks were considering moves >along those lines, though he gave few details. > >Steptoe & Johnson cyberspace atty. Stewart Baker suggested such a move would >be "extremely aggressive advice," though "not quite insane." if I remember >correctly. Well, lawyers have to be really careful about appearing to endorse something that's on the edge of legality. Also, it's obvious that the advice given would be vastly different depending on who was doing the asking. If it were one of the two companies potentially involved, they'd probably be told that doing this would be frowned on. If it were the individual considering secretly exporting the program, he'd be told "Don't tell us! And whatever you do, don't get caught!" >A few caveats to any US citizen who finds himself trying to help such a >situation occur: > >1) The loophole can be closed by executive order with little or no notice, It's unclear if a foreign national on foreign soil can be considered within the jurisdiction of the US, especially merely for being the recipient of software whose export would have been illegal under US law. If the copy is re-mailed to him from a third country, he doesn't even know for sure if the software was ever illegally exported. And "executive orders" are already on constitutionally shaky ground anyway, as are export controls for crypto. (As I understand it, "executive order" was originally considered binding only on government employees; it was akin to an order internal to a company.) An executive order prohibiting a private-company's receipt of money for licensing fees on software which, IF EXPORTED, would require a license is straining credulity more than a bit. And moreover, there's the question of whether or not this logic extends to any licensing regardless of how remote it is. Could a US semiconductor company be barred from licensing ordinary semiconductor technology, if the foreign recipient of that license decides to use it for building an encryption chip? What if they use it to build an ordinary DRAM chip that just happens to be installed into a crypto phone, perhaps by a third party? Could the writer of a C++ compiler be denied the right to export simply because one foreign customer used a copy of that program to compile an encryption program abroad? And, they should be able to turn the royalty payment into something that achieves the same payback (say, the use of a logo signifying approval) rather than the specific use of a particular piece of software. and >2) Any citizen aiding the export of such software will of course, be brought >up on some pretty serious felony charges if caught. Foreign nationals are >doubtless subject to the same laws if on US soil while the deed gets done. "Getting away with it" probably involves no more than writing a floppy with software, putting a few stamps on it and addressing it to a foreign country, putting either no return address or a fake one on it, and then tossing it in a convient USnail box. (Taking all the usual precautions against fingerprints, DNA testing, etc.) In practice, the likelihood of getting caught if you're careful is somewhere between zero and nil. Pre-encrypting the data with the recipient's public key makes it that much more difficult for the USG to show that it's being illegally exported. >Then again, Baker said, "if one gets away with it, dozens will try it, too." >I won't be the first to try. As I see it, the most important issue is not the legal status of the one actually doing the export/mailing, but in fact the organization which is the recipient and thus, the beneficiary of this act. _THAT_ organization will be well-identified, yet will not have done anything obviously illegal. Is there any indication that Baker was trying to distinguish between the one physically mailing it, and those receiving it? Jim Bell jimbell at pacifier.com From amehta at giasdl01.vsnl.net.in Fri Jul 12 08:19:43 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Fri, 12 Jul 1996 23:19:43 +0800 Subject: Another bad idea Message-ID: <1.5.4.32.19960712093348.002dc774@giasdl01.vsnl.net.in> At 05:06 10/07/96 +0000, Deranged Mutant wrote: >On 9 Jul 96 at 18:26, E. ALLEN SMITH wrote: >[..] >> Like China, various other countries are trying to get the Internet's >> benefits (such as technical information) without its other consequences >> (extension of civil liberties into countries that want to deny them). One idea >> that I've had for preventing such problems is to look for addresses from such >> countries that are posting to technical newsgroups, to technical mailing lists, >> or that are attempting to get access to web pages on technical subjects (which >> access they will hopefully be denied, although an alternate possibility). Then >> mail information to those addresses that those countries don't want getting >> into their countries, such as on human rights abuses (or well-written >> pornography...). > >Great idea. Get some (possibly) innocent techie in an oppressive >country thrown in jail or executed. >[..] >Damn aggrevating for that user, and it could get him/her in trouble. > >On a wide-scale it could provoke responses from those countries. Damned right, and it should. Your religion teaches to "DO UNTO OTHERS AS YOU WOULD HAVE THEM DO UNTO YOU." Good advice for anyone on the Internet, and the last thing you want to teach newbies is to spam. Imagine if you were to send the cypherpunks list unsolicited porn, info about some prisoner in Texas who is getting the death penalty... you get the picture. If I were at the receiving end, I'd send back a polite but firm note asking you to desist, and if you didn't, complain to your sysop, or remailer operator. Which is what you would do in my shoes. But if you want to do something, I have a better idea (thanks for the willingness to help): As I see it, the Chinese communist government will not live to see more than a few years (if any) of the 21st Century. We are all aware of the devastating impact of telecommunications, TV and computers on authoritarian regimes. E.g. in the fall of the Berlin Wall, the Easterners watching West German TV was a significant contributory factor. Satellite TV is available all over China.The government may, for a while, be able to ban satellite dishes, but soon their size will reduce to that of a wok (might even double as one). The Internet will soon be widespread. The real crunch will come when Hongkong becomes part of China. Inevitably, other parts of the country will want to know why the special status of Hongkong cannot be extended to them. There is a chance that instead of China taking over Hongkong, the reverse might happen. In cyberspace, the students have the more powerful tanks. Can you imagine how different a massacre a la Tiananmen Square would look in a couple of years? Images captured on camcorders would be beamed back to the Chinese via satellite, all the information would flow both ways on the net, the Hongkong stock market would take a dive, ... I would suggest that tacitly or at least implicitly, the Chinese goverment has conceded that it will never try a major violent suppression of political unrest again. That, or it will decide that the Internet is a bad influence, and should be abolished. What that does is give us a window of opportunity. Hongkong has one remaining year of guaranteed unfettered flow of information. China still has the Internet. What can we do? 1) Collect the e-mail addresses as Allen suggested (including those in Hongkong), and send them a single, short message offering to teach them free of cost how to use pgp and all the goodies at http://www.eskimo.com/~joelm/cbsw.html 2) Encourage the production of simple, cheap devices such as a PGP phone that they can manufacture in Hongkong and other parts of China, which will allow secure communications. Basically, people without a computer, Internet connection or sufficient literacy should be able to use effective encryption. Cheap. 3) Find people who beam radio transmissions into China (Rupert Murdoch via his Star TV satellite is one ;-) and ask them to devote an "Internet hour" in which people can mail or phone in messages (via remailers and encryption too) to be broadcast. The whole thing can be automated, and *everybody* has access to radio. More on this subject later. Thoughts? Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103 amehta at doe.ernet.in amehta at giasdl01.vsnl.net.in amehta at cerfnet.com http://mahavir.doe.ernet.in/~pinaward/arun.htm "I do not want my house to be walled in on all sides and my windows to be stuffed. I want the cultures of all the lands to be blown about my house as freely as possible. But I refuse to be blown off my feet by any."--Gandhi From unicorn at schloss.li Fri Jul 12 10:07:22 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 13 Jul 1996 01:07:22 +0800 Subject: Chancellor Group (symbol = CHAG) In-Reply-To: <199607120153.SAA16483@toad.com> Message-ID: On Thu, 11 Jul 1996 chag at moneyworld.com wrote: > http://chancellor.stockpick.com > > Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings. > SGA Goldstar issued a "buy" recommendation. I understand other investment > advisors are looking to recommend CHAG. The company has a strong book value. > The short sellers need to cover. This looks like a good situation to me. > What do you think? They are located at: I think you have stock in the company and are looking to boost its value by using what amounts to the elevator trick. > > http://chancellor.stockpick.com > > Bob Williams, 206-269-0846 > > To terminate from my Investment Opportunities, Reply to > chag at moneyworld.com with "remove" in the subject field. > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From WlkngOwl at unix.asb.com Fri Jul 12 10:17:44 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 13 Jul 1996 01:17:44 +0800 Subject: Digital Watermarks for copy protection in recent Billboard magaz Message-ID: <199607121211.IAA25703@unix.asb.com> Paged through a recent (June or July 13) edition of Billboard magazine yesterday. There was an article about the music industry, the internet, and copyright issues. Didn't have a chance to read in thoroughly, but it mentioned using digital watermarks which contained info on to who (CC number) and when the material was sold... the watermarks allgedly could survive if a CD was taped, copied several times and redigitized. It's rather interesting for several reasons... imagine if every CD you owned was tagged with a link to your identity. So imagine getting a used CD or from a garage sale... after several years a pirated edition is floating around the internet... The anti-piracy scheme is only useful for direct sale to a customer though. If you buy music anonymously, how is it traced? This only works for pirating on-demand purchases. Other issues: what if an eavesdropper steals the music or video? It's tagged with your ID. If he spreads pirated material, you get in trouble even though it's not nec. your fault (if no secure communications are available, anyway). If it uses a credit-card number as (part of) an ID, that's pretty bad. Someone can sniff for CC numbers if they know how it's stored. The system will have to rely on proprietary tech and security through obscurity. Even know how watermarks are stored without understanding the math, one must be able to somehow garble the sound without distorting it, but which renders the watermark useless. That a watermark can survive when the music is converted to analog and then redigitized is interesting... (if it's saved as inaudible tones, what's to prevent one from blurting them out with noise in those frequencies?) Guess I'll have to hunt down that issue and post useful excerpts from it...in terms of far use, of course. (Or perhaps an alt-vista search...) Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Fri Jul 12 10:55:53 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 13 Jul 1996 01:55:53 +0800 Subject: Minitel "saved" by hackers? Message-ID: <199607121211.IAA25706@unix.asb.com> On 12 Jul 96 at 5:51, Daniel Salber wrote: [..] > As Minow pointed out, this is not the only case of "hijacking". The > telephone was first intended as a way to listen to remote concerts. Then > users found out they could use it for one-to-one conversations. This is innacurate. No, methinks it's wrong. From every history of telephones I have read and heard, it was never that way. The original conception was of using the telephone for broadcasting. It's implementation in most countries was for point-to-point communication... it wasn't a matter of the users 'found they could use it' (at least not in the US). Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From wb8foz at nrk.com Fri Jul 12 12:00:06 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 13 Jul 1996 03:00:06 +0800 Subject: Chancellor Group (symbol = CHAG) (spam) Message-ID: <199607121257.IAA10837@nrk.com> |Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings. I hear tell "enforcement at sec.gov" is interested in hearing of such.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From WlkngOwl at unix.asb.com Fri Jul 12 12:19:20 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 13 Jul 1996 03:19:20 +0800 Subject: Minitel "saved" by hackers? Message-ID: <199607121324.JAA26628@unix.asb.com> On 12 Jul 96 at 14:07, Daniel Salber wrote: [..] > Well, sorry if it is. That's what I read in a book about the early history > of telephone. I don't have the reference handy right now, though. Understandable. > BUT: how do you explain that from the original conception (using the > telephone for broadcasting), the telephone came to be a one-to-one > communication tool ? Even if the implementation allowed it, someone had to > think of it, right ? Bell thought of the idea orig. as a broadcaster. Then somehow when it was set up he or someone else in AT&T did that. If I recall (no refs handy) it had to do with the telegraph being (sort of) point-to-point... Bell used to tour the vaudville circuit showing off the telephone. I think the idea emerged during that time... during such shows of tech (common at the time) there was a Q&A from the audience. Rob > > Thanks for the clarification anyway. > > Daniel > > > > --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From rp at rpini.com Fri Jul 12 13:19:50 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 13 Jul 1996 04:19:50 +0800 Subject: Need PGP-awareness in common utilities Message-ID: <1.5.4.32.19960712133849.008deab8@193.246.3.200> At 11:16 PM 7/6/96 +0200, you wrote: > >Let me know. We _could_ adopt the ridiculously simple NoCeM >protocol, or the ever-mutating public key certificates being >designed in a nearby mailing list, or some protocol of our own. >(Shouldn't be too hard to come up with an implementable, useful >protocol.) > Hey guys, as long as I can't get a decent mail program that handles all pgp-stuff automatically (including the cumbersome installation), I don't think pgp-awareness is of much use in "everyday communication programms") ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From rp at rpini.com Fri Jul 12 13:42:13 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 13 Jul 1996 04:42:13 +0800 Subject: Word lists for passphrases Message-ID: <1.5.4.32.19960712133920.008c9bd0@193.246.3.200> At 01:18 AM 7/6/96 -0500, you wrote: >At 12:09 AM 7/6/96 -0500, snow at smoke.suba.com wrote: >>On Fri, 5 Jul 1996, Erle Greer wrote: >> >>> Word-List Builder (this is not an ad) >Unix, you can do, but the recursive subdirs aren't a prob for me. A final dream >would be to convert it to VB4, use MS's WWW custom control, and unleash it as a >spider. If you send me the source, I'll give it a shot (port to vb4 with x-controls) ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From rp at rpini.com Fri Jul 12 13:50:35 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 13 Jul 1996 04:50:35 +0800 Subject: Net and Terrorism. Message-ID: <1.5.4.32.19960712133845.008dc610@193.246.3.200> >While the guys fighting the Israelis in Lebanon are more or >less honorable men who fight according to the laws of war, >the Islamic fundamentalists in Algeria are simply vicious subhuman >monsters who deserve to die, each and every one, and their pals in >Egypt and the Sudan are not much better. I hope you're not serious. In case you are: It seems to be typical of American beliefs that Israelis are good, and everybody else "down there" is bad. On the other hand, Israel wouldn't stand a chance if US weren't having them as a pet. They are getting more and more fundamentalistic (yes, there are zionistic fundamentalists, big surprise) and they are not one bit better than anyone around. It seems to me, that a few hothead terrorists create the image of all arabic people in western heads. Consider this: Islam is a lot younger then Christianity. If the Islamic people act like the Christian people we will have a huge problem. A few hundred years ago everybody who didn't agree with the pope was killed (Earth is flat after all). Now, according to my timekeeping, Islam should reach that state around 2100. So there is plenty of time for them to get nastier. (I don't think they will, because Islam is a bit more tolerant than christianity ever was). ps: I'm not Islamic, nor will I ever be, but I don't like fundamentalists, and your views, should they be serious, sound *VERY* fundamentalist to me. ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From rp at rpini.com Fri Jul 12 13:52:22 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 13 Jul 1996 04:52:22 +0800 Subject: Need PGP-awareness in common utilities Message-ID: <1.5.4.32.19960712133842.008c3308@193.246.3.200> At 02:30 AM 7/7/96 +0200, you wrote: > >Which is where the small payments to ratings producers from >ratings consumers comes in. Again this is just the >quantification of a phenomena that we all take for granted. >(Namely, that people who produce quality ratings are producing a >value and trading/contributing it to others.) It sure sounds like I'll have to pay, so someone decides for me, wether some piece of info is important to me. Now, if that isn't the first step to censorship! That kind of reminds me of an insurance company where I can call a toll-intensive number to talk to a salesman who tries to sell my something I don't really need. ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From rp at rpini.com Fri Jul 12 13:52:29 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 13 Jul 1996 04:52:29 +0800 Subject: Need PGP-awareness in common utilities Message-ID: <1.5.4.32.19960712133847.008dd9e0@193.246.3.200> At 02:30 AM 7/7/96 +0200, you wrote: > >Which is where the small payments to ratings producers from >ratings consumers comes in. Again this is just the >quantification of a phenomena that we all take for granted. >(Namely, that people who produce quality ratings are producing a >value and trading/contributing it to others.) It sure sounds like I'll have to pay, so someone decides for me, wether some piece of info is important to me. Now, if that isn't the first step to censorship! That kind of reminds me of an insurance company where I can call a toll-intensive number to talk to a salesman who tries to sell my something I don't really need. ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From junger at pdj2-ra.F-REMOTE.CWRU.Edu Fri Jul 12 14:06:30 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sat, 13 Jul 1996 05:06:30 +0800 Subject: Another bad idea In-Reply-To: <1.5.4.32.19960712093348.002dc774@giasdl01.vsnl.net.in> Message-ID: <199607121332.JAA32200@pdj2-ra.F-REMOTE.CWRU.Edu> Arun Mehta writes: : As I see it, the Chinese communist government will not live to see more : than a few years (if any) of the 21st Century. We are all aware of the : devastating impact of telecommunications, TV and computers on authoritarian : regimes. E.g. in the fall of the Berlin Wall, the Easterners watching West : German TV was a significant contributory factor. : : Satellite TV is available all over China.The government may, for a while, be : able to ban satellite dishes, but soon their size will reduce to that of a : wok (might even double as one). The Internet will soon be widespread. The : real crunch will come when Hongkong becomes part of China. Inevitably, other : parts of the country will want to know why the special status of Hongkong : cannot be extended to them. There is a chance that instead of China taking : over Hongkong, the reverse might happen. : : In cyberspace, the students have the more powerful tanks. Can you imagine : how different a massacre a la Tiananmen Square would look in a couple of : years? Images captured on camcorders would be beamed back to the Chinese via : satellite, all the information would flow both ways on the net, the Hongkong : stock market would take a dive, ... I would suggest that tacitly or at least : implicitly, the Chinese goverment has conceded that it will never try a : major violent suppression of political unrest again. That, or it will decide : that the Internet is a bad influence, and should be abolished. : : What that does is give us a window of opportunity. Hongkong has one : remaining year of guaranteed unfettered flow of information. China still : has the Internet. What can we do? : : 1) Collect the e-mail addresses as Allen suggested (including those in : Hongkong), and send them a single, short message offering to teach them free : of cost how to use pgp and all the goodies at : http://www.eskimo.com/~joelm/cbsw.html Unfortunately for those of us in the United States or who are otherwise subject to its jurisdiction such an offer would require a license or a waiver of jurisdiction under the International Traffic in Arms Regulations before it could safely be carried out. That particular highly worthwhile project would seem to fall under the definition of performing defense services as well as involving the disclosure of technical data relating to an item on the United States Munitions List. : . . . . : : Thoughts? Obscene isn't it? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From rp at rpini.com Fri Jul 12 14:07:53 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 13 Jul 1996 05:07:53 +0800 Subject: Word lists for passphrases Message-ID: <1.5.4.32.19960712133856.008dfb10@193.246.3.200> At 03:51 PM 7/6/96 -0400, you wrote: > > AwakenToMe at aol.com writes: > > > I have a util that will create a word list starting from > > > aaaaaaaaaaa on up to anythingggggggg basically you could do every > > > combination. Let me know if ya want it. > > > > That would really be of great use for doing wordlist crack runs. It > > must have taken you a long time to write -- generous of you to offer > > it. I don't think any decent programmer has never tried such an aproach to crack for example PKZIP archives (the one on CD-ROMs, where you have to pay to get the passwords). I certainly did back in 1991. I don't want to put down the usefullness of such a program, but since probably more than 50% of all passwords are vulnerable to dictionary attacks, such a utility has not too much value. (have you ever tried all combinations from "aaaaaa" to "zzzzzz" (there are around 2'176'782'336 <36^6> if you concider all umlauts like the German auml;, uuml;, ouml;, ...). On the other hand, there won't be much more than 10'000 6-letter words in any dictionary. So it seems, a wordlist generator and a wordlist using cracker works a lot better (and is almost as trivial to do - if you keep aside nice features) ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From jeffb at issl.atl.hp.com Fri Jul 12 14:08:14 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Sat, 13 Jul 1996 05:08:14 +0800 Subject: DoD and IRS tax systems (fwd) Message-ID: <199607121338.JAA09574@jafar.issl.atl.hp.com> I'm taking the liberty of forwarding this excellent RISKS posting. There are a couple of other related ones in the latest RISKS digest -- see comp.risks. -- Jeff oo -----------------------------cut /\ here------------------------------ Date: Thu, 27 Jun 1996 14:12:51 -0400 From: Carl Minie Subject: Re: DoD and IRS tax systems (Wexelblat, RISKS-18.23) As an ex-liberal and small-l libertarian, I submit that the true danger to privacy in the Republic is the practice of gathering detailed financial information from all (law-abiding) Americans under threat of asset confiscation and jail terms, and then giving tens of thousands of government employees access to this information in the course of their employment. I further submit that passing a few wimpy privacy laws and expecting them to prevent this information from being used for personal and political purposes is magical thinking. It doesn't take a genius to surmise that IRS data is used regularly for illegal purposes by everyone from the sitting President (of either party) down to grudge-bearing neighbors and ex-spouses. I believe the IRS attempted to assess the depth of the problem in their Southeastern Region (where my mother worked) at one time, and stopped at well over 300 violations. You or I would have ended up at Leavenworth, but all but a few of the most egregious violators were simply warned not to do it again. You can take voluntary action to keep yourself out of the TRW/ Equifax/TransUnion food chain and off junk mail lists...but Federal law requires you to remain in the IRS's gunsights for your entire productive lifespan. Neither party supports privacy when it means privacy from the government; it is a Democratic president who is enthusiastically supporting the FBI and NSA in their efforts to prevent American citizens from using encryption that they can't break, and to require that every phone, fax, and modem in the United States contain a chip that would allow government agencies to tap in at will. Do I need to add here that the very concept of economic privacy is anathema to those who believe that a portion of everything you earn, keep, spend, or invest belongs to them, and that not handing over the fraction they demand is stealing from them? > Is the Department of Star Wars and the $700 toilet seat > really so excellent a contracting agency that they are the > clear choice to handle IRS business? I don't expect the IRS to be abolished anytime soon...but letting the DoD design its computer systems would be an acceptable second choice. The DoD may be expensive, but they're not very good. My fondest hope is that with a spanking new Government Issue computer system, the IRS that the GSA says can't figure out where 60% of its own budget goes won't be able to find 60% of mine. I don't like paying for $700 toilet seats (or $320,000 spotted owls) any more than you do. The solution which provides the smallest RISK to privacy is not to gather the data in the first place. If tax compliance is truly voluntary, then the IRS should trust that we are reading 21,000 pages of IRS rules and case law and sending in the correct amount. Long Pig ------------------------------ From rp at rpini.com Fri Jul 12 14:11:53 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 13 Jul 1996 05:11:53 +0800 Subject: CCC Crypto Lock Message-ID: <1.5.4.32.19960712133903.008c6578@193.246.3.200> At 04:10 AM 7/6/96 -0700, you wrote: >MicroPatent, 4 July 96 > > >Systems and methods for protecting software from >unlicensed copying and use (Assignee -- Convex Computer >Corporation) > >... > >Assignee: Convex Computer Corporation > >Patent Number: 5530752 > >Issue Date: 1996 06 25 > >Inventor(s): Rubin, Robert J. > >If you would like to purchase a copy of this patent, >please call MicroPatent at 800-984-9800. > >Copyright 1996, MicroPatent I think there are already such algorithms in use in Europe. (Why buy the patent, if it's already around?) ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From nobody at c2.org Fri Jul 12 14:18:55 1996 From: nobody at c2.org (Anonymous User) Date: Sat, 13 Jul 1996 05:18:55 +0800 Subject: Reasonable validation of a software package Message-ID: <199607121405.HAA09514@infinity.c2.org> Fellow cpunks: I am working on various software packages for UNIX and Windows and since this is commercial work and prior NDA's are involved, I can't include the source code for absolute validation. What would assure one that a package has not been tampered with from the company to the user? (Currently, I am using PKZIP's rather anemic AV protection, as well as signing the archive with my PGP key. I am wondering if there are any other steps I need to take to assure that a package came from me, and wasn't damaged/altered/tampered with in transit.) Thanks in advance. From lwp at conch.aa.msen.com Fri Jul 12 14:39:41 1996 From: lwp at conch.aa.msen.com (Lou Poppler) Date: Sat, 13 Jul 1996 05:39:41 +0800 Subject: Chancellor Group (symbol = CHAG) In-Reply-To: Message-ID: Note that the referenced web server is in another domain owned by this same Bob Williams. Perhaps his misleading unsolicited investment advice is part of a package deal provided to companies who buy his web service. On Fri, 12 Jul 1996, Black Unicorn wrote: > On Thu, 11 Jul 1996 chag at moneyworld.com wrote: > > > http://chancellor.stockpick.com > > I think you have stock in the company and are looking to boost its value > by using what amounts to the elevator trick. > > > > > http://chancellor.stockpick.com > > > > Bob Williams, 206-269-0846 > > From snow at smoke.suba.com Fri Jul 12 16:01:39 1996 From: snow at smoke.suba.com (snow) Date: Sat, 13 Jul 1996 07:01:39 +0800 Subject: Destabilizing China's Government with Strong Crypto In-Reply-To: Message-ID: On Fri, 12 Jul 1996, Timothy C. May wrote: > > I often think the American CIA and NSA are actually just enforcers of the > status quo, preferring a New World Order of crypto-restricted citizen-units I'm suprised you ever think otherwise. > to a more diverse, anarchic world in which private citizens and > corporations can thwart the desires of central governments. Petro, Christopher C. petro at suba.com snow at crash.suba.com From warpdriv at mindport.net Fri Jul 12 16:16:35 1996 From: warpdriv at mindport.net (..) Date: Sat, 13 Jul 1996 07:16:35 +0800 Subject: Technology and Privacy Message-ID: <01BB6FE1.999C4260@synapse-34.mindport.net> DM,sir, you always bring good stuff, but...am i really supposed to believe that a warrant or other writ will really control the process? ---------- From: Declan McCullagh[SMTP:declan at well.com] Sent: Monday, July 01, 1996 7:13 PM To: John Young Cc: cypherpunks at toad.com Subject: Re: Technology and Privacy > To set the record straight, military thermal imaging is > used to support civilian law enforcement only after other > probable cause for a search warrant, such as power bills, > observation of boarded-up windows, vents on the roof to > draw away heat and buys by confidential informants, are > documented. The military is then called in, using thermal From bryce at digicash.com Fri Jul 12 17:02:25 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sat, 13 Jul 1996 08:02:25 +0800 Subject: Need PGP-awareness in common utilities In-Reply-To: <1.5.4.32.19960712133842.008c3308@193.246.3.200> Message-ID: <199607121616.SAA04183@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- I, Bryce wrote: > > Which is where the small payments to ratings producers from > ratings consumers comes in. Again this is just the > quantification of a phenomena that we all take for granted. > (Namely, that people who produce quality ratings are producing a > value and trading/contributing it to others.) Remo Pini wrote: > > It sure sounds like I'll have to pay, so someone decides for me, wether some > piece of info is important to me. Key phrase here is "have to " as opposed to "choose to". (Just like always...) > Now, if that isn't the first step to censorship! It's not. One good way to get started on the road to censorship is to believe that everyone has a right to the means of publication. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMeZ6c0jbHy8sKZitAQHZagMAg0nRknUZDn0m5y57xJPKAMTygF5NRXZq nkR7Ad5R2SYiHN5OPIsPQOtR2NNPEnjPL0PKjMtDvF4OkKZ/OTt3pQKE1dUN7Q8Y FhHk9uSU7aSWqIaN4hItU0B1B1BeJSgJ =jUlr -----END PGP SIGNATURE----- From dm at amsterdam.lcs.mit.edu Fri Jul 12 17:26:44 1996 From: dm at amsterdam.lcs.mit.edu (David Mazieres) Date: Sat, 13 Jul 1996 08:26:44 +0800 Subject: Can't block caller ID in Massachusetts? Message-ID: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> My last phone bill said that Nynex is now giving out people's names in addidtion to their phone numbers over caller-id. I therefore called Nynex and told them to block caller-id on my phone line. They said no problem, but... They said nothing I can do will block it when I call 800 numbers. "The people with 800 numbers have special software, and there is nothing you can do to block your identity when calling them. Not even *67." Wow. Maybe I'm not paranoid enough, but I never expected this. I can never again call an 800 number anonymously to get information about something unless I go out to a pay phone. What an incredible inconvenience, and how truly depressing. I know 800 number owners probably used to be able to get lists of calling phone numbers on their phone bills, but this is less disturbing as it would take significant effort to match up the lists after the fact. I just want to be able to call up companies and say, for instance, "If I buy your product, can it do X?" as opposed to, for instance, "I'm stuck with your product, can it do X?". People are often more helpful in the former case. Now, though, they'll know exactly who I am before they even say hello. David From WlkngOwl at unix.asb.com Fri Jul 12 17:35:25 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 13 Jul 1996 08:35:25 +0800 Subject: Destabilizing China's Government with Strong Crypto Message-ID: <199607121626.MAA29430@unix.asb.com> On 12 Jul 96 at 0:04, Timothy C. May wrote: [..] > And this is yet another example of the negative effects of the U.S. > restrictions on crypto export: where widespread crypto tools might be used > to destabilize repressive governments, the lack of these tools integrated > into common applications makes it harder for freedom-fighters in China, > Burma, Iran, France, etc., to use them. The US has a sad history of supporting its own 'friendly dictators' though. Makes it hard to support flow of decentralizing tech to destabalize countries like Iraq but keep countries like El Salvador in the fold. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From amehta at giasdl01.vsnl.net.in Fri Jul 12 17:36:15 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sat, 13 Jul 1996 08:36:15 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download Message-ID: <1.5.4.32.19960712212459.002e11b0@giasdl01.vsnl.net.in> At 23:38 10/07/96 -0700, Will Price wrote: >ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download Sorry if this has been discussed before (please point me in the right direction if that is the case), but VSNL, my government-owned ISP (which also has a monopoly on all international traffic) made me sign that I will not use my Internet connection for voice traffic. Is there any way they could find out if I were using PGPfone, or rather, could I prevent them from finding out? Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://mahavir.doe.ernet.in/~pinaward/arun.htm The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From amehta at giasdl01.vsnl.net.in Fri Jul 12 17:52:17 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sat, 13 Jul 1996 08:52:17 +0800 Subject: Minitel "saved" by hackers? Message-ID: <1.5.4.32.19960712212426.002e925c@giasdl01.vsnl.net.in> At 05:51 12/07/96 +0200, Daniel Salber wrote: >At 2:37 AM +0500 on 7/11/96, Arun Mehta wrote: > >> I'd love to find out exactly what happened. > >"Hacking" is inaccurate: the users >were not necessarily computer-litterate but just found another way to use >the help feature of the server. Rheingold's Virtual Community has a pretty >accurate account of the facts (see chapter 8, also online as >). Thank you for the correction. I checked Andre Lemos' original, and he uses both terms. To quote, "Through thie detournement -- literally, a 'hijacking' was born the messagerie. By hacking and then making available the bulletin board software, a counter-current to the French technocratic approach produced a usage of the system which was never a planned objective." Slightly inaccurate. >In a previous post, you said: > >> So, shocked by this, what does the government do? Being unable to >> distinguish between different kinds of messageries, the government put a 30% >> tax in 1989 on all, and raised it to 50% in 1991! No wonder the Internet is >> gaining rapid popularity in France. > >I think this is wrong. These taxes were only for sex messageries and the >30% tax didn't actually stop most of them from making money. I think the >50% tax wasn't actually enforced and the tax rate remains at 30% (see >http://www.univ-paris8.fr/~babelweb/voltaire/v_no23.htm -- this is in >french, sorry). > >You must realize that the government has no interest in stopping all >messageries: France Telecom is (at least for the coming few months) a >government agency and makes a lot of money from the messageries. Once again going back to the original: "In 1986 the first roadside billboards for the messaggeries rose appeared (picturing, for example, a robust male or a woman with slogan '3515 BUSTY', the online address of a Mintel rose chat service). French traditionalists were outraged and Charles Pasqua, acting Minister of the Interior, attacked the gay messagerie Gay Pied. Worse, the French state gains 36% of the total charges paid. Taxes on all the messagerie services became the order of the day. France Telecom has no way of distinguishing between the messagerie rose and any other board or messagerie. In 1989 the government tax was 30% and in 1991 a 50% tax was imposed in the hope of eliminating all messageries." That's seriously innacurate, it seems to me: but I would appreciate some confirmation before I attack the guy in my review. Will check out the urls you suggested, problem is during the monsoons the phone connection to my ISP keeps dropping. > >The Minitel is no more "centralized and bureaucratic" than the Internet was >only a while ago (ie, when NSF was in charge of most of the core >infrastructure). >The Minitel may look centralized and bureaucratic because anyone who wishes >to open a server has to go through France Telecom (which delivers unique >names like Internic). Has FT ever denied permission (to hard-core sex servers or neo-Nazis, for example)? That, the tax they charge and the prohibition of encryption make it too centralized for my taste. And will ultimately kill it. The longer the French take to migrate to the Internet, the worse for them (IMHO). >There were even some experiments of a european Minitel system linking >several european videotex services a few years ago. I think they fell short >because the videotex technology has been so quickly outdated. Why not link up videotex in every country with the Internet? Let people surf the Web using their TVs and remotes (and maybe a keyboard with an infra-red link). That's what I'm trying to tell our utter failure of a videotex service in India. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://mahavir.doe.ernet.in/~pinaward/arun.htm The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From daniel.salber at imag.fr Fri Jul 12 18:06:08 1996 From: daniel.salber at imag.fr (Daniel Salber) Date: Sat, 13 Jul 1996 09:06:08 +0800 Subject: Minitel "saved" by hackers? In-Reply-To: <1.5.4.32.19960712212426.002e925c@giasdl01.vsnl.net.in> Message-ID: At 21:31 +0500 on 12/07/96, Arun Mehta wrote: > Has FT ever denied permission (to hard-core sex servers or neo-Nazis, for > example)? That, the tax they charge and the prohibition of encryption make > it too centralized for my taste. And will ultimately kill it. The longer the > French take to migrate to the Internet, the worse for them (IMHO). The tax wasn't charged by FT but by the government (ok, FT is government-owned but it makes a difference nevertheless). Yes there have been a few cases of censorship by the government (not FT!). As fas as I remember the reasons were like chat services that allowed online prostitutes or drugs dealers. Prohibition of encryption is definitely a problem here. Although it's not officially prohibited, you have to request a permit to use strong crypto, and you don't get one if you plan to use "too strong" crypto like RSA and you're not a "serious" institution like a bank. Some recent changes in the organization of the security agency in charge of delivering permits as well as the current trends towards the deregulation of crypto export in the US may bring some change... some day. (see http://www.cnam.fr/Network/Crypto/ -- in french -- for details of french encryption regulations) > Why not link up videotex in every country with the Internet? Let people surf > the Web using their TVs and remotes (and maybe a keyboard with an infra-red > link). That's what I'm trying to tell our utter failure of a videotex > service in India. As far as I know, most videotex systems use 1200 bps and crude 8-color graphics. That's ok to make use of many web sites, but the web seems to be heading full speed towards higher and higher bandwidth and interactivity. Daniel From ericm at lne.com Fri Jul 12 18:08:47 1996 From: ericm at lne.com (Eric Murray) Date: Sat, 13 Jul 1996 09:08:47 +0800 Subject: spam suckers (was Re: Chancellor Group....) In-Reply-To: Message-ID: <199607121652.JAA28494@slack.lne.com> Lou Poppler writes: > > Note that the referenced web server is in another domain owned by this > same Bob Williams. Perhaps his misleading unsolicited investment advice > is part of a package deal provided to companies who buy his web service. He's been flogging the same shit for a while- I've received three or four of these spams at another address that I use to make Usenet posts. That address is an account at a large workstation company that I consult for. I've been getting a lot of spam there. I suggested on an internal mailing list that the amount of spam that various employees there are getting isn't insignificant and that perhaps they should sue some of the spammers for wasting the company's resources and employee time without permission. I suggest that the "anti-junk-fax" law might be extended to cover spam mail. However I don't trust net-clueless legislators to be able to make even a simple law without fucking it up and restricting civil liberties. However, I heard from a friend that they're doing just that, extending the junk fax law to cover junk email. Something like a $500 fine for each junk email. Does anyone know more? Would mailing-list operators be liable under this law when someone forges a subscription message from "clinton at whitehouse.gov"? -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From markm at voicenet.com Fri Jul 12 18:14:00 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 13 Jul 1996 09:14:00 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 11 Jul 1996, Timothy C. May wrote: > Go back an read Hal Abelson's message of just a few days ago. MIT may lose > out on a large contract with Sandia becuase of their publishing of a _book_ > containing PGP code. This isn't quite analogous to the original problem of a software company making good-faith efforts to prevent a program from being exported. AFAIK, MIT did not try to prevent the book from being exported (of course, the State Department never did approve or deny their request to export the book). Sandia could claim that MIT came very close to violating ITAR, but the same claim could not be made if the issue was a software program which was export-controlled. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeaGe7Zc+sv5siulAQFlSAP6Aw58y4rg9Bk93ru2kw5RzmLVX3KvNKbY Pie33MR+NT0FB6C7deUEru7pHQVsRkOFAgLIwqiltSFa7MtpxCEySHRguOWxg7yf u1bANeZ1Snrm2cwo72KLH9utgSE+JwaKW2MSLADHnPUQUbUnE45lY2qx9LcmNvcz 43t14d8RhC4= =zUl/ -----END PGP SIGNATURE----- From markm at voicenet.com Fri Jul 12 18:20:34 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 13 Jul 1996 09:20:34 +0800 Subject: A case for 2560 bit keys In-Reply-To: <199607120202.WAA10180@quasar.voicenet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 11 Jul 1996, Chris Adams wrote: > check your setup. I used to run a 386-20 (5MB RAM) and it took about 3 > seconds for a 1024 bit key. Given it didn't even have a copro (not sure > when/if PGP uses one) and that it was off of a Stackered drive, I'd > expect you to have much better times. That's consistent with the timings I've been getting. It should take about 9 seconds to decrypt an arbitrary message with a 2048-bit key with the setup you describe. Of course, I usually use X, so that probably does throw off the timings a bit. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeXTXLZc+sv5siulAQEnAAP8Dbr/WWFKDhD0CRPePVtF2o7386Na89Xd GUC7D2x9hFAcMS+YynQnLpNULHWY4e/ziY3GkpFVydSYrQfIZ7Xj8P7RPgFUmWnz 4Zo5zTIJif1jigWEmMqAr7nMBtDCFTJrB0ogD7ZlGcALHxjUKW7j20QtHyIg5/sr nS7OAI2gZgc= =/LMb -----END PGP SIGNATURE----- From ericm at lne.com Fri Jul 12 18:59:41 1996 From: ericm at lne.com (Eric Murray) Date: Sat, 13 Jul 1996 09:59:41 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: <199607121854.LAA29560@slack.lne.com> David Mazieres writes: > > My last phone bill said that Nynex is now giving out people's names in > addidtion to their phone numbers over caller-id. I therefore called > Nynex and told them to block caller-id on my phone line. > > They said no problem, but... They said nothing I can do will block it > when I call 800 numbers. "The people with 800 numbers have special > software, and there is nothing you can do to block your identity when > calling them. Not even *67." Same in Pacific Bell land. We get two options- "partial blocking" which really means tht you have to use *67 to block CID to non-800/900 numbers, and "complete blocking" which blocks CID to non-800/900 numbers. When I called the Pac Bell customer service droids to get my "complete" blocking I asked them why they won't block CID to 800 numbers. Their answer: "that's just the way it works". > Wow. Maybe I'm not paranoid enough, but I never expected this. I can > never again call an 800 number anonymously to get information about > something unless I go out to a pay phone. What an incredible > inconvenience, and how truly depressing. Caller ID isn't for people, it's for businesses who want to track callers. They're willing to pay for that service, enough to make it worth the while of the phone companies to spend many millions on a campaign of lies (excuse me, "PR") to convince us that we need CID for "safety". -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From alano at teleport.com Fri Jul 12 19:26:02 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 13 Jul 1996 10:26:02 +0800 Subject: Another bad idea Message-ID: <2.2.32.19960712172300.00b332cc@mail.teleport.com> At 09:40 AM 7/12/96 +0500, Arun Mehta wrote: >What that does is give us a window of opportunity. Hongkong has one >remaining year of guaranteed unfettered flow of information. China still >has the Internet. What can we do? {good ideas snipped] Another thing to do is get more web sites containing information of interest to people living in such regimes on SSL enabled web servers. If the web redirectors can be set to redirect SSL traffic undisturbed, then there is another level of encryption for the chinese to have to hack through to find "dissidents". And if someone could sneak them a few copies (hint... hint...) of the 128 bit version, it would make their lives even more difficult. I see a point where the repressive regimes of the world are going to be trying to prevent their people from getting to information that is against the regime, but getting run over by the shear volume of the information. It may be possible to filter for such things, but in doing so, you destroy any usefulness the network has in the first place. Of course this is all a moot point, because it has been proven by computer projections that all informative net traffic will be buried under advertisements by the year 2000 anyways. I expect some legislative body to try and make money fast on the net by selling ad space on IP packet headers. ("This packet sponsored by Preparation H!") I think I will go drink more coffee now... --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From markm at voicenet.com Fri Jul 12 19:28:12 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 13 Jul 1996 10:28:12 +0800 Subject: [NOISE] Ritalinpunks Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I just got the latest issue of Scientific American, and interestingly enough, there is an article on page 12 that deals with the issue of overdiagnosing ADD. It's pretty interesting reading for anyone that may have an opinion on the subject (which is definitely a high number of cpunks). - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeamMLZc+sv5siulAQFBYAP/UJkevlONxJywp0MsNQ0c9UwfKb7cZQgs 8F0BfVSAn31zatJ9lchNVo8ui57ojmbbdBBPGKtr2EqPgkheFGbVwn26fcZmfJ1b 8h4hq715hi+6bokrdrtIgXTGDT/lWt7FTQ01nB/VLgClB8h/X2gSQSCeXIJename Nh+liBowdKY= =kfcI -----END PGP SIGNATURE----- From abacard at well.com Fri Jul 12 19:43:23 1996 From: abacard at well.com (abacard at well.com) Date: Sat, 13 Jul 1996 10:43:23 +0800 Subject: Needed: Bay Area "Cracker" for TV Show Message-ID: <199607121640.JAA11127@well.com> July 11th, a San Francisco television reporter called me. He wants to broadcast a story about "crackers". He'd like someone who can describe, on-the-air, examples of what crackers can do. In particular, he'd like someone who can provide a demonstration. Do you want to be on Bay Area TV? If not, whom in the Bay Area do you recommend? This could be a chance for you to publicize your favorite security flaws in voice box systems, or whatever. The reporter wants to run this story during the week of July 15th. If interested, please contact me as soon as possible. The reporter uses telephones, not e-mail, so I'll need your phone number. Thanks. See you in the future, Andre Bacard ====================================================================== abacard at well.com Bacard wrote "The Computer Privacy Stanford, California Handbook" [Intro by Mitchell Kapor]. "Playboy" Interview (See Below) Published by Peachpit Press, (800) http://www.well.com/user/abacard 283-9444, ISBN # 1-56609-171-3. ======================================================================= From dwa at corsair.com Fri Jul 12 19:52:49 1996 From: dwa at corsair.com (Dana W. Albrecht) Date: Sat, 13 Jul 1996 10:52:49 +0800 Subject: Wiretaps Message-ID: <199607122042.NAA16159@vishnu.corsair.com> Wiretaps Up Sharply in Clinton Administration WASHINGTON (Reuter) - The Clinton administration has sharply increased use of federal telephone wiretaps and other electronic surveillance in the United States since taking office, The Washington Post reported Sunday. ... Civil rights and privacy advocates were upset with the trend but unable to do much about it ... Frederick Ness, who runs the Justice Department office that approves applications for court-ordered wiretaps, told the Post: ``We are up 30 to 40 percent this year.'' In 1992, the last year of the Bush administration, there were 340 federal court orders permitting electronic surveillance in criminal cases, the newspaper said. Quoting unidentified officials, the report said that number had risen to 672 last year and almost certainly would exceed 700 in 1996. The figures did not include ``national security'' wiretap orders, obtained under intelligence legislation, which also had been rising dramatically, the Post said. Preparing for expected continued growth in surveillance of domestic criminals, the Justice Department was buying additional high-tech equipment, developing new eavesdropping techniques and adding support personnel, the report said. From dbell at maths.tcd.ie Fri Jul 12 21:17:32 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Sat, 13 Jul 1996 12:17:32 +0800 Subject: Quantum Communications Message-ID: <9607121946.aa22045@salmon.maths.tcd.ie> By mistake, I sent a message in reply to a list member and forgot to include the list. I also misremembered *Austria* as Australia when I sent my original question to the list. The item I read was a news item on the bottom of p.16, July 6 Issue of _New Scientist_, enititled "It's good to talk in quantum trits". The researchers are Klaus Mattle, Harald Weinfurter and Anton Zeilinger of the University of Innsbruck and Paul Quiat of Los Alamos National Laboratory in New Mexico. Weinfurter said "It's the first experiment which demonstrates a communications system using pure quantum states". I don't know enough QM to tell if it has the same immunity to eavesdropping as the scheme studied by British Telecom. I'll send more details tomorrow, as I have to leave now. Derek From sandfort at crl.com Fri Jul 12 21:39:10 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 13 Jul 1996 12:39:10 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 12 Jul 1996, David Mazieres wrote: > [Nynex] said nothing I can do will block [Caller ID] when I > call 800 numbers... > > Wow. Maybe I'm not paranoid enough, but I never expected this. > I can never again call an 800 number anonymously to get > information about something unless I go out to a pay phone. I've discussed this before, but it makes a lie of all those narc lines that advertise, "We don't want your name, bust the drug dealer's." S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From frissell at panix.com Fri Jul 12 21:43:29 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 13 Jul 1996 12:43:29 +0800 Subject: Can't block caller ID in Massachusetts? Message-ID: <2.2.32.19960712234433.0082448c@panix.com> At 11:54 AM 7/12/96 -0700, Eric Murray wrote: >When I called the Pac Bell customer service droids to get my "complete" >blocking I asked them why they won't block CID to 800 numbers. >Their answer: "that's just the way it works". Since they can't bill you for LD numbers you call without reporting the calls on your bill, they can't charge 800 (or pay 900) number owners without reporting which numbers called them. I suppose you could just trust them (like the UK) and not demand a list of numbers you called and then the 800/900 businesses might do the same. Likely? DCF From mhw at wittsend.com Fri Jul 12 21:43:59 1996 From: mhw at wittsend.com (Michael H. Warfield) Date: Sat, 13 Jul 1996 12:43:59 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: David Mazieres enscribed thusly: > My last phone bill said that Nynex is now giving out people's names in > addidtion to their phone numbers over caller-id. I therefore called > Nynex and told them to block caller-id on my phone line. > They said no problem, but... They said nothing I can do will block it > when I call 800 numbers. "The people with 800 numbers have special > software, and there is nothing you can do to block your identity when > calling them. Not even *67." Might want to poke your nose into the comp.dcom.telecom newsgroup. This is very VERY old news. The people with 800 (and 900) numbers don't have special software - they have a different service. Instead of CLID, they have ANI and have had it for YEARS! One particular difference between these two services is that CLID returns the "calling number" while ANI returns the "billing number" (i.e. they number they would charge services to). For most of us, these numbers are identical. For some of us, they are different. > Wow. Maybe I'm not paranoid enough, but I never expected this. I can > never again call an 800 number anonymously to get information about > something unless I go out to a pay phone. What an incredible > inconvenience, and how truly depressing. You are about a decade late on this one... > I know 800 number owners probably used to be able to get lists of > calling phone numbers on their phone bills, but this is less > disturbing as it would take significant effort to match up the lists > after the fact. I just want to be able to call up companies and say, > for instance, "If I buy your product, can it do X?" as opposed to, for > instance, "I'm stuck with your product, can it do X?". People are > often more helpful in the former case. Now, though, they'll know > exactly who I am before they even say hello. Not everyone has the ANI service but not all of those who do will admit to it. The story is told of an American Express customer who got extremely agitated after an American Express customer support representative asked them if they has recently changed their phone number. The answer was "no - why do you ask". The rep replied, "well, the number you're calling from is different". The customer got so upset that American Express no longer asks when someone calls in from a number different than the number on file. This is also how you unlock those credit cards by calling an 800 number. They warn you to call from your home number. If you do, your card is automagically activated. If you don't, you have to jump through hoops. > David Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From mhw at wittsend.com Fri Jul 12 21:45:52 1996 From: mhw at wittsend.com (Michael H. Warfield) Date: Sat, 13 Jul 1996 12:45:52 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121854.LAA29560@slack.lne.com> Message-ID: Eric Murray enscribed thusly: > Caller ID isn't for people, it's for businesses who want to > track callers. They're willing to pay for that service, enough > to make it worth the while of the phone companies to spend many > millions on a campaign of lies (excuse me, "PR") to convince us > that we need CID for "safety". BULLSH*T! Pure, unadulterated, BULLSH*T! Businesses don't NEED Caller ID! They've got (and have had for a long time) ANI! Most businesses don't even WANT CLID! You can block CLID. You can't block ANI. This was the ultimate and supreme LIE behind all of the fights over CLID. All the arguements about how businesses would then abuse this and that and would invade our privacy was all a crock of SH*T. All CLID did was give to the consumer SOME of what businesses have had for years. The whole business abuse arguement was pure red herring... Even in California, where CLID was stopped for a while, businesses still had ANI. Do you actually think your numbers were safe just because they weren't delivered to residences? Hell no! Businesses could still get them if they wanted them and there was nothing you could do about it! To top it off - you THOUGHT you were safe! I know of some businesses whose sole reason for getting a 1-800 number was to be able to log and track that information. Every wonder about those local companies who still had you call a 1-800 number. Guess what. That was the easiest (and sometimes the cheapest) way to get ANI. I ran a Harris 20/20 PBX switch for a company over 6 years ago and remember looking over and discussing the ANI specs with the management. We decided not to pursue trying to get ANI on our DID lines but the switch supported it and that switch was considered out of date technology at THAT time! > -- > Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm > PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From jimbell at pacifier.com Fri Jul 12 21:48:36 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 13 Jul 1996 12:48:36 +0800 Subject: I@Week on crypto export loophole 6/24/96 Message-ID: <199607121939.MAA03832@mail.pacifier.com> At 03:05 PM 7/12/96 -0400, Will Rodger wrote: >>As I see it, the most important issue is not the legal status of the one >>actually doing the export/mailing, but in fact the organization which is the >>recipient and thus, the beneficiary of this act. _THAT_ organization will >>be well-identified, yet will not have done anything obviously illegal. Is >>there any indication that Baker was trying to distinguish between the one >>physically mailing it, and those receiving it? > >Yup. He was speaking only of the US company. Any indication about what the USG might be able to do, SPECIFICALLY, legally or in retaliation? Jim Bell jimbell at pacifier.com From alanh at infi.net Fri Jul 12 21:52:20 1996 From: alanh at infi.net (Alan Horowitz) Date: Sat, 13 Jul 1996 12:52:20 +0800 Subject: Needed: Bay Area "Cracker" for TV Show In-Reply-To: <199607121640.JAA11127@well.com> Message-ID: > July 11th, a San Francisco television reporter called me. He wants to > broadcast a story about "crackers". He'd like someone who can describe, > on-the-air Hey peachpit The cartoon news broadcasts are part of the problem, not part of the solution. I vote that San Francisco be given back to the Mexicans, until the current generation of nudnicks dies off. We'lll steal it back in 40 years, after there arises a generation hardened by life in the desert. From EALLENSMITH at ocelot.Rutgers.EDU Fri Jul 12 22:19:25 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sat, 13 Jul 1996 13:19:25 +0800 Subject: ADD and Unix, + Ritalin Questions Message-ID: <01I6ZTLVI4I8984TP7@mbcl.rutgers.edu> From: IN%"ichudov at algebra.com" 10-JUL-1996 03:56:31.76 >3. Are there any long term effects from Ritalin, and can it >be discontinued easily? Well, the FDA seems to think it's addictive... my experience with it (off on weekends, evenings, and in the summer) would appear to say otherwise. There is some appetite suppression, which allegedly may lead to growth suppression, but I have some doubt about this (I'm over 6'1"). -Allen From ericm at lne.com Fri Jul 12 22:20:15 1996 From: ericm at lne.com (Eric Murray) Date: Sat, 13 Jul 1996 13:20:15 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: <199607130024.RAA31724@slack.lne.com> Alan Horowitz writes: > > > Caller ID isn't for people, it's for businesses who want to > > track callers. They're willing to pay for that service, enough > > > Privacy isn't for parasites. 800 numbers aren't free. They're just paid out of a different account. I don't pay for them directly, but I do indirectly through the increased prices of the goods and services sold by the company with the 800 number. I'd hardly call that being a 'parasite'. > It's for people who are willing to pay for > their own phone calls. Too bad there's not always a choice, a lot of companies use only 800 numbers for service hotlines etc. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From alanh at infi.net Fri Jul 12 22:23:59 1996 From: alanh at infi.net (Alan Horowitz) Date: Sat, 13 Jul 1996 13:23:59 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: > Date: Fri, 12 Jul 1996 11:55:27 -0400 (EDT) > From: David Mazieres > > after the fact. I just want to be able to call up companies and say, I just want to be able to go to my local steakhouse joint, feed myself and a couple of bimbos, and tell them to charge it to David Mazieres. .....What?!? I'm supposed to _pay_ for my way in life? They didn't teach me that at MIT! Write a letter to Ted Kennedy and Barney Frank - my human rights are being violated! From amehta at giasdl01.vsnl.net.in Fri Jul 12 22:34:34 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sat, 13 Jul 1996 13:34:34 +0800 Subject: Destabilizing China's Government with Strong Crypto Message-ID: <1.5.4.32.19960713003051.002f9dac@giasdl01.vsnl.net.in> At 01:01 12/07/96 +0000, Deranged Mutant wrote: >On 12 Jul 96 at 9:40, Arun Mehta wrote: >[..] >BTW, similar problems in Iran fro what I've heard. I remember >hearing a blurb that VOA Chinese Programs explained how to make a >setellite dish out of aluminum foil, so pick up special VOA >boradcasts I'm sure... (That's rather intersting, because you can >crumple it up or wrap leftovers in it immediately.) Is there a good hacker handbook, telling you how you can do things your government won't let you, something along the lines of a modern-day Abbie Hoffman "Steal This Book"? >I'm told by some friends that the Chinese, in large part due to the >writing system, prefer FAXs over the internet. That's something to >keep in mind. > >Hm... interesting project: a graphics program that works with PGP or >PGPlib. One can import scanned images or draw onto the screen and >then encrypt it for mailing. Excellent project. One reason that e-mail is picking up in popularity is that sending a fax to the office address is like sending a postcard. >> 1) Collect the e-mail addresses as Allen suggested (including those in >> Hongkong), and send them a single, short message offering to teach them free >> of cost how to use pgp and all the goodies at >> http://www.eskimo.com/~joelm/cbsw.html > >Might be condescending. 'Civilized white man brings PGP to the >barbarians...' Look around you: while "civilized", "white" and "man" might characterize the vast (?) majority on this list, I'm sure that's not the universe on cypherpunks. And how does it matter? I'm suggesting an e-mail course that people may subscribe to if they wish. I'm currently attending a course on Cyberspace-Law for Non-Lawyers, presented by the Cyberspace Law Institute and Counsel Connect with thousands of others -- I'm sure there are people from all continents on that course, and the question of it being condescending hasn't arisen. > They may well know about PGP, but not in a position >to make that knowledge widely known. That's no good to the rest of the world. Forget them: the question is, are *you* in a position to share your knowledge? >And if I were in a 'totalitarian' or restrictive country I'd be damn suspicious, >maybe frightened by this ('are the secret police setting me up?' or 'will the >notice if I reply?'). Maybe lesson 1could be on how to use an encrypting anonymous remailer, and those who succeed get lesson 2 onwards untraceably. If they are suspicious, they don't have to join or can unsubscribe. >What if that person like the way their country is? They >could inform the local authorities and set in motion a crackdown that >would not have happened, perhaps. We say *nothing* during the course about what we feel about the political situation in Singapore, the work situation in multinationals or Bill Clinton. We restrict the course to a sharing of knowledge on crypto in the Internet spirit of a free economy. >I'd leave the specifics to activists who are already familiar with >the respective cultures, societies, politics, etc.... I'm one. Be glad to tell you more,... >chances are they >are already doing things along those lines. If they are, its only in pockets, and they are doing an awful job of telling people about it if none of us has heard. The Internet is still very new here, most people don't know much about it except how to click the porn bookmarks. >Otherwise, if you don't >know what you're doing, you can unintentionally mess up somebody >else's life, if not your own. It's only crypto, not the Bible or Koran. And let them be their own judges? You seem to want to protect people in the Third World the way the US government wants to keep cyberporn from kids. From: tcmay at got.net (Timothy C. May) Subject: Destabilizing China's Government with Strong Crypto Sender: owner-cypherpunks at toad.com >At 4:40 AM 7/12/96, Arun Mehta wrote: ... >>2) Encourage the production of simple, cheap devices such as a PGP phone >>3) Find people who beam radio transmissions into China (Rupert Murdoch via >>his Star TV satellite is one ;-) and ask them to devote an "Internet hour" >Good ideas, all. And deploying steganography is a natural fit to this situation. Thanks, mate. What's the use of all the theory you develop and software you'll write if it is inaccessible to those who need it most? Just think: you work in a sensitive job, have a bad conscience about all the forests that are being cut on account of collusion between the Forest Department and the illegal loggers -- now you can maybe talk to someone about the weather or the greatness of Kim Jong Il, and in the process upload all you know about the scandal, untraceable to you. From: "Peter D. Junger" >: 1) Collect the e-mail addresses as Allen suggested (including those in >: Hongkong), and send them a single, short message offering to teach them free >: of cost how to use pgp and all the goodies at >: http://www.eskimo.com/~joelm/cbsw.html > >Unfortunately for those of us in the United States or who are >otherwise subject to its jurisdiction such an offer would require a >license or a waiver of jurisdiction under the International Traffic in >Arms Regulations before it could safely be carried out. That >particular highly worthwhile project would seem to fall under the >definition of performing defense services as well as involving the >disclosure of technical data relating to an item on the United States >Munitions List. Did you let that stop you in the past? Suppose the course were conducted from outside the US? The packages can in any case be downloaded legally from outside. I'm sure there is no law against your telling me how to use a particular software package? Anonymously, if you must? What I have in mind is as follows: "Building a Cryptobook" lists a number of software packages: SecureDrive PGP Private Idaho PGPfone Wipe Utilities S-Tools Joel provides also the configuration steps needed to get it all working, which is an excellent starting point. Suppose we do an e-mail course telling people in simple language *why* they need this, what benefits they would get as a result, how to download (idiot-proof instructions all through), and how to set up *for basic, minimum security*. I'm sure the software packages will have all sorts of bells and whistles that the novice doesn't need, not right away. Maybe some or all of this instructional material is already available. Could we pick up a set that is easy to understand and concise? That could be packaged together as a course or a book, a sort-of "Crypto for Dummies." Would people like to select individual software packages, and put the material together? Everyone gets due credit, of course. Think for a moment: Just as Nelson Mandela stood today at the corner of Trafalgar Square in front of South Africa House, where I'm sure many of us have shouted ,"Free Nelson Mandela!", some day soon we might get similar thanks from some Chinese or heavens knows whom... >From: Alan Olsen >Another thing to do is get more web sites containing information of interest >to people living in such regimes on SSL enabled web servers. This, and the encrypted fax would help greatly. I'm sure others have good ideas too. Please send them. How does one go about facilitiating their implementation? Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://mahavir.doe.ernet.in/~pinaward/arun.htm The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From mike at fionn.lbl.gov Fri Jul 12 22:41:24 1996 From: mike at fionn.lbl.gov (Michael Helm) Date: Sat, 13 Jul 1996 13:41:24 +0800 Subject: "White 'Punks on Dope" (w apologies to The Tubes) In-Reply-To: Message-ID: <199607121858.LAA08190@fionn.lbl.gov> On Jul 11, 11:15pm, snow wrote: > > man is just ridiculous, & betrays the author's lack of knowledge. > > No, the POINT IS MIS-DIAGNOSIS. Children who are either brighter > than their classmates and figured out the assignement with in minutes These are not the people who are being talked about here > of the teacher giving it, or children with _no_ boundries implemented > by their parents (people are like fractals, very subject to initial > conditions) hence they keep pushing and pushing so the parents respond > by instituting chemical control. Well, like I said earlier, in the old days very hyperactive boys probably did have the tar whipped out of them. This does work, for short periods. In the long run, it's ineffective. Totally ineffective for a medical condition. Do you think, for example, that it is effective to tell a person suffering from depression to "cheer up", or someone suffering from some forms of schizophrenia to "ignore the voices & stop acting silly"? No amount of your cajoling is going to get a person with a heart deficiency up El Capitan, & there's no chance you can guilt trip someone with severe emphysema to run a marathon with you. I'm sure there's plenty of misdiagnoses, but unless you're willing to lay your md or your epidemiological credentials on the table, I'm not giving you any credit. Your argument sounds like some kind of reactionary victorian moralizing to me (parents setting boundaries .... sheesh). From EALLENSMITH at ocelot.Rutgers.EDU Fri Jul 12 22:56:41 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sat, 13 Jul 1996 13:56:41 +0800 Subject: FW: [RANT] Giving Mind Control Drugs to Children Message-ID: <01I6ZUBURN18984TP7@mbcl.rutgers.edu> From: IN%"blancw at accessone.com" "blanc" 10-JUL-1996 06:04:36.86 > As Tim said, the selective application of drugs or persecution = >regarding their use points to a great hypocrisy (and deterioration of = >character), and the more widespread the acceptance of hypocritical = >double-standards, the higher the rate-o-meter goes up in favor of = >statism. At the very least, all the confusion surrounding drug use will = >create "disrespect for Authority" (which in turn will inspire statists = >to propose further crack-downs, pardon the pun, on "criminals"). Actually, my Ritalin was one of the things that led me to come to the conclusion that drug laws were nonsense. It's a Schedule II drug that I never felt _any_ addiction to; I was off it on evenings, weekends, and during holidays. So at least in my case it had a pro-libertarian effect. > It makes me think of those Communist countries (remember them?) where = >political dissenters were been labelled insane - the protesters were the = >ones identified as having the problems, not the State. The imprisoned = >troublemakers were then drugged, thus taking care of their "irrational" = >behavior and lack of appreciation. The matter is that Ritalin isn't acting as a mind control pill, or whatever the hysterics are claiming. Indeed, I nominate it as one of the more transhumanist drugs I know of (for adults with ADHD and children), and I've done somewhat of a study of the subject. -Allen From pgjeags at infosel.net.mx Fri Jul 12 22:58:21 1996 From: pgjeags at infosel.net.mx (Victor M. Hernandez) Date: Sat, 13 Jul 1996 13:58:21 +0800 Subject: asking for beeing in your mailing list Message-ID: <31E6FEA8.799@infosel.net.mx> I would ask for being include in your mailing list How can I do that? thanks in advance -- //// ~O�O~ pgjeags at infosel.net.mx From rich at c2.org Fri Jul 12 23:01:50 1996 From: rich at c2.org (Rich Graves) Date: Sat, 13 Jul 1996 14:01:50 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 12 Jul 1996, David Mazieres wrote: > Wow. Maybe I'm not paranoid enough, but I never expected this. I can > never again call an 800 number anonymously to get information about > something unless I go out to a pay phone. What an incredible > inconvenience, and how truly depressing. They're paying for the call. They've got a right to know. Otherwise, you could cause a lot of damage with a robo-dialer. It would certainly be nice if the phone company told you about this up-front, though. If you need it, a free anonymous re-phoner is documented at: http://pages.ripco.com:8080/~glr/block.html - -rich http://www.c2.org/~rich/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMebxtpNcNyVVy0jxAQEi7QH9HsqdhmW0m0/wCVPH2CO9PlP2HVjVhaic tSLOsh/dQZM36tB8SLWlPhJRoQw2mXFfefH2BkRfv9gx74sRFTLFXw== =btXH -----END PGP SIGNATURE----- From gimonca at skypoint.com Fri Jul 12 23:06:19 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Sat, 13 Jul 1996 14:06:19 +0800 Subject: Can't block caller ID in Massachusetts? (fwd) Message-ID: Forwarded message: > From: David Mazieres > To: cypherpunks at toad.com > Subject: Can't block caller ID in Massachusetts? > > My last phone bill said that Nynex is now giving out people's names in > addidtion to their phone numbers over caller-id. I therefore called > Nynex and told them to block caller-id on my phone line. > > They said no problem, but... They said nothing I can do will block it > when I call 800 numbers. "The people with 800 numbers have special > software, and there is nothing you can do to block your identity when > calling them. Not even *67." > > Wow. Maybe I'm not paranoid enough, but I never expected this. I can > never again call an 800 number anonymously to get information about > something unless I go out to a pay phone. What an incredible > inconvenience, and how truly depressing. > This has been true for years. On 800 numbers, the receiver gets ANI, not CID. Check newsgroups like alt.dcom.telecom, comp.dcom.telecom, etc.: there's always somebody talking about CID and ANI. In the back of my mind, I remember hearing about an anonymizer for 800-number calls. Maybe at WilTel. Check the search engine of your choice. Personally, I like Caller ID, because it gives individuals a service that formerly only governments and corporations could get. --gimonca at skypoint.com From tbyfield at panix.com Fri Jul 12 23:10:19 1996 From: tbyfield at panix.com (t byfield) Date: Sat, 13 Jul 1996 14:10:19 +0800 Subject: Destabilizing China's Government with Strong Crypto Message-ID: At 12:10 PM +0000 on 7/12/96, Deranged Mutant wrote: > On 12 Jul 96 at 0:04, Timothy C. May wrote: > [..] > > And this is yet another example of the negative effects of the U.S. > > restrictions on crypto export: where widespread crypto tools might be used > > to destabilize repressive governments, the lack of these tools integrated > > into common applications makes it harder for freedom-fighters in China, > > Burma, Iran, France, etc., to use them. > > The US has a sad history of supporting its own 'friendly dictators' > though. Makes it hard to support flow of decentralizing tech to > destabalize countries like Iraq but keep countries like El Salvador > in the fold. Me too. In fact, citing "freedom fighters" to justify relaxing ITAR is neither more nor less disingenuous than citing "international arms traders" to justify maintaining or tightening it; and given the litany of imbecilic, corrupt, rump, and reactionary regimes and factions the US has supported over the past decades, it isn't exactly going to win over hearts and minds in the agencies that have a strong hand in ITAR. Ted From EALLENSMITH at ocelot.Rutgers.EDU Fri Jul 12 23:25:15 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sat, 13 Jul 1996 14:25:15 +0800 Subject: Another bad idea Message-ID: <01I6ZU6HCZ5Y984TP7@mbcl.rutgers.edu> From: IN%"WlkngOwl at unix.asb.com" "Deranged Mutant" 10-JUL-1996 05:02:42.84 >Great idea. Get some (possibly) innocent techie in an oppressive >country thrown in jail or executed. If these countries didn't value their technical people and what they can do, they wouldn't be allowing them on the Internet (even in a restricted way) in the first place. The above would only be a likely scenario if the effort wasn't big enough - didn't cover enough people. China almost collapsed (pity it didn't) with the Cultural Revolution; I doubt many in government there who remember that time want to go through it again, particularly considering the current level of instability there. >Or perhaps s/he gets offended, >contributing to the notion that all Westerners are evil perverts >out to corrupt them. This is a possible problem with the pornography approach, yes; some form of human rights information may be more suitable, even in countries in which one of the main crackdowns on the Internet is anti-sex. >> An extension of this for web sites, which I understand as possible >> but difficult, would be to swap anyone from such a country trying to get >> acces to a technical web site to instead receive "subversive" information or >> pictures. (The pornography mentioned above would probably be more effective >> in picture format; other pictures might include information on human rights >> abuses). >Damn aggrevating for that user, and it could get him/her in trouble. Yes. One possible solution for the aggrevation problem would be to include material on human rights, cryptography, etcetera _and_ the tech info that the person was looking for. While this would still give these countries easy access to the technical info (a bad outcome), it would also lead to the people getting information that the country's government didn't want. >On a wide-scale it could provoke responses from those countries. >Imagine this list being bombarded with propaganda, or perhaps >somebody here looking at an anti-censorship web page getting >pro-censorship messages from religious fundamentalists. If you look at someone's web page and A. they haven't made a contract with you to do otherwise and B. you haven't been smart enough to go through an anonymizing web server or an anonymous account, you need to realize that they are likely to keep info on you. I customarily don't use my own account for web viewing for that reason. Bombardment of lists like these with propaganda, etcetera, is an admitted possible problem. We're currently seeing something of the sort on alt.religion.scientology, but (according to what I've gathered) they seem to be dealing with that pretty well. I have my doubts how effectively the Chinese, etcetera governments are likely to be in carrying out such attacks; they aren't noticeably good at Internet-awareness. >Or it could encourage them to use special firewalls which filter >content and disallow graphics... (probably many US-based companies >would be all-too-happy to sell them the software to do it), or even >close themselves off from the Internet altogether, perhaps form >separate, unconnected Family/Islamic/Chinese-values networks. How, precisely, is one going to filter out graphics from web sites in Chinese? Ascii text and ideographs don't exactly get along. One interesting option would be text, possibly varied to disable practical OCR, in the form of graphics. This is more of a problem for web sites in English, although simple denial of such to such countries has its advantages (as per some earlier discussions). In the latter case, they aren't going to get the technical information that's their reason for getting on the Internet in the first place. These countries are largely third-world in locally understood technology, anyway; the exception is for those who have gotten training in the West - note that one of the biggest trade _surpluses_ of the US is in graduate education in technical fields. -Allen From blancw at accessone.com Fri Jul 12 23:31:28 1996 From: blancw at accessone.com (blanc) Date: Sat, 13 Jul 1996 14:31:28 +0800 Subject: FW: [RANT] Giving Mind Control Drugs to Children Message-ID: <01BB7020.42BF0560@blancw.accessone.com> From: E. ALLEN SMITH Actually, my Ritalin was one of the things that led me to come to the conclusion that drug laws were nonsense. It's a Schedule II drug that I never felt _any_ addiction to; I was off it on evenings, weekends, and during holidays. So at least in my case it had a pro-libertarian effect. ........................................................................ From editor at cdt.org Fri Jul 12 23:42:58 1996 From: editor at cdt.org (Bob Palacios) Date: Sat, 13 Jul 1996 14:42:58 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Support for Key Escrow Message-ID: ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 27 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 27 July 12, 1996 CONTENTS: (1) No New News on Encryption - VP Gore Reiterates Support for Key Escrow (2) How to Subscribe/Unsubscribe (3) About CDT, contacting us ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ** This document looks best when viewed in COURIER font ** ----------------------------------------------------------------------------- (1) NO NEW NEWS ON ENCRYPTION - VP GORE REITERATES SUPPORT FOR KEY ESCROW Despite the growing pressure from Congress, privacy advocates, the computer industry, and the public for the reform of US encryption policy, the Administration continues to embrace its Clipper III key-escrow encryption proposal. In a written statement issued Friday (7/12), the Vice President announced that the Administration will continue to push for the adoption of a massive public key infrastructure to enable law enforcement access to encryption communications and continue to rely on cold war-era export controls. [The full text of the announcement is available on CDT's Encryption Policy Issues Page: http://www.cdt.org/crypto/] CDT is disappointed that the Administration's latest statement offered no new solutions to what is becoming a critical policy issue for the future of the Internet and the development of a secure and trusted global information infrastructure. Friday's announcement comes amid growing concern from bi-partisan members of Congress, computer industry leaders, privacy advocates, and the public. Recent calls for changes in current US encryption policy include: * Bipartisan legislation in both the House and Senate designed to relax US encryption export controls and encourage the widespread availability of strong, easy to use encryption technologies. * The Security and Freedom through Encryption (SAFE) Forum, held on July 1st, where members of Congress, computer industry leaders, privacy advocates and the public discussed the need to reform US encryption policy. * The recent report by the National Research Council which criticizes current policy as failing to address the needs of an information age society. These developments represent a growing consensus among members of Congress, the computer industry, and privacy advocates that current US encryption policy is harming the competitiveness of US industry and endangering the privacy of computer users. Our understanding of this consensus does not match the conclusion the Vice President reaches that: "A consensus is emerging around the vision of a global cryptography system that permits the use of any encryption method the user chooses, with a stored key to unlock when necessary". CDT sees no evidence of broad support for a key escrow approach. While the Administration seems to acknowledge the importance of encryption for privacy and electronic commerce, neither the current policy nor its predecessors have met the needs which virtually all involved in this debate now see. Since 1992, the Administration has continued to offer solutions which fail to recognize the privacy needs of individual computer users and the realities of the global economy. While law enforcement and national security considerations are important factors which must be addressed, the Administration's current proposal, along with Clipper I and Clipper II, continues to put law enforcement and national security concerns above the privacy and security needs of the American public. SUMMARY OF VICE PRESIDENT GORE'S STATEMENT While putting forward an initiative ostensibly designed to make encryption more available to computer users, the Administration would do so at a high price: Individuals would be required to place their most private personal encryption keys in the hands of third parties. Today's statement is essentially a re-statement of the Clipper III proposal released in May. Among other things, the Vice President: * Called for the liberalization of export controls provided computer users participate in a "global key management infrastructure" designed to make personal encryption keys accessible to law enforcement. * Reiterated the Administration's opposition to the bipartisan encryption legislation introduced this Spring in the House and Senate, which would ease export controls. * Announced that a Cabinet Committee will send detailed recommendations regarding implementation of this proposal to the President by early September. * Indicated that the Administration "is considering" interim measures until a key escrow system is in place, including: - Liberalizing export controls for certain industries, - Developing performance standards for key recovery systems that will be eligible for export. - Launching key recovery pilot projects. - Moving jurisdiction over encryption export licenses from the State Department to the Commerce Department (The Burns/Leahy Pro-CODE bill contains a similar provision). The full text of the Vice President's Statement, along with the Clipper III proposal, the text of the Pro-CODE bill and other legislation, and detailed background information on the encryption policy debate, is available on CDT's encryption policy resource page: http://www.cdt.org/crypto/ CDT believes that a far more sensible approach to encryption is offered by the bipartisan legislation introduced this Spring to ease export controls, including: S. 1726, the Pro-Code Act introduced by Senators Burns (R-MT), Leahy (D-VT), Pressler (R-SD), Lott (R-MS), Wyden (D-OR), Simpson (R-WY), Murray (D-WA), and others; S.1567, authored by Sen. Leahy with many of the same co-sponsors; and H.R. 3011, introduced by in the House of Representatives by Reps. Bob Goodlatte (R-VA), Anna Eshoo (D-CA), Tom Campbell (R-CA) Zoe Lofgren (D-CA), and a bi-partisan group of over 20 others. NEXT STEPS CDT will continue to work with Senators Burns, Leahy, Pressler, Wyden and Reps, Eshoo, Goodlatte, and others to encourage the widespread availability of strong encryption by pushing for passage of legislation to relax export controls on encryption. The full Senate Commerce Committee, chaired by Senator Larry Pressler (R-SD), is expected to hold hearings on the Pro-CODE bill during the week of July 22. CDT is working to cybercast that hearing live on the Internet. Please continue to visit CDT's encryption policy issues page for the latest information on this issue. ------------------------------------------------------------------------ (2) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by nearly 10,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request at cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info at cdt.org World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.27 7/12/96 ----------------------------------------------------------------------- From rodger at interramp.com Fri Jul 12 23:44:39 1996 From: rodger at interramp.com (Will Rodger) Date: Sat, 13 Jul 1996 14:44:39 +0800 Subject: I@Week on crypto export loophole 6/24/96 Message-ID: <1.5.4.32.19960712190524.00663184@pop3.interramp.com> -----BEGIN PGP SIGNED MESSAGE----- >As I see it, the most important issue is not the legal status of the one >actually doing the export/mailing, but in fact the organization which is the >recipient and thus, the beneficiary of this act. _THAT_ organization will >be well-identified, yet will not have done anything obviously illegal. Is >there any indication that Baker was trying to distinguish between the one >physically mailing it, and those receiving it? Yup. He was speaking only of the US company. As you mentioned, odds of anyone getting caught are fairly low in many cases, but even lower for anyone outside the US. The odds the US would go after a foreign company would seem pretty remote, unless based in a country that strongly suppported US policy. The UK comes to mind, but few others. I'll leave it others to decide who else should be on that list. Will -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMebLF0cByjT5n+LZAQF3Owf5AbJCUK/9sbaUGDVV4eZcqggSuOgH+ubr fbx3W7HXaXcAlqvATFRt+mw5h6GMubNrRCC+Ka6CJYC60QESWnHCw8/XX000I2UQ ucBwRMTID+KZuNHN9vD4/hE+JBLkWDQyu2S4IDWkCR0+7UJDFQQ9z3kSVmqgczlB jGyOtUwVpNHETg0yGreuQVCMz6gzxX1eZf0Hv38BJQqD8ROOLVCmYC1grRlrltRV VJqRohsVustzqgu35OoKKzZES3hJxqvmXaNHIDMKhZmnbeHiZeAKs0tQ9hJz7Znp oNAGcwIugB7S7mANIr6bd0EPHiljOP2Ipe13LgMAtkhidipTDQgtRQ== =6+G6 -----END PGP SIGNATURE----- From froomkin at law.miami.edu Fri Jul 12 23:47:00 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Sat, 13 Jul 1996 14:47:00 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? In-Reply-To: Message-ID: Hey folks, let's be real clear about this: The ITAR do NOT apply to books. Repeat: The ITAR do NOT apply to books. On Fri, 12 Jul 1996, Mark M. wrote: [...] > This isn't quite analogous to the original problem of a software company making > good-faith efforts to prevent a program from being exported. AFAIK, MIT did > not try to prevent the book from being exported (of course, the State > Department never did approve or deny their request to export the book). Sandia State told Karn that it did not have jurisdiction over books. > could claim that MIT came very close to violating ITAR, but the same claim "The ITAR do not apply to books" > could not be made if the issue was a software program which was > export-controlled. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From alanh at infi.net Fri Jul 12 23:48:18 1996 From: alanh at infi.net (Alan Horowitz) Date: Sat, 13 Jul 1996 14:48:18 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121854.LAA29560@slack.lne.com> Message-ID: > Caller ID isn't for people, it's for businesses who want to > track callers. They're willing to pay for that service, enough Privacy isn't for parasites. It's for people who are willing to pay for their own phone calls. From Cindy at McGlashan.com Fri Jul 12 23:51:47 1996 From: Cindy at McGlashan.com (Cindy Cohn) Date: Sat, 13 Jul 1996 14:51:47 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? (fwd) Message-ID: <199607122035.NAA22343@gw.quake.net> At 09:38 AM 7/11/96 -0400, Michael Froomkin wrote: >Here's a fun legal issue that cropped up on the cypherpunks list Nice try, but no cigar. The problem with all of the "ITAR loophole" ideas is that they only work where the rules are clearly articulated and carefully followed by the administrative agencies. Neither of those exist with the ITAR.. There are no restrictions on the ODTC's ability to interpret the ITAR however they see fit and to change those interpretations as they wish to meet their goal: stopping folks from getting strong crypto easily. The best example of this is the mislabelled "crypto with a hole," in which ODTC interprets the regulations as allowing them to limit software with no cryptography in it at all but only hooks which could allow the insertion of crypto later. The ITAR says that they only regulate "software with the capability of maintaining secrecy" and so on its face would not extend to software which only has hooks for crypto. But this doesn't stop ODTC and there is no mechanism in place to allow anyone else to stop them short of a lawsuit or a change in the law by Congress. So, having said that, here's where I think they could fit in the "piracy" sublicense maneuver: First, entering into the sublicensing agreement could be interpreted as a "defense service." By giving them a license you are "assisting the foreign person" because, presumably, life is easier for them if they have a license. Second, call the sub-license agreement "technical data" since it is related to the crypto. Or, as they did with Zimmermann, they just assume that the company had something to do with the unauthorized export and begin an investigation. If it goes to indictment, better hope you have iron-clad evidence to convince the jury that you had nothing to do with it. If you've gone ahead and sub-licensed afterwards, making money off of the illegal act, I think it would be difficult to convince a jury that you didn't have something to do with it. Gotta write a brief now, Cindy Cohn > >A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) >Associate Professor of Law | >U. Miami School of Law | froomkin at law.miami.edu >P.O. Box 248087 | http://www.law.miami.edu/~froomkin >Coral Gables, FL 33124 USA | It's hot here. And humid. > >---------- Forwarded message ---------- >Date: Thu, 11 Jul 1996 04:06:05 +0000 >>From: Paul Elliott >To: cypherpunks mailing list >Subject: Can the inevitability of Software privacy be used to defeat the ITAR? > >-----BEGIN PGP SIGNED MESSAGE----- > >All software companies who sell (really licence) software >must deal with the inevitability of software piracy. It >is a brute fact that any usefully product sold in the U.S. >will eventually appear as an unauthorized copy for sale >abroad. This fact must be recognized in the software companies' >business plan. > >The question occurs to me "why can not this fact be used to >defeat the ITAR?" > >What is to prevent a U.S company to licence a foreign company >to sublicence and distribute a Crypto product abroad, if that >foreign company obtains that product on the pirate market? > >I am not a lawyer, but I look at the definition of "export" >on page 612 of Applied Cryptography and nothing seems to >obviously apply. > >The scenario I imagine is this: U.S. company produces a crypto >product. To be generally useful, the product supports all languages. >(Those CDROMs really do hold a lot of data.) >After all, Americans do need to do business with foreigners. >The company licences and distributes the product in the U.S. >taking special care not to distribute the product to any foreign persons. >When inevitability, the product appears in the pirate market outside >the U.S., the company makes a contract with a foreign company >allowing it to distribute it and sublicence it. The foreign company >can get their copy from the pirate market, being authorized to get >the copy by the U.S. company. When this deal is cut copies >have already been exported and are already being sold by the >pirates, against the will of the U.S. company. > >In this scenario, the U.S. company had done everything >it possibly could to prevent the illegal export of its product. But >when its efforts have inevitably failed, it makes money by >sublicencing. > >When I look at the definition of Export on page 612 of applied >cryptography, I see one clause that defines transferring registration >as export, but only for aircraft, vessels and satellites. > >OK, cypherpunk legal types, there has got to be something wrong >with this idea. There are a lot of smart people in the world, >so if this idea was good, somebody else would have thought of >it before now! But what is specifically is wrong with it? >I want to be educated! > >- -- >Paul Elliott Telephone: 1-713-781-4543 >Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 > Houston Texas 77063 > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3 >Charset: cp850 > >iQCVAgUBMeR9nvBUQYbUhJh5AQGkYAP/bN0lmkjF6uZ92MmWIqdZwVmLmsiIUg9L >XbtYaeawNCMdi2BnkDUu4j/G1rNngFuAmRwABE9UxKOnwjMU5lfmxHev5RP9/CBF >81AnYc1bWeh52EuKJCKu47LMDn9PqfiCIGBwfRehgkZ72gO0+ywIP1fZrkwNNCF+ >Md76LqUE5Z4= >=k7M5 >-----END PGP SIGNATURE----- > > ************************ Cindy A. Cohn McGlashan & Sarrail, P. C. 177 Bovet Road, 6th Floor San Mateo, CA 94402 (415) 341-2585 (tel) (415)341-1395 (fax) Cindy at McGlashan.com http://www.McGlashan.com From ravage at einstein.ssz.com Fri Jul 12 23:53:21 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 13 Jul 1996 14:53:21 +0800 Subject: Can't block caller ID in Massachusetts? (fwd) Message-ID: <199607130140.UAA11180@einstein.ssz.com> Hi all, Forwarded message: > Subject: Re: Can't block caller ID in Massachusetts? > Date: Fri, 12 Jul 1996 19:37:42 -0400 (EDT) > From: "Michael H. Warfield" > > Eric Murray enscribed thusly: > > > Caller ID isn't for people, it's for businesses who want to > > track callers. They're willing to pay for that service, enough > > to make it worth the while of the phone companies to spend many > > millions on a campaign of lies (excuse me, "PR") to convince us > > that we need CID for "safety". > > number was to be able to log and track that information. Every wonder > about those local companies who still had you call a 1-800 number. Guess > what. That was the easiest (and sometimes the cheapest) way to get ANI. > I ran a Harris 20/20 PBX switch for a company over 6 years ago and remember > looking over and discussing the ANI specs with the management. We decided > not to pursue trying to get ANI on our DID lines but the switch supported > it and that switch was considered out of date technology at THAT time! > I can verify this ability of telephone switches and number tracking. From 1984 to 1990 I worked for the University of Texas at Austin in their Physical Plant Telco shop. I worked on a NT SL-1 based switch feeding voice, data, and analog signals all over campus as well as interfacing to SWBT's trunk lines. I personaly used the system to track on campus phreak and hack attacks as well as feeding the universities computerized security system. We used a Charles Rivers 68/35 running building control software. With it we could track various aspects of the telephone switch and log them offline. We used the system strictly for input of signals for physical security (ie door switches, mag-locks, PIR's, etc.) over the dry pair of the switch. Watch your 6's. Jim Choate CyberTects ravage at ssz.com From adam at homeport.org Fri Jul 12 23:58:40 1996 From: adam at homeport.org (Adam Shostack) Date: Sat, 13 Jul 1996 14:58:40 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: <199607122100.QAA16047@homeport.org> They lie. ("why would anyone need another?") You can avoid ANI by placing an operator assisted toll free call. Dial 0, and say, "Hi, I'm getting funny beeps when I try to dial 800-905-1514. Could you help me place the call?" (Thats the OKBOMB FBI tip number. Oddly, the FBI is still offering a $2m reward for information. And I thought they had their scapegoat.) Incidentally, Use of the NAME, INITIALS, or SEAL of the FBI is restricted by law and may be used only with written permission of the FBI. (www.fbi.giv) Adam David Mazieres wrote: | | | My last phone bill said that Nynex is now giving out people's names in | addidtion to their phone numbers over caller-id. I therefore called | Nynex and told them to block caller-id on my phone line. | | They said no problem, but... They said nothing I can do will block it | when I call 800 numbers. "The people with 800 numbers have special | software, and there is nothing you can do to block your identity when | calling them. Not even *67." | | Wow. Maybe I'm not paranoid enough, but I never expected this. I can | never again call an 800 number anonymously to get information about | something unless I go out to a pay phone. What an incredible | inconvenience, and how truly depressing. | | I know 800 number owners probably used to be able to get lists of | calling phone numbers on their phone bills, but this is less | disturbing as it would take significant effort to match up the lists | after the fact. I just want to be able to call up companies and say, | for instance, "If I buy your product, can it do X?" as opposed to, for | instance, "I'm stuck with your product, can it do X?". People are | often more helpful in the former case. Now, though, they'll know | exactly who I am before they even say hello. | | David | -- "It is seldom that liberty of any kind is lost all at once." -Hume From minow at apple.com Sat Jul 13 00:09:46 1996 From: minow at apple.com (Martin Minow) Date: Sat, 13 Jul 1996 15:09:46 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: David Mazieres notes that he can't prevent his phone number from going to 800 number providers. 800 numbers are, effectively, collect phone calls. The receiving party is paying all call costs, including a surcharge for the collect and number delivery services. Even if you make a "normal" collect call to a residential number, the calling phone number will appear on the receiver's phone bill. That said, there are a few additional points that may be of interest: -- even if David's name is not delivered to the 800 (or caller ID) receiver, there are a variety of commercial services that can link a published phone number with it's owner's name and address. Non-published numbers can be linked to a (fairly small) geographical area, giving useful economic and marketing information. -- a large commercial site can link phone number to name and address while the phone is ringing. This lets them do a variety of triage on the call. For example: -- Never seen this number? Good demographics? Must be a new customer. Answer quickly. -- Ordered lots from us before? Answer quickly. -- Whiner, always complaining? "Your call will be answered by the next available representative." Play 20 minutes of Gershwin. -- Bad demographics? "Your call will be ..." Play 10 minutes of Gershwin. And so forth. Martin Minow minow at apple.com From a-billol at microsoft.com Sat Jul 13 00:14:08 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Sat, 13 Jul 1996 15:14:08 +0800 Subject: Can't block caller ID in Massachusetts? Message-ID: What's worse, is that if you just want to call and get information about a particular product, they can log you for their marketing database. >---------- >From: David Mazieres[SMTP:dm at amsterdam.lcs.mit.edu] >Sent: Friday, July 12, 1996 8:55 AM >To: cypherpunks at toad.com >Subject: Can't block caller ID in Massachusetts? > >My last phone bill said that Nynex is now giving out people's names in >addidtion to their phone numbers over caller-id. I therefore called >Nynex and told them to block caller-id on my phone line. > >They said no problem, but... They said nothing I can do will block it >when I call 800 numbers. "The people with 800 numbers have special >software, and there is nothing you can do to block your identity when >calling them. Not even *67." > >Wow. Maybe I'm not paranoid enough, but I never expected this. I can >never again call an 800 number anonymously to get information about >something unless I go out to a pay phone. What an incredible >inconvenience, and how truly depressing. > >I know 800 number owners probably used to be able to get lists of >calling phone numbers on their phone bills, but this is less >disturbing as it would take significant effort to match up the lists >after the fact. I just want to be able to call up companies and say, >for instance, "If I buy your product, can it do X?" as opposed to, for >instance, "I'm stuck with your product, can it do X?". People are >often more helpful in the former case. Now, though, they'll know >exactly who I am before they even say hello. > >David > From markm at voicenet.com Sat Jul 13 00:16:56 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 13 Jul 1996 15:16:56 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 12 Jul 1996, Michael Froomkin wrote: > Hey folks, let's be real clear about this: > > The ITAR do NOT apply to books. > > Repeat: > > The ITAR do NOT apply to books. I'm quite aware of this fact, and I never did say that ITAR did apply to books. I just noted that a claim that MIT came _very close_ to violating ITAR by publishing a book with complete source code in OCR'able text is more legitimate than a claim against a software company that makes a good faith effort to prevent a crypto program from being exported. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMecGkbZc+sv5siulAQH1VQQAh26lrtY9HAr3r4xrf/ZeyXZZ2QZbzOp6 Tjz6yjH+PH78pET0Egjd+QppuLXVxilukY2A2k8c/SNtzHjVX37HvmOT08xRwEi+ cUn9OwJ6QEGYtNe3iPyeLFRklkt0O283LX11CBrXSp3t052BgqaZyEtHn+G5M3dd X8G7hkphtis= =8vbw -----END PGP SIGNATURE----- From m5 at vail.tivoli.com Sat Jul 13 00:28:10 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Sat, 13 Jul 1996 15:28:10 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121854.LAA29560@slack.lne.com> Message-ID: <31E6D348.802@vail.tivoli.com> Eric Murray wrote: > > They said no problem, but... They said nothing I can do will block it > > when I call 800 numbers. CID != ANI, which has been around for a long time. 800 numbers have always had ANI available, to my knowledge. > Their answer: "that's just the way it works". Correcto-mundo. > > Wow. Maybe I'm not paranoid enough, but I never expected this. I can > > never again call an 800 number anonymously to get information about > > something unless I go out to a pay phone. What an incredible > > inconvenience, and how truly depressing. Not "never again", but "never ever, past or future". All you 800 calls you made in the past went out with your phone number delivered to the recipient. > Caller ID isn't for people, it's for businesses who want to > track callers. Bull cookies. I have caller ID boxes on my lines. If somebody want to make noise in my house in an effort to get my attention, I damn well want to know who they are. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From sentiono at cycor.ca Sat Jul 13 00:39:15 1996 From: sentiono at cycor.ca (Sentiono Leowinata) Date: Sat, 13 Jul 1996 15:39:15 +0800 Subject: Good dictionary files? Message-ID: <199607130216.XAA15487@bud.peinet.pe.ca> As many people say, a good password cracker is very dependent on the dictionary file(s). When one has a very good dictionary file(s), the chances of password being cracked is bigger. I am wondering if someone can tell me where I can get good dictionary file(s). Search on the web result to nothing. I have one large dictionary file (about 14Mb) to check it, but I still not feel comfortable to say it's a good one. This might be off topic from cryptography, but until we can reverse engineer (decrypt the crypt or crypt(3)) functions, nothing we can do but to rely on those good dictionaries. Thank you and I apologize for anyone who might get offended by my post. Regards, Sent. From bkmarsh at feist.com Sat Jul 13 01:27:38 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sat, 13 Jul 1996 16:27:38 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu> Message-ID: On Fri, 12 Jul 1996, David Mazieres wrote: > They said no problem, but... They said nothing I can do will block it > when I call 800 numbers. "The people with 800 numbers have special > software, and there is nothing you can do to block your identity when > calling them. Not even *67." > > Wow. Maybe I'm not paranoid enough, but I never expected this. I can > never again call an 800 number anonymously to get information about > something unless I go out to a pay phone. What an incredible > inconvenience, and how truly depressing. > > I know 800 number owners probably used to be able to get lists of > calling phone numbers on their phone bills, but this is less > disturbing as it would take significant effort to match up the lists > after the fact. I just want to be able to call up companies and say, > for instance, "If I buy your product, can it do X?" as opposed to, for > instance, "I'm stuck with your product, can it do X?". People are > often more helpful in the former case. Now, though, they'll know > exactly who I am before they even say hello. This is nothing new. 800, 900 and some other similiar numbers have been able to subscribe to a service called Automatic Number Identification (ANI) for many years now. While it is related to Caller ID, it doesn't operate with necessarily the same restrictions/options. Many companies use ANI in addition with special software to actually look at where you are calling from and either pull up your records, transfer you to a region specific extension, etc. I've heard rumors that some carriers pull their ANI information from CID thereby enabling you to block it just like you would the normal signal. Other methods of remaining anonymous can be achieved by going through long distance companies that don't pass on ANI information or paying companies who offer you ANI blocking dial-throughs. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 From dwa at corsair.com Sat Jul 13 01:41:54 1996 From: dwa at corsair.com (Dana W. Albrecht) Date: Sat, 13 Jul 1996 16:41:54 +0800 Subject: Can't block caller ID in Massachusetts? Message-ID: <199607122035.NAA15917@vishnu.corsair.com> David Mazieres writes: > My last phone bill said that Nynex is now giving out people's names in > addidtion to their phone numbers over caller-id. I therefore called > Nynex and told them to block caller-id on my phone line. > > They said no problem, but... They said nothing I can do will block it > when I call 800 numbers. "The people with 800 numbers have special > software, and there is nothing you can do to block your identity when > calling them. Not even *67." > > Wow. Maybe I'm not paranoid enough, but I never expected this. I can > never again call an 800 number anonymously to get information about > something unless I go out to a pay phone. What an incredible > inconvenience, and how truly depressing. > > I know 800 number owners probably used to be able to get lists of > calling phone numbers on their phone bills, but this is less > disturbing as it would take significant effort to match up the lists > after the fact. I just want to be able to call up companies and say, > for instance, "If I buy your product, can it do X?" as opposed to, for > instance, "I'm stuck with your product, can it do X?". People are > often more helpful in the former case. Now, though, they'll know > exactly who I am before they even say hello. > > David 800 (And 888/900 etc.) numbers use a different mechanism (ANI) than caller ID to provide your telephone number to the person you are calling. This has been around far longer than caller ID, and really doesn't have all that much to do with the caller ID service, which is entirely different. So in essence, nothing's really changed with regard to 800 numbers, except that people are now becoming _aware_ that the called party has access to their telephone number. If you want additional information, I'd recommend starting with the FAQ for the alt.2600 newsgroup. Dana W. Albrecht dwa at corsair.com From scmayo at rsc.anu.edu.au Sat Jul 13 01:49:37 1996 From: scmayo at rsc.anu.edu.au (Sherry Mayo) Date: Sat, 13 Jul 1996 16:49:37 +0800 Subject: EFA attitude to crypto Message-ID: <199607130349.UAA15303@toad.com> Just to clear up Rich Grave's comment regarding the Electronic Frontiers Australia's attitude to crypto. EFA did not object the the ABA's report and it's comment about crypto. They did object to an earlier government report which said that crypto should be *mandatory* - since turning people into criminals for transmitting plaintext is just as daft as turning them into criminals for transmitting encrypted text. Hope this puts things straight. Sherry From sfuze at sunspot.tiac.net Sat Jul 13 02:11:32 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Sat, 13 Jul 1996 17:11:32 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: I wrote David backchannel about this, explaining it in lurid detail. Now, to the whole list, if you didn't know, Here's how you STOP the 800 people from getting your number: DIAL THE OPERATOR and have her put the call through... Take Care, Millie From WlkngOwl at unix.asb.com Sat Jul 13 02:25:51 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 13 Jul 1996 17:25:51 +0800 Subject: Another bad idea Message-ID: <199607130436.AAA15446@unix.asb.com> On 12 Jul 96 at 10:23, Alan Olsen wrote: [..] > Of course this is all a moot point, because it has been proven by computer > projections that all informative net traffic will be buried under > advertisements by the year 2000 anyways. I expect some legislative body to > try and make money fast on the net by selling ad space on IP packet headers. Yes. They can follow the American model and rather than censor communications, allow advertising. Nobody will be able to get an inteeligent thought from the net without being interrupted by an ad every five minutes... and people will pay good money for this 'privledge' (sp?) too. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sat Jul 13 02:30:01 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 13 Jul 1996 17:30:01 +0800 Subject: Another bad idea Message-ID: <199607130436.AAA15452@unix.asb.com> Note that my main point was sort-of vague. Let me re-iterate it: crypto-activism should go along with the other activism for democratizing countries like China, Iraq, Burma, etc. Most of the activists involved with those issues know about the culture (and many are already PGP-aware)... so for specific situations some of the ideas presents may not be appropriate for others. It might be ok to direct-mail someone in one country, but dangerous for someone in another. Also don't take for granted the relative access of privacy one has in the US or Europe compared to some regime where you can only net surf with a policement watching over your shoulder at the police station's internet kiosks (hypothetical...). Using an anonymous remailer or web anonymizer may be reason enough to get somebody in another country in trouble. The thought of blindly being a k00l krypt0 activist and getting some poor guy in another country thrown in jail doesn't do much to help democratize that country. Spam and unsolicited mail aren't the way to go. Better, more subtle ideas, might be to say 'check out this page' ot 'i've got source code for that on my page at...', which has techie or even entertainment info but also has political info (that already happens quite unintentionally). I wonder what web users in places like Singapore thought when they kept running across blacked-out anti-CDA pages... If one is familiar with the culture, one can even be really subtle and seem to be talking about an unreleated story or even techie or sports but actually be discussing the political situation in that country (look at many Soviet films, some Chinese films, Spanish films under Franco's regime, Cuban films, etc.) On 12 Jul 96 at 18:30, E. ALLEN SMITH wrote: [..] > If these countries didn't value their technical people and what they > can do, they wouldn't be allowing them on the Internet (even in a restricted > way) in the first place. The above would only be a likely scenario if the [..] Don't underestimate people's stupidity. The party loyalists or bootlickers may get away with more naughtiness on the 'net, but those borderline techies who are about due for another month at a re-education camp or loyalty counseling may get screwed. If such countries really valued their techies, then why do they allow them to emmigrate to Western countries? [..] > How, precisely, is one going to filter out graphics from web sites in > Chinese? Ascii text and ideographs don't exactly get along. One interesting [..] By filtering out all photographs, which from what I heard the Chinese were contemplating. Whether is it truly feasible is another matter, of course. But since when has infeasability prevented anyone from trying it? Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From grafolog at netcom.com Sat Jul 13 02:34:44 1996 From: grafolog at netcom.com (Jonathon Blake) Date: Sat, 13 Jul 1996 17:34:44 +0800 Subject: Destabilizing China's Government with Strong Crypto In-Reply-To: <1.5.4.32.19960713003051.002f9dac@giasdl01.vsnl.net.in> Message-ID: On Sat, 13 Jul 1996, Arun Mehta wrote: > Look around you: while "civilized", "white" and "man" might characterize the > cypherpunks. And how does it matter? I'm suggesting an e-mail course that I'm trying to get a "civilised white woman" to learn to use cryptography. At least, I think she is is civilised -- she paid for lunch for me one day. She is female, though that doesn't preclude a previous sex-change operation, or two. She has a pale skin, and blue eyes, and blond hair, but that doesn't mean she isn't Jewish, like Hitler's Poster Child of the Aryan Race was. Her eyes may have been colored by wearing colored contact lenses, and her hair may have been bleached. I assume she is white, since she has a pale skin. An official of the former regime in South Africa might well have been able to classify her as "Cape Colored", "Other Colored", "Griqua of Rehobath" or any of the 47 plus racial classifications that they used. So no, it doesn't matter who reads it, or who writes it, distributes it, etc --- so long as it gets done. << I don't know who is being quoted in the following line. > > >chances are they are already doing things along those lines. > If they are, its only in pockets, and they are doing an awful job of > telling people about it if none of us has heard. The Internet is still very They might be doing things the way Brother Andrew did, in smuggling Bible behind the Iron Curtain. Not telling the world at large, to protect the smugglers, untill after most of their team was arted/detained/granted "persona non gratis" status behind the Iron Curtain. > or the greatness of Kim Jong Il, and in the process upload all you know > about the scandal, untraceable to you. ROTFLOL. OTOH, it will get by pretty much any censor. << These graphics are of our Most Beloved Leader. This must be an honourable upright citizen. And stenographed in them, is the weekly edition of what "Most Beloved Leader" has done against his population. >> > What I have in mind is as follows: > "Building a Cryptobook" lists a number of software packages: > packaged together as a course or a book, a sort-of "Crypto for Dummies." Package it as book, if any government does clamp down on the distribution of it as an E-Mail course. Or publish a book as a supplement. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From bkmarsh at feist.com Sat Jul 13 02:37:42 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sat, 13 Jul 1996 17:37:42 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Fri, 12 Jul 1996, Sandy Sandfort wrote: > On Fri, 12 Jul 1996, Bruce M. wrote: > > > I've heard rumors that some carriers pull their ANI information from > > CID thereby enabling you to block it just like you would the normal > > signal. Other methods of remaining anonymous can be achieved by going > > through long distance companies that don't pass on ANI information or > > paying companies who offer you ANI blocking dial-throughs. > > Another way to defeat ANI or whatever is to call 800 numbers by > using a pre-paid calling card. It would still be possible for the LD company to just pass through your information for ANI, although I wonder what percentage actually do. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 From bkmarsh at feist.com Sat Jul 13 02:44:58 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sat, 13 Jul 1996 17:44:58 +0800 Subject: ANI Blocking! Fast, Easy, Effective! (fwd) Message-ID: > ---------- Forwarded message ---------- > Date: Thu, 4 JUL 1996 14:48:28 GMT > From: Glen L. Roberts > Newgroups: alt.2600, alt.privacy, alt.private.investigator, > alt.dcom.telecom, > comp.dcom.telecom.tech, alt.security, misc.consumers > Subject: ANI Blocking! Fast, Easy, Effective! > We are in the beta teating phase of a new service to block ANI. > You'll be able to call any toll-free number and prevent them from > getting your phone number. We do not charge for this service (you > do have to call a long distance number). > Complete details are on our web page. As we are beta testing, we > can't say for such what problems might crop up, but let us know. > http://pages.ripco.com:8080/~glr/block.html > ------ > Purity of Opinion through force of Intimidation: > http://pages.ripco.com:8080/~glr/rogue > Web Site for FBI File Access! You, too can be like Pres Clinton! > http://pages.ripco.com:8080/~glr/fbi.html > ------ I thought this might be of interest due of the recent discussions about ANI and privacy. I've seen this type of service before, but this one is apparently free (besides the cost of calling their area code if you aren't local). ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 From WlkngOwl at unix.asb.com Sat Jul 13 02:45:03 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 13 Jul 1996 17:45:03 +0800 Subject: Crypto-activism Message-ID: <199607130500.BAA15914@unix.asb.com> On 13 Jul 96 at 0:37, Arun Mehta wrote: [..] > >> 1) Collect the e-mail addresses as Allen suggested (including those in > >> Hongkong), and send them a single, short message offering to teach them free > >> of cost how to use pgp and all the goodies at > >> http://www.eskimo.com/~joelm/cbsw.html > > > >Might be condescending. 'Civilized white man brings PGP to the > >barbarians...' > > Look around you: while "civilized", "white" and "man" might characterize the > vast (?) majority on this list, I'm sure that's not the universe on > cypherpunks. And how does it matter? I'm suggesting an e-mail course that My point is that a lot of people in those countries are aware of PGP etc. than make it out to be. Certainly many activists are. They focus on the human rights issues at hand, to which PGP etc. may be a tool... but isn't the central focus. It would be condescending to email to many people in a domain saying "hey, have you heard of PGP?..." Chances are they'll think it's a strange commercial spam anyway. The "civilized white man" comment was more of a metaphor. Change that to "Cypherpunks bring gifts of crypto to the natives" or maybe "Cypherpunks civilized the barbarians with PGP"... [..] > > They may well know about PGP, but not in a position > >to make that knowledge widely known. > > That's no good to the rest of the world. Forget them: the question is, are > *you* in a position to share your knowledge? Yep. But there's a proper way to share knowledge. You don't want to do it in such a way as to get the person you're sharing it with in trouble (esp. for something like crypto, where you could go to jail or be shot in some jurisdictions). If that person isn't interested, there's not much you can do... you may end up turning someone off. If you want someone to listen, and be interested (if they're not already), you have to do it in an appropriate way. You also have to know what you're talking about: if you're not familiar with the nitty -gritty of politics in such countries, you'll come off as the "cypherpunk bearing gifts of crypto for the natives"... the politics going on in places like Cuba, China, Iraq, Russia are a bit more complex than what comes off through the media (to some extent no matter where you are and what media you watch). For example... there are many anti-Castro 'democratic' socialists in Cuba. If you approach them as if they were anti-Communists you'll be seen as a clueless kook. Some Chinese I have spoken to are suspicious of the Tiennamen Sq. activists, claiming they were more 'reformists' than true democratizers who were unknown before Tiennamen. Many Iranians will insist Iran is a democratic country where fundamentalists hold a lot of popular power, and that Western tinkering will only strengthen fundamentalists rather than allow a transition to a more moderate party. I'm not saying any of these are true... they are just examples of how people in the respective territories view their situations differently, and that one can do more harm mistaking the situations in those countries. One more important issue: people have to trust you. You can't go into a strange environment and expect trust if you come off as a tourist. As for sharing knowledge... share crypto with activists involved with other issues. If one right, they're likely to use it in ways one hasn't imagined. [..] > >I'd leave the specifics to activists who are already familiar with > >the respective cultures, societies, politics, etc.... > > I'm one. Be glad to tell you more,... Yes, do tell. [..] > It's only crypto, not the Bible or Koran. And let them be their own judges? > You seem to want to protect people in the Third World the way the US > government wants to keep cyberporn from kids. No. I don't want to see somebody do something annoying and counterproductive that can get people it's allegedly meant to help in trouble and perhaps make a case for strengthening crypto regulations. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From sandfort at crl.com Sat Jul 13 02:58:20 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 13 Jul 1996 17:58:20 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 12 Jul 1996, Bruce M. wrote: > I've heard rumors that some carriers pull their ANI information from > CID thereby enabling you to block it just like you would the normal > signal. Other methods of remaining anonymous can be achieved by going > through long distance companies that don't pass on ANI information or > paying companies who offer you ANI blocking dial-throughs. Another way to defeat ANI or whatever is to call 800 numbers by using a pre-paid calling card. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nobody at mockingbird.alias.net Sat Jul 13 03:36:57 1996 From: nobody at mockingbird.alias.net (Anonymous) Date: Sat, 13 Jul 1996 18:36:57 +0800 Subject: DES & IDEA built right into the Linux kernel... In-Reply-To: Message-ID: <199607130507.WAA25103@myriad> > Nicholas Leon has created tools that allow DES > and IDEA encryption at the device level for the Linux kernel. Some of > the patches are in the 2.0.4 kernel, and the rest can be found at > > http://www.binary9.net/nicholas/linuxkernel/patches/ Yep, you can mount encrypted files or partitions as filesystems. (sorta like securedrive/securedevice for messydos.) Nifty stuff... From sopwith at redhat.com Sat Jul 13 03:54:00 1996 From: sopwith at redhat.com (Elliot Lee) Date: Sat, 13 Jul 1996 18:54:00 +0800 Subject: Chancellor Group (symbol = CHAG) In-Reply-To: <199607120153.SAA16483@toad.com> Message-ID: On Thu, 11 Jul 1996 chag at moneyworld.com wrote: > http://chancellor.stockpick.com > > Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings. > SGA Goldstar issued a "buy" recommendation. I understand other investment > advisors are looking to recommend CHAG. The company has a strong book value. > The short sellers need to cover. This looks like a good situation to me. > What do you think? They are located at: > > http://chancellor.stockpick.com > > Bob Williams, 206-269-0846 > > To terminate from my Investment Opportunities, Reply to > chag at moneyworld.com with "remove" in the subject field. Ugghhh! This guy's gotta get stopped somehow. Is there an Anti-SPAM list that would be more appropriate for this? --------------------------------------------------------------------- 'whois moneyworld.com' registered to Bob Williams No hosts seem to be active in the moneyworld.com domain except usa1.moneyworld.com [208.129.19.69] - even the name server is dead. us1 is an outgoing-only SMTP server AFAIK - can't connect to port 25, but the spam came from that host most likely. 'whois stockpick.com' registered to Bob Williams 'finger dyno at cyberspace.com' [cyberspace.com] Account Name: Peter Johnson Email address: dyno at cyberspace.com 'lynx http://www.cyberspace.com/~dyno/' Shows directories for chag, netamerica, and natureplus. chag has the (phony) investment reports. natureplus shows a bunch of stuff trying to advertise holistic medicine ("Herbs, Minerals, Vitamins & Extracts"). Lookie here - netamerica must be the name of his 'real' company. Has a bunch of information, the title of the main page is "Direct Internet Marketing & Financial Public Relations" Going to the chancellor.stockpick.com pages says that the name of the company, however, is 'Financial Connections, Inc.' Looks like this guy is: - Going under a fake name/names - Advertising by abusing the Internet - Using as many company names as he has pairs of underwear From frantz at netcom.com Sat Jul 13 03:58:21 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 13 Jul 1996 18:58:21 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? Message-ID: <199607130624.XAA24879@netcom8.netcom.com> At 9:21 PM 7/12/96 -0400, Michael Froomkin wrote: >> could claim that MIT came very close to violating ITAR, but the same claim > >"The ITAR do not apply to books" I'm not sure the exact legalities apply here. I think it is more like the mob pressuring business men for protection and punishing those who do not comply. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From deviant at pooh-corner.com Sat Jul 13 04:46:26 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 13 Jul 1996 19:46:26 +0800 Subject: It's more than "White Punks on Dope" In-Reply-To: <199607111437.HAA18788@montana.nwlink.com> Message-ID: On Thu, 11 Jul 1996, Brad Shantz wrote: [Stuff skipped] > > At my wife's school, they do not use Ritalin. They have started using a > product called PhytoBears. Don't laugh. These are GummiBears made out of > all natural vegetable extracts. One of those, "100% of all the vitamins > and minerals needed by the human body and mind in a day" kind of things. > Apparently, the kids who were on Ritalin are now getting on much better > with PhytoBears than they were with Ritalin. > I'm going to say this like my brother would... "Just remember... Cyanide is all natural too." 'Nuff said. also, it seems that most of the people here who are speaking against ritalin have _OBVIOUSLY_ never taken or been close friends with anybody who has take ritalin. It's not that bad. Really. --Deviant [Appologies that this messages isn't signed, my biggest HD crashed today, and the version of Pine in Linux Slackware 3.0 doesn't support filters... future messages will be signed, as usual...] From roy at sendai.scytale.com Sat Jul 13 05:04:40 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Sat, 13 Jul 1996 20:04:40 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121854.LAA29560@slack.lne.com> Message-ID: <960713.020337.6k8.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, ericm at lne.com writes: > When I called the Pac Bell customer service droids to get my "complete" > blocking I asked them why they won't block CID to 800 numbers. > Their answer: "that's just the way it works". A little simplistic, perhaps, but nevertheless accurate. 800 and 900 numbers do not receive CNID (Calling Number ID). They receive ANI (Automatic Number Identification). In the case of 800 (or 888) numbers, they're paying for the call. For 900's, you're paying a premium charge. In both cases, the calling number is delivered for billing purposes. This isn't new... ANI has been around for years. > Caller ID isn't for people, it's for businesses who want to > track callers. Speak for yourself. I have CNID, and I find it to be damn useful in deciding which calls go to voicemail. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMedLNxvikii9febJAQGTOAP9Ffsbp51yUz6aunjmmLdDXbHb83g4rlBY 8oRyz7oSJyqOQAyXYpUVH3yQCMCRZGsrH8gxacpJjYVIHvLSq7vYEYyiP5IDz3n1 Zfc74odlZplI3McDtglWhcg1IJ1Rcp+6WH+Ayel3onLLEUMSSuBXHmml9+QdI8B2 vViJsmxDByo= =Sh7x -----END PGP SIGNATURE----- From anonymous-remailer at shell.portal.com Sat Jul 13 06:09:06 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sat, 13 Jul 1996 21:09:06 +0800 Subject: SEARCH> Social Security Death Index Search (fwd) Message-ID: <199607130826.BAA10680@jobe.shell.portal.com> ---------- Forwarded message ---------- Date: Fri, 5 Jul 1996 12:41:15 -0300 (ADT) From: Todd Smith To: Multiple recipients of list Subject: SEARCH> Social Security Death Index Search Social Security Death Index Search http://www.infobases.com/ssdi/query01.htm To search the Social Security Death Master File (a.k.a. Social Security Death Index or simply SSDI), fill in any or all of the fields below and press "Submit." A list of some Social Security Death Index information is available here. The SSDI search indexes are currently under development. Indexs are currently available for surnames beginning with the following letters: A B C D E . . . I J . . M N O P Q R . . U V . X Y Z Last Name: First Name: SSN: Location Issued: Birth Information Date: Month: Year: Death Information Date: Month: Year: Last Residence / Lump Sum Payment Information: City: County: State: Zip Code: ------------------------------ From erehwon at c2.org Sat Jul 13 06:23:27 1996 From: erehwon at c2.org (William Knowles) Date: Sat, 13 Jul 1996 21:23:27 +0800 Subject: Crypto-Activism & PGP Message-ID: Does anyone know how many languages PGP's help files and documentation has been translated into? A good start I would think would be translating PGP into Chinese? and mirroring it on sites around the world. William Knowles erehwon at c2.org -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- From mcarpent at Dusk.obscure.net Sat Jul 13 06:31:11 1996 From: mcarpent at Dusk.obscure.net (Matt Carpenter) Date: Sat, 13 Jul 1996 21:31:11 +0800 Subject: Execution of signed scripts received by e-mail Message-ID: <199607130841.DAA00240@Dusk.obscure.net> -----BEGIN PGP SIGNED MESSAGE----- This is a rough description of a perl script I'm working on to allow the automated execution of PGP signed scripts received by e-mail. I call it emscrypt. Right now it is in the volatile-ware stage. Hopefully I'll have it tested enough to post here shortly, if I feel i can pull myself away from my research for a few hours. But I thought I would post a description now to see if anyone can find any problems with the way I'm going about this or has any suggestions. I apologize for the possibly inscrutable descriptions; it's been a while since I last slept. Let me know if anything needs clarification. First, a basic description of the idea: 1. Write a script (perl, sh, etc.) to be executed on a remote machine. 2. Sign the script with PGP. It can also be encrypted using the public key for the emscrypt installation on the remote machine. 3. Mail the signed/encrypted script (a.k.a. emscrypted mail) to the address where emscrypt is installed. 4. The script is received and piped to emscrypt (using procmail or something similar). 5. Emscrypt checks the PGP signature on the message, and checks for replay attacks based on the time stamp from the signature. 6. Emscrypt executes the script, gets the results, encrypts them, and sends them back to you. The install procedure: Create a directory to hold the PGP keyrings and the emscript temporary files. Generate a secret/public key pair for the emscrypt software and place in the emscrypt directory. These need to be DIFFERENT for each installation of emscrypt. Otherwise you are subject to a "same play" attack. I suppose you could create two or more installations with the same key if you will ALWAYS be sending all the same scripts to every installation. Generate a public keyring in the emscrypt directory which has only the keys with which you want to be able to validate incoming scripts. Make them "trusted" by the emscrypt key. Update the PGPPASS, PGPPATH, and emscryptPath variables in the emscrypt script. This is very important since if the PGPPATH is pointing to your normal pubring ANYONE with a key in that ring would be able to run scripts on your system. Actually only the keys which are "trusted", but there may be lots of "trusted" keys which you wouldn't trust to run arbitrary scripts on your computer. Test the script to make sure it seems to work alright on your system. After that, you can set it up to be automatically called when you receive e-mail with the magic subject line of your choosing (or in some other way I suppose). I've been using something resembling the following procmail recipe: :0: * ^Subject.*SQUEAMISH OSSIFRAGE |/MY_PATH/emscrypt How emscrypt works: * Get input Get one input line at a time, and look for Reply-To: and From: headers to get a reply address. As we are slurping up lines, watch for '-----BEGIN PGP' lines. If it is for encryption or a signed message (i.e. as long as it is not for a key block), get all the lines up to and including the appropriate '-----END PGP' line, and save them to a temp file. Note that several scripts can be batched together in a single input file. Just generate the scripts and sign them separately and the combine all the PGP messages into a single file. Also, they may be signed with different keys. * Verify signature Run PGP on the temp file to verify/decrypt it. Save the stderr results from the PGP process in another temporary file. Get the verified(?)/decrypted output from a pipe, and save in memory. (QUESTION: is it possible to have stderr redirected to a separate input pipe and avoid writing to disk? How? (This is in Perl.) I was combining the the stderr and stdout from the PGP process into a single input pipe, but that may allow for leakage of PGP stderr output into the script we are verifying/decrypting if we aren't careful.) Search through the PGP process stderr output to look for important stuff like whether the signature was good, what the time stamp was, and what the key user string is. I'm not real happy with this method. Probably doesn't work well with versions other than 2.6.2 or non english language versions. I'm waiting for the signature code and such in the PGP library from Systemics (an announcement showed up here a couple days ago, http://www.systemics.com/software/ ) which will allow this to be much cleaner. (QUESTION: Any other ideas for handling this?) * Check for replay If the signature is good then we need to check for the dreaded replay attack. This is how I have it working: there is a separate file for each PGP public key which keeps track of the time stamp for the last executed script which was signed by that key. Right now the file names are generated from the key ID string for the pgp key. Mainly because we get that for free when we check the signature. Will probably run 'pgp -kv "ID string"' so that I can get the hex key ID, since that would probably make a more reasonable file name. Besides the value saved to disk, we store a separate time stamp for this "batch" of messages in an associative array by key ID. Each separate mail message is a batch, but we may have more than a single PGP signed script in each message. So the batch time stamp is the stamp we read from a time stamp file for a key ID when we process the first message in a batch for that specific key ID. The batch time stamp is then constant for the remainder of this run of the script. Anyway, we generate a file name based on the key ID, save it in an associative array by key ID for later use, and see if the file actually exists. If the file doesn't exist, create it and save the time stamp from the current signature to the file. Put a timestamp of 100000000000 in an associative array by key ID for later use (this is the batch time stamp: the time stamp is formatted as YYYYMMDDHHmm. I use 100000000000 here since I explicitly check the time stamp format each time to make sure it is composed of exactly 12 digits. Also, if the file doesn't exist, we need to use a batch time stamp that will be lower than that of any of the messages in the current batch for this key ID. I suppose it might be better to generate a time stamp something like (CURRENT_TIME - (some reasonable amount of time)) to limit what is accepted. I also plan to allow a limit for the amount of time which can elapse between the script being signed and being received by emscrypt for cases where the file does exist. If the file did exist on disk, read the time stamp from the file and save in the batch time stamp associative array by key ID. So now we have a replay prevention time stamp to compare to the time stamp from this PGP signed script. If the script stamp is more recent, then we can execute the script. But first, check to see if the script stamp is more recent then the stamp saved in the file. If it is, then replace the file time stamp with the script stamp, and update the associative array which keeps track of these values (this is the "most recent stamp" array, not the "batch stamp" array). * Execute the script Check the variable status to make sure that both the signature and time stamp were acceptable. If not, then generate an appropriate error message explaining why the script was rejected, include a copy of the script, encrypt the message using the submitter's public key, and mail it back. Then go back to the top of the loop to deal with the rest of the input. If it everything checks out, then prepare a file to receive the stderr output, save the script to a file, set the script to executable, and open (execute) it as an input pipe. Get the results from stdout. Open the stderr file, and get the stderr results. Combine the stdout, stderr, and the script (with separators so we can tell what is what), encrypt the whole bundle with the submitter's public key and mail it off. Repeat loop for rest of input. Problems? Suggestions? Let me know. Thanks, - --Matt - -- mcarpent at mailhost.tcs.tulane.edu Finger for PGP public key. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMedc/SjtJAMyBnp9AQF83wf+J9P1Lmr8sca12R89LUYcFxRms1gJro/9 E5Ni1kqivWKYJ+JP9geP+k7VLWbq5miby8RMfKemuz77BuK9UIQG1pd6bGNjlSg9 O+XkiB5dbHX6+hZ23wPABzeuu6+3klLfNnzQEuNZ4/jxeNwFIIY3ifYglhWIPoeG a3kpd2DXY1HVjO674TQNGBYn6bnDPi5wMzYSTxJLukKHBzlgaLt4nssv/8N2jhcg XHWqEEvHc2lY0UvBk+wuqJHigzI03NzpFkh7mgF6ll5gEuG0qGgvLIKb+ir4vF1Q k46mNHq03M+Vc5/loLjFfQzcuu24GdjlFY2pHEpHz7rhYG25ONJeDg== =Lm22 -----END PGP SIGNATURE----- From nobody at REPLAY.COM Sat Jul 13 07:11:22 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 13 Jul 1996 22:11:22 +0800 Subject: Internet Relay Chat Message-ID: <199607131004.MAA16866@basement.replay.com> Is it legal to hack IRC??? Just wondering.. From gary at systemics.com Sat Jul 13 08:07:17 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 13 Jul 1996 23:07:17 +0800 Subject: I@Week on crypto export loophole 6/24/96 In-Reply-To: <1.5.4.32.19960712190524.00663184@pop3.interramp.com> Message-ID: <31E7828B.391B18B0@systemics.com> Will Rodger wrote: > > The odds the US would go after a foreign company would seem pretty remote, > unless based in a country that strongly suppported US policy. Er, right ... Just like they don't go after the Swiss bankers who choose to have dealings with Columbians, or German businessmen who have dealings with Cubans ... Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From lyalc at ozemail.com.au Sat Jul 13 09:36:03 1996 From: lyalc at ozemail.com.au (Lyal Collins) Date: Sun, 14 Jul 1996 00:36:03 +0800 Subject: Reasonable validation of a software package In-Reply-To: <199607121405.HAA09514@infinity.c2.org> Message-ID: <31E87985.6EF9@ozemail.com.au> This touches upon a favourite rant of mine. Anonymous User wrote: > > Fellow cpunks: > > I am working on various software packages for UNIX and > Windows and since this is commercial work and prior NDA's > are involved, I can't include the source code for > absolute validation. > > What would assure one that a package has not been tampered > with from the company to the user? If someone had your public key, and a trusted software module with which to use it, you could use a "Digital Signature". PGP offers such data integrity and signing functions. You also indicate you have PGP - even better. So, now you are left with ensuuring people have your public key, and the recipient having a trusted software tool. Again, PGP is relatively well accepted in this regard. Trusted - depends on the source of the recipient's copy. So, now you need to ensure that you can get your public key (to verify the digital signature with) in the hands of all your possible, or intended, recipients. Now the race is on for as many people as possible to generate PGP public keys/certificates bearing your name, or variations of it. Once that occurs, there is a fair chance that one of these keys will verfiy the digital signature on a piece of software purportedly from you. Still, not many people will have your true PGP public key/certificate, but, them's the breaks. > > (Currently, I am using PKZIP's rather anemic AV protection, > as well as signing the archive with my PGP key. I am > wondering if there are any other steps I need to take to > assure that a package came from me, and wasn'tSee above - easy or difficult - how much assurance do you want ? > damaged/altered/tampered with in transit.)See above - easy or difficult - how much assurance do you want ? > > Thanks in advance. lyal -- All mistakes in this message belong to me - you should not use them! From wb8foz at nrk.com Sat Jul 13 10:00:50 1996 From: wb8foz at nrk.com (David Lesher) Date: Sun, 14 Jul 1996 01:00:50 +0800 Subject: Chancellor Group (symbol = CHAG) In-Reply-To: Message-ID: <199607131247.IAA15446@nrk.com> > Ugghhh! > > This guy's gotta get stopped somehow. Is there an Anti-SPAM list that > would be more appropriate for this? As I said, this is raw meat for the SEC. See their web page. The more complaints, the better.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From jimbell at pacifier.com Sat Jul 13 10:13:17 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 14 Jul 1996 01:13:17 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? Message-ID: <199607131310.GAA14552@mail.pacifier.com> At 11:27 PM 7/12/96 -0700, Bill Frantz wrote: >At 9:21 PM 7/12/96 -0400, Michael Froomkin wrote: >>> could claim that MIT came very close to violating ITAR, but the same claim >> >>"The ITAR do not apply to books" > >I'm not sure the exact legalities apply here. I think it is more like the >mob pressuring business men for protection and punishing those who do not >comply. And that's what "our" government's coming to! Does anybody still think that they're not going to deserve what they get? Jim Bell jimbell at pacifier.com From bkmarsh at feist.com Sat Jul 13 10:21:32 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sun, 14 Jul 1996 01:21:32 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Fri, 12 Jul 1996, Alan Horowitz wrote: > > Caller ID isn't for people, it's for businesses who want to > > track callers. They're willing to pay for that service, enough > > Privacy isn't for parasites. It's for people who are willing to pay for > their own phone calls. That is interesting as I don't recall ever being offered a choice of toll free or being billed when I dial an 800 number (sometimes the only number offered for a company). ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 From jimbell at pacifier.com Sat Jul 13 10:23:20 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 14 Jul 1996 01:23:20 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Message-ID: <199607131310.GAA14557@mail.pacifier.com> At 06:23 PM 7/12/96 -0400, Bob Palacios wrote: >----------------------------------------------------------------------------- > _____ _____ _______ > / ____| __ \__ __| ____ ___ ____ __ > | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ > | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ > | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ > \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ > The Center for Democracy and Technology /____/ Volume 2, Number 27 >---------------------------------------------------------------------------- > A briefing on public policy issues affecting civil liberties online >---------------------------------------------------------------------------- > CDT POLICY POST Volume 2, Number 27 July 12, 1996 >(1) NO NEW NEWS ON ENCRYPTION - VP GORE REITERATES SUPPORT FOR KEY ESCROW > >Despite the growing pressure from Congress, privacy advocates, the computer >industry, and the public for the reform of US encryption policy, the >Administration continues to embrace its Clipper III key-escrow encryption >proposal. Bob, I think I'd feel a lot better about CDT if you'd explicitly withdraw any support for the Leahy encryption bill. Jim Bell jimbell at pacifier.com From rp at rpini.com Sat Jul 13 10:31:02 1996 From: rp at rpini.com (Remo Pini) Date: Sun, 14 Jul 1996 01:31:02 +0800 Subject: SECURE + PGP Message-ID: <1.5.4.32.19960713131322.008c41f8@193.246.3.200> I played around with secure (eudora plugin) a little bit, but it seems to be unable to decrypt anything it encrypted. (eudora 16-bit on winnt 4.0) Any hints? Also, I wan't to write a mail-program (like eudora), with built-in PGP. Is the algorithm published anywhere (including the protocols)? ie.: key generation, signing, en- and de-crypting, u.s.w. I presume the algorithms are of the shelf (DES and IDEA), but what about the hash-algorithms and key-ring management? ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From mishania at demos.su Sat Jul 13 10:38:37 1996 From: mishania at demos.su (Mikhail A. Sokolov) Date: Sun, 14 Jul 1996 01:38:37 +0800 Subject: Internet Relay Chat In-Reply-To: <199607131004.MAA16866@basement.replay.com> Message-ID: <199607131340.RAA02043@megillah.demos.su> As legal as in case you hack someone's machine. Anyhow it depends on what did you mean by your question, though, is there any legalized hack ? > Is it legal to hack IRC??? > > Just wondering.. > > -mishania From rodger at interramp.com Sat Jul 13 10:55:57 1996 From: rodger at interramp.com (Will Rodger) Date: Sun, 14 Jul 1996 01:55:57 +0800 Subject: I@Week on crypto export loophole 6/24/96 Message-ID: <1.5.4.32.19960713135331.006867b4@pop3.interramp.com> -----BEGIN PGP SIGNED MESSAGE----- At 01:03 PM 7/13/96 +0200, you wrote: >Will Rodger wrote: >> >> The odds the US would go after a foreign company would seem pretty remote, >> unless based in a country that strongly suppported US policy. > >Er, right ... Just like they don't go after the Swiss bankers who >choose to have dealings with Columbians, or German businessmen who >have dealings with Cubans ... > You're right. I should have be more specific: I was thinking the odds the US could successfully prosecute a non-US citizen for violating those laws seems pretty remote if that person was from a country not in agreement with US crypto policy. "Go after" is a bit vague. Shame on me. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMefTA0cByjT5n+LZAQFPIAgA1CePSpY1wJm8CCQEloxIZMQMXNuaOC3U Un6JpPtIIDY8X/uSFP7wg8Mgbt+bKBNp1Ehgx6dPMavs8JnMTQWZGGuSDlIdc+5Y 41sTEA6ig6iIls3NqnnVz+0F6JTRF20gKCR1KH++7EdG/zJKJJN833N9NU4QP3od vXQ8jkaNILWzawsh83d9ZngC3ublDFU9onDOx6XIJAoSFNUn39hN8198BCtixCSq FzIDsR2cuiWe4k1PcrUAtKCOlqRxjNqrgc/sy5Gf56qIdjbgJ/rfvO9Rf6JVFZ3i 6dIqw37OEZZ89+pm5hWnjjRQUj2O3oFgO6psBdLkfXkYF6w9ryVbAw== =+1IU -----END PGP SIGNATURE----- From sandfort at crl.com Sat Jul 13 12:53:48 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 14 Jul 1996 03:53:48 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 12 Jul 1996, on wrote: > > Another way to defeat ANI or whatever is to call 800 numbers > > by using a pre-paid calling card. In response to which Bruce M. wrote: > It would still be possible for the LD company to just pass > through your information for ANI, although I wonder what > percentage actually do. Not being technically oriented, I may be venturing into deep water here, but I don't think ANI "pass through" is likely at all. When you use a pre-paid calling card, TWO separate calls and call set-ups are made, your call to the card company and the card companies call to your ultimate destination. While many (most?) card companies keep records of all calls placed, there are some who keep no records at all. Unless this hypothetical "pass through" capability is somehow built into the the phone infrastructure and is transparent to the card companies, I seriously doubt the card companes would invest any resources in doing such a "pass through." After all, the same information is available, albeit with a bit more work, from their operational logs if they even keep those. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From harry at tigger.jvnc.net Sat Jul 13 12:56:08 1996 From: harry at tigger.jvnc.net (Harry Hochheiser) Date: Sun, 14 Jul 1996 03:56:08 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download Message-ID: <199607131454.AA13554@tigger.jvnc.net> On 12 Jul 96 at 21:31, Arun Mehta wrote: > At 23:38 10/07/96 -0700, Will Price wrote: > >ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download > > Sorry if this has been discussed before (please point me in the > right direction if that is the case), but VSNL, my government-owned > ISP (which also has a monopoly on all international traffic) made me > sign that I will not use my Internet connection for voice traffic. > Is there any way they could find out if I were using PGPfone, or > rather, could I prevent them from finding out? Arun: I can't give you a definitive answer here, but I'll take a shot. Most Internet telephony systems use UDP packets to transfer speech, since the lower overhead of UDP (as opposed to TCP) allows for better throughput. I assume (but I'm not certain) that PGPfone works the same way. Unfortunately, most of your other TCP/IP communication will be based on TCP packets. Therefore, it's theoretically possible for your ISP to monitor your traffic, watching for large numbers of UDP packets. --------------- Harry Hochheiser harry at tigger.jvnc.net 08 3A B5 F6 47 7F C7 C4 28 B4 8D D2 2E DF F6 1E From harry at tigger.jvnc.net Sat Jul 13 13:09:07 1996 From: harry at tigger.jvnc.net (Harry Hochheiser) Date: Sun, 14 Jul 1996 04:09:07 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download Message-ID: <199607131509.AA14392@tigger.jvnc.net> On 12 Jul 96 at 21:31, Arun Mehta wrote: > At 23:38 10/07/96 -0700, Will Price wrote: > >ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download > > Sorry if this has been discussed before (please point me in the > right direction if that is the case), but VSNL, my government-owned > ISP (which also has a monopoly on all international traffic) made me > sign that I will not use my Internet connection for voice traffic. > Is there any way they could find out if I were using PGPfone, or > rather, could I prevent them from finding out? Arun: I can't give you a definitive answer here, but I'll take a shot. Most Internet telephony systems use UDP packets to transfer speech, since the lower overhead of UDP (as opposed to TCP) allows for better throughput. I assume (but I'm not certain) that PGPfone works the same way. Unfortunately, most of your other TCP/IP communication will be based on TCP packets. Therefore, it's theoretically possible for your ISP to monitor your traffic, watching for large numbers of UDP packets. While a large amount of UDP traffic wouldn't _prove_ that you were using Internet telephony, they might _assume_ that the UDP traffic was voice traffic. It all depends on how sophisticated and heavy-handed they wanted to be about it. Now, I don't know if PGPfone uses UDP. However, if it did, it would be as easy to detect as any other Internet telephony product. An encrypted bunch of UDP bits is as easy to spot as an un-encrypted bunch, even if the contents can't be interpreted. I hope this helps. If any of this content is incorrect, my apologies. -Harry --------------- Harry Hochheiser harry at tigger.jvnc.net 08 3A B5 F6 47 7F C7 C4 28 B4 8D D2 2E DF F6 1E From froomkin at law.miami.edu Sat Jul 13 13:18:18 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Sun, 14 Jul 1996 04:18:18 +0800 Subject: Reasonable validation of a software package In-Reply-To: <31E87985.6EF9@ozemail.com.au> Message-ID: This illustrates the need for and role of certification authorities. See http://www.law.miami.edu/~froomkin/articles/trusted.htm for some info. On Sat, 13 Jul 1996, Lyal Collins wrote: > This touches upon a favourite rant of mine. [...] > So, now you need to ensure that you can get your public key > (to verify the digital signature with) in the hands of all > your possible, or intended, recipients. > > Now the race is on for as many people as possible to generate > PGP public keys/certificates bearing your name, or variations > of it. Once that occurs, there is a fair chance that one of > these keys will verfiy the digital signature on a piece of > software purportedly from you. Still, not many people will have > your true PGP public key/certificate, but, them's the breaks. [...] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From gmiller at dey-systems.com Sat Jul 13 13:20:08 1996 From: gmiller at dey-systems.com (Greg Miller) Date: Sun, 14 Jul 1996 04:20:08 +0800 Subject: Good dictionary files? In-Reply-To: <199607130216.XAA15487@bud.peinet.pe.ca> Message-ID: <31e7c648.8537112@pop.mis.net> On Fri, 12 Jul 96 23:21:51 -0400, you wrote: >As many people say, a good password cracker is very dependent on the >dictionary file(s). When one has a very good dictionary file(s), the >chances of password being cracked is bigger. I am wondering if >someone can tell me where I can get good dictionary file(s). Search >on the web result to nothing. I have one large dictionary file (about >14Mb) to check it, but I still not feel comfortable to say it's a >good one. Apparenlty you missed the ranting and raving only a few days ago (over 100 messages on the subject). There are several wordlists available at ftp://sable.ox.ac.uk/pub/wordlists begin 644 tagline.txt enum MicrosoftBoolean {TRUE, FALSE, MAYBE}; Greg Miller: Programmer/Analyst (gmiller at dey-systems.com) http://grendel.ius.indiana.edu/~gmiller/ end. From hfinney at shell.portal.com Sat Jul 13 13:21:26 1996 From: hfinney at shell.portal.com (Hal) Date: Sun, 14 Jul 1996 04:21:26 +0800 Subject: Execution of signed scripts received by e-mail Message-ID: <199607131520.IAA06868@jobe.shell.portal.com> That sounds very impressive! The one problem I've run into with mail filtering software is that each message asynchronously spawns a separate filter process. This can cause some conflicts with accessing disk files. I haven't used procmail so I don't know if it has this problem. But if so you may need to be careful if there are any cases where two processes could be accessing the same disk files. For example, what if two copies of an identical email message arrive at almost the same time, would your dup detection work. The other issue is the possibility of mail arriving out of order. Looking for increasing timestamps may cause spurious rejection of some messages. On the other hand this is a difficult problem to handle in general so probably the current solution is OK. Hal From cme at clark.net Sat Jul 13 13:39:51 1996 From: cme at clark.net (Carl Ellison) Date: Sun, 14 Jul 1996 04:39:51 +0800 Subject: MIT harassed over publication of PGP book Message-ID: <199607131534.LAA17389@clark.net> Hal, would such review have any material effect on MIT behavior? I appreciate the point about the sneakiness of the State Dept. However, I can't imagine publication of the next PGP source (or whatever) to be funded by Sandia. I would also hope they would have no fingers into any crypto research. Prior review of crypto research publications is what Adm. Inman wanted back in 1978, in response to which both Cryptologia and ICAR were founded (from my POV). MIT was a strong force in backing NSA down on its attempt to get prior review of publications and I'd hate to see them knuckle under in any way on this point. - Carl From maldrich at grci.com Sat Jul 13 13:51:39 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Sun, 14 Jul 1996 04:51:39 +0800 Subject: Internet Relay Chat In-Reply-To: <199607131004.MAA16866@basement.replay.com> Message-ID: On Sat, 13 Jul 1996, Anonymous wrote: > Is it legal to hack IRC??? > > Just wondering.. Try it and find out. Please let us know how it goes. BTW, when..., uh, I mean, "if" you get busted, please don't hesitate to call upon the Cypherpunks Prisoner Dialogue and Support Service. It's a little something we've set up here at c'punks for folks just like yourselves whom we are loathe to see imprisoned for something so trite as stealing ops on public communications channels, reading/changing private communications (yes, IRC can go 'private'), and forging other people's IDs. We supply underwear, cigarettes, and rubbers (never know when you're gonna become someone's 'boy', now do ya?) as well as pen-pals from around the country. Enjoy your IRC hacking experience! ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From roger at coelacanth.com Sat Jul 13 14:09:41 1996 From: roger at coelacanth.com (Roger Williams) Date: Sun, 14 Jul 1996 05:09:41 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: >>>>> "Millie" == sfuze at tiac net writes: > Here's how you STOP the 800 people from getting your number: > DIAL THE OPERATOR and have her put the call through... Or place the call with your cellular phone -- AFAIK, CLID and ANI information doesn't get passed along on cell phone calls. -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From zahn at berlin.snafu.de Sat Jul 13 14:14:47 1996 From: zahn at berlin.snafu.de (Steffen Zahn) Date: Sun, 14 Jul 1996 05:14:47 +0800 Subject: Execution of signed scripts received by e-mail In-Reply-To: <199607130841.DAA00240@Dusk.obscure.net> Message-ID: <199607131624.SAA01131@zahn.berlin.snafu.de> Matt> Get one input line at a time, and look for Reply-To: and Matt> From: headers to get a reply address. As we are slurping up Matt> lines, watch for '-----BEGIN PGP' lines. If it is for I suggest ignoring Reply-To: etc and requiring a return address inside the signed region of the mail, otherwise someone could intercept the mail (suppressing the original) and resend it from his account and the results would get sent to the interceptor. Another idea would be to extract the return address from the PGP userid which signed the script. Regards Steffen -- work: Steffen.Zahn%robinie at emndev.siemens.co.at | home: zahn at berlin.snafu.de phone:+49-30-38624969 | phone:+49-30-4732126 Any opinions expressed herein are not necessarily those of my employer. Use of my addresses for unsolicited commercial advertising is forbidden. From bkennedy at nb.net Sat Jul 13 15:00:34 1996 From: bkennedy at nb.net (William "Bud" Kennedy) Date: Sun, 14 Jul 1996 06:00:34 +0800 Subject: Singapore Message-ID: SINGAPORE (ITN) * Singapore announced rules Thursday aimed at blocking anti-government views and pornography on the Internet, adding to the thicket of laws that regulate books, movies and public discussion here. But authorities insisted the latest rules -- one of the first attempts by any country to screen the Internet -- do not amount to censorship. The government will hand out annual licenses to Singapore's three Internet providers, as well as to political parties that maintain Web sites, groups and individuals who run discussion sites on politics and religion, and on-line newspapers. Beginning Monday, these groups will be responsible for blocking out material deemed objectionable by the government. Violations will result in licenses being revoked. "We are not censoring discussion groups. By registering these groups, we are asking that they behave responsibly," said the Singapore Broadcasting Authority, a governmental regulatory body. The free-wheeling global computer link up has provided the Singapore government a major dilemma. Singapore promotes the Internet as part of its objective to make the city of 3 million people the hub of high-tech industry. One in three homes has a computer, and the number of Internet accounts doubled last year to 100,000. A government plan calls for connecting each home to a computer network by 2000. But the Internet has also brought into Singapore what the government had successfully kept out for years -- criticism of the administration and the judiciary, pornography and discussions on race and religion. About 10 SBA officials will surf the net daily for objectionable material. A government-appointed panel of prominent citizens will decide what is objectionable, said Goh Liang Kwang, chief executive of the Broadcasting Authority. But he admitted that even with regulations, the SBA cannot completely police the Internet. "We don't claim we can regulate the Internet. We just don't want objectionable material to be easily available. We want to keep our immediate neighborhood clean," said Goh. Still, a lot of rules remain vague. Although political parties will need licenses, it is not clear if individual politicians would be allowed to post anti-government views on bulletin boards. The SBA guidelines say it will not allow contents that "tend to bring the government into hatred or contempt, or which excite disaffection against the government." The definition of hatred or contempt has not been spelled out. The government will also ban: -- contents that jeopardize public security or national defense. -- anything that ridicules racial or religious groups. -- the promotion of religious deviations or occult practices. -- the "gross exploitation" of violence, nudity, sex or horror. -- the depiction of "sexual perversions" such as homosexuality. All these are already banned from books, magazines, newspapers, movies and public forums. From WlkngOwl at unix.asb.com Sat Jul 13 15:38:37 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 14 Jul 1996 06:38:37 +0800 Subject: Dep. AG Gorelick on CSPAN2 advocating escrow Message-ID: <199607131751.NAA13385@unix.asb.com> Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs for key escrow. Emphasized the what if people lose their keys, or someone dies, or if an employee steals company secrets & encrypts them... rather than the usual what if terrorists use crypto line (though she did mention that too). Guess they're taking a new tack to sell it to the public. A lot of bunkum... (project left to the reader how these can be handled in a non-GAK manner). Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From ogren at cris.com Sat Jul 13 15:42:48 1996 From: ogren at cris.com (David F. Ogren) Date: Sun, 14 Jul 1996 06:42:48 +0800 Subject: A case for 2560 bit keys Message-ID: <199607131655.MAA19369@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Sat Jul 13 12:51:36 1996 > On Thu, 11 Jul 1996, Chris Adams wrote: > > > check your setup. I used to run a 386-20 (5MB RAM) and it took about > 3 > > seconds for a 1024 bit key. Given it didn't even have a copro (not > sure > > when/if PGP uses one) and that it was off of a Stackered drive, I'd > > expect you to have much better times. > > That's consistent with the timings I've been getting. It should take > about > 9 seconds to decrypt an arbitrary message with a 2048-bit key with the > setup > you describe. Of course, I usually use X, so that probably does throw > off > the timings a bit. > This is an issue that is connected with the "Need PGP awareness" thread. If everyone is decrypting their messages by hand then nine seconds is a hinderance. On the other hand, if everyone is using an off-line reader that checks signatures/decrypts as it receives messages then nine seconds (or less for a newer machine) is less significant. I'll refrain from making any product plugs here, but I could barely notice the difference moving from a 1024 bit key to a 2047 bit key. - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMefUGeSLhCBkWOspAQGuPgf+I2A0a3F6OeBMA9MGUp0ww13Xiq3+LdS4 pOEvhz7Ub1tBUcl5Ko8/y/7pIZE1pZom0fOoyDOD9HX9OrHrY7sDkKbDY2sirfEl dovFKKImIJaMzxDgKhxAdlrmrLq/xrz2rAXv9FvA/KSkCJys/A7ydu9AprKA7Esf E6qRDmQFuuTcNvEVC5WOoDLVQoNZQUe1gVs97YFYFabTMA0bXr8bI/RdHcFy8vIj 51jBSI3Ib2WgcGOa2dKrmU7TRMQk5UHGGxKuKGGgIaOZ4uvPVUmNwHVg9wADbnzX fjkZBvk8/sIqvD4Z4rHWulpHVJxCgKHzVgsh7exCVoZlffITu0SHqw== =kHRX -----END PGP SIGNATURE----- From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sat Jul 13 16:27:07 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sun, 14 Jul 1996 07:27:07 +0800 Subject: Can the inevitability of Software privacy be used to defeat the ITAR? In-Reply-To: Message-ID: <199607131808.OAA10339@pdj2-ra.F-REMOTE.CWRU.Edu> Michael Froomkin writes: : : Hey folks, let's be real clear about this : : : The ITAR do NOT apply to books. : : Repeat : : : The ITAR do NOT apply to books. The only trouble with this claim is that it does not conform to the language of the ITAR or with the whimsical practices of the Office of Defense Trade Controls. There is no exception for books, except for those that are in the public domain because they are sold in book stores and at newstands or are found in libraries, and the ODT insists that one cannot put a book into the public domain by putting it into the public domain or by selling it in a bookstore. : State told Karn that it did not have jurisdiction over books. Not quite. They decided in their unreviewable discretion that they would not exercise jurisdiction over a particular book, but such decisions are made on a case by case basis, based on no established criteria, and are without any precedental value. In fact, in some of the material filed in the Karn case the representative of the ODT said that waiving jurisdiction over that book of software may have been a mistake, and that in the future they might have to come to a different decision. In the Karn case the ODT did make a distinction between a book and a CDrom; but that it what makes their decision nonsensical. The only problem was that the decision was held to be unreviewable. : "The ITAR do not apply to books" They do to. (Unless one takes the position, which the ODT would not agree with, that the ITAR do not apply to the means of communicating information.) That's why they violate the first amendment. Or is the idea that they only apply to articles? (That would certainly give a new meaning to the phrase ``defense articles''.) -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From markm at voicenet.com Sat Jul 13 16:31:04 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 14 Jul 1996 07:31:04 +0800 Subject: ANI Blocking! Fast, Easy, Effective! (fwd) In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 12 Jul 1996, Bruce M. wrote: > I thought this might be of interest due of the recent discussions > about ANI and privacy. I've seen this type of service before, but this > one is apparently free (besides the cost of calling their area code if > you aren't local). It might be cheaper to use a pre-paid phone card. However, the company that issues the card has access to your ANI information. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMefngrZc+sv5siulAQGKPgQAppm3fXzKLzgxlJMzSp+gzS568RKC4CS2 5yBfy0R8homXYdOsH/xGMFYqFgtzCb339DagJnh9n4yNU1NFPcALQJfE9bXk0yMv mqxBR8kzFwp1qFqTnamhsnP+ICvGPMTL68upPDq7hlze7OQ1ny5g8mz0zYEqFvVf KtvixB+0FK0= =7OUD -----END PGP SIGNATURE----- From markm at voicenet.com Sat Jul 13 16:39:45 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 14 Jul 1996 07:39:45 +0800 Subject: SECURE + PGP In-Reply-To: <1.5.4.32.19960713131322.008c41f8@193.246.3.200> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 13 Jul 1996, Remo Pini wrote: > I played around with secure (eudora plugin) a little bit, but it seems to be > unable to decrypt anything it encrypted. (eudora 16-bit on winnt 4.0) Any hints? > > Also, I wan't to write a mail-program (like eudora), with built-in PGP. Is > the algorithm published anywhere (including the protocols)? > > ie.: key generation, signing, en- and de-crypting, u.s.w. > > I presume the algorithms are of the shelf (DES and IDEA), but what about the > hash-algorithms and key-ring management? All of the details are in the source code and the file pgformat.doc. Good luck writing the mail program. Including PGP will probably be the easy part. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMefo67Zc+sv5siulAQGP/gP/THURBvEIXUdxWs7Tm4giJVUMU7MjEJYF N8xmVXLJLUkxYpKqWRWNH8VptlrI+NiYmRux7D4X8fw+fK9IyOvEpdMjDTBc9JsI mx+HqoS6Fp6vIUxMJDFnK/x9AKGVok6sb7iubEIuWuEeorJL/znuqNsiY4m0yBhX StnbhlNO/ho= =8FgF -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Sat Jul 13 16:42:11 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 14 Jul 1996 07:42:11 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <199607131822.OAA13918@unix.asb.com> On 12 Jul 96 at 18:23, Bob Palacios posted: [Banner Snipped!]] > CDT POLICY POST Volume 2, Number 27 July 12, 1996 [..] > Today's statement is essentially a re-statement of the Clipper III proposal > released in May. Among other things, the Vice President: > > * Called for the liberalization of export controls provided computer > users participate in a "global key management infrastructure" > designed to make personal encryption keys accessible to law > enforcement. This is particularly problematic... if the mainland Chinese gov't requested a key from a N.Amercian or European (or even UN controlled) escrow agency, who is to say it isn't really for political reasons (even though they may claim the persons are drug smugglers)? Or what if the 'crime' was, say, discussing Mormon beliefs, which is illegal in Singapore (and I think Russia as well)? Or what if some terrorist was using keys escrowed in a country that sponsered terrorist acts? --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From AwakenToMe at aol.com Sat Jul 13 16:43:27 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Sun, 14 Jul 1996 07:43:27 +0800 Subject: Internet Relay Chat Message-ID: <960713143834_433497999@emout14.mail.aol.com> welllllllll all, It really depends on what you do. Hacking IRC can be determined as hacking OPS in a channel... which I can see NO legal frontier in which it crosses. Its more of a battle of wits. Something as simple as finding a server disconnected from the net....making that channel there...and waiting for it to rejoin the net was used to hack OPS on a channel. Now.. that can be something done purely by accident..not realizing the server isnt fully hooked up at the time. Regards, Adam From bkmarsh at feist.com Sat Jul 13 17:15:27 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sun, 14 Jul 1996 08:15:27 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Sat, 13 Jul 1996, Sandy Sandfort wrote: > In response to which Bruce M. wrote: > > > It would still be possible for the LD company to just pass > > through your information for ANI, although I wonder what > > percentage actually do. > > Not being technically oriented, I may be venturing into deep > water here, but I don't think ANI "pass through" is likely at > all. When you use a pre-paid calling card, TWO separate calls > and call set-ups are made, your call to the card company and > the card companies call to your ultimate destination. While > many (most?) card companies keep records of all calls placed, > there are some who keep no records at all. Unless this > hypothetical "pass through" capability is somehow built into > the the phone infrastructure and is transparent to the card > companies, I seriously doubt the card companes would invest any > resources in doing such a "pass through." After all, the same > information is available, albeit with a bit more work, from > their operational logs if they even keep those. I'm not positive, but I think that there may be some standards on what types of signals and information that they must pass through. I don't know that ANI signals would be among those, but I know that LD companies have been 'encouraged' for quite some time to pass on the information. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 From erc at dal1820.computek.net Sat Jul 13 17:15:37 1996 From: erc at dal1820.computek.net (Ed Carp) Date: Sun, 14 Jul 1996 08:15:37 +0800 Subject: Execution of signed scripts received by e-mail In-Reply-To: <199607131520.IAA06868@jobe.shell.portal.com> Message-ID: On Sat, 13 Jul 1996, Hal wrote: > That sounds very impressive! The one problem I've run into with mail It's not new. I wrote a similar thing for executing shell scripts for EDS in 1986, except that I didn't have the means to digitally sign the email, so I put a header "X-Password:" with a password in it. Since the email was only going over a UUCP link, I felt pretty safe about it. Since the EDS machine (a Sun 2!) was calling me, that was the only way I had to execute commands and get results back. It was written in C, by the way, for a variety of reasons, even though perl was available (I am not a perl fan). -- Ed Carp, N7EKG ecarp at pobox.com 214/993-3935 voicemail/digital pager ** WeatherWatch, a division of Disaster Services - Garland, TX ** Owner: WeatherAlert, DSOUTH-L backup, Shamanism mailing lists From bkmarsh at feist.com Sat Jul 13 17:19:10 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sun, 14 Jul 1996 08:19:10 +0800 Subject: ANI Blocking! Fast, Easy, Effective! (fwd) In-Reply-To: Message-ID: On Sat, 13 Jul 1996, Mark M. wrote: > On Fri, 12 Jul 1996, Bruce M. wrote: > > I thought this might be of interest due of the recent discussions > > about ANI and privacy. I've seen this type of service before, but this > > one is apparently free (besides the cost of calling their area code if > > you aren't local). > > It might be cheaper to use a pre-paid phone card. However, the company that > issues the card has access to your ANI information. Why not increase your level of precaution and use your pre-paid phone card to dial the number that ripco advertised and then dial out from there? ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 From charris at eden.com Sat Jul 13 17:23:25 1996 From: charris at eden.com (Carol Harris) Date: Sun, 14 Jul 1996 08:23:25 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: <31e7f9b7.16524735@mail.eden.com> FYI - AT&T Wireless had announced they would begin passing through CLID information on cellular phones in the Austin, Texas area effective June 15, 1996. I don't know how this affects ANI or what other areas are doing, but I wouldn't assume your cellular phone # is not being passed through. On 13 Jul 1996 12:25:07 -0500, you wrote: >>>>>> "Millie" == sfuze at tiac net writes: > > > Here's how you STOP the 800 people from getting your number: > > > DIAL THE OPERATOR and have her put the call through... > >Or place the call with your cellular phone -- AFAIK, CLID and ANI >information doesn't get passed along on cell phone calls. > >-- >Roger Williams finger me for my PGP public key >Coelacanth Engineering consulting & turnkey product development >Middleborough, MA wireless * DSP-based instrumentation * ATE >tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ > From sfuze at sunspot.tiac.net Sat Jul 13 17:38:39 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Sun, 14 Jul 1996 08:38:39 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: Re: Prepaid Calling Cards -- This might work with some telemarketing companies, but I certainly wouldn't be passing on anything of worth. Especially something which might be construed as "wrong" by any legal authorities. While I doubt any telemarketers would go to such great lengths to find out who you are, you are indeed passing along a nice dossier of numbers to whomever the calling card company chooses to disburse such info to. Be wary. And for godsakes, if you are that paranoid, use a payphone 50 miles away. I'd never use a cellular to place a call of importance anyway. We all know how easily cellular can be intercepted, I hope... And EVERY number you ever call on a cellular is logged too. Quid pro quo, Millie From rah at shipwright.com Sat Jul 13 19:14:13 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 14 Jul 1996 10:14:13 +0800 Subject: Cybank breaks new ground; rejects public-key encryption Message-ID: --- begin forwarded text Sender: e$@thumper.vmeng.com Reply-To: Ian Grigg MIME-Version: 1.0 Precedence: Bulk Date: Sat, 13 Jul 1996 22:55:43 +0200 From: Ian Grigg To: Multiple recipients of Subject: Cybank breaks new ground; rejects public-key encryption This taken from their pages (http://www.cybank.net/cb-encr.htm) --------------------------------- Security and Encryption Cybank software is protected by multiple encryption and identification systems, some can be seen, others are invisible. Cybank cash can be traced back to the original account it belongs to. Cash Keys cannot effectively be modified with disabling them. Because cash keys are also password protected, they can only be created and spent by the authorised account holder. Cybank uses an encryption matrix of 380 characters. Cybank can safely transfer any Cash Key or message from point A to point B via the Internet. Cybank DOES NOT use Public Key Encryption (which has proven to be insecure). Here is a sample encrypted code, see if you can understand it: 193404158201838932119642777371870823541340764 [...] ------------------------------- I wonder if they intend to publish the protocols :-) -- iang iang at systemics.com --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From mishania at demos.su Sat Jul 13 20:01:47 1996 From: mishania at demos.su (Mikhail A. Sokolov) Date: Sun, 14 Jul 1996 11:01:47 +0800 Subject: Internet Relay Chat In-Reply-To: <960713143834_433497999@emout14.mail.aol.com> Message-ID: <199607132311.DAA09990@megillah.demos.su> Everything you described is an abuse of administration mistakes and has nothing to do with hacking (?) an irc/ircd. There are numerous patches to prevent it. As for "hacking irc" -- it is pretty indefinete what could it be... Intruding to machine which is running an irc server isn't something new -- it is just a machine with an ircd running. Exploiting administration to hack mistakes isn't anything new either -- there's lot's of idiotss abusing server's code bugs, to say, +k bug to fight each other. Anyhow, I do not thing this discussion has any future, as long as there's nothing to discuss. -mishania, irc.ru administrator. From alanh at infi.net Sat Jul 13 20:52:05 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 14 Jul 1996 11:52:05 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: > > Privacy isn't for parasites. It's for people who are willing to pay for > > their own phone calls. > > That is interesting as I don't recall ever being offered a choice of > toll free or being billed when I dial an 800 number (sometimes the only > number offered for a company). I haven't noticed too many business telephones that don't appear in Directory Assistance. From markm at voicenet.com Sat Jul 13 21:15:43 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 14 Jul 1996 12:15:43 +0800 Subject: Execution of signed scripts received by e-mail In-Reply-To: <199607131624.SAA01131@zahn.berlin.snafu.de> Message-ID: On Sat, 13 Jul 1996, Steffen Zahn wrote: > I suggest ignoring Reply-To: etc and requiring a return address inside > the signed region of the mail, otherwise someone could intercept the mail > (suppressing the original) and resend it from his account and the results > would get sent to the interceptor. I agree. Having a return address outside the signature allows for denial-of- service attacks and it would be trivial to intercept the output of the script. Definitely not a Good Thing. > Another idea would be to extract the return address from the PGP userid > which signed the script. There are a couple of problems with this idea: - The security of this scheme depends on trusting the user to sign her key. If the user doesn't, than an attacker can intercept the user's key and alter the key ID. - Even if the user does sign her key, there is still the problem of an attacker being able to generate a key with an identical key ID and and a different user ID. If the attacker has the ability to intercept and modify messages, a MITM attack would be very effective. If the key's fingerprint was included in the signed message, an MITM attack would be necessary to subvert the system. If the key's fingerprint is included in the message, then it certainly wouldn't take much more effort to put a return address in the signed body of the message. -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00002.pgp Type: application/octet-stream Size: 288 bytes Desc: "PGP signature" URL: From sfuze at sunspot.tiac.net Sat Jul 13 21:40:18 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Sun, 14 Jul 1996 12:40:18 +0800 Subject: Dep. AG Gorelick on CSPAN2 advocating escrow In-Reply-To: <199607131751.NAA13385@unix.asb.com> Message-ID: But, as in the case of any PHYSICAL (ie: security box at the bank, blah blah blah) items, at least in escrow, if you DON'T have the key, then you don't get the loot. If we fight for the same rights, at a minimum, in both the physical AND the electronic forums (and we should have more of both! :)), then this case should be no different than any other case. "Property goes unclaimed". That's why lawyers invented wills (or WHOEVER did... ) --Millie. From remailer at yap.pactitle.com Sat Jul 13 22:42:58 1996 From: remailer at yap.pactitle.com (Yap Remailer) Date: Sun, 14 Jul 1996 13:42:58 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Suppor In-Reply-To: Message-ID: <199607140215.TAA25137@yap.pactitle.com> Can someone explain what, if any, effect this might have on domestic use of encryption? When they say relaxing export restrictions in exchange for escrow, that still just means escrow for exportable products (which they are hoping will be almost everything), right? Is there any danger of domestic encryption without escrow being outlawed? Thanks. From bkmarsh at feist.com Sat Jul 13 22:48:12 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sun, 14 Jul 1996 13:48:12 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Sat, 13 Jul 1996, Alan Horowitz wrote: > Bruce M. wrote: > > That is interesting as I don't recall ever being offered a choice of > > toll free or being billed when I dial an 800 number (sometimes the only > > number offered for a company). > > I haven't noticed too many business telephones that don't appear in > Directory Assistance. That is assuming that you know which area they are located in. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 From roger at coelacanth.com Sat Jul 13 22:52:17 1996 From: roger at coelacanth.com (Roger Williams) Date: Sun, 14 Jul 1996 13:52:17 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: >>>>> "Millie" == sfuze at tiac net writes: > I'd never use a cellular to place a call of importance anyway. > We all know how easily cellular can be intercepted, I hope... And > EVERY number you ever call on a cellular is logged too. Yes, except that we weren't talking about securing the privacy of the conversation; we were discussing methods of keeping the identity of the caller from being reported to WATS-line customers. Until recently at least, ANI and CLID information was not available on calls from cellular phones (the rationale was that the cellular phone customer has to pay for *incoming* calls as well). I thought that this was mandated by law, in Mass anyway. Certainly, though, if I was calling the BATF toll-free to rat on my neighbourhood Uzi dealer, I'd never call from my own phone, anonymous re-phoner or not. -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From jpinson at polaris.net Sat Jul 13 23:35:50 1996 From: jpinson at polaris.net (Jim Pinson) Date: Sun, 14 Jul 1996 14:35:50 +0800 Subject: Executing remote commands with PGP Message-ID: <199607140311.XAA08985@polaris.net> I lost the original subject of this thread, but some one was writing about sending commands via PGP. A few years ago I wrote such a perl script. It was part of a simple remailer I developed. At the time I was living overseas, and wanted to be able to send and receive encrypted mail to my friends who did not use PGP. The simple remail script was installed on a Stateside computer, and took all plain text messages it received and encrypted them with my public key and relayed them to me. I could send encrypted mail to the remailer, have it decrypted, and sent on to the final destination. The net result was an unencrypted mail stream within the States, but an encrypted stream to me overseas. As a bonus I added a few lines to let me send commands to the remailer (embedded in the encrypted messages), have them executed on the remote computer, and the results sent back to me. Nothing fancy here, but it worked. I stuck the code on: http://www.polaris.net/~jpinson There is little documentation, just a few comments in the source, I don't use it any more but perhaps someone might find it useful. Look under software in my home page section. There is also an enhanced one time pad there I wrote some time back. Jim Pinson From sandfort at crl.com Sat Jul 13 23:45:23 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 14 Jul 1996 14:45:23 +0800 Subject: ANI Blocking! Fast, Easy, Effective! (fwd) In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 13 Jul 1996, Bruce M. wrote: > Why not increase your level of precaution and use your pre-paid phone > card to dial the number that ripco advertised and then dial out from > there? Or by chaining two or more pre-paid calling cards. It's all economics. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Sat Jul 13 23:52:04 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 14 Jul 1996 14:52:04 +0800 Subject: ANI Blocking! Fast, Easy, Effective! (fwd) In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 13 Jul 1996, Mark M. wrote: > It might be cheaper to use a pre-paid phone card. However, > the company that issues the card has access to your ANI > information. True, but so what? If you are calling L.L.Beam's 800 number, and you don't want them to know who you are, do you really think Beam will be able to get that info from the pre-paid calling card company? If you want to call a snitch line, on the other hand, use a pay phone. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jimbell at pacifier.com Sun Jul 14 02:32:42 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 14 Jul 1996 17:32:42 +0800 Subject: Can't block caller ID in Massachusetts? Message-ID: <199607140450.VAA17305@mail.pacifier.com> At 10:25 PM 7/13/96 -0500, Roger Williams wrote: >Certainly, though, if I was calling the BATF toll-free to rat on my >neighbourhood Uzi dealer, I'd never call from my own phone, anonymous >re-phoner or not. A question to ponder: If (anonymous) pay telephones didn't already exist, would they be allowed today? Jim Bell jimbell at pacifier.com From deviant at pooh-corner.com Sun Jul 14 04:12:30 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 14 Jul 1996 19:12:30 +0800 Subject: [RANT] Giving Mind Control Drugs to Children In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 11 Jul 1996, snow wrote: > Date: Thu, 11 Jul 1996 23:19:37 -0500 (CDT) > From: snow > To: "Perry E. Metzger" > Cc: cypherpunks at toad.com > Subject: Re: [RANT] Giving Mind Control Drugs to Children > > On Fri, 12 Jul 1996, Perry E. Metzger wrote: > > > snow writes: > > > On Wed, 10 Jul 1996, Perry E. Metzger wrote: > > > > "Clay Olbon II" writes: > > > > > While it is crucial for an adult to be able to function and maintain a jo > > b, > > > > > is it really as important for a kid to be able to sit still in school? > > > > If he or she is going to learn anything, it is important to be able to > > > > pay attention, yes. > > > If they were teaching anything, I bet the kid _would_ sit still. > > I doubt it. > > Let me put that another way. Be much more attentive. > > Petro, Christopher C. > petro at suba.com > snow at crash.suba.com > > Personally, being one of the aformentioned un-attentive students, must agree. If the subject is taught well, and the class is interesting, the student will pay attention. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeiKhzAJap8fyDMVAQGmHgf+MCSvK2OsUAmMh9I1/5LHtMuNmPuKzco7 ChJQRwCDxKUR/YEgA6t/Mk6ijKTfswF90GKis5CO0a+rESmlTQkX7BYRdWBfcD8A yo7W5BORo2CHgBhwDOtBE3z8WDlu6a94Kfgb1EJF3qE5sqxb9JKlgOfKtXLCL78r bx7Uzplz1EN84guvRC2X1PJxbWXpKQbESeiV/+UbcT0Yhdswc2S2CL7PvQ8fiPJ9 GjEb/JlwWF4L+pLBDnf/XZBAXkmf4+JcIHZkoQZi4Kosvcuo9u3nHmiD09IaCIYV Gux1WDeNnBejp/eTSqQY4d/OzuH2wJ3xudQlBBHeaTQnqaXLLlgdKQ== =sF9Q -----END PGP SIGNATURE----- From amehta at giasdl01.vsnl.net.in Sun Jul 14 04:26:26 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sun, 14 Jul 1996 19:26:26 +0800 Subject: Crypto-activism Message-ID: <1.5.4.32.19960714113349.002f054c@giasdl01.vsnl.net.in> At 00:43 13/07/96 +0000, Deranged Mutant wrote: >My point is that a lot of people in those countries are aware of PGP >etc. than make it out to be. Certainly many activists are. They >focus on the human rights issues at hand, to which PGP etc. may be a >tool... but isn't the central focus. I agree. But many such people, who need PGP but don't want to make it their central focus, have a hard time acquiring the necessary skills. When even people on this list, for whom by and large crypto is the central focus, complain about how cumbersome PGP is to use in practice, what about everyone else? > >It would be condescending to email to many people in a domain saying >"hey, have you heard of PGP?..." Chances are they'll think it's a >strange commercial spam anyway. You are right, and it wasn't my suggestion to ask in this way. What one could do is: 1) Prepare a writeup in simple English, on exactly how to use the appropriate software. 2) Try to get it translated into Chinese, Korean, and whatever other language we can find volunteers or sponsorship for. 3) Post on appropriate newsgroups that such translations exist, with urls. 4) Suggest that since people living under authoritarian regimes may not have access to the appropriate Usenet newsgroups, to please spread the word. No need to suggest that any particular country is being targetted, in fact enough people living in the US and using the office computer for communications would benefit. >> the question is, are >> *you* in a position to share your knowledge? > >Yep. But there's a proper way to share knowledge. Would you agree that steps 1-4 above would constitute the proper way? In that case, would you help prepare such a document (any other volunteers equally welcome)? >You also have to know what you're talking about: if you're not familiar >with the nitty -gritty of politics in such countries, you'll come off as the >"cypherpunk bearing gifts of crypto for the natives"... the politics >going on in places like Cuba, China, Iraq, Russia are a bit more >complex than what comes off through the media (to some extent no >matter where you are and what media you watch). Undoubtedly. But I see no problem in cypherpunks bearing gifts of crypto to people who are fighting difficult battles for human rights -- ultimately for all of us. If anyone is bearing gifts here, it is them. On the Internet, everyone does what s/he is good at, and cypherpunks just happen to be good at crypto. > >For example... there are many anti-Castro 'democratic' socialists in Cuba. >If you approach them as if they were anti-Communists you'll be seen >as a clueless kook. Some Chinese I have spoken to are suspicious of >the Tiennamen Sq. activists, claiming they were more 'reformists' >than true democratizers who were unknown before Tiennamen. Clearly, in our document we will take no political positions whatsoever. We merely point out that if you wish to communicate securely such that only the recipient(s) can decipher, this is how you go about it. They'll know how to use it, this is a problem they face daily, with phone tappings, bugs, etc. a routine. > >One more important issue: people have to trust you. You can't go >into a strange environment and expect trust if you come off as a >tourist. You are selling yourself short. People who have (successfully?) fought the US government are likely to get a trust bonus among activists anywhere they go ;-) You asked about me, I've put up a little information on http://www.cerfnet.com/~amehta/ I'd be happy to fill in the blanks. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From snow at smoke.suba.com Sun Jul 14 04:49:36 1996 From: snow at smoke.suba.com (snow) Date: Sun, 14 Jul 1996 19:49:36 +0800 Subject: Chicago Physcial Meet? Message-ID: I was exchanging email with another member of the list late last week, and they brought up the possibility of a physcial meet for the greater Chicago Area Cyhperpunks. Would there be interest in such an event? Petro, Christopher C. petro at suba.com snow at crash.suba.com From WlkngOwl at unix.asb.com Sun Jul 14 05:21:18 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 14 Jul 1996 20:21:18 +0800 Subject: Crypto-activism Message-ID: <199607140700.DAA16452@unix.asb.com> BTW, Sent this message to you the other day. It was bounced back... ----- Unsent message follows ----- Received: from unix.asb.com by giasdl01.vsnl.net.in; (5.65v3.2/1.1.8.2/23Apr96-0134AM) id AA09399; Sat, 13 Jul 1996 10:32:46 +0500 Received: from magneto (sls17.asb.com [165.254.128.27]) by unix.asb.com (8.6.12/8.6.9) with SMTP id BAA16194 for ; Sat, 13 Jul 1996 01:20:32 -0400 Message-Id: <199607130520.BAA16194 at unix.asb.com> Comments: Authenticated sender is From: "Deranged Mutant" Organization: What organization? To: Arun Mehta Date: Sat, 13 Jul 1996 01:03:41 +0000 Subject: PGP Key Priority: normal X-Mailer: Pegasus Mail for Win32 (v2.32a) Arun, No offense is meant at my posts, BTW. Just that I've seen seen some crazy schemes by activists who ignored the subtlety of some issues and do more harm than good. (Old pat phrase about road to hell being paved with good intentions...). Particularly with activists from "out-of-town" who claim to know what's better for the locals. Took a look at your home page,BTW. No public key on it, checked the servers. Also saw you graduated from SUNY in '76. Which school? (I've got a BA from SUNY Stony Brook recently, though not in comp-sci...) Peace, Rob -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzF7Ci0AAAEH/2FiCb1r6C7QxMuExNo695h2qhiqkuS2EHrGyQ4gh+K1/4ha fXbXkHzeC0ifQSCTHPEknG/vCZP3ihkxTlwNaHE3GsSgu3e0o4uDDrz8mFWTEcTW mwjVGcDA2y0XBEc3Veh3hpVSTaKgYA12EcpQMzEAaICD/v8iezeDIRvAY8Jah/Wj 4dn1VF3RTYOm7ypTMLWDJQU2/cMk+TralJkMrSIhCE0GPU0JRAfjH/J2bl+5vxjF cC1JMSsY+LfgB8et3rSktdZzuudq08XQkPO79BL6U1ZqYjKwXWFKRNwP5XARDc+f 2pKBaCu0MN8kBoXOSvk4vJQpU6ATBM2VLF0/LpkABRG0JHdsa25nb3dsQHVuaXgu YXNiLmNvbSAocm9vdEBtYWduZXRvKYkAlQMFEDF7I67bHFCnqx9IMQEBJ3IEAJjp jcO91LnEGpQBWSR5liEHiAtkMH1kEVTOHFQsDQYF1Hb+ZIdbioIS6h4Il4NuHRZ5 ThtfCBs/jdNi2dtzVP6Isd1AsSSuRcyejeZblp1Ope71yrhV6uR7izHUGTK0GgHm xprq/E078oZdVB/73RNLM1qZdKW//4FoRLIZMOUBiQEVAwUQMXsSEwTNlSxdPy6Z AQEmrwf9FHSkUB+sTOIJhiLHfoJTETmEhKqFAjTs+4gRCCNiNSarLRyxF6lLRZDq lii02exIEgqzsiTlAta9nJ/ivnrtzcvhGxfXoOnbluuXa55HrosCXGjPt/XhZw++ p3iHKIox26M1cfe4WxAfD0HByvEn/uvNByTAh8aAqGqDxkDppZ6BnhMBlwXyAPaS bxGXzohOnKbg4oRTgO0932DUWU0uGX05Ab4jE+ZIGPT/w3cirHIRI+8vuNNrvuzE fG2RuI4Ns3hy0X9ZgP7hF+pRCWCQP/ak/HL38qegU90OlPFN8sdzS+qIaJROcT91 oMmPkUMgxdNcwhmqMqH2cQIj8pJhEJkAjQIr7lFeAAABBAC6rQ3ND8whLABFsDGN wYlIy9T4mqykqRT23hT1QIS9p+dSP8Zg3m8F5W4WsFfPBUqI0MsPGinYFzefq83V dEruPtFbnqKcbu1bjMAtjuFF6LSdEdOUlUdHE6YWOCZpcK6OmSrZKfrzlnmjaQ88 njTyqTwUsZAFfA3bHFCnqx9IMQAFEbQnRGVyYW5nZWQgTXV0YW50IDx3bGtuZ293 bEB1bml4LmFzYi5jb20+iQCVAwUQMMpQXdscUKerH0gxAQFNvAQAme7BCMGVUQCW CrdbnttRfZwSj6ryvhkIVYMcht2wtlpbEF/y2PxAbewWIBcPUCvJeyq1pViDcsbl 6gFLqKkaNA9okk0bAW0xZ5/qGIHmkkLkSnwOysdIExsrJykpKT/9Nrd11VKbrMXX tyMBDZR2c7GpyCVaud9XMS+Auuzb8vC0K1JvYmVydCBXYWxraW5nLU93bCA8cnJv dGhlbmJAaWMuc3VueXNiLmVkdT6JARUDBRAu/eFMbr6/n5nWRf0BAe1+B/9AePkd mJJVqb2XlX6uDC1/kGrSlRJlZp6Xy5NmKMcZG4KBI48MwWbGqxkr4iYTv0ep9+PV Jcd0mDuGTke3HSBffmpVEWHi/oBc1BpPBAVJPP8EX147yQXfn2SiyWQunDVZeFRy Ss1GLxgPR0JjaysmwoNcPL1RS3hpgPY81G+f+A35/q9vwC4i8+CnF4z0Rda3CUbg u1O9RngkbOAM6sJzEDJDJIonjEuKRtjOQShayR8sZbqVn09cOqXFRJ8T+1XLetW9 gtmKQNg4nQpm6xorqal7uZiHlksaKh1BweXm/iTwpNw2s0H53SbE6mX5IJo1r8/e +lUYvX/ygC/suAx1tDFOb3RlOiA8cnJvdGhlbmJAaWMuc3VueXNiLmVkdT4gZXhw aXJlcyBBdWd1c3QgJzk2iQCVAwUQMcT5OtscUKerH0gxAQFYZgQAo6LLlDLSuBF6 TlQjSH3yVuEh5hv8BZ0Jc6EcLlnC8brZD9k+sH0y0NknPcIVTzl5j3V+WCS0M2Pz bE4uZDEi7arfK3plhsU2JtGM9thl1LyaTvUyVR1ycvskJh3AMHvG+EhhfgLyngtE JLpKdFJSOoKPDRGTYyZ3jmtpN7p2vP60JlAuTy5Cb3ggMTMyNyBTdG9ueSBCcm9v aywgTlkgMTE3OTAgVVNB =aX7r -----END PGP PUBLIC KEY BLOCK----- --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From amehta at giasdl01.vsnl.net.in Sun Jul 14 05:33:39 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sun, 14 Jul 1996 20:33:39 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download In-Reply-To: <199607131454.AA13554@tigger.jvnc.net> Message-ID: On Sat, 13 Jul 1996, Harry Hochheiser wrote: > On 12 Jul 96 at 21:31, Arun Mehta wrote: > > >VSNL, my government-owned > > ISP (which also has a monopoly on all international traffic) made me > > sign that I will not use my Internet connection for voice traffic. > > Is there any way they could find out if I were using PGPfone, or > > rather, could I prevent them from finding out? > Most Internet telephony systems use UDP packets to transfer speech, > since the lower overhead of UDP (as opposed to TCP) allows for better > throughput. I assume (but I'm not certain) that PGPfone works > the same way. > > Unfortunately, most of your other TCP/IP communication will be based > on TCP packets. Therefore, it's theoretically possible for your ISP > to monitor your traffic, watching for large numbers of UDP packets. Thanks for the input. Is UDP used for other purposes not related to voice that I might pretend to be doing? Or is there still some way of fooling them? Arun > > > > --------------- > Harry Hochheiser harry at tigger.jvnc.net > 08 3A B5 F6 47 7F C7 C4 28 B4 8D D2 2E DF F6 1E > > From deviant at pooh-corner.com Sun Jul 14 05:49:16 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 14 Jul 1996 20:49:16 +0800 Subject: Minitel "saved" by hackers? In-Reply-To: <199607121211.IAA25706@unix.asb.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 12 Jul 1996, Deranged Mutant wrote: > Date: Fri, 12 Jul 1996 07:55:12 +0000 > From: Deranged Mutant > To: Daniel Salber > Cc: cypherpunks at toad.com > Subject: Re: Minitel "saved" by hackers? > > On 12 Jul 96 at 5:51, Daniel Salber wrote: > [..] > > As Minow pointed out, this is not the only case of "hijacking". The > > telephone was first intended as a way to listen to remote concerts. Then > > users found out they could use it for one-to-one conversations. > > This is innacurate. No, methinks it's wrong. From every history of > telephones I have read and heard, it was never that way. > > The original conception was of using the telephone for broadcasting. > It's implementation in most countries was for point-to-point > communication... it wasn't a matter of the users 'found they could > use it' (at least not in the US). > [SIG skipped] Umm.. check again... Bell origonally conceived the telephone as a means of broadband communication, like radio is today. Bruce Sterling explains this exceptionally well in his book "The Hacker Crackdown" (Nonfiction) -- Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeijDjAJap8fyDMVAQHObQf+IKVX42WUmnareinWeKoYtvuSXG3+8gB7 +wmxyXkKc6Qs7Xgi7N3PMlLqkdnZhI/Q1JxQmj2FshwvMN1gsVeP3ZUnADrjCJXw JR6JvXggchkWUR4lANVE8LUmktdcdtmiCPile9fpj5BF07Yi0z9mAesLxnk1SZWm +M7dYvUgByDjF0QuiEjGu0yTNxHWf9MTZlDkGmFZGgn9oUXalPNHJKcm7Vmg1i5J I5zFcaG3EnvLSPsLw6rh9HK93QAjeRxnCjKdiCdznp8QjeF8R8Mq1yFidxcEaplO JW3yx8PASUhAtqDXfte5QT85iqzOehauWQrnDxMqIR+4hN2/r8krhQ== =1Tzv -----END PGP SIGNATURE----- From deviant at pooh-corner.com Sun Jul 14 05:49:23 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 14 Jul 1996 20:49:23 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121854.LAA29560@slack.lne.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 12 Jul 1996, Eric Murray wrote: > > They said no problem, but... They said nothing I can do will block it > > when I call 800 numbers. "The people with 800 numbers have special > > software, and there is nothing you can do to block your identity when > > calling them. Not even *67." > > Same in Pacific Bell land. We get two options- "partial blocking" > which really means tht you have to use *67 to block CID to > non-800/900 numbers, and "complete blocking" which blocks CID > to non-800/900 numbers. > > When I called the Pac Bell customer service droids to get my "complete" > blocking I asked them why they won't block CID to 800 numbers. > Their answer: "that's just the way it works". > It has been this way since the advent of electronic switching, and it will always be this way. 800/888/900 numbers get ANI, which is, basicly, the same way 911 knows who you are. While not exactly identical to E911, they are strikingly similar. I beleive that somebody else has, correctly, suggested that if you wish to know more about this sort of thing, read the alt.2600 FAQ. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMeilvTAJap8fyDMVAQEfSAf+PrrTzw0hOWC2TlPO2eXfQXLfwFs+kDwn DIb7GH1wby3t7vmc91QITi0mR4GybCX3HZTXaNJ+MzqWEcjhC6gCK3zAwmtIrUtE 0hcE1qM06O2JdQcPTjhZEf483a5NK88bczTpMXRXeAayFHERgOnVUr7hfHwSaahA ZBkPBhCf0jQHsImLyAMcwuNsLdvZbiCtcNAYDYNtEQv9XhLCH7smNkVCfW/OzYd2 7N2RUe9lTmc+fzeoTQSYlXuWVg510lVUIoMl/uuWq+6R3J9bfmjbjHos1Nay8b4+ ugih/0LetvhG41CLFTHiMPqchL5Fh6sjVNpT6axCnZ1yA29q/9KGGQ== =uuvK -----END PGP SIGNATURE----- From jti at i-manila.com.ph Sun Jul 14 06:07:04 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Sun, 14 Jul 1996 21:07:04 +0800 Subject: Stuffs used for detection Message-ID: <01BB71A5.FB7DF8A0@ip138.i-manila.com.ph> In our school library, there is a depository area wherein you deposit your things and get the tag. Since the library doesn't allow those tags to be brought out from the library, everytime you brought it out and pass by the door, it will alarm. Does anyone know what stuff is that? How come it is alarmed? I brought some metals but it wouldn't alarm... Why those tag would alarm them??? From anvil at encryption.com Sun Jul 14 06:10:48 1996 From: anvil at encryption.com (anvil at encryption.com) Date: Sun, 14 Jul 1996 21:10:48 +0800 Subject: Needed: Bay Area "Cracker" for TV Show In-Reply-To: Message-ID: <9607140932.AA06667@pulm1.accessone.com> On Fri, 12 Jul 1996, Alan Horowitz wrote: >> July 11th, a San Francisco television reporter called me. He wants to >> broadcast a story about "crackers". He'd like someone who can describe, >> on-the-air > > >Hey peachpit > >The cartoon news broadcasts are part of the problem, not part of the >solution. > And apparently they'd like to charge you to *be* part of the problem. I offer the following (I'd like to file this under 'clueless', but you never know...) ================================================================================== Return-Path: Received: from cyberone.com ([206.102.194.2]) by pulm1.accessone.com (4.1/SMI-4.1) id AA23842; Fri, 12 Jul 96 16:32:30 PDT Received: by cyberone.com (940816.SGI.8.6.9/940406.SGI) for anvil at ACCESSONE.COM id TAA21956; Fri, 12 Jul 1996 19:23:20 -0400 Date: Fri, 12 Jul 1996 19:23:20 -0400 From: patty at cyberone.com (Patty Elliot) Message-Id: <199607122323.TAA21956 at cyberone.com> Subject: Your site: ENCRYPTION.COM Apparently-To: anvil at ACCESSONE.COM X-UIDL: 837333887.020 Dear Sir, We are producing the national television series .com hosted by Star Wars celebrity Mark Hamill. The series airs nationally on CNBC and the Bravo Network and is all about the Internet and how it is changing the way we do business. We are reviewing storylines and Web Sites to be featured in our fall programming. We have featured stories on digital Imaging including Kodak, on-line banking with Digital Insight, and Healthful On Line Web Sites such The American Heart Association as well as many others. Please take this time to complete this brief questionnaire and we will consider your story and Web Site as a feature on the show. If the story or Web Site fits our programming requirements, one of our producers will contact you. There is a pre-production fee to participate on the show which offsets some of the pre-production costs, however we pay for all of the production and post production costs. Please allow us at least one week to review your response and your web site, Thank-you. Patty Elliot Vice President, Programming Questionnaire What is your URL: http://www. _______________________ What kind of information is available at your Web Site? What is the message you would like to communicate to the viewer? What are the most important functions of the Web Site? Who are you trying to reach? Where are you promoting now? Is your company a public or private company? How many employees are devoted to managing your web site? What sales category would your company fall? (Less then 1 mill) : (1-5 mill): (6-50 mill): (51-100 mill): (101 mill +): Who is in charge of marketing your Web Site? Name: Title: Tel: Fax: email: Address: -- J R Slack I'm not really a cryptographer, I just play one on the Internet. 68 FLH, "In wildness is the preservation of the world" - H.D. Thoreau 63 R60 "In wildness is the preservation of the soul" - H.D. Motorcycles From tn0s+ at andrew.cmu.edu Sun Jul 14 06:39:10 1996 From: tn0s+ at andrew.cmu.edu (Timothy Lawrence Nali) Date: Sun, 14 Jul 1996 21:39:10 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 14-Jul-96 Re: ANNOUNCEMENT: PGPfone B.. by Arun Mehta at giasdl01.vsnl > Thanks for the input. > > Is UDP used for other purposes not related to voice that I might pretend > to be doing? Or is there still some way of fooling them? One thing that comes to mind are network games. I not sure if Doom or Quake can use UDP, but I'm fairly certain that Netrek uses UDP packets (up to 16 players run client programs which communicate with a game server using TCP or UDP). _____________________________________________________________________________ Tim Nali \ "We are the music makers, and we are the dreamers of tn0s at andrew.cmu.edu \ the dreams" -Willy Wonka and the Chocolate Factory From mcarpent at Dusk.obscure.net Sun Jul 14 06:59:45 1996 From: mcarpent at Dusk.obscure.net (Matt Carpenter) Date: Sun, 14 Jul 1996 21:59:45 +0800 Subject: Execution of signed scripts received by e-mail Message-ID: <199607141040.FAA01292@Dusk.obscure.net> -----BEGIN PGP SIGNED MESSAGE----- Steffen Zahn writes: > Matt> Get one input line at a time, and look for Reply-To: and > att> From: headers to get a reply address. As we are slurping up > Matt> lines, watch for '-----BEGIN PGP' lines. If it is for > >I suggest ignoring Reply-To: etc and requiring a return address inside >the signed region of the mail, otherwise someone could intercept the mail >(suppressing the original) and resend it from his account and the results >would get sent to the interceptor. This is a very good suggestion. I'll change emscrypt to use this. > Another idea would be to extract the return address from the PGP userid >which signed the script. I see that Mark M. has already commented on this, but I'll also add that I didn't want to limit the reply to the address attached to the key. For example, I have several accounts spread around, and I might want the replies to go to anyone of them. >Regards > Steffen Thanks for the input. - --Matt - -- mcarpent at mailhost.tcs.tulane.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMejLASjtJAMyBnp9AQEWyAf+IgmEApjh7CGo+sdCueH9BPQKLb9Dk7Qj 1HK7HoR8Dz/TnDPLicJgiaYj9z8gDfGLYWu2L4UIDIgQukb3o1JWOshTQAgyoCe9 gYxTYHvroNqMvq3ptPeeY73NVGsyTZnlcYJ/dlhWT90jReCZmIcrbpJNt+TIgGcm /s57Nw2zJzM8RrIWsCqs7gM0qogR2e71Gn4M+UFz9BfmMEw4X8qwZcD5M1//9VSi TqDjWnVucuUoWVZk+Bb6lKcxPwlAx6BxUZLaNaZrPlqvrSYJS4l451vgWkpcixSy Uuj+LU0cPd6qA3CHRHF4nllf3JcMP3uJeeWbmFjOZ+ItKkyQTSIVwQ== =JIXQ -----END PGP SIGNATURE----- From mcarpent at Dusk.obscure.net Sun Jul 14 06:59:55 1996 From: mcarpent at Dusk.obscure.net (Matt Carpenter) Date: Sun, 14 Jul 1996 21:59:55 +0800 Subject: Execution of signed scripts received by e-mail Message-ID: <199607141042.FAA01300@Dusk.obscure.net> -----BEGIN PGP SIGNED MESSAGE----- Hal writes: > > That sounds very impressive! The one problem I've run into with mail > filtering software is that each message asynchronously spawns a separate > filter process. This can cause some conflicts with accessing disk files. > I haven't used procmail so I don't know if it has this problem. But if > so you may need to be careful if there are any cases where two processes > could be accessing the same disk files. For example, what if two copies > of an identical email message arrive at almost the same time, would your > dup detection work. If I am reading the procmail docs correctly, then the following recipe should create a lockfile called 'emscrypt.lock' which will prevent more than one instance of the script from being run at a time :0:emscrypt ^ Subject.*SQUEAMISH OSSIFRAGE |/PATH/emscrypt I agree it would be better if emscrypt used its own locks on the timestamp files. However, it is my understanding (someone please correct me if I am wrong) that there is no simple way to provide file locking in Perl that is portable across the various flavours of Unix (see the descriptions of the fcntl and flock functions on p. 144-145 of the Camel book). So I haven't tried to implement locking from within emscrypt yet. Of course, if these functions are available on the majority of machines (anyone?) then I should probably use them. > The other issue is the possibility of mail arriving out of order. Looking > for increasing timestamps may cause spurious rejection of some messages. > On the other hand this is a difficult problem to handle in general so > probably the current solution is OK. Yeah, I though about that too. It can be somewhat alleviated by batching the individually signed scripts into a single mail message, if you know you are going to be submitting several scripts close together in time. Any other ideas? > > Hal > Thanks for the feedback. - --Matt - -- mcarpent at mailhost.tcs.tulane.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMejLIijtJAMyBnp9AQHnYgf6AkCfu7KLGKmJ6JNe0JscYkqWwHWGStFW 0u0dMrQekySy75iRqvyHJ789BhUj2gH5DhKBK97C0AhKj2jmv//7RALadqXOa73G 9nF31evxd+IItWaxeWbQQT9yNvEOz/bmLrz0bgH+GEwKHRFmUmwOObo4bw59M2bc EianNNT0Ig4tOcVt6kaxWm79PylQvDvtIxy6e3g0wIyg0gUI9vzGSa7S1y9PAJSB d60yJAfYKSEPGoab8fDbrTbJLMUfR1BYevdHrJxxCiuOj9uhIEfCnHua/P6k6tvP ZIa8Bz3jilq+AE/+CzBezk0IJmq7MEMQFJHyk/1AtKwY58x6xxWxuQ== =S64i -----END PGP SIGNATURE----- From mcarpent at Dusk.obscure.net Sun Jul 14 07:03:59 1996 From: mcarpent at Dusk.obscure.net (Matt Carpenter) Date: Sun, 14 Jul 1996 22:03:59 +0800 Subject: Execution of signed scripts received by e-mail In-Reply-To: Message-ID: <199607141037.FAA01283@Dusk.obscure.net> -----BEGIN PGP SIGNED MESSAGE----- Mark M. writes: > > On Sat, 13 Jul 1996, Steffen Zahn wrote: > > > I suggest ignoring Reply-To: etc and requiring a return address inside > > the signed region of the mail, otherwise someone could intercept the mail > > (suppressing the original) and resend it from his account and the results > > would get sent to the interceptor. > > I agree. Having a return address outside the signature allows for denial-o= > f- > service attacks and it would be trivial to intercept the output of the scri= > pt. > Definitely not a Good Thing. > > > Another idea would be to extract the return address from the PGP userid > > which signed the script. > > There are a couple of problems with this idea: > > - The security of this scheme depends on trusting the user to sign her > key. If the user doesn't, than an attacker can intercept the user's > key and alter the key ID. > > - Even if the user does sign her key, there is still the problem of > an attacker being able to generate a key with an identical key ID and > and a different user ID. If the attacker has the ability to intercept > and modify messages, a MITM attack would be very effective. If the > key's fingerprint was included in the signed message, an MITM attack > would be necessary to subvert the system. > > If the key's fingerprint is included in the message, then it certainly woul= > dn't > take much more effort to put a return address in the signed body of the > message. Those are both very good ideas. I'll have it require both the return address and key fingerprint in the signed portion of the message. > >-- Mark Thanks for the suggestions. - --Matt - -- mcarpent at mailhost.tcs.tulane.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMejMPCjtJAMyBnp9AQFWhAf+PJkWptoICREg2a0Er6aHXPaNGzsERqad dovSi5D8qByIzvr1ge0sjGxDAIaLXGjH4XMEAEjr+lZQI7jVa3f5wnGQRVneqbXB sEI+Oh+3EnWut+hCAsr+PDIcRb1kLsp9v/rGhVxQkYhsLTJ55RDv5YYXVWxmB0ye zfsuERnh6+V/q3FLs7UgAn7OjdpD3NiuFizUI4li4M03o3yT9dbecmkv0pvdeOV4 2GEHnX4WhZpmqviWHcqNkjmhcFN8hq0UHHm6oqVBW1qm/LjdHCHHZLaSHbwtIVHa Bp39AxJfmTurwMosW3alxfWselCr6fUGBSQ7j9/REFAgt9aBxk4ISg== =Ruc9 -----END PGP SIGNATURE----- From weffross at counsel.com Sun Jul 14 08:12:04 1996 From: weffross at counsel.com (Walter A Effross -- American Univ. - Washington ) Date: Sun, 14 Jul 1996 23:12:04 +0800 Subject: Call for Papers Message-ID: <9607141157.AA08978@ad0.reach.com> The American University Law Review encourages submissions for possible publication in its upcoming Symposium Issue on The Electronic Future of Cash. American University's Washington College of Law is now planning a full-day conference to accompany the publication of this issue in the Spring of 1997. Topics of interest include, but are not limited to: -- Consumer Protection. The relative advantages and disadvantages to consumers of debit cards, smart cards, on-line cash accounts, electronic checks, digital scrip, and other forms of electronic payment for "cash" transactions ("Electronic Cash"), especially as contrasted with payment by cash, paper checks, and credit cards. The current or potential application of consumer protection statutes and regulations to forms of Electronic Cash. -- Uniform Commercial Code. The extent to which the UCC and associated regulations already cover, or should be extended or modified to cover, Electronic Cash. -- "E-Bank" Regulation. The regulation of issuers of Electronic Cash. -- Criminality. The applicability and creation of laws concerning crimes (counterfeiting, money-laundering, electronic ransom payments, etc.) involving Electronic Cash. -- Privacy, Encryption, and Anonymity. The extent to which the privacy of merchants and consumers engaging in transactions with Electronic Cash can and should be legally protected. -- Security Concerns. Legal issues involving the protection of Electronic Cash systems from hackers, fraudulent participants, and other security threats. -- Microtransactions. Legal issues concerning the implementation and regulation of on-line systems that involve payments of small amounts of Electronic Cash by consumers to service or content providers. -- Interstate and International Aspects. (e.g., Jurisdiction, Choice of Law, Taxation). -- Role of the Federal Government. Should the Government be setting the ground rules for competition among systems and varieties of Electronic Cash? Selecting one or more systems for national implementation? Or just allowing the market to decide? Submissions should be approximately 100 double-spaced pages in length, written in traditional law review format with sufficient footnotes and documentation. Citations should conform to The Bluebook: A Uniform System of Citation (15th ed.1991). Papers should be received by The Law Review by October 1, 1996, and will be selected within two weeks of this deadline. Authors of papers accepted for publication will be expected to confirm within seven days after acceptance their agreement to contribute these papers to the Symposium Issue. Submissions should be made in hard copy to: The American University Law Review/Electronic Cash Symposium, Heather J. Russell/Senior Articles Editor, Washington College of Law, 4801 Massachusetts Avenue, N.W., Suite 617, Washington, DC 20016. Questions can be addressed to Professor Walter A. Effross, [voice] (202) 274-4210, [fax] (202) 274-4130, [e-mail] weffross at counsel.com. From lyalc at ozemail.com.au Sun Jul 14 08:20:29 1996 From: lyalc at ozemail.com.au (Lyal Collins) Date: Sun, 14 Jul 1996 23:20:29 +0800 Subject: Cybank breaks new ground; rejects public-key encryption In-Reply-To: Message-ID: <31E9DCF8.43EA@ozemail.com.au> Actually, it doesn't take too much effort to discover them yourself. Get a visual basic discomplier (VB version 4 compatible need, I think), and go for It. I cracked version 1.5 of the Cybank software - I could load up an ".INI file" with as much "value" as I wanted. Basically, they seem to convert ASCII characters to the decimal value of the hex code, then add, subtract etc on that value, along with some XOR'ing of the resulting string and an embedded table of data. Oh, and it's all "locked" by the serial number, generated from the install date and time. Yeah I trust it - not. I hesitate to distribute the discomplied source code I used, asince it may get used by the unscrupulous to do trusting Cybank customers out of their hard earned money. Maybe, enough resquests will convince me otherwise. Or, take a challenge, - it took me 6 hours to achieve this, including learing enough VB3 (ther version I cracked, 1.5 was in VB3). Lyal -- All mistakes in this message belong to me - you should not use them! From wilcoxb at nagtje.cs.colorado.edu Sun Jul 14 08:36:04 1996 From: wilcoxb at nagtje.cs.colorado.edu (Bryce) Date: Sun, 14 Jul 1996 23:36:04 +0800 Subject: e-mail spam solution by Bryce Re: ADMIN: Please ignore HLD publishing In-Reply-To: Message-ID: <199607141226.GAA17430@nagtje.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- [this is an e-mail reply to a Usenet post, carbon-copied to cypherpunks list.] In comp.os.linux.announce you, Lars Wirzenius , wrote: > >Meanwhile, I'm beginning to feel rather annoyed by the general spam >problem, especially e-mail spam. Me too. > During the worst days, about half of my non-mailing-list mail is spam. > I am in the process of installing a filter that will make it more > difficult to reach me via e-mail. I am going to require strangers to > use a password in the subject line to reach me (people I know will be > put onto a whitelist). It will be easy to get the password, but > I doubt that spammers will bother. This filtering is not in effect > yet. I'll inform you when it is. I have a great idea for an upgrade to your filter, for that fateful day when spammers start using your password: Have your filter reject any incoming mail which is not 1) from one of your white-listed friends or 2) accompanied by a one U.S. Dollar "good faith" deposit. Spammers will not find it worthwhile to send unwanted mail, because it costs them one dollar each time. But people who sincerely have interesting information for you, even if they are not people on your whitelist, can send the one dollar "good faith" deposit with a good chance that you will give the money back to them once you have read their letter. Just another example of how Ecash(tm) is going to improve the Net. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: www.c2.net/~bryce -- 'BAP' Easy-PGP v1.1b2 iQCVAwUBMejncPWZSllhfG25AQEypAQAkiC1O4nab+aLMo6v3stbHUm/VLtHo+lC kIOD+UU+ckc4/vHEMLWgT4LfQ2EH338GxOkA7zgcBe9nhcBxIqvlqU5BurmLie/X j7xXFcQTzf+D+fIaD3xBjQrs/g2oOwqiGrCKCkEf3MWzYu1J7Bw1W458vjziizyu +Q8VBY6cVV0= =nRLB -----END PGP SIGNATURE----- From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sun Jul 14 09:05:37 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Mon, 15 Jul 1996 00:05:37 +0800 Subject: Correction Re: Can the inevitability of Software privacy be used . . . In-Reply-To: <199607131808.OAA10339@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: <199607141249.IAA15965@pdj2-ra.F-REMOTE.CWRU.Edu> I wrote: : : The ITAR do NOT apply to books. : : The only trouble with this claim is that it does not conform to the : language of the ITAR or with the whimsical practices of the Office of : Defense Trade Controls. There is no exception for books, except for : those that are in the public domain because they are sold in book stores : and at newstands or are found in libraries, and the ODT insists that one : cannot put a book into the public domain by putting it into the public : domain or by selling it in a bookstore. Whereas I meant to say: : cannot put a book into the public domain by putting it into _a : library_ or by selling it in a bookstore. I hope that this did not cause any confusion. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From moroni at scranton.com Sun Jul 14 10:25:25 1996 From: moroni at scranton.com (Moroni) Date: Mon, 15 Jul 1996 01:25:25 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: The reason that caller ID cannot be blocked to 800 and 900 numbers is that it is used for billing purposes by the telephone company to the person or business who owns that 900 or 800 number. EX: L.L.Bean ( alarge mailorder sporting goods store in Freeport,Maine) gets thousands of calls from their clientele around the country.The 800s because they are not charged to the person calling the L.L.Bean must be charged to someone to pay the expenses of running the telephone equiptment and the profits going to the stckholders so who pays ? The businesses pay. A way must be found to figure out what they owe and the only way to do that is to keep records. They records as they stand now include the phone number from which they were dialed and the length of the call. My phone call to them from Scranton ,Pa will cost the L.L.Bean less then Tim Mays from California because I am closer. That is unless I perhaps have a package missing and need to stay on the customer service line for twenty minutes or longer when he just placed an order and got off in under five. THe phone company looks at the L.L.Bean phone records and send them a bill that includes how much it cost me to make that phone call to them to find out if the package got lost and Tim's to order that wheelbarrow and all the other callers. Each caller will have cost the L.L.Bean a different amount of money. The telephone number on the reords. It can be used to track down teenage hackers who want to upgrade their disk drives(Bean has none) and other stuff too dependent upon the size of the company (not Bean)and the integrity of the employees. It could conceivably be used by an unscrupulous employee from Sadie's S and M to blackmail someone or the whole clientele list. This is unforunate. What could concevably be done is that the software could be reprogrammed to delete the phone number immediatley after the computation. Or to have the computation done immediately and deltion to accompany it. third, the phone company could reprogram it so the mileage and time is computed somhow without the logging of the caller. All of this has to do computer programming and I find none of the aforementioned an impossibility to achieve. moroni From sparks at bah.com Sun Jul 14 10:35:52 1996 From: sparks at bah.com (Charley Sparks) Date: Mon, 15 Jul 1996 01:35:52 +0800 Subject: Needed: Bay Area "Cracker" for TV Show Message-ID: Perhaps we should spam them with responses and encrypt all of them ?? only a small Sunday morning thought ! no reason for a sig... CP wannabe >From: anvil at encryption.com >Date: Sun, 14 Jul 96 02:32:20 PDT >Mime-Version: 1.0 >Subject: Re: Needed: Bay Area "Cracker" for TV Show >To: cypherpunks at toad.com >Sender: owner-cypherpunks at toad.com >Precedence: bulk > > > >On Fri, 12 Jul 1996, Alan Horowitz wrote: >>> July 11th, a San Francisco television reporter called me. He wants to >>> broadcast a story about "crackers". He'd like someone who can describe, >>> on-the-air >> >> >>Hey peachpit >> >>The cartoon news broadcasts are part of the problem, not part of the >>solution. >> > >And apparently they'd like to charge you to *be* part of the problem. I >offer the >following (I'd like to file this under 'clueless', but you never know...) > >=========================================================================== >======= >Return-Path: >Received: from cyberone.com ([206.102.194.2]) by pulm1.accessone.com >(4.1/SMI-4.1) >id AA23842; Fri, 12 Jul 96 16:32:30 PDT >Received: by cyberone.com (940816.SGI.8.6.9/940406.SGI) for >anvil at ACCESSONE.COM id >TAA21956; Fri, 12 Jul 1996 19:23:20 -0400 >Date: Fri, 12 Jul 1996 19:23:20 -0400 >From: patty at cyberone.com (Patty Elliot) >Message-Id: <199607122323.TAA21956 at cyberone.com> >Subject: Your site: ENCRYPTION.COM >Apparently-To: anvil at ACCESSONE.COM >X-UIDL: 837333887.020 > >Dear Sir, >We are producing the national television series .com hosted by Star Wars > celebrity Mark Hamill. The series airs nationally on CNBC and the Bravo > Network and is all about the Internet and how it is changing the way we do > business. We are reviewing storylines and Web Sites to be featured in >our fall > programming. > > We have featured stories on digital Imaging including Kodak, on-line banking > with Digital Insight, and Healthful On Line Web Sites such The American Heart > Association as well as many others. > > Please take this time to complete this brief questionnaire and we will >consider > your story and Web Site as a feature on the show. If the story or Web >Site fits > our programming requirements, one of our producers will contact you. > > There is a pre-production fee to participate on the show which offsets >some of > the pre-production costs, however we pay for all of the production and post > production costs. > > Please allow us at least one week to review your response and your web site, > Thank-you. > > > > Patty Elliot > Vice President, Programming > > > Questionnaire > > > What is your URL: http://www. _______________________ > > What kind of information is available at your Web Site? > > What is the message you would like to communicate to the viewer? > > What are the most important functions of the Web Site? > > Who are you trying to reach? > > Where are you promoting now? > > Is your company a public or private company? > > How many employees are devoted to managing your web site? > > What sales category would your company fall? > (Less then 1 mill) : > (1-5 mill): > (6-50 mill): > (51-100 mill): > (101 mill +): > > Who is in charge of marketing your Web Site? > > > Name: Title: > > Tel: > > Fax: > > email: > > Address: > > > > >-- >J R Slack I'm not really a cryptographer, I just play one on the Internet. >68 FLH, "In wildness is the preservation of the world" - H.D. Thoreau >63 R60 "In wildness is the preservation of the soul" - H.D. Motorcycles > From jf_avon at citenet.net Sun Jul 14 12:51:49 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Mon, 15 Jul 1996 03:51:49 +0800 Subject: Failed mail Message-ID: <9607141612.AA14447@cti02.citenet.net> On 13 Jul 96 at 22:22, root at mail.demon.net wrote: Could you please explain me why my message was blocked? P.S. any CPunks who could answer my questions below? Please reply by e-mail. Thanks ---------- begin quoted message ------------- > Whilst talking to mist.demon.co.uk: > > MAIL FROM: > 503 Local policy blocks mail from > > ------ Original Message Follows ------ > > Received: from punt-1.mail.demon.net by mailstore for iolo at mist.demon.co.uk > id 837281345:17284:1; Sat, 13 Jul 96 19:09:05 BST > Received: from cti02.citenet.net ([198.53.26.132]) by punt-1.mail.demon.net > id aa16801; 13 Jul 96 19:08 +0100 > Received: from g34-138.citenet.net by cti02.citenet.net (4.1/SMI-4.1) > id AA13507; Sat, 13 Jul 96 13:17:50 EDT > Message-Id: <9607131717.AA13507 at cti02.citenet.net> > Comments: Authenticated sender is > From: "Jean-Francois Avon" > Organization: JFA Technologies > To: Edgar Swank > Date: Sat, 13 Jul 1996 13:13:33 -0500 > Subject: SecureDrive(IDEA), Realdeal and plaintext attack > Reply-To: jf_avon at citenet.net > Cc: Iolo Davidson , > Arnoud "Galactus" Engelfriet > Priority: normal > X-Mailer: Pegasus Mail for Windows (v2.32) > > Hi! > > I wrote to you the other day to send you my config files (excepted > Galactus). > > Just to refresh your memory: > > I use Secure Drive 1.4a on my data drive. > > While running Win3.11wg (with dos7 with locked drives), I load > realdeal.exe /pers . > > > Question: > > Since realdeal overwrite everything with 0s, and that theses > zeroed sectors are encrypted later with IDEA, will that give an > attacker an edge? The attacker will likely know that there are > large disk areas that contains 0s. > > Any comments? > > Thanks > > jfa > > DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal > JFA Technologies, R&D consultants: physicists, technologists and engineers. > > PGP keys at: http://w3.citenet.net/users/jf_avon > ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 > > -------- end quoted message --------------- From rp at rpini.com Sun Jul 14 13:30:04 1996 From: rp at rpini.com (Remo Pini) Date: Mon, 15 Jul 1996 04:30:04 +0800 Subject: Stuffs used for detection Message-ID: <1.5.4.32.19960714164618.008c35ac@193.246.3.200> At 09:52 PM 7/12/96 +0800, you wrote: >In our school library, there is a depository area wherein you deposit your things and get the tag. Since the library doesn't allow those tags to be brought out from the library, everytime you brought it out and pass by the door, it will alarm. Does anyone know what stuff is that? How come it is alarmed? I brought some metals but it wouldn't alarm... Why those tag would alarm them??? > Most of these systems are made of an oszillator (basically a few windings of a wire with a capacitor: ------ / \ �--��--� \ / ------ This acts like an ordinary RLC-Oszillator. When you put it in a electrical field with the right frequency, it will effect the field strong enough to be detectable. So, if you shield it, you win. ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From david at sternlight.com Sun Jul 14 13:55:16 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 15 Jul 1996 04:55:16 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates In-Reply-To: <199607131822.OAA13918@unix.asb.com> Message-ID: At 7:05 AM -0700 7/13/96, Deranged Mutant wrote: >On 12 Jul 96 at 18:23, Bob Palacios posted: > >[Banner Snipped!]] >> CDT POLICY POST Volume 2, Number 27 July 12, 1996 >[..] > >> Today's statement is essentially a re-statement of the Clipper III proposal >> released in May. Among other things, the Vice President: >> >> * Called for the liberalization of export controls provided computer >> users participate in a "global key management infrastructure" >> designed to make personal encryption keys accessible to law >> enforcement. > >This is particularly problematic... if the mainland Chinese gov't >requested a key from a N.Amercian or European (or even UN controlled) >escrow agency, who is to say it isn't really for political reasons >(even though they may claim the persons are drug smugglers)? > >Or what if the 'crime' was, say, discussing Mormon beliefs, which is >illegal in Singapore (and I think Russia as well)? > >Or what if some terrorist was using keys escrowed in a country that >sponsered terrorist acts? Your best shot would be to make sure the part about the system being voluntary was hard-wired into any legislation or rule-making. Unless and until ITAR is modified by Congress, the USG has what Mark Twain called "the calm confidence of a Christian with four aces" on this matter. That is--unless and until Congress acts, the Administration has absolute discretion with respect to the conditions under which they will liberalize the administration of ITAR. David From david at sternlight.com Sun Jul 14 14:13:54 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 15 Jul 1996 05:13:54 +0800 Subject: Correction Re: Can the inevitability of Software privacy beused . . . In-Reply-To: <199607131808.OAA10339@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: At 5:49 AM -0700 7/14/96, Peter D. Junger wrote: >I wrote: > >: : The ITAR do NOT apply to books. >: >: The only trouble with this claim is that it does not conform to the >: language of the ITAR or with the whimsical practices of the Office of >: Defense Trade Controls. There is no exception for books, except for >: those that are in the public domain because they are sold in book stores >: and at newstands or are found in libraries, and the ODT insists that one >: cannot put a book into the public domain by putting it into the public >: domain or by selling it in a bookstore. > >Whereas I meant to say: > >: cannot put a book into the public domain by putting it into _a >: library_ or by selling it in a bookstore. > >I hope that this did not cause any confusion. Let's see if I understood what you said. Is "a" the operative word--that is, are you telling us that a book is in the public domain if it is widely sold in bookstores or held in libraries, but that you can't put it in the public domain by selling it in one bookstore or depositing it in one library? If so how many are enough? If not, please clarify further. Thanks; David -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00003.pgp Type: application/octet-stream Size: 288 bytes Desc: "PGP signature" URL: From dlv at bwalk.dm.com Sun Jul 14 14:29:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 15 Jul 1996 05:29:14 +0800 Subject: [LONG,FUNNY,NOISE] Cypherpunk wannabe threatens a lawsuit :-) Message-ID: <22D3qD135w165w@bwalk.dm.com> Cypherpunks, I offer these two Usenet articles for your amusement. In article 1, I follow up on Bruce Bough's article, and, among many other things, defend his right to vote (questioned by the orthodox Jewish homophobe Dan Hartung). (It's very long and technical, so you can skip it.) In article 2, Bruce Bough follows up on my article and threatens to prosecute me under the Americans with Disability Act for misspelling his name. This is almost as funny as his litanies about his dementia and memory loss. Have fun. Article 1: =============================================================================== From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Newsgroups: news.admin.net-abuse.misc,news.admin.censorship,news.admin.policy,alt.config,news.groups,alt.journalism,atl.general,alt.culture.usenet,alt.internet.media-coverage,alt.wired,alt.cyberspace,talk.politics.misc,news.admin.net-abuse.misc,ga.general,misc.news.internet.discuss,soc.culture.russian,alt.flame.jan-isley,talk.forgery,alt.usenet.kooks,alt.grelb Subject: Re: Towards A Usenet Social Contract References: <4rpvfi$smg at doc.jmu.edu> <4rv6m7$3ns_002 at mycroft.kenosis.com> Message-ID: Date: Sat, 13 Jul 96 09:25:41 EDT In article <4rv6m7$3ns_002 at mycroft.kenosis.com>, bruce at kenosis.com (Bruce Baugh) wrote: >In article <4rpvfi$smg at doc.jmu.edu>, bumgarls at falcon.jmu.edu (Lee S. Bumgarner) wrote: > >>Is a little premeditation too much to ask for a smoothly working system? > >Yes. The _only_ info the voting process needs to know is whether the >voter is a unique individual. This is in practical terms not an >achievable task. But processes like serialized authenticated ballots at >least move in that direction. Voter registration that gathers _any_ info >beyond establishing the legitimacy of the address is a step in the wrong >direction. Information not in hand can't be abused, and I see great >potential for abuse of any sort of repository of information about voter >interests, preferences, etc. > >Further, any step toward increasing centralization seems to me counter >to the fundamental paradigm of Usenet, which owes its survival to its >decentralized nature. No system with anything like a real center could >have survived the growth of recent years. One of the last things we need >(in addition to info that can be put to abusive purposes being >collected) is any additional bottleneck. > >>in my opinion, prevents this system from being viable. If we have a >>registration system, then the cabal would be small, say 20 or so people. >>They would not be system admins, simply interested readers. > >I give you...news.groups. All that's necessary of this concept exists. >Further, by functioning in an ungoverned environment, it ensures that >what status people have is _earned_ by virtue of their views and >arguments. The current system is completely open to addition of new >figures to the pantheon. Again, centralization creates the potential for >bottlenecks. > >I don't trust _anyone_ with the power to establish a "cabal" of this >sort. I start with myself. Anyone who holds strong views of matters of >controversy faces the problem of bias, and anyone not informed enough >to hold views on them has no business selecting authority figures. I remember how someone recently argued on news.groups that Bruce Bough's votes should be invalidated because he's dying from AIDS. I strongly disagree with Dan's (?) reasoning, which was, I recall, that someone with only a couple of months left to live shouldn't be telling others how to run Usenet after his death. I think we should consider Bruce's opinions as being representative. After all, a Usenet vote is an interest poll, and the voters are just a sample of a larger population. Not everyone who thinks like Bruce Bough is going to die together with him from AIDS within a few months (sigh). Let him vote. The use of numbered ballots (as proposed by Dr. Grubor and implemented by me), will stop the following kinds of net-abuse: * Cabal supporters such as Russ Allberry (spit) e-mailing pre-filled ballots to their mailing lists, sometimes gathering tens of thousands of votes from people who haven't read the CFV; * Cabal supporters forging cancels to censor Usenet articles they claim contain "unauthorized voting instructions". This pretext has been used to stifle campaigning against the proposals the Cabal wanted to pass, as well as to suppress protests against UVV misconduct by Jan Isley (spit) and his cohorts. The use of a simple randomized question about the CFV - find the line that says this and fill in the missing word on the ballot (as proposed by Dr. Grubor and implemented by me), will stop the following kinds of net-abuses: * Cabal supporters such as Stephanie da Silva (spit) vote YES on every moderated newsgroup without reading the CFV; * Cabal supporters such as Chris Stein (spit) vote NO on every unmoderated newsgroup without reading the CFV. There can be no pre-filled ballots under Dr. Grubor's proposal. But Dr. Grubor's proposals don't address the issue of votetaker fraud. For example, we've exposed Jan Isley (spit) as a liar and a forger, who frivolously "invalidated" or "lost" votes from people he didn't like (including myself), and forged cancels for their protests on news.groups. Emory University called Isley's (spit) forgeries "reprehensible" and pulled his plug for net-abuse. The UVV's refusal to use numbered ballots and to ask (simple) questions about the CFV on the ballot is just a lame excuse. They really want to be able to forge cancels for protests posted to news.groups about votetaker misconduct. For example, of the following dozen votes I've cast, I've only received an ack for my NO vote on soc.culture.israel.moderated (fuck you, Jonathan Kamens). Where are the acks for the following ballots: 1. I e-mailed voting at hut.fi and wrote: I vote NO on soc.culture.israel.moderated I received an ack (thank you, Jani). 2. I e-mailed voting at hut.fi and wrote (ballot mark skipped): >Voter name: Dr. Dimitri Vulis > >| Insert YES, NO, ABSTAIN, or CANCEL inside the brackets for each >| newsgroup listed below (do not delete the newsgroup name): > > Your Vote Newsgroup > --------- ----------------------------------------------------------- >[ NO ] rec.arts.comics.marketplace.forsale >[ NO ] rec.arts.comics.marketplace.wanted So far, I received no ack. 3. I e-mailed voting at hut.fi and wrote: >I vote YES on rec.games.bridge.okbridge So far, I received no ack. 4. I e-mailed voting at hut.fi and wrote: >I vote YES on soc.adoption.parenting So far, I received no ack. 5. I e-mailed mtac at infobahn.net and wrote: >I vote NO on misc.transport.air-industry.cargo So far, I received no ack. 6. I e-mailed ccmp at infobahn.net and wrote: >I vote YES on comp.cad.microstation.programmer So far, I received no ack. 7. I e-mailed ceg at infobahn.net and wrote: >I vote YES on comp.emulators.game-consoles So far, I received no ack. 8. I e-mailed smo at infobahn.net and wrote: >I vote NO on sci.med.obgyn So far, I received no ack. 9. I e-mailed saf at infobahn.net and wrote: >I vote YES on sci.agriculture.net So far, I received no ack. 10. I e-mailed david.bostwick at chemistry.gatech.edu and wrote: >Give your real name here: Dr. Dimitri Vulis >If you do not give your real name, your vote may be rejected. > >[Your Vote] Group (Place your vote below in the brackets next to the group) >------------------------------------------------------------------------- >[YES ] comp.lang.dfl So far, I received no ack. 11. I e-mailed david.bostwick at chemistry.gatech.edu and wrote: >Give your real name here: Dr. Dimitri Vulis >If you do not give your real name, your vote may be rejected. > >[Your Vote] Group (Place your vote below in the brackets next to the group) >------------------------------------------------------------------------- >[ YES ] misc.invest.misc (renames misc.invest) >[ YES ] misc.invest.mutual-funds (renames misc.invest.funds) >[ YES ] misc.invest.options >[ YES ] misc.invest.marketplace So far, I received no ack. 12. I e-mailed dhartung at mcs.com and wrote: >Give your real name here: Dr. Dimitri Vulis >If you do not give a real name on the above line your vote may be rejected. > >[Your Vote] Group >----------------------------------------------------------------------- >[NO ] soc.religion.paganism So far, I received no ack. What's going on? Why are 11 of my ballots not being acknowledged? =============================================================================== Article 2: =============================================================================== Path: ...!newsfeed.internetmci.com!usenet.eel.ufl.edu!psgrain!rainrgnews0!news.aracnet.com!mycroft From: bruce at kenosis.com (Bruce Baugh) Newsgroups: news.admin.net-abuse.misc,news.groups,alt.usenet.kooks Subject: Re: Towards A Usenet Social Contract Date: Sun, 14 Jul 96 00:17:16 GMT Organization: Kenosis Design Lines: 29 Message-ID: <4s9eac$1ag_006 at mycroft.kenosis.com> References: <4rpvfi$smg at doc.jmu.edu> <4rv6m7$3ns_002 at mycroft.kenosis.com> NNTP-Posting-Host: ppp-u11.aracnet.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Newsreader: News Xpress 2.0 Beta #2 In article , dlv at bwalk.dm.com (Dr. Dimitri Vulis) wrote: >of a larger population. Not everyone who thinks like Bruce Bough is going to >die together with him from AIDS within a few months (sigh). Let him vote. Dimitri, I invite you to pick a date, not more than twelve months in the future, beyond which you're certain I will die. I will then post the next day. Not, of course, that I expect you to have the honor to admit now that you're deliberately misreading and misunderstanding my posts, nor to admit in the future that you made a claim demonstrably wrong. Nor, I see, can you spell my name correctly, even though you quote it routinely in reply lines and sig files. People who can't read what's in front of them on screen lose credibility when it comes to proposing sweeping changes and radical innovations in software. Further, you might want to read up on the Americans With Disabilities Act. Slanderous and defamatory statements about the handicapped - and my government agrees that I do have a real problem, though it's not AIDS - open you up to interesting liability. Bruce Baugh <*> bruce at aracnet.com <*> http://www.aracnet.com/~bruce See my Web pages for New science fiction by Steve Stirling and George Alec Effing er Christlib, the mailing list for Christian and libertarian concerns Daedalus Games, makers of Shadowfist and Feng Shui Unsolicited commercial e-mail will be proofread at $50/hour, min $100. =============================================================================== From adam at homeport.org Sun Jul 14 14:38:39 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 15 Jul 1996 05:38:39 +0800 Subject: Execution of signed scripts received by e-mail In-Reply-To: <199607141042.FAA01300@Dusk.obscure.net> Message-ID: <199607141903.OAA20371@homeport.org> Matt Carpenter wrote: | If I am reading the procmail docs correctly, then the following recipe | should create a lockfile called 'emscrypt.lock' which will prevent more than | one instance of the script from being run at a time | | :0:emscrypt | ^ Subject.*SQUEAMISH OSSIFRAGE | |/PATH/emscrypt | | I agree it would be better if emscrypt used its own locks on the timestamp | files. However, it is my understanding (someone please correct me if I am | wrong) that there is no simple way to provide file locking in Perl that is | portable across the various flavours of Unix (see the descriptions of the | fcntl and flock functions on p. 144-145 of the Camel book). So I haven't | tried to implement locking from within emscrypt yet. Of course, if these | functions are available on the majority of machines (anyone?) then I should | probably use them. procmail includes a program called lockfile, which is based on its thorough as hell lock mechanism tests. If you're calling from procmail, you might decide to require lockfile. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From aba at dcs.ex.ac.uk Sun Jul 14 15:17:18 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 15 Jul 1996 06:17:18 +0800 Subject: setting up disposable remailers Message-ID: <199607141828.TAA00441@server.test.net> Some thoughts on solutions to the remailer operator liability problem. It occurs to me that the risk for the remailer owner could be reduced by separating concerns. That is, introducing separate roles for setting up the remailer so that the identity of as many parties as possible is not determinable to the litigator. Model 1 ------- Separable roles: - person owning the remailer - person installing remailer software - person handling complaints to the remailer In this model a new remailer owner would anonymously email a member of the cypherpunks list asking if they would be interested in installing a remailer in the owners provided account. The remailer owner would anonymously open an account with an ISP offering anonymous shell accounts, and accepting digicash, or cash, and anonymously email the account details to the installer. Optionally, a third party (the maintainer) could be persuaded to accept complaints for the remailer, and (anonymously) send signed instructions to the remailer to bar certain receiving addresses. The only determinable target for a typical litigator would be the ISP. If a more powerful adversary were the litigator, such as a TLA anxious to demonstrate an excuse for it's continued existance, it is possible they may retrieve the identity of the installer (if they do indeed have taps and large IP traffic recording facilities for instance). They may try to hold the installer responsible if unable to find the owner. Model 2 goes some way to reducing risk for the installer. Model 2 ------- In this model the additional separable role of setting up a shell command mail processor on the account is introduced. What I mean by this is as has been discussed on the list recently, that a mail handler which executes signed shell commands emailed, and anonymously emails back the command output. That is to say the remailer owner now passes the account information to the installer of the mail processor. The shell installer sets up the command processor, and leaves. Now the owner gives the PGP secret key of the command processor to the remailer installer (or if the owner feels competent, does this part themselves). Provided that the anonymous remailers used for all of the steps are type2 mixmaster remailers, the system should be much more secure. Adam -- #!/bin/perl -sp0777i Message-ID: >>>>> "Matt" == Matt Carpenter writes: >>>>> "Hal" == Hal writes: Hal> That sounds very impressive! The one problem I've run into with Hal> mail filtering software is that each message asynchronously Hal> spawns a separate filter process. This can cause some conflicts Hal> with accessing disk files. Matt> If I am reading the procmail docs correctly, then the following Matt> recipe should create a lockfile called 'emscrypt.lock' which Matt> will prevent more than one instance of the script from being run Matt> at a time Matt> :0:emscrypt Matt> ^ Subject.*SQUEAMISH OSSIFRAGE Matt> |/PATH/emscrypt That is half correct. It will only create emscrypt.lock if you have configured procmail for that kind of locking, otherwise it will use lockf or flock to make the lock. As Hal pointed out, you will still have one process per message, but they will be processed one at a time. Matt> I agree it would be better if emscrypt used its own locks on the Matt> timestamp files. However, it is my understanding (someone Matt> please correct me if I am wrong) that there is no simple way to Matt> provide file locking in Perl that is portable across the various Matt> flavours of Unix (see the descriptions of the fcntl and flock Matt> functions on p. 144-145 of the Camel book). Another possibility is to call lockfile (a program included with procmail which performs compatible locking). You're better off using procmail's locking as it does what you're looking for, and many people have beat on the code over the years. -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone except you in November. From aba at dcs.ex.ac.uk Sun Jul 14 15:30:20 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 15 Jul 1996 06:30:20 +0800 Subject: Encrypted file systems Message-ID: <199607141148.MAA00279@server.test.net> Some more thoughts on encrypted file system design criteria. A wish list: - Choice of secret key encryption algorithms (IDEA, 3DES, MDC, Blowfish) - Multiple architectures (MSDOS, Win31, Win95, WinNT, Unix, Mac) - High performance (hand optimised assembler for each architecture) - Compression - Ability to chain algorithms (IDEA and then 3DES for example) - Possible to have encrypted file systems on separate partitions, or - Encrypted file system located in a file in another file system (much like DOS stacker drives) this is an ease of use criteria -- I suspect re-partitioning drives would put off many potential users. - Ease of use. Graphical user interface for setup and administration functions, with a very simple set of configurations options displayed by default, with more advanced configuration options available in "expert" mode. - All directory and FAT information should be encrypted, so that it is not possible to discover even number of files, or percentage of disk used without the key - Facility for duress key, with the real data hidden in the unused space of the first encrypted drive. To increase the plausible deniability all unused blocks within a file system should be filled with garbage, so that it is not possible to tell if there is more data there. - File system steganographically hidden in files on another file system (encrypted or not). Support for a wide selection of file formats (Aiff, Wave, Midi, JPEG, GIF, RGB, MPEG). - Ability to use stegoed file system in files on an unencrypted file system, and boot from a floppy to access stegoed file system, with no other traces left on hard disk. Thought for the day: the main barrier for a Chinese dissident to using such software is that being caught with a boot floppy with the software for a stegoed drive would be dangerous. What would solve this would be if Microsoft, Apple, UNIX vendors, Slackware linux included this functionality (or this software itself as useful freeware included with the CD distribution) in their respective O/Ses as non-optional modules -- that is you get the software installed whether you want it or not. If everyone has the software, mere possesion of the software no longer is a problem. Throw in a few useful utilities, like a steganographic interface to anonymous remailers, the address of a few ftp/www by email services, and you have a system with interesting possibilities. To improve the national security of the US, the NSA should be dropping CDs with such software (much like war-time propoganda leaflets air dropped) on undemocratic countries with poor human rights records. Instead they expend their efforts on ITAR... Adam -- #!/bin/perl -sp0777i On the Friday "Clipper III" rehash by the Admin: Balancing Privacy and Official Eavesdropping By JOHN MARKOFF "The president and vice president took an oath to protect our national security," Simon said. "They feel they have to err on the side of protecting national security." The government also said that it did not see an immediate technical solution to the problems that would result from the global proliferation of "strong cryptography." ************** Last time I looked, the oath they took was to protect the Constitution -- not the nation or national security. I don't see an "immediate technical solution" to strong crypto either. Or, indeed, a long-term solution. DCF From tcmay at got.net Sun Jul 14 16:29:02 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 15 Jul 1996 07:29:02 +0800 Subject: Dep. AG Gorelick on CSPAN2 advocating escrow Message-ID: At 1:34 PM 7/13/96, Deranged Mutant wrote: >Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs >for key escrow. Emphasized the what if people lose their keys, or >someone dies, or if an employee steals company secrets & encrypts >them... rather than the usual what if terrorists use crypto line >(though she did mention that too). > >Guess they're taking a new tack to sell it to the public. A lot of >bunkum... (project left to the reader how these can be handled in a >non-GAK manner). And as we all know, having discussed this many times, even if one buys these arguments for the advantages of key escrow, THEY DO NOT APPLY TO COMMUNICATIONS! That is, imagine Alice and Bob communicating over some channel. Alice has files on her computer. Putatively, if she dies, leave her company, whatever, it is desired to reconstruct these files. Fine. A potential use for key escrow. (If voluntary, of course.) But what does this have to do with a channel between Alice and Bob? Why should the keys for this channel ever need to be escrowed for the reasons Gorelick cites? After all, Alice has the files she sent stored locally, and Bob presumably has the same files he received. There is essentially no rationale for escrowing the keys of a transient communication. The Administration and even cryptologists apologizing for GAK (who ought to know better) are curiously silent on this rebuttal to their claims. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mch at squirrel.com Sun Jul 14 16:59:45 1996 From: mch at squirrel.com (Mark C. Henderson) Date: Mon, 15 Jul 1996 07:59:45 +0800 Subject: Encrypted file systems In-Reply-To: <199607141148.MAA00279@server.test.net> Message-ID: <9607141307.TE28806@squirrel.com> On Jul 14, 12:48, Adam Back wrote: > Subject: Encrypted file systems > - Encrypted file system located in a file in another file system > (much like DOS stacker drives) this is an ease of use criteria -- I > suspect re-partitioning drives would put off many potential users. There are a couple of advantages to this sort of approach (i.e. having the encrypted filesystem live in file(s) on an ordinary filesystem) other than ease of use. 1. Backups are easy. One can use whatever backup software one normally uses. 2. The encrypted filesystem can actually live on a remote file server with data being encrypted/decrypted on the fly on the local host. (of course, you have to consider the security risks that you get from being on a network). -- Mark Henderson -- mch at squirrel.com, henderso at netcom.com, markh at wimsey.bc.ca ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 unstrip for Solaris, Wimsey crypto archive, TECO, computer security links, change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/ From bruce at aracnet.com Sun Jul 14 17:09:28 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Mon, 15 Jul 1996 08:09:28 +0800 Subject: My impending death Message-ID: <2.2.32.19960714203307.006d90c4@mail.aracnet.com> Since Vulis decided to drag in a disagreement from elsewhere, I have a brief invitation. He says I'm going to die in the next few months. My birthday is in October. So on my birthday in 1997, I'm going to have a party. All present will be invited to petition Vulis for more oracular pronouncements about the fate of past and present posters to Cypherpunks. In the meantime, I give thanks to the God of Killfiling, and fire mine up. -- Bruce Baugh bruce at aracnet.com http://www.aracnet.com/~bruce From wmo at rebma.rebma.mn.org Sun Jul 14 17:23:18 1996 From: wmo at rebma.rebma.mn.org (Bill O'Hanlon) Date: Mon, 15 Jul 1996 08:23:18 +0800 Subject: New mixmaster remailer announcment Message-ID: <199607142027.PAA03058@rebma.rebma.mn.org> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From jimbell at pacifier.com Sun Jul 14 17:57:08 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 15 Jul 1996 08:57:08 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <199607142039.NAA14185@mail.pacifier.com> At 10:17 AM 7/14/96 -0700, David Sternlight wrote: >At 7:05 AM -0700 7/13/96, Deranged Mutant wrote: >>This is particularly problematic... if the mainland Chinese gov't >>requested a key from a N.Amercian or European (or even UN controlled) >>escrow agency, who is to say it isn't really for political reasons >>(even though they may claim the persons are drug smugglers)? >> >>Or what if the 'crime' was, say, discussing Mormon beliefs, which is >>illegal in Singapore (and I think Russia as well)? >> >>Or what if some terrorist was using keys escrowed in a country that >>sponsered terrorist acts? > >Your best shot would be to make sure the part about the system being >voluntary was hard-wired into any legislation or rule-making. Wrong. Our "best shot" is to ensure that no "key escrow" legislation is adopted, and moreover export restrictions on crypto are eliminated. _THAT_ is "our best shot." The obvious problem with writing "voluntary" into any legislation (and thinking it actually means something!) is that there is a vast difference between the dictionary definition of the word "voluntary", and the way the USG would like to interpret it. I think most people define "voluntary" as something which is a free choice, devoid of coersion. But that's already damaged when the government's involved. Aside from robbing us of our assets in the form of taxes, the fact that it was able to do things like harass Phil Zimmermann for a few years (when, if there had been a "regulation" concerning writing encryption, it would have said, "writing encryption is unrestricted and VOLUNTARY") clearly proves that the government tries to do manipulate us regardless of friendly terminology like "voluntary." Clipper was always claimed to be "voluntary," but more recently they added to the restrictions, for example saying that a Clipper-type crypto phone can't be allowed to operate when connected to a non-escrow telephone. Again, the government is getting further and further away from "voluntary" as most of us understand the term. More importantly, I believe that the most fundamental right the public has is to be able to REFUSE a benefit. Let's suppose, hypothetically, that we "all" could agree that that GAK would provide net advantages and benefits to the public. I assert that despite this, the public is and should still be completely free to _refuse_ these benefits, and to go without GAK. This position, the truth of which is obvious to most of the readers of CP, would astonish and frustrate government employees and their sympathizers. Today, it appears that the vast majority of those that are paying attention to this issue agree that GAK is NOT desirable, and in any case they don't want it. The simple conclusion is that as long as we aren't supposed to have a dictatorship in this country, the will of the public to _refuse_ the claimed benefit should be respected and followed. Under those conditions, GAK wouldn't and couldn't happen. >Unless and until ITAR is modified by Congress, Congress didn't write ITAR, nor did it approve ITAR. However, the Burns crypto bill will, apparently, negate most if not all of the influence of ITAR on crypto. > the USG has what Mark Twain called "the >calm confidence of a Christian with four aces" on this matter. "A Smith and Wesson beats four aces." And if the government keeps pushing, it'll come to this. > That >is--unless and until Congress acts, the Administration has absolute >discretion with respect to the conditions under which they will liberalize >the administration of ITAR. That's not clear. The _constitutionality_ of the application of ITAR to encryption is challengeable in court, with or without any actions by Congress. So they DON'T have "absolute discretion." Furthermore, regulations must (at least theoretically) conform to law. Jim Bell jimbell at pacifier.com From david at sternlight.com Sun Jul 14 18:41:30 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 15 Jul 1996 09:41:30 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates In-Reply-To: <199607142039.NAA14185@mail.pacifier.com> Message-ID: At 2:37 PM -0700 7/14/96, jim bell wrote: >At 10:17 AM 7/14/96 -0700, David Sternlight wrote: >>At 7:05 AM -0700 7/13/96, Deranged Mutant wrote: > >>>This is particularly problematic... if the mainland Chinese gov't >>>requested a key from a N.Amercian or European (or even UN controlled) >>>escrow agency, who is to say it isn't really for political reasons >>>(even though they may claim the persons are drug smugglers)? >>> >>>Or what if the 'crime' was, say, discussing Mormon beliefs, which is >>>illegal in Singapore (and I think Russia as well)? >>> >>>Or what if some terrorist was using keys escrowed in a country that >>>sponsered terrorist acts? >> >>Your best shot would be to make sure the part about the system being >>voluntary was hard-wired into any legislation or rule-making. > >Wrong. Our "best shot" is to ensure that no "key escrow" legislation is >adopted, and moreover export restrictions on crypto are eliminated. Nope. That's some people's preferred shot, but may not be the best one or even a realistic one. It's certainly a partisan political advocacy (in the sense that people are partisan about this issue, not in the sense of a particular political party). Yet that attitude didn't get any legislation to stop Clipper I. My point was very simple--if the government is going to say a system is voluntary, make them put it in writing in the rules or legislation. We failed to do that with Clipper I (when they said in non-rulesmaking statements that they had no intention of making escrow mandatory--but nobody said "OK. Put it in writing as a formal policy."). As a result, many in government even at the higher policy-making levels are still calling for mandatory escrow. Had it been in the rules, it's less likely they could have overtly gone against a rules-making covenant/compromise. It's simple pragmatic regulatory politics. It's how the system works, and using the system itself to achieve one's goals is one of the more powerful techniques around. You don't have to like it, but you do have to decide whether you'd rather be "right" or get the result. David -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00004.pgp Type: application/octet-stream Size: 288 bytes Desc: "PGP signature" URL: From bkmarsh at feist.com Sun Jul 14 18:45:09 1996 From: bkmarsh at feist.com (Bruce M.) Date: Mon, 15 Jul 1996 09:45:09 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Sun, 14 Jul 1996, Moroni wrote: > The reason that caller ID cannot be blocked to 800 and 900 numbers > is that it is used for billing purposes by the telephone company to the > person or business who owns that 900 or 800 number. They would get your phone number and information on their bill regardless of whether they have ANI/CID/etc. That comes from the phone company and not from their own systems. > to keep records. They records as they stand now include the phone number > from which they were dialed and the length of the call. My phone call to > them from Scranton ,Pa will cost the L.L.Bean less then Tim Mays from > California because I am closer. Not necessarily. I get charged a flat 13 cents a minute for all connects to my 800 number, regardless of where they are calling from. > What could concevably be done is that the software could be > reprogrammed to delete the phone number immediatley after the > computation. Or to have the computation done immediately and deltion to > accompany it. third, the phone company could reprogram it so the mileage > and time is computed somhow without the logging of the caller. All of > this has to do computer programming and I find none of the aforementioned > an impossibility to achieve. There is a big difference, and change in the way they could operate their records, between having instant access to your number when you call or having access to it when they receive the telco bill at the end of the month. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 So, what is your excuse now? From jimbell at pacifier.com Sun Jul 14 19:39:47 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 15 Jul 1996 10:39:47 +0800 Subject: Markoff on Clipper III Message-ID: <199607142258.PAA19029@mail.pacifier.com> At 02:33 PM 7/14/96 -0400, Duncan Frissell wrote: >On the Friday "Clipper III" rehash by the Admin: > >Balancing Privacy and Official Eavesdropping > > By JOHN MARKOFF > > "The president and vice president took an oath to protect our >national security," Simon said. "They feel they have to err on the side of >protecting national security." > > The government also said that it did not see an immediate >technical solution to the problems that would result from the global >proliferation of "strong cryptography." > >************** > >Last time I looked, the oath they took was to protect the Constitution -- >not the nation or national security. It's called "mission creep." And they didn't quite tell the truth: Their main loyalty is to "government security" or even "job security." >I don't see an "immediate technical solution" to strong crypto either. Or, >indeed, a long-term solution. Thank heavens for that! Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Sun Jul 14 20:30:40 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 15 Jul 1996 11:30:40 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <199607142250.PAA18664@mail.pacifier.com> At 02:06 PM 7/14/96 -0700, David Sternlight wrote: >At 2:37 PM -0700 7/14/96, jim bell wrote: >>At 10:17 AM 7/14/96 -0700, David Sternlight wrote: >>>Your best shot would be to make sure the part about the system being >>>voluntary was hard-wired into any legislation or rule-making. >> >>Wrong. Our "best shot" is to ensure that no "key escrow" legislation is >>adopted, and moreover export restrictions on crypto are eliminated. > >Nope. That's some people's preferred shot, but may not be the best one Okay, "best" by which definition? And don't avoid the question: Am I not free to reject YOUR opinion of what the "best" solution is FOR ME? >or even a realistic one. "Realistic"? Who's definition? >It's certainly a partisan political advocacy (in the >sense that people are partisan about this issue, not in the sense of a >particular political party). Meaningless tripe. All you're saying is that people disagree. People disagree about a lot of things; that doesn't legitimize opposing opinions. > Yet that attitude didn't get any legislation to stop Clipper I. We didn't NEED "any legislation to stop Clipper I." Quite the opposite, anyone promoting Clipper NEEDS legislation to force it on unwilling citizens. >My point was very simple--if the government is going to say a system is >voluntary, make them put it in writing in the rules or legislation. Why have the "system" in the first place? No legislation, no system. Simple. > We >failed to do that with Clipper I (when they said in non-rulesmaking >statements that they had no intention of making escrow mandatory--but >nobody said "OK. Put it in writing as a formal policy.") No, you're misrepresenting the issue: You're trying to subtly suggest that we should have agreed with MOST of the Clipper proposal AS LONG AS it was explicitly made voluntary. (Yet nothing prevents Congress from writing and passing a law which prohibits the executive branch of government from making escrow mandatory; they haven't done this.) Quite the contrary: I don't trust the government to implement any such proposal EVEN IF it is, ostensibly, "voluntary." The voluntary/involuntary aspect is an excellent reason to oppose Clipper, but is by no means the only one. Also, I don't trust the government's definition (and dynamically changeable interpretation) of the word, "voluntary." Since Clipper was funded with tax dollars stolen from the public its very existence is already a violation of the "voluntary" requirement. The fact that Clipper was developed without substantial public (and I mean PUBLIC, not some selected committee of bootlickers) input and debate proves that the government knew it could get no support for the idea. One of the recently revealing aspects of the government's dishonesty concerning Clipper was a clarification which stated that Clipper telephones could not communicate with any crypto telephone that didn't implement key escrow. But as anyone who followed the Beta vs. VHS competition saw, the market generally abhors two mutually incompatible standards, particularly if a certain level of compatibility is required or is at least desirable, and particularly if there is no good reason to maintain BOTH those standads. The main disadvantages to maintaining two tape formats was the inconvenience of sharing tapes with people who had the opposite format, the requirement that retail stores maintain two stocks, and the requirement that rental people support both formats. There were no powerful incentives to maintain two standards, and thus one had to die. Crypto telephones, by definition, need to be far more compatible with each other than VCR machines. They must actually talk to each other. Imagine a world in which there were two different crypto formats, and for stupid political reasons they were entirely incompatible: System "A" couldn't talk to system "B." What would happen? It's obvious: One format would kill the other. People wouldn't tolerate the compatibility. The US Government wanted the surviving system to be Clipper, and to accomplish this they used stolen tax dollars to secretly develop a system that they hoped would nip the potential competing systems in the bud. It didn't work, of course, but it is clear what they tried to do. If, on the other hand, there was no impediment to system "A" talking to system "B", both systems could easily co-exist. A few suckers would buy Clipper phones; the rest of us would insist on good encryption. Clipper would eventually die, just as Beta VCR's eventually did. The government understands this, that's why they inserted the requirement for incompatibility. >. As a result, many >in government even at the higher policy-making levels are still calling for >mandatory escrow. Had it been in the rules, it's less likely they could >have overtly gone against a rules-making covenant/compromise. Hmmmm... I thought Congress made arming the Contras in Nicaragua explicitly illegal. Yet Ollie North got away with it, effectively. What is it that makes you so certain that Government has gotten any more honest in the past 10 years? >It's simple pragmatic regulatory politics. And that's exactly the problem! That's because it's also wrong. We don't need to be "pragmatic" by YOUR definition. >It's how the system works, Actually, in the past the system has "worked" by suckering in the public, in exactly the way you're attempting to do. Tricking them into supporting things that were bad for them. Remember the "Gulf of Tonkin Resolution"? > and >using the system itself to achieve one's goals is one of the more powerful >techniques around. You don't have to like it, but you do have to decide >whether you'd rather be "right" or get the result. In a sense, we ALREADY have "the result," or at least a substantial fraction of it. Development of domestic crypto is ostensibly free. The only thing desired further in the elimination of any residual restrictions, WITHOUT letting the government set up any sort of key-escrow system, voluntary OR involuntary. As far as I can see, cooperation at this point with the pro-GAK forces can only hurt the cause. Jim Bell jimbell at pacifier.com From tc at mindvox.com Sun Jul 14 21:28:32 1996 From: tc at mindvox.com (Dave Banisar) Date: Mon, 15 Jul 1996 12:28:32 +0800 Subject: Clipper III.2 paper URL Message-ID: Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html -d From deviant at pooh-corner.com Sun Jul 14 21:56:08 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 15 Jul 1996 12:56:08 +0800 Subject: Stuffs used for detection In-Reply-To: <1.5.4.32.19960714164618.008c35ac@193.246.3.200> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 14 Jul 1996, Remo Pini wrote: > Date: Sun, 14 Jul 1996 18:46:18 +0200 > From: Remo Pini > To: cypherpunks at toad.com > Subject: Re: Stuffs used for detection > > At 09:52 PM 7/12/96 +0800, you wrote: > >In our school library, there is a depository area wherein you deposit your > things and get the tag. Since the library doesn't allow those tags to be > brought out from the library, everytime you brought it out and pass by the > door, it will alarm. Does anyone know what stuff is that? How come it is > alarmed? I brought some metals but it wouldn't alarm... Why those tag would > alarm them??? > > > > Most of these systems are made of an oszillator (basically a few windings of > a wire with a capacitor: > > ------ > / \ > �--��--� > \ / > ------ > > This acts like an ordinary RLC-Oszillator. When you put it in a electrical > field with the right frequency, it will effect the field strong enough to be > detectable. > > So, if you shield it, you win. > The other type of those, the one that is used in music stores on CD's, is done slightly (much) differently... they use two peices of metalic foil shaped like this.... ______ | \ |______\ pointed in opposite directions, so as to look like this _________ \ | \ \|_______\ when magnatized the two peices stick together, and will reflect a signal on a harmonic of a specific wavelength of sound (the length of the total, so that if they're not magnatized it won't reflect to the right frequency), thus being easily detected. these are actually fairly easy to fake or get past ;) --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMemW+TAJap8fyDMVAQE8vQf/U1Pfx2ejbkz8bVN1swVG3nVZGOmh5PGM GdIG4ON2/hSOF8Ex9qJTSHvbLaJGCQnNnZhMGIrB4Y+S3qT7FyqPAfKBBMreLgNm oV+yZdqwdyh7wRQnC9iXL8VLvBQTC1UjrwDq/47Os3j7s1gx2HVulvX3afG+Am7U SlRnWxaYIkJADSAoevKE5Y1fv1GClDwA5cWmT1b9Y2T/wV0hj5YiP1pNMaAlPzBF vmQelyA2Fo2zKPIUaFgEuYCde5jEQMaozmx+aladj6COc7vvGGiCa1mhSc9UZAum lBpHKQ+NKPLOl7ovZk3rnrg+Z03kaHkvxRbhzuuveBaS2RxZBSUsGw== =1BcU -----END PGP SIGNATURE----- From david at sternlight.com Sun Jul 14 21:56:35 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 15 Jul 1996 12:56:35 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates In-Reply-To: <199607142250.PAA18664@mail.pacifier.com> Message-ID: At 4:48 PM -0700 7/14/96, jim bell wrote a typically argumentative message. I've gotten wiser over time and don't plan to respond. I think both our positions are quite clear and readers may make up their own minds. This post is a courtesy to others who may have been expecting more. It's a one-time statement to this list, which I've just joined, of my current practice: Silence does not constitute assent. David From dlv at bwalk.dm.com Sun Jul 14 22:22:00 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 15 Jul 1996 13:22:00 +0800 Subject: My impending death In-Reply-To: <2.2.32.19960714203307.006d90c4@mail.aracnet.com> Message-ID: > Since Vulis decided to drag in a disagreement from elsewhere, I have a brief > invitation. The cripple is lying again, as usual. Twice he reposted to cypherpunks his Usenet lies with no cryptographic relevance just to slime me. Since not even Perry told the demented cripple to quit, I'll respond in kind. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From abostick at netcom.com Sun Jul 14 22:30:35 1996 From: abostick at netcom.com (Alan Bostick) Date: Mon, 15 Jul 1996 13:30:35 +0800 Subject: Organized Crime Home Page - Four Horsemen, No Waiting Message-ID: <31E99D38.75AC@netcom.com> Cypherpunks interested in establishment scaremongering are invited to take a look at the Organized Crime Home Page (http://www.alternatives.com/crime/index.html), sponsored by a group called The Committee for a Safe Society, about the world-wide threat of organized crime. Apparently every evil known to post-Cold-War society, even the bad weather in Chicago, is the responsibility of organized crime. Now you know why governments need GAK. Alan-Bob says check it out. -- Alan Bostick | [Spielberg's] latest is TWISTER, a film that mailto:abostick at netcom.com | gives whole new meaning to the phrase "giant news:alt.grelb | sucking sound." -- Patrick Taggart http://www.alumni.caltech.edu/~abostick From jya at pipeline.com Sun Jul 14 23:03:15 1996 From: jya at pipeline.com (John Young) Date: Mon, 15 Jul 1996 14:03:15 +0800 Subject: PKI Documents Message-ID: <199607150132.BAA27358@pipe3.t1.usa.pipeline.com> http://csrc.ncsl.nist.gov/pki/ ---------- Public Key Infrastructure Pardon our mess. This page is under construction. Additional files, and additional formats, will be added in the near future. Your patience is appreciated! The following documents are products of the Federal PKI Steering Committee's Technical Working Group. Together, they comprise Version 1 of the Technical Specifications for the Federal PKI. + Requirements for the Federal Public Infrastructure (PostScript) [265366 bytes] This is Part A: of the Technical Specifications, the Draft Requirements for the Federal PKI. + Technical Security Policy for the Federal PKI (PostScript) [163543 bytes] This is Part B: of the Technical Specifications, the Draft Technical Security Policy for the Federal PKI. + Proposed Federal PKI Concept of Operations (PostScript) [980672 bytes] This is the Part C: of Technical Specifications, the Concept of Operations for the Federal PKI. + Interoperability Profile (PostScript) [746328 bytes] This is Part D: of the Technical Specifications, Draft Interoperability Profiles for the Federal PKI. Contractor Reports: the following reports were developed by contractors for NIST. These reports do not constitute government positions, but rather detail the advice and guidance provided to the government regarding public key infrastructure. + The 1994 Mitre PKI Study Final Report. [1461396 bytes] This report describes a federal PKI based on a strict hierarchical architecture, using X.509 version 2 certificates. + A Public Key Infrastructure for Unclassified but Sensitive Applications. [946734 bytes] This 1995 report describes a federal PKI based on a network architecture using the X.509 version 3 certificate. [End] From snow at smoke.suba.com Sun Jul 14 23:05:55 1996 From: snow at smoke.suba.com (snow) Date: Mon, 15 Jul 1996 14:05:55 +0800 Subject: Encrypted file systems In-Reply-To: <9607141307.TE28806@squirrel.com> Message-ID: On Sun, 14 Jul 1996, Mark C. Henderson wrote: > On Jul 14, 12:48, Adam Back wrote: > > Subject: Encrypted file systems > > - Encrypted file system located in a file in another file system > > (much like DOS stacker drives) this is an ease of use criteria -- I > > suspect re-partitioning drives would put off many potential users. > There are a couple of advantages to this sort of approach (i.e. > having the encrypted filesystem live in file(s) on an ordinary > filesystem) other than ease of use. > 1. Backups are easy. One can use whatever backup software one normally > uses. > 2. The encrypted filesystem can actually live on a remote file server > with data being encrypted/decrypted on the fly on the local host. (of > course, you have to consider the security risks that you get from > being on a network). An interesting thought: One of the things that the entertainment electronics industry is pushing is the "Set Top Box" that attaches to your idiotbox and allows you to use the internet over either a POTS line, cable modem or whathave you. Problem is, there is no local hard drive. No way to store sensative data (even a hot list). With the encrypted filesystem stored on a remote machine, and using something like SSH written in a Java like language (NOTE: Of necessity MUCH more secure) to "Mount" the SFS over the network... Something like this could make the author a decent amount of money. Makes me wish I were a coderpunk.` Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jya at pipeline.com Sun Jul 14 23:35:56 1996 From: jya at pipeline.com (John Young) Date: Mon, 15 Jul 1996 14:35:56 +0800 Subject: GIB_ber Message-ID: <199607150216.CAA08728@pipe2.t2.usa.pipeline.com> 6-13-96. NYP: Markoff: "Clinton Proposes Initiatives On the Scrambling of Data." Under increasing pressure from Congress and the computer industry, the Clinton Administration proposed a series of new data-scrambling policy initiatives yesterday that it said would address the Government's national security concerns while also permitting American companies to compete more effectively overseas. 6-14-96. NYP: William Gibson: "The Net Is a Waste of Time. And that's exactly what's right about it." The Web, in its clumsy, larval, curiously innocent way, offers us the opportunity to waste time, to wander aimlessly, to daydream about the countless other lives, the other people, on the far sides of however many monitors in that postgeographical meta-country we increasingly call home. It will probably evolve into something considerably less random, but in the meantime, in its gloriously unsorted Global Ham Television Postcard Universes phase, surfing the Web is a procrastinator's dream. And people who see you doing it might even imagine you're working. http://pwp.usa.pipeline.com/~jya/gibber.txt (13 kb for 2) GIB_ber (for 2) From edgevamp at juno.com Mon Jul 15 00:10:12 1996 From: edgevamp at juno.com (Gregory A Empey) Date: Mon, 15 Jul 1996 15:10:12 +0800 Subject: Current status of RSA patent... In-Reply-To: <199606201757.KAA08100@mail.pacifier.com> Message-ID: <19960714.224854.6742.1.EdGeVamp@juno.com> On Thu, 20 Jun 1996 10:55:29 -0800 jim bell writes: >At 10:59 AM 6/20/96 -0400, Intense wrote: >> >>does not matter - it will be renewed in the interest of the >government >>The goverment want's there backdoor... would you expect less? > >As far as I know, patents can't be "renewed." I've heard they can be >"re-issued," amended, but to my knowledge that doesn't extend their >term. > >Jim Bell >jimbell at pacifier.com > begin 644 UUE.DOC M2&5Y+"!I;2!R96%D>2!T;R!S97)I;W5S;'D at 9BIC:RUU<"!-0TD at 9F]R(&YO M(&%P<&%R96YT#0IR96%S;VXL(&%N9"!I;2!A;'-O(&=I=FEN9R!C ---------- Forwarded message ---------- Date: Sun, 14 Jul 1996 20:19:33 -0700 (PDT) From: Declan McCullagh To: fight-censorship+ at andrew.cmu.edu Subject: HotWired -- "Crypto Storm Warning" >From Monday's The Netizen on HotWired. Read the full text at the URL below. Gorelick spoke last Friday at the Freedom Forum in Virginia. -Declan --- http://www.netizen.com/netizen/96/29/campaign_dispatch0a.html HotWired The Netizen "Crypto Storm Warning" Campaign Dispatch by Declan McCullagh (declan at well.com) Washington, DC, 14 July The Clinton administration escalated its cyber-fearstorm today when a top Justice Department lawyer slammed the Net for "transmitting child pornography into our homes" and for allowing hackers to possibly "shut down the banking system." [...] At the same time, [Jamie] Gorelick edged away from the hard-line rhetoric the administration used to defend the Communications Decency Act. [...] Gorelick's cybercondemnations play against a backdrop of political jockeying inside the Justice Department. Reno disclosed last November that she has Parkinson's disease, and Gorelick is her logical successor if Clinton stays in office next term. [...] After Gorelick completed her speech and sat down, I leaned over and asked her: "Could I have your email address?" She didn't know it. "I don't go into it that often," Gorelick said, adding that the Justice Department doesn't use email much, for "security reasons." "Call me and I'll give it to you," she promised. Gosh, what a surprise: The US government's leading spokesperson on the dangers and the evils of the Net doesn't even log in. From tcmay at got.net Mon Jul 15 01:07:29 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 15 Jul 1996 16:07:29 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: At 12:18 AM 7/15/96, Dave Banisar wrote: >Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html > Thanks. I took an initial look, and it looks like the same old stuff. The report speaks of an "emerging consensus" (for key escrow). I see just the opposite, unless the report is speaking only of the U.S. intelligence and law enforcement community and its foreign counterparts. Business has made it clear (cf. the several recent reports) that it is opposed to the Administration's plan, and that if a market for some form of key escrow exists (as it certainly does, in specific contexts), that the market can supply the solution. And certainly the civil liberties groups and groups such as ourselves are not part of this "emerging consensus." Ditto for the "average man in the street," as evidenced by opinion polls (I recall 80% opposition reported by one of the newsweeklies, but don't quote me), by anecdotal reports (e.g., Zimmermann's tale of his discussions), and by opposition to Clipper I, Clipper II, and now Clipper III. A bunch of Congressmen, including the axis supporting the Burns bill, obviously are not part of this emerging consensus. The National Research Council report made it clear that a distinguished panel of cryptographers, computer scientists, and policy professionals did not think key escrow is desirable. And the hundreds of folks in attendance at recent SAFE and NRC travelling roadshows were obviously not in support of key escrow. Business, civil liberties groups, professional organizations, and most Net people are opposed to the Administration's key ecrow proposals (such as they are understood to be, in Clipper I/II/III). So, who is in this "emerging consensus"? Moving on to the wisdom of imposing a government solution to what either is or is not a market need, there is great danger in deploying even a nominally (at this time) "voluntary standard." This is a danger many of us have felt for years to be the main danger of nominally (and ostensibly) "voluntary" systems. Imagine a voluntary system supported and funded by the government, using its power to limit exports and to "jawbone" foreign governments. (No time here to examine the obvious issues--cf. the archives for many explications over the past several years.) Once widely deployed, and perhaps mandatory in countries like France, Singapore, Iraq, and the like, it would take very little more to simply pass a law restricting the non-escrowed alternative in the U.S. (Sure, such a law might be unconstitutional, for the reasons we so often discuss. Sure, there are many circumventions possible. Sure. The point is not to rehash these points again but to indicate why Cypherpunks and civil libertarians should NOT support any plan, even a "voluntary" plan, that puts such power to set standards in the hands of the government. Even a "signed promise" is not enough, given the dangers of "flipping a switch.") Is this a plausible scenario, though? Well, were I in the LEA/TLA community, this is what my fallback plan would probably be. Realizing that a full-frontal ban on strong crypto, or crypto without backdoors, would not fly at this time (unless Oklahoma II happens, in which case all bets are off), and realizing that the plans for Clippers I, II, and III have been fizzling, I would push for a relatively harmless-sounding "voluntary key escrow" plan. I would push hard on Netscape, Microsoft, Novell, Sun, Apple, and the other companies (but mainly on Netscape and MS, for obvious reasons) to bundle in "trusted third parties" and all that GAK stuff. Bundle it in, make it easy to use, make it easy to export, make it easy to spread in crypto-hostile countries, and hope like hell that it undermines the push for PGP and S/MIME. I would work closely with Mossad, GCHQ, SDECE, Chobetsu, Savak, and all the other secret policemen of the world to make sure that while America might remain an "island of strong crypto" for a while at least, that the same could not be said of other countries. That is, I would work to help them limit crypto use in their own countries to GAK-only forms. (Those pesky survivalists, militia members, and ACLU folks in America could keep using their Bass-o-matic and PGP tools, but most of the rest of the world would be mostly limited to GAK and New World Order software.) Then, in about 2002 or so, depending on how many more serious terrorist incidents have occurred, I would drop the hammer on strong crypto. Maybe an Executive Order, maybe a state of national emergency, maybe a liberal interpretation of the commerce clause, maybe an Act of Congress.... Once a New World Order-approved GAK system is widely deployed, outlawing of "rogue cryptography" in the U.S. is more manageable. That's what I would do. (But not being on that side of the ideological fence, I will instead fight GAK as I always have. And I will not be fooled by talk of how "Americans will always be free any form of cryptography." Not when those same reports from the Administration, and the testimony of Louis Freeh, etc., is in the same breath taling about the need to stop pornographers from encrypting their files, and so forth. Do they think we're stupid?) Don't be fooled. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dockmaster at pobox.com Mon Jul 15 01:16:32 1996 From: dockmaster at pobox.com (clark) Date: Mon, 15 Jul 1996 16:16:32 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: -----BEGIN PGP SIGNED MESSAGE----- To: david at sternlight.com, jimbell at pacifier.com, cypherpunks at toad.com Date: Sun Jul 14 23:08:09 1996 > At 4:48 PM -0700 7/14/96, jim bell wrote a typically argumentative > message. > I've gotten wiser over time and don't plan to respond. I think both our > positions are quite clear and readers may make up their own minds. > > This post is a courtesy to others who may have been expecting more. It's > a > one-time statement to this list, which I've just joined, of my current > practice: Silence does not constitute assent. > > David More time required, apparently. Professional liars will put anything in writing. Judas' Sheep, too. Compromise is surrender. ec -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAgUBMenELqr9Bm6Zdjx5AQE4XQf+Je9KZ+3sVL+tACTfTxjqmnuzaq4XNvAN oH92/O5f4ilWYomeacqXYuEmc7Owk2bAVIA3IO2ZxbbBBKkb8Gy4xILEVyzVC825 +FDccpwwNETkVWGaLcoo8h7FHuWnNTfVmQ23IyTo7lIYy7g3Fkr4KJPBac4BInv4 GRy5qazCrLMEXHT0VHOrNsi+cCejlGBQAkrwqWNFonNVr3+FpZY9+Yo8AZGWTiPY d7yTWlFbAIANXLshSHatsVAb9uKTIzJeosGM9Hhq6hK9rYBXJhcfHat+7SkOKzJI we6Hgg4D/TVzLmJAo3X8yUPDDDm9YyA2RbdF1FLZg6qzYr+vvSjuTg== =2/4c -----END PGP SIGNATURE----- From david at sternlight.com Mon Jul 15 01:26:56 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 15 Jul 1996 16:26:56 +0800 Subject: Dep. AG Gorelick on CSPAN2 advocating escrow In-Reply-To: Message-ID: At 12:20 PM -0700 7/14/96, Timothy C. May wrote: >At 1:34 PM 7/13/96, Deranged Mutant wrote: >>Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs >>for key escrow. Emphasized the what if people lose their keys, or >>someone dies, or if an employee steals company secrets & encrypts >>them... rather than the usual what if terrorists use crypto line >>(though she did mention that too). >> >>Guess they're taking a new tack to sell it to the public. A lot of >>bunkum... (project left to the reader how these can be handled in a >>non-GAK manner). > >And as we all know, having discussed this many times, even if one buys >these arguments for the advantages of key escrow, THEY DO NOT APPLY TO >COMMUNICATIONS! > >That is, imagine Alice and Bob communicating over some channel. Alice has >files on her computer. Putatively, if she dies, leave her company, >whatever, it is desired to reconstruct these files. Fine. A potential use >for key escrow. (If voluntary, of course.) > >But what does this have to do with a channel between Alice and Bob? Why >should the keys for this channel ever need to be escrowed for the reasons >Gorelick cites? After all, Alice has the files she sent stored locally, and >Bob presumably has the same files he received. > >There is essentially no rationale for escrowing the keys of a transient >communication. > >The Administration and even cryptologists apologizing for GAK (who ought to >know better) are curiously silent on this rebuttal to their claims. It's not that powerful a rebuttal, since it would require files of e-mail (or their session keys) to be encrypted twice--once with the escrowed storage key and again with the transmission (recipient's) key. And if the message were public key, it would require a re-encryption at the receiving end with the recipient's escrowed storage key to make the recipient's files available to HIS management. Further, it would require everyone to keep two keys since I infer from your position you wouldn't want your public key to be the escrowed one (for transmission security). As you know I do not support mandatory key escrow in the US, but arguments against it need to be robust. Your argument, while not without merit, is weaker than one would like (in that it is susceptible to the mental rebuttal by policymakers that I've outlined above). In my view it isn't the kind of decisive argument that would justify your use of "curiously" silent. David -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00006.pgp Type: application/octet-stream Size: 288 bytes Desc: "PGP signature" URL: From alano at teleport.com Mon Jul 15 01:27:59 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 15 Jul 1996 16:27:59 +0800 Subject: [NOISE, FLAME] Cypherpunk kook slanders Message-ID: <2.2.32.19960715042208.00ad81b4@mail.teleport.com> At 12:23 PM 7/14/96 EDT, Dr.Dimitri Vulis KOTM wrote: [Alot of bullshit deleted] >I remember how someone recently argued on news.groups that Bruce Bough's votes >should be invalidated because he's dying from AIDS. I strongly disagree with >Dan's (?) reasoning, which was, I recall, that someone with only a couple of >months left to live shouldn't be telling others how to run Usenet after his >death. I think we should consider Bruce's opinions as being representative. >After all, a Usenet vote is an interest poll, and the voters are just a sample >of a larger population. Not everyone who thinks like Bruce Bough is going to >die together with him from AIDS within a few months (sigh). Let him vote. I have no idea where you got the idea that Bruce has AIDS. I know Bruce well. He does not have AIDS. You have no clue as to what the hell you are talking about. I understand him being pissed at the accusation. This society does not deal very well with people with AIDS. Bruce has a justifiable concern as to lasting damage to his reputation due to unfounded allegations. (Of course, it is not as bad as accusing someone of being a child mollester, as your friend Dr. Grubor enjoys doing to people he disagrees with...) Bruce *does* have health problems. He has worked DAMN hard to overcome them. They are not a figment of his imagination, nor are they the result of AIDS. They are a very real problem which he is trying to deal with in the best way he can. As for him "dragging outside articles into this group"... You must mean him mentioning your recieval of the "Net Kook of the Month Award". It probably was off topic. After reading your forwards however, it was not undeserved. Another thing that you need to do is learn how to comprehend written english. You stated: >In article 2, Bruce Bough follows up on my article and threatens to prosecute >me under the Americans with Disability Act for misspelling his name. He did nothing of the sort. He threatened to prosecute you for slandering him (by stating he has AIDS when he does not), not for the spelling of his name. He stated: >Further, you might want to read up on the Americans With Disabilities >Act. Slanderous and defamatory statements about the handicapped - and my >government agrees that I do have a real problem, though it's not AIDS - >open you up to interesting liability. I don't understand why you feel the need to cast aspersions on those you disagree with. But you should not be surprised when it pisses people off. Bruce is a very nice guy who has some health problems. I know few people who have met him who have not gotten along with him. Why I should take the word of someone with your attitude over his is unclear to me. Acting like an asshole does not gain any sympathy for your cause. Bruce has killfiled you. I do not blame him. You remade my killfile list as well. Get a life. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From david at sternlight.com Mon Jul 15 01:48:12 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 15 Jul 1996 16:48:12 +0800 Subject: Markoff on Clipper III In-Reply-To: <199607142258.PAA19029@mail.pacifier.com> Message-ID: At 4:57 PM -0700 7/14/96, jim bell wrote: >At 02:33 PM 7/14/96 -0400, Duncan Frissell wrote: >>On the Friday "Clipper III" rehash by the Admin: >> >>Balancing Privacy and Official Eavesdropping >> >> By JOHN MARKOFF >> >> "The president and vice president took an oath to protect our >>national security," Simon said. "They feel they have to err on the side of >>protecting national security." >> >> The government also said that it did not see an immediate >>technical solution to the problems that would result from the global >>proliferation of "strong cryptography." >> >>************** >> >>Last time I looked, the oath they took was to protect the Constitution -- >>not the nation or national security. Did you miss the part in the Constitution about "provide for the common defence" and about the President's associated responsibility to "take care that the laws be faithfully executed"? And what oath do you suppose binds him because "The President shall be commander in chief of the army and navy of the United States"? David -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00007.pgp Type: application/octet-stream Size: 288 bytes Desc: "PGP signature" URL: From tcmay at got.net Mon Jul 15 02:04:44 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 15 Jul 1996 17:04:44 +0800 Subject: Clueless "Attachment converted" uses Message-ID: At 6:48 AM 7/15/96, Gregory A Empey wrote: >On Thu, 20 Jun 1996 10:55:29 -0800 jim bell >writes: >>At 10:59 AM 6/20/96 -0400, Intense wrote: >>> >>>does not matter - it will be renewed in the interest of the >>government >>>The goverment want's there backdoor... would you expect less? >> >>As far as I know, patents can't be "renewed." I've heard they can be >>"re-issued," amended, but to my knowledge that doesn't extend their >>term. >> >>Jim Bell >>jimbell at pacifier.com >> > > >Attachment converted: Macintosh HD:UUE.DOC (WDBN/MSWD) (0000FAD8) OK, I _usually_ delete these "Attachment converted" messages, which (fortunately) deletes the attachment in my "Attachments" folder, but for some reason this time I fired up my word processor and opened the attachment. All I found was this crap: "Hey, im ready to seriously f*ck-up MCI for no apparent reason, and im also giving credit card (and calling card) #'s away for no apparent reason, just reply to skitzo at juno.com." I urge people to NOT use attachments when ordinary plain text will obviously work. There's a time and a place for richly formatted messages, a la MIME, but not on a mailing list with heterogeneous platforms, mailers, and varying graphics capabilities. Think of our mailing list as being like Usenet, where graphics messages and oddball formats are frowned upon (except in the binaries groups, and a few of the non-English language groups). And especially not clueless nonsense like this call for "fucking up MCI." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frantz at netcom.com Mon Jul 15 03:15:25 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 15 Jul 1996 18:15:25 +0800 Subject: Reasonable validation of a software package Message-ID: <199607150634.XAA04547@netcom8.netcom.com> I expect this problem can usually be handled without formal CAs. If you publish your PGP key fingerprint in your advertising and make the key available on your web page, then your users have a way of independently verifying your key. As the finger print appears in more and more places (letterhead, product packaging, etc.), it is less and less likely that your attacker can reach them all to modify them. The important thing is diverse paths. If you include your key in the package with the product and print the fingerprint on the outside, it becomes relatively easier for your attacker to replace the whole thing as part of an attack. At 11:33 AM 7/13/96 -0400, Michael Froomkin wrote: >This illustrates the need for and role of certification authorities. > >See http://www.law.miami.edu/~froomkin/articles/trusted.htm for some >info. > >On Sat, 13 Jul 1996, Lyal Collins wrote: > >> This touches upon a favourite rant of mine. >[...] >> So, now you need to ensure that you can get your public key >> (to verify the digital signature with) in the hands of all >> your possible, or intended, recipients. >> >> Now the race is on for as many people as possible to generate >> PGP public keys/certificates bearing your name, or variations >> of it. Once that occurs, there is a fair chance that one of >> these keys will verfiy the digital signature on a piece of >> software purportedly from you. Still, not many people will have >> your true PGP public key/certificate, but, them's the breaks. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From frantz at netcom.com Mon Jul 15 03:18:49 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 15 Jul 1996 18:18:49 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <199607150634.XAA04562@netcom8.netcom.com> At 2:05 PM 7/13/96 +0000, Deranged Mutant wrote: >On 12 Jul 96 at 18:23, Bob Palacios posted: > >[Banner Snipped!]] >> CDT POLICY POST Volume 2, Number 27 July 12, 1996 >[..] > >> Today's statement is essentially a re-statement of the Clipper III proposal >> released in May. Among other things, the Vice President: >> >> * Called for the liberalization of export controls provided computer >> users participate in a "global key management infrastructure" >> designed to make personal encryption keys accessible to law >> enforcement. > >This is particularly problematic... if the mainland Chinese gov't >requested a key from a N.Amercian or European (or even UN controlled) >escrow agency, who is to say it isn't really for political reasons >(even though they may claim the persons are drug smugglers)? > >Or what if the 'crime' was, say, discussing Mormon beliefs, which is >illegal in Singapore (and I think Russia as well)? > >Or what if some terrorist was using keys escrowed in a country that >sponsered terrorist acts? Deranged Mutant is absolutely right. There are about 150 (or so) governments in the world. When people talk about making keys available to government (or law enforcement), always ask, "Which governments can access these keys?" If I were a non-French corporation, I would feel distinctly nervous if the answer included France. (There are a number of other countries where the security services have also been suspected of engaging in industrial espionage.) ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From stewarts at ix.netcom.com Mon Jul 15 04:06:21 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 15 Jul 1996 19:06:21 +0800 Subject: Lack of PGP signatures Message-ID: <199607150749.AAA07573@toad.com> At 02:38 PM 7/5/96 -0400, "Mark M." wrote: >OK, now the point of this message: somebody pointed out that if a binary was >clear-signed using an option that would strip it down to 7 bits, the binary >would be corrupted and therefore, such an option on PGP would be a Bad Thing. >Then, I pointed out that not only would there be no point in a clear signature, >since that would make the binary useless to someone without PGP anyway. It >is best to sign a binary and extract the certificate to a separate file, which >you noted above. So an option that would strip data down to 7 bits would not >affect the ability to sign a binary. Such an option would probably be a Good >Thing. Not everybody limits their language to the 96 characters supported by ASCII; many people use languages that have umlauts and cedillas and accent marks and haceks and other inkblots above/under/around their letters, or symbols like section markers and Yen and British Pound currency symbols. A signature form that trashes files down to 7 bits would not only annoy these people, but also their readers :-) One readily obvious alternative - hashing only the lower 7 bits of each letter, but not damaging the letter itself - is probably worse, because the message can be altered by changing high bits without changing the signature, while the shred-them-all method at least leaves you sure what you're signing. But they're both pretty bad.... # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Re-delegate Authority! From stewarts at ix.netcom.com Mon Jul 15 04:08:07 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 15 Jul 1996 19:08:07 +0800 Subject: Word lists for passphrases Message-ID: <199607150749.AAA07579@toad.com> At 09:43 PM 7/8/96 -0700, you wrote: >If the purpose is for use with "Crack" or some similar program, it might be >better than you would think. You won't get the "unusual" words, but you >will also get the words in common usage that do not appear in dictionaries. >(Such as fnord, jedi, killfile, and the like...) "fnord" is in _my_ dictionary - can't you find it in yours? :-) >Another thing to look for when choosing dictionaries/wordlists for crack is >not sticking to english. If you have a userbase that is known to have a >certain percentage of people of a non-english background, you will want to >find lists of words from that background. (I had a sysadmin asking me about >Yiddish and Hebrew wordlists for just that reason.) These can be a bit >harder. (Especially for unusual languages.) Grady Ward has his Moby Words databases with some of this kind of information. In addition to the usual sets of languages, it's useful to include any available lexicons of Elvish, Klingon, Unix, and other popular hacker-languages, plus any names you can scam off MUDs, etc. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Re-delegate Authority! From jti at i-manila.com.ph Mon Jul 15 06:03:56 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Mon, 15 Jul 1996 21:03:56 +0800 Subject: Defend Mail Bomb Message-ID: <01BB7260.901F0700@ip134.i-manila.com.ph> Is it possible to defend mail bomb? If not, detect who they are? From sparks at bah.com Mon Jul 15 06:16:31 1996 From: sparks at bah.com (Charley Sparks) Date: Mon, 15 Jul 1996 21:16:31 +0800 Subject: Organized Crime Home Page - Four Horsemen, No Waiting Message-ID: <2.2.32.19960715092555.00699bd4@bah.com> Well, with the UCMJ ( Uniform Code of Military Justice ) and the Oath of Allegiance Military Personnel take on induction being re-written to Support and defend the United Nations and to accept direct and lawful orders from UN personnel, this doesn't surprise me.Soon, UN Secretary-General Boutros Boutros-Ghali, or someone like him will repeal more of the amendments to our constitution. First our guns, then our code. I'll give up my pass phrase when they pry it from my cold dead fingers ! >Date: Sun, 14 Jul 1996 18:22:00 -0700 >From: Alan Bostick >Organization: Arrogant Opinions 'R' Us >To: cypherpunks at toad.com >Subject: Organized Crime Home Page - Four Horsemen, No Waiting >X-URL: http://www.mywebsite.com:1080/cgi-bin/bvolmgr.cgi?BVpage=management >Sender: owner-cypherpunks at toad.com > >Cypherpunks interested in establishment scaremongering are invited >to take a look at the Organized Crime Home Page >(http://www.alternatives.com/crime/index.html), sponsored by a group >called The Committee for a Safe Society, about the world-wide threat >of organized crime. Apparently every evil known to post-Cold-War >society, even the bad weather in Chicago, is the responsibility of >organized crime. Now you know why governments need GAK. > >Alan-Bob says check it out. >-- >Alan Bostick | [Spielberg's] latest is TWISTER, a film that >mailto:abostick at netcom.com | gives whole new meaning to the phrase "giant >news:alt.grelb | sucking sound." -- Patrick Taggart >http://www.alumni.caltech.edu/~abostick > > From sparks at bah.com Mon Jul 15 06:25:23 1996 From: sparks at bah.com (Charley Sparks) Date: Mon, 15 Jul 1996 21:25:23 +0800 Subject: Questions from a Wannabe Message-ID: <2.2.32.19960715094005.00697178@bah.com> Hi all, I have been reading all of the posts for a few days now and I have a couple of questions, if someone has time. In the event of GAk, how can we be forced to register our keys ? We could always scrounge some old outdated but functional TEMPEST equipment .... and could someone please explain ITAR in a simple way for me ? One last thing.. If I have the US PGP and a friend uses the export version, I assume we are compatible, yes ? Thanks all, Charles E. Sparks In God we trust, all others we encrypt ! http:/www.clark.net/pub/charley/index.htm Public Key At http://www.clark.net/pub/charley/cp_1.htm From stewarts at ix.netcom.com Mon Jul 15 07:06:13 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 15 Jul 1996 22:06:13 +0800 Subject: Can't block caller ID in Massachusetts? Message-ID: <199607150749.AAA07568@toad.com> >> > That is interesting as I don't recall ever being offered a choice of >> > toll free or being billed when I dial an 800 number (sometimes the only >> > number offered for a company). >> I haven't noticed too many business telephones that don't appear in >> Directory Assistance. >That is assuming that you know which area they are located in. There are businesses that _only_ list their 800 numbers, and you can't find out the real phone number associated with them through directory assistance. It's especially annoying when they've got an in-state or other non-nation-wide 800 number, or when you're calling from outside the US, especially when they're a business you'd like to be able to reach from anywhere, any time, like the travel agent your office uses :-) But it does make it hard to call them directly for ANI-avoidance as well. And they may _only_ have the bank of phones that's got ANI service on it, and not have other phones. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Re-delegate Authority! From amehta at giasdl01.vsnl.net.in Mon Jul 15 07:10:24 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Mon, 15 Jul 1996 22:10:24 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <1.5.4.32.19960715151942.002d643c@giasdl01.vsnl.net.in> At 10:17 14/07/96 -0700, David Sternlight wrote: >At 7:05 AM -0700 7/13/96, Deranged Mutant wrote: >>On 12 Jul 96 at 18:23, Bob Palacios posted: >>> * Called for the liberalization of export controls provided computer >>> users participate in a "global key management infrastructure" >>> designed to make personal encryption keys accessible to law >>> enforcement. >> >>This is particularly problematic... >Your best shot would be to make sure the part about the system being >voluntary was hard-wired into any legislation or rule-making. Unless and >until ITAR is modified by Congress, the USG has what Mark Twain called "the >calm confidence of a Christian with four aces" on this matter. International agreement on this issue won't happen this century. People don't understand the problem (or why it needs regulation), are suspicious of the US and its motives -- in any case international negotiations take forever. As for the "concession" regarding liberalisation of export controls of crypto -- big deal. The stuff is available anyway outside the US, so the only people helped are US industry -- why should the rest of the world care? Without international agreement, the whole key escrow idea doesn't have a leg to stand on, and I doubt US industry will be willing to wait that long before they can use strong crypto in their international products. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org check out my new page at http://www.cerfnet.com/~amehta/ The protestors of Tiananmen Square will be back. Next time, the battle will be fought in cyberspace, where the students have the more powerful tanks... From stewarts at ix.netcom.com Mon Jul 15 07:23:13 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 15 Jul 1996 22:23:13 +0800 Subject: Metered Phone Message-ID: <199607150749.AAA07586@toad.com> At 01:19 PM 7/7/96 +0800, you wrote: >Does anyone have any ideas about this metered phone? >I am from Philippines and heard some news that it will be >existing in 1997. Quite a big problem! Every dial will be counted, >every seconds will be measured... That sounds like you're getting newer telephone technology. In the US, most areas with newer telephone switches offer you the choice of flat rate service (you pay a constant price per month for calls in your city or other local area) or measured service (you pay a lower price per month plus a few cents per minute for local calls.) In many places with measured service, the phone company measures how much time you use for local calls, but doesn't record who you call, only how many minutes. For long-distance calls, which always charge for time, they do record what number you call. For computer users, there are two issues - - recording who you call is, of course, bad - if you have flat rate telephone service, you can stay connected to your Internet provider full time, instead of calling up every N minutes or when you have mail. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Re-delegate Authority! From frissell at panix.com Mon Jul 15 08:23:46 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 15 Jul 1996 23:23:46 +0800 Subject: Markoff on Clipper III Message-ID: <2.2.32.19960715105048.0082a620@panix.com> At 09:35 PM 7/14/96 -0700, David Sternlight wrote: >Did you miss the part in the Constitution about "provide for the common >defence" That's a meaningless part of the Preamble. And in any case, it's a statement of why "the People of the United States" wrote the Constitution. It's not an oath of the President. >and about the President's associated responsibility to "take care >that the laws be faithfully executed"? There is no law that specifically controls export of crypto, is there? I was under the impression that is an item on a list of regulated items drawn up by bureaucrats and could be changed any time the Executive Branch chose. a reg isn't a law. >And what oath do you suppose binds him because "The President shall be >commander in chief of the army and navy of the United States"? That's a job title. It doesn't command him as to what he should do in the job. In fact, the Commander In Chief is not under the Uniform Code of Military Justice and so can do anything he wants with that particular "office" subject only to impeachment and the willingness of the armed forces to obey him. It certainly doesn't require him to adopt any particular regulatory strategy. President Browne could legalize the export of all crypto by executive order on January 20th 1997 without violating his oath. That's one of the effects of a "strong executive." DCF From WlkngOwl at unix.asb.com Mon Jul 15 08:38:36 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 15 Jul 1996 23:38:36 +0800 Subject: Opiated file systems Message-ID: <199607151158.HAA28540@unix.asb.com> On 14 Jul 96 at 12:48, Adam Back wrote while high on Ritalin: > Some more thoughts on encrypted file system design criteria. > A wish list: > > - Choice of secret key encryption algorithms (IDEA, 3DES, MDC, Blowfish) Nice in theory. Awful in practice. Requires code for managing keys, encrypting and decrypting for ea. algorithm be resident in memory. For some systems (MSDOS), free memory is at a premium... (one of the reasons SecureDrive is popular is because it takes only 2.5k). It's not worth wasting memory for handling several algorithms when only one is going to be used in most cases. > - Multiple architectures (MSDOS, Win31, Win95, WinNT, Unix, Mac) Ok... > - High performance (hand optimised assembler for each architecture) So much for maintaining code across platforms. > - Compression Not worthwhile. Use a Stacker or JAM driver over the encrypted partition on a PC, for instance. Keep compression and crypto separate utilities... keeps bugs from one interfering with another and reduces complexity of both drivers; also, if one wants crypto w/out compression or compression w/out crypto, no wasted memory (see above about RAM being at a premium). > - Ability to chain algorithms (IDEA and then 3DES for example) Why? Doesn't necessarily increase security, esp. considering the performance hit (memory... see above, time, key management). > - Possible to have encrypted file systems on separate partitions, or > > - Encrypted file system located in a file in another file system > (much like DOS stacker drives) this is an ease of use criteria -- I > suspect re-partitioning drives would put off many potential users. Nothing new there. > - Ease of use. Graphical user interface for setup and administration > functions, with a very simple set of configurations options > displayed by default, with more advanced configuration options > available in "expert" mode. A common problem with much crypto these days. > - All directory and FAT information should be encrypted, so that > it is not possible to discover even number of files, or percentage > of disk used without the key Do you understand how such systems work?!? Every sector is encrypted in such systems. That's not even an issue for most encrypted file systems (at least on the PC). > - Facility for duress key, with the real data hidden in the unused > space of the first encrypted drive. To increase the plausible Huh?!? > deniability all unused blocks within a file system should be filled > with garbage, so that it is not possible to tell if there is more > data there. If the algorithm is good, this shouldn't matter. The only way a person could tell if a sector is unused is if that person was able to mount the partition already. > - File system steganographically hidden in files on another file > system (encrypted or not). Support for a wide selection of file > formats (Aiff, Wave, Midi, JPEG, GIF, RGB, MPEG). Now this is getting nutty!!! Never mind the size, compleixty and amazing slowness of such a driver... you'd have to have audio or video files of gigabytes in size to be able to store anything of use. > - Ability to use stegoed file system in files on an unencrypted > file system, and boot from a floppy to access stegoed file system, > with no other traces left on hard disk. Why? The authorities would wonder why you have an 8 Gig JPG on your disk and figure you're using it for stego, or you're crazy, or both, and have you committed. Rob. From sparks at bah.com Mon Jul 15 09:47:50 1996 From: sparks at bah.com (Charley Sparks) Date: Tue, 16 Jul 1996 00:47:50 +0800 Subject: ccMail SMTPLINK Undeliverable Message Message-ID: <2.2.32.19960715123534.006d0478@bah.com> > >Well, with the UCMJ ( Uniform Code of Military Justice ) and the Oath of >Allegiance Military Personnel take on induction being re-written to Support >and defend the United Nations and to accept direct and lawful orders from UN >personnel, this doesn't surprise me.Soon, UN Secretary-General Boutros >Boutros-Ghali, or someone like him will repeal more of the amendments to our >constitution. First our guns, then our code. > >I'll give up my pass phrase when > they pry it from my cold dead fingers ! > >>Date: Sun, 14 Jul 1996 18:22:00 -0700 >>From: Alan Bostick >>Organization: Arrogant Opinions 'R' Us >>To: cypherpunks at toad.com >>Subject: Organized Crime Home Page - Four Horsemen, No Waiting >>X-URL: http://www.mywebsite.com:1080/cgi-bin/bvolmgr.cgi?BVpage=management >>Sender: owner-cypherpunks at toad.com >> >>Cypherpunks interested in establishment scaremongering are invited >>to take a look at the Organized Crime Home Page >>(http://www.alternatives.com/crime/index.html), sponsored by a group >>called The Committee for a Safe Society, about the world-wide threat >>of organized crime. Apparently every evil known to post-Cold-War >>society, even the bad weather in Chicago, is the responsibility of >>organized crime. Now you know why governments need GAK. >> >>Alan-Bob says check it out. >>-- >>Alan Bostick | [Spielberg's] latest is TWISTER, a film that >>mailto:abostick at netcom.com | gives whole new meaning to the phrase "giant >>news:alt.grelb | sucking sound." -- Patrick Taggart >>http://www.alumni.caltech.edu/~abostick >> >> > > > > From ses at tipper.oit.unc.edu Mon Jul 15 09:58:49 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 16 Jul 1996 00:58:49 +0800 Subject: Clueless "Attachment converted" uses In-Reply-To: Message-ID: On a very similar note - could people who are using clear-text PGP signatures with mime use text/... instead of application/...; that way people without pgp will see the message text without having to mess with their mailcaps (that's the way text/* is supposed to work) Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From liberty at gate.net Mon Jul 15 10:11:56 1996 From: liberty at gate.net (Jim Ray) Date: Tue, 16 Jul 1996 01:11:56 +0800 Subject: Gorelick GAKs away on CSPAN2 Message-ID: <199607151243.IAA36146@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- I managed to miss seeing the Deputy Attorney General, whose name I will resist [with great effort] making a very tasteless joke about, but I've decided to briefly delurk to ask a question I have wondered about for some time: Who (an *individual's name*, not a department, please) came up with my unfavorite Orwellian-term, "key escrow"? I think it was likely a Bush administration official, and probably an attorney [ie. should have known better]. I am, as many of you know, trying to redefine the terms of the debate to our favored term, "GAK" -- although I must say the temptation was strong to try for "Federal Usurpation of Crypto Keys [etc.]" but I feel it's important to try to keep the debate polite until they reach the "cold, dead neurons" stage... Anyway, I assume this Bush administration official, like David Kessler, is still a government employee -- and I would very much like to write a polite (believe it or not) letter to him or her, concerning the origin of the term. I will, of course, report back to the list if I get a reply. PS Loren Riddel(sp?) - I am back in south Florida, please send me your key and the secret word(s) in a PGPmessage. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "The president has kept the promises he meant to keep." -- George Stephanopoulos (tells the truth, for once). ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray Coming soon, "Pennies For Perot" page! CYA with http://www.anonymizer.com ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMeo56G1lp8bpvW01AQFWcQQAsw/oUk57ljTKzO8lNgXoV7Lmoo2vWzw0 bk6fxGalAkDXtcgsPDdHBZ/ZV6EIpUhoIgAXi1G9ByI3jG36gxvWDD8eh2mr/ize 5HD9SKkgqCp09zwjKyBKwKAfZPGAT8oWlE0QOeBbp4ayGt+KRYk2llxultkYVlIS 4KQ5r+WQg6U= =dymZ -----END PGP SIGNATURE----- From wb8foz at nrk.com Mon Jul 15 10:25:19 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 16 Jul 1996 01:25:19 +0800 Subject: How I Would Ban Strong Crypto in the U.S. In-Reply-To: Message-ID: <199607151322.JAA05857@nrk.com> Tim May: > > At 12:18 AM 7/15/96, Dave Banisar wrote: > >Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html {} > The report speaks of an "emerging consensus" (for key escrow). I see just > the opposite, unless the report is speaking only of the U.S. intelligence > and law enforcement community....{} {} > So, who is in this "emerging consensus"? Don't be so sure the FI community has any consensus within *its* ranks, much less with the LE community. I've heard comments from insiders that were 180 out with that concept. [Not to mention that, in general, intercene warfare in the Community is a much-practiced art.] -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From froomkin at law.miami.edu Mon Jul 15 10:47:58 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Tue, 16 Jul 1996 01:47:58 +0800 Subject: How I Would Ban Strong Crypto in the U.S. In-Reply-To: Message-ID: On Sun, 14 Jul 1996, Timothy C. May wrote: > So, who is in this "emerging consensus"? > Foreign governments? (Process of elimination, not inside info...) A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From bryce at digicash.com Mon Jul 15 11:19:51 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Tue, 16 Jul 1996 02:19:51 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? In-Reply-To: <1374700491-41210125@mail.hyperion.co.uk> Message-ID: <199607151336.PAA27295@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- David G.W. Birch wrote: > > Johan, > > >Careful there. At least ecash is a registered trademark. And as far as I know > > It is alleged that a trademark has been applied for on the term "ecash" > in some countries: that's why Robert was careful (as we always are) to > use the term "e-cash" instead. "Ecash" is a registered trademark of DigiCash. It is registered with the Benelux trademark office and the United States trademark office. I believe that it is considered unwise to use minor variations on trademarked names, but I'm not an intellectual property rights lawyer. > >Mondex isn't one of the true electronic cash systems. Please correct me if > >I'm wrong, but isn't mondex an electronic debit card system? > > Mondex is _the only_ true electronic cash system in the world that I know > of, precisely because it isn't an electronic debit card system (like > Avant) or digital travellers' cheques (like Digicash). I think it would behoove us all to clarify our terms. I call Ecash(tm) coins "electronic cash" for several reasons. Ecash(tm) has all of the following characteristics in common with conventional cash, in descending order of importance: 1. Unforgeability. Ecash(tm) coins have intrinsic value because they are cryptographically impossible to forge. 2. Finality. Payments are cleared on the spot. No outstanding payment obligations remain after a purchase. 3. Bi-directionality. Payers and recipients use the same software and the same protocol. It is not necessary for recipients to be specially trusted by the bank or by the payers. 4. Privacy. The privacy of Ecash(tm) payers is mathematically unconditional. 5. Composability. You can make large Ecash(tm) payments out of a collection of smaller Ecash(tm) coins. This is in contrast to a check-based system where you typically draw a check for the exact amount and transfer only a single check. 6. Small payments. Ecash(tm) coins are cheap enough to use that they are practical for small payments. (As a note, I do not use the word "micropayments" here, because I am beginning to think that a good technical definition of "micropayments" is "payments whose value is less than the cost of using current electronic coins". This qualifies schemes like Shamir's and disqualifies, well... current electronic coins.) There might be other angles we should talk about here. I think that the first quality is the defining one, technically. So, could a knowledgeable person e.g. Mr. Birch tell us why Mondex should be considered to be "electronic cash"? And similarly I would like to hear an informed opinion about why Ecash(tm) should not be considered "electronic cash". I tend to agree that Ecash(tm) would be even _more_ cashlike if it were cleared off-line, but I don't consider that difference very fundamental. (_Any_ digital money based on our current understandings will have to be cleared at a central clearer eventually, since digital information is perfectly copyable.) Thank you for your correspondance. Regards, Bryce Ecash 2.x Team -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMepI/UjbHy8sKZitAQEiJwL/VnpQEHL1rOQ6Hm9JIEgAfCGjSKOPaIiC Jp7EVjvPoFYEsQAS4iUWybNLpxi/23uaqpXMCSNMrEwqd8WeC5ZSISldIEK/BnYE 2bULeAeMhIqm92bP6o64ok1NBGPfvK5X =ANO4 -----END PGP SIGNATURE----- From declan at well.com Mon Jul 15 11:32:19 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 16 Jul 1996 02:32:19 +0800 Subject: Seek-and-Destroy Message-ID: Do NOT visit: http://xxx.lanl.gov/seek-and-destroy The sysadmins for xxx.lanl.gov don't like robots visiting their web site, so they've published a statement on indexing at: http://xxx.lanl.gov/RobotsBeware.html Remember, do NOT click on: http://xxx.lanl.gov/seek-and-destroy -Declan From wb8foz at nrk.com Mon Jul 15 11:49:28 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 16 Jul 1996 02:49:28 +0800 Subject: Someone can't read Message-ID: <199607151408.KAA06134@nrk.com> > Clinton Proposes Initiatives On the Scrambling of Data {} > The insistence of the Administration on moving forward on > key-escrow technology appears to ignore the advice of a May > report by the National Research Council, which recommended > going more slowly on key escrow because the technology had > not yet been proved feasible. > > Administration officials said yesterday, however, that they > were better informed than the council's members realized. > > "We're further down the road on key-escrow technology than > the N.R.C. is familiar with," said Greg Simon, Vice > President Al Gore's chief domestic policy adviser. As I recall the NRC members in DC said, in *EXPLICITLY* rejecting the "If only you know what we know..." mantra, that if there was something the [NRC] did not know, it wasn't cuz that had not asked everyone involved. (Or words to that effect) So it appears the Admin was withholding data from the Congress.... I have here in front of me, documented proof that there are crypto-carrying members of the Cypherpunk Party... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From s_levien at research.att.com Mon Jul 15 12:08:24 1996 From: s_levien at research.att.com (Raph Levien) Date: Tue, 16 Jul 1996 03:08:24 +0800 Subject: How I Would Ban Strong Crypto in the U.S. In-Reply-To: Message-ID: <31EA4E91.37B3@research.att.com> Timothy C. May wrote: > > At 12:18 AM 7/15/96, Dave Banisar wrote: > >Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html Thanks to Dave for posting this URL. This is a _very_ important document, and I would recommend that all concerned cypherpunks read it carefully. Unlike many of its predecessors, it is clearly written and quite upfront about the "administration's" goals. > Thanks. I took an initial look, and it looks like the same old stuff. It's not. There's a lot in this document that hadn't been clear to me before. I will try to summarize the highlights (these are all my interpretations, not actual points made in the document). 1. The battle over whether applications can contain strong encryption algorithms has basically been lost. For example, SSL-enabled applications are widely available over the world, thanks in large part to the work of Eric Young. The same will happen for any other encryption protocol that catches on. 2. The battle for key management has not yet been fought. The lack of a key management infrastructure is the main reason why people don't use PGP widely. This is demonstrated quite clearly by the fact that only a few of the people I correspond with, including many premail users, actually encrypt messages on a routine basis. If the key management stuff were in place, it would "just work." 3. Anybody can write an application that supports strong encryption algorithms. Witness SSH, a very impressive and useful program, which was basically done by one person, Tatu Ylonen. However, building a key management infrastructure will take lots of money, hard work, and cooperation. 3a. Consider a future scenario in which a key management infrastructure allowed big, unescrowed keys to be distributed widely, but that export controls on clients prohibited the use of secure symmetric algorithms. Such a situation would not be stable - the incremental cost of uncrippled clients would be so small, and so tempting, that they would spread like wildfire. 4. Thus, the best leverage for the TLAs to win is to guide the development of a key management infrastructure with the following property: if you don't register your key, you can't play. I believe that this is the true meaning of the word "voluntary:" you're free to make the choice not to participate. 5. This is _important_. If you can't get the keys for your correspondents, you can't use encryption. If they build a key management infrastructure that actually works, people will use it. 6. Export is a two player game. The other country has to allow import of the stuff, too. If the Burns bill passes, the "administration" would strong-arm other countries to prohibit import of strong crypto, still leaving US developers with no market. 7. Building this stuff is too much of a task for the TLAs. They tried it with Clipper, and it failed. They hoped that building the Tessera card would be enough - that once they threw it over the wall, it would be eagerly snapped up by industry. 8. Thus, they're going to cajole, bribe, and coerce software companies to play along. This fact is quite nakedly exposed in the document (good thing the injunction against the CDA is still in force :-). [much, much elided from Tim's post] > ... and by opposition to Clipper I, > Clipper II, and now Clipper III. Is this Clipper III or Clipper IV? I seem to have lost count. > A bunch of Congressmen, including the axis supporting the Burns bill, > obviously are not part of this emerging consensus. So it's a "rough consensus" in the spirit of the IETF :-) > I would push hard on Netscape, Microsoft, Novell, Sun, Apple, and the other > companies (but mainly on Netscape and MS, for obvious reasons) to bundle in > "trusted third parties" and all that GAK stuff. Bundle it in, make it easy > to use, make it easy to export, make it easy to spread in crypto-hostile > countries, and hope like hell that it undermines the push for PGP and > S/MIME. You can count on the fact that NMNSA&c are already being wooed quite sweetly. Don't put too much stock in the push for PGP and S/MIME. Five million dollars later, PGP 3.0 is still stuck in the mud. S/MIME has serious protocol weaknesses that are still not being addressed. But, most importantly, neither of these systems can actually be used on a widespread basis, because of the lack of a key management infrastructure. > Don't be fooled. Who? Us cypherpunks? Raph From raph at CS.Berkeley.EDU Mon Jul 15 12:28:25 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 16 Jul 1996 03:28:25 +0800 Subject: List of reliable remailers Message-ID: <199607151350.GAA30751@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"treehole"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (c2 alpha) (flame replay) (alumni portal) Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Note: The remailer list now includes information for the alpha nymserver. Last update: Sun 14 Jul 96 15:43:37 PDT remailer email address history latency uptime ----------------------------------------------------------------------- replay remailer at replay.com ****+++****+ 5:01 99.99% alumni hal at alumni.caltech.edu #-*##*#**##+ 2:26 99.99% jam remailer at cypherpunks.ca ***********+ 17:16 99.99% c2 remail at c2.org ++-++++++++- 57:40 99.99% mix mixmaster at remail.obscura.com -+++++-+++-- 2:50:34 99.98% nymrod nymrod at nym.jpunix.com *#######+##+ 2:21 99.98% lead mix at zifi.genetics.utah.edu ++++++++++++ 40:00 99.97% lucifer lucifer at dhp.com ++++++++-+++ 47:35 99.94% flame remailer at flame.alias.net -+--++++-.-- 7:31:14 99.93% amnesia amnesia at chardos.connix.com ----+-+----- 3:12:29 99.86% alpha alias at alpha.c2.org **++++*++**+ 39:15 99.76% ncognito ncognito at rigel.cyberpass.net _-...-+_--. 14:56:48 99.69% portal hfinney at shell.portal.com #- ##*#+##+ 2:08 99.46% treehole remailer at mockingbird.alias.net -+ + +--.- 3:43:44 98.98% vegas remailer at vegas.gateway.com #*+#*+* * * 1:28:29 98.17% penet anon at anon.penet.fi ...- -----+ 11:48:28 94.51% haystack haystack at holy.cow.net * #+#-+* # 4:49 91.21% nemesis remailer at meaning.com ********+ 20:19 76.01% extropia remail at miron.vip.best.com ---.---- 6:01:00 51.75% ecafe cpunk at remail.ecafe.org ### ## 51:33 47.17% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From dlv at bwalk.dm.com Mon Jul 15 15:32:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 16 Jul 1996 06:32:07 +0800 Subject: [NOISE, FLAME] Cypherpunk kook slanders In-Reply-To: <2.2.32.19960715042208.00ad81b4@mail.teleport.com> Message-ID: Alan Olsen writes: > At 12:23 PM 7/14/96 EDT, Dr.Dimitri Vulis KOTM wrote: > > [Alot of bullshit deleted] As an amusing aside, the text that Alan Olsen deleted was the quote from our least favorite cripple. My response only started here: > >I remember how someone recently argued on news.groups that Bruce Bough's vot > >should be invalidated because he's dying from AIDS. I strongly disagree with > >Dan's (?) reasoning, which was, I recall, that someone with only a couple of > >months left to live shouldn't be telling others how to run Usenet after his > >death. I think we should consider Bruce's opinions as being representative. > >After all, a Usenet vote is an interest poll, and the voters are just a samp > >of a larger population. Not everyone who thinks like Bruce Bough is going to > >die together with him from AIDS within a few months (sigh). Let him vote. > > I have no idea where you got the idea that Bruce has AIDS. I was also responding to this article by Dan Hartung, a Usenet votetaker: ]Path: ...!Q.Net!nntp1.best.com!news1.best.com!nntp.primenet.com!news.sprintlink.net!news-stk-3.sprintlink.net!news.ultranet.com!homer.alpha.net!uwm.edu!math.ohio-state.edu!howland.reston.ans.net!newsfeed.internetmci.com!in2.uu.net!in-news.erinet.com!ddsw1!news.mcs.net!usenet ]From: Dan Hartung ]Newsgroups: news.groups,alt.config,soc.motss ]Subject: Re: Proposal: Ban Homosexuals for Usenet Votes ]Followup-To: alt.bonehead.john-grubor ]Date: Sat, 15 Jun 1996 00:08:26 -0500 ]Organization: Rotaract Club of Evanston ]Lines: 13 ]Message-ID: <31C2454A.71B9 at mcs.net> ]References: <199606122318.QAA27943 at jobe.shell.portal.com> ]NNTP-Posting-Host: dhartung.pr.mcs.net ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=us-ascii ]Content-Transfer-Encoding: 7bit ]X-Mailer: Mozilla 3.0b4 (Win95; I) ] ]anonymous-remailer at shell.portal.com wrote: ]> The Subject says it all. Usenet votes are supposed to be reader interest ]> polls. Who cares about the opinions of someone who's going to die from AIDS ]> in a month, and won't be rrading Usenet anyway? Their votes shouldn't count. ] ]Absolutely. I couldn't agree more. But we have to have a litmus test, ]a means for determining precisely who is homosexual. I know! We'll ]just assume anyone who conceals their identity is homosexual. ] ]-- ]Daniel A. Hartung | I believe we can fly ]dhartung at mcs.com | on the wings that we create ]www.mcs.net/~dhartung/ | -- Melissa Etheridge As you see, I find Dan Hartung's homophobic ravings even more distasteful than the whining cripple's censorous demands that cypherpunk technology not be used to promote homophobia, as in the abive example. I actually defended the cripple from Dan Hartung in the above quote. As for AIDS, I remind you that some people with AIDS or HIV lie about their condition on purpose, in order to infect others. A very angry demented cripple would fit this pattern. > As for him "dragging outside articles into this group"... You must mean him Alan Olsen is lying again, as usual. The cripple has on numerous occasions forwarded entire large Usenet articles to the cypherpunks mailing list whose only relevance was a mention of my name in some derogatary way. He's been trying to drag his little Usenet flame wars to this mailing list for months; finally he succeeded. > Another thing that you need to do is learn how to comprehend written english. That's a pretty racist remark. > Bruce is a very nice guy who has some health problems. I know few people > who have met him who have not gotten along with him. Are you talking about the same demented cripple who tried to organize a "cypherpunks" meeting at his place and specifically excluded certain people because he didn't like their political views? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From snow at smoke.suba.com Mon Jul 15 15:53:27 1996 From: snow at smoke.suba.com (snow) Date: Tue, 16 Jul 1996 06:53:27 +0800 Subject: Organized Crime Home Page - Four Horsemen, No Waiting In-Reply-To: <31E99D38.75AC@netcom.com> Message-ID: On Sun, 14 Jul 1996, Alan Bostick wrote: > Cypherpunks interested in establishment scaremongering are invited > to take a look at the Organized Crime Home Page > of organized crime. Apparently every evil known to post-Cold-War > society, even the bad weather in Chicago, is the responsibility of > organized crime. Now you know why governments need GAK. > Alan-Bob says check it out. I just a crack about government being organized crime, then I came across their defination: " DEFINING ORGANIZED CRIME We could define organized crime as an agreement between men to forward a common cause, using other humans as tools for advancement, without regard to the health or happiness of those "other" humans outside the group. Using humans may involve selling them as slaves, selling them as prostitutes, draining their resources with addictive drugs or gambling, extortion, theft, kidnapping, or murder. These are generally associated with organized crime, and not with "legitimate business"." ___________________________________________________________________________ Given the first paragraph, governement could _easily_ fall into such a defination, and taxes are just a little like extortion. Maybe these people aren't total loons, but I'd suggest they've read Neurmancer once too often. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Mon Jul 15 15:55:30 1996 From: snow at smoke.suba.com (snow) Date: Tue, 16 Jul 1996 06:55:30 +0800 Subject: Organized Crime Home Page - Four Horsemen, No Waiting In-Reply-To: <31E99D38.75AC@netcom.com> Message-ID: On Sun, 14 Jul 1996, Alan Bostick wrote: > Cypherpunks interested in establishment scaremongering are invited > to take a look at the Organized Crime Home Page > (http://www.alternatives.com/crime/index.html), sponsored by a group > called The Committee for a Safe Society, about the world-wide threat > of organized crime. Apparently every evil known to post-Cold-War > society, even the bad weather in Chicago, is the responsibility of > organized crime. Now you know why governments need GAK. Well, they are wrong. The bad weather in Chicago is the governments fault. Ok, that counts as organized crime... --Chicago, the only city in the world where the wind hits you from 3 directions at once. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Mon Jul 15 16:07:33 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 16 Jul 1996 07:07:33 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: <199607151637.JAA29185@mail.pacifier.com> At 09:58 AM 7/15/96 -0400, Raph Levien wrote: >[much, much elided from Tim's post] >> ... and by opposition to Clipper I, >> Clipper II, and now Clipper III. > >Is this Clipper III or Clipper IV? I seem to have lost count. I think it's Clipper 3.14159. They seem to be going around in circles. Jim Bell jimbell at pacifier.com From tcmay at got.net Mon Jul 15 16:12:39 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 16 Jul 1996 07:12:39 +0800 Subject: Global Government Access to Keys (GGAK) Message-ID: At 6:37 AM 7/15/96, Bill Frantz wrote: >At 2:05 PM 7/13/96 +0000, Deranged Mutant wrote: >>Or what if some terrorist was using keys escrowed in a country that >>sponsered terrorist acts? > >Deranged Mutant is absolutely right. There are about 150 (or so) >governments in the world. When people talk about making keys available to >government (or law enforcement), always ask, "Which governments can access >these keys?" If I were a non-French corporation, I would feel distinctly >nervous if the answer included France. (There are a number of other >countries where the security services have also been suspected of engaging >in industrial espionage.) There are some interesting "public relations" stunts we can use to undermine support for the concept of GAK: * Announce in corporate press releases (for some Cypherpunkish company?) that "As per the laws of the Libyan Arab Jamahiriya, we have provided Col. Qaddaffi's Office of People's Security with our encryption keys for all communications passing into, out of, or over Libyan soil." (This would likely horrify the U.S. security establishment, were it to be actually true. But it is of course essentially symmetrical with the fear those in Germany, India, Iraq, etc. would have if told to deposit copies of their keys with the U.S. National Security Agency or any other "trusted third party" mandated.) (I can't resist another aside. Sorry. In addition to the abuse of the English language with using "escrow" in this warped sense, we now have "trusted third party" used in a warped sense. "We're not saying _you_ trust them, we're saying the NSA trusts them.") * "The U.S. has designated J. P. Morgan and Company as a Designated Trusted Authority for the deposit of encryption keys for Jewish persons wishing to communicate in primarily Islamic countries." (Making the point that any international key escrow scheme which complies with various nation's laws must collide with American values about such things. In many Arab countries, Jews are restricted in various ways. Do we want the government of the U.S. participating in such restrictions? And what about the Arab boycott? It may be in decline now, but not with all countries.) * "The United States Office of Communications Security has turned over to the government of Singapore a list of all persons suspected of circumventing Singaporan law regarding encryption." (ObNazi Reference: One can imagine how a GAK program would've worked during the Third Reich. Not only would communications have been read, regardless of the supposed legal protections, but GAK would have been used to compile contact lists of people to be rounded up. Sort of the way the U.S. government violated the laws about the U.S. Census to illegally use census records to locate "Japs" for assignment to concentration camps.) And so forth, concentrating on the essentially intractable problem of how to "escrow" keys with foreign governments imimical to Western values. (The crypto literature, esp. the Proceedings of the Crypto Conference, circa the mid-80s, refers to this as the "rogue government" problem, esp. with regard to the issuance of false "is-a-person" credentials. That is, suppose a Global Identification Infrastructure (GII) is implemented, consistent with Global Government Access to Keys (GGAK). What about some countries, whether they be the Free Republic of Libertaria or the Libyan Arab Jamahiriya, who either refuse to play along or who subvert the system with false information? What if the United States itself issues false identities to its secret agents, its informants, and its 60,000+ people in the so-called Witness Security program?) There are other aspects of GAK which also collide with basic values. For example, consider several classes of communications we consider "privileged": -- attorney-client discussions, in person or over phone lines. -- doctor-patient discussions -- psychiatrist--patient discussions -- priest--penitent confessions Are the computer communications (likely in the future to increase, even if not common now) of these groups to be GAKked? Even with "safeguards," the priest--penitent relationship will be forever compromised, with neither side knowing whether some secret policemen is listening. These are not new issues; we talked about them several years ago. But now that GAK is being discussed again.... --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rah at shipwright.com Mon Jul 15 16:50:20 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 16 Jul 1996 07:50:20 +0800 Subject: DCSB: Betting on the Future Message-ID: --- begin forwarded text X-Sender: rah at tiac.net Mime-Version: 1.0 Date: Mon, 15 Jul 1996 11:26:33 -0400 To: dcsb at ai.mit.edu From: Robert Hettinga Subject: DCSB: Betting on the Future Sender: bounce-dcsb at ai.mit.edu Precedence: bulk Reply-To: Robert Hettinga -----BEGIN PGP SIGNED MESSAGE----- The Digital Commerce Society of Boston Presents Duane Hewitt Idea Futures "Betting on the Future" Tuesday, August 6, 1996 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA Duane says: > I am a Molecular Biologist by trade but I am fascinated by all aspects of > science and technology and especially their long term ramifications. I am > completing my Master's Degree thesis as well as working full time at the > University of Massachusetts at Amherst. I have some part time work > maintaining Web pages and I have been involved with the Idea Futures Web > site from the very beginning. I also am currently working on a hypertext > reference on the biology of aging. Many of these interest can be accessed > from my home page at http://www.lucifer.com/~duane > > I will introduce the concept of Idea Futures which is a market in which > the odds of future events are set by betting. It is designed to reward > those who can accurately forecast future outcomes. It has been recognized > by the Austrian Broadcast System, and the Point Survey and mentioned in > _Wired_. I will discuss the implications of such a market as well as some > of the history behind it. I will also propose how a similar market could > be used to construct a market based voting system. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, August 6, 1996 from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, One Federal Street. The price for lunch is $27.50. This price includes lunch, room rental, and the speaker's lunch. ;-). The Harvard Club *does* have dress code: jackets and ties for men, and "appropriate business attire" for women. We need to receive a company check, or money order, (or if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, August 3, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston". If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Planned speakers for the following few months are: September Tatsuo Tanaka Some Economics of Digital Cash October Philippe LeRoux Stock Exchanges and the Web We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, rah at shipwright.com . For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to majordomo at ai.mit.edu . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to majordomo at ai.mit.edu . Looking forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMepi6vgyLN8bw6ZVAQFsOwP/UuOoWa0LUEyY4dmQ21KIR4GwhB6PurSa L97eVsbVOigP+TVPFJX7RKqYhCxIL8gDUnSRimGnATmhLo5wdE0UXvgakeGaD5s+ vKPfhuaG9/MnuZvWFbBEZOrTTKqVE8bfoU2yiw6xTvhyQY0lDA2BSO8vjip28nOA 0Wkuh1VUBhY= =/5+9 -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From perry at piermont.com Mon Jul 15 16:59:38 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 16 Jul 1996 07:59:38 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607121854.LAA29560@slack.lne.com> Message-ID: <199607151636.MAA04446@jekyll.piermont.com> Eric Murray writes: > When I called the Pac Bell customer service droids to get my "complete" > blocking I asked them why they won't block CID to 800 numbers. > Their answer: "that's just the way it works". There is a really easy reason for this. When you call an 800 number, the other guy gets billed. The person that gets billed has a legal right to know the call details of a toll call they are paying for. If you don't want them to know where you are calling from, don't ask them to pay for it. Perry From david at sternlight.com Mon Jul 15 17:16:12 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 08:16:12 +0800 Subject: Markoff on Clipper III In-Reply-To: <2.2.32.19960715105048.0082a620@panix.com> Message-ID: At 3:50 AM -0700 7/15/96, Duncan Frissell wrote: >At 09:35 PM 7/14/96 -0700, David Sternlight wrote: > >>Did you miss the part in the Constitution about "provide for the common >>defence" > >That's a meaningless part of the Preamble. Anyone who thinks substantive parts of the Preamble are "meaningless" is deserving only of contumely. Perhaps you should review your high school civics course--you did have one of those, yes? David From tcmay at got.net Mon Jul 15 17:20:53 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 16 Jul 1996 08:20:53 +0800 Subject: Further Trends in Key Escrow? Message-ID: I'm watching a CNBC report about the NASDAQ market and proposed fixes to certain alleged abuses about stock recommendations, bid-ask spreads, brokers, etc. One of the "industry" proposals involving taping the phone calls of NASDAQ brokers. (The proposal: 10% of all calls to customers would be recorded for later review.) It occurs to me that wider taping/interception of communications could be a consequence of a wide move toward "key escrow." And not just by governments. Once communications are "escrowed," the infrastructure for gaining access to communications is available. Thus, professional associations may request access, as with the NASDAQ talk of tapping the phone calls of brokers. (To be clear, this is a tapping system which NASDAQ dealers would have to agree to deploy in order to keep their affiliation; as this is ostensibly a voluntary, non-coerced, private arrangement, I don't argue it should be outlawed. I don't like it, but my concern is elsewhere: namely, the temptation to use a GAK system for these and similar purposes.) The whole infrastructure of mandatory voluntary key escrow could allow all sorts of special interest groups to ask for access and insist upon it with their members, customers, and affiliates. A danger to think about. Even if the non-government gakkings are ostensibly voluntary, the effect would be a sea change in expectations of communications privacy, with the key escrow infrastructure used to give access to formerly secure communications to growing numbers of groups. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Mon Jul 15 17:54:07 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 16 Jul 1996 08:54:07 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <199607151701.KAA00537@mail.pacifier.com> At 06:05 PM 7/14/96 -0700, David Sternlight wrote: >This post is a courtesy to others who may have been expecting more. It's not that we're expecting more...it's just that we're hoping for BETTER. >It's a >one-time statement to this list, which I've just joined, of my current >practice: Silence does not constitute assent. >David Well, that's where you're confused. Our positions are not morally equivalent. Despite trying to hide behind the smokescreen of calling the government's GAK position "voluntary," we all know that they are trying to misuse their influence to gently force us to use GAK, if by no other means that forcing the taxpayer to pay for the system as they have done already. The opponents of GAK, on the other hand, are not denying to anyone the right to implement a truly voluntary "key-escrow" system, or more likely many privately operating ones. However, such systems will be a service for the customer, not the government, and the key will almost certainly not be provided to the government on request, and in fact the key will likely be stored in an encrypted form that the government won't be able to use. Quite simply, we do not require your "assent." You should be trying to get OURS. Jim Bell jimbell at pacifier.com From jk at stallion.ee Mon Jul 15 18:06:18 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Tue, 16 Jul 1996 09:06:18 +0800 Subject: random numbers reverse-engineering Message-ID: Is there somewhere where I could find more information on finding out RNG algorithms or reverse-engineering RNG's, once you have some quantity of random numbers generated by some RNG? For example a local bank is giving each customer a list with 600 one-time passwords (6-digit decimal numbers), and I believe they use the account number as (one of the) seeds for the RNG. Is there some program that I could use, together with the numbers and possible seed, to try to break the RNG? J�ri Kaljundi AS Stallion jk at stallion.ee From david at sternlight.com Mon Jul 15 18:08:25 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 09:08:25 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates In-Reply-To: <1.5.4.32.19960715151942.002d643c@giasdl01.vsnl.net.in> Message-ID: At 3:26 AM -0700 7/15/96, Arun Mehta wrote: >At 10:17 14/07/96 -0700, David Sternlight wrote: >>At 7:05 AM -0700 7/13/96, Deranged Mutant wrote: >>>On 12 Jul 96 at 18:23, Bob Palacios posted: >>>> * Called for the liberalization of export controls provided computer >>>> users participate in a "global key management infrastructure" >>>> designed to make personal encryption keys accessible to law >>>> enforcement. >>> >>>This is particularly problematic... > >>Your best shot would be to make sure the part about the system being >>voluntary was hard-wired into any legislation or rule-making. Unless and >>until ITAR is modified by Congress, the USG has what Mark Twain called "the >>calm confidence of a Christian with four aces" on this matter. > >International agreement on this issue won't happen this century. >People don't understand the problem (or why it needs regulation), >are suspicious of the US and its motives -- in any case >international negotiations take forever. That's certainly one view. Another is that if you watch the precursors of legislation, then actions in the Netherlands, the UK, and in the European Parliament suggest that an independent European escrow initiative might happen within a year. When it does it will be a trivial matter to harmonize it with some US offering. The mills in various countries are grinding too coincidentally for my taste. Given the glacial pace with which standard integrated crypto has appeared on the Internet, with Navigator only going to offer the final link--encrypted e-mail--later this year, the above timing isn't necessarily one which will be left behind by independent Internet developments. And given the glacial pace of PGP movement toward integrated internet standard products, it hasn't a hope of beating the above timing to the punch. David From jimbell at pacifier.com Mon Jul 15 18:16:46 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 16 Jul 1996 09:16:46 +0800 Subject: Markoff on Clipper III Message-ID: <199607151725.KAA02150@mail.pacifier.com> At 09:35 PM 7/14/96 -0700, David Sternlight wrote: >>At 02:33 PM 7/14/96 -0400, Duncan Frissell wrote: >>>Last time I looked, the oath they took was to protect the Constitution -- >>>not the nation or national security. > >Did you miss the part in the Constitution about "provide for the common >defence" If there is anything that is clear about GAK, it is a system which is NOT intended to benefit all citizens approximately equally. The vast majority (over 99.99%) of the population will never be the victim of any sort of terrorism. If anything, it's intended to provide job security for government employees who are increasingly aware that the unhappy villagers will be showing up at the castle with their torches. The best thing the government could do to prevent terrorism is to simply stop misbehaving; to stop doing those things that make many ordinary citizens feel that they are far more a victim of their government that any terrorist or criminal. Jim Bell jimbell at pacifier.com From esherman at umich.edu Mon Jul 15 18:25:18 1996 From: esherman at umich.edu (Erika) Date: Tue, 16 Jul 1996 09:25:18 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607151636.MAA04446@jekyll.piermont.com> Message-ID: Sometimes if you have the operator dial the number, the caller ID won't work (and neither will ANI). On Mon, 15 Jul 1996, Perry E. Metzger wrote: > > Eric Murray writes: > > When I called the Pac Bell customer service droids to get my "complete" > > blocking I asked them why they won't block CID to 800 numbers. > > Their answer: "that's just the way it works". > > There is a really easy reason for this. > > When you call an 800 number, the other guy gets billed. The person > that gets billed has a legal right to know the call details of a toll > call they are paying for. If you don't want them to know where you are > calling from, don't ask them to pay for it. > > Perry > From markm at voicenet.com Mon Jul 15 18:29:54 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 16 Jul 1996 09:29:54 +0800 Subject: Markoff on Clipper III In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 14 Jul 1996, David Sternlight wrote: > Did you miss the part in the Constitution about "provide for the common > defence" and about the President's associated responsibility to "take care > that the laws be faithfully executed"? > > And what oath do you suppose binds him because "The President shall be > commander in chief of the army and navy of the United States"? Nowhere in the Constitution does it say that firearms (or crypto in this case) are a threat to national security. In fact, the second amendment explicitly dictates that people have the right to own firearms. The term "national security" has been used too often to justify the government's actions. National security means making sure that terrorists don't find out the ICBM lauch codes, not making it illegal for people to use unescrowed encryption. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeqANrZc+sv5siulAQGE6AP/QeF+z2oIK8t6Ri5AYMdi4uiw2XiIRgnn MEpYxQPpaA6m7jXCLx9/06xE4S+TCGkvTbjciEIQPBEhIQ0j7gqBgY5F+T6zSMOZ 8cTNqyYm2NyEkC4vWgaXe8zPf47eEmlaZbxT1tpkCWiVROV96u7i1ldcEjBbIr6e lhWt1bwg778= =RErS -----END PGP SIGNATURE----- From tcmay at got.net Mon Jul 15 19:25:40 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 16 Jul 1996 10:25:40 +0800 Subject: brokers as middlemen Message-ID: At 5:48 PM 7/15/96, L. Detweiler wrote: >this reminds me of something else. the stock exchange as it now stands >is not the paradigm of true capitalism as some would have others >believe. in fact I see it as the paradigm of what might be called >"middleman capitalism", a version of capitalism that is rapidly >diminishing and disappearing in the onslaught of the information age. > >essentially, in the new version of capitalism, middlemen who do not >*add*value* to the delivery of a product are going to be increasingly >cut out of the loop. I am not saying *all* middlemen will be cut out, >but many that now exist will be. I agree with Vlad/Larry's points, and this is in one of the other recommendations for the NASDAQ, that it be even further electronic-mediated, with more information made available on bid/ask spreads. The rise of discount brokers, who provide essentially no advice to customers, is part of this "disintermediation." Ditto for electronic trading systems, such as Accu-Trade. >in my opinion, the *stock*broker* as his job is now defined is in many >ways the classic middleman that does not necessarily add value to the >information that flows through his hands. if he is just an agent for >carrying out the demands of clients, then I'd say that this role is >going to disappear as markets become more automated, or rather capital >moves toward stock exchanges that diminish this overhead. however, there >are many brokers that add far many more services than mere >blind investor response, such as analyzing company profitability, >forecasting, etc-- these are adding value imho. Agreed, and this is already happening. >I think the end result of the information age is going to be something >that could be regarded as the ultimate capitalist market-- something >that eliminates all "unnecessary" middlemen. I suspect the stock exchanges >of the future will *not* be regulated because they *cannot* be. it >will be a matter of buyers and sellers choosing the systems that >best suit them regardless of what governments feel is appropriate, fair, >or whatever. I emphatically agree! There is little need for regulation in this new environment, and "reputations matter." And regulation is becoming problematic. (To cite one example. Some are calling for registration and regulation of "investment advice," which is largely unregulated in the U.S. today. That is, I can self-publish a newsletter, "Tim's Stock Picks," and the First Amendment says this can't be restricted (Caveat: But I can't sell "Tim's Legal Advice," "Tim's Earthquake Safety Advice," or "Tim's Medical Advice" to clients...go figure). Some want investment newsletter writers "held accountable." Great, so I'll move my newsletter to Anguilla or Monaco. What do they do then? Stop U.S. subscribers from getting them? Set up postal stings, where illegal investment or medical advice is treated as illegal child porn from Denmark? Use key escrow to monitor received Net traffic?) >its interesting how the restrictions on stock buying and selling are >becoming quite orwellian in the way they are designed to limit >mere information transfer in many cases, it seems. TCM has written >about this far better than I could in previous posts. ("inside trading" >restrictions). Again, I agree. I won't quote anymore of Vlad/Larry's piece, as I agree with it all. (Vznuri should probably "reclaim" his Detweiler personna, so that such good messages as these accrue to his True Name's reputation.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hotlists at d-comm.com Mon Jul 15 19:36:20 1996 From: hotlists at d-comm.com (hotlists at d-comm.com) Date: Tue, 16 Jul 1996 10:36:20 +0800 Subject: d.Comm: Your Login Information Message-ID: <199607151820.OAA21615@sol.spiders.com> Thank you for logging into d.Comm. At d.Comm we believe a key part of any successful product, magazine or other, is a comprehensive knowledge of the market; in our case our readers. The information you provide us with not only helps us to fine-tune the magazine, but also enables you to manage your information content, through the hotlist section. We therefore wish to thank you once again for helping us to keep d.Comm dynamic. When your World Wide Web browser prompts you for a login and password use the following: Login: cypherpunks Passwd: 107084 URL: http://www.d-comm.com/ (note: your login is case-sensitive) You may end up back at the login when you try to enter a section of d.Comm that you attempted to enter before you received your username. If this happens, please click the reload button on your Web browser. If you have trouble and need some help, please send mail to: hotlists at d-comm.com Note: If you wish to change your allotted password, Password management is available at : http://www.d-comm.com/s-bin/hl_passwd If for any reason you encounter any problems, please do not hesitate to contact us. ---------------------------------------------------------------------------- Eddie Hold Editor d.Comm & Communicate The Economist Group http://www.d-comm.com/ From frissell at panix.com Mon Jul 15 19:52:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 16 Jul 1996 10:52:52 +0800 Subject: Markoff on Clipper III Message-ID: <2.2.32.19960715184219.00827588@panix.com> At 10:20 AM 7/15/96 -0700, David Sternlight wrote: >At 3:50 AM -0700 7/15/96, Duncan Frissell wrote: >>At 09:35 PM 7/14/96 -0700, David Sternlight wrote: >> >>>Did you miss the part in the Constitution about "provide for the common >>>defence" >> >>That's a meaningless part of the Preamble. > >Anyone who thinks substantive parts of the Preamble are "meaningless" is >deserving only of contumely. Perhaps you should review your high school >civics course--you did have one of those, yes? > >David > Welcome to the list. Yes my high school Civics class was good. So were my law school Con Law courses. Yes, David I would say you practice "contumely" -- Rudeness or contempt arising from arrogance; insolence. But then so do I. I'll say again, the Preamble speaks of the reasons the drafters of the Constitution had for writing the thing, it does not set forth any powers of the federal government. Goals not means. GAK is a means not a goal. DCF From vznuri at netcom.com Mon Jul 15 19:59:31 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 16 Jul 1996 10:59:31 +0800 Subject: brokers as middlemen In-Reply-To: Message-ID: <199607151748.KAA25534@netcom19.netcom.com> TCM: > >I'm watching a CNBC report about the NASDAQ market and proposed fixes to >certain alleged abuses about stock recommendations, bid-ask spreads, >brokers, etc. > One of the "industry" proposals involving taping the phone calls of NASDAQ >brokers. (The proposal: 10% of all calls to customers would be recorded for >later review.) this reminds me of something else. the stock exchange as it now stands is not the paradigm of true capitalism as some would have others believe. in fact I see it as the paradigm of what might be called "middleman capitalism", a version of capitalism that is rapidly diminishing and disappearing in the onslaught of the information age. essentially, in the new version of capitalism, middlemen who do not *add*value* to the delivery of a product are going to be increasingly cut out of the loop. I am not saying *all* middlemen will be cut out, but many that now exist will be. in my opinion, the *stock*broker* as his job is now defined is in many ways the classic middleman that does not necessarily add value to the information that flows through his hands. if he is just an agent for carrying out the demands of clients, then I'd say that this role is going to disappear as markets become more automated, or rather capital moves toward stock exchanges that diminish this overhead. however, there are many brokers that add far many more services than mere blind investor response, such as analyzing company profitability, forecasting, etc-- these are adding value imho. I think the end result of the information age is going to be something that could be regarded as the ultimate capitalist market-- something that eliminates all "unnecessary" middlemen. I suspect the stock exchanges of the future will *not* be regulated because they *cannot* be. it will be a matter of buyers and sellers choosing the systems that best suit them regardless of what governments feel is appropriate, fair, or whatever. its interesting how the restrictions on stock buying and selling are becoming quite orwellian in the way they are designed to limit mere information transfer in many cases, it seems. TCM has written about this far better than I could in previous posts. ("inside trading" restrictions). I think we are going to be moving toward new stock markets that are diverse (i.e. not only one of them) that have different kinds of rules for buying and selling. I suspect they will be largely automated, because the market pressure is to move in the direction of eliminating unnecessary overhead. isn't a roomful of men chaotically screaming "buy" and "sell" orders at each other the epitome of what is *not* represented by the information age? the entire process could be reduced to electrons flowing through wires. so I think what we are seeing are the last gasps of pre-information-age economics in which governments feel they have to do things like regulate stock markets for the concept of buying and selling to work right and be "fair". I'm not saying that unfairness doesn't exist in capitalism, but I am saying that increasingly these decisions of what actually constitutes "unfairness" are going to be made by the economic players involved and not bureacrats in governments. eventually we are going to find that money is actually a special kind of information network that helps a society control the allocation of capital and human resources-- i.e., allocating anything with the property of "scarcity". (for more ideas on "middleman capitalism" vs. "pure captalism" read Bill Gates' _Road_Ahead_.) From frantz at netcom.com Mon Jul 15 21:23:52 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 16 Jul 1996 12:23:52 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: <199607151850.LAA08307@netcom8.netcom.com> At 9:58 AM 7/15/96 -0400, Raph Levien wrote: >4. Thus, the best leverage for the TLAs to win is to guide the >development of a key management infrastructure with the following >property: if you don't register your key, you can't play. I believe that >this is the true meaning of the word "voluntary:" you're free to make >the choice not to participate. > >5. This is _important_. If you can't get the keys for your >correspondents, you can't use encryption. If they build a key management >infrastructure that actually works, people will use it. The obvious counter is to use the key management infrastructure for authentication, but use a technique like Diffie-Hellman to decide on a session key. I see two problems with this approach: (1) It still allows traffic analysis. (2) It will be difficult to implement for one-way transmissions (e.g. email). A more complex structure would overcome (2) above. Use you GAK key to sign your PGP key. Post your PGP key on the MIT server (or successors), and people who want non-GAKed communication with you would use your PGP key, with the benefit of government approved authentication. I still think this whole GAK thing is going to fail on the, "Which government?" question. I don't see either multi-nationals or their governments wanting to share their secrets with each other, and I don't see how to set up universal GAK to prevent that form of industrial espionage. Also, the key which decodes the GAKed data is just too valuable and too easy to steal. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From david at sternlight.com Mon Jul 15 21:24:41 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 12:24:41 +0800 Subject: Clueless "Attachment converted" uses In-Reply-To: Message-ID: At 6:01 AM -0700 7/15/96, Simon Spero wrote: >On a very similar note - could people who are using clear-text PGP >signatures with mime use text/... instead of application/...; that way >people without pgp will see the message text without having to mess with >their mailcaps (that's the way text/* is supposed to work) It's kludgy, I agree, but that's the way the example PGP translator for our mailer that some of us are using works right now. If someone rewrites that part of it, I'm sure we'd all be happy to switch. Dunno if there's an easy patch with ResEdit. (It's for the Mac.) In my own case I used it to clearsign my first few posts here to avoid somebody popping up and claiming a spoof. I don't plan to do it regularly. David From rich at c2.org Mon Jul 15 21:31:48 1996 From: rich at c2.org (Rich Graves) Date: Tue, 16 Jul 1996 12:31:48 +0800 Subject: WashPost: A "hate speech" horseman of a different color Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Search July 15th www.washingtonpost.com for "massive armamentarium" [sic]. With Innovative Use, the Web Empowers the First Amendment By John Schwartz Washington Post Staff Writer Monday, July 15 1996; Page F19 The Washington Post [...] Lately, though, I've gotten a nice, big dose of hope from watching hatemongers on the Net as they duke it out with the truth-squaders. In any intellectual combat, those who can support their arguments with facts are better armed. And guess what? The Internet gives us a new kind of arsenal. That might go against what you've been reading. A lot of journalists are discovering "hate speech" on the Internet -- racism, antisemitism, the whole vile package. It's the cover story for the current issue of Emerge, with the arresting image of a mouse cord tied in a noose. Such groups as the Simon Wiesenthal Center in California try to persuade publications to run stories on this loathsome trend, and they urge governments to drive those who spread messages of hate off the Net. [...] The on-line guest book at Nizkor is an evolving testament to the power of free speech. One visitor wrote: "As the child of survivors of the Holocaust I am particularly dismayed when intelligent and reasonable people are influenced by revisionist pap. I'm often frustrated to the point where I'd sooner tolerate censorship than the promulgation of neo-Nazi lies. Your work restores my faith in reasoned debate and the drive of honest people to find and spread the truth." Memo to the Founders: Thanks, guys. You got it right. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMeqQV5NcNyVVy0jxAQF8vAIAlGyi91nOxj1qhRN7GPXcChO9FOraJSc1 h/WyEC01HJj/W5uj51AxZbJIHjkz/eCcMb2AmjclfGeKIThrsSoY9A== =Olej -----END PGP SIGNATURE----- From sparksc at worldnet.att.net Mon Jul 15 22:03:57 1996 From: sparksc at worldnet.att.net (Charley Sparks) Date: Tue, 16 Jul 1996 13:03:57 +0800 Subject: Organized Crime Home Page - Four Horsemen, No Waiting Message-ID: <199607151936.TAA19063@mailhost.worldnet.att.net> >Well, with the UCMJ ( Uniform Code of Military Justice ) and the Oath >of Allegiance Military Personnel take on induction being re-written >to Support and defend the United Nations and to accept direct and >lawful orders from UN personnel, this doesn't surprise me.Soon, UN >Secretary-General Boutros Boutros-Ghali, or someone like him will >repeal more of the amendments to our constitution. First our guns, >then our code. > >I'll give up my pass phrase when > they pry it from my cold dead fingers ! Charley Sparks Booz Allen & Hamilton http://www.clark.net/pub/charley/index.htm Public Key Available From snow at smoke.suba.com Mon Jul 15 22:06:55 1996 From: snow at smoke.suba.com (snow) Date: Tue, 16 Jul 1996 13:06:55 +0800 Subject: Seek-and-Destroy In-Reply-To: Message-ID: On Mon, 15 Jul 1996, Declan McCullagh wrote: > Do NOT visit: > http://xxx.lanl.gov/seek-and-destroy > So of course I did. Very Interesting. Those guys *rock*. > The sysadmins for xxx.lanl.gov don't like robots visiting their web site, They also aren't real happy with PC's, Mac's, or Netscape. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From sparks at bah.com Mon Jul 15 22:23:54 1996 From: sparks at bah.com (Charley Sparks) Date: Tue, 16 Jul 1996 13:23:54 +0800 Subject: Someone can't read Message-ID: <2.2.32.19960715220408.006a9a2c@bah.com> -----BEGIN PGP SIGNED MESSAGE----- So, I'm a member of something anyway... could be worse... I could be a politician... being a geek, at least requires "some" brains !! {Snip snip } > >As I recall the NRC members in DC said, in *EXPLICITLY* rejecting >the "If only you know what we know..." mantra, that if there was >something the [NRC] did not know, it wasn't cuz that had not asked >everyone involved. (Or words to that effect) > >So it appears the Admin was withholding data from the Congress.... > > I have here in front of me, documented proof that there > are crypto-carrying members of the Cypherpunk Party... > > >-- >A host is a host from coast to coast.................wb8foz at nrk.com >& no one will talk to a host that's close........[v].(301) 56-LINUX >Unless the host (that isn't close).........................pob 1433 >is busy, hung or dead....................................20915-1433 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCXAwUBMeq/9+J+JZd/Y4yVAQGmHgQKAmooJ6NLnY3CF08TmYPOYvS9nDIMsYvL cLDC7wGPo1nnWFmGHVgJzalDJgip2gDQZUdt4i96kCy4E4w1epJxerVkJW0b2edY BF8HaZGLRlqDGNQIJwl+18gupV0g9DuchSiNgG5hodxrS8n/bLlRPGKeAKabKJY5 jvSyqR+tg6nUpA== =L5pp -----END PGP SIGNATURE----- > > From david at sternlight.com Mon Jul 15 22:43:41 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 13:43:41 +0800 Subject: Word lists for passphrases In-Reply-To: <199607150749.AAA07579@toad.com> Message-ID: At 12:45 AM -0700 7/15/96, Bill Stewart wrote: >At 09:43 PM 7/8/96 -0700, you wrote: >>If the purpose is for use with "Crack" or some similar program, it might be >>better than you would think. You won't get the "unusual" words, but you >>will also get the words in common usage that do not appear in dictionaries. >>(Such as fnord, jedi, killfile, and the like...) > >"fnord" is in _my_ dictionary - can't you find it in yours? :-) > > > >>Another thing to look for when choosing dictionaries/wordlists for crack is >>not sticking to english. If you have a userbase that is known to have a >>certain percentage of people of a non-english background, you will want to >>find lists of words from that background. (I had a sysadmin asking me about >>Yiddish and Hebrew wordlists for just that reason.) These can be a bit >>harder. (Especially for unusual languages.) > >Grady Ward has his Moby Words databases with some of this kind of information. >In addition to the usual sets of languages, it's useful to include any >available lexicons of Elvish, Klingon, Unix, and other popular >hacker-languages, It is pretty easy to defend against dictionary attacks by using an expanded character set--mixed caps and lower case; numbers substituted for some letters according to easily-remembered personal rules. "Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the "v" is a roman numeral 5. Another is the "Compuserve method" of inserting punctuation characters between words making up a password or key. Since the length of the words used is unknown to the cracker, this makes his job harder. That is--a dictionary which accomodates such things as the above will be pretty large. With the number rule, there would have to be 10 additional versions of the one-letter word, 10 versions of each leading character making up a two letter word, and then it starts increasing combinatorially. Might as well use brute force. David From maldrich at grci.com Mon Jul 15 22:47:47 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Tue, 16 Jul 1996 13:47:47 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607151636.MAA04446@jekyll.piermont.com> Message-ID: On Mon, 15 Jul 1996, Perry E. Metzger wrote: > > Eric Murray writes: > > When I called the Pac Bell customer service droids to get my "complete" > > blocking I asked them why they won't block CID to 800 numbers. > > Their answer: "that's just the way it works". > > There is a really easy reason for this. > > When you call an 800 number, the other guy gets billed. The person > that gets billed has a legal right to know the call details of a toll > call they are paying for. If you don't want them to know where you are > calling from, don't ask them to pay for it. Well put. I guess a lot of folks forget the basic premise of an 800 call. It's a non-operator assisted collect call and, _yes_, the calling party should know who's calling so they can decide if they want to take the call (yes, there are "out of service area" screening services already available for inbound 800 numbers). HOWEVER, ANI is available to anyone who wants to pay for it, not just those folks with inbound 800 service. Thus, I'd contend that there should be ANI blocking services, but that they should not be used against 800 numbers. This lack of anonymity via the phone service presents a disturbing precedent in terms of it being used as model for the Internet, particularly once "pay for it" services become more common. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From jimbell at pacifier.com Mon Jul 15 22:56:36 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 16 Jul 1996 13:56:36 +0800 Subject: Markoff on Clipper III Message-ID: <199607152221.PAA17923@mail.pacifier.com> At 01:30 PM 7/15/96 -0400, Mark M. wrote: >Nowhere in the Constitution does it say that firearms (or crypto in this case) >are a threat to national security. In fact, the second amendment explicitly >dictates that people have the right to own firearms. No, it says "arms," not "firearms." Firearms are a subset of "arms," which a nearby dictionary defines as "objects used as weapons." By that definition, chemicals and biologicals, as well as explosives of all sorts, are "arms." Jim Bell jimbell at pacifier.com From sameer at c2.net Mon Jul 15 22:56:55 1996 From: sameer at c2.net (sameer) Date: Tue, 16 Jul 1996 13:56:55 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EAB98B.3F54@netscape.com> Message-ID: <199607152318.QAA22448@atropos.c2.org> > Clearly I'm an idiot. The correct URL is: > > http://wwwus.netscape.com/eng/US-Current Not like that's tough to figure out. Congrats. It's cool to actually be able to connect to my webserver using real encryption. Glad the lawyers don't think Barksdale is going to jail anymore. -- Sameer Parekh Voice: 510-986-8770 Community ConneXion, Inc. FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From maldrich at grci.com Mon Jul 15 22:57:34 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Tue, 16 Jul 1996 13:57:34 +0800 Subject: Further Trends in Key Escrow? In-Reply-To: Message-ID: On Mon, 15 Jul 1996, Timothy C. May wrote: > > I'm watching a CNBC report about the NASDAQ market and proposed fixes to > certain alleged abuses about stock recommendations, bid-ask spreads, > brokers, etc. > > One of the "industry" proposals involving taping the phone calls of NASDAQ > brokers. (The proposal: 10% of all calls to customers would be recorded for > later review.) > Many phone calls are recorded already, not under the premise of law enforcement (or some sort of legal regulation), but under the notion of quality assurance. At what point does QA become "call escrowing" and does the SEC's regulatory powers make it so it can't "escrow" calls for quality assurance purposes? If Merril Lynch decides to record calls for QA purposes, can the SEC subpeona those "records" if it suspects illegal activity? If everyone's willing to patronize those businesses that record calls for "QA" purposes (I tried not to and then gave up since nobody else seemed to give a shit), will the SEC's quality assurance efforts be met with the same lack of care by the consumers? Or maybe they'll actually *LIKE* it. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From frogfarm at yakko.cs.wmich.edu Mon Jul 15 22:58:32 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Tue, 16 Jul 1996 13:58:32 +0800 Subject: (fwd) krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton Message-ID: <199607152224.SAA04880@yakko.cs.wmich.edu> [Anyone know more about this one? "Homonymous" in this context sounds a tad oily.] >From: mjk at reimari.uwasa.fi (Mika Koykka) Newsgroups: comp.archives.msdos.announce Subject: krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton Date: 15 Jul 1996 11:32:39 +0300 Lines: 82 Thank you for your contribution. This upload is now available as 60605 Jul 2 22:10 ftp://garbo.uwasa.fi/pc/crypt/krypt13i.zip : Date: Sun, 14 Jul 1996 15:10:55 -0500 : From: Enkryptonator : To: pc-up at uwasa.fi : Subject: krypt13i.zip Homonymous key encryption uploaded : : I mailed a previous Email today, but it contained a typo in the file name : uploaded. : this message contains no such typo. : : File name: : KRYPT13i.ZIP : Enkryptonator: Homonymous key encryption system. : Replaces: : KRYPT12.ZIP : Suggested Garbo directory: : crypt : Uploader name & email: : Richard Newton, enkrypt at flash.net : Author or author company: : Richard Newton : Email address: : enkrypt at flash.net : Surface address: : Box 866292 Plano Tx 75086 USA. : Special requirements: : Developed on MS-DOS 386 platform. : Math co-processor recommended, but not required. : Shareware payment required from private users: : Yes, but not from students. : Shareware payment required from corporates: : Yes. : Distribution limitations: : None : Garbo CD-ROM distribution allowed without extra preconditions: : Yes. : Demo: : No. : Nagware: : No, Displays none of the behavior described in your : instructions. : Self-documenting: : Yes. : External documentation included: : Yes, about 70Kb (unzipped). : Source included: : No. : Size: : 60kb zipped. : 10 lines description: : : Enkryptonator is a newly developed encryption system based on the : principles of homonymous key cryptography invented by Enkryptonator Co. : Homonymous key systems are an exiciting, new breakthrough, that solve : the 'key management' problem without resorting to 'public key' : cryptography. No more unwieldy, impossible to remember, binary keys. : Enkryptonator is easy to use. Because of Enkryptonator's unique design : no one who intercepts your encryption in an unauthorized manner can : decrypt your file -- even if he knows the key of encryption! Everyone : has a right to privacy and Enkryptonator will provide you a means of : securing your personal and private concerns from unwanted intruders. : : Long description: : : This is the 1.3 International Shareware version of Enkryptonator. : The international version will only allow a single key of encryption : in order prevent running a-foul of US export control regulations on : the export of encryption technology. : : Version 1.3 introduces a 5% speed improvement and minor changes in : messaging. Version 1.3 is incompatible with version 1.2 and version : 1.1. These are the only code changes. The most significant reason for : releasing 1.3 is to provide users with more comprehensive and updated : user documentation. ................................................................. Mika Koykka, mjk at uwasa.fi http://www.uwasa.fi/~mjk/ Moderating at garbo.uwasa.fi http://garbo.uwasa.fi/ FTP archives Computer Centre, University of Vaasa, Box 700, FIN-65101 Finland -- "Your wish is my command, if you know what's good for you, bitch." - William Shakespeare (Or perhaps it was his brother Fred who said that.) From maldrich at grci.com Mon Jul 15 23:01:11 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Tue, 16 Jul 1996 14:01:11 +0800 Subject: Opiated file systems In-Reply-To: <199607151158.HAA28540@unix.asb.com> Message-ID: On Mon, 15 Jul 1996, Deranged Mutant wrote: > > > - Facility for duress key, with the real data hidden in the unused > > space of the first encrypted drive. To increase the plausible > > Huh?!? > Hey, DM, don't laugh. I've gotten such requests before about crypto subsystems, including tokens with "protected" keys onboard. The idea is that there's a "duress key" or a "panic key" that, when entered, fools someone into thinking the process is working but, in fact, it's not working at all and it usually is doing something else (like scrubbing the hard disk, scrubbing the key PROM, or calling the police). I've worked at sites that have their electronic door locks rigged the same say. The way it works is, let's say a terrorist has a gun to your head and demands, "let me in the door or I'll blow your head off." Naturally, the Government doesn't want you to have to choose between dying and giving out the cypher lock combination (guess which one people choose in blind testing?), so you put in the "duress code." The door unlocks so the terrorist thinks that all is well. However, the alarm just went off over at the security substation and, in about two minutes, a heavily armed SWAT team will be arriving. Same for cypto keys, but with a different "payload" if the duress key is used. The data either gets "nuked" (Gosh, Mr. FBI Agent, I *thought* that was the right crypto key - sorry about destroying the hard disk), the keys disappear (damn! my fortezza card just zeroized again!), or the data appears to "decrypt" but it's actually phoney data that's been hidden somewhere or is 'hard-coded' into the program handling the duress key. The payload of getting false data out of a crypto algorithm, such that the data looks "real", when a duress key is input to the algorithm is not something that I've seen approached in any reasonable manner. Probably because it's just too damn hard and the notion of "real looking" data is a little hard to define scientifically. A combination stego/crypto solution may be more appropriate, but close examination of the box is going to reveal what happened (assuming the desired solution must withstand some protracted forensics?). The nuke_the_data or nuke_the_keys solutions are easier to do, and have been implemented in several situations of which I am aware. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From tcmay at got.net Mon Jul 15 23:31:35 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 16 Jul 1996 14:31:35 +0800 Subject: Word lists for passphrases Message-ID: At 5:33 PM 7/15/96, David Sternlight wrote: >It is pretty easy to defend against dictionary attacks by using an expanded >character set--mixed caps and lower case; numbers substituted for some >letters according to easily-remembered personal rules. > >"Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the >"v" is a roman numeral 5. Another is the "Compuserve method" of inserting >punctuation characters between words making up a password or key. Since the >length of the words used is unknown to the cracker, this makes his job >harder. > >That is--a dictionary which accomodates such things as the above will be >pretty large. With the number rule, there would have to be 10 additional >versions of the one-letter word, 10 versions of each leading character >making up a two letter word, and then it starts increasing combinatorially. >Might as well use brute force. In a "universe" of n-character passwords, whatever length n is, the use of English, German, Elvish, Klingon, whatever words can be looked as "galaxies." (That is, clusters in an otherwise uniform space.) Thus, "David" is one of the galaxies, and ""Da5id," "david," "Daphid," etc. are just some of the stars in this galaxy of "nearby" strings. Calculations of entropy and all. Be very careful. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Mon Jul 15 23:56:03 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 16 Jul 1996 14:56:03 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: <199607160001.UAA12295@unix.asb.com> On 15 Jul 96 at 9:58, Raph Levien wrote: [..] > Thanks to Dave for posting this URL. This is a _very_ important > document, and I would recommend that all concerned cypherpunks read it > carefully. Unlike many of its predecessors, it is clearly written and > quite upfront about the "administration's" goals. >From the document: "This framework will encourage commerce both here and abroad. It is similar to the approach other countries are taking, and will permit nations to establish an internationally interoperable key management infrastructure with rules for access appropriate to each country's needs and consistent with law enforcement agreements. [...]" With differing rules, I can't see how such a system can work. What happens when one country wants the keys from the citizen of another who is 'favored' by the other's government? (ie, say the US gov't wants keys that a drug cartel kingpin uses when he chats with the brother of the president of some other country...) And can one be sure that a country's LEAs request keys because a citizen is involved with 'organized crime', or is really a political activist of the unwanted kind? What's to prevent cooperation of the FBI with foreign LE's (such as in Russia) with looser search-and-seizure rules? Who is going to manage such systems? Private corporations in various countries? Will users have a choice as to which to use? (It would seem the institutions of some countries are less trustworthy than others for different people around the planet.) How many people would trust the UN? (ObHumor: I hear in the year 2000 the Olympics will have black helicopter races...) Global key management, even with universal rules, would seem unworkable. Managing BILLIONS of keys will involve a lot of complexity, in terms of locating keys, data integrity and preservation, authentication, etc. Methinks it's time for the administration to inhale... oxygen is good for the brain. I think the potential of import controls has a bit more hype than the admin makes it out to be. There's already a lot of strong crypto out there... so how much political strong-arming can the Admin do? I wonder how the Microsoft C[r]API fits in to this, since it mentions "export of cryptography-ready operating systems". Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From david at sternlight.com Tue Jul 16 00:11:17 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 15:11:17 +0800 Subject: Markoff on Clipper III In-Reply-To: <2.2.32.19960715184219.00827588@panix.com> Message-ID: At 11:42 AM -0700 7/15/96, Duncan Frissell wrote: >At 10:20 AM 7/15/96 -0700, David Sternlight wrote: >>At 3:50 AM -0700 7/15/96, Duncan Frissell wrote: >>>At 09:35 PM 7/14/96 -0700, David Sternlight wrote: >>> >>>>Did you miss the part in the Constitution about "provide for the common >>>>defence" >>> >>>That's a meaningless part of the Preamble. >> >>Anyone who thinks substantive parts of the Preamble are "meaningless" is >>deserving only of contumely. Perhaps you should review your high school >>civics course--you did have one of those, yes? >> >>David >> > >Welcome to the list. > >Yes my high school Civics class was good. So were my law school Con Law >courses. > >Yes, David I would say you practice "contumely" -- Rudeness or contempt >arising from arrogance; insolence. But then so do I. > >I'll say again, the Preamble speaks of the reasons the drafters of the >Constitution had for writing the thing, it does not set forth any powers of >the federal government. Goals not means. GAK is a means not a goal. Now that is a more useful and accurate statement than that substantive parts of the Preamble are "meaningless". As you must know from your Con Law classes, legislative intent is an important element of many Supreme Court decisions, and the Preamble is certainly as crisp and classical a statement of legislative intent as one can find. The specific point, of course, wasn't GAK but the silly dispute by one of our beloved nit-pickers of the assertion that the President took an oath to protect national security. By inclusion in his oath to defend the Constitution, given the bits I cited, he effectively did. Best; David From adam at homeport.org Tue Jul 16 00:16:30 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 16 Jul 1996 15:16:30 +0800 Subject: d.Comm: Your Login Information (fwd) Message-ID: <199607160133.UAA25165@homeport.org> password, limited to 8 characters is "cypherpu" Has anyone set a psuedo-standard for these things? Adam ----- Forwarded message from hotlists at d-comm.com ----- Login: cypherpunks Passwd: 107084 URL: http://www.d-comm.com/ Note: If you wish to change your allotted password, Password management is available at : http://www.d-comm.com/s-bin/hl_passwd ----- End of forwarded message from hotlists at d-comm.com ----- -- "It is seldom that liberty of any kind is lost all at once." -Hume From jsw at netscape.com Tue Jul 16 00:19:31 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Tue, 16 Jul 1996 15:19:31 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EAB98B.3F54@netscape.com> Message-ID: <31EAE59C.1074@netscape.com> sameer wrote: > Glad the lawyers don't think Barksdale is going to jail anymore. We received written permission from the State Department for our download verification mechanism. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From steven at knoware.nl Tue Jul 16 00:19:38 1996 From: steven at knoware.nl (Steven Seyffert) Date: Tue, 16 Jul 1996 15:19:38 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: <199607152349.BAA14860@utrecht.knoware.nl> ---------- : From: bryce at digicash.com : To: David G.W. Birch : Cc: Multiple recipients of ; cypherpunks at toad.com : Subject: Re: #E-CASH: PRODUCT OR SERVICE? : Date: maandag 15 juli 1996 15:36 : : : -----BEGIN PGP SIGNED MESSAGE----- : : I think it would behoove us all to clarify our terms. I call : Ecash(tm) coins "electronic cash" for several reasons. Ecash(tm) : has all of the following characteristics in common with : conventional cash, in descending order of importance: : : : 1. Unforgeability. Ecash(tm) coins have intrinsic value : because they are cryptographically impossible to forge. : forgery is possible in 'real life' and is possible in 'virtual life'(another discussion wright there). It all depends on the amount of control and need of insider knowledge to be able to crack a system. The existence of a system is defined by the possibility of a crack. : : : 2. Finality. Payments are cleared on the spot. No outstanding : payment obligations remain after a purchase. : You are from digicash aren't you? Isn't this the dutch experiment on Ecash?(could be wrong there). I've been asking around and it seems digicash is one system whilst it becomes more and more competitors(for example www.digipass.com). The main difference I've heard is the one about argument between customer and bank about the amount of money that was transferred from bank to ecash to the E-store. Digipass seems to be working with a code generator that includes the amount parameter in the algorythm that generates the code that is send back to the bank or whatever. : 3. Bi-directionality. Payers and recipients use the same : software and the same protocol. It is not necessary for : recipients to be specially trusted by the bank or by the payers. : The fact is, I think, that some major battle is going to take place on the grounds of ecash. We're going to have quite a lot of protocols and software used within different conglomerates of company's. Only time will decide with which protocol we are going to buy our pizza's. : 4. Privacy. The privacy of Ecash(tm) payers is mathematically : unconditional. : Just like the privacy of e-mail and the independance of the WWW once was. : 5. Composability. You can make large Ecash(tm) payments out of : a collection of smaller Ecash(tm) coins. This is in contrast to : a check-based system where you typically draw a check for the : exact amount and transfer only a single check. : You're wright, though I always seem to end up with fewer money than I thought I had at the beginning of each month : 6. Small payments. Ecash(tm) coins are cheap enough to use : that they are practical for small payments. : : (As a note, I do not use the word "micropayments" here, because : I am beginning to think that a good technical definition of : "micropayments" is "payments whose value is less than the cost : of using current electronic coins". This qualifies schemes like : Shamir's and disqualifies, well... current electronic coins.) : : : There might be other angles we should talk about here. : : : I think that the first quality is the defining one, technically. : : : So, could a knowledgeable person e.g. Mr. Birch tell us why : Mondex should be considered to be "electronic cash"? : : : And similarly I would like to hear an informed opinion about : why Ecash(tm) should not be considered "electronic cash". : I tend to agree that Ecash(tm) would be even _more_ cashlike : if it were cleared off-line, but I don't consider that : difference very fundamental. (_Any_ digital money based on : our current understandings will have to be cleared at a : central clearer eventually, since digital information is : perfectly copyable.) : : : Thank you for your correspondance. : : : Regards, : : Bryce : : Ecash 2.x Team : : : : -----BEGIN PGP SIGNATURE----- : Version: 2.6.2i : Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 : : iQB1AwUBMepI/UjbHy8sKZitAQEiJwL/VnpQEHL1rOQ6Hm9JIEgAfCGjSKOPaIiC : Jp7EVjvPoFYEsQAS4iUWybNLpxi/23uaqpXMCSNMrEwqd8WeC5ZSISldIEK/BnYE : 2bULeAeMhIqm92bP6o64ok1NBGPfvK5X : =ANO4 : -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Tue Jul 16 00:21:29 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 16 Jul 1996 15:21:29 +0800 Subject: Hardware RNG Message-ID: <199607160009.RAA28737@toad.com> > Got a geiger counter plugged into the game port Cool. As other people have noted, the game port may do timing things that can degrade the quality of your random numbers a bit, so don't use too many bits per sample unless you really understand its behaviour. > Weak radioactive source next to it (dont worry wont fry you) > Use a PRNG string to do create an RC4 S-box > Cycle through the S-box in a tight loop, each time checking to >see if the geiger counter got a hit, if it did, record that number in >the S-box as our first byte, do this 100 times, and we have 100 random >numbers. Other people have also commented that this is bad, unless you can show that the math behind it works well and usefully. >any thoughts? It seems to work well, no basic stat analysis reveals any >pattern, and physicists have backed me up on radioactive decay being >'the great randomizer'. The real randomness you have is from the radioactive decay intervals, plus or minus any gain from the game port hardware. No need to muck that up with RC4, especially in ways that may add predictability. Be very careful with statistics - if something's grossly skewed, the usual tests will pick it up, but they can't tell if there's a mathematical way for somebody who knows data point N to predict point N+1. If you look at the output of your geiger counter system, you'll probably see a roughly exponential distribution of time intervals between hits (which is the result of uniformly distributed events like radioactivity) modified a bit by your game port behavior (e.g. the times may all be multiples of 1ms or 17ms.) You can extract decent random bits from this by inverting the distribution; if you want really high quality randoms, at lower resolution, you can do something like pick two samples and return 0 or 1 depending on which one is shorter - especially useful if you don't trust the game port. Your generator can't give you more real bits than that; the RC4 just obfuscates it, makes it harder to evaluate the real strength, and evens out the distributions. You could still crunch the bits through MD5 or something, but only use as many bits of output as you're sure the generator is really giving you. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Re-delegate Authority! From maldrich at grci.com Tue Jul 16 00:31:11 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Tue, 16 Jul 1996 15:31:11 +0800 Subject: Sternlight on C'punks In-Reply-To: <199607151701.KAA00537@mail.pacifier.com> Message-ID: On Mon, 15 Jul 1996, jim bell wrote: > >This post is a courtesy to others who may have been expecting more. > > It's not that we're expecting more...it's just that we're hoping for BETTER. > > >It's a > >one-time statement to this list, which I've just joined, of my current > >practice: Silence does not constitute assent. > >David > > Well, that's where you're confused. Our positions are not morally > equivalent. Despite trying to hide behind the smokescreen of calling the > government's GAK position "voluntary," we all know that they are trying to > misuse their influence to gently force us to use GAK, if by no other means > that forcing the taxpayer to pay for the system as they have done already. Geezzzz, here we go.... One of the blessings of c'punks was that it was not 'worthy' of the time of several professional flame-baiters who are fairly well-known on the 'Net, in particular, David Sternlight. Now, however, that seems to have changed. If everyone thought things were weird around here with Detweiler, just wait until you see DS's stuff.... Aside from the now-infamous "Who is David Sternlight, REALLY?" and "Who does Sternlight REALLY work for" multi-generational, gigabyte-consuming, bandwidth-devastating threads [search usenet archives for several YEARS worth of traffic on these subjects] that have already graced the Internet (note that Sternlight actually had his OWN usenet newsgroup), there's the fear that DS will start a flame thrower exchange with anyone, regardless of topic. AND, he'll keep posting about it. Relentlessly. After seeing what happened to sci.crypt (it was essentially wrecked for anyone without killfile capability), I'd caution the c'punkers (particularly the more vocal ones) to NOT TAKE THE BAIT. It's only natural that Perry, Jim, and the others be the first to take exception to DS's stuff. It's probably only going to get worse as DS is the consummate flame king and he is at least as relentless as Detweiler. God bless 'em, but it's time to add another line to the c'punks net.loon warning file. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From tomw at netscape.com Tue Jul 16 00:54:45 1996 From: tomw at netscape.com (Tom Weinstein) Date: Tue, 16 Jul 1996 15:54:45 +0800 Subject: US versions of Netscape now available Message-ID: <31EA98B6.446B@netscape.com> The US versions of Netscape Navigator 3.0 beta 5 and FastTrack Server 2.0 are now available for download. Obviously, this is only available to US citizens or permanent residents. You can get it from http://wwwus/eng/US-Current/ There's only one machine serving this stuff right now, so please be patient if it's slow or you have a hard time connecting. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From tomw at netscape.com Tue Jul 16 00:59:20 1996 From: tomw at netscape.com (Tom Weinstein) Date: Tue, 16 Jul 1996 15:59:20 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EA98B6.446B@netscape.com> Message-ID: <31EAB98B.3F54@netscape.com> Tom Weinstein wrote: > > The US versions of Netscape Navigator 3.0 beta 5 and FastTrack Server > 2.0 are now available for download. Obviously, this is only available > to US citizens or permanent residents. You can get it from > http://wwwus/eng/US-Current/ Clearly I'm an idiot. The correct URL is: http://wwwus.netscape.com/eng/US-Current -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From nozefngr at apple.com Tue Jul 16 01:18:50 1996 From: nozefngr at apple.com (Christopher Hull) Date: Tue, 16 Jul 1996 16:18:50 +0800 Subject: CookieScan 0.0 rev 0 Message-ID: <199607152332.QAA14438@apple.com> Do y�all think there might be an interest in a utility which would allow the user to deal with browser cookies? What I imagine is a little utility that would display the cookies stashed on a machine and give the user the option to either delete or edit any given cookie. (Hey, it�s *your* computer, not the website�s). This little app would also come with help text explaining what a cookie is (and is not). In future it might run in the background and alert the user when a cookie is being dropped and the user could give or deny permission (Netscape 3.0 will do this as well). As it is an �anti-virus� type product it would be offered for free. I could just stick it up on Apple�s (or Netscape's) website when finished. Do any such utilities currently exits? -Chris ... ... smtp: nozefngr at apple.com .. page: 1.800.680.7351 .. http: http://virtual.net/Personal/nozefngr/ .. icbm: lat37*21'.lon121*5' .. .. the kabuki project: http://remarque.berkeley.edu/kabuki/ From aba at dcs.ex.ac.uk Tue Jul 16 01:20:38 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Tue, 16 Jul 1996 16:20:38 +0800 Subject: Opiated file systems In-Reply-To: <199607151158.HAA28540@unix.asb.com> Message-ID: <199607152049.VAA00313@server.test.net> Rob writes: > > Some more thoughts on encrypted file system design criteria. > > A wish list: > > > > - Choice of secret key encryption algorithms (IDEA, 3DES, MDC, Blowfish) > > Nice in theory. Awful in practice. Requires code for managing keys, > encrypting and decrypting for ea. algorithm be resident in memory. No need to have all the code in memory, I think you ought to be able to keep the code in an overlay, or something of that nature. > For some systems (MSDOS), free memory is at a premium... (one of the > reasons SecureDrive is popular is because it takes only 2.5k). It's > not worth wasting memory for handling several algorithms when only > one is going to be used in most cases. I take your point about memory consumption under DOS, though presumably it would be possible these days to load data high. I think SFS supports this for instance. > [...] > > > - High performance (hand optimised assembler for each architecture) > > So much for maintaining code across platforms. Only the secret key algorithms, 80x86 code would be the highest priority coz they're the slowest (well the old ones are). You're going to need very OS specific code for the low level parts of the file system anyway. > > - Compression > > Not worthwhile. Use a Stacker or JAM driver over the encrypted > partition on a PC, for instance. Keep compression and crypto > separate utilities... keeps bugs from one interfering with another > and reduces complexity of both drivers; also, if one wants crypto > w/out compression or compression w/out crypto, no wasted memory (see > above about RAM being at a premium). One of the requirements some earlier posters gave was that they would like to be able to accesss the same data with different OSes (the example was to access the same partition with linux,win95, and winNT). Double space isn't available for unix. (There was a read-only version for linux, but this seems to be currently unmaintained.) So one reason to include a compression module would be for portability of data. I agree with your points about separating concerns and keeping crypto and compression reasonably separate to keep bugs in compression code having the potential to affect crypto code. It would probably be prudent to use OS segment protection, and page locking to protect crypto code and data from being accidentally overwritten, and written to swap respectively. > > - Ability to chain algorithms (IDEA and then 3DES for example) > > Why? Doesn't necessarily increase security, esp. considering the > performance hit (memory... see above, time, key management). Hmm, say that you were using MDC with md5 as the hash (before Dobertin's recent pronouncements, naturally no one would do this now), if Dobertin comes through with the general case you might wish you had combined it with 3DES... For the paranoid only, but a nice option I think, > [uncontenious stuff] > > - Facility for duress key, with the real data hidden in the unused > > space of the first encrypted drive. To increase the plausible > > Huh?!? Encrypted filesystems are for hiding data from other parties. If your threat model includes law enforcement such a feature would be most useful. You would have data which you would not mind agents obtaining, and have the "real" data hidden in a second file system. When you are supeonaed for your key, you reveal the 1st file systems key. That key does not reveal anything about the 2nd partition, not even it's existance. The second file system would be hidden in the blocks not used with the 1st file system. To access the 2nd file system you would need to tell the file system driver the keys for both file systems -- the 1st key so that it could find which were the unused blocks in the 1st file system, the 2nd key for access to the hidden file system. > > deniability all unused blocks within a file system should be filled > > with garbage, so that it is not possible to tell if there is more > > data there. > > If the algorithm is good, this shouldn't matter. The only way a > person could tell if a sector is unused is if that person was able to > mount the partition already. Yes, that's the idea -- your 1st key has been supeoned is the threat model. > > - File system steganographically hidden in files on another file > > system (encrypted or not). Support for a wide selection of file > > formats (Aiff, Wave, Midi, JPEG, GIF, RGB, MPEG). > > Now this is getting nutty!!! Never mind the size, 4 gig disks are cheap these days > compleixty and amazing slowness of such a driver... you'd have to > have audio or video files of gigabytes in size to be able to store > anything of use. Indeed you would. So? > > - Ability to use stegoed file system in files on an unencrypted > > file system, and boot from a floppy to access stegoed file system, > > with no other traces left on hard disk. > > Why? The authorities would wonder why you have an 8 Gig JPG on your > disk and figure you're using it for stego, or you're crazy, or both, > and have you committed. Nah, you'd buy some video editing equipment, perhaps a photo-CD recorder, start a business doing photo-retouching (I know someone who does this btw, they use DAT tapes just to shift the Gbs they get through), video editing, whatever. All quite plausible. Adam -- only quiche eaters need ritalin... From alanh at infi.net Tue Jul 16 01:22:17 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 16 Jul 1996 16:22:17 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607150749.DAA25917@mh004.infi.net> Message-ID: > There are businesses that _only_ list their 800 numbers, and you can't > find out the real phone number associated with them through directory > assistance. I'll leave it to others to call such a joint and give their name, address, and credit card number to such an establishment. > It's especially annoying when they've got an in-state or other non-nation-wide > 800 number, or when you're calling from outside the US, especially when > they're a business you'd like to be able to reach from anywhere, any time, > like the travel agent your office uses Your straining my credulity to claim that you can't get ahold of the regular phone number of them. Come on, are you 7 years old? > And they may _only_ have > the bank of phones that's got ANI service on it, and not have other phones. I don't think phone service is sold that way. From m1tca00 at FRB.GOV Tue Jul 16 01:47:29 1996 From: m1tca00 at FRB.GOV (Thomas C. Allard) Date: Tue, 16 Jul 1996 16:47:29 +0800 Subject: ViaCrypt pgp v.4 Message-ID: <9607151952.AA18873@bksmp2.FRB.GOV> Well, my site just got ViaCrypt pgp version 4 (Personel Edition) and it was the first I'd heard of it. None of my utilities that worked with the old ViaCrypt pgp 2.7.1 seem to work under version 4 (the script that checks signatures dies, as does the exmh interface which can no longer find my personal keys). I assume that these are mostly due to changes in the command-line options, although I can find no list of what exactly has changed. But my REAL question is will this version of pgp be compatible with the international versions? If not, I'd just assume revert to pgp 2.6.2 from MIT. rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, it doesn't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D From hfinney at shell.portal.com Tue Jul 16 01:53:42 1996 From: hfinney at shell.portal.com (Hal) Date: Tue, 16 Jul 1996 16:53:42 +0800 Subject: How I Would Ban Strong Crypto in the U.S. In-Reply-To: Message-ID: <199607151920.MAA08142@jobe.shell.portal.com> Raph Levien writes: >4. Thus, the best leverage for the TLAs to win is to guide the >development of a key management infrastructure with the following >property: if you don't register your key, you can't play. I believe that >this is the true meaning of the word "voluntary:" you're free to make >the choice not to participate. >5. This is _important_. If you can't get the keys for your >correspondents, you can't use encryption. If they build a key management >infrastructure that actually works, people will use it. There has been some discussion at the last couple of crypto conferences about possible ways around this plan. (I guess the idea goes back at least a year or two.) One idea is to register a 2048 bit public key. You have to give the secret key to the government in order to use the registry. But what you do is to create a second key and embed it in the first. It is, say, a 1024 bit key which is the lower half of the 2048 bit key. It has different secret factors that nobody but you knows. Then when people send you messages they encrypt using this modulus rather than the official one. You get the benefit of the government-sponsored key certificate infrastructure, but the government is not able to crack your communications. The discussion at the crypto conferences has centered on how to design key systems which don't have this "subliminal key" property, where it is impossible to create pairs of keys such that publishing one reveals the other. I think they were looking at some of the discrete log systems since in RSA it is pretty easy to do what I have described above. You just create the 1024 bit key first, at random, then choose the 2048 bit key so its modulus matches the 1024 bit key in its low bits. This is the same basic method as the so-called "dead beef" attacks against PGP key ID's which were published earlier this year. So it will be interesting to see whether any government sponsored PK infrastructure takes care to avoid subliminal keys. Hal From cynthia at usenix.ORG Tue Jul 16 01:59:39 1996 From: cynthia at usenix.ORG (Cynthia Deno) Date: Tue, 16 Jul 1996 16:59:39 +0800 Subject: Practical Solutions at USENIX SECURITY Symposium Message-ID: <199607151926.MAA00283@usenix.ORG> The 6th USENIX Security Symposium - Focusing on Applications of Cryptography - is coming to San Jose. You may want to attend. July 22-July 25, 1996 6TH USENIX SECURITY SYMPOSIUM Fairmont Hotel, San Jose, California Sponsored by the USENIX Association Co-sponsored by UniForum in cooperation with the Computer Emergency Response Team There will be refereed papers, panel presentations, invited talks, Birds-of-a-Feather sessions, and an informal Vendor Display. The symposium is offering two days of tutorials. Tutorial speakers include Ed DeHard, CERT; Dan Geer, Open Market; Jon Rochlis, BBN Planet; Marcus Ranum, V-One; Matt Bishop, UC Davis; and Bruce Schneier, Counterpane Systems. Practical solutions to UNIX security will be dissected, debated, and refined. New research on public key issues, electronic commerce, safe working areas, and secure communication. There will also be sessions on the latest version of Pretty Good Privacy (PGP), Internet Firewalls, and the C2Net Privacy model. Tutorial topics include: Implementing Cryptography; World Wide Web and Internet Security; Comparison of UNIX Security Tools; and Security for Software Developers. UniForum has organized a track especially for managers. It offers a comprehensive overview of computer security as it relates to open systems from a manager's perspective. The UniForum panel sessions cover: Security and Privacy; Electronic Commerce; Cryptography Infrastructure; and Cryptography and the Law. Admission is free and open to the public for the small, table-top Vendor Display taking place Wednesday July 24, Noon - 2:00 pm and 3:00 - 7:00 pm in the Fairmont Hotel. Call Cynthia Deno 408 335 9445. Complete program and registration information is available on the USENIX home page on the Web at http://www. usenix.orgemail or email to info at usenix.org (state "send security conference" in body of your message). /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/- | Cynthia Deno | USENIX | | Tel: 408 335 9445 | The UNIX and Advanced Computing Systems | | Fax: 408 335 5327 | Technical and Professional Association | | cynthia at USENIX.org | | | Check out USENIX on the Net..........http://www.USENIX.org | /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/- From iang at cs.berkeley.edu Tue Jul 16 03:23:19 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Tue, 16 Jul 1996 18:23:19 +0800 Subject: DES & IDEA built right into the Linux kernel... In-Reply-To: Message-ID: <4se8do$dlp@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <199607130507.WAA25103 at myriad>, Anonymous wrote: >> Nicholas Leon has created tools that allow DES >> and IDEA encryption at the device level for the Linux kernel. Some of >> the patches are in the 2.0.4 kernel, and the rest can be found at >> >> http://www.binary9.net/nicholas/linuxkernel/patches/ > > >Yep, you can mount encrypted files or partitions as filesystems. (sorta >like securedrive/securedevice for messydos.) Nifty stuff... Except that last I checked (2.0.6) it was completely insecure. The DES-encrypted filesystem ignored your password and always used a key of all 0's (which is a weak key in DES, to boot). I've been touching it up to do DES and IDEA _right_ (CBC mode within each block, IV based on block number), and plan to put in some simple stego as well. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMeqk5EZRiTErSPb1AQEbdwQAl/ZyhK+ZczFnfUFm9wVNGAq9MBSGNmZc t1xS2G6urjit3IvHn0ZYSCzkwUj00Hun4FLdFkp0i45M2PWGSJMZtr/Mx7Xua9yr 2uw1p3bN1iId8JrQOGuo1aCTm8rTUh30OW2cL+jPM+RBWgLGg9YcBUQzO7OLoqeM xpROxmPL8CI= =pezJ -----END PGP SIGNATURE----- From david at sternlight.com Tue Jul 16 04:20:47 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 19:20:47 +0800 Subject: How I Would Ban Strong Crypto in the U.S. In-Reply-To: Message-ID: At 7:03 AM -0700 7/15/96, Michael Froomkin wrote: >On Sun, 14 Jul 1996, Timothy C. May wrote: > >> So, who is in this "emerging consensus"? >> >Foreign governments? >(Process of elimination, not inside info...) Perhaps. And the vast inside-the-Beltway policy community, most of whom are more like Dorothy Denning than Tim May. And the vast business community that prefers automated escrow in standard systems. What I mean by that is software or chips automatically escrowed to, say, Price Waterhouse. Business is comfortable dealing with such firms in a trusted relationship, and such firms will honor a valid court order to produce records or the equivalent--a probable cause court-order for a wiretap. It really depends on how the issue is presented. If it is presented as preserving law enforcement access, escrow follows. The problem is that like the nose of the camel, each new piece of legislation establishes a new status quo baseline of principle from which to argue, and though we all kicked and screamed about it here, the new baseline is the Digital Telephony Act. As for the only counterargument to the above, that bad guys aren't going to use escrowed systems, nothing is perfect, goes the argument, and the FBI has caught plenty of bad guys who presumably should have known better, via wiretaps. If you look into it, you will find that most people with criminal minds don't expect to get caught. Given the nature of this group it perhaps needs saying that the above is a competitor analysis, not an argument nor my own position on mandatory domestic key escrow. I'm agin it. David From tangent at alpha.c2.org Tue Jul 16 04:44:08 1996 From: tangent at alpha.c2.org (Tangent) Date: Tue, 16 Jul 1996 19:44:08 +0800 Subject: Encrytions over multiple platforms Message-ID: <199607160330.UAA17949@infinity.c2.org> Does anyone know of a hard-drive/partition encrytion program that has been ported to both DOS and Linux/UNIX based systems? I am searching for a system that, obviously, allows both reading and writing of secure/encrytped data. You help will be greatly appreciated. -- Tangent From jsw at netscape.com Tue Jul 16 04:45:00 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Tue, 16 Jul 1996 19:45:00 +0800 Subject: CookieScan 0.0 rev 0 In-Reply-To: <199607152332.QAA14438@apple.com> Message-ID: <31EAE914.5336@netscape.com> Christopher Hull wrote: > What I imagine is a little utility that would > display the cookies stashed on a machine and > give the user the option to either delete or > edit any given cookie. > (Hey, it�s *your* computer, not the website�s). I doubt that you will have much luck here. Many (most??) sites that use cookies tend to encode or obscure them so that they are not human readable. Certainly anyone doing something questionable will obscure their cookies so that they will not be user readable or editable. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From geeman at shellx.best.com Tue Jul 16 04:45:15 1996 From: geeman at shellx.best.com (geeman at shellx.best.com) Date: Tue, 16 Jul 1996 19:45:15 +0800 Subject: (fwd) krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton Message-ID: And all those fools like Diffie and Rivest, Shamir, Adelman, etc, well I guess they missed the boat big time by missing this, huh? Hint: misplaced commas, are always a tipoff to, uhhhhh ... less than stellar shall we say, intellectual bona fides. Boy I'm sure glad I don't have to remember those orney key anymore! : Enkryptonator is a newly developed encryption system based on the : principles of homonymous key cryptography invented by Enkryptonator Co. : Homonymous key systems are an exiciting, new breakthrough, that solve : the 'key management' problem without resorting to 'public key' : cryptography. No more unwieldy, impossible to remember, binary keys. : Enkryptonator is easy to use. Because of Enkryptonator's unique design : no one who intercepts your encryption in an unauthorized manner can : decrypt your file -- even if he knows the key of encryption! Everyone : has a right to privacy and Enkryptonator will provide you a means of : securing your personal and private concerns from unwanted intruders. From jf_avon at citenet.net Tue Jul 16 04:48:39 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Tue, 16 Jul 1996 19:48:39 +0800 Subject: Why was blocked. Message-ID: <9607160301.AB00207@cti02.citenet.net> -----BEGIN PGP SIGNED MESSAGE----- On 15 Jul 96 at 21:28, Anonymous Remail Service wrote: > >On 13 Jul 96 at 22:22, root at mail.demon.net wrote: > > > >Could you please explain me why my message was blocked? > > Because you're an asshole? Why in the world would you ask the > entire fucking cypherpunks list, instead of just > root at mail.demon.net, to "please explain me[SIC] why my message was > blocked?" You are constantly harassing, so you were blocked. Deal > with it. me Dear flamer, Obviously, you did not learn to read. Go back to school. I asked the root at mail.demon.net to explain why I was blocked and I asked CPunks to reply to the post "below", which was my original question. What I asked on the CPunks list was the following: Is the fact that a realdeal.exe /per (wiped with zeroes) processed drive weakens the idea encryption of a Secure Drive 1.4a'ed drive? So, dear anonymous coward, go to hell. Jean-Francois Avon - -- DePompadour, Societe d'Importation Ltee Limoges porcelain, silverware and crystal JFA Technologies R&D consultants: physicists technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: PGP Public key: http://w3.citenet.net/users/jf_avon iQEVAgUBMeqeosiycyXFit0NAQFgbQgAnsRkMewRP8VezehwytWIcIKh/ty2UVQo /rh8BhUW+VePXCpL1rudLzr9ZWaq6akPTkpA5HHmDLARGMw2fu/0ZSuS/OSlGgz6 sKSXbKtTHqVCn+mOvpl2+lBD5bt4LTIoanY9a/uQ6rt5pZG9B4m5ztyM945vY62C QVyfvqEh1c2Iqbbud9BmeLnmAoaM0cXQJdeyhOerZ/38k+2/sUXOWtVlz3h1Rf6g 3SptAJ9wdsbdDPBuy0AC3MIQHiTgGAClDDOZAbsIB3v4NapqedktdcyGXQj9XKpF O6qn6rEnWhek0JrDVFBwyXbXu9JgQfqNetd7a5jvDM57bxBIpifA4A== =1T1A -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Jul 16 04:57:21 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 16 Jul 1996 19:57:21 +0800 Subject: Can't block caller ID in Massachusetts? Message-ID: At 19:37 7/15/96, Alan Horowitz wrote: [...] >> It's especially annoying when they've got an in-state or other >>non-nation-wide >> 800 number, or when you're calling from outside the US, especially when >> they're a business you'd like to be able to reach from anywhere, any time, >> like the travel agent your office uses > > Your straining my credulity to claim that you can't get ahold of the >regular phone number of them. Come on, are you 7 years old? How do you get a hold of the phone number if you don't know the location of the company, they aren't on the net, and don't have the US phone numbers CD-ROM handy? I am 33 and have yet to figure this one out... -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From markm at voicenet.com Tue Jul 16 05:16:17 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 16 Jul 1996 20:16:17 +0800 Subject: Clueless "Attachment converted" uses In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 15 Jul 1996, David Sternlight wrote: > At 6:01 AM -0700 7/15/96, Simon Spero wrote: > >On a very similar note - could people who are using clear-text PGP > >signatures with mime use text/... instead of application/...; that way > >people without pgp will see the message text without having to mess with > >their mailcaps (that's the way text/* is supposed to work) > > It's kludgy, I agree, but that's the way the example PGP translator for our > mailer that some of us are using works right now. If someone rewrites that > part of it, I'm sure we'd all be happy to switch. Dunno if there's an easy > patch with ResEdit. (It's for the Mac.) I think Simon was referring to the obsolete draft that defined the content type "application/pgp". The multipart/signed content type, IMHO, is hardly kludgy and is the best way to MIME encapsulate data. "Application/pgp" is definitely kludgy. BTW, those of you who do use PGP/MIME signing software should tweak the configuration a bit so there isn't an apostrophy in the MIME boundary. This makes it very difficult to verify the signature using metamail and possibly other MIME interpreting programs. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMerp+7Zc+sv5siulAQHm1gP8CnOUcwZfaQNMU0pZCo3k2efQTsfQaNGJ pjp3/ZycF3woyT8AST+fTqJjJrmFjJ5OLmqld3phzRJ8ANk7hHJzLQ+Sef9pwDl/ n1df6Tg8crtrxPfPSF6JR9XDGEjpbBqWBsxlH9T4aA1Ra7d78DC3sUvRzhCQWOnz dlgL/3aV4Bg= =Y9TP -----END PGP SIGNATURE----- From david at sternlight.com Tue Jul 16 05:28:39 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 20:28:39 +0800 Subject: Markoff on Clipper III In-Reply-To: <2.2.32.19960715184219.00827588@panix.com> Message-ID: At 11:42 AM -0700 7/15/96, Duncan Frissell wrote: >Yes, David I would say you practice "contumely" -- Rudeness or contempt >arising from arrogance; insolence. But then so do I. That's not what my dictionary says, and what I said was that your message deserved it. Watch closely--there are some subtle distinctions between what you claim and what my dictionary says. Contumely is "harsh language, arising from haughtiness or contempt". In the case of your message, the harsh language it deserves arises from contempt for the way you said what you said. Harsh language need not be rude, and arrogance and insolence don't enter into my dictionary's definition (Merriam Webster's Collegiate Dictionary, Tenth Edition). Finally, saying that it deserves contumely is not itself using harsh language but rather is a fairly polite form of derision. Had I heaped contumely on it, that might have been using harsh language. I didn't, because that would have been counterproductive. Thus your accusation is invalid, despite your attempt to soften it with the "me, too". Ain't educated rhetoric grand. David From jti at i-manila.com.ph Tue Jul 16 05:43:43 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 16 Jul 1996 20:43:43 +0800 Subject: Home Made Telephone Voice Changer Message-ID: <01BB732D.FCFA3840@ip134.i-manila.com.ph> I am not sure if this area is right for asking information on how to make home made voice changer for telephones... If anyone know, please share. Thanks! From nozefngr at apple.com Tue Jul 16 05:44:36 1996 From: nozefngr at apple.com (Christopher Hull) Date: Tue, 16 Jul 1996 20:44:36 +0800 Subject: CookieScan 0.0 rev 0 Message-ID: <199607160116.SAA24413@apple.com> >Subject: Re: CookieScan 0.0 rev 0 >Sent: 7/15/96 4:57 PM >Received: 7/15/96 6:01 PM >From: Jeff Weinstein, jsw at netscape.com >To: Christopher Hull, nozefngr at apple.com >CC: cypherpunks at toad.com > >Christopher Hull wrote: >> What I imagine is a little utility that would >> display the cookies stashed on a machine and >> give the user the option to either delete or >> edit any given cookie. >> (Hey, it�s *your* computer, not the website�s). > > I doubt that you will have much luck here. Many (most??) sites >that use cookies tend to encode or obscure them so that they are not >human readable. Certainly anyone doing something questionable >will obscure their cookies so that they will not be user readable >or editable. > I agree. Editing is problematic. It would be difficult to decode intentionally hidden information. The user may suspect strange and not obvious stuff in a site's given cookie. Then what may happen is the user will "vote with their mouse" and stop using a site that encripts cookie data (or perhaps not). In any case the user will at least have the knowledge that the cookie exists. Those that do not encrypt may provide other interesting information. -Chris ... ... smtp: nozefngr at apple.com .. page: 1.800.680.7351 .. http: http://virtual.net/Personal/nozefngr/ .. icbm: lat37*21'.lon121*5' .. .. the kabuki project: http://remarque.berkeley.edu/kabuki/ From thad at hammerhead.com Tue Jul 16 05:44:43 1996 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Tue, 16 Jul 1996 20:44:43 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: <199607160436.VAA15790@hammerhead.com> I agree with Raph's analysis, that for something like RSA encryption to work, you need to have a strong public key infrastructure, and that the Gov't could probably build one that people would use; and that would destroy their privacy. My prediction, though, is that because Diffie-Hellmann loses its patent protection so soon, in just over a year now, that RSA, or any persistent-key system, will not tend to be used for e-mail, phone conversations, or other types of communication; for D-H, no infrastructure need be in place. Now, it's true that you can't use D-H for authentication, and that is a tremendous disadvantage. Still, you could use the established gov't PKI to do the authentication, and use D-H for the exchange of keys. thad -- Thaddeus Beier thad at hammerhead.com Visual Effects Supervisor 408) 286-3376 Hammerhead Productions http://www.got.net/~thad From david at sternlight.com Tue Jul 16 05:47:03 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 20:47:03 +0800 Subject: Sternlight on C'punks In-Reply-To: <199607151701.KAA00537@mail.pacifier.com> Message-ID: At 4:27 PM -0700 7/15/96, Mark O. Aldrich wrote: >One of the blessings of c'punks was that it was not 'worthy' of the time >of several professional flame-baiters who are fairly well-known on the >'Net, in particular, David Sternlight. Now, however, that seems to have >changed. If everyone thought things were weird around here with >Detweiler, just wait until you see DS's stuff.... And another thing. The reason I've not joined this group earlier had nothing to do with "worthy". It was because after discussion a year or so ago, Tim May suggested to me via e-mail that it would just generate a lot of controversy, at a time when people were so polarized that they couldn't hear each other and thus my presence here would serve no useful purpose. I took Tim's advice and stayed out. I thought that by now the more extreme dogmatists among you would have matured, especially given the evidence generated by the real world about how things are and are going if nothing rational and effective is done to stop it. Some of you have met me at Crypto and found I'm not the devil incarnate. Some of you know that we share many (but not all) policy views in common. The presenting symptom for my joining now was a copy of a post by an MIT professor I respect to this group, which a colleague sent me. Perhaps I was too hasty in my belief that we can begin to hear each other. David From cwe at it.kth.se Tue Jul 16 05:53:24 1996 From: cwe at it.kth.se (Christian Wettergren) Date: Tue, 16 Jul 1996 20:53:24 +0800 Subject: Word lists for passphrases In-Reply-To: Message-ID: <199607160727.JAA27015@piraya.electrum.kth.se> | It is pretty easy to defend against dictionary attacks by using an expanded | character set--mixed caps and lower case; numbers substituted for some | letters according to easily-remembered personal rules. | | "Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the | "v" is a roman numeral 5. Another is the "Compuserve method" of inserting | punctuation characters between words making up a password or key. Since the | length of the words used is unknown to the cracker, this makes his job | harder. You should on the other hand be able to use the username as an indicator of what kind of password it is; user "warez" / pass "warez" (but better check the home directory for MS Word) user "l0pht" / pass "'l33t" user "feh" / pass "uk4n+r3dt13" (look for zines) Actually, these kids believe the language they use are hiding them, but I bet that the letter digrams they present is a immediate marker of "H4k3rz". It's definitively better than searching for normal "elite, hacker, phracker, exploit". I just used "l33t" (52), "d00d" (742), "h4qu3r" (5), "sux" (4053) on AltaVista, to name a few. -cwe From SpyKing at thecodex.com Tue Jul 16 05:55:14 1996 From: SpyKing at thecodex.com (SpyKing) Date: Tue, 16 Jul 1996 20:55:14 +0800 Subject: 50,000th Visitor a Winner! Message-ID: <9607160332.AA27200@mne.com> Have you heard about the Codex Counter Contest? Every once and a while we post a target number for our page counter...if you are the lucky person who visits our site on that number according to the Connect2 counter...you win! All you need to do is print the page and fax it to us to collect your free prize! The first winner was Kevin Mullen aka jmulle at gremlan.org - Kevin won a brand new Sony 8mm video recorder (one thousand dollar value). Congradulations Kevin and enjoy your prize! P.S. While you're there, checkout some of our great resources and products...and don't forget to visit the The Codex Mall. This communication is copyrighted by the author. 1996, All Rights Reserved. This communication may be read only by the person to whom it is addressed. Unauthorized interception, forwarding, posting/re-posting of all/any part of this message is a violation of U.S. Copyright laws and may result in civil or criminal action against violators. The Codex Surveillance & Privacy News - http://www.thecodex.com PGP Key Available upon Request From jti at i-manila.com.ph Tue Jul 16 05:55:32 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 16 Jul 1996 20:55:32 +0800 Subject: Exchange: Add PGP Message-ID: <01BB732D.CA440AC0@ip134.i-manila.com.ph> How can I add PGP feature to Exchange? From shamrock at netcom.com Tue Jul 16 05:58:22 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 16 Jul 1996 20:58:22 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: At 10:13 7/15/96, David Sternlight wrote: [Oh boy. DS discovered Cypherpunks. Well, I guess it was only a matter of time. You folks thought this list was active? Get ready for the onslaught. Hi, David. :-] >That's certainly one view. Another is that if you watch the precursors of >legislation, then actions in the Netherlands, the UK, and in the European >Parliament suggest that an independent European escrow initiative might >happen within a year. When it does it will be a trivial matter to harmonize >it with some US offering. The mills in various countries are grinding too >coincidentally for my taste. > >Given the glacial pace with which standard integrated crypto has appeared >on the Internet, with Navigator only going to offer the final >link--encrypted e-mail--later this year, the above timing isn't necessarily >one which will be left behind by independent Internet developments. And >given the glacial pace of PGP movement toward integrated internet standard >products, it hasn't a hope of beating the above timing to the punch. David is correct. Strong crypto standardization and integration have made little progress in the last two years. This is not about to change. In fact, any standard that is likely to be widely agreed upon will be a weak crypto standard. S/MIME with its 40 bit default key length is a prime example. Meanwhile, the governments in just about any country with an Internet connection, certainly the governments in the US, Australia, and the EC are marching in lock step to implement global GAK. There is not a single significant market in the western world in which GAK is not either being proposed, studied by pro-GAK "working groups", or already implemented. We might see GAK nearly world wide within two years. The question isn't if GAK will happen but only when it will happen. The speed by which GAK will become the law depends on a few factors, many of which are out of our control. Primarily, that means number and severity of Reichstag Fires the GAK proponents can make use of to push their cause. The odds seem slim that we will win the race to the mythical fork in the road at which point crypto regulations will no longer matter, because strong crypto is too widely deployed. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From jimbell at pacifier.com Tue Jul 16 06:01:23 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 16 Jul 1996 21:01:23 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: <199607160519.WAA13505@mail.pacifier.com> At 01:48 AM 7/16/96 +0200, Steven Seyffert wrote: > >---------- >: From: bryce at digicash.com >: To: David G.W. Birch >: Cc: Multiple recipients of ; cypherpunks at toad.com >: Subject: Re: #E-CASH: PRODUCT OR SERVICE? >: Date: maandag 15 juli 1996 15:36 > >: 4. Privacy. The privacy of Ecash(tm) payers is mathematically >: unconditional. >: >Just like the privacy of e-mail and the independance of the WWW once was. > Notice he says there's PAYER privacy. Payee privacy is possible, but not implemented by Digicash. Payee privacy is going to be a feature of a SUCCESSFUL digital cash system. Jim Bell jimbell at pacifier.com From david at sternlight.com Tue Jul 16 06:02:54 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 16 Jul 1996 21:02:54 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates In-Reply-To: <199607151701.KAA00537@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Some live in the conversation in their head and require that everything be spelled out. Very well, then: At 10:58 AM -0700 7/15/96, jim bell wrote: >At 06:05 PM 7/14/96 -0700, David Sternlight wrote: > >>This post is a courtesy to others who may have been expecting more. > >It's not that we're expecting more...it's just that we're hoping for BETTER. "More" in the sense of a response to your personal attacks. > >>It's a >>one-time statement to this list, which I've just joined, of my current >>practice: Silence does not constitute assent. >>David > >Well, that's where you're confused. Our positions are not morally >equivalent. Morality has nothing to do with it. The instant dispute is over facts. And you have no idea what my position on GAK is, judging from your personal attacks. I'll help you out. I do not object to it domestically as long as it is voluntary, that restriction is hard-coded into the rules and laws, and there are real choices at least initially. ("Trust everyone and always cut the cards.") Whether I then use it or not is my business, though it's no secret that I'd use a non-GAK system in preference were it available and an Internet standard. I trust the market and my fellow citizens, and if they rush to GAK because of superior features or some such and non-GAK dies on the vine because it is poorly implemented or poorly marketed, that's the way freedom works. You can't compel others to user YOUR favorite system just so you can have the benefits from it you want, nor should others try to suppress your favorites. That sword cuts both ways--vis a vis the government's favorites. They shouldn't try to compel what thye like, nor should they suppress what they don't unless the people's representatives have legislated (as for example in the case of the authority for ITAR) and the matter is Constitutional. I think foreign governments' crypto policies to be none of my business--though I know some other Americans love to wrap themselves in high moral raiment and preach on the topic to such foreign governments, and many foreigners with motes in their own eyes like to do that to us. I have a personal opinion in the matter which is likely the same as yours, but do not feel entitled to burden others with that since it's so much ineffectual chin music. >Despite trying to hide behind the smokescreen of calling the >government's GAK position "voluntary," we all know that they are trying to >misuse their influence to gently force us to use GAK, if by no other means >that forcing the taxpayer to pay for the system as they have done already. I agree, though I would not have phrased it in such an offensive way. This isn't some conspiracy of evil but people with a legitimate policy disagreement. > >The opponents of GAK, on the other hand, are not denying to anyone the right >to implement a truly voluntary "key-escrow" system, or more likely many >privately operating ones. I disagree again. It is evident from the effort to shoot down Clipper I, which WAS voluntary, that this is another case of your version of "voluntary". If an offeror, even the government, offers something voluntary and you don't like it, you attempt to suppress it. It's kinda like "freedom of speech only for those who agree with me". > However, such systems will be a service for the >customer, not the government, and the key will almost certainly not be >provided to the government on request, and in fact the key will likely be >stored in an encrypted form that the government won't be able to use. To the contrary, business records are always available on legitimate subpoena by the government, and this would include escrowed keys. YOU don't have to like it, but it's the law. > >Quite simply, we do not require your "assent." You should be trying to get >OURS. "Silence does not constitute assent" to your personal attacks, your policy assertions, and what I think to be your misrepresentations of fact. I was not speaking of assent to GAK in that sentence. I think your attempt to pseudospeciate me and create an "us and him" situation in this group is bound to fail with those who have paid attention to what I think and say, particularly my most recent thinking. On many matters we are agreed at bottom. However, I place high value on policy and strategy advocacies that are content-robust and work, in preference to ineffectual ones that merely make one feel good. Further, I do not believe one should suppress criticism of one's allies when they are doing a sloppy or wrong-headed job of things. That's just opening the door to a failure instead of sharpening things up to improve the chances of a success. The radical feminists' "Sisterhood, right or wrong" is not my motto. When you're right, you're right and I support you, and when I think you're wrong I won't hesitate to point it out. David -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMequPEwgH+NYrQ81AQG56AP/VPJC454h+OWdCZ0i8BajL+7YtZ3z3QkR foCov4Fy4msK45uwaNCnHnIwqvwNksoZRVCDValY74r9GAB5f/Em5TFWVxe8WLz8 44hZ739RfPBKJH1F7M/JUY7RMwIwxsFtaYWt89pwc9mZyXwoHT5xXdbojXakf8HI MRLTEaqbB8M= =1WC/ -----END PGP SIGNATURE----- From llurch at networking.stanford.edu Tue Jul 16 06:41:58 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Tue, 16 Jul 1996 21:41:58 +0800 Subject: d.Comm: Your Login Information In-Reply-To: <199607151820.OAA21615@sol.spiders.com> Message-ID: On Mon, 15 Jul 1996 hotlists at d-comm.com wrote: > Login: cypherpunks > Passwd: 107084 > URL: http://www.d-comm.com/ Hmm. I thought I'd set that up long ago. Excellent site, btw, though their editorial slant isn't always to the cypherpunk's advantage. -rich From Paul at opalbus.demon.co.uk Tue Jul 16 06:42:25 1996 From: Paul at opalbus.demon.co.uk (Paul Mercer) Date: Tue, 16 Jul 1996 21:42:25 +0800 Subject: No Subject Message-ID: From jimbell at pacifier.com Tue Jul 16 06:50:07 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 16 Jul 1996 21:50:07 +0800 Subject: DCSB: Betting on the Future Message-ID: <199607160806.BAA19805@mail.pacifier.com> At 12:07 PM 7/15/96 -0400, Robert Hettinga wrote: > The Digital Commerce Society of Boston > Presents > Duane Hewitt > Idea Futures >> I will introduce the concept of Idea Futures which is a market in which >> the odds of future events are set by betting. It is designed to reward >> those who can accurately forecast future outcomes. Hmmmm... Betting on future events... What a novel idea... Jim Bell jimbell at pacifier.com From dlv at bwalk.dm.com Tue Jul 16 06:53:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 16 Jul 1996 21:53:25 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: Modems on stun... "Mark O. Aldrich" writes: ... > After seeing what happened to sci.crypt (it was essentially wrecked for > anyone without killfile capability), I'd caution the c'punkers > (particularly the more vocal ones) to NOT TAKE THE BAIT. It's only > natural that Perry, Jim, and the others be the first to take exception > to DS's stuff. It's probably only going to get worse as DS is the > consummate flame king and he is at least as relentless as Detweiler. I already got some shit from DS. I saw right away that he's an asshole, so I won't be responding to anything {he|she|it} says. What a maroon. I think Lance Deitweller is much smarter and more coherent. I exchanged some e-mails with and and he sounds like a very reasonable and nice guy. Thanks for the warning, --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Tue Jul 16 07:01:10 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 16 Jul 1996 22:01:10 +0800 Subject: Metered Phone In-Reply-To: <199607150749.AAA07586@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 15 Jul 1996, Bill Stewart wrote: > Date: Mon, 15 Jul 1996 00:45:48 -0700 > From: Bill Stewart > To: Jerome Tan > Cc: cypherpunks at toad.com > Subject: Re: Metered Phone > > At 01:19 PM 7/7/96 +0800, you wrote: > >Does anyone have any ideas about this metered phone? > >I am from Philippines and heard some news that it will be > >existing in 1997. Quite a big problem! Every dial will be counted, > >every seconds will be measured... > > That sounds like you're getting newer telephone technology. > In the US, most areas with newer telephone switches offer you > the choice of flat rate service (you pay a constant price per month > for calls in your city or other local area) or measured service > (you pay a lower price per month plus a few cents per minute > for local calls.) In many places with measured service, > the phone company measures how much time you use for local calls, > but doesn't record who you call, only how many minutes. > For long-distance calls, which always charge for time, > they do record what number you call. > > For computer users, there are two issues - > - recording who you call is, of course, bad > - if you have flat rate telephone service, you can stay > connected to your Internet provider full time, > instead of calling up every N minutes or when you have mail. > > # Thanks; Bill > # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com > # http://www.idiom.com/~wcs > # Re-delegate Authority! > > More often than not when you are being metered, they include a list of who you call and how long you spend on each call with your bill. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMer96zAJap8fyDMVAQHycAf+M0l8kzYptzesG6Kn8gOeTA9GZYbDTzAV 0ropLLCbZJl5tMGw8+BhhzGbRwWrenmUcT7SDm2SDzXXIUItY+UMF70U+fuiHOG5 CXAQftzpvgNuQYivVRC6cdoM1o3rTgfIPTlBHYH18uyxpFThA3VXVDRXjs9Tn6I/ WpnKhnQWWZM7Ms/8lLDLQmD9gALjlUC0BcvASS9eLczwtizG/08WIy8Z3A4PP56w g463Wbg9pVTWq4AKCTvS0Tz+j/Yp5lEKiPY0gRnjck0ThkU/QmetFhSXMRJt3KMI wBzxuKxoIsWUstrtxohORXddeURTTKaoM3yVemjBHBZqbZj5J0+gEA== =rQnN -----END PGP SIGNATURE----- From sparks at bah.com Tue Jul 16 07:04:20 1996 From: sparks at bah.com (Charley Sparks) Date: Tue, 16 Jul 1996 22:04:20 +0800 Subject: DCSB: Betting on the Future Message-ID: If I can't wear a V2 PGP T shirt It ain't good enuf to attend... cheap lunch too Charley >X-Sender: rah at tiac.net >Mime-Version: 1.0 >Date: Mon, 15 Jul 1996 12:07:12 -0400 >To: cypherpunks at toad.com >From: Robert Hettinga >Subject: DCSB: Betting on the Future >Sender: owner-cypherpunks at toad.com >Precedence: bulk > > >--- begin forwarded text > > >X-Sender: rah at tiac.net >Mime-Version: 1.0 >Date: Mon, 15 Jul 1996 11:26:33 -0400 >To: dcsb at ai.mit.edu >From: Robert Hettinga >Subject: DCSB: Betting on the Future >Sender: bounce-dcsb at ai.mit.edu >Precedence: bulk >Reply-To: Robert Hettinga > >-----BEGIN PGP SIGNED MESSAGE----- > > > > The Digital Commerce Society of Boston > > Presents > > Duane Hewitt > Idea Futures > > "Betting on the Future" > > > Tuesday, August 6, 1996 > 12 - 2 PM > The Downtown Harvard Club of Boston > One Federal Street, Boston, MA > > >Duane says: > >> I am a Molecular Biologist by trade but I am fascinated by all aspects of >> science and technology and especially their long term ramifications. I am >> completing my Master's Degree thesis as well as working full time at the >> University of Massachusetts at Amherst. I have some part time work >> maintaining Web pages and I have been involved with the Idea Futures Web >> site from the very beginning. I also am currently working on a hypertext >> reference on the biology of aging. Many of these interest can be accessed >> from my home page at http://www.lucifer.com/~duane >> >> I will introduce the concept of Idea Futures which is a market in which >> the odds of future events are set by betting. It is designed to reward >> those who can accurately forecast future outcomes. It has been recognized >> by the Austrian Broadcast System, and the Point Survey and mentioned in >> _Wired_. I will discuss the implications of such a market as well as some >> of the history behind it. I will also propose how a similar market could >> be used to construct a market based voting system. > > > >This meeting of the Digital Commerce Society of Boston will be held on >Tuesday, August 6, 1996 from 12pm - 2pm at the Downtown Branch of the >Harvard Club of Boston, One Federal Street. The price for lunch is $27.50. >This price includes lunch, room rental, and the speaker's lunch. ;-). The >Harvard Club *does* have dress code: jackets and ties for men, and >"appropriate business attire" for women. > >We need to receive a company check, or money order, (or if we *really* know >you, a personal check) payable to "The Harvard Club of Boston", by >Saturday, August 3, or you won't be on the list for lunch. Checks >payable to anyone else but The Harvard Club of Boston will have to be sent >back. > >Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, >Massachusetts, 02131. Again, they *must* be made payable to "The Harvard >Club of Boston". > >If anyone has questions, or has a problem with these arrangements (We've had >to work with glacial A/P departments more than once, for instance), please >let us know via e-mail, and we'll see if we can work something out. > >Planned speakers for the following few months are: > > September Tatsuo Tanaka Some Economics of Digital Cash > October Philippe LeRoux Stock Exchanges and the Web > >We are actively searching for future speakers. If you are in Boston on the >first Tuesday of the month, and you would like to make a presentation to the >Society, please send e-mail to the DCSB Program Commmittee, care of Robert >Hettinga, rah at shipwright.com . > >For more information about the Digital Commerce Society of Boston, send >"info dcsb" in the body of a message to majordomo at ai.mit.edu . If you want >to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a >message to majordomo at ai.mit.edu . > >Looking forward to seeing you there! > >Cheers, >Robert Hettinga >Moderator, >The Digital Commerce Society of Boston > > > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 > >iQCVAwUBMepi6vgyLN8bw6ZVAQFsOwP/UuOoWa0LUEyY4dmQ21KIR4GwhB6PurSa >L97eVsbVOigP+TVPFJX7RKqYhCxIL8gDUnSRimGnATmhLo5wdE0UXvgakeGaD5s+ >vKPfhuaG9/MnuZvWFbBEZOrTTKqVE8bfoU2yiw6xTvhyQY0lDA2BSO8vjip28nOA >0Wkuh1VUBhY= >=/5+9 >-----END PGP SIGNATURE----- > >----------------- >Robert Hettinga (rah at shipwright.com) >e$, 44 Farquhar Street, Boston, MA 02131 USA >"'Bart Bucks' are not legal tender." > -- Punishment, 100 times on a chalkboard, > for Bart Simpson >The e$ Home Page: http://www.vmeng.com/rah/ > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu >In the body of the message, write: unsubscribe dcsb >Or, to subscribe, write: subscribe dcsb >If you have questions, write to me at Owner-DCSB at ai.mit.edu > >--- end forwarded text > > > >----------------- >Robert Hettinga (rah at shipwright.com) >e$, 44 Farquhar Street, Boston, MA 02131 USA >"'Bart Bucks' are not legal tender." > -- Punishment, 100 times on a chalkboard, > for Bart Simpson >The e$ Home Page: http://www.vmeng.com/rah/ > Charles E. Sparks Booz Allen & Hamilton http://www.clark.net/pub/charley/index.htm In God we trust, All Others we encrypt Public Key at: http://www.clark.net/pub/charley/cp_1.htm From frogfarm at yakko.cs.wmich.edu Tue Jul 16 07:11:20 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Tue, 16 Jul 1996 22:11:20 +0800 Subject: Surf-filter lists Message-ID: <199607160541.BAA11900@yakko.cs.wmich.edu> Vlad: How can consumers make an informed decision as to which filter they wish to purchase, if they are not told exactly what information each product is filtering out? Meeks et al may be guilty of flamboyant, emotionalistic prose, but I find the concept that the public is expected to buy various filters without knowing what they filter...frankly, ridiculous. -- "Your wish is my command, if you know what's good for you, bitch." - William Shakespeare (Or perhaps it was his brother Fred who said that.) From snow at smoke.suba.com Tue Jul 16 07:59:15 1996 From: snow at smoke.suba.com (snow) Date: Tue, 16 Jul 1996 22:59:15 +0800 Subject: Chicago Area Cypherpunks Try 2. Message-ID: Ok, I'm an idiot. The first time I posted this I forgot that the machine that the account that the cypherpunks mail goes thru was going to die. In otherwords, Crash did. I recieved a total 5 responses to a suggestion of a cypherpunks meet, and this is what I sent them earlier : There were 5 respondents, not including erehwon at c2.org, but he is the one who first affirmed the idea in my head. There may have been more, but my account at crash.suba.com (infact the whole machine) went away shortly after I posted, so I may have missed some responces. I am going to post again, so if you got this you don't need to re-respond. If you didn't get this, please respond and tell me how you are reading it without getting it. Is there anyone else out there who might want to organize this thing? I don't mind doing it, but I tend to be a little authoritarian about these kinds of things. I arrange an almost monthly meeting for a bunch of freaks on Usenet, and it has been my experience that the best way of doing these things is simply to announce a time and a place and stick to it unless there is a _major_ event that causes a change. On the other group I have the meetings at my house, and my Wife's grand mother died. Immediate grounds for a change other reasons could be a major conference that I didn't know about etc. An individual being out of town is not a reason, at every random event there will be someone who would prefer a different day. The other thing to consider is where to hold the event. There are a couple of decent pubs/bars here in Chicago, or Coffee Houses. I would prefer not to hold the first one in my home, because I am paranoid. Anyway, a couple of the responses were from out of town, so I think it might be a good idea to do this on a weekend. _______________________________________________________________________ If you responded, and would like to be in on the discussion, please re-respond. Sorry for the inconvience and the lousy spelling. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From julianb at mail.tiac.net Tue Jul 16 08:07:30 1996 From: julianb at mail.tiac.net (Julian Burke) Date: Tue, 16 Jul 1996 23:07:30 +0800 Subject: Netscape download requirements Message-ID: <199607160905.FAA26831@mailserver1.tiac.net> Jeff Weinstein wrote: > We received written permission from the State Department for our >download verification mechanism. What exactly is the reason for Netscape asking for the name, address, e-mail address, and telephone number of anyone who wishes to download the US-browser? If I remember correctly MIT in distributing PGP only asks that you affirmatively assent to obeying export laws (and the terms of the rsa license). I have not heard at any point that the MIT system does not meet the legal requirements of ITAR. Is there perhaps some other reason Netscape wishes to have this information? --Julian Burke From snow at smoke.suba.com Tue Jul 16 08:11:59 1996 From: snow at smoke.suba.com (snow) Date: Tue, 16 Jul 1996 23:11:59 +0800 Subject: brokers as middlemen In-Reply-To: Message-ID: On Mon, 15 Jul 1996, Timothy C. May wrote: > At 5:48 PM 7/15/96, L. Detweiler wrote: > >that could be regarded as the ultimate capitalist market-- something > >that eliminates all "unnecessary" middlemen. I suspect the stock exchanges > >of the future will *not* be regulated because they *cannot* be. it > >will be a matter of buyers and sellers choosing the systems that > >best suit them regardless of what governments feel is appropriate, fair, > >or whatever. > I emphatically agree! There is little need for regulation in this new > environment, and "reputations matter." And regulation is becoming > problematic. > (To cite one example. Some are calling for registration and regulation of > "investment advice," which is largely unregulated in the U.S. today. That > is, I can self-publish a newsletter, "Tim's Stock Picks," and the First > Amendment says this can't be restricted (Caveat: But I can't sell "Tim's > Legal Advice," "Tim's Earthquake Safety Advice," or "Tim's Medical Advice" > to clients...go figure). Some want investment newsletter writers "held While IANAL, and I don't know for sure about "Tim's Legal Advice", there is NOLO press, I don't think they are lawyers. I don't understand why you couldn't print "Tim's Earthquake Saftey Advice" as long as the advice wasn't totally erroneous. As to the last, you most certainly _can_ publish "Tim's Health Advise, or Tim's Homeopathic Newsletter and give essentially medical advise. The non-crypto snake oil business is a big as ever in the US. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jeremey at forequest.com Tue Jul 16 08:38:04 1996 From: jeremey at forequest.com (Jeremey Barrett) Date: Tue, 16 Jul 1996 23:38:04 +0800 Subject: (fwd) krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton In-Reply-To: <199607152224.SAA04880@yakko.cs.wmich.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I downloaded the thing... here's what I posted to sci.crypt: Looks like snake oil to me... the whole thing comes down to each executable having a unique "registration number" so that only that copy of the software can decrypt with that "registration number". You encrypt with a key of between 5 and 10 text characters, and you provide the registration number of the destination party. The "registration number" and key get combined in some way to form the encryption key. (Registration numbers are public information). Since ONLY ;) the destination party has the correct copy of the software, only they can decrypt the data, hence the key can be passed over an insecure channel. Heh. They say the encryption algorithm is a form of substitution cipher. SO.... since the "registration number" and key are public, the only thing keeping this together is the lack of the algorithm, which of course doesn't keep it together at all. Fun... On Mon, 15 Jul 1996, Damaged Justice wrote: > [Anyone know more about this one? "Homonymous" in this context sounds a > tad oily.] > > >From: mjk at reimari.uwasa.fi (Mika Koykka) > Newsgroups: comp.archives.msdos.announce > Subject: krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton > Date: 15 Jul 1996 11:32:39 +0300 > Lines: 82 > > Thank you for your contribution. This upload is now available as > 60605 Jul 2 22:10 ftp://garbo.uwasa.fi/pc/crypt/krypt13i.zip > > : Date: Sun, 14 Jul 1996 15:10:55 -0500 > : From: Enkryptonator > : To: pc-up at uwasa.fi > : Subject: krypt13i.zip Homonymous key encryption uploaded > : > : I mailed a previous Email today, but it contained a typo in the file name > : uploaded. > : this message contains no such typo. > : > : File name: > : KRYPT13i.ZIP > : Enkryptonator: Homonymous key encryption system. > : Replaces: > : KRYPT12.ZIP > : Suggested Garbo directory: > : crypt > : Uploader name & email: > : Richard Newton, enkrypt at flash.net > : Author or author company: > : Richard Newton > : Email address: > : enkrypt at flash.net > : Surface address: > : Box 866292 Plano Tx 75086 USA. > : Special requirements: > : Developed on MS-DOS 386 platform. > : Math co-processor recommended, but not required. > : Shareware payment required from private users: > : Yes, but not from students. > : Shareware payment required from corporates: > : Yes. > : Distribution limitations: > : None > : Garbo CD-ROM distribution allowed without extra preconditions: > : Yes. > : Demo: > : No. > : Nagware: > : No, Displays none of the behavior described in your > : instructions. > : Self-documenting: > : Yes. > : External documentation included: > : Yes, about 70Kb (unzipped). > : Source included: > : No. > : Size: > : 60kb zipped. > : 10 lines description: > : > : Enkryptonator is a newly developed encryption system based on the > : principles of homonymous key cryptography invented by Enkryptonator Co. > : Homonymous key systems are an exiciting, new breakthrough, that solve > : the 'key management' problem without resorting to 'public key' > : cryptography. No more unwieldy, impossible to remember, binary keys. > : Enkryptonator is easy to use. Because of Enkryptonator's unique design > : no one who intercepts your encryption in an unauthorized manner can > : decrypt your file -- even if he knows the key of encryption! Everyone > : has a right to privacy and Enkryptonator will provide you a means of > : securing your personal and private concerns from unwanted intruders. > : > : Long description: > : > : This is the 1.3 International Shareware version of Enkryptonator. > : The international version will only allow a single key of encryption > : in order prevent running a-foul of US export control regulations on > : the export of encryption technology. > : > : Version 1.3 introduces a 5% speed improvement and minor changes in > : messaging. Version 1.3 is incompatible with version 1.2 and version > : 1.1. These are the only code changes. The most significant reason for > : releasing 1.3 is to provide users with more comprehensive and updated > : user documentation. > > ................................................................. > Mika Koykka, mjk at uwasa.fi http://www.uwasa.fi/~mjk/ > Moderating at garbo.uwasa.fi http://garbo.uwasa.fi/ FTP archives > Computer Centre, University of Vaasa, Box 700, FIN-65101 Finland > > > -- > "Your wish is my command, if you know what's good for you, bitch." > - William Shakespeare > (Or perhaps it was his brother Fred who said that.) > > - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Jeremey Barrett Senior Software Engineer jeremey at forequest.com The ForeQuest Company http://www.forequest.com/ "less is more." -- Mies van de Rohe. Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gage, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver", he says, "will usually know what's wrong." -- 'fortune` output -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMeskYC/fy+vkqMxNAQFybAQAh7ZC0fHK8OWv3VLS5x5bl023cbXZPXFU HXy3e0jH2rMTM2SPFfp/2hwLjx+msoL6cguV+duDf7x1dqgsE+zEHshx1JKCvLUh 1LwJ9N0iNWErBJqGbt2l5LSI1d98VcOuJ6OO/Sa0VCmJtcqF4dnvDpkb3XdD3J/z 9QwCMsSEnaQ= =Iuxo -----END PGP SIGNATURE----- From s_levien at research.att.com Tue Jul 16 08:41:00 1996 From: s_levien at research.att.com (Raph Levien) Date: Tue, 16 Jul 1996 23:41:00 +0800 Subject: Clueless "Attachment converted" uses Message-ID: Simon Spero wrote: > > On a very similar note - could people who are using clear-text PGP > signatures with mime use text/... instead of application/...; that way > people without pgp will see the message text without having to mess with > their mailcaps (that's the way text/* is supposed to work) I'd hate to turn this into "e-mail encryption"-punks, but I believe that clear-signed PGP messages should not have MIME types at all. Here's why: 1. All PGP-aware mail reading programs can recognize MIMEless PGP messages. Thus, adding the MIME type does not help. 2. For all mailers that are not PGP-aware, the best way to handle clearsigned messages is to cut-and-paste them to a PGP window. This is most easily done if the message is simply displayed as text. Thus, adding the MIME type does not help. 3. There _is_ a PGP/MIME standard, and these clearsigned PGP messages do not conform to it. ObPlug: premail, I believe, implements the correct policy. Some messages need to be in MIME format (e.g. pictures). These messages are encoded using the real PGP/MIME spec. Other messages do not. These are encoded using plain PGP, and no MIME gorp. There is a small bug in 0.44, by the way, that causes messages with tabs to be wrongly classified as needing MIME. Just my two cents. Raph From tangent at alpha.c2.org Tue Jul 16 08:42:45 1996 From: tangent at alpha.c2.org (Tangent) Date: Tue, 16 Jul 1996 23:42:45 +0800 Subject: Encrytions over multiple platforms Message-ID: <199607160331.UAA17969@infinity.c2.org> Does anyone know of a hard-drive/partition encrytion program that has been ported to both DOS and Linux/UNIX based systems? I am searching for a system that, obviously, allows both reading and writing of secure/encrytped data. You help will be greatly appreciated. -- Tangent From tangent at alpha.c2.org Tue Jul 16 08:48:33 1996 From: tangent at alpha.c2.org (Tangent) Date: Tue, 16 Jul 1996 23:48:33 +0800 Subject: Encryption over multiple platforms Message-ID: <199607160232.TAA12447@infinity.c2.org> Does anyone know of a hard-drive encryption program that has been ported to both DOS and Linux/UNIX based systems? I'm looking into installing some flavor of UNIX on my system, but still wish to retain my DOS based setup. Windows support would be a bonus, though not necessary. Your help will be greatly appreciated. From tomw at netscape.com Tue Jul 16 08:55:07 1996 From: tomw at netscape.com (Tom Weinstein) Date: Tue, 16 Jul 1996 23:55:07 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EA98B6.446B@netscape.com> Message-ID: <31EB1655.773C@netscape.com> Tom Weinstein wrote: > > http://wwwus.netscape.com/eng/US-Current It looks like the majority of download failures are caused by people using browsers that don't support cookies. If you aren't sure that the browser you're using supports cookies, then try Netscape Navigator. If are using Netscape (or some other cookie-capable browser) and are still getting a "No Cookie" error, please let me know. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From deviant at pooh-corner.com Tue Jul 16 09:06:39 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 17 Jul 1996 00:06:39 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 15 Jul 1996, Mark O. Aldrich wrote: > Date: Mon, 15 Jul 1996 17:43:28 -0400 (EDT) > From: "Mark O. Aldrich" > To: Deranged Mutant > Cc: Adam Back , cypherpunks at toad.com > Subject: Re: Opiated file systems > [Usefull stuff >/dev/null] > > The payload of getting false data out of a crypto algorithm, such that the > data looks "real", when a duress key is input to the algorithm is not > something that I've seen approached in any reasonable manner. Probably > because it's just too damn hard and the notion of "real looking" data is a > little hard to define scientifically. A combination stego/crypto solution > may be more appropriate, but close examination of the box is going to > reveal what happened (assuming the desired solution must withstand some > protracted forensics?). The nuke_the_data or nuke_the_keys solutions are > easier to do, and have been implemented in several situations of which I > am aware. > But, on the other hand, it wouldn't be to hard to have the user set both keys (yeah, so that didn't actually say anything, so what...), and then do an every-other-byte type thing (although that would be slow... every other block would be more efficient), and have 2 EFS's in one file, and make it so that on the "duress" one the extra space appears to be "free". One could make it a real file system, and add a fake disk error to prevent over-writing of the "non-duress" filesystem. > > ------------------------------------------------------------------------- > |Just as the strength of the Internet is |Mark Aldrich | > |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | > |depends upon the chaos and cacophony of |maldrich at grci.com | > |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | > |protects - District Judge Stewart Dalzell| | > |_______________________________________________________________________| > |The author is PGP Empowered. Public key at: finger maldrich at grci.com | > | The opinions expressed herein are strictly those of the author | > | and my employer gets no credit for them whatsoever. | > ------------------------------------------------------------------------- > This will sound odd, but did you know that "dockmaster" was the name of the NSA's first unclassified computer? just wondering.... ;) --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMetbfTAJap8fyDMVAQGN7Af+Jck2zofxtJOBLuceEhGmaZwoodxGHITb PrdLwsrYVdWbyzhtmCy9iDm0cMh0BW6dRGXDQWml4Ed0ObAPBwQz4wwpbS+4OOBS VSsTQ+A5JctbxeaA24XPPCbVOLrCCFaWiNZacSft/hUPDn4etYPKwtVDFfFsKtWF VohL28TyLAskNUFarKKr1YFVAlZ632XZy9xEDXnNi7lDwj5cSHtCL89Kt0F8qSiq 6Qz+cfWmwpx4Pv/CyenTUHu+Q6orgxSGIY7hBGywcUzm4lRKmOJrzFjqjM3Af4dQ 78lasplnScvu2Pw6ofCxFBHpf0r4DH/XdeKH0BzKoQnBlu8X4bjg0A== =/T4e -----END PGP SIGNATURE----- From jsw at netscape.com Tue Jul 16 09:21:40 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 17 Jul 1996 00:21:40 +0800 Subject: Netscape download requirements In-Reply-To: <199607160905.FAA26831@mailserver1.tiac.net> Message-ID: <31EB61E5.520E@netscape.com> Julian Burke wrote: > > Jeff Weinstein wrote: > > > We received written permission from the State Department for our > >download verification mechanism. > > What exactly is the reason for Netscape asking for the name, address, > e-mail address, and telephone number of anyone who wishes to download > the US-browser? If I remember correctly MIT in distributing PGP only > asks that you affirmatively assent to obeying export laws (and the > terms of the rsa license). > > I have not heard at any point that the MIT system does not meet the > legal requirements of ITAR. Is there perhaps some other reason > Netscape wishes to have this information? The Department of State tells us that permission was granted to MIT and others under the "old policy". The "new policy" has not been completed, which led to long delays in our getting approval. Our current approval is temporary, pending release of the "new policy". In order to get this permission we agreed to ask for and archive this information, in case law enforcement required it for some related investigation. The following statement is at the bottom of the page, near the submit button: ALL SUBMISSIONS ARE LOGGED Misrepresentation or omission of facts is covered under ITAR 127.2(a) and (b)(13). These data will only be released to satisfy lawful requests by government agencies, should such requests be made. That last sentance means that we won't be selling the list to telemarketers, or making it publicly available. If you are not comfortable providing this information, then you may either run the export version, or purchase the retail navigator package, which also includes the US only version when sold in the US. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From JonWienk at ix.netcom.com Tue Jul 16 09:29:38 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Wed, 17 Jul 1996 00:29:38 +0800 Subject: PGP 3.0 / Windows In-Reply-To: Message-ID: <199607160545.WAA01000@dfw-ix10.ix.netcom.com> Has anyone heard anythong about PGP 3.0? Is it still due Real Soon Now? Or might it be worthwhile to break out VC++ and do a port as a cpunks cooperative project? Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. A thirty (30) day amnesty period is permitted for these firearms to be turned over to the local authorities. At the end of this period, a number of citizen groups refuse to turn over their firearms. Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? From declan at well.com Tue Jul 16 09:38:16 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 17 Jul 1996 00:38:16 +0800 Subject: Washington Post -- "Block but Verify" Message-ID: [An editorial in today's Washington Post, about blocking software and the CyberWire Dispatch that Brock and I sent out earlier this month. --Declan] http://www.washingtonpost.com/wp-srv/WPlate/1996-07/15/006L-071596-idx.html Editorial: "BLOCK, BUT VERIFY" Monday, July 15 1996; Page A18 The Washington Post THE NEXT generation of highly publicized Internet products may have less to do with what you can get from the Net than with what you can protect yourself against getting. In the wake of the concern over pornography that sparked the now-overturned Communications Decency Act, vendors have rushed to market software with names like SurfWatch and NetNanny. [...] Some incidents of what might be called over-screening are accidents resulting from the overzealous use of keywords or other sweeping means by the inexperienced. Others are exactly what the products' makers intend... An on-line article by cyberjournalists Brock Meeks and Declan McCullough reported on a product called CyberSitter, marketed by the conservative group Focus on the Family, that blocks access to any discussions of homosexuality. It's advertised as a product for families who want just that: a relatively G-rated version of cyberspace. The feasibility and ready availability of such products is, of course, a strong argument that the government needn't meddle. Anyone, not just those worried about porn, should soon be able to find software that edits what a family wants edited and lets through what it wants to read. One pitfall, though, as Messrs. McCullough and Meeks observe, is the commercially inspired reluctance of many of these producers of software to specify exactly what they are blocking. Though understandable, this raises obvious dangers that products meant to block one type of transmission -- violence, for example -- will in fact muffle wider areas of debate. Smart consumers will want, and demand, to know what they're not getting, the better to make use of the information they have. From jimbell at pacifier.com Tue Jul 16 09:43:06 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 17 Jul 1996 00:43:06 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: <199607160158.SAA01591@mail.pacifier.com> At 11:53 AM 7/15/96 -0700, Bill Frantz wrote: > >I still think this whole GAK thing is going to fail on the, "Which >government?" question. I don't see either multi-nationals or their >governments wanting to share their secrets with each other, and I don't see >how to set up universal GAK to prevent that form of industrial espionage. >Also, the key which decodes the GAKed data is just too valuable and too >easy to steal. This most recent dispute between the American government and the EC community with respect to trading with Cuba (Helms-Burton act) is an excellent example that can be raised to challenge the concept of cooperation between countries that are ostensibly "allies." The Helms law says, more or less, that American companies can sue foreign-based companies for using assets taken by Cuba in business. The EC countries are outraged. Were some sort of international-GAK system to already exist, you have to wonder how much luck the USG would have getting some escrowed key for the purposes of catching some Cuba-trader in the act: Not a lot! There's no point in setting up a system that practically invites disputes. BTW, yet another problem with any sort of key-escrow system operated across government borders is this: Let's suppose some foreign government illegally wiretapped somebody (say, a Senator or Representative?) in America using a Clipper-type telephone. They tap the line and get the data. They then claim that this conversation occurred between two Colombian drug smugglers. How is the American government going to know whether that's true? Unless records are kept linking a particular Clipper chip set to the particular purchaser involved (all the way to the end-user customer), the keeper of the keys has no idea whether the evidence presented to justify the tap is actually associated with the data that is to be decrypted. Yet another sneak: If the system is REALLY a "key escrow" system, I should be able to get the decrypt key for my own telephone, right? Well, suppose I buy a Clippper phone, call the escrow agency and ask for my key. Then, I de-solder the Clipper chip from the board, do a black-bag job and swap the chip into another telephone that some bigshot owns. He doesn't notice the swap, and nobody else will, either. But at that point, I can decrypt anything I wiretap off of his line. Jim Bell jimbell at pacifier.com From david at sternlight.com Tue Jul 16 10:01:32 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 17 Jul 1996 01:01:32 +0800 Subject: How I Would Ban Strong Crypto in the U.S. In-Reply-To: Message-ID: At 6:58 AM -0700 7/15/96, Raph Levien wrote: >2. The battle for key management has not yet been fought. The lack of a >key management infrastructure is the main reason why people don't use >PGP widely. This is demonstrated quite clearly by the fact that only a >few of the people I correspond with, including many premail users, >actually encrypt messages on a routine basis. If the key management >stuff were in place, it would "just work." It is about to be fought. I've got my money not on the government but on Verisign, which has been issuing site certificates for some time now, and just started issuing personal certificates which will permit message encryption using certified, Netscape-generated public keys, among other things. I think they and the free market will win, over the government, hands down. In that context (and in that context only), a lot of the heat from PGP fans against heirarchical certification is counter-productive to the above battle, in that it diffuses the crispness with which successful secure (BBN boxes, etc.) trusted heirarchical certification authorities will become the de facto standard and freeze the government out (absent some new draconian laws). > >3. Anybody can write an application that supports strong encryption >algorithms. Witness SSH, a very impressive and useful program, which was >basically done by one person, Tatu Ylonen. However, building a key >management infrastructure will take lots of money, hard work, and >cooperation. Verisign and RSA have already made the investment and the mechanism is now in place and working automatically (except for the higher assurance certification for which you need to appear before a notary if you're not in a corporate heirarchy). They've cleverly automated a validation of moderate-assurance certificate applicants' claims by automatically hitting the Equifax data base, and the low-assurance (persona) certification is automated so you need to "just ask". This won't cover everyone, but will cover so many as to make little difference to widespread acceptance. > >3a. Consider a future scenario in which a key management infrastructure >allowed big, unescrowed keys to be distributed widely, but that export >controls on clients prohibited the use of secure symmetric algorithms. >Such a situation would not be stable - the incremental cost of >uncrippled clients would be so small, and so tempting, that they would >spread like wildfire. Depends on the organizations. Big corporations (which carry considerable influence) aren't going to violate local laws. Thus we may see a "have" and "have not" escrow-less crypto world outside the US rather than the hoped-for-nirvana, depending on local laws and individuals' willingness to violate them. > >4. Thus, the best leverage for the TLAs to win is to guide the >development of a key management infrastructure with the following >property: if you don't register your key, you can't play. I believe that >this is the true meaning of the word "voluntary:" you're free to make >the choice not to participate. That is exactly what the NRC report recommended and why I opposed it so vigorously despite its other good features. > >5. This is _important_. If you can't get the keys for your >correspondents, you can't use encryption. If they build a key management >infrastructure that actually works, people will use it. > >6. Export is a two player game. The other country has to allow import of >the stuff, too. If the Burns bill passes, the "administration" would >strong-arm other countries to prohibit import of strong crypto, still >leaving US developers with no market. We don't have to strong-arm anyone. Harbingers in the UK, the European Parliament (or is it the Council?), the Netherlands, and the existing situation in France provide little reason for optimism. > >7. Building this stuff is too much of a task for the TLAs. They tried it >with Clipper, and it failed. They hoped that building the Tessera card >would be enough - that once they threw it over the wall, it would be >eagerly snapped up by industry. Remains to be seen. Netscape has a version they did for the government which uses Tessera PCMCIA cards. If some big corporation adopts it, others will follow. Don't count your chickens, etc. > >8. Thus, they're going to cajole, bribe, and coerce software companies >to play along. This fact is quite nakedly exposed in the document (good >thing the injunction against the CDA is still in force :-). They don't have to do any of the above. All they have to do is legitimately contract for their own needs. This will get the costs down (by paying off the costs of entry/capital costs) so that civilian offerings from the same technology base could be quite price-attractive. The use of government market purchasing power to influence events is now very well understood--we (and Arthur D. Little) first studied it in connection with stimulating energy conserving buildings back in 1970 when I was in the Department of Commerce. > But, most >importantly, neither of these systems can actually be used on a >widespread basis, because of the lack of a key management >infrastructure. You will find it instructive to check out the Verisign web site, download the public beta 5 of Netscape 3.0, generate some keys and get some certificates, and in two or three months check out the promised Netscape 4.0 beta which will have e-mail encryption. David From david at sternlight.com Tue Jul 16 10:09:51 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 17 Jul 1996 01:09:51 +0800 Subject: Sternlight on C'punks In-Reply-To: <199607151701.KAA00537@mail.pacifier.com> Message-ID: At 4:27 PM -0700 7/15/96, Mark O. Aldrich wrote: >One of the blessings of c'punks was that it was not 'worthy' of the time >of several professional flame-baiters who are fairly well-known on the >'Net, in particular, David Sternlight. Now, however, that seems to have >changed. If everyone thought things were weird around here with >Detweiler, just wait until you see DS's stuff.... Nothing like a good personal defamation before even reading my posts, eh? As those who have paid attention know, I post my policy views, not flame-bait. The idea that I am deliberately trying to start flame wars is pure paranoia. Of course a good attempt to attack personally is an attempt to avoid the need to try to engage with the substance. It's not only underhanded, but also sheer laziness, typical of small minds which cannot tolerate a difference of view. Your position is as prejudiced as those we sometimes call sexist or racist. Having made my points on this matter, I have no plans to engage in a flame-fest with those who love to provoke one and then blame the victim--to be sure I don't give in to such further provocation from you, welcome to my filter file. David From lyalc at ozemail.com.au Tue Jul 16 10:10:14 1996 From: lyalc at ozemail.com.au (Lyal Collins) Date: Wed, 17 Jul 1996 01:10:14 +0800 Subject: FYI: Cybank In-Reply-To: <199607151154.VAA16581@bned.design.net.au> Message-ID: <31EC5EA1.1D45@ozemail.com.au> To clarify my earlier post : Up until anbout 29 May, 1996, the Cybank site had a "test" file that was placed as a challenge. As there was a challenge, I took it. The following describes the data I was able to recover from the test file. I have received a number of files asking how I had hacked the Cybank server. I have acheived no such feat, merely determining the methodology used at the Cybank site. I communicated that fact to Cybank's operators, who subsequently seemto have altered their site, and download client. Taking this issue any further has no interest to me, and I am unable to post any VB source code - I "cleaned" some hard disk space, and have deleted the working files I used at the time. Silly me. Also, the Cybank site seems to have changed, so I don't know how you would get a test fle without becoming a Cybank user, which would probably mean passing your name, credit card etc to them. At the time, Cybank seemed very happy with actual user testing, however, I have had little further contact (1-2 emails). Lyal ps - i have also learned some interesting spelling methods as a result of informative emails. -- All mistakes in this message belong to me - you should not use them! ******************************************* included text from previous emails. ******************************************* On Wed, 29 May 1996 12:20:08 Cybank wrote: > >Return-Path: lyalc at ozemail.com.au > >Date: Tue, 28 May 1996 23:55:21 -0700 > >From: Lyal Collins > >To: info at oxford.com.au > >Subject: The text in the "securely encrypted" test message > >X-UIDL: 833321608.007 > > > >According to me, this decodes to : > >Text1!O1! 12!O2!I1!830304962394!I2!A1!0.10!A2!P1!!P2!C1!0.10!C2 > >Text1 = data to follow is text ? > >!O1! 12!O2 = I don't understand these bits yet > >!I1! = a common delimiter - 1 = start > >830304962394 = serial number that this 10 cents is for/from > >!I2! = a common delimiter - 2 = end > >A1!0.10!A2! = ammount is 10 cents, $0.10 > >P1!!P2! = seems to be a token of some kind > >C1!0.10!C2 = a check value to ensure amount is correct. > > well done Lyal! not bad so far but you've missed a few things :-) presume that you've used a VB3.0 decompiler to do it but we're upgrading to VB4.0 and changing the encryption process very soon :-) where are you? your prize might well be a job!!!!!! :-) plus the whole cash environment is becoming server-based within a couple of weeks. stay in touch, we need a beta-tester! Martin Haynes Oxford Media Group Pty Ltd CYBANK From shamrock at netcom.com Tue Jul 16 10:13:30 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 17 Jul 1996 01:13:30 +0800 Subject: CookieScan 0.0 rev 0 Message-ID: At 16:34 7/15/96, Christopher Hull wrote: >Do y'all think there might be an interest in a >utility which would allow the user to deal with >browser cookies? For Win95 you can get Internet Fast Forward. Not only does it give you full control over cookies, it also gets rid of the annoying ad banners that clutter your screen. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From stewarts at ix.netcom.com Tue Jul 16 10:14:14 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 17 Jul 1996 01:14:14 +0800 Subject: CookieScan 0.0 rev 0 Message-ID: <199607160449.VAA02710@toad.com> At 04:34 PM 7/15/96 -0800, Chris Hull wrote: >Do y�all think there might be an interest in a >utility which would allow the user to deal with >browser cookies? There might, but it's a difficult problem, and implementation-dependent and doesn't always tell you much. While your browser may store cookies in a disk file to use between sessions, by the time the cookie gets filed on disk, it's long since cooled down and may have been written over multiple times. The interesting time to detect cookies is when they arrive - this means either watching the network data stream for cookies (non-portable, unless you use a cookie-proxy, which is the obvious way to implement it), or else grubbing around in the browser's memory (highly non-portable, unless you're modifying the browser source.) The "doesn't always tell you much" is because cookies often seem to contain encrypted or hashed data that isn't meaningful to the browser-user, only to the cookie-originators. The cute trick you can do with cookies, which is probably used by advertising sites such as doubleclick.com, is for the web page owner to include an IMG which is an href to a CGI program at a cookie company. The CGI program is able to look at the HTTP_REFERER variable, which tells what page you were last on, and can therefore create or use cookie information that tracks where you've been between companies (e.g. Alice can contract with Cookies Inc. to tell if you've been to Bob's site recently, if Bob also uses Cookies Inc.) # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Re-delegate Authority! From jya at pipeline.com Tue Jul 16 10:27:54 1996 From: jya at pipeline.com (John Young) Date: Wed, 17 Jul 1996 01:27:54 +0800 Subject: WON_der Message-ID: <199607160108.BAA16729@pipe3.t1.usa.pipeline.com> 6-15-96. NYP, Book review: AFTER THOUGHT The Computer Challenge to Human Intelligence By James Bailey Illustrated. 277 pages Basic Books/HarperCollins. $25. ISBN 0-465-00781-3 Mr. Bailey, a former senior manager at the Thinking Machines Corporation, foresees an "electronic computing revolution" whose "intellectual impact will be greater than anything since the Renaissance, possibly greater than anything since the invention of language." In his view, the greatest challenge posed by the computer revolution will be for humans to trust processes of thinking they won't necessarily understand, such as neural networks spotting patterns without supplying proof "in any human-absorbable form." His main point is that we must become aware of the outmoded abstractions on which our sequential thinking is based and to jettison them in favor of parallel processes. He cites Alfred North Whitehead: "A civilization which cannot burst through its current abstractions is doomed to sterility after a very limited burst of progress." The wonder of Mr. Bailey's book is that he makes us aware of things abstract that all our lives we have been trained to think of as concrete. ----- http://pwp.usa.pipeline.com/~jya/wonder.txt (7 kb) WON_der From tcmay at got.net Tue Jul 16 11:07:33 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 17 Jul 1996 02:07:33 +0800 Subject: Sternlight on C'punks Message-ID: At 1:26 AM 7/16/96, David Sternlight wrote: >And another thing. The reason I've not joined this group earlier had >nothing to do with "worthy". It was because after discussion a year or so >ago, Tim May suggested to me via e-mail that it would just generate a lot >of controversy, at a time when people were so polarized that they couldn't >hear each other and thus my presence here would serve no useful purpose. I >took Tim's advice and stayed out. Hmmmhhh...I don't recall the context of our discussion. Certainly I would not discourage anyone from joining who really wanted to. (I also might have said that list views were fairly well-set, and that few minds would be changed by debating certain core issues. Again, I don't recall the context of my remarks to David.) In any case, I certainly welcome David Sternlight to our list. I have not often agreed with all or even many of his points, and I feel he is often abrasive (but, aren't a lot of us?), but I don't think he "wrecked" any newsgroups, much less sci.crypt. (But I've been away from sci.crypt and talk.politics.crypto for quite some time....) There were some flames, which I mostly ignored. Also, a peculiar kind of flame war dealt with endless speculations about his "motives." Utter nonsense, from careful reading of his views. That is, to insinuate that he is an agent of the NSA or the Bilderberger Grand Conspiracy merely because he (then) argued that Clipper was not as bad as most of us thought it was...well, that's just nonsensical. >The presenting symptom for my joining now was a copy of a post by an MIT >professor I respect to this group, which a colleague sent me. Perhaps I was >too hasty in my belief that we can begin to hear each other. As a point of information, many outsiders copy our list on crypto-related things for whatever reasons, without actually being contributors to ordinary discussions (or perhaps without even being subscribers). A decision to remain subscribed should be based more on what is seen on a daily basis than on what occasionally comes over the transom from MIT. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Tue Jul 16 12:53:45 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 17 Jul 1996 03:53:45 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: <199607160801.BAA19649@mail.pacifier.com> At 06:02 PM 7/15/96 -0700, David Sternlight wrote: >At 7:03 AM -0700 7/15/96, Michael Froomkin wrote: >>On Sun, 14 Jul 1996, Timothy C. May wrote: >> >>> So, who is in this "emerging consensus"? >>> >>Foreign governments? >>(Process of elimination, not inside info...) > >Perhaps. And the vast inside-the-Beltway policy community, "Policy"? I'm reminded of the fact that the whole concept of "policy" (as used in Washington DC) contains embedded within it its own set of biases. The concept of "national encryption policy" (a phrase I've seen before) implicitly assumes that there is (or must be) a _national_ policy, as opposed to a whole bunch of _individual_ policies. (Jim Bell's individual encryption policy is to get PGP and use it here and there, and try to keep up with newer developments, etc.) My opinion is that "nations" don't NEED "encryption policies" unless they intend to screw their citizens. "Policy", used in this way, is merely a smokescreen (or a shorthand) for a group of assumptions that toe the government's line. The people who make such assumptions rarely stick around to defend them. > most of whom are more like Dorothy Denning than Tim May. To the extent that they are POLICY (as in _government_ policy) people (with all the biases I've alluded to) that wouldn't be surprising. However, it is still extraordinarily dishonest for them to refer to an "emerging consensus" when they must well understand that the document they wrote was intended to be understood by ordinary people, not government-suck-ups. I'm reminded of an idiotic cover for a Classical Music CD directory book about 10 years ago, which grandly claimed that the book indexed "every CD published" but forgot to add the word "classical" adjective to that phrase. Without opening the book, you couldn't tell that the directory only listed classical CD's. A "policy" person who says there's an "emerging consensus" for key escrow has a similarly myopic point of view. >And the vast business community >that prefers automated escrow in standard systems. I feel certain that whatever portions of the business community that "prefers automated escrow" will get it, in forms which don't make the government particularly happy. > What I mean by that is >software or chips automatically escrowed to, say, Price Waterhouse. >Business is comfortable dealing with such firms in a trusted relationship, >and such firms will honor a valid court order to produce records or the >equivalent--a probable cause court-order for a wiretap. Most "chips" won't need to be escrowed, for reasons that have been adequated addressed so far. Data transfer encryption doesn't have to be escrowed, as Tim May pointed out. And, of course, an encryption chip needn't contain any sort of permanently-written key, thus obviating the need for "escrow" at all. >It really depends on how the issue is presented. If it is presented as >preserving law enforcement access, escrow follows. No, escrow DOESN'T follow! I think most people who are aware of the issues figures that the advent of encryption will provide dramatic net benefits for the public, even after potential negatives such as criminal use of encryption are factored in. > The problem is that like >the nose of the camel, each new piece of legislation establishes a new >status quo baseline of principle from which to argue, and though we all >kicked and screamed about it here, the new baseline is the Digital >Telephony Act. I concede NOTHING. That Act hasn't been funded, may not be, and with every passing month there are more people on the 'net who will understand how unacceptable it is. It's also going to be irrelevant as encrypted telephones appear, and 'net telephone access becomes more common. No new "baseline of principle" is produced. Only the thugs who are trying to foist it all on us would like to believe this. >As for the only counterargument to the above, that bad guys aren't going to >use escrowed systems, nothing is perfect, goes the argument, and the FBI >has caught plenty of bad guys who presumably should have known better, via >wiretaps. "the only counterargument"? What are you, a comedian? >If you look into it, you will find that most people with criminal minds >don't expect to get caught. > >Given the nature of this group it perhaps needs saying that the above is a >competitor analysis, not an argument nor my own position on mandatory >domestic key escrow. I'm agin it. Which is not adequate. To the extent I believe that the market will decide, if I model the market as a double-pan balance, which makes a decision as to which side is heavier, I don't want to see the heavy thumb of government pressing down on one of the pans. That's precisely what the US government tried to do with Clipper, and astonishingly it appears to have failed. To merely say that you're against "mandatory" escrow strongly implies that you would accept manipulation of the market in order to allow government to achieve its goals , as long as there is an illusion of a choice. I won't, and I think most people won't, either. Jim Bell jimbell at pacifier.com From rpowell at algorithmics.com Wed Jul 17 01:02:20 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Wed, 17 Jul 1996 16:02:20 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download In-Reply-To: Message-ID: <96Jul16.105830edt.20481@janus.algorithmics.com> >>>>> In article , Timothy Lawrence Nali writes: > Excerpts from internet.cypherpunks: 14-Jul-96 Re: ANNOUNCEMENT: PGPfone > B.. by Arun Mehta at giasdl01.vsnl >> Thanks for the input. >> >> Is UDP used for other purposes not related to voice that I might pretend >> to be doing? Or is there still some way of fooling them? > One thing that comes to mind are network games. I not sure if Doom or > Quake can use UDP, but I'm fairly certain that Netrek uses UDP packets > (up to 16 players run client programs which communicate with a game > server using TCP or UDP). Hmm... This looks like a _really_ good place for stego. Granted, you might get a significant slow down, but it might be worth it depending on your needs. -Robin From perry at piermont.com Wed Jul 17 01:04:47 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 17 Jul 1996 16:04:47 +0800 Subject: Netscape download requirements In-Reply-To: <31EB61E5.520E@netscape.com> Message-ID: <199607161346.JAA07227@jekyll.piermont.com> Jeff Weinstein writes: > If you are not comfortable providing this information, then you > may either run the export version, or purchase the retail navigator > package, which also includes the US only version when sold in the US. But you can't buy the Linux or other similar versions, so this is not an option for many of us. .pm From rah at shipwright.com Wed Jul 17 03:01:14 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 17 Jul 1996 18:01:14 +0800 Subject: PARC Forum, 7-18-96, Gregory Schmid, "The Future of ConsumerElectronic Message-ID: --- begin forwarded text Sender: e$@thumper.vmeng.com Reply-To: mikkelsen at parc.xerox.com (Jim Mikkelsen) (by way of frantz at netcom.com (Bill Frantz)) Mime-Version: 1.0 Precedence: Bulk Date: Mon, 15 Jul 1996 11:53:09 -0700 From: mikkelsen at parc.xerox.com (Jim Mikkelsen) (by way of frantz at netcom.com (Bill Frantz)) To: Multiple recipients of Subject: PARC Forum, 7-18-96, Gregory Schmid, "The Future of Consumer Electronic Xerox PARC Forum Thursday, July 18, 1996, 4:00PM, PARC Auditorium The Future of Consumer Electronic Payments: The Impact on the Distribution Chain Gregory Schmid, Institute For The Future This talk explores the critical changes pushing consmers into the world of electronic transactions--improved technologies, better security, and consumers' growing experience with card-based and other electronic transaction technologies. These changes will not only affect customer behaviors, but will transform the distribution chain, bring in new players, force the current players to fundamentally transform the way they conduct business, and encourage policymakers to find the right balance of regulation and market forces. Combined, these impacts will change the basic relationship between businesses and their customers forever. Only the stakeholders who are prepared for such changes will carve out their place in the new world. Greg directs IFTF's long-term forecasting and strategic planning efforts in both the public and private sectors. He has been Director of IFTF's Corporate Associates Program (CAP) since its inception in 1976 and is also the overall editor of CAP's "Ten-Year Forecast." Greg has overseen projects for many Fortune 500 companies, including those in the financial services, high technology, consumer products, professional services, and healthcare industries. As an economist, historian, and policy analyst, Greg uses a variety of research and planning techniques to work with clients in exploring strategic choices. His most recent book is "Future Tense: The Business Realities of the Next Ten Years" (William Morrow, 1994) with Ian Morrison. Before joining IFTF Greg headed a research division of the Federal Reserve Bank of New York. A graduate of Yale, Greg received his Ph.D. in economics from Columbia University. ------------------------------- This Forum is OPEN to the public. Host: Jim Mikkelsen 415-812-4401 Web site: http://www.parc.xerox.com/ops/projects/forum Requests for videotapes for "Xerox Employees Only" should be sent to Susie Mulhern (Mulhern at parc.xerox.com). Refreshments will be served from 3:45 - 4:00PM. The PARC Auditorium is located at 3333 Coyote Hill Road in Palo Alto. We are located in the Stanford Research Park, between Page Mill Road (west of Foothill Expressway) and Hillview Avenue. The easiest way to get here is to take Page Mill Road to Coyote Hill Road, and, as you drive up Coyote Hill between the horse pastures, PARC is the only building on the left after you crest the hill. Please park in the large (lower) lot to your right; enter the auditorium at the upper level of the building. (The auditorium entrance is located to the left of the main door and down the stairs.) ------------------------------- Next Week's Forum is Shirley Tessler, Stanford University, on "A Pilot Study of Software Product Management." --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From warlord at MIT.EDU Wed Jul 17 05:37:57 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 17 Jul 1996 20:37:57 +0800 Subject: PGP 3.0 / Windows In-Reply-To: <199607160545.WAA01000@dfw-ix10.ix.netcom.com> Message-ID: <199607161529.LAA14171@toxicwaste.media.mit.edu> > Has anyone heard anythong about PGP 3.0? Is it still due Real Soon > Now? Or might it be worthwhile to break out VC++ and do a port as a > cpunks cooperative project? As I've said, there is no PGP 3.0, there is only PGPlib. We're trying to finish it as quickly as possible. There are only a few more functions that are required; we just need to make sure the API is extensible enough to handle the new features we want to add later. As for the current status, I've started using the message processing application for my every-day encryption/decryption. It works fairly well (there are a few weird states that still need to be worked out). I'm still working on the key management application, so that isn't nearly as 'ready' to be seen. Qustion: what do you want to "port"? PGP 2.6.2? You're joking, right? Do you know how difficult that would be? Not to mention that you'd never get a Windows look to it because of all the printf()'s throughout the sucker. We're doing the best that we can to get PGPlib finished. But the more people who send email asking "when is it going to be finished" the less time we have to actually finish it (since we have to spend precious time answering the email). I hope this answers your question(s). -derek From Clay.Olbon at dynetics.com Wed Jul 17 07:19:37 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Wed, 17 Jul 1996 22:19:37 +0800 Subject: Symantec's Your Eyes Only Message-ID: If you read this weeks "Network Computing", there is a report on Symantec's Your Eyes Only encryption software for Windoze 95. The article can be found at: http://techweb.cmp.com:80/techweb/nc/711/711sneak2.html. Looks like a PGP competitor - uses RSA public key, DES, triple-DES, RC4, RC4 or blowfish secret key algorithms. It can also be used to encrypt directories on the hard-drive while retaining the ability to use them. This appears aimed at corporate users, and includes a "super-user" access to all encrypted files/messages. Also includes the capability to create an "unlock" disk that will decrypt everything should you lose your password. Now my $.02. I am concerned about the lack of a distinction between transient communications and stored data. This is apparent in the GAK proposals, but is also increasingly apparent in mainstream corporate products such as this one and ViaCrypt BE. It is apparent (to me anyway) that corporate access to stored data (data owned by the company, on machines owned by the company) is probably necessary. I do not see this same need for access to transient communications. Am I way off base on this one? Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From minow at apple.com Wed Jul 17 07:35:32 1996 From: minow at apple.com (Martin Minow) Date: Wed, 17 Jul 1996 22:35:32 +0800 Subject: Seek-and-Destroy In-Reply-To: Message-ID: I found it interesting that the "explanation" web page, http://xxx.lanl.gov/RobotsBeware.html contains an image of StarTrek's "Data." Since this likely to be a copyrighted image, I certainly hope that xxx.lanl.gov has a license from the StarTrek organization for republication. It would be a terrible thing indeed if such a well-respected government organization were to violate the law. Cheers. Martin Minow minow at apple.com From WlkngOwl at unix.asb.com Wed Jul 17 07:58:00 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 17 Jul 1996 22:58:00 +0800 Subject: Banning Anonymity As Well (was Re: How I Would Ban Strong Crypto Message-ID: <199607161705.NAA19016@unix.asb.com> On 15 Jul 96 at 11:53, Bill Frantz wrote: [..] > I still think this whole GAK thing is going to fail on the, "Which > government?" question. I don't see either multi-nationals or their > governments wanting to share their secrets with each other, and I don't see > how to set up universal GAK to prevent that form of industrial espionage. > Also, the key which decodes the GAKed data is just too valuable and too > easy to steal. Assuming the info is encrypted with one GAK key, yes. There might be a series of keys, perhaps for each escrow agency, or an id-number that identifies the key. Note that such methods will not allow much anonymitiy, since each communication must be escrowed. The method used to id. the key can be used to trace a sender or receiver's id. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From david at sternlight.com Wed Jul 17 08:17:56 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 17 Jul 1996 23:17:56 +0800 Subject: Surf-filter lists In-Reply-To: <199607160541.BAA11900@yakko.cs.wmich.edu> Message-ID: At 10:41 PM -0700 7/15/96, Damaged Justice wrote: >Vlad: How can consumers make an informed decision as to which filter >they wish to purchase, if they are not told exactly what information >each product is filtering out? > >Meeks et al may be guilty of flamboyant, emotionalistic prose, but I >find the concept that the public is expected to buy various filters >without knowing what they filter...frankly, ridiculous. YOU and I may find it so, but you simply don't understand the mentality of those who will buy such filters without question. Vast numbers of people take the word of their minister, government, morality "guide", guru, or teacher without question. Why do you think Scientology has gone as far as it has? You don't think all those people who used the various blacklists circulated during the McCarthy era demanded original source documents, do you? I'm not comparing those who desire a "clean" computer environment in their homes with McCarthyites--I'm referring to the mental process of accepting certain kinds of "authority" without question--especially when it wraps itself in righteousness. We try to teach people (at least in the better schools) to question, and find out for themselves, but a lamentably small proportion do. David From maldrich at grci.com Wed Jul 17 09:07:10 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Thu, 18 Jul 1996 00:07:10 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: On Tue, 16 Jul 1996, The Deviant wrote: > Mark Aldrich wrote: > > The payload of getting false data out of a crypto algorithm, such that the > > data looks "real", when a duress key is input to the algorithm is not > > something that I've seen approached in any reasonable manner. Probably > > because it's just too damn hard and the notion of "real looking" data is a > > little hard to define scientifically. A combination stego/crypto solution > > may be more appropriate, but close examination of the box is going to > > reveal what happened (assuming the desired solution must withstand some > > protracted forensics?). The nuke_the_data or nuke_the_keys solutions are > > easier to do, and have been implemented in several situations of which I > > am aware. > > > > But, on the other hand, it wouldn't be to hard to have the user set both > keys (yeah, so that didn't actually say anything, so what...), and then do > an every-other-byte type thing (although that would be slow... every other > block would be more efficient), and have 2 EFS's in one file, and make it > so that on the "duress" one the extra space appears to be "free". > > One could make it a real file system, and add a fake disk error to prevent > over-writing of the "non-duress" filesystem. > One problem, however, would be how to keep the "decoy" data, accessible with only the ambush key, "fresh" in that it must undergo a certain amount of turbulence to appear real. The two file systems would essentially have to mirror each other, one with the juicy bits and one with the decoy bits. It would seem to be practically impossible to just build two file systems as one would 'disappear' when only the ambush key was used. Wouldn't it be sort of obvious that something was wrong if half the disk vanished? > > |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | > > This will sound odd, but did you know that "dockmaster" was the name of > the NSA's first unclassified computer? just wondering.... ;) > It's not odd at all. That account is, indeed, on the NSA's unclassified system. In my work, I sometimes support vendors taking products through the NCSC evaluation cycle. The dockmaster box is the place where the EPL records and other vendor materials are exchanged and/or published. Dockmaster accounts are available for anyone who works in the INFOSEC field, including private individuals. Quite honestly, it's of little use (the OS sucks) unless you need up to the minute EPL and/or common criteria stuff, etc. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From wb8foz at nrk.com Wed Jul 17 09:14:29 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 18 Jul 1996 00:14:29 +0800 Subject: Chancellor Group (symbol = CHAG) (new data) Message-ID: <199607161423.KAA01466@nrk.com> The SEC already is aware of this ahem activity. They are looking into it. If you have further data, direct it to Al Lapins of "OIEA" at the SEC..... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From perry at piermont.com Wed Jul 17 09:17:57 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 18 Jul 1996 00:17:57 +0800 Subject: Sternlight on C'punks In-Reply-To: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: <199607161639.MAA00191@jekyll.piermont.com> "Peter D. Junger" writes: > How does one set up a kill-file for a mailing list? I run a Linux box > with sendmail and use the MH mail system. > > My best guess is that I will have to install procmail, but would like > your advice before going to a lot of labor. You can use procmail. If you use MH, you can also use a combination of "pick" and "rmm" to nuke a specified list of users before going through your mail. Perry From hfinney at shell.portal.com Wed Jul 17 10:14:54 1996 From: hfinney at shell.portal.com (Hal) Date: Thu, 18 Jul 1996 01:14:54 +0800 Subject: Cookie alternatives Message-ID: <199607161607.JAA08875@jobe.shell.portal.com> There has been quite a bit of discussion recently about the "cookies" used by Netscape Navigator and their effects on privacy of users. Here is some background and some thoughts on alternatives. I think the term "cookie" goes back to the 1960's. According to legend, there was a virus-like program called "cookie monster" which would occasionally pop up on people's terminals and say "gimme cookie". You then had to type the word "cookie" to satisfy the program, and it would go away. The program was hidden in the core memory of the large, multi-user computer systems which were common in those days. I first heard "cookie" used similarly to its current context in the 1970's. It referred to a data item which would be given by a service to a client of that service, and which would be used on later interactions. I think the usage comes from the cookie monster, where you imagine the client saying "gimme cookie" to the server. The cookie is an "opaque" data item, that is, its structure if any is not visible or documented for the client. It has meaning only to the service. There is a similar concept in cryptography, the "nonce". A nonce is a random value which is generated by one party in a cryptographic protocol and which is exchanged at later stages of the protocol. The purpose of the nonce is to prevent replay attacks and to maintain continuity during the (possibly) many exchanges of data which make up the protocol. When the client sends a request to a service it includes a nonce, and the return reply includes the same nonce. This way the client can make sure that this is a reply to its current request and not something which is replayed from an earlier interaction. Cookies seem a little more general than nonces, in that nonces are pretty clearly supposed to be just random numbers, while cookies are more general and could have internal structure which is known by one of the parties, although it is usually opaque to the other. However I think in current usage on the web cookies are most commonly used basically as nonces, random values whose purpose is to maintain continuity in a series of interactions. When a server gives a cookie to a web browser, that browser supplies the cookie on future interactions with the server. The cookie probably does not have any specific data about the user or the interaction, but is used only to link up the interactions which take place. It is most probably used as an index into a database maintained on the server itself. Its only requirements for this purpose are that it is unique and that it can easily be used as such an index. One typical usage would be to maintain a "shopping cart" while browsing at a store. If I am visiting an online clothing store, I may choose to buy some pants, a shirt, and a jacket as I browse around. Each time I click on the "buy" button, my browser includes the cookie I received when I first visited the site. This indexes into a database on the server which is keeping track of what I have bought. With each new item, the cookie allows the server to add it to the correct virtual shopping cart. Then when I "check out", again the cookie allows the server to display everything I bought. Given that cookies generally work this way it is clear that the notion of editing cookies doesn't make much sense. If cookies are opaque data structures, changing them is just going to make them invalid. You might as well just delete them. This also implies that you don't have much control over what kinds of information the server is maintaining in its database which is indexed by your cookie. In the shopping cart example, the cookie is sent on every transaction, not just when you click to make a purchase. This will allow the server to track your progress through the site, see which if any ads you have seen, and generally record many details about your interactions. More generally, cookies are used for this purpose even on sites which do not need them for shopping carts. As a user of the web, I would prefer to have more control over the kind of information which servers gather about my browsing habits. Of course, since web interactions are voluntary, a server is free to put whatever restrictions it wishes on clients in return for letting them access its information. It can require clients to accept cookies, to register with their names and addresses, or to FedEx their firstborn children to the store, for that matter. Nevertheless to the extent that I have bargaining clout in these interactions, I will prefer systems which do not infringe so much upon my privacy. It is interesting to consider how shopping carts might be done without cookies and similar technologies which allow servers to get more information about me than necessary. I would prefer a system where the list of things I have chosen to buy is saved on my own computer, in a format I can clearly see, and without linking my purchase decisions to other browsing I may have done on that site. Consider a system where when I click on "buy", a dialog box pops up in the corner of my screen which is my virtual shopping cart. It holds a list of the items I have selected for purchase, with each new item appended to the list. When I go to check out, the contents of this dialog box are uploaded (with my permission) to the site, where payment arrangements are made. Since I can see what is being put into the dialog box and what is being uploaded, I know that I am controlling exactly what information is being revealed about me. I don't have to trust the server to protect my privacy by not recording excessive information about my browsing. (Given the difficulties in creating new protocols for this kind of support, I think a step in the right direction would be to change the user interface so that cookies are only sent upon user request. Maybe you have to shift-click or use some other key modifier to send a cookie. Then shopping pages could ask you to shift-click the buy button to add the item to your shopping cart.) All this is in accord with the general principle that we support here, of protecting privacy by limiting the collection of infringing data, rather than trying to pass laws to restrict the dissemination and sharing of such information. We support ecash since it allows transactions without identification, rather than using credit cards but trying to put legal restrictions on what the CC companies can do with their transaction data. Cookies allow many kinds of privacy infringing data to be collected. I would prefer to see alternate mechanisms to allow for the kinds of transactions that cookies are needed for, which allow users to protect their own privacy. Are there other uses of cookies for which alternatives are needed? Hal From remailer at yap.pactitle.com Wed Jul 17 10:40:10 1996 From: remailer at yap.pactitle.com (Yap Remailer) Date: Thu, 18 Jul 1996 01:40:10 +0800 Subject: Seek-and-Destroy In-Reply-To: Message-ID: <199607161805.LAA07334@yap.pactitle.com> > From: snow > Date: Mon, 15 Jul 1996 16:20:54 -0500 (CDT) > > On Mon, 15 Jul 1996, Declan McCullagh wrote: > > > Do NOT visit: > > http://xxx.lanl.gov/seek-and-destroy > > So of course I did. Very Interesting. > > Those guys *rock*. What do you mean very interesting? It was a total let down. It counted down for ten minutes and then that was it. I was hoping to get syn-bomed or bombarded with IP fragments or something. Very disappointing. From jsw at netscape.com Wed Jul 17 10:51:33 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 18 Jul 1996 01:51:33 +0800 Subject: Netscape download requirements In-Reply-To: <199607161436.JAA27358@homeport.org> Message-ID: <31EBFAE5.217@netscape.com> Adam Shostack wrote: > > First off, I applaud Netscape for making the US version available for > download. All of my comments here should be taken as questioning the > why's, not suggesting that the implementation is so onerous Netscape > shouldn't have done it. Although, you might want to add a link to a > page decrying the kafka-esque experience; perhaps Matt's 'My life as > an arms smuggler?' > > My question is, under what lawful authority would you release the > data? The ITARs don't seem to contain anything special, so would you > hand out lists on a subpeona? Individual names on a subpeona? Lists > on a warrant? This is from our US download FAQ at http://home.netscape.com/eng/US-Current/faq.html The information users provide when applying to download the 128-bit encryption software is used ONLY to verify eligibility. The U.S. government requires Netscape to maintain a log of software downloads should they deem it necessary under court order, to use this information in their investigations of illegal use or misrepresentation of information. If law enforcement got a court order to get the entire list, we would fight it in court as being over broad. > Incidentally, they seem to be doing a credit check sort of > verification; I gave a decade old address, and it worked fine. I feel > free to do this because I'm legally entitled to download strong crypto > software, and see no need to hand out my unlisted phone number in > doing so. We are not doing any type of credit check. We are doing some address verification using local databases, so these queries don't go into anyones tracking database. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rah at shipwright.com Wed Jul 17 11:11:33 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 18 Jul 1996 02:11:33 +0800 Subject: DCSB: Betting on the Future In-Reply-To: Message-ID: At 10:30 PM -0400 7/15/96, Charley Sparks wrote: > If I can't wear a V2 PGP T shirt It ain't good enuf to attend... Thank you for your input. >cheap >lunch too In light of the following .sig, I hope I'm forgiven if I'm caught repressing a giggle or two... > Charles E. Sparks > Booz Allen & Hamilton ^^^^^^^^^^^^^^^^^^^^^ > http://www.clark.net/pub/charley/index.htm > In God we trust, All Others we encrypt > Public Key at: http://www.clark.net/pub/charley/cp_1.htm Seriously, Charley, We're just a bunch of people who work downtown (for the most part) who're interested in things financial and internet, with a focus on financial cryptography (for the most part). Most of us wear suits to work, so getting past the Harvard Club dress code for lunch isn't that a big deal. Besides, the view is nice, and $27.50 once a month (besides the obligatory rubber chicken, it pays for the speaker's lunch, the room, and whatever A/V the speaker needs) never killed anyone with a *job* (like, say, *yours*?). Hell, Charley, I bet even *your* boss wears a suit to work. Or maybe your boss's boss... :-). To quote Tom Wolfe quoting Chuck Yeager in "The Right Stuff" (in a discussion of flying and driving fast and drinking and screwing and hell-raising and flying, I believe), "I wouldn't recommend it, mind you, but it *can* be done." Wearing a suit and talking crypto, I mean. You ought to try it. It *can* be done. If people like Perry, and Duncan, and Futplex, and Kent Borg, and Adam Shostack, and Carl Ellison and, someday, Unicorn (who threatens to, just about every month, even though he probably wears a suit already, wherever he is) can, you can, too. Consider it an opportunity to see if the ol' interview suit fits. If it doesn't, Charley, don't forget to save up for that next one. After all, after working at a place like Booz Allen, it's all downhill, right? The next job you get recruited for may not come with that nifty clothing allowance. ;-) Cheers, Bob Hettinga Moderator, The Digital Commerce Society of Boston ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From cmcurtin at megasoft.com Wed Jul 17 11:18:57 1996 From: cmcurtin at megasoft.com (C Matthew Curtin) Date: Thu, 18 Jul 1996 02:18:57 +0800 Subject: Chancellor Group (symbol = CHAG) In-Reply-To: Message-ID: <199607161356.JAA08263@research.megasoft.com> For the web-impared interested in complaining to the SEC about the twits who keep sending us "big invenstment secrets," I submit the following, from http://www.sec.gov/consumer/seefraud.htm Seen a Potential On-Line Fraud? Tell Us About It! We want to hear about securities fraud appearing on-line, by telephone or in the mail. The specialists in the SEC's Office of Investor Education and Assistance can also answer your questions or help you to try to resolve your complaints. You can reach the SEC by calling (202) 942-7040 or by visiting our web site at www.sec.gov. Look for our e-mail address, which will appear shortly. You can also write to: Securities and Exchange Commission Office of Investor Education & Assistance 450 Fifth Street, N.W. Mail Stop 11-2 Washington, D.C. 20549 If you have seen a potential on-line investment fraud, call the SEC's Internet Fraud Hotline at (202) 942-4647. To reach your state securities regulator, check our state government section, in your phone book, or call the North American Securities Administrators Association (NASAA), Inc. at (202) 737-0900 -- C Matthew Curtin MEGASOFT, LLC Director, Security Architecture cmcurtin at research.megasoft.com http://www.research.megasoft.com/~cmcurtin/ Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From mrose at stsci.edu Wed Jul 17 11:23:26 1996 From: mrose at stsci.edu (Mike Rose) Date: Thu, 18 Jul 1996 02:23:26 +0800 Subject: Government: Home-Business In-Reply-To: <199607160811.EAA00698@smtp1.interramp.com> Message-ID: <9607161806.AA14802@MARIAN.SOGS.STSCI.EDU> >Dear Friend, >Thank you for your interest. Please take a minute to read this >important information or simply print it out. >All the information here is 100% accurate and can be verified >with the Department of HUD in Washington D.C. I'm getting more and more of this kind of crap sent to me. I have a procmail script which greps a file of undesirable addresses I've compiled, but that hasn't proven very useful as there aren't many repeat offenders. (the procmail script is available at http://www.universe.digex.net/~mbr/unix/junkmail.html) How are other people dealing with this? Mike From declan at well.com Wed Jul 17 11:37:19 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 18 Jul 1996 02:37:19 +0800 Subject: Surf-filter lists Message-ID: >Vlad: How can consumers make an informed decision as to which filter >they wish to purchase, if they are not told exactly what information >each product is filtering out? > >Meeks et al may be guilty of flamboyant, emotionalistic prose, but I >find the concept that the public is expected to buy various filters >without knowing what they filter...frankly, ridiculous. Flamboyant prose? Moi? Never! More to the point, as I wrote at the end of the original CWD, it's a bait-and-switch maneuver. Go after porn, they say, but the censor political information. And you don't know about it. -Declan From homebiz at flock.mwci.net Wed Jul 17 11:37:38 1996 From: homebiz at flock.mwci.net (Creative Financial Alternatives) Date: Thu, 18 Jul 1996 02:37:38 +0800 Subject: Government: Home-Business Message-ID: <199607160811.EAA00698@smtp1.interramp.com> Dear Friend, Thank you for your interest. Please take a minute to read this important information or simply print it out. All the information here is 100% accurate and can be verified with the Department of HUD in Washington D.C. *************************************************************** Honest Home-Business NO MLM or SELLING involved Earn $500 to $1,000 per week guaranteed. *************************************************************** *************************************************************** NOW YOU CAN MAKE UP TO $1,000.00 A WEEK OR MORE, IN YOUR SPARE TIME WORKING AT HOME AND HELPING THE GOVERNMENT FIND PEOPLE WHO THEY OWE MONEY TO! *************************************************************** You'll be your own boss. Work when you want... as much as you want. Sound Good? Then, read on because it gets a whole lot better!! Dear Friend, The truth is, the US Government really does have money to give away. In fact, right now there is more than $70,000,000.00 that legally belongs to millions of unsuspecting US citizens. Where does this money come from? When the US Department of Housing and Urban Development (HUD) and the Federal Housing Administration (FHA) approve a loan for a house, 1/2 of one percent of the loan amount is added by HUD/FHA to the loan interest as insurance in the event that the borrower does not pay the mortgage. That money accumulates interest over the life of the loan. If the house is taken away from the borrower through foreclosure, that money is forfeited. However, when the borrower pays off the loan, they are entitled to a full refund of that money. Over 20-30 years, that can add up to a substantial amount of money!! So what does this mean for you? EASY MONEY!! I'll explain. Most people do not know that this amount is due to them- many have relocated. Since HUD/FHA doesn't have the resources to track down each and everyone of the borrowers due a refund, they developed the Refund Tracer Program for the purpose of allowing people, just like you, to earn money by locating borrowers. You see, thanks to the little known Mortgage Refund Tracer Program, you can easily perform a valuable service. As a Refund Tracer, you can help return millions of dollars to rightful owners and collect part of what you return in processing fees. Just think of it!! A fantastic opportunity to earn substantial amounts of money. You can start right away and earn $300 to $1,000.00 a week or more, right from your own home. There is really no limit what you can earn. It's up to you how much you want to work. You can be young or old, male or female, single or married, employed or unemployed. It doesn't matter. A WIN/WIN/WIN SITUATION! The government wins since the money must be refunded to it's rightful owners. The borrower wins because he or she receives money the borrower is entitled to. You win because you receive a generous processing fee. Everybody wins! NO EXPERIENCE NEEDED The good news is that you don't need experience, or special training. In fact, if you can read, write, and follow simple step-by step instructions, you can earn lots of money in this business. That's where the REFUND TRACER PROGRAM MANUAL comes in. It explains everything you need to know. It is a step-by-step instruction manual that will show you secrets that will allow you to start receiving cash payments quickly. Nothing will be left unanswered, and once you have the manual, you will not have to purchase anything else from us. Here's an example of what you'll get... * An information-packed manual with easy to follow instructions. * All government forms provided by HUD/FHA * Sample letters needed to inform borrowers that you are a Refund Tracer and are willing to help them get what is due to them. Plus, all other letters you will be sending during the processing time period. * A FREE STATE Listing for any STATE. * You'll also have our technical support along the way. * SPECIAL BONUS " Personal Complete Guide to the Internet". This is a 175 page 15 Chapter E-Book that covers the whole Internet and it is yours FREE when you order our program within the next 10 days. Here's some of what you'll learn... * How to obtain names of people due mortgage refunds from HUD * The easiest ways to locate those due a refund * How to contact them to get an immediate response * How to process the necessary forms so that refunds are promptly issued * How to claim your share of their Government refund ...and much more! You can get started immediately without any special training or education and our manual will show you how. You will be able to start making money almost at once. You can get started on a shoestring!! You will be amazed at how easy it is. Imagine, earning hundreds....even thousands of dollars each week helping the government refund money. It will give you a good feeling just knowing you are helping people receive money they didn't know they had coming. You'll be getting paid for doing it! In 1986, Congress mandated that HUD make available to the general public lists of borrowers who were due refunds. We investigated and discovered one of "The Best Kept Money-Making Secrets In America". When I learned of the little-known Refund Tracer Program, We knew it was just what we had been looking for. This is probably the easiest, 100% legitimate, way to make money from scratch ever! You will find that... The fastest and best way to make a HUGE amount of money quickly is to trace people who have MILLIONS of DOLLARS in refunds due to them and then claim YOUR SHARE in Processing Fees. As long as HUD/FHA continues to approve loans, the money will never stop growing. Your money- making potential is endless! Every month, thousands of names become available for processing, names that are available for you to earn cash by helping borrowers receive their government refunds. WHAT COULD BE EASIER? Now just ask yourself, what message is more powerful than telling someone that you are going to help them receive a substantial sum of money that they didn't know they had coming? Believe us, they will love you for it, and will be more than happy to pay your fee. But this is only part of what makes this program so easy to use. Our manual will make it even easier for you to get started earning CASH RIGHT NOW! THE ULTIMATE WORK-AT-HOME MONEY-MAKER!! We know what you're thinking (it sounds too good to be true). But believe us, it is 100% true and completely legitimate. Imagine a money-making program that was established by the government. You can do this right at your kitchen table, or if you have a computer your even one step ahead. Let your computer start helping you make some money, instead of costing you money! The Refund Tracer Program is recognized as an extension of the services provided by HUD/FHA. This program is a gratifying way to earn extra money, especially since you are also helping someone else at the same time. The work you will be doing is simple, pleasant and absolutely anyone can do it! Without any formal training or education, Refund Tracers who have just started are earning $300 to $1,000 or more a week! It depends on your determination, and how much you want to make! If you have any additional questions for us feel free to call us at: 216-226-8799. Please don't delay. The only way you can lose is doing nothing, and that would be a shame. You owe it to yourself and your family. So act now. You'll be glad you did! We give you everything you need to get started right away, including a FREE state listing Nobody can even come close to matching this offer. Other people sell you the Manual then charge extra for the State Listing, not us. We give you the whole business for almost nothing. For a small amount, you can take a big step towards financial independence. We're looking forward to hearing from you! Plus, if you order the program we will personally assist you with any ideas or questions you may have while working the program, so your not alone in this. We'll be here to help you along you're way Below is an example of the State Listings. ---------------------------------------------- Name Address & City Case# & Zip Date & Money owed ------------------------------------------------------------- Smith, Joe 1626 Ansel Drive 441-024360 07/06/94 Dayton OH 45416 $1,800.00 Virgil Baker 804 10th Avenue 411-031524 03/01/95 Middletown OH 45042 $1,134.76 ------------------------------------------------------------------------- As you can see you are provided with quite a bit of information. This is what make the program so EASY to work!!! ********** 90 DAY MONEY BACK GUARANTEE ************** Here's how our policy works all you have to do is try the program for 90 days then if your not satisfied simply return it for a refund. So you have nothing to lose. If your looking for a real opportunity you found it. Respectfully yours, Creative Financial Alternatives The Program Only Costs $33.95 Send payment to: Creative Financial Alternatives Unclaimed Funds 18645 Detroit Ave. Suite 714 Lakewood, Ohio 44107 We accept Money Order or Check Made Payable to: Creative Financial Alternatives We are pleased to announce were able to accept checks by phone or fax to help you get started immediately. If you want to get started right away. The purpose of accepting checks by phone and fax is that it speeds up the process so you can get started immediately. Phone us at: 1-216-226-8799 Fax your check to: 1-216-226-3225 * Please note that if you do check by phone or fax you will need to keep that specific check for your own records. Please do not mail it to us or deposit it at your bank. Simply void it out and keep it for your own records. ************* QUESTIONS & ANSWERS ***************** You are bound to have some questions about the Government Refund Tracer Program. Below are some commonly asked questions and my straightforward answers. Also, if you have any questions that aren't answered below please call us at: 216-226-8799 We'll be glad to answer them for you. Q: Is the Government Refund Tracer Program legal? A: Yes, in 1986 Congress mandated that HUD make available to the general public lists of borrowers due refunds. Subsequently, HUD created the Tracer Program. Q: Can I do this from any state? A: Yes, you can live in one state and trace people in another state, you can do it from anywhere! Q: How much does the Tracer receive? A: We recommend 25%-30%, of the refund. Q: How do I obtain the names of the refund recipients? A: You can get them directly from HUD or us. Q: Why can't the person owed a refund get the money for themselves? A: They can, however the vast majority of people don't know anything about the Government refund process. They would need a case number and other specific information only you have. This lack of knowledge is what makes the tracer so valuable, because they can't do it without you. Q: Does this program require a large investment? A: No, expenses (such as lists of names, stamps,etc.) will depend on how large an area you intend to cover and since you will be self-employed these expenses will be tax-deductible. Most of your investment will be your time and effort. Q: What is the average refund amount? A: The average refund amounts range from $800-$1,000, but refunds of $4,000 are not unheard of. It all depends on the area or state you target. Q: If I did a refund for $1,130.94 how much would I get? A: Your fee is 30% so you would get $339.28 for that one claim!! Q: How do I find these people? A: You can go through the phone book directory or if you have a computer with a CD-ROM drive you can purchase a copy of "Home Phone" it's a directory of over 85 million residential phone numbers. The majority of these people are still at the current addresses on the form from HUD. Thank you very much and we look forward to talking with you in the near future. Creative Financial Alternatives 18645 Detroit Ave. Suite 714 `\|||/ Lakewood, Ohio 44107 (o o) Phone: 216-226-8799 Fax: 216-226-3225 ooO_(_)_Ooo________________________________________________ _____|_____|_____|_____|_____|_____|_____|_____|_____|_____| _____|__ __|_____|_____|_____|_____|_____|_____|_____|_____| _____|_____|_____|_____|_____|_____|_____|_____|_____|_____| From sameer at c2.net Wed Jul 17 11:38:06 1996 From: sameer at c2.net (sameer) Date: Thu, 18 Jul 1996 02:38:06 +0800 Subject: COMMUNITY CONNEXION ANNOUNCES STRONGHOLD VERSION 1.2 Message-ID: <199607161757.KAA02868@atropos.c2.org> For Immediate Release - July 16, 1996 Contact: Sameer Parekh 510-986-8770 COMMUNITY CONNEXION ANNOUNCES STRONGHOLD VERSION 1.2 Oakland, CA - Community ConneXion, Inc., the leader in uncompromising security for the World Wide Web, today announced the release of its newest version of Stronghold: Apache-SSL for the US. Stronghold is a webserver based on the popular Apache server, which has the highest marketshare of all webservers on the Internet according to the Netcraft server survey at http://www.netcraft.com/survey/. Stronghold's marketshare has more than doubled every month since its release in January of this year. "[The competition]'s secure servers just didn't work the way we wanted them to; the interface was clunky and required firewall adjustments to run, the access control didn't work well for us, and it was just too black-boxey for us," commented Dan Kearns, of the Motorola ISG Internet Business Group. "We like the lean/mean-ness of Apache in general, and the actual useful development that goes on. We look forward to generating client certificates for our channel partners using the bundled internal certificate authority tools." "We have been working with Community ConneXion for over a year to enable our Digital IDs in their Stronghold server products," said Greg Smirin, Product Line Manager at VeriSign, Inc. "We look forward to using their new version of Stronghold to demonstrate client certification on our own website." VeriSign is the leading provider of digital authentication services and products for electronic commerce and other forms of secure communications. "Stronghold is the first widely used web server that can authenticate clients on the basis of their digital certificates," said Dr. Andrew Csinger, President of Xcert Software, Inc. "Stronghold is a natural server platform for Xcert's Sentry suite of security enhancement products. The combination of Stronghold's uncompromising security profile and Xcert's flexible certificate management and secure database technology represents great value and convenience for Internet users." Xcert and C2 have entered into a co-marketing agreement to provide easy access to the Stronghold/Sentry bundle. The Stronghold/Sentry combination puts organizations of any size in control of their own security, allowing them to cost-effectively implement secure Intranets based on public key certificates. Xcert Software, Inc. is the premier provider of security enhancement software for safe and secure commercial Internet applications. Xcert's Sentry product line is the first cross-platform, server-independent public key infrastructure implementation. A live demonstration using the Stronghold webserver has been available on the company's website since April 1996 (http://www.xcert.com). Because it is based on Apache, Stronghold can be used with the innummerable third party CGI and Apache API applications which have been developed for Apache, including perl & python integration, database connectivity, and Kerberos support. "Direct support within the server for scripting languages can produce an excellent performance improvement over standard CGI methods," said Sameer Parekh, President of Community ConneXion, Inc. Community ConneXion ships binaries for Sparc Solaris 2.5, x86 Solaris 2.5, Sparc SunOS 4.1.3_U1, DG/UX, FreeBSD 2.1, BSDI 1.1, AIX 3.2.5, IRIX 5.3, HP/UX (9 & 10), OSF/1, UnixWare, Ultrix, BSDI 2.0, and Linux (ELF & a.out). Additional platforms may be supported on request. Stronghold may be ordered and downloaded at http://www.us.apache-ssl.com/. Portions developed by the Apache Group, taken with permission from the Apache Server http://www.apache.org/. This product includes software developed by Ben Laurie for use in the Apache-SSL HTTP server project. This product includes software developed by Eric Young (eay at mincom.oz.au). From usura at replay.com Wed Jul 17 11:40:37 1996 From: usura at replay.com (Alex de Joode) Date: Thu, 18 Jul 1996 02:40:37 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: <199607162048.WAA07892@basement.replay.com> [..] : "Ecash" is a registered trademark of DigiCash. It is registered : with the Benelux trademark office and the United States : trademark office. I believe that it is considered unwise to use : minor variations on trademarked names, but I'm not an : intellectual property rights lawyer. The Benelux (Netherlands, Belgium and Luxembourg) trademark laws don't allow for slight variations, certainly not if there is a change that people get confused, it is very very likey that the judges of the benelux trademark court will decide that ecash and e-cash are just to simular, and will thus confuse the public. (art 5 lid 1 BMW) btw: I'm surprised DigiCash didn't file for a European Trademark, but opted for Benelux and US protection. bEST Regards, -- -AJ- From wombat at mcfeely.bsfs.org Wed Jul 17 11:45:52 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Thu, 18 Jul 1996 02:45:52 +0800 Subject: Washington Post -- "Block but Verify" In-Reply-To: Message-ID: On Mon, 15 Jul 1996, Declan McCullagh wrote: > [An editorial in today's Washington Post, about blocking software and the > CyberWire Dispatch that Brock and I sent out earlier this month. --Declan] > > http://www.washingtonpost.com/wp-srv/WPlate/1996-07/15/006L-071596-idx.html > > Editorial: "BLOCK, BUT VERIFY" > > Monday, July 15 1996; Page A18 > The Washington Post > > > read. One pitfall, though, as Messrs. McCullough and Meeks observe, is > the commercially inspired reluctance of many of these producers of > software to specify exactly what they are blocking. Though A user-selectable menu would be, umm, interesting ... just how could one describe, in terms offensive to absolutely no one, what one's product is offering to block? -r.w. From Doug.Hughes at Eng.Auburn.EDU Wed Jul 17 11:49:08 1996 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Thu, 18 Jul 1996 02:49:08 +0800 Subject: Sternlight on C'punks In-Reply-To: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: >How does one set up a kill-file for a mailing list? I run a Linux box >with sendmail and use the MH mail system. > >My best guess is that I will have to install procmail, but would like >your advice before going to a lot of labor. > procmail is a very effective and good way, and it doesn't require a lot of effort. Just download, configure, compile, and install. It's fairly mindless. Just follow the install instructions. -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug at eng.auburn.edu From llurch at networking.stanford.edu Wed Jul 17 11:54:47 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 18 Jul 1996 02:54:47 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 16 Jul 1996, Timothy C. May wrote: > There were some flames, which I mostly ignored. Also, a peculiar kind of > flame war dealt with endless speculations about his "motives." Utter > nonsense, from careful reading of his views. That is, to insinuate that he > is an agent of the NSA or the Bilderberger Grand Conspiracy merely because > he (then) argued that Clipper was not as bad as most of us thought it > was...well, that's just nonsensical. But he's still a fucking statist. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMevrWJNcNyVVy0jxAQEOKQIAkR1jvexshPPQ3ceFJE5CZOu/Hxo0Zfrc dZlMN5pmkNkgxpiXuvaQ3C9HOVJSvLHkTczEHlrtRxPjmuM5hQdN6w== =C+sD -----END PGP SIGNATURE----- From deviant at pooh-corner.com Wed Jul 17 12:02:35 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 18 Jul 1996 03:02:35 +0800 Subject: Why was blocked. In-Reply-To: <9607160301.AB00207@cti02.citenet.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 15 Jul 1996, Jean-Francois Avon wrote: > Date: Mon, 15 Jul 1996 22:57:13 -0500 > From: Jean-Francois Avon > To: cypherpunks at toad.com > Cc: Anonymous Remail Service > Subject: Re: Why was blocked. > > On 15 Jul 96 at 21:28, Anonymous Remail Service wrote: > > > >On 13 Jul 96 at 22:22, root at mail.demon.net wrote: > > > > > >Could you please explain me why my message was blocked? > > > > Because you're an asshole? Why in the world would you ask the > > entire fucking cypherpunks list, instead of just > > root at mail.demon.net, to "please explain me[SIC] why my message was > > blocked?" You are constantly harassing, so you were blocked. Deal > > with it. me > > Dear flamer, > > Obviously, you did not learn to read. Go back to school. > > I asked the root at mail.demon.net to explain why I was blocked and I > asked CPunks to reply to the post "below", which was my original > question. > > > What I asked on the CPunks list was the following: > > Is the fact that a realdeal.exe /per (wiped with zeroes) processed > drive weakens the idea encryption of a Secure Drive 1.4a'ed drive? > Umm.. when telling other ppl that they do not know how to read, it might be usefull to use sentances with a subject AND a predicate. I know that this is something they taught you _way_ back in second grade, but you should still remember it. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMevw/TAJap8fyDMVAQEQVAf9ErBTDfiYcc3WguJnN3pJcfiqbiBZqsze yAZ9D++UaD5unz7Odf0jR6wJqsC20uHHP5h61eH/2UaUbY+x2j1aBxnndq8aXyou eDYlfappL3C81gn3NMrBsFGWONMohvipywmuFWuvUDou9vKs+wBJcECZk4FcWsnY XXOoEtjc5w/H9lnQQBfdOpFbTqxHYfrl8yE4KrqMh+zbwJ8ebdm+YZ8nPMFmoW99 nBsOfbAAoVC2tKBxm1QcSEocR1y91Kphgrm92Vca05DIZcmt+yFnWLr6PLjvWhBc 82pWxlPgldMdX/ItIjzGIaZO7YzI1OnnRGPIU+79pseDBBCGqSJRVg== =cmSa -----END PGP SIGNATURE----- From wombat at mcfeely.bsfs.org Wed Jul 17 12:04:39 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Thu, 18 Jul 1996 03:04:39 +0800 Subject: CookieScan 0.0 rev 0 In-Reply-To: <199607160116.SAA24413@apple.com> Message-ID: > >Christopher Hull wrote: > >> What I imagine is a little utility that would > >> display the cookies stashed on a machine and > >> give the user the option to either delete or > >> edit any given cookie. > >> (Hey, it�s *your* computer, not the website�s). > > > > I doubt that you will have much luck here. Many (most??) sites > >that use cookies tend to encode or obscure them so that they are not > >human readable. Certainly anyone doing something questionable > >will obscure their cookies so that they will not be user readable > >or editable. > > > I agree. Editing is problematic. > Yes, editing is difficult, often a trial-and-error effort if you don't know what the site is looking for. You generally end up with a cookie that is ignored by the server, which then acts as though no cookie were involved. I have yet to see a "damaging" cookie, outside of the stupidity of trying to pass a plain-text password across the 'net for storage on the client. Anybody seen any interesting problematic cookies? - r.w. From Ryan.Russell at sybase.com Wed Jul 17 12:07:28 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Thu, 18 Jul 1996 03:07:28 +0800 Subject: Seek-and-Destroy Message-ID: <9607162030.AA16491@notesgw2.sybase.com> I've thought about similar things... I thought it would be more interesting to start feeding it a huge list of words so that my host would show up on just about any search.. Or, feed it an infinite string of characters. Ryan ---------- Previous Message ---------- To: Ryan.Russell cc: snow, declan From: snow @ smoke.suba.com @ smtp Date: 07/16/96 02:26:39 PM Subject: Re: Seek-and-Destroy On 16 Jul 1996, Ryan Russell/SYBASE wrote: > I tried it... > it just seemed to threaten me for about 10 minutes, and > then disconnected. Couldn't see any effect. > What was supposed to happen? Would it have tied up a "spider" for ten minutes? If so, then that is probably enough. Personally I'd have started dumping bogus link, or set up about 2000 circular links to keep the damn thing busy. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From deviant at pooh-corner.com Wed Jul 17 12:11:23 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 18 Jul 1996 03:11:23 +0800 Subject: DES & IDEA built right into the Linux kernel... In-Reply-To: <4se8do$dlp@abraham.cs.berkeley.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 15 Jul 1996, Ian Goldberg wrote: > Date: 15 Jul 1996 13:07:20 -0700 > From: Ian Goldberg > To: cypherpunks at toad.com > Newsgroups: isaac.lists.cypherpunks > Subject: Re: DES & IDEA built right into the Linux kernel... > > In article <199607130507.WAA25103 at myriad>, > Anonymous wrote: > >> Nicholas Leon has created tools that allow DES > >> and IDEA encryption at the device level for the Linux kernel. Some of > >> the patches are in the 2.0.4 kernel, and the rest can be found at > >> > >> http://www.binary9.net/nicholas/linuxkernel/patches/ > > > > > >Yep, you can mount encrypted files or partitions as filesystems. (sorta > >like securedrive/securedevice for messydos.) Nifty stuff... > > Except that last I checked (2.0.6) it was completely insecure. The > DES-encrypted filesystem ignored your password and always used a key of > all 0's (which is a weak key in DES, to boot). I've been touching it up > to do DES and IDEA _right_ (CBC mode within each block, IV based on block > number), and plan to put in some simple stego as well. > > - Ian Hrmm.. Sounds interesting... how long till your patch is done? --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMevscDAJap8fyDMVAQE4Dgf8DMS7BeiCQQvbzsF1d1egJPzv1TPW3y+J Sy8LglsqPxkYs4NynN6xwtWupKrkDUb5J5GjzkzOVD85NTlCxHxufiU5zi2u3lWV /+a6sybvIKR+MikogveQFqQqZTngFeIJBnAUdPIfybQz2gubGGdEJW0zv7eDvFlX GnWDkYpRcZbq3MiF188oRAjrSOUhJn2htFYkRaYLvuKwASaki4yfMShqMA4BYclx etxpj2lIXeJQJuF1iGyNKjGGWKaPhZYXRHT+rThufYczsUHdjb1kzdJ+dbfhAi7H OY204pjv/FhZ/ny3KFK5cqP38vXQex76IO16v7mrttmRpmbOCT9stg== =BliQ -----END PGP SIGNATURE----- From jim at ACM.ORG Wed Jul 17 12:15:44 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Thu, 18 Jul 1996 03:15:44 +0800 Subject: Opiated file systems In-Reply-To: <199607161705.NAA19009@unix.asb.com> Message-ID: <199607162030.NAA10344@mycroft.rand.org> "Deranged Mutant" writes: >A problem with a c'punk-style encrypted fs with source code and wide >distribution is, of course, that attackers will KNOW that there is a >duress key. Good point. This suggests a design desideratum for any such system should be that the user may choose not to have a duress key, maintaining semi-plausible deniability for those who choose to have one. Jim Gillogly 23 Afterlithe S.R. 1996, 20:29 From Ryan.Russell at sybase.com Wed Jul 17 12:24:27 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Thu, 18 Jul 1996 03:24:27 +0800 Subject: Seek-and-Destroy Message-ID: <9607161921.AA14315@notesgw2.sybase.com> I tried it... it just seemed to threaten me for about 10 minutes, and then disconnected. Couldn't see any effect. What was supposed to happen? Ryan ---------- Previous Message ---------- To: declan cc: cypherpunks From: snow @ smoke.suba.com @ smtp Date: 07/15/96 04:20:54 PM Subject: Re: Seek-and-Destroy On Mon, 15 Jul 1996, Declan McCullagh wrote: > Do NOT visit: > http://xxx.lanl.gov/seek-and-destroy > So of course I did. Very Interesting. Those guys *rock*. > The sysadmins for xxx.lanl.gov don't like robots visiting their web site, They also aren't real happy with PC's, Mac's, or Netscape. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From frissell at panix.com Wed Jul 17 14:53:49 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 18 Jul 1996 05:53:49 +0800 Subject: US versions of Netscape now available Message-ID: <2.2.32.19960716103638.00835c08@panix.com> At 04:18 PM 7/15/96 -0700, sameer wrote: > Not like that's tough to figure out. Congrats. It's cool to >actually be able to connect to my webserver using real encryption. >Glad the lawyers don't think Barksdale is going to jail anymore. I'm glad too. So how many minutes did it take to leak overseas? DCF From provos at wserver.physnet.uni-hamburg.de Wed Jul 17 15:05:40 1996 From: provos at wserver.physnet.uni-hamburg.de (Niels Provos) Date: Thu, 18 Jul 1996 06:05:40 +0800 Subject: Advances in Quantum crypto Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hi! AFAIK is 24 km the longest connection ever realised so far. The group of N. Gisin at the Univsersity of Geneva tested a quantum channel below the Geneva lake with a length of 24 km. To be found at: A. Mueller, H. Zbinden and N. Gisin, Nature 378, 449(1995) A Bibliography of Quantum Cryptography can be found at http://www.iro.umontreal.ca/~crepeau/Biblio-QC.html I think there is something on Quantum Cryptography from Los Alamos National Laboratory on Crypto'96 in August. They managed 7.5 km so far ? Greetings Niels Provos =8) - - PHYSnet Rechnerverbund PGP V2.6 Public key via finger or key server Niels Provos Universitaet Hamburg WWW: http://www.physnet.uni-hamburg.de/provos/ Jungiusstrasse 9 E-Mail: provos at wserver.physnet.uni-hamburg.de Germany 20355 Hamburg Tel.: +49 40 4123-2504 Fax: -6571 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAgUBMetz8sweILHCAJhBAQFRCgP/ZX4KomR7kOMrozj56iksT6Cej/Xmpoo7 WviBQFbE5SMwaDmm+z2qRMPdcmpGHVkB1ct7zElS25gDT38IglIQqn77F3/hHpdO 4a6+bE28Qy/rR4kSTUjCzWHYsI6Q9U8ZoHpLpZKT8i90Y9KwSvfK1yd+9eIj/q3S g8c9XgoyRaM= =IVfw -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Wed Jul 17 16:13:41 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 18 Jul 1996 07:13:41 +0800 Subject: Opiated file systems Message-ID: <199607161705.NAA19009@unix.asb.com> A problem with a c'punk-style encrypted fs with source code and wide distribution is, of course, that attackers will KNOW that there is a duress key. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From sparks at bah.com Wed Jul 17 16:30:59 1996 From: sparks at bah.com (Charley Sparks) Date: Thu, 18 Jul 1996 07:30:59 +0800 Subject: Stego Software Message-ID: -----BEGIN PGP SIGNED MESSAGE----- cypherpunks at toad.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCXAwUBMeudE+J+JZd/Y4yVAQFk1gQKA34V+zLw4kfr2kGFy4mLIVQ64cvY6LIo hnqAbX83gIkIgyDcs7DTEpwcanxsdGM4b0ggulvuAFJVPv3VgkK3iw/9lXhEeswG UA6En0v0s9apR5JFGiGIqSnqRt11X+jehgSLMDI/IVALazn9SE9bbw03osv4xF33 Lh/Z7HOKS4071g== =SjHE -----END PGP SIGNATURE----- Charles E. Sparks Booz Allen & Hamilton http://www.clark.net/pub/charley/index.htm In God we trust, All Others we encrypt Public Key at: http://www.clark.net/pub/charley/cp_1.htm From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Jul 17 16:42:51 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 18 Jul 1996 07:42:51 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu> How does one set up a kill-file for a mailing list? I run a Linux box with sendmail and use the MH mail system. My best guess is that I will have to install procmail, but would like your advice before going to a lot of labor. I supose that it would be easier just to unsubscribe from cypherpunks, but that would be rather self-defeating. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From WlkngOwl at unix.asb.com Wed Jul 17 16:44:48 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 18 Jul 1996 07:44:48 +0800 Subject: Global Government Access to Keys (GGAK) Message-ID: <199607161705.NAA19024@unix.asb.com> On 15 Jul 96 at 8:53, Timothy C. May wrote: [..] > There are some interesting "public relations" stunts we can use to > undermine support for the concept of GAK: > > * Announce in corporate press releases (for some Cypherpunkish company?) > that "As per the laws of the Libyan Arab Jamahiriya, we have provided Col. > Qaddaffi's Office of People's Security with our encryption keys for all > communications passing into, out of, or over Libyan soil." Just replace it with the French government. They've already a reputation for abusing escrow. [..] > There are other aspects of GAK which also collide with basic values. For > example, consider several classes of communications we consider > "privileged": Supposedly 'exceptions' would be made for situations such as medical records, etc. What those exceptions are, and whether they are really more than superficial (ie, escrowed but larger keysize) exceptions is another question. > -- attorney-client discussions, in person or over phone lines. > -- doctor-patient discussions > -- psychiatrist--patient discussions > -- priest--penitent confessions What about 'journalist--informant'? The Clinton admin will ask "Ah, but what if they forget their keys?" This is nonsense. It would require a standardized way to return record storage keys to someone, and a secure means of doing so... a whole other can of worms. Many of these relationships have been compromised when the state sees fit anyway. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From tomw at netscape.com Wed Jul 17 16:45:16 1996 From: tomw at netscape.com (Tom Weinstein) Date: Thu, 18 Jul 1996 07:45:16 +0800 Subject: US versions of Netscape now available In-Reply-To: <2.2.32.19960716103638.00835c08@panix.com> Message-ID: <31EBE5F3.41C6@netscape.com> Duncan Frissell wrote: > > I'm glad too. So how many minutes did it take to leak overseas? I have heard no reports of it leaking overseas. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From declan at well.com Wed Jul 17 17:16:50 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 18 Jul 1996 08:16:50 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: The emerging consensus is, in fact, nonexistant. Gorelick trotted out the same fiction when she, Leahy, Sen. Kyl, and White (deputy defense secretary) testified before the Senate permanent subcommittee on investigations this morning. (Note that Leahy is only occasionally a friend of the Net. His original crypto bill had troubling additional criminal penalties; he shepharded Digital Telephony through Congress; he is a co-sponsor of the vile copyright bill pending right now. In sum, he'd hurt the Net more than help it. This becomes a problem when netizens hold him up as an champion of our freedoms -- and then when DT II comes along his fellow senators think it's okay to vote for it 'cuz Mr. Net, Leahy, is a cosponsor.) My rebuttal to Gorelick's fantasy is: well, what about Japan, where the country's constitution forbids wiretapping? -Declan Michael writes: >On Sun, 14 Jul 1996, Timothy C. May wrote: > >> So, who is in this "emerging consensus"? >> >Foreign governments? >(Process of elimination, not inside info...) > > > >A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) >Associate Professor of Law | >U. Miami School of Law | froomkin at law.miami.edu >P.O. Box 248087 | http://www.law.miami.edu/~froomkin >Coral Gables, FL 33124 USA | It's hot here. And humid. From jimbell at pacifier.com Wed Jul 17 17:34:39 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 18 Jul 1996 08:34:39 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <199607161818.LAA14032@mail.pacifier.com> At 01:47 PM 7/15/96 -0700, David Sternlight wrote: >>Despite trying to hide behind the smokescreen of calling the >>government's GAK position "voluntary," we all know that they are trying to >>misuse their influence to gently force us to use GAK, if by no other means >>that forcing the taxpayer to pay for the system as they have done already. > >I agree, though I would not have phrased it in such an offensive way. Please explain why you think my comment above is phrased "in such an offensive way." Hint: If I'd really wanted it to be "offensive," I could have easily done that. >This isn't some conspiracy of evil but people with a legitimate policy >disagreement. I notice your insertion of the term "legitimate." As opposed to what? Do you mean that you acknowledge that there is such a thing as an ILLEGITIMATE policy disagreement? How can we tell the difference? And there goes that word, "policy," again! Containing with it, the assumption that governments (despite ostensible freedom of speech) have some sort of authority to regulate encryption. >>The opponents of GAK, on the other hand, are not denying to anyone the >right >>to implement a truly voluntary "key-escrow" system, or more likely many >>privately operating ones. > >I disagree again. It is evident from the effort to shoot down Clipper I, >which WAS voluntary, that this is another case of your version of >"voluntary". If an offeror, even the government, offers something voluntary >and you don't like it, you attempt to suppress it. It's kinda like "freedom >of speech only for those who agree with me". Huh? Developed in secret (secrecy, not merely for the technical details, but also for the broad overall concept: the former might have been justifiable to some people, the latter was not!), using stolen tax dollars, and presented as a fait accompli to the public. Oh, one more thing: Apparently designed to NOT be able to talk to non-escrowed encryption systems, in an obvious attempt to freeze out competition. The government was trying to misuse its influence here. Obviously some new strange usage of the word "voluntary" that I wasn't previously aware of. >> However, such systems will be a service for the >>customer, not the government, and the key will almost certainly not be >>provided to the government on request, and in fact the key will likely be >>stored in an encrypted form that the government won't be able to use. > >To the contrary, business records are always available on legitimate >subpoena by the government, There you go again with that word, "legitimate." Give me an example of an "_illegitimate subpoena_," will you? One that someone is not obligated to fulfill. What?!? You can't? Then why did you use the term in what is obviously (to you) a redundant fashion? > and this would include escrowed keys. YOU don't >have to like it, but it's the law. Not currently it isn't. Laws concerning "escrowed keys" haven't been written, and in any case since they don't have to be stored in the same legal jurisdiction, cooperation with a given set of authorities is not only not guaranteed, but isn't wise. Besides, the only thing I see in the US Constitution which compels a person's participation in and cooperation with a trial is a right of defendants to have witnesses appear in their _defense._ I see no corresponding right on the part of the prosecution to compel ITS witnesses to appear. And you ignored the part about the ENCRYPTED stored keys. If they're encrypted, then even if they're presented to the police, they won't be able to use them, law or no law. Given a choice, I think most people would prefer to use an "escrow agent" (if they chose to use one at all; which I doubt) that is either guaranteed to be uncooperative to the government, or one which CAN'T be cooperative, because the material it has is not in a form useful to the cops. As long as key-escrow is TRULY "voluntary," in the broadest and most accurate sense of the word, market forces will migrate to a practice which is best for individual customers as individuals. >>Quite simply, we do not require your "assent." You should be trying to get >>OURS. > >"Silence does not constitute assent" to your personal attacks, your policy >assertions, and what I think to be your misrepresentations of fact. I was >not speaking of assent to GAK in that sentence. > >I think your attempt to pseudospeciate me and create an "us and him" >situation in this group is bound to fail with those who have paid attention >to what I think and say, particularly my most recent thinking. On many >matters we are agreed at bottom. However, I place high value on policy There you go again with the word, "policy." Jim Bell jimbell at pacifier.com From adam at homeport.org Wed Jul 17 17:41:33 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 18 Jul 1996 08:41:33 +0800 Subject: Netscape download requirements In-Reply-To: <31EB61E5.520E@netscape.com> Message-ID: <199607161436.JAA27358@homeport.org> First off, I applaud Netscape for making the US version available for download. All of my comments here should be taken as questioning the why's, not suggesting that the implementation is so onerous Netscape shouldn't have done it. Although, you might want to add a link to a page decrying the kafka-esque experience; perhaps Matt's 'My life as an arms smuggler?' My question is, under what lawful authority would you release the data? The ITARs don't seem to contain anything special, so would you hand out lists on a subpeona? Individual names on a subpeona? Lists on a warrant? Incidentally, they seem to be doing a credit check sort of verification; I gave a decade old address, and it worked fine. I feel free to do this because I'm legally entitled to download strong crypto software, and see no need to hand out my unlisted phone number in doing so. Adam Jeff Weinstein wrote: | The Department of State tells us that permission was granted to | MIT and others under the "old policy". The "new policy" has not | been completed, which led to long delays in our getting approval. | Our current approval is temporary, pending release of the "new | policy". In order to get this permission we agreed to ask for and | archive this information, in case law enforcement required it for | some related investigation. The following statement is at the | bottom of the page, near the submit button: | | ALL SUBMISSIONS ARE LOGGED | Misrepresentation or omission of facts is covered under | ITAR 127.2(a) and (b)(13). | These data will only be released to satisfy lawful requests by | government agencies, should such requests be made. | | That last sentance means that we won't be selling the list to | telemarketers, or making it publicly available. | | If you are not comfortable providing this information, then you | may either run the export version, or purchase the retail navigator | package, which also includes the US only version when sold in the US. | | --Jeff | | -- | Jeff Weinstein - Electronic Munitions Specialist | Netscape Communication Corporation | jsw at netscape.com - http://home.netscape.com/people/jsw | Any opinions expressed above are mine. | -- "It is seldom that liberty of any kind is lost all at once." -Hume From bryce at digicash.com Wed Jul 17 17:51:28 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Thu, 18 Jul 1996 08:51:28 +0800 Subject: killfile with mh Re: S********* on C'punks In-Reply-To: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: <199607161911.VAA29746@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- "Peter D. Junger" wrote something like: > > How does one set up a kill-file for a mailing list? I run a Linux box > with sendmail and use the MH mail system. > > My best guess is that I will have to install procmail, but would like > your advice before going to a lot of labor. No, mh is sufficient for all your mail handling needs. "man slocal" for starters. For advanced stuff you can always write a script that takes messages and chews on them and either sends them to rcvstore or to /dev/null. I think I'll write a script that parses each letter looking for text from D**** S********* and adds that text to my "D**** S********* Travesty Database". Then it will select random sentences from that database and construct long cascade insult- fests between D**** S********* and himself and mail them to cypherpunks via an anonymous remailer. Just kidding. I think I'll write a script which globally searches and replaces "D**** S*********" with "Duncan Frissell" in my cpunks folder. Just kidding again. Okay bye. Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMevpSEjbHy8sKZitAQHR1gL/Ye/o58xe7DiApoS2WzPwnHpnj4JfV0Fb FYxeaFcRaZy98ub3tt6bqrf5dM8Q6G4/sFnofUhdJqe7G1N4awuI7Lab/fIRPmDV lEMQ2S/ze1tM9Sg0KhjZpezgxfZsN/pX =KdY+ -----END PGP SIGNATURE----- From remailer at yap.pactitle.com Wed Jul 17 17:58:54 1996 From: remailer at yap.pactitle.com (Yap Remailer) Date: Thu, 18 Jul 1996 08:58:54 +0800 Subject: How I Would Ban Strong Crypto in the U.S. In-Reply-To: Message-ID: <199607161935.MAA07689@yap.pactitle.com> > There has been some discussion at the last couple of crypto conferences > about possible ways around this plan. (I guess the idea goes back at > least a year or two.) > > One idea is to register a 2048 bit public key. You have to give the > secret key to the government in order to use the registry. But what you > do is to create a second key and embed it in the first. It is, say, a > 1024 bit key which is the lower half of the 2048 bit key. It has > different secret factors that nobody but you knows. Then when people > send you messages they encrypt using this modulus rather than the > official one. > > You get the benefit of the government-sponsored key certificate > infrastructure, but the government is not able to crack your > communications. Sorry, but the government generates all keys. Otherwise people might mess up and choose insecure keys. From tcmay at got.net Wed Jul 17 18:04:50 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 09:04:50 +0800 Subject: Surf-filter lists Message-ID: At 4:06 PM 7/16/96, David Sternlight wrote: >YOU and I may find it so, but you simply don't understand the mentality of >those who will buy such filters without question. Vast numbers of people >take the word of their minister, government, morality "guide", guru, or >teacher without question. Why do you think Scientology has gone as far as >it has? Furthermore, I saw absolutely nothing "surprising" in the topics filtered by the NetNinny and similar filters. That is, it is not surprising to me that G-rated filters would filter all mentions of homosexuality, "safe sex," condoms, anal sex, sex in general, etc. There may be those who think that children need to be exposed to proper condom use in the third grade (California's public schools think this, for example), and those that think abortion information should not be blocked, but there are clearly many parents who are happy to have little Johnny not exposed to any of the above and similar topics. If this means little Johnny is denied access to the NOW web page, or the NAMBLA safe sex page, so be it. If enough people want detailed explanations of what is being blocked, and will vote with their dollars, then probably some filter vendors will choose to make this information available. Sounds fair to me. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From david at sternlight.com Wed Jul 17 18:17:33 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 09:17:33 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: At 10:54 AM -0700 7/16/96, Vladimir Z. Nuri wrote: >a suggestion: get a pseudonym! In my opinion (it's not "the truth") using a pseudonym except in force majeure circumstances such as a rape counseling group is cowardly. I think people should stand behind what they say, and the notion of Detweiler's having arguments with himself pseudonymously would be hilarious if it were not pathetic. In any case it wouldn't work for me since I suspect my literary style is sufficiently distinctive (at least for this sort of group) that I'd be spotted in a short time and then be the victim of a bunch of nasty "what have you got to hide" posts. And I'm not going to twist myself into a pretzel, stylistically speaking, just so some thug's nastiness can be avoided. I trust the good sense of wiser readers, and as Harry Truman said... David From vznuri at netcom.com Wed Jul 17 18:20:54 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 18 Jul 1996 09:20:54 +0800 Subject: UK privacy case: Munden Message-ID: <199607161822.LAA28177@netcom18.netcom.com> interesting story I hadn't heard before. this guy complained about a bad bank balance and went to jail for it. touches issues such as security of bank software, government oppression, crypto, judicial evidence legality, etc. ------- Forwarded Message Date: Thu, 11 Jul 1996 04:38:27 -0700 (PDT) From: Phil Agre To: rre at weber.ucsd.edu Subject: John Munden freed X-URL: http://communication.ucsd.edu/pagre/rre.html [This case is so outrageous that it wouldn't even work as a "Dilbert" strip. Fortunately the guy is now free, having had his life ruined for complaining about the theft of his bank deposits.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Wed, 10 Jul 1996 11:00:11 -0800 From: Jon Callas To: "The Eristocracy" Subject: Munden set free [Editor's note: I sent out an article about the Munden case when it was current -- in late '94. For those who don't remember, John Munden is a British policeman who was jailed for complaining about his bank balance being wrong. No, you didn't read that incorrectly. Read on for more details. I certainly hope that the next chapter will be some sort of restitution paid to Munden. -- jdcc] Date: Tue, 09 Jul 1996 12:13:28 +0100 From: Ross Anderson To: set-discuss at commerce.net Subject: Important UK court case +----------------------------------------------------+ Addressed to: set-discuss at commerce.net +----------------------------------------------------+ At a trial in England yesterday, a judge decided that if a bank was not prepared to let their computer systems be examined by a hostile expert witness, then they could not even present bank statements in evidence. At least SET has been done right - I believe it is the first significant banking protocol to have undergone an open design review. I hope that there will be implementations that have also undergone credible scrutiny. I append a note of the case that I posted to our supporters. Ross Anderson ********************************************************************* John Munden is acquitted at last! At twenty past two today, John Munden walked free from Bury Crown Court. This resolved a serious miscarriage of justice, and ended an ordeal for John and his family that has lasted almost four years. In a judgment loaded with significance for the evidential value of cryptography and secure systems generally, His Honour Justice John Turner, sitting with two assessors, said that when a case turns on computers or similar equipment then, as a matter of common justice, the defence must have access to test and see whether there is anything making the computers fallible. In the absence of such access, the court would not allow any evidence emanating from computers. As a result of this ruling, the prosecution was not in a position to proceed, and John Munden was acquitted. John was one of our local policemen, stationed at Bottisham in the Cambridge fenland, with nineteen years' service and a number of commendations. His ordeal started in September 1992 when he returned from holiday in Greece and found his account at the Halifax empty. He complained and was told that since the Halifax had comfidence in the security of its computer system, he must be mistaken or lying. When he persisted, the Halifax reported him to the police complaints authority for attempted fraud; and in a trial whose verdict caused great surprise, he was convicted at Mildenhall Magistrates' Court on the 12th February 1994. I told the story of this trial in a post to comp.risks (see number 15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1). It turned out that almost none of the Halifax's `unresolved' transactions were investigated; they had no security manager or formal quality assurance programme; they had never heard of ITSEC; PIN encryption was done in software on their mainframe rather than using the industry-standard encryption hardware, and their technical manager persisted in claiming (despite being challenged) that their system programmers were unable to get at the keys. Having heard all this, I closed my own account at the Halifax forthwith and moved my money somewhere I hope is safer. But their worships saw fit to convict John. An appeal was lodged, but just before it was due to be heard - in December 1994 - the prosecution handed us a lengthy `expert' report by the Halifax's accountants claiming that their systems were secure. This was confused, even over basic cryptology, but it was a fat and glossy book written by a `big six' firm with complete access to the Halifax's systems - so it might have made an impression on the court. We therefore applied for, and got, an adjournment and an order giving me - as the defence expert witness - `access to the Halifax Building Society's computer systems, records and operational procedures'. We tried for nine months to enforce this but got nowhere. We complained, and the judge ordered that all prosecution computer evidence be barred from the appeal. The Crown Prosecution Service nonetheless refused to throw in the towel, and they tried to present output such as bank statements when the appeal was finally heard today. However, the judge would have none of it. For the computer security community, the moral is clear: if you are designing a system whose functions include providing evidence, it had better be able to withstand hostile review. Ross ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This message was sent by set-discuss at commerce.net. For a complete listing of available commands, please send mail to 'majordomo at commerce.net' with 'help' (no quotations) contained within the body of your message. - - --- end forwarded text - ------- End of Forwarded Message ------- End of Forwarded Message From amehta at giasdl01.vsnl.net.in Wed Jul 17 18:21:24 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 18 Jul 1996 09:21:24 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Message-ID: <1.5.4.32.19960716230339.002d0458@giasdl01.vsnl.net.in> At 10:13 15/07/96 -0700, David Sternlight wrote: >actions in the Netherlands, the UK, and in the European >Parliament suggest that an independent European escrow initiative might >happen within a year. When it does it will be a trivial matter to harmonize >it with some US offering. The mills in various countries are grinding too >coincidentally for my taste. I don't doubt that the Europeans are quite likely to toe the American line -- they not seldom do in international negotiations, plus they share the NATO mentality. However, that does not constitute international agreement. GAK basically requires companies and individuals to trust their government, and here in India people across the political and economic spectrum would laugh in your face at the suggestion. Also secrecy from the government is crucial to most businesspersons, and I cannot imagine anyone in a country with a repressive, inept or corrupt government agreeing to this (And further, trusting the far away US government, which might misuse its powers to help its own industry in international bids). You might say that repressive governments are not likely to ask their citizens before agreeing internationally to GAK, but then, citizens are not likely to ask their government either before using good crypto. The matter will land up before the courts, and that will keep the situation confused for a while. With digital commerce seriously hindered by lack of security, I doubt the business community will stay patient, and want to opt for a hassle-free, tried and tested, secure and transparent system such as pgp. Governments cannot for long ignore the wishes of big business. > >Given the glacial pace with which standard integrated crypto has appeared >on the Internet, with Navigator only going to offer the final >link--encrypted e-mail--later this year, the above timing isn't necessarily >one which will be left behind by independent Internet developments. And >given the glacial pace of PGP movement toward integrated internet standard >products, it hasn't a hope of beating the above timing to the punch. While I share your view on the need for urgency in integrating PGP into Internet standard products (and wish the programmers on these projects God-speed!) I don't think end of this year is too late for them to come out. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ From vznuri at netcom.com Wed Jul 17 18:23:20 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 18 Jul 1996 09:23:20 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: <199607161754.KAA25543@netcom18.netcom.com> >And another thing. The reason I've not joined this group earlier had >nothing to do with "worthy". It was because after discussion a year or so >ago, Tim May suggested to me via e-mail that it would just generate a lot >of controversy, at a time when people were so polarized that they couldn't >hear each other and thus my presence here would serve no useful purpose. I >took Tim's advice and stayed out. > frankly I think a mailing list that can't tolerate informed but dissenting views such as your own without self-destructing has an inherent problem that exists independent of your participation. perhaps it is a valuable public service to expose such a flaw. at least, that's the hacker spirit. as for TCM recommending you not join, I'm disappointed to hear anyone so ostensibly and vocally committed to free speech would tell anyone that their presence would be "disruptive" or "controversial" and recommend against it. >I thought that by now the more extreme dogmatists among you would have >matured, especially given the evidence generated by the real world about >how things are and are going if nothing rational and effective is done to >stop it. Some of you have met me at Crypto and found I'm not the devil >incarnate. Some of you know that we share many (but not all) policy views >in common. well, I find you to have mellowed yourself after a legendary amount of back and forth in cyberspace, although I would still consider some of your own views "dogmatic" as you term it. > >The presenting symptom for my joining now was a copy of a post by an MIT >professor I respect to this group, which a colleague sent me. Perhaps I was >too hasty in my belief that we can begin to hear each other. I personally find your GAK positions superior to those of the administration, at least, although that's almost the lowest-common denominator litmus test for not starting massive flamewars on the list. a suggestion: get a pseudonym! if you only care about debate, you can debate to your heart's content through it. it's trivial in cyberspace. if, however, you want your posts to accrue to your "true name" because you are uptight about maximizing your "reputation", then this won't work. imho, it does separate the men from the boys in some ways, the way people use and deal with pseudonymity. do they openly advocate it yet fall back on ideas of "true names" randomly relative to it? do they play games like relentlessly try to connect-the-dots of pseudonyms to "true names" via their speculation or whatever? do they feel they have to defend their pseudonym's posts as much as they would those under their so-called "real" name? all signs of cyberspatial immaturity imho. in fact as I understand it, from the fragments of legends tossed around here, this is all what caused Detweiler to self-destruct, when his neurons melted down from contemplating the ramifications of pseudonymity. yet you can see signs of "pseudoparanoia" even among the most "respectable" here. "there is no limit to what a man can accomplish if he doesn't insist on getting credit"... From rp at rpini.com Wed Jul 17 18:28:39 1996 From: rp at rpini.com (Remo Pini) Date: Thu, 18 Jul 1996 09:28:39 +0800 Subject: My impending death Message-ID: <1.5.4.32.19960716210033.008e236c@193.246.3.200> At 08:22 PM 7/14/96 EDT, you wrote: >> Since Vulis decided to drag in a disagreement from elsewhere, I have a brief >> invitation. > >The cripple is lying again, as usual. Twice he reposted to cypherpunks >his Usenet lies with no cryptographic relevance just to slime me. Since >not even Perry told the demented cripple to quit, I'll respond in kind. > I don't want to seem overly squemish, but wouldn't you agree, that stuff that get's so "personal" as this discussion doesn't really belong here? (Personally I even think, that such primitive mudslinging doesn't belong anywhere) Calm down, relax, have a cigar and be a nice boy. ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From david at sternlight.com Wed Jul 17 18:29:44 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 09:29:44 +0800 Subject: CookieScan 0.0 rev 0 In-Reply-To: <199607152332.QAA14438@apple.com> Message-ID: At 5:34 PM -0700 7/15/96, Christopher Hull wrote: >Do y'all think there might be an interest in a >utility which would allow the user to deal with >browser cookies? > >What I imagine is a little utility that would >display the cookies stashed on a machine and >give the user the option to either delete or > edit any given cookie. >(Hey, it's *your* computer, not the website's). And they'll simply start encrypting the cookies if they don't do so already. Have a nice day. David From wb8foz at nrk.com Wed Jul 17 18:34:41 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 18 Jul 1996 09:34:41 +0800 Subject: Sternlight on C'punks Message-ID: <199607161339.JAA01263@nrk.com> From: maldrich at grci.com > (note that Sternlight actually had his OWN usenet newsgroup), there's the > fear that DS will start a flame thrower exchange with anyone, regardless > of topic. AND, he'll keep posting about it. Relentlessly. The solution to SternFUD infection is patience. Every single time, he gets bored & lonely after everyone kill-files him. Then he goes in remission [or maybe it's back to the SternFord Clinic...] for weeks; reappearing somewhere else. > God bless 'em, but it's time to add another line to the c'punks > net.loon warning file. Sure! But I'd not think that anyone here needed to be warned. Hell, even reporters know about him.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From ses at tipper.oit.unc.edu Wed Jul 17 18:38:34 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Thu, 18 Jul 1996 09:38:34 +0800 Subject: C'punks T-shirt idea? Message-ID: [Currently reading John Keane's biography of Tom Paine,] Picture of Paine with superimposed text Atlanticus [crossed out] Forrester [crossed out] Common Sense [crossed out] Common.Sense at alpha.c2.org --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From vznuri at netcom.com Wed Jul 17 18:47:02 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 18 Jul 1996 09:47:02 +0800 Subject: Surf-filter lists In-Reply-To: <199607160541.BAA11900@yakko.cs.wmich.edu> Message-ID: <199607161804.LAA26399@netcom18.netcom.com> > >Vlad: How can consumers make an informed decision as to which filter >they wish to purchase, if they are not told exactly what information >each product is filtering out? > >Meeks et al may be guilty of flamboyant, emotionalistic prose, but I >find the concept that the public is expected to buy various filters >without knowing what they filter...frankly, ridiculous. there's significant ambiguity in your language. what actually constitutes knowing or not knowing what is being filtered? Meeks discussed a case where the software clearly gave *categories* of what it filtered, and I think he focused on a case where it was clear that it was borderline (the monkey with the eye poked out). in other words, it did appear to me that the software &raters were working exactly as they were supposed to, and he was hilighting a borderline case. moreover, the categories were clear: "gratuitous depictions of violence" or whatever. for *some* consumers, knowledge of these *categories* is going to be enough. other consumers are going to be more wary and want to make sure that the actual sites blocked correspond to the categories stated. in general, though, I think many consumers do not want to know in exact detail what specific web sites are being blocked. that's what they're paying the company for: to hide that information from them in a sense so they don't have to deal with the complexity of it. my position could be misconstrued. it is: let the consumer *decide*. this is already happening. they are putting their money where they think superior services are. what Meeks has discovered is a new criteria that customers *may* want to pay more attention to: how well what the companies "say" they are doing matches what they are actually blocking. but then again, consumers are always going to have to place some amount of trust in these companies. the market is in the process of deciding right now. Meeks seems to have the opinion, "the site-blocking software is not legitimate unless they fully publicize their lists". this is a decision the market will make. I fully expect that both types of services will flourish in the future (open and closed lists), and each have their particular roles and areas of specialty. From blancw at microsoft.com Wed Jul 17 18:57:20 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 18 Jul 1996 09:57:20 +0800 Subject: Government: Home-Business Message-ID: >From: Mike Rose >I'm getting more and more of this kind of crap sent to me. I have >a procmail script which greps a file of undesirable addresses I've >compiled, but that hasn't proven very useful as there aren't many >repeat offenders. (the procmail script is available at >http://www.universe.digex.net/~mbr/unix/junkmail.html) > >How are other people dealing with this? ............................................................. For this particular one, I faxed all 6 pages back to the phone number they gave ("send your check to.....), declining the offer. .. >Blanc From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Jul 17 19:07:34 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 18 Jul 1996 10:07:34 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EB1655.773C@netscape.com> Message-ID: <199607161815.OAA03196@pdj2-ra.F-REMOTE.CWRU.Edu> Tom Weinstein writes: : Tom Weinstein wrote: : > : > http://wwwus.netscape.com/eng/US-Current : : It looks like the majority of download failures are caused by people : using browsers that don't support cookies. If you aren't sure that : the browser you're using supports cookies, then try Netscape Navigator. : If are using Netscape (or some other cookie-capable browser) and are : still getting a "No Cookie" error, please let me know. I was using Netscape navigator and got the No Cookie error, but that was understandable since I had set the cookes file to read only. But making the file writable, erasing my cache, and quitting Netscape and bringing up a new copy of Netscape did not solve the problem. I still got the No Cookie error. Peter -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From rp at rpini.com Wed Jul 17 19:22:57 1996 From: rp at rpini.com (Remo Pini) Date: Thu, 18 Jul 1996 10:22:57 +0800 Subject: Metered Phone Message-ID: <1.5.4.32.19960717115720.008caa88@193.246.3.200> At 12:45 AM 7/15/96 -0700, you wrote: >At 01:19 PM 7/7/96 +0800, you wrote: >>Does anyone have any ideas about this metered phone? >>I am from Philippines and heard some news that it will be >>existing in 1997. Quite a big problem! Every dial will be counted, >>every seconds will be measured... > >That sounds like you're getting newer telephone technology. >In the US, most areas with newer telephone switches offer you >the choice of flat rate service (you pay a constant price per month >... >Bill Stewart Well, in Switzerland all telephon-switches (including the ones the company I work with manufactures) record: 1. start of call 2. destination of call 3. source of call 4. end of call After all, you can get a detailed list of all your calls by the end of the month (the phonenumbers of the destination are somewhat obscured -> only the first 4 digits). So, hellcome to the new age of transparent customers! As soon as you get digital switches (POTS or ISDN) your phonelife is measured, stored and statistically evaluated. ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From jpb at miamisci.org Wed Jul 17 19:26:04 1996 From: jpb at miamisci.org (Joe Block) Date: Thu, 18 Jul 1996 10:26:04 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote: >One problem, however, would be how to keep the "decoy" data, accessible >with only the ambush key, "fresh" in that it must undergo a certain amount >of >turbulence to appear real. The two file systems would essentially have to >mirror each other, one with the juicy bits and one with the decoy bits. >It would seem to be practically impossible to just build two file systems >as one would 'disappear' when only the ambush key was used. Wouldn't it >be sort of obvious that something was wrong if half the disk vanished? As far as churning goes, why not just mount both the decoy and the encrypted filesystems simultaneously? Have a perl script (stored on the hidden volume of course) that automatically decodes random images from alt.binaries.pictures.* into the decoy system and nukes the oldest decoy files. And go ahead and keep a copy of all your assorted /var/named & other config files in there too. Honest officer, I keep that partition unmounted so that a system crash is less likely to clobber my painfully constructed configuration files - and it's encrypted so that crackers won't be able to alter my configuration backup to add security holes. Let them go nuts trying to un-stego the smut images once you've given them the duress key. Joseph Block "We can't be so fixated on our desire to preserve the rights of ordinary Americans ..." -- Bill Clinton (USA TODAY, 11 March 1993, page 2A) PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16 3F BD 57 0F 8A ED E3 21 From anonymous-remailer at shell.portal.com Wed Jul 17 19:30:50 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Thu, 18 Jul 1996 10:30:50 +0800 Subject: Sternlight on C'punks Message-ID: <199607170444.VAA18087@jobe.shell.portal.com> Dear Dave: You are a helluva fine debater but you are also an unbelievably irritating, sanctimonious son-of-a-bitch. A CoWaRD On Tue, 16 Jul 1996, David Sternlight wrote: > At 10:54 AM -0700 7/16/96, Vladimir Z. Nuri wrote: > > >a suggestion: get a pseudonym! > > In my opinion (it's not "the truth") using a pseudonym except in force > majeure circumstances such as a rape counseling group is cowardly. I think > people should stand behind what they say, and the notion of Detweiler's > having arguments with himself pseudonymously would be hilarious if it were > not pathetic. > > In any case it wouldn't work for me since I suspect my literary style is > sufficiently distinctive (at least for this sort of group) that I'd be > spotted in a short time and then be the victim of a bunch of nasty "what > have you got to hide" posts. > > And I'm not going to twist myself into a pretzel, stylistically speaking, > just so some thug's nastiness can be avoided. I trust the good sense of > wiser readers, and as Harry Truman said... > > David > > > From david at sternlight.com Wed Jul 17 19:31:41 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 10:31:41 +0800 Subject: Cookie alternatives In-Reply-To: <199607161607.JAA08875@jobe.shell.portal.com> Message-ID: At 9:07 AM -0700 7/16/96, Hal wrote: >There has been quite a bit of discussion recently about the "cookies" >used by Netscape Navigator and their effects on privacy of users. Here >is some background and some thoughts on alternatives. Other uses of cookies include keeping track of pages you've already seen/done in a sequential information web site, or in a registration procedure; or validation of registered users and their expiry dates (perhaps encrypted with protective data elements to prevent cookie sharing) to avoid having to refer to a data base and slow the interaction down each new time. I've seen some sites which appear to pass you a cookie after you're registered, and in future take you directly to the "operational" first page (such as the front page of a newspaper). It's also possible to store personal data, such as the size of your largest order to date or some such, or whether you've bounced any checks/credit card transactions--so you get different treatment depending on your past history. The uses are almost as varied as the mind of the server's operators. David From EVERHART at Arisia.GCE.Com Wed Jul 17 19:33:46 1996 From: EVERHART at Arisia.GCE.Com (EVERHART at Arisia.GCE.Com) Date: Thu, 18 Jul 1996 10:33:46 +0800 Subject: Making encoding out of an authentication cipher Message-ID: <960717193622.5e@Arisia.GCE.Com> Had an interesting thought, maybe worth passing on for commentary. (...since "authentication" ciphers are considered "harmless" by those interested in spying on your info...) Suppose you have a secure hash function H(msg) that delivers a random long period set of hash bits for msg, which is computationally infeasible to invert and such that the value of H(msg) depends very sensitively on all bits of msg. These things are used for authentication and tend to be all over the world. Now suppose I have a key and apply the following transform, where "+" will mean binary exclusive OR. Cipher: H(key) + M(1) = C(1) H(key+M(1)) + M(2) = C(2) H(key+M(2)) + M(3) = C(3) and so on where M(n) is the message and C is the enciphered message. Decipher: H(key) + C(1) = M(1) H(key+M(1)) + C(2) = M(2) H(key+M(2)) + C(3) = M(3) and so on. If the hash function is cryptographically strong, is this or is this not a strong cipher? Are there fast hash functions around? Note that in doing disk encryption, one has also the disk block number available, and even the offset in block, to be stuffed into the hash function if one wants. In a serial message one has offset in message also. The only piece of nontrivial software needed to implement it is the hash function itself, which has been claimed to be useful only for authentication. If this scheme is at all strong, the distinction is shown to be fairly useless. I thought of this a couple days ago...thought I might ask if anyone knows any of the answers. I do not, and am not knowledgeable in this area, save VERY casually. From rp at rpini.com Wed Jul 17 19:34:19 1996 From: rp at rpini.com (Remo Pini) Date: Thu, 18 Jul 1996 10:34:19 +0800 Subject: Sternlight on C'punks Message-ID: <1.5.4.32.19960717115853.00911b9c@193.246.3.200> Hy guys, I have no idea, who this david is, but it's kind of funny: someone says: when this guy shows up, you get a mail flodd then someone replies to that... And suddenly you notice, that the first guy was right, but I think he had to be, after all, he was the first wave. (And I'm another one). So, who is this david? I don't care, and as long as he posts stuff the way he/she/it did until now, I won't. (Wouldn't you agree, that we have a lot worse to worry about? - i.e. tonights fight, "Rottwiler" vs. "Cripple") ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From jf_avon at citenet.net Wed Jul 17 19:35:07 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 18 Jul 1996 10:35:07 +0800 Subject: [flaming] Why was blocked. Message-ID: <9607162041.AB22437@cti02.citenet.net> -----BEGIN PGP SIGNED MESSAGE----- On 16 Jul 96 at 19:43, The Deviant wrote: > Umm.. when telling other ppl that they do not know how to read, it > might be usefull to use sentances with a subject AND a predicate. I > know that this is something they taught you _way_ back in second > grade, but you should still remember it. Sorry to say, but I did not get english classes up until grade 4 and since I had no occasions to practice it before age 18, I don't remember anything of my english classes. A major brain trauma probably helped too. Although I write french much better than most of the university educated francophone population here, I don't even remember any french grammar. As for the word 'predicate', would you please deign tell me what it means? I don't have an english dictionnary handy. As for my true question regarding realdeal.exe /per used on top of SecureDrive 1.4a, do you have any comments? JFA The brave dies only once, the coward (who uses anon remailer for flaming) dies a thousand death. -old adapted arab proverb. - -- DePompadour, Societe d'Importation Ltee Limoges porcelain, silverware and crystal JFA Technologies R&D consultants: physicists technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: PGP Public key: http://w3.citenet.net/users/jf_avon iQEVAgUBMeuTHciycyXFit0NAQHY5AgAiki+95PrT1VO6FEJrCG1tYjvg5/I6OoL 9cFIvVIsKJiN7AjVE029Y/Sc5xEsTQSCg3yAxfEWWRy054IZYdO098znKDYoeh/9 3Fs+xKjLN1L7m3XiQH8AAL0GMWZz31ft95eKcnb7wermwzHXAhVbW3BoSwYWBYD2 o584rm7ahrriWA4Z+nnPB60w/OY5SYZl95aeGQbudJG0fRklvBjh1j5GVRudSinb I2InlbrH5QbVpKlaJ1FpJt//X39CJnOCMx4iK8QwjMLekJAtyHZGZxafuUz6T2+r RpL3slRCygt6vCJeSJAwlE+LVaM8I1rRUIk3GCdIIxX5FTLyMpr2pw== =bw9v -----END PGP SIGNATURE----- From pekelney at rspeng.com Wed Jul 17 19:42:28 1996 From: pekelney at rspeng.com (Richard Pekelney) Date: Thu, 18 Jul 1996 10:42:28 +0800 Subject: WW II Cryptography Message-ID: This came to me recently. It should be of interest to people here. Bruce Dear Mr. Schneier, If you have an interest in cryptographic history, I am working on a WW II technology project you might be interested in. The primary US cipher system during WW II was the SIGABA a.k.a. ECM Mark II or CSP-889. This machine that was created in 1940 was used until the early sixties when it was finally retired because it was too slow. This technology was more important to the war effort than the incredibly valuable cryptanalytic successes on Enigma and Purple. The details of this machine were classified until April of this year. This machine is significantly different from the classic Hagelin or Enigma derivative rotor cipher machine. It was one of the top ten most important technologies of WW II, right up there with radar and proximity fuses but virtually nothing has been written about it because it remained classified. I work on USS Pampanito a WW II submarine on display in San Francisco, CA. We have the only SIGABA ever to be in private hands on display, the only other place one can see this machine is at the National Cryptologic Museum at the NSA. In addition, I have collected about 2,000 pages of declassified documents on the machine and its context. This information, with the access to the real machine has provided the information necessary to create an algorthmic description of the machine. The next logical step is to create a software emulation of the machine. Pampanito is creating a web site that should be up sometime in the next two weeks that will include the enclosed description of the machine. I am also including a short report on the machine we have that includes some additional detail. The web page by the way will be the first meaningful description of this machine ever published. I would like to create a Java application that allows people to operate a virtual SIGABA. The core of its functionality will probably be about 100 lines of code. However doing a reasonable user interface will require quite a bit more code. 1- Would you or anyone you know be interested in collaborating on the Java software project? I would like to include at least some cryptographic analysis of the machine in my description of the machine. The NSA historians have told me that properly implemented this would be a formidable algorithm even today (something I doubt.) I have all the information needed to describe the machine. 2- Would you or anyone you know be interested in creating an analysis of the machine. I would like this for my web page, and would love to see a couple of papers on the technology created. Publication could be in a wider range of publications than are normally interested in cryptologic issues. This may be one of the very last of the really important WW II technologies to be disclosed. That combined with the recent interest in cryptography in public policy might make it a hot for some pretty broad journals. Your thoughts would be appreciated. Yours truly, Richard Pekelney ======== USS Pampanito - ECM Mark II

Electronic Cipher Machine (ECM) Mark II

By Rich Pekelney


WHAT IS THE ECM MARK II AND WHY IT WAS IMPORTANT:

The ECM Mark II (also known in the Navy as CSP-888/889 or SIGABA by the Army) is a cipher machine. It was used aboard USS Pampanito to encipher messages from ordinary, or what cryptologist (people who study secret communications) call plain text, into secret language, which is called cipher text, under the control of a key (encipherment). A cryptographic system consists of the combination of cipher machine, operating procedures and management of keys. If the system is well designed and implemented correctly, cipher text can only be converted back to plain text (deciphered) by someone with all three elements of the system.

In early September 1944 U.S.Fleet Radio Unit Pacific (FRUPAC) in Hawaii recorded a Japanese cipher radio message that originated from Singapore. Unknown to the Japanese, U.S. forces had analyzed many Japanese messages and as a result of much brilliant and hard work were able to reproduce their enemy's inadequately designed and implemented cryptographic system. This is called cryptanalysis or "breaking the system". FRUPAC deciphered (and decoded) the message that announced the route of an important Japanese convoy from Singapore to Japan. The timing and expected path of the convoy from the message was enciphered on an ECM in Hawaii and sent to Pampanito where it was deciphered on an ECM. Although Pampanito's crew did not know how FRUPAC got its information, they were able to go directly to the convoy's path and attack with great efficiency. Pampanito's attack was kept secret by the superior U.S. cryptographic system that revolved around the ECM Mark II.

The ECM Mark II based cryptographic system was never broken by an enemy and was secure throughout WW II. The system was retired by the U.S. Navy in 1959 because it was too slow to meet the demands of modern naval communications. Axis powers (primarily Germany) did however periodically break the lower level systems used by Allied forces. Early in the war (notably during the convoy battle of the Atlantic and the North Africa campaign) the breaking of Allied systems contributed greatly to Axis success.

In contrast, the Allies were able to break Axis communications for most of the war supplying many of the targets attacked by Pampanito. Intercepted messages provided not only the location of potential targets, but often insight into the thinking of enemy commanders. In the Pacific, this information was critical to success in the battles of Midway and the Coral Sea in 1942. The combination of secure U.S. cryptographic systems and vulnerable Axis systems directly contributed the success of the Allied powers during WW II thereby shortening the war by years and saving countless human lives.

A picture of an ECM (labeled SIGABA) may be found on the National Cryptologic Museum web site The "Big" Machines Exhibit . Note this is a large (613K) color picture.

THE ECM MARK II'S DEVELOPMENT:

The ECM Mark II's critical cryptographic innovation (the Stepping Maze) over Hebern's and other precursors was created by Army cryptologists Frank B. Rowlett and William F. Friedman shortly before 15 Jun 1935. During October and November of 1935 Friedman disclosed the details of the "Stepping Maze" to the Navy's cryptologists including Lt. Joseph N. Wenger. Aside from filing secret patent application 70,412 on 23 Mar 1936 little additional development was performed by either the Army or Navy until Lt. Wenger discussed the patent with Cmdr. Laurence Safford during the winter of 1936-37. Cmdr. Safford recognized the potential of the invention and the Navy began sponsoring and financing a new machine including the "Stepping Maze". Additional innovations by Cmdr. Safford, Cmdr. Seiler and the Teletype Corporation including Mr. Reiber and Mr. Zenner added to the security, reliability and manufacturability of the ECM Mark II. Prototypes were soon delivered, and in February 1940 the machine's details were disclosed to the Army. Amazing as it may seem, the Navy had kept its continuing development of the machine secret from the Army. With minor changes suggested by the Army the machine was accepted as the primary cipher machine for use by both Army and Navy.

The joint Army-Navy ECM Mark II cryptographic system became effective on 1 Aug 1941, and the two services had the common high-security cryptographic system in place and in use prior to the attack on Pearl Harbor. The use of a common system was of great military value, particularly during the early stages of the war when the distribution of machines and codewheels was incomplete. By 1943, over 10,000 machines were in use. The "Stepping Maze" and use of electronic control were a generation ahead of the systems employed by other countries before and after WW II. No other country is known to have ever broken the ECM Mark II cryptographic system.

WHERE IS THE ECM MARK II TODAY:

After newer, faster cryptographic systems replaced the ECM Mark II the machines were systematically destroyed to protect the secrets of their design. Today probably less than a dozen ECMs still exist. The National Cryptologic Museum (a part of the National Security Agency) has 6 machines, one of which is on display in their Fort George Meade, MD museum. The U.S. Navy has 2 machines, one of which is displayed aboard Pampanito in San Francisco, CA. When recently contacted the US Army historians did not believe they had any machines.

The ECM Mark II aboard Pampanito may be the only fully operable ECM Mark II today. This machine was built in June of 1943 as a CSP-889, and sometime ca. 1950 it was modified into a CSP-889-2900. The minor modifications added one switch and a knob that allow operation compatible with CSP-889 machines, or enhanced security when operated as a CSP-2900.

WHAT CIPHER EQUIPMENT WAS ABOARD PAMPANITO DURING WW II:

Just before leaving on each war patrol, one officer and one enlisted man armed with a machine gun would draw the cipher equipment from its secure storage. There were two lists of cipher equipment and manuals, List A included an ECM Mark II and associated documents, List B did not include the ECM. For most patrols List A was used, if the patrol was particularly dangerous and in shallow waters List B was used.

CSP-888/889 = ECM Mark II = M-134-C = SIGABA. This was a first-rate, electro-mechanical, rotor wheel cipher machine and the physical component of the primary cryptographic system used by the United States. First-rate cryptographic systems are those that you believe cannot be broken by an enemy in a useful period of time even if they are in possession of the physical elements of the system, provided the other elements of the system are preserved (i.e. keys are kept secret, operating procedures are well designed and followed, number and size of messages per key are small, etc.) The CSP-888 model lacked plugs necessary for tandem operation, but was otherwise identical to the later CSP-889 model. CSP-890 is a pluggable rotor that was carried for use in the CSP-888/889.

Pampanito did not use any Second-rate cryptographic systems such as the British Type-X or U.S. CCM.

CSP-845 = M138A = CSP-1088. This was a third-rate, paper strip cryptographic system that was used by U.S. Submarines when they were on such dangerous missions that they could not risk the capture of an ECM. It was also used to communicate with forces that did not have an ECM. Third-rate cryptographic systems can be read by an enemy in possession of the physical elements of the system, even if the other elements of the system are preserved.

CSP-1500 = M-209 = C-38. This is a fourth-rate, Hagelin derivative, mechanical cryptographic system. Over 140,00 of these were used by Allied forces during the war and they were regularly broken by the enemy. Pampanito would have used this to communicate with forces that did not have an ECM. Fourth-rate cryptographic systems can be broken by an enemy by purely cryptoanalytical means without possession of any parts of the system.

CSP-488 = M-94. This is a low level, fourth rate, rotary disk, Jefferson type cipher. It was used to communicate with forces that did not have an ECM.

CSP-1270 Chart style authentication cipher, CSP-1272 are its instructions.
CSP-1286 Two card style authentication cipher, CSP-1521 are its instructions.
CSP-1750 Call sign cipher, CSP-1751 are its instructions.
CSP-1300 Weather cipher.

DETAILS OF THE ECM MARK II CIPHER UNIT:

Prior to the ECM Mark II many cipher machines incorporated encipherment by means of an electric current passing through a series of cipher wheels or rotors. A character is typed on a keyboard, passed through the rotors and either printed or displayed in a light board for the operator. The rotors are thin disks with contacts on each side that are wired at random to the other side one wire per contact. Typically a rotor will have 26 contacts on each side, each contact representing a letter of the alphabet. A current passing through the rotor disk might enter in the position of letter B and exit in the position of letter G. Encipherment occurs by passing the current through several rotors that are side by side and rotating one or more of the rotors between each character enciphered. If the deciphering machine starts with rotors of the same design and in the same positions as the enciphering machine, it will repeat the motion of the rotors thereby deciphering the text. The most important difference between previous machines and the ECM is how the enciphering rotors are stepped. The "Stepping Maze" uses rotors in cascade formation to produce a more random stepping of the cipher rotors than existed on previous electromechanical cipher machines.

The ECM has fifteen rotors arranged in three rotor banks. The five rotors in the rear are the cipher rotors that convert a plain-text letter into a cipher-text letter as they are irregularly stepped. Electrical currents passing first through the control (middle) rotor bank and then through the index (front) rotor bank determine which cipher rotor(s) step. The center three of five control rotors step in a metered fashion. Control rotor 3 is the fast rotor and steps once for each character typed. Control rotor 4 is the medium rotor and steps once each time control rotor 3 completes a full rotation. Control rotor 2 is the slow rotor and steps once each time control rotor 4 completes a full rotation. Control rotors 1 and 5 do not step. The index rotors are positioned once each day and do not move while operating. The 10 cipher and control rotors are large 26 contact rotors that may be used interchangeably in the cipher or control bank and are reversible. The five smaller, 10 contact, index rotors are only used in the index bank. Four contacts are energized on the first rotor of the control rotor bank. The connections between the last rotor of the 26 contact control bank and the first rotor of the 10 contact index bank are in 9 groups of between 1 and 6 wire(s) each. One of the index bank contacts is not used. The 10 outputs of the last index rotor are attached in pairs to 5 magnets that step cipher rotors when energized. Between 1 and 4 cipher rotors are stepped for each character enchiphered.

To properly encipher a message, the three banks of rotors must be arranged and aligned in such a way that they can be reproduced by the deciphering operator. The particular arrangement and alignment of the rotors selected by the enciphering operator and transmitted to the deciphering operator in disguised form constitutes the keying instructions.

The design of the ECM limited the erratic stepping so that at least 1, and not more than 4 cipher rotors step at a time. Even so, a crude, exhaustive search would require an enemy to check around 10 to the 14th permutations of code, index and control rotor starting positions. The combination of modern algorithms and the availability of high speed computers mean this system is no longer secure, but during its term of service it provided an unprecedented level of security.

KEYING (OPERATING) THE ECM MARK II:

This outline of the June 1945 (SIGQZF-2) keying procedure describes how key lists were used to assemble and align the rotors before enciphering a message. The first instructions from July 1941 (SIGQZF) were changed in June 1945 (SIGQZF-2) and again November 1945 (SGIQZF-3). For example, SIGQZF-3 uses a totally different method of determining message indicators that eliminated the need for a daily rotor alignment of the control and cipher rotors. Changes were made to minimize operator errors, enhance security and speed up the operation.

Although the index rotors were reassembled (changing the order of the rotors) once a day during most of the war (SIGQZF), starting with SIGQZF-2 they were kept in a fixed order not requiring daily reassembly. The operator consults the secret daily keylist and aligns (rotates) the index rotor wheels differently for secret, confidential and restricted messages. The index rotor alignment is only changed when either the day ends, or the classification of message to be encrypted changes.

Control and cipher rotors are also reassembled once a day from the secret daily keylist, their alignment however, was changed with each message. After the daily assembly of all rotors and the alignment of the index rotors, a check group is used to verify the initialization and operation of the machine before any real messages are encrypted. The rotors are zeroized, (cipher and control rotors positioned on "O") and the letter A is repeatedly encrypted until 30 cipher text characters are printed. Then the 26th-30th letters are matched with the check group supplied in the secret daily keys.

For each message, the secret daily keylist is consulted, and the control and cipher rotors are aligned to an initial position depending on the classification of the message. Now the operator selects a group of any five letters, except Z, at random to be the internal message indicator. This internal message indicator is then enciphered and the external message indicator (enciphered internal message indicator) is printed on the tape and transmitted with the message. The control and cipher rotors are then aligned without printing to the internal message indicator. The rotors are never aligned to the external message indicator (the letters printed on the tape), but always to the internal message indicator. Now the body of the message may be enciphered and transmitted with the external message indicator. If the plain text exceeds 350 5-letter groups, the plain text must be divided into 2 or more equal parts so that no part exceeds 350 groups. For each part a new internal message indicator is selected.

COMPLIANCE WITH OPERATING PROCEDURES:

The security of a cryptographic system relies as much on the operation of the cipher machine as the machine itself. During WW II the U.S. created organizations to formally train operators and to monitor U.S. operators compliance with procedure. When an error was found the first response was often a memorandum such as the one replicated below. It provides a list of the most common errors that could compromise the security of the cryptographic system.

Navy Department
Office of Chief of Naval Operations
Washington, D.C.

CLASSIFICATION: CONFIDENTIAL Date: 27 Dec 1943

MEMORANDUM
COMMUNICATION IMPROVEMENT ITEM

From: Director Naval Communications
To: Commandant, Twelfth Naval District

The principles of communication security cannot be overstressed, for such security is vital to the success of operations. Errors which seem minor in themselves may, when accumulated, offer to the enemy an entering wedge for the eventual compromise of a system. The object of this memorandum is to enlist your cooperation in protecting our cipher systems and hence our national security.

THE PRICE OF SECURITY IS ETERNAL VIGILANCE.

A communication such as COM 112 222105 DECEMBER may endanger our interests because it appears to violate security principles in the following respect(s):

DRAFTING: Plain language reference to encrypted dispatches.

No reply to this memorandum is necessary, but your cooperation in supressing dangerous communication practices is earnestly solicited.

CARELESS COMMUNICATIONS COST LIVES

The following is a list of some of common violations of security principles:

DRAFTING:

Unnecessary word repetition
Unnecessary or improper punctuation
Plain language reply to encrypted dispatch
Classification too high
Precedence too high
Cancellation in plain language of an encrypted dispatch

ENCRYPTION:

"XYX" or "X"'s for nulls
"XX" & "KK" to separate padding from text
Same letters at both ends to separate padding from text
Continuity of padding
Seasonal and stereotyped padding
Repetition of generatrices
Systematic selection of generatrices
Using plain text column for encryption
Proper strips not eliminated as prescribed by internal indicator (Ed. Note: CSP-845)
Improper set-up according to date
Using system not held by all addressees
Failing to use system of narrowest distribution

CALLS:

Enciphering indefinite call sign
Enciphering call signs of shore activities
CODRESS might have been used

TRANSMISSION:

Classified dispatch transmitted in plain language by wire or radio, when not specifically authorized.
Dispatch might have gone to some or all addressees by mail.


SOME ECM MARK II SPECIFICATIONS:

Input: Keyboard or electric via tandem plug.
Output: Printed tape or electric via tandem plug.
Speed: 45 to 50 Words per minute.
Power Supply: 40/70 cycle, 105-125 VAC or 105-125 VDC or 24 VDC
2 amps at 120 volts AC or DC, 3 amps at 24 VDC.

Approximate Size:

In operation: 15" x 19.25" x 12" or 2.1 cubic feet
In carrying case: 17.125" x 23" x 15.5" or 3.5 cubic feet
Packed for long term: 19.5" x 27.5" x 18" or 5.6 cubic feet

Approximate Weight:

In operation: 93.5 lbs.
In carrying case: 133.5 lbs.
Packed for long term: 195 lbs.

Cost:

By 1943, 10, 060 ECM Mark II's were purchased at an estimated cost of $2,040 a piece. This does not include the cost of spare parts; additional code wheel sets, code wheel wiring that was done by the military; modifications and upgrades, precursor machine development, etc.

REFERENCES:

The information enclosed here relating to the ECM Mark II was edited and excerpted from:
Army Signal Security Agency (1946) History Of Converter M-134-C (Sigaba) Vol I, II And III This is available from the US National Archives and Records Administration (NARA); NSA Historical Collections 190/37/7/1, Box 799, F: 2292, pp 468.

Safford, L.F. (1943) History of Invention And Development of the Mark II ECM (Electric Cipher Machine) This available from NARA. SRH-360 in RG 0457: NSA/CSS Finding Aid A1, 9020 US Navy Records Relating to Cryptology 1918-1950 Stack 190 Begin Loc 36/12/04 Location 1-19. In Feb 1996 the version at NARA was redacted, but the full document is now declassified.

Specifications for an ECM Mark II are from:
Army Security Agency (1948) Historical and Cryptologic Summary of Cryptosystems; ASAG 23; Vol 1.

ECM Mark II Keying, Operating and Maintenance instructions are in:
War Department Office of The Chief Signal Officer (1941) Operating Instructions for Converter M-134-C (short title: SIGBWJ)
War Department Office of The Chief Signal Officer (1941) Operating Instructions for Converter M-134-C (short title: SIGLVC)
Department of the Army (1941) Crypto-Operating Instructions for Converter M-134-C (short title: SIGQZF)
Department of the Army (1945) Crypto-Operating Instructions for Converter M-134-C (short title: SIGQZF-2)
Department of the Army (1946) Crypto-Operating Instructions for Converter M-134-C (short title: SIGQZF-3)
Department of the Army (1949) ASAM 1/1 Crypto-Operating Instructions for ASAM 1.
Note the new designation of ASAM 1 for the ECM Mark II after the war.
War Department (1942) Maintenance Instructions for Converter M-134-C (short title: SIGKKK)
War Department (1945) Maintenance Instructions for Converter M-134-C (short title: SIGKKK-2)
SIGQZF, SIGBWJ, SIGLVC, SIGKKK, SIGKKK-2 are available from NARA; NSA Historical Collections 190/37/7/1, NR 2292 CBLL36 10622A 19410300.

General information including security of the ECM Mark II are in:
War Department (1945) General Instructions For Converter M-134-C (short title: SIGBRE-1) This is available from NARA; NSA Historical Collections 190/37/7/1, NR 4588 ZEMA35 13909A 19450600

A list of cipher equipment carried by submarines in the Pacific is in:
Submarine Force U.S. Pacific Fleet (1944) Cryptographic Aids Check-Off List This is available from NARA, Pacific Sierra Regional Archive, 181-58-3201, S1313, S372, A6-3/N36 Cryptographic Aids.

Information on the overall history of Naval Communications during WW II may be found in:
US Naval Administration in WW II, History of Naval Communications, 1939-1945. Op-20A-asz, A12, Serial 00362P20, 7 Apr 1948. This is available from the Naval Historical Center; WW II Command File CNO; Communications History; Microfiche No. F3561.

Compliance with Operating Instructions notes are from:
Office of Chief of Naval Operations (1943) Memorandum Communication Improvement Item. This is available from the NARA, Pacific Sierra Regional Archive, RG 181-58-3224, 12th ND Commandants Office General Correspondence, A6-2(1) Complaints - Discrepencies, Security-etc.

Descriptions of the the Authentication Systems may be found in:
Survey Of Authentication Systems 1942-45 (1945) This is available from NARA; NSA Historical Collections 190/37/7/1, NR 3526 CBRK24 12960A 19420728.

ADDITIONAL READING:

History of cryptology:
Kahn, D. (1967) The Codebreakers. New York, NY: Macmillan Publishing Company.
Bamford, J. (1982) The Puzzle Palace. Boston, MA: Houghton Mifflin Company.

Background on the history of intelligence in the Pacific may be found in:
Holmes, W.J. (1979) Double-Edged Secrets. Annapolis, MD: Naval Institute Press.
Layton, E., Pineau, R., Costello, J (19 ) And I Was There. New York, NY: William Morrow and Company, Inc.
Prados, J. (1995) Combined Fleet Decoded. New York, NY: Random House.

On the subject of Cryptanalysis of rotor systems:
Andleman, D., Reeds, J. (1982) On Cryptanalysis of Rotor Machines and Substitution-Permutation Networks. IEEE Transactions on Information Theory, IT-28(4), 578-584.
Deavours, C., Kruh, L. (1985) Machine Cryptography and Modern Cryptanalysis. 35-92. Dedham, MA: Artech House Inc.

======= Not part of the web page, additional information. ==== - The ECM displayed (starting in July) aboard U.S.S. Pampanito is a CSP-889-2900 on loan from the Naval Security Group. It has "12-29-43 BTS" stamped into the bottom, and "CONT. AX? 1728", "ACCEPTED JUN 1943" with an indecipherable mark printed in orange ink. The print unit ENG-108 is serial number 999 which is consistent with 1943 manufacture. There is no name plate on the unit or the rotor cage. The top housing has holes and an outline in the appropriate location and size to hold a the Cleaning Instruction plate added in Dec 1943, these holes have been painted over. Inside the machine were two pieces of paper. The first was a 3x5" card on which was printed in ink "Bacchus / Gorgon". The second is a memorandum of call form revised in 1967 on the back of which was printed in pencil "Baccus CSP 2900", "Basket CSP 2899". The code names Bacchus and Gorgon were used during the 1950s for CSP 2900 based systems. The machine arrived in pretty good condition, after mechanical and electrical safety checks, and a new ribbon we have tested its operation successfully. The cipher and control rotors are test rotors (wired straight through) so the cipher wheel stepping is not very erratic. The index rotors are wired, changing their setup does change the cipher wheel stepping. We will be seeking the loan of a wired set of wheels from the NCM at NSA. If this fails, we may choose to make a temporary and reversible change to several of the Cipher and Control rotors. This will provide an adequate simulation showing random stepping of cipher wheels and unintelligible cipher text. The machine was cleaned and lubricated according to SIGKKK-2, 1945. To minimize realignment the main rotor shaft was lubricated in place and the printer unit was removed, but not separated. The printer unit should be removed, separated, cleaned and the center shaft lubricated. We are trying to find drawings or descriptions of "pawl release rod" 100707, "assembly studs" 100708, and "assembly ring" 100706. We will attempt separating the unit when we have determined if we can find info on these tools that will facilitate assembly. When received, during encrypt the tape was not spacing in 5 character groups, it advanced to the space and stopped advancing. This corrected itself after cleaning and may be caused by a weakened spring. Lubricants were used as described: 100983 oil (SAE 20) - We used SAE 20 synthetic bicycle fork lubricating oil. 100984 grease (light grease). 108607 "Lubriplate #105" Lubriplate #105 has been in continuos production without change in formula by Fiske Bros. Refinery, Newark, NJ (201-589-9150) since 1933. It was in stock at Coast Marine with "space age" printed on the tube. A thin coat of DeOxit from CAIG was used on exposed leaf contacts in the build up switches. Cleaning was done with tech wipes and a non-residual electrical cleaning spray (tested on the plastic first). No abrasives were used. The CSP-2900 model was developed by the Navy ca. 1950 (SRH-360). The unit has two switches in the position that a CSP-889 has only one. The new switch is marked 889/2900. There is also a knob marked 889 F/2900 R extending out on the left of the keyboard. Near the 889 F/2900 R knob the housing looks like it underwent some hand work to fit the shaft, this is all painted. I believe it was built as a CSP-889 and later modified to CSP-889-2900. There is an added (not CSP-889) mechanism that appears to be a counter with a switch that is adjusted so it does not function. Perhaps it was connected to an external device. Floating loose in the machine was a single metal stud that appears to be unrelated to the machine, possibly a piece of construction debris. I have replaced the ribbon with an Okidata printer ribbon (this ribbon is on a plastic spool.) The original ribbon, stud and the notes are in a plastic bag kept with the machine. The machine was received bolted to the bottom of the carrying case, we did not get the top of the carrying case. There were no wooden shims in the case to protect the rubber shock mounts. There is no cover for the print head. The details below elaborate on the general description provided in History Of Converter M-134-C (1949 Army History). I have only included the details that I noticed where different from the description. My convention is to label the rotor contacts when the rotor is in the zeroized position, not reversed, as printed (i.e. counter clockwise). The same for index rotors, i.e. with the units digit zero on top, i.e. 10, 20, 30, 40, 50 showing as the starting position, unit digits increase in a counter clockwise manner. I do not know if these are the conventions used elsewhere. With first switch in the 889 position, the second switch in the OPERATE position, the control switch on E and the knob selecting 889 F: The right of the control rotor bank has the TUVW contacts at 60 VAC, the RS contacts are energized to 16.2 VAC,. I believe the voltage on the RS contacts is unintended leakage from the 889/2900 switch, before cleaning these were at 25 VAC. The connections between the left plate of the index bank (number) and the left plate of the control bank (letters) are below. 1-P, 2-Q, 3-RS, 4-TUV, 5-WXY, 6-ZABC, 7-DEFGH, 8-IJKLMN, 9-O, 0-no connection All cipher rotors turn in a clockwise rotation. With first switch in the 2900 position, the second switch in the OPERATE position, the control switch on E and the knob selecting 2900 R: The right of the control rotor bank has RSTUVW contacts are energized to 60.3 VAC. The connections between the left plate of the index bank (number) and the left plate of the control bank (letters) are below. 1 - P, 2-Q, 3-RS, 4-TUV, 5-WXY, 6-ZABCD, 7-GH, 8-KLMN, 9-O, 0- IJ Cipher rotors 2 and 4 turn counter-clockwise, 1, 3, 5 turn clockwise. The 2900 R knob is mechanically linked to the cams that turn rotors 2 and 4. The knob and first switch both must select either 889 or 2900 to operate. In either position of the first switch (889 or 2900) or knob (889 F or 2900 R), second switch in OPERATE position, control switch on E: The cipher rotor solenoids (first number) are connected to right of the index bank (second number). 1-09, 2-87, 3-56, 4-34, 5-12 The keyboard is wired to the left plate of the cipher bank in a sequential manner with A on top proceeding clockwise. Note this is opposite of the rotors that are labeled in a counter clockwise manner. Z position of the cipher bank is occupied by the spacebar. (During encipher typing Z generates an encrypted X.) When the control switch is in D (decipher) position the right plate instead of left plate of the cipher bank is connected to the keyboard as expected. Probably only a dozen or so ECMs still exist. The NSA has 6 they know of. The Navy has 2, one of which is aboard Pampanito. They Army may have a couple, but NCM did not know. We have the only one that is operated. (NCM estimate Jun 96.) -- Richard Pekelney Internet: pekelney at rspeng.com Phone: 1-415-563-5928 Fax: 1-415-563-5787 From hfinney at shell.portal.com Wed Jul 17 19:50:49 1996 From: hfinney at shell.portal.com (Hal) Date: Thu, 18 Jul 1996 10:50:49 +0800 Subject: Crypto 96 Message-ID: <199607172345.QAA08995@jobe.shell.portal.com> Crypto 96 is coming up in about a month. This looks like a more interesting program than last year, IMO. According to the preliminary program, here are some presentations which could be of interest to cypherpunks: Anonymous Communication and Anonymous Cash Daniel Simon, Microsoft, USA Microsoft has had an increasing presence at the crypto conferences so it will be interesting to hear what their take is on anonymity. Any Microsofties on the list want to comment? Export Controls: Past, Present, and Future Andy Clark, Independent consultant This is an invited lecture just before lunch. I don't know who Andy Clark is, can anyone identify him? The Dark Side of 'Black-Box' Cryptography, or: Why Should We Trust Capstone? Adam Young, Columbia Univ., USA Moti Yung, IBM, USA It's not clear what the technical content will be of this, maybe ways to embed trap doors when black boxes are used. Generally the crypto conference attendees have varied views on our issues and there are often presentations about great new forms of key escrow, etc. So it is always nice to see some which sound like they favor privacy. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems Paul Kocher, Stanford, USA This is the famous Kocher timing attack which got so much attention a few months ago. [title to be announced] Cliff Stoll Another invited lecture. Stoll is famous for being skeptical about the value of the net. I think his politics are old- fashioned liberal. So it will be interesting to hear what his take is on the encryption debates. Relation of Theory to Practice in Cryptography [exact title to be announced] Ron Rivest, MIT, USA Yet another invited lecture. I didn't remember there being so many before. Actually I thought Rivest gave one last year. This working title doesn't sound too informative. Family Crypto led by Michael Fellows This takes up the Tuesday afternoon session, and is supposed to be suitable for kids, lay people, etc., to teach them something about crypto. I am lucky enough to live very near the site of the conference so I will bring my kids to check this out. It is something new. Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES John Kelsey, Counterpane Systems, USA Bruce Schneier, Counterpane Systems, USA David Wagner, Univ. California at Berkeley, USA There are actually several cryptanalysis type papers for which I can't tell from the title whether they will be big new results or not. Anybody know what "key schedule" cryptanalysis is? Cryptographic applications in electronic commerce Ernest Brickell An invited lecture. Interesting to see so many practically oriented talks. Cryptology, Technology, and Politics Whitfield Diffie Invited lecture. Diffie is of course strongly dedicated to our views. At the same time he presents himself very well and is always thoughtful. Quantum Cryptography over Underground Optical Fibers R. J. Hughes, Los Alamos National Labs, USA G. G. Luther, Los Alamos National Labs, USA G. L. Morgan, Los Alamos National Labs, USA C. G. Peterson, Los Alamos National Labs, USA C. Simmons, Los Alamos National Labs, USA I don't particularly think quantum crypto is that relevant to us but it will be interesting to hear about progress. There is actually a session on QC with this paper and another. New Results on Visual Cryptography Stefan Droste, Univ. Dortmund, Germany Visual cryptography is another novel idea involving non electronic encryption done by putting transparencies together in various ways. Maybe it could have some stego applications. Overall this conference looks very exciting, with possibly a more political and practical orientation than some. I am looking forward to seeing other cypherpunks there. Hal From david at sternlight.com Wed Jul 17 19:55:44 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 10:55:44 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: At 12:19 PM -0700 7/16/96, Rich Graves wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >On Tue, 16 Jul 1996, Timothy C. May wrote: > >> There were some flames, which I mostly ignored. Also, a peculiar kind of >> flame war dealt with endless speculations about his "motives." Utter >> nonsense, from careful reading of his views. That is, to insinuate that he >> is an agent of the NSA or the Bilderberger Grand Conspiracy merely because >> he (then) argued that Clipper was not as bad as most of us thought it >> was...well, that's just nonsensical. > >But he's still a fucking statist. Thanks for letting people know that at my advanced age my sexual prowess is undimmed. That kind of advertising cannot be bought. You sound authoritative on this matter. Have we some women in common I don't know about? It's SO hard to keep track. :-) David From sameer at c2.net Wed Jul 17 20:10:30 1996 From: sameer at c2.net (sameer) Date: Thu, 18 Jul 1996 11:10:30 +0800 Subject: spam suckers (was Re: Chancellor Group....) In-Reply-To: <199607121652.JAA28494@slack.lne.com> Message-ID: <199607171827.LAA12519@niobe.c2.net> FYI: I've been forwarding complaints about the moneyworld spam to the following addresses: dyno at cyberspace.com barer at cyberspace.com abuse at mci.net enforcement at sec.gov -- Sameer Parekh Voice: 510-986-8770 Community ConneXion, Inc. FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From joelm at eskimo.com Wed Jul 17 20:14:53 1996 From: joelm at eskimo.com (Joel McNamara) Date: Thu, 18 Jul 1996 11:14:53 +0800 Subject: Privacy tales Message-ID: <199607180016.RAA29667@mail.eskimo.com> While most of my crypto-activism efforts have involved writing code like Private Idaho, I've decided it's time to branch out a little, and play scribe. I'm going to be actively compiling what I hope will be the definitive source of worldwide case studies that demonstrate the benefits of Internet privacy tools. We've all heard the Burma and Eastern Europe stories from Phil, but there have to be a whole lot more like them out there. I'm looking for stories with a human focus, that clearly show the importance of PGP, anonymous remailers, and other tools to cultural, economic, and political processes. The goal is to have a body of evidence that can easily be tossed back at the anti-crypto folks, when they trot out the Four Horsemen. It would be great to have hundreds of examples of crypto et. al. benefitting society, to the few cases the government pulls out of its hat. I plan on organizing and publishing selected accounts at my Web site as I get them (specific details may be altered to protect identities). I'm going to be cross-posting to a variety of newsgroups and lists to publicize this. I'd appreciate your help in spreading the word around. If you have a story to tell, or know someone who does, I'd like to hear it. It doesn't have to be an exciting "rebels in the jungle" account either. In many ways, the everyday slice of life stories may be more important. See http://www.eskimo.com/~joelm/privacy.html for details. (And yes, I talk about ways to maintain your privacy and anonymity if you want to contact me.) Joel McNamara joelm at eskimo.com From rah at shipwright.com Wed Jul 17 20:16:30 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 18 Jul 1996 11:16:30 +0800 Subject: Netscape download requirements In-Reply-To: <199607161436.JAA27358@homeport.org> Message-ID: At 4:26 PM -0400 7/16/96, Jeff Weinstein wrote: > We are not doing any type of credit check. We are doing some address > verification using local databases, so these queries don't go into > anyones tracking database. Ah. So they can find you later when they outlaw crypto? ;-) No offense to our dear cypherpunk friends at Netscape, who are certainly just following orders. But, frankly, I don't feel like sending a sperm sample to Netscape, this time... When this goes across the old speed-bump, will someone post the URL here? Carefully, of course... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From stewarts at ix.netcom.com Wed Jul 17 20:18:50 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 18 Jul 1996 11:18:50 +0800 Subject: Code used by George Washington made available at last Message-ID: <199607170239.TAA20450@cygnus.com> There's an AP article by Carl Hartman saying that historians now have access to a secret handwritten code used by George Washington and Marquis de Lafayette. (It's a newspaper article that somebody across the train is reading; looks like today's SF Examiner...) # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From janke at unixg.ubc.ca Wed Jul 17 20:18:53 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Thu, 18 Jul 1996 11:18:53 +0800 Subject: Netscape download requirements In-Reply-To: <31EB61E5.520E@netscape.com> Message-ID: Why is the 128-bit version available only in the United States? It can't be due to ITAR since export of crypto to Canada is ok. Does it have something to due with RSA only being patented in the United States so that's the only place RSADSI wants it used? I noticed that Netscape's SSL implementation is available only to developers in the U.S. as well. -- Leonard Janke (janke at unixg.ubc.ca) NEW pgp key id 0x6BF11645 (0xF4118611 eaten by /dev/fd0 :( ) From cmcurtin at megasoft.com Wed Jul 17 20:19:02 1996 From: cmcurtin at megasoft.com (C Matthew Curtin) Date: Thu, 18 Jul 1996 11:19:02 +0800 Subject: Cybank breaks new ground; rejects public-key encryption In-Reply-To: Message-ID: <199607161345.JAA08175@research.megasoft.com> >>>>> "Lyal" == Lyal Collins writes: Lyal> I hesitate to distribute the discomplied source code I used, Lyal> asince it may get used by the unscrupulous to do trusting Cybank Lyal> customers out of their hard earned money. Maybe, enough Lyal> resquests will convince me otherwise. People need to learn that the sort of snake oil that is being sold as "secure" just won't cut it. Your concern for the customers of Cybank is valid, however, so I propose something along these lines: Announce, very publicly, such that every Cybanlk customer would hear about it in time, that you have cracked their hokey little non-crypto scheme, and that you intend to publish your work in a full-disclosure paper to be published on Month Day, Year. I would recommend a number of appropriate newsgroups, relevant mailing lists (individually posted, not CC'd), and some letters to the editor of the New York Times, San Jose Mercury News, the Wall Street Journal and other high-readership papers. As soon as someone in the media carries it, it'll spread like wildfire. Further, I would recommend some guidelines about when to post the published paper (and I would do it on a number of FTP sites as close to simultaneous as you can.) Do it on a Monday, so there are plenty of business days for Cybank to deal with it when the initial round of bad guys trying the attack will strike. Do it between 1100 and 1700 ET, so that you do it during business hours. -- C Matthew Curtin MEGASOFT, LLC Director, Security Architecture cmcurtin at research.megasoft.com http://www.research.megasoft.com/~cmcurtin/ Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From declan at well.com Wed Jul 17 20:20:54 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 18 Jul 1996 11:20:54 +0800 Subject: Russian foreign intelligence CD-ROM Message-ID: LOOKING FOR A GREAT GIFT IDEA? The Russian Foreign Intelligence Service (SVR) announced yesterday that it is releasing a six-hour long CD ROM that tells the stirring 75-year history of Soviet and Russian foreign intelligence. The CD ROM will be released in Russian and English versions and sell for about $120. It promises to provide buyers with access to SVR headquarters, and contains interviews with dozens of heretofore mysterious intelligence officers described as having helped shape the existing world order. (Itar-Tass, Interfax, July 16) From jimbell at pacifier.com Wed Jul 17 20:24:27 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 18 Jul 1996 11:24:27 +0800 Subject: Symantec's Your Eyes Only Message-ID: <199607170018.RAA04554@mail.pacifier.com> At 11:57 AM 7/16/96 -0400, Clay Olbon II wrote: >Now my $.02. I am concerned about the lack of a distinction between >transient communications and stored data. This is apparent in the GAK >proposals, but is also increasingly apparent in mainstream corporate >products such as this one and ViaCrypt BE. It is apparent (to me anyway) >that corporate access to stored data (data owned by the company, on >machines owned by the company) is probably necessary. I do not see this >same need for access to transient communications. Am I way off base on >this one? This has been mentioned a number of times by various people. It should be obvious that it is pointless to escrow the key of a data stream that you are not recording, such as a telephone conversation. Also, if you have no permanent need for that data (also, the telephone conversation) it is unnecessary. As might be expected, however, the proponents of GAK don't distinguish between keys for storage and keys for communication. Such an oversight is predictable. It's likely that governments will be more interested in keys for communication, because the data is far more easily (and secretly) accessible. Were they to admit that nobody has a need for his own communication data key, they'd lose a substantial fraction of their target data. Jim Bell jimbell at pacifier.com From um at c2.org Wed Jul 17 20:27:49 1996 From: um at c2.org (Ulf Moeller) Date: Thu, 18 Jul 1996 11:27:49 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: Michael Froomkin writes: >> So, who is in this "emerging consensus"? >Foreign governments? The recent issue of the German law journal NJW-CoR contains a report on the "ICC/BIAC/OECD Business Government Forum on Global Cryptography" in Washington, D.C., 1996-05-07. The author claims that the commerce representatives at the conference said they understood that governments had legitimate interest in key escrow and that key escrow could have commercial benefits. The Japanese government delegation stated that they were shocked about the American and European plans, because the Japanse Constitution prohibits mandatory key esrow. OECD will decide on crypto policy guilelines early in 1997. From tbyfield at panix.com Wed Jul 17 20:43:22 1996 From: tbyfield at panix.com (t byfield) Date: Thu, 18 Jul 1996 11:43:22 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: At 12:03 AM -0700 on 7/16/96, Lucky Green quoted/wrote: > > Your straining my credulity to claim that you can't get ahold of the > >regular phone number of them. Come on, are you 7 years old? > > How do you get a hold of the phone number if you don't know the location of > the company, they aren't on the net, and don't have the US phone numbers > CD-ROM handy? I am 33 and have yet to figure this one out... Try getting anything done from outside the country, where WATS lines need not apply, thank you, even if you _do_ have your CDRs with you. The amount of effort it takes to get around those %#$*ing 800 numbers from outside the US is a nontrivial component in US companies losing business to foreign competitors, imo. ObCrypto: non-net communications channels will necessarily play a big part in any systematic effort among the G7+ to establish a transnational GAK regime, and prickly details like disparities/imbalances in phone systems will wreak havoc on a practical level. In fact, the politico-economic dynamics that distort international telecom arrangements will probably go a long way toward hobbling the "widening horizons of police cooperation" the TLAs are aiming at. Then again, maybe the only thing worse than international GAK might be an incompetently bureaucratized international GAK system. Ted From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Jul 17 20:49:44 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 18 Jul 1996 11:49:44 +0800 Subject: Netscape download requirements In-Reply-To: <199607160905.FAA26831@mailserver1.tiac.net> Message-ID: <199607161908.PAA05069@pdj2-ra.F-REMOTE.CWRU.Edu> "Julian Burke" writes: : : Jeff Weinstein wrote: : : > We received written permission from the State Department for our : >download verification mechanism. : : What exactly is the reason for Netscape asking for the name, address, : e-mail address, and telephone number of anyone who wishes to download : the US-browser? If I remember correctly MIT in distributing PGP only : asks that you affirmatively assent to obeying export laws (and the : terms of the rsa license). : : I have not heard at any point that the MIT system does not meet the : legal requirements of ITAR. Is there perhaps some other reason : Netscape wishes to have this information? When I asked the agent of the NSA who is seconded to the Office of Defense Trade Controls to answer questions about the application of the ITAR to the cryptographic software what the authority for the MIT system was, she denied that the MIT system had been approved (or disapproved) by the Office of Defense Trade Controls, although I gather that the people at MIT may have spoken informally with someone. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From remailer at yap.pactitle.com Wed Jul 17 20:55:49 1996 From: remailer at yap.pactitle.com (Yap Remailer) Date: Thu, 18 Jul 1996 11:55:49 +0800 Subject: US versions of Netscape now available In-Reply-To: <2.2.32.19960716103638.00835c08@panix.com> Message-ID: <199607171835.LAA14321@yap.pactitle.com> > From: Tom Weinstein > Date: Tue, 16 Jul 1996 11:56:51 -0700 > > Duncan Frissell wrote: > > > > I'm glad too. So how many minutes did it take to leak overseas? > > I have heard no reports of it leaking overseas. Have you heard any reports of anyone successfully downloading it period? Netscape always times out in the middle of a download. I think the server is so overloaded that it's actually impossible to download the software. I sure wish there were an ftp site overseas somewhere, then I could actually get the damned thing. From perry at alpha.jpunix.com Wed Jul 17 21:20:06 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Thu, 18 Jul 1996 12:20:06 +0800 Subject: New type2.list/pubring.mix Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone, There is a new type2.list/pubring.mix combination on jpunix.com. Of note is the new middleman remailer, Janet Reno (reno). welcome aboard! The file are available by WWW at www.jpunix.com as well as by anonymous FTP at ftp.jpunix.com. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe1SvFOTpEThrthvAQGttgP+JxuFMaHByPlqjmsXu5oJJMbEGN+zZ1mY qPBFWyiNVezGhg/8dE4ZCqPYpClLCMAFSXFPAlioFuZRjkJ2TvSH+a0E1s5oyeOP zHJmc8+z7QlAbKYPRYdcX+KWzoXBtT01kUsi2AXm02vsaNP2HxKdSF8LviZn3YjA AZorDmtOdPA= =QqZJ -----END PGP SIGNATURE----- From markm at voicenet.com Wed Jul 17 21:20:50 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 18 Jul 1996 12:20:50 +0800 Subject: Opiated file systems In-Reply-To: <199607161705.NAA19009@unix.asb.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 16 Jul 1996, Deranged Mutant wrote: > A problem with a c'punk-style encrypted fs with source code and wide > distribution is, of course, that attackers will KNOW that there is a > duress key. I don't see how this would effect the security of such a filesystem. There is absolutely nothing that an attacker can do to get the real key. An attacker would just ignore all computers that have duress key capability. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMewkJLZc+sv5siulAQEXVwP/Rs78lEERnz2HdtMAwnuSgwM7Bb1UZhTq WWF439dp0NdyVRNw9HvV4vzX+HuES2sXZ2IIugsm7pCOQoUW6aAbY0AnPQ/38yt4 HbtwtWSH4BI9Fc/by7UXEwYY2rKmQYZw80ZPcsunNFNG19+PanjOlEulHZAH/3Q7 8wF1J7WO4WU= =Jkfn -----END PGP SIGNATURE----- From bkmarsh at feist.com Wed Jul 17 21:21:59 1996 From: bkmarsh at feist.com (Bruce M.) Date: Thu, 18 Jul 1996 12:21:59 +0800 Subject: Washington Post -- "Block but Verify" In-Reply-To: Message-ID: On Tue, 16 Jul 1996, Rabid Wombat wrote: > A user-selectable menu would be, umm, interesting ... just how could one > describe, in terms offensive to absolutely no one, what one's product is > offering to block? I thought that Net Nanny or another related product offered generic options for what you wanted to block. Such as clicking on an option box to enable the blocking of violence or to enable the blocking of sexual material. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 So, what is your excuse now? From janzen at idacom.hp.com Wed Jul 17 21:24:08 1996 From: janzen at idacom.hp.com (Martin Janzen) Date: Thu, 18 Jul 1996 12:24:08 +0800 Subject: Government: Home-Business Message-ID: <9607170008.AA17243@sabel.idacom.hp.com> Mike Rose writes: >>Dear Friend, >>Thank you for your interest. Please take a minute to read this >>important information or simply print it out. > >I'm getting more and more of this kind of crap sent to me. >[...] >How are other people dealing with this? Since you say you have procmail, you could try something along this (as yet untested) line: :2HB cypherpunks at toad.com ^dear friend /dev/null I find that people who address me as "Dear Friend" are invariably pushing some kind of chain letter, religion, multi-level marketing scam, or the like. My real friends _know_ my name. -- Martin Janzen janzen at idacom.hp.com From david at sternlight.com Wed Jul 17 21:25:01 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 12:25:01 +0800 Subject: US versions of Netscape now available In-Reply-To: <2.2.32.19960716103638.00835c08@panix.com> Message-ID: At 3:36 AM -0700 7/16/96, Duncan Frissell wrote: >At 04:18 PM 7/15/96 -0700, sameer wrote: > >> Not like that's tough to figure out. Congrats. It's cool to >>actually be able to connect to my webserver using real encryption. >>Glad the lawyers don't think Barksdale is going to jail anymore. > >I'm glad too. So how many minutes did it take to leak overseas? It doesn't "leak overseas" as if there were some regrettable lapse in the plumbing. Someone has to commit a felony violation of Federal law. David From alanh at infi.net Wed Jul 17 21:26:18 1996 From: alanh at infi.net (Alan Horowitz) Date: Thu, 18 Jul 1996 12:26:18 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Tue, 16 Jul 1996, Lucky Green wrote: > How do you get a hold of the phone number if you don't know the location of > the company, they aren't on the net, and don't have the US phone numbers > CD-ROM handy? I am 33 and have yet to figure this one out... Look in a trade directory? Call the advertising manager of the publication that ran the ad? Call the office of the relevant trade association? Gosh, are these radical concepts for you? Am I to understand that there has arisen a generation of cypherpunks which can't sniff out any information which a Net Search Robot doesn't return? Go back to your couch, potato. From jsw at netscape.com Wed Jul 17 21:28:46 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 18 Jul 1996 12:28:46 +0800 Subject: Netscape download requirements In-Reply-To: <199607161346.JAA07227@jekyll.piermont.com> Message-ID: <31EC2879.4E15@netscape.com> Perry E. Metzger wrote: > > Jeff Weinstein writes: > > If you are not comfortable providing this information, then you > > may either run the export version, or purchase the retail navigator > > package, which also includes the US only version when sold in the US. > > But you can't buy the Linux or other similar versions, so this is not > an option for many of us. You can buy a supported version of Navigator for Linux from Caldera. I've been told that we have given them a US binary, but I'm not sure if they are shipping it yet. You should contact them to find out when it will be available. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jpp at software.net Wed Jul 17 21:29:06 1996 From: jpp at software.net (John Pettitt) Date: Thu, 18 Jul 1996 12:29:06 +0800 Subject: CookieScan 0.0 rev 0 Message-ID: <2.2.32.19960716215409.00d2a4bc@mail.software.net> At 08:02 AM 7/16/96 -0700, David Sternlight wrote: >At 5:34 PM -0700 7/15/96, Christopher Hull wrote: >>Do y'all think there might be an interest in a >>utility which would allow the user to deal with >>browser cookies? >> >>What I imagine is a little utility that would >>display the cookies stashed on a machine and >>give the user the option to either delete or >> edit any given cookie. >>(Hey, it's *your* computer, not the website's). > >And they'll simply start encrypting the cookies if they don't do >so already. Have a nice day. > >David > > > we have already :-) John Pettitt, jpp at software.net EVP, CyberSource Corporation, 415 473 3065 PGP Key available at: http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705 From anonymous-remailer at shell.portal.com Wed Jul 17 21:29:07 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Thu, 18 Jul 1996 12:29:07 +0800 Subject: No Subject Message-ID: <199607180110.SAA15188@jobe.shell.portal.com> Does anyone know how to tanslate PGP into Burmese? From alanh at infi.net Wed Jul 17 21:29:45 1996 From: alanh at infi.net (Alan Horowitz) Date: Thu, 18 Jul 1996 12:29:45 +0800 Subject: Gorelick's Urge In-Reply-To: <199607171328.NAA23475@pipe6.t2.usa.pipeline.com> Message-ID: Isn't it getting a little tiring, to see the Manhattan Project's name being compared to modern-day triumphs of mediocrity? Didja ever notice, that in the wake of the movie _The French Connection_, there arose a whole genre of movies and TV show, which were thinly disguised frameworks for displaying a copycat "action" car chase? This is the intellectual level that Ms Gorelick appears to have. Someone ought to send this Jamie girl, a copy of Feynman's autobiography. Think she can learn from history? From jad at dsddhc.com Wed Jul 17 21:29:48 1996 From: jad at dsddhc.com (John Deters) Date: Thu, 18 Jul 1996 12:29:48 +0800 Subject: Word lists for passphrases Message-ID: <2.2.32.19960716220138.00341fec@labg30> At 10:33 AM 7/15/96 -0700, David Sternlight wrote: >At 12:45 AM -0700 7/15/96, Bill Stewart wrote: >>At 09:43 PM 7/8/96 -0700, ??? wrote: >>>If the purpose is for use with "Crack" or some similar program, it might be >>>better than you would think. You won't get the "unusual" words, but you >>>will also get the words in common usage that do not appear in dictionaries. >>>(Such as fnord, jedi, killfile, and the like...) >> >>"fnord" is in _my_ dictionary - can't you find it in yours? :-) >> >>>Another thing to look for when choosing dictionaries/wordlists for crack is >>>not sticking to english. If you have a userbase that is known to have a >>>certain percentage of people of a non-english background, you will want to >>>find lists of words from that background. (I had a sysadmin asking me about >>>Yiddish and Hebrew wordlists for just that reason.) These can be a bit >>>harder. (Especially for unusual languages.) >> >>Grady Ward has his Moby Words databases with some of this kind of information. >>In addition to the usual sets of languages, it's useful to include any >>available lexicons of Elvish, Klingon, Unix, and other popular >>hacker-languages, > >It is pretty easy to defend against dictionary attacks by using an expanded >character set--mixed caps and lower case; numbers substituted for some >letters according to easily-remembered personal rules. Then I caution you to review the program 'Crack'. Crack comes with two sets of rules with which it mutates the words from two separate dictionaries. Things like: replace 'i' with 'y', 's' with '$', 'e' with '3', change capitalization to pattern AbCdE, etc. Typically, there is an extensive set of rules (I remember 47) that perform more "morphing" of a shorter "hot" dictionary list, followed by a common subset of the rules applied to the entire dictionary. The shorter dictionary list I remember seeing contained an extensive list of female first names, common computer "words" such as foo, bar, etc., and even some Klingon and Elvish words. These words were subjected to extensive letter shifting, case changing, and substitutions. The balance of the dictionary was subjected to the simpler subset of rules (22, I believe) regarding substitution, reversal of letters, capitalizing the first and/or last letters, suffixing a single non-alpha character, etc. I know a rather paranoid sa who used to think he had secure passwords because he'd look around for some "word" of some random object nearby, then transmogrify some letter (typically substituting 'y' for 'i'). Crack found him out in very short order. The reason I post this is that these word lists are invaluable to the Crack operator. *ANY* knowledge that reduces the search space can render the security useless. For example, if a Crack operator learns that you once had a password of "any0ne", he or she will make sure to include a rule substituting zero for 'o' in both dictionaries, they will probably make an effort to emphasize letter-to-number substitutions of the words in their dictionary, and maybe even focus less (or at least test last) on other attacks, such as case-changing or number-suffixing. Those "easily-remembered personal rules" to which you refer can catch you pretty quickly. >"Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the >"v" is a roman numeral 5. Another is the "Compuserve method" of inserting >punctuation characters between words making up a password or key. Since the >length of the words used is unknown to the cracker, this makes his job >harder. Harder is not NP-hard. It's a very very long way away from NP-hard. >That is--a dictionary which accomodates such things as the above will be >pretty large. With the number rule, there would have to be 10 additional >versions of the one-letter word, 10 versions of each leading character >making up a two letter word, and then it starts increasing combinatorially. >Might as well use brute force. A "pretty large" dictionary is still much! smaller than brute force. And even if it is the precursor to brute-force, it's still a better starting point than 0x00000000000000, if you have reason to believe that it's based on an ASCII password. Just remember the old joke: entropy ain't what it used to be. And every generation of faster processor that arrives makes this statement more relevant to cryptanalysis. John -- J. Deters "Captain's log, stardate 25970-point-5. I am nailed to the hull." +-------------------------------------------------------+ | NET: jad at dsddhc.com (work) jad at pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'33"N by 93^16'42"W Elev. ~=290m (work) | | PGP Key ID: 768 / 15FFA875 | +-------------------------------------------------------+ From llurch at networking.stanford.edu Wed Jul 17 21:31:37 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 18 Jul 1996 12:31:37 +0800 Subject: Netscape download requirements In-Reply-To: <199607161436.JAA27358@homeport.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 16 Jul 1996, Adam Shostack wrote: > First off, I applaud Netscape for making the US version available for > download. All of my comments here should be taken as questioning the > why's, not suggesting that the implementation is so onerous Netscape > shouldn't have done it. Although, you might want to add a link to a > page decrying the kafka-esque experience; perhaps Matt's 'My life as > an arms smuggler?' It's there, but it's subtle (they must be polite, you know). Read the download FAQ closely, especially the #bigbrother anchor. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMe0bE5NcNyVVy0jxAQFvPAIAiVyWQcu4O/cvYL5ws7FCTfHVVF9HTGYx jbSTQ+e3tSk10CrJQ8pqlGsissDjEhz135vKGy1cMlbqtv+/S8MHQw== =GWA5 -----END PGP SIGNATURE----- From oolid at acqic.org Wed Jul 17 21:31:57 1996 From: oolid at acqic.org (Joseph L. Moll) Date: Thu, 18 Jul 1996 12:31:57 +0800 Subject: blowfish bug Message-ID: <2.2.32.19960717193943.006af820@mail.acquion.com> Could someone recap the reference to the Blowfish bug fix and where it is and is not correct? I have lost the emails that referenced this. Best Regards, --- Joseph L. (Joe) Moll, Greenville, SC USA mailto:oolid at acqic.org From WlkngOwl at unix.asb.com Wed Jul 17 21:32:10 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 18 Jul 1996 12:32:10 +0800 Subject: It's no "WON_der" Message-ID: <199607162314.TAA25841@unix.asb.com> On 16 Jul 96 at 1:08, John Young wrote: > 6-15-96. NYP, Book review: > > AFTER THOUGHT > The Computer Challenge to Human Intelligence > By James Bailey > Illustrated. 277 pages Basic Books/HarperCollins. $25. > ISBN 0-465-00781-3 > Mr. Bailey, a former senior manager at the Thinking > Machines Corporation, foresees an "electronic computing > revolution" whose "intellectual impact will be greater than > anything since the Renaissance, possibly greater than > anything since the invention of language." In his view, the > greatest challenge posed by the computer revolution will be > for humans to trust processes of thinking they won't > necessarily understand, such as neural networks spotting > patterns without supplying proof "in any human-absorbable > form." Of course it's important to note that all models of computing (serial, neural, etc.) are based somewhat on conceptions of how humans think, compute, etc. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jthomas at woodland.org Wed Jul 17 21:34:53 1996 From: jthomas at woodland.org (Joe Thomas) Date: Thu, 18 Jul 1996 12:34:53 +0800 Subject: Cookie alternatives In-Reply-To: <199607161607.JAA08875@jobe.shell.portal.com> Message-ID: <31ED8EFE.5A2C@woodland.org> Hal wrote: [Summary of the Cookie Situation, including an interesting proposal about client-side shopping carts that could replace some uses of cookies.] > (Given the difficulties in creating new protocols for this kind of > support, I think a step in the right direction would be to change the > user interface so that cookies are only sent upon user request. Maybe > you have to shift-click or use some other key modifier to send a cookie. > Then shopping pages could ask you to shift-click the buy button to add > the item to your shopping cart.) Neat idea, but it might be hard to get many users to understand the interface. I'm surprised no one's mentioned that this week's beta of Netscape Navigator (3.0b5, available in U.S. or export strength) has a configuration option that let's you see an alert box before your browser accepts a cookie. It's a little hard to find... (Note to Jeff W. or other Netscape folks: maybe this should move from Network: Protocols to Security: General. Makes more sense to keep all the "Show an Alert Before" choices in one place.) Joe From sameer at c2.net Wed Jul 17 21:35:38 1996 From: sameer at c2.net (sameer) Date: Thu, 18 Jul 1996 12:35:38 +0800 Subject: Netscape download requirements In-Reply-To: <31ED5EEF.5AA3@netscape.com> Message-ID: <199607172234.PAA09275@atropos.c2.org> > > Because we have not yet been able to obtain the address verification > databases that we need for Canada. There is someone working on > tracking this down right now. When we get the proper database we > will add access to canada. Have you considered selling this export verification system? -- Sameer Parekh Voice: 510-986-8770 Community ConneXion, Inc. FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From usura at replay.com Wed Jul 17 21:36:03 1996 From: usura at replay.com (Alex de Joode) Date: Thu, 18 Jul 1996 12:36:03 +0800 Subject: Netscape download requirements Message-ID: <199607162331.BAA02617@basement.replay.com> In article <199607161346.JAA07227 at jekyll.piermont.com> you wrote: : Jeff Weinstein writes: : > If you are not comfortable providing this information, then you : > may either run the export version, or purchase the retail navigator : > package, which also includes the US only version when sold in the US. : But you can't buy the Linux or other similar versions, so this is not : an option for many of us. Well one 'ITAR gangsta' can alwas upload the linux version to a 'liberated ftp site'. It seems that the program checks something in the supplied phone, area code and zip code, so why not do a 'whois netscape.com' and enter the Netscape Communications Corps. data ? Afterall whois to know .... (for the humorly impaired: *g*) bEST Regards, -- -AJ- From alexf at iss.net Wed Jul 17 21:37:38 1996 From: alexf at iss.net (Alex F) Date: Thu, 18 Jul 1996 12:37:38 +0800 Subject: Put Uncle Sam in your Calling Circle Message-ID: <199607171603.MAA04115@phoenix.iss.net> > Hey guys, > > I just got a really cool poster from RSA. It's a big circle split off > into several sections showing people talking to each other, the upper > right hand corner shows two NSA dweebs looking like Bevis & Butthead in > suits, one smoking, the other seated infront of an old 60's reel to reel > audio tape recorder, a sign on the wall behind them says "Key Escrow" You can get images of these at the RSA homepage (www.rsa.com). Click on "Art Gallery." The Key Escrow sign is impossible to read though. Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From declan+ at CMU.EDU Wed Jul 17 21:50:07 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Thu, 18 Jul 1996 12:50:07 +0800 Subject: Washington Post -- "Block but Verify" In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 17-Jul-96 Re: Washington Post -- "Blo.. by "Bruce M."@feist.com > I thought that Net Nanny or another related product offered generic > options for what you wanted to block. Such as clicking on an option box > to enable the blocking of violence or to enable the blocking of sexual > material. Some products do, some don't. SurfWatch is ON or OFF. CyberPatrol has a dozen categories. -Declan From jim at ACM.ORG Wed Jul 17 21:52:07 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Thu, 18 Jul 1996 12:52:07 +0800 Subject: US versions of Netscape now available In-Reply-To: <199607171835.LAA14321@yap.pactitle.com> Message-ID: <199607180213.TAA12945@mycroft.rand.org> Yap Remailer writes: >Have you heard any reports of anyone successfully downloading it >period? Netscape always times out in the middle of a download. I >think the server is so overloaded that it's actually impossible to >download the software. Yes, I successfully d/l'ed the Sun version. I think it was about 7MB and took forever, but it unpacked and ran cleanly with no glitches whatever. It's a temporary version -- it'll expire on about 17 Sep... which is fine for me, since I didn't want to wait until our Purchasing dept got through with their song and dance. Jim Gillogly Hevensday, 25 Afterlithe S.R. 1996, 02:12 From declan+ at CMU.EDU Wed Jul 17 21:53:15 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Thu, 18 Jul 1996 12:53:15 +0800 Subject: Surf-filter lists In-Reply-To: <199607161804.LAA26399@netcom18.netcom.com> Message-ID: Excerpts from internet.cypherpunks: 16-Jul-96 Re: Surf-filter lists by "Vladimir Z. Nuri"@netco > Meeks discussed a case where the software clearly gave *categories* > of what it filtered, and I think he focused on a case where it > was clear that it was borderline (the monkey with the eye poked > out). in other words, it did appear to me that the software &raters > were working exactly as they were supposed to, and he was hilighting > a borderline case. moreover, the categories were clear: "gratuitous > depictions of violence" or whatever. for *some* consumers, knowledge > of these *categories* is going to be enough. other consumers > are going to be more wary and want to make sure that the actual > sites blocked correspond to the categories stated. L.D. fails to say why NOW and gay history sites and gun rights sites and EFF and LPF and SAFE @ MIT and HotWired should be blocked. He also fails to understand that Brock and I both wrote the article. He finally fails to understand that CyberPatrol's categories are anything but clear. -Declan From declan+ at CMU.EDU Wed Jul 17 22:03:07 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Thu, 18 Jul 1996 13:03:07 +0800 Subject: Intl consensus (was Re: How I Would Ban Strong Crypto in the U.S.) In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 17-Jul-96 Intl consensus (was Re: How.. by Dave Banisar at mindvox.com > BTW. Those wizards at Wired have gotten our favorite spook Stewart Baker > to write an article for an upcome issue talking about how the rest of the > world save Japan loves key escrow and those big bad Japanese are > thwarting the rest of the worlds "consensus". Its quite a load of > inaccurate shit but our effort to rebut it was rejected by wired (I guess > it wasnt trite enough for them). Will anyone else be rebutting it? -Declan (not speaking for WIRED, first I heard of this) From tomw at netscape.com Wed Jul 17 22:04:50 1996 From: tomw at netscape.com (Tom Weinstein) Date: Thu, 18 Jul 1996 13:04:50 +0800 Subject: US versions of Netscape now available In-Reply-To: <199607171835.LAA14321@yap.pactitle.com> Message-ID: <31ED9B5A.167E@netscape.com> Yap Remailer wrote: > > Have you heard any reports of anyone successfully downloading it > period? Netscape always times out in the middle of a download. I > think the server is so overloaded that it's actually impossible to > download the software. > > I sure wish there were an ftp site overseas somewhere, then I could > actually get the damned thing. Yes. We've had a few thousand people download it. Unfortunately, we only have one machine serving downloads right now, and it tends to melt down a couple times a day. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From hayden at krypton.mankato.msus.edu Wed Jul 17 22:12:24 1996 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 18 Jul 1996 13:12:24 +0800 Subject: Surf-filter lists In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 16 Jul 1996, Declan McCullagh wrote: > More to the point, as I wrote at the end of the original CWD, it's a > bait-and-switch maneuver. Go after porn, they say, but the censor political > information. ARGH! I've been keeping quiet about this for a while, but I thing I gotta say something before I throttle my Zip drive... A Private organization cannot "censor" anything. The fundamental definition of the word require some agent of the government take action to censor. To accuse Surf-Watch, net-nanny, AOL, MSU, AT&T, or whatever of "censorship" accomplishes nothing except to make us look the fool. I agree that the problem with the "bait-and-switch" filtering of net materials by these various filtering packages needs to be addressed. If I want to protect my kids from seeing alt.naughty.pictures, I shoudl still be able to unfilter political and health speech. The real problem isn't censorship, it's disclosure by the makers of filtering packages about what exactly their packages are going to filter for me and my family. However, in the upcoming war of filtering packages (and it will get ugly) trade secrets are going to make any company hesitant to reveal what it is they are filtering and what criteria they are using to determine if something qualifies. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMe0jezokqlyVGmCFAQH0SAP+ONXs2f4GxjIrC6cp2sc9CgTrebL4cBWB UqpH4H3UO0TiKZN4T6MGVC6kCA3OwQnd0DNC0f0D6+iZTPkwN228Am6ZH4+t9hZs OrmCbZCiWZipLfT1gphIHqFHSqIQ506LkkGgLK0gjsS2ahrI+cNYJA3yYBviMkB1 zuj1KRJ+pMk= =ddI5 -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+** ------END GEEK CODE BLOCK------ From banisar at epic.org Wed Jul 17 22:23:55 1996 From: banisar at epic.org (Dave Banisar) Date: Thu, 18 Jul 1996 13:23:55 +0800 Subject: New Infowarfare Panel Message-ID: If y'all have heard, Clinton signed an executive order 2 days ago creating a new panel to examine how to "protect" "critical" computer systems. The panel will be made of of the usual suspects with a non-govt person ($5.00 says it will be someone from one of those wonderfully independant companies like SAIC, MITRETEC, EDS, E-Systems). Needless to say, it looks an awful lot like NSDD-145 all over again with the panel recommending changes to the law to allo for greater coordination of LE, intell for govt computers and god knows what for non-govt computers. Anyway, the directive is now up on our site at http://www.epic.org/security/infowar/eo_cip.html -dave _________________________________________________________________________ Subject: New Infowarfare Panel _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From ichudov at algebra.com Wed Jul 17 22:27:29 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 18 Jul 1996 13:27:29 +0800 Subject: Sternlight on C'punks In-Reply-To: <199607161639.MAA00191@jekyll.piermont.com> Message-ID: <199607171622.LAA04536@manifold.algebra.com> Perry E. Metzger wrote: > > "Peter D. Junger" writes: > > How does one set up a kill-file for a mailing list? I run a Linux box > > with sendmail and use the MH mail system. > > > > My best guess is that I will have to install procmail, but would like > > your advice before going to a lot of labor. > > You can use procmail. If you use MH, you can also use a combination of > "pick" and "rmm" to nuke a specified list of users before going > through your mail. > Here's the procmailrc recipe that I use for cypherpunks: :0 * ^(Sender|From): owner-cypherpunks at toad.com { :0 * ? fgrep -q -i -f $HOME/.procmail/killfile.cpunks /dev/null :0: $CRYPTO } All you have to do add a new entry to your killfile is to add a new line to te file ~/.procmail/killfile.cpunks which is real easy. - Igor. From deviant at pooh-corner.com Wed Jul 17 22:34:45 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 18 Jul 1996 13:34:45 +0800 Subject: Opiated file systems In-Reply-To: <199607171103.MAA00222@server.test.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 17 Jul 1996, Adam Back wrote: > Date: Wed, 17 Jul 1996 12:03:46 +0100 > From: Adam Back > To: jpb at miamisci.org > Cc: maldrich at grci.com, deviant at pooh-corner.com, WlkngOwl at unix.asb.com, > cypherpunks at toad.com, aba at dcs.ex.ac.uk > Subject: Re: Opiated file systems > > > Joseph Block writes: > > At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote: > > >One problem, however, would be how to keep the "decoy" data, accessible > > >with only the ambush key, "fresh" in that it must undergo a certain amount > > >of turbulence to appear real. > > A problem yes. My thoughts were that you would effectively have two > filesystems and use them both yourself for real work. That is to say > that you would say have some consulting work doing some programming or > something, and use the 1st encrypted filesystem for this work. If > this work was covered by an NDA, so much the better, as it would > provide an understandable reason for encrypting. Good Idea, but I also like the idea of selective-duress, i.e. not necisarily having a duress key at all. > > > >The two file systems would essentially have to > > >mirror each other, one with the juicy bits and one with the decoy bits. > > >It would seem to be practically impossible to just build two file systems > > >as one would 'disappear' when only the ambush key was used. Wouldn't it > > >be sort of obvious that something was wrong if half the disk vanished? > > I don't think nuking the data is the way to go, from what I understand > of the way these things work, is that they kick down the door in the > dead of night and make sure you don't get to touch the equipment. > Also they'd be sure to take a sector level backup of the drive as a > first step. I have several friends that this has happened to, and pretty much it goes like this... round 7:00 AM, when your just going to bed (well, some of us don't have jobs till nighttime.. thank god.), they knock down your doors and windows (yes, they do come through windows), and they take the equipment, disks, tv's, CD players (yes, i know somebody who had their CD player taken. And a pile of CDs. Music ones even.), clock radios, pretty much everything electronic they can cary. If you ever DO get any of it back, most likely it is not the same equipment, i.e. they coppied it all and kept the original. I do agree that nuking the data isn't the way to go. Most of the time if you crypted something, you're probably gonna want it back. There's also an Idea me and Mouse had, which is to have a fault-tolerant duress system. Its something like this... You have a Duressfs and a Non-Duressfs. If they enter the duress key is entered wrong, but only by a certain percentage of characters (i.e. sex instead of hex), it lets you see the Duressfs. If you do this too many consecutive times, it runs the DuressNuke function (optional?). If you put the Duress key in correctly it runs the DuressNuke function. If you put the secret key in, it gives you the non-Duress version. that way if they didn't beleive you're "near-duress" key, you can give them the actual duress key to nuke the data. Just an idea. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMe2dpzAJap8fyDMVAQF4tgf9F0urSb+4D/Cwl4eb4Y5t1FeGEt5FEmDZ irKOo8ndGj22f0Qb3QEaAaVz85t41YG85FuG3eTsTEUDQmKi/YSqvlo0zgaIJ0tb /xLMSiFWEWoekxChzXoJtR8XSVc+wOmxLSBWCa73JjU4YPdYLtYdgK2C0E3wNfWF WoSGe18FnejnrdvSnlF2rpF1wFgYnRrArlRvCZpmDp8bZAhm0rhLqOZ7MyVoUBjA TKPzNVtskEYsNWQZ6eMrIJHHCUEzQ7IrUoWjP5v4QOQOxngijkgkpZZINMvVCp/e k7aoot75XoUk23cPgGucR63r8jz+T1s/usBxuIYSE7ZujnpJ+Q10rA== =/nXP -----END PGP SIGNATURE----- From merriman at amaonline.com Wed Jul 17 22:35:17 1996 From: merriman at amaonline.com (David K. Merriman) Date: Thu, 18 Jul 1996 13:35:17 +0800 Subject: TLA abuse (?) [non-crypto, mostly] Message-ID: <2.2.32.19960717031217.0067f2fc@mail1.amaonline.com> -----BEGIN PGP SIGNED MESSAGE----- Hmmmm. Got a call this morning from a Mike Hughes of the Amarillo PD (APD). Seems they've received "several" complaints about the anti-CDA image on my home page (http://www.shellback.com/p/merriman). Supposedly, it's not the nudity they complainer(s) is(are) all riled up about: it's the age of the models that's being questioned. Hardcopy of said image has been forwarded to the FBI for 'review'. Officer (sorry, don't recall his rank) Hughes says *he* thinks the models could conceivably be 18; a judge they showed it to said _she_ thought (personal opinion) younger. Hence, the forwarding to FBI for quasi-official determination. Officer Hughes going to stop by so I can show him: A - that the page is PICS rated B - the original of the image :-) C - the precautions that PWS takes to warn folks about possibly offensive content. I don't plan to change the image, so if anyone can point me in the general direction of some Legal Assistance (tm), I'd appreciate it. Dave Merriman -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMexn/cVrTvyYOzAZAQHlRgP/dKIbtldSNhFe7pe3PVIHfTtDsSFH82OG i4/yBxD2dcFi+Ou+2nbol2MKOew7qKeV7Lq3raU/rcjIVutFDUGIxa+SAJTzuc5F t6Wb8lD3M4rvH/7kklhW0yf1iQaauT+bQt+ZHaUDNGLBCpiy0RPPMnluydcGZeRV Xq6IEnkH9a4= =yg4d -----END PGP SIGNATURE----- From lzirko at c2.org Wed Jul 17 22:43:11 1996 From: lzirko at c2.org (Lou Zirko) Date: Thu, 18 Jul 1996 13:43:11 +0800 Subject: Fw: Re: US versions of Netscape now available Message-ID: <199607172236.PAA15899@infinity.c2.org> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Wed Jul 17 17:36:57 1996 - -----Begin Included Message ----- Date: From: To: remailer at yap.pactitle.com Cc: cypherpunks at toal.com To: remailer at yap.pactitle.com, cypherpunks at toal.com Date: Wed Jul 17 17:30:28 1996 Successfully downloaded and installed last night. It tool a while for the transfer to commence though. Lou Zirko > > From: Tom Weinstein > > Date: Tue, 16 Jul 1996 11:56:51 -0700 > > > > Duncan Frissell wrote: > > > > > > I'm glad too. So how many minutes did it take to leak overseas? > > > > I have heard no reports of it leaking overseas. > > Have you heard any reports of anyone successfully downloading it > period? Netscape always times out in the middle of a download. I > think the server is so overloaded that it's actually impossible to > download the software. > > I sure wish there were an ftp site overseas somewhere, then I could > actually get the damned thing. > > Lou Zirko (502)383-2175 Zystems lzirko at c2.org "We're all bozos on this bus" - Nick Danger, Third Eye - ---- End of forwarded message ---- Lou Zirko (502)383-2175 Zystems lzirko at c2.org "We're all bozos on this bus" - Nick Danger, Third Eye -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 iQEVAwUBMe1rFMtPRTNbb5z9AQHjtwf+Mhz46IY3fImoeymgi5pINyxQ1ifhElJ0 xMlyAVQlaYQYYGTND/xue8Ig3C66eI2WhG4P6L3A1aEcwZNstqFoH90OPmBornPU L8N/7wpVR0EK74Ptlt2cyDsCUYw6UTKjBz9Zue4jR1Y7nW/V8SLhGEPx5PAz/h+r m3yNqgSi4YmKdy4gg35BbuSuSFKQG81iIjcipKYB1s67RORytzXG4kOsrptUHZNm gzLFcR4ldlPw0O1vU3yY38lXi2DygllLZGCl4+HFSW5rnBvEEXeVo4yINqYepVkx vsfoqKGrn2dQ6fWY0yQnPGi0O1mWGeDdTWzabJIvMG2AlM8AfP4hIA== =cXnP -----END PGP SIGNATURE----- From sfuze at sunspot.tiac.net Wed Jul 17 22:47:27 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Thu, 18 Jul 1996 13:47:27 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? In-Reply-To: <199607152349.BAA14860@utrecht.knoware.nl> Message-ID: I'm finding it difficult here, aside from purely technical terms, to figure out how ecash is really different from using your ATM card to pay for groceries at the supermarket. Same Same, only even less secure. -Millie From declan at eff.org Wed Jul 17 22:51:23 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 18 Jul 1996 13:51:23 +0800 Subject: Gorelick testifies before Senate, unveils new executive order Message-ID: ---------- Forwarded message ---------- Date: Wed, 17 Jul 1996 15:54:24 -0500 From: Declan McCullagh To: fight-censorship+ at andrew.cmu.edu Subject: Gorelick testifies before Senate, unveils new executive order Deputy Attorney General Jamie Gorelick testified yesterday before Sen. Sam Nunn's cyberscare hearing (take #3), where she ranted about the evils of the Net and unveiled an executive order signed by the president on Monday. Gorelick, the administration's newly-annointed chief Net fearmonger, said: "The executive order is on Federal Information Infrastructure protection... It creates a committee to draft policy and recommend legislation. The order cites two types of threats: physical and cyber." The infrastructure she's talking about isn't government computers; she means the private sector. "Because this infrastructure is privately owned, this [executive order] emphasizes and recognizes the importance of cooperation." That is, cooperation with the fear of government regulation hanging over your head. The President's Commission on Critical Infrastructure Protection, which will have an industry advisory panel, has one year to report back with recommendations. Sen. Patrick Leahy testified: "Armed with a modem and a computer, a criminal can wreak havoc on our computers from anywhere in the world. There are no borders in cyberspace... Existing criminal statutes provide a good framework for prosecuting [some] computer offenses... We have to assume we have to update our criminal code." Clinton's executive order also creates a "Infrastructure Protection Task Force," effective immediately, with reps from the FBI, DOD, and NSA. At yesterday's Senate permanent subcommittee on investigations hearing, Gorelick ducked Sen. Nunn's questions about the limits of the task force's authority. But the executive order says the group must: (i) provide, or facilitate and coordinate the provision of, expert guidance to critical infrastructures to detect, revent, halt, or confine an attack and to recover and restore service... (v) coordinate with the pertinent law enforcement authorities during or after an attack to facilitate any resulting criminal investigation. "Critical infrastructures" include telecommunications facilities and the Net. -Declan PS: For background, check out: http://www.netizen.com/netizen/96/29/campaign_dispatch0a.html Critical infrastructures: 1. telecommunications; 2. electrical power systems; 3. gas and oil storage and transportation; 4. banking and finance; 5. transportation; 6. water supply systems; 7. emergency services (including medical, police, fire and rescue); and 8. continuity of government. EXECUTIVE ORDER - - - - - - - CRITICAL INFRASTRUCTURE PROTECTION Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. These critical infrastructures include telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire and rescue), and continuity of government. Threats to these critical infrastructures fall into two categories: physical threats to tangible property ("physical threats"), and threats of electronic, radio-frequency, or computer-based attacks on the information or communications components that control critical infrastructures ("cyber threats"). Because many of these critical infrastructures are owned and operated by the private sector, it is essential that the government and private sector work together to develop a strategy for protecting them and assuring their continued operation. NOW, THEREFORE, by the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Establishment. There is hereby established the President's Commission on Critical Infrastructure Protection ("Commission"). (a) Chair. A qualified individual from outside the Federal Government shall be appointed by the President to serve as Chair of the Commission. The Commission Chair shall be employed on a full-time basis. (b) Members. The head of each of the following executive branch departments and agencies shall nominate not more than two full-time members of the Commission: (i) Department of the Treasury; (ii) Department of Justice; (iii) Department of Defense; (iv) Department of Commerce; (v) Department of Transportation; (vi) Department of Energy; (vii) Central Intelligence Agency; (viii) Federal Emergency Management Agency; (ix) Federal Bureau of Investigation; (x) National Security Agency. One of the nominees of each agency may be an individual from outside the Federal Government who shall be employed by the agency on a full-time basis. Each nominee must be approved by the Steering Committee. Sec. 2. The Principals Committee. The Commission shall report to the President through a Principals Committee ("Principals Committee"), which shall review any reports or recommendations before submission tot he President. The Principals Committee shall comprise the: (i) Secretary of the Treasury; (ii) Secretary of Defense; (iii) Attorney General; (iv) Secretary of Commerce; (v) Secretary of Transportation; (vi) Secretary of Energy; (vii) Director of Central Intelligence; (viii) Director of the Office of Management and Budget; (ix) Director of the Federal Emergency Management Agency; (x) Assistant to the President for National Security Affairs; (xi) Assistant to the Vice President for National Security Affairs. Sec. 3. The Steering Committee of the President's Commission on Critical Infrastructure Protection. A Steering Committee ("Steering Committee") shall oversee the work of the Commission on behalf of the Principals Committee. The Steering Committee shall comprise four members appointed by the President. One of the members shall be the Chair of the Commission and one shall be an employee of the Executive Office of the President. The Steering Committee will receive regular reports on the progress of the Commission's work and approve the submission of reports to the Principals Committee. Sec. 4. Mission. The Commission shall: (a) within 30 days of this order, produce a statement of its mission objectives, which will elaborate the general objectives set forth in this order, and a detailed schedule for addressing each mission objective, for approval by the Steering Committee; (b) identify and consult with: (i) elements of the public and private sectors that conduct, support or contribute to infrastructure assurance; (ii) owners and operators of the critical infrastructures; and (iii) other elements of the public and private sectors, including the Congress, that have an interest in critical infrastructure assurance issues and that may have differing perspectives on these issues; (c) assess the scope and nature of the vulnerabilities of, and threats to, critical infrastructures; (d) determine what legal and policy issues are raised by efforts to protect critical infrastrucutres and assess how these issues should be addressed; (e) recommend a comprehensive national policy and implementation strategy for protecting critical infrastructures from physical and cyber threats and assuring their continued operation; (f) propose any statutory or regulatory changes necessary to effect its recommendations; and (g) produce reports and recommendations to the Steering Committee as they become available; it shall not limit itself to producing one final report. Sec. 5. Advisory Committee to the President's Commission on Critical Infrastructure Protection. (a) The Commission shall receive advice from an advisory committee ("Advisory Committee") composed of no more than ten individuals appointed by the President from the private sector who are knowledgeable about critical infrastructures. The Advisory Committee shall advise the Commission on the subjects of the Commission's mission in whatever manner the Advisory Committee, the Commission Chair, and the Steering Committee deem appropriate. (b) A Chair shall be designated by the President from among the members of the Advisory Committee. (c) The Advisory Committee shall be established in compliance with the Federal Advisory Committee Act, as amended (5 U.S.C. App.). The Department of Defense shall perform the functions of the President under the Federal Advisory Committee Act for the Advisory Committee, except that of reporting to the Congress, in accordance with the guidelines and procedures established by the Administrator of General Services. Sec. 6. Administration. (a) All executive departments and agencies shall cooperate with the Commission and provide such assistance, information, and advice to the Commission as it may request, to the extent permitted by law. (b) The Commission and the Advisory Committee may hold open and closed hearings, conduct inquiries, and establish subcommittees, as necessary. (c) Members of the Advisory Committee shall serve without compensation for their work on the Advisory Committee. While engaged in the work of the Advisory Committee, members may be allowed travel expenses, including per diem in lieu of subsistence, as authorized by law for persons serving intermittently in the government service. (d) To the extent permitted by law, and subject to the availability of appropriations, the Department of Defense shall provide the Commission and the Advisory Committee with administrative services, staff, other support services, and such funds as may be necessary for the performance of its functions and shall reimburse the executive branch components that provide representatives to the Commission for the compensation of those representatives. (e) In order to augment the expertise of the Commission, the Department of Defense may, at the Commission's request, contract for the services of nongovernmental consultants who may prepare analyses, reports, background papers, and other materials for consideration by the Commission. In addition, at the Commission's request, executive departments and agencies shall request that existing Federal advisory committees consider and provide advice on issue sof critical infrastructure protection, to the extent permitted by law. (f) The Commission, the Principals Committee, the Steering Committee, and the Advisory Committee shall terminate 1 year from the date of this order, unless extended by the President prior to this date. Sec. 7. Interim Coordinating Mission. (a) While the Commission is conducting its analysis and until the President has an opportunity to consider and act on its recommendations, there is a need to increase coordination of existing infrastructure protection efforts in order to better address, and prevent, crises that would have a debilitating regional or national impact. There is hereby established an Infrastructure Protection Task Force ("IPTF") within the Department of Justice, chaired by the Federal Bureau of Investigation, to undertake this interim coordinating mission. (b) The IPTF will not supplant any existing programs or organizations. (c) The Steering Committee shall oversee the work of the IPTF. (d) The IPTF shall include at least one full-time member each from the Federal Bureau of Investigation, the Department of Defense, and the National Security Agency. It shall also receive part-time assistance from other executive branch departments and agencies. Members shall be designated by their departments or agencies on the basis of their expertise in the protection of critical infrastructures. IPTF members' compensation shall be paid by their parent agency or department. (e) The IPTF's function is to identify and coordinate existing expertise, inside and outside of the Federal Government, to: (i) provide, or facilitate and coordinate the provision of, expert guidance to critical infrastructures to detect, revent, halt, or confine an attack and to recover and restore service; (ii) issue threat and warning notices in the event advance information is obtained about a threat; (iii) provide training and education on methods of reducing vulnerabilities and responding to attacks on critical infrastructures; (iv) conduct after-action analysis to determine possible future threats, targets, or methods of attack; and (v) coordinate with the pertinent law enforcement authorities during or after an attack to facilitate any resulting criminal investigation. (f) All executive departments and agencies shall cooperate with the IPTF and provide such assistance, information, and advice as the IPTF may request, to the extent permitted by law. (g) All executive departments and agencies shall share with the IPTF information about threats and warning of attacks, and about actual attacks on critical infrastructures, to the extent permitted by law. (h) The IPTF shall terminate no later than 180 days after the termination of the Commission, unless extended by the President prior to that date. Sec. 8. General. (a) This order is not intended to change any existing statutes or Executive orders. (b) This order is not intended to create any right, benefit, trust, or responsibility, substantive or procedural, enforceable at law or equity by a party against the United States, its agencies, its officers, or any person. (signed) William J. Clinton THE WHITE HOUSE July 15, 1996 From tcmay at got.net Wed Jul 17 22:52:58 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 13:52:58 +0800 Subject: US versions of Netscape now available---NOT Message-ID: At 2:03 AM 7/18/96, Tom Weinstein wrote: >Yes. We've had a few thousand people download it. Unfortunately, we >only have one machine serving downloads right now, and it tends to melt >down a couple times a day. I've tried four times, and each time has timed out. (That is, I've filled out the Web form four times and tried n times each iteration...at least I get to experiment with variations on my name and address each time :-}) I guess I'll have to connect to the Italian and/or Swedish sites again. Has the software arrived there yet? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sameer at c2.net Wed Jul 17 22:53:52 1996 From: sameer at c2.net (sameer) Date: Thu, 18 Jul 1996 13:53:52 +0800 Subject: recent spam: government home-business Message-ID: <199607171709.KAA14537@niobe.c2.net> Please don't mail mwci.net about the recent spam to cypherpunks. The spam came from interramp: > > >From cypherpunks-errors at toad.com Tue Jul 16 12:32:32 1996 > > Message-Id: <199607160811.EAA00698 at smtp1.interramp.com> > > Comments: Authenticated sender is ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > From: "Creative Financial Alternatives" > > To: homebiz at flock.mwci.net > > Date: Tue, 16 Jul 1996 04:11:56 +0000 {0} infinity:mail/lists 10:05am [10] > whois interramp-dom PSINet, Inc (INTERRAMP-DOM) 510 Huntmar Park Drive Herndon, VA 22070 USA Domain Name: INTERRAMP.COM Administrative Contact: Administration, PSINet Domain (PDA4) psinet-domain-admin at PSI.COM (703) 904-4100 Technical Contact, Zone Contact: Network Information and Support Center (PSI-NISC) hostinfo at psi.com (518) 283-8860 Billing Contact: Andrews, Ken (KA16) domain-fee-contact at PSI.COM 703-904-4100 Record last updated on 22-Feb-96. Record created on 14-Apr-94. Domain servers in listed order: NS.PSI.NET 192.33.4.10 NS2.PSI.NET 38.8.50.2 INTERRAMP.COM 38.8.17.2 The InterNIC Registration Services Host contains ONLY Inte -- Sameer Parekh Voice: 510-986-8770 Community ConneXion, Inc. FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From EALLENSMITH at ocelot.Rutgers.EDU Wed Jul 17 22:54:27 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Thu, 18 Jul 1996 13:54:27 +0800 Subject: An interesting instance of poltical anonymnity, now revealed Message-ID: <01I773CWDUC09ED9YD@mbcl.rutgers.edu> I find the CBS News response unfortunate. There's also the simple question on lying to maintain the identity: what's so bad about lying? Why he revealed himself is somewhat of lesson also. -Allen _ Wednesday July 17 9:12 PM EDT _ 'Primary Colors' Author Steps Forward NEW YORK (Reuter) - One of the best kept secrets in political, journalistic and publishing circles was revealed Wednesday when Newsweek journalist Joe Klein admitted he was ''Anonymous'', the mysterious author of a novel based on President Clinton's 1992 presidential campaign. [...] Klein, facing fellow journalists who had been speculating along with many politicians and readers about the identity of ''Anonymous'' since the book's publication in January, fended off questions about his credibility and about how he had lied when asked whether he wrote the book. ``It wasn't easy, but I felt that there are times when I too can lie to protect a source and I put this in that category. Other people may see this differently,'' said Klein. [...] CBS News later said it was unhappy with Klein, who works for the network as a political consultant. ``We are obviously disturbed by the fact that Joe Klein was not forthcoming with us nor with nearly anyone else of his authorship of the novel 'Primary Colors,''' CBS News executive Vice President Jonathan Klein (no relation) said in a statement. He said network president Andrew Hayward would meet the author next week to discuss the matter. [...] His announcement followed a report in Wednesday's Washington Post that handwritten changes to the manuscript appeared to match Klein's handwriting. [...] _Reuters Limited_ From declan at well.com Wed Jul 17 22:57:13 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 18 Jul 1996 13:57:13 +0800 Subject: Zimmermann's open letter and Congressional crypto-musing Message-ID: Date: Wed, 17 Jul 1996 14:02:05 -0500 To: fight-censorship+ at andrew.cmu.edu From: declan at well.com (Declan McCullagh) Subject: Zimmermann's open letter and Congressional crypto-musing Sender: owner-fight-censorship at vorlon.mit.edu Phil Zimmermann has an open letter to Congress on ProCODE and HR3011 in today's "The Hill" newspaper, on page 17. Excerpts follow. Unfortunately, no matter how wonderful the ProCODE bill may be (and it is), it isn't going anywhere this year. There's no time left. And in the Senate, national security interests have strong allies who would move to block the bill if it suddenly slithered out of committee. But at least netizens have been able to educate Congress, and the debate is shifting in our favor. Take Sen. Nunn's cyberscare hearing yesterday, where Deputy Attorney General Jamie Gorelick cried that "we will have a cyber equivalent of Pearl Harbor in time." During the hearing, Sen. Carl Levin (D-Michigan) mused: "Part of the problem is we have competing goals... Encryption is one way to secure that data. But law enforcement wants access to that data... It's not just a matter of [strong] encryption. We are torn between these conflicting goals." So while the Hill is waking up, American businesses are losing out. By the time Congress moves on this issue in 1997, it may be too late. -Declan --- The Hill, July 17, 1996, page 17 "Democracy in the Information Age" I urge you to support S.1726, the Burns-Leahy ProCODE bill to lift export controls on cryptographic software, or Goodlatt's House version of the bill, H.R. 3011... ...U.S. software makers cannot incorporate good cryptography features into their products if that results in their inability to export such products... It also threatens the competitiveness of the entire U.S. computer industry, as we lose entire systems sales to foreign competitors, because we cnanot supply systems to our foreign customers if those systems contain cryptographic components. Cryptogrpahy has become the most pivotal technology for privacy and civil liberties in the information age. It is for this reason that I wrote Pretty Good Privacy, now called PGPmail, and published it for free on the Internet in 1991... Privacy is a human right that appeals to everyone across the political spectrum. It offers a rare combination of moral high ground and political safety. The onlyway to hold the line on privacy in the information age is strong cryptography, strong enough to keep out major governments. And S.1726 is our best home for giving Americans access to this essential tool of liberty. Let us bequeath to our children a society that lets them whisper in someone ear, even if the ear is a thousand miles away. Sincerely, PHILIP R. ZIMMERMANN Chairman and Chief Technology Officer Pretty Good Privacy, Inc. 555 Twin Dolphin Drive, Suite 570 Redwood City, CA 94065 415-631-1747 From deviant at pooh-corner.com Wed Jul 17 23:01:42 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 18 Jul 1996 14:01:42 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 16 Jul 1996, Mark O. Aldrich wrote: > One problem, however, would be how to keep the "decoy" data, accessible > with only the ambush key, "fresh" in that it must undergo a certain amount > of > turbulence to appear real. The two file systems would essentially have to > mirror each other, one with the juicy bits and one with the decoy bits. > It would seem to be practically impossible to just build two file systems > as one would 'disappear' when only the ambush key was used. Wouldn't it > be sort of obvious that something was wrong if half the disk vanished? > While you do have a valid point about the turbulance needed, I think you could still make some reasonable enough errors on the fakefs. One could simple have several "curropt I-node tables", and that would satisfy almost anybody (the NSA doesn't do domestic work ;) --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMe1GlDAJap8fyDMVAQHUiwf/Tc1Oq8qxx6Q9T5r57RHaDIyDaANKkUas 1VvVR2eCMlfDQAvUAFbGELEErKRTQnb+JCF9QoCH/eLrAnFcKrk+4hbcONimongO X3wTUn3PXhQSoF3XH7u9F13npo0cAWavmlJD+16uTFxtyzt211u/APuxHrT/9jWx mgvQtgMwkqNJICSlIRHAL4pQJ6pe1cweR8t0UxpKy55WtQzsdyF2Yh3fYSDvyaaa L3m9qaa2QBuuLpPr7Bd5iCGlsPiyv2lo73FF9biYiKOTbo1lIKX5Sy5ITJVBFmrM tfw7ZCxoe281k0jyyO3524Vycd5VOBOfE0atgHfMClI/E7AH9v43FA== =chgf -----END PGP SIGNATURE----- From EALLENSMITH at ocelot.Rutgers.EDU Wed Jul 17 23:03:22 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Thu, 18 Jul 1996 14:03:22 +0800 Subject: Telecom regulations - Reuters coverage Message-ID: <01I773SHGH6G9ED9YD@mbcl.rutgers.edu> Of course, the Demopublicans want to subsidize access for their voters. Those already on the net have a considerably higher likelihood, so far as I can tell, of being Independents or Libertarians. The bad guys naturally want to bring it in line with their domination. -Allen > _ Tuesday July 16 1:52 PM EDT _ >FCC Chairman Hundt Sees Tax On Telecom Industry > FAJARDO, Puerto Rico - A small tax will probably be imposed on > telecommunications companies' revenues to subsidize telephone access > in rural areas and help wire classrooms for the Internet, Federal > Communications Commission Chairman Reed Hundt told the nation's > governors. [...] > But ensuring that residents in sparsely populated areas have access at > affordable rates and meeting the administration's goal of wiring every > classroom in the nation for Internet access will require annual > subsidies of about $10 billion, Hundt said. > "The current subsidy system won't work and has to be totally > overhauled," he said. > Asked how that money would be raised, Hundt said, "Probably the > right way to go is, based on total revenues, throw a chunk of change > into the pot." > He said the levy would be "competitively neutral" and would > represent a small percentage of revenues for the telecommunications > industry, whose annual gross revenues are about $250 billion. [...] > Copyright, Reuters Ltd. All rights reserved From EALLENSMITH at ocelot.Rutgers.EDU Wed Jul 17 23:05:11 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Thu, 18 Jul 1996 14:05:11 +0800 Subject: Reuters coverage of the Netscape release Message-ID: <01I773KYX3W49ED9YD@mbcl.rutgers.edu> Most people reading this are likely to wonder "how could overseas Net surfers downloading it hurt anyone?", although some wil have their minds go blank (or blanker than normal) at the mention of "terrorist groups." A mixed set of news coverage, overall. As usual (even if I forget to state it), edited to try to stay within fair use. -Allen > _ Wednesday July 17 6:52 AM EDT _ >Government Approves More Secure Netscape > MOUNTAIN VIEW, Calif. (Reuter) - Netscape Communications Corp. has > received government clearance to distribute a highly secure version of > its popular Navigator Web browser in the United States via the > Internet. [...] > Officials had been concerned that if the more secure version was > available on the Net, overseas Net surfers -- possibly including > terrorist groups -- would download it, she said. > The software contains multiple formulas that make it virtually > impenetrable for computer hackers and others who might attempt to > break into Internet transmissions, steal credit card codes or tamper > with bank accounts. [...] > ``This new ability ... means more people will have access to stronger > and more secure communications than ever before,'' Netscape co-founder > Marc Andreessen said in a statement. > ``This stronger security will help to accelerate the adoption of the > Internet as a medium for online communication and commerce,'' he > added. [...] > _Reuters Limited_ From WlkngOwl at unix.asb.com Wed Jul 17 23:16:39 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 18 Jul 1996 14:16:39 +0800 Subject: Opiated file systems Message-ID: <199607172125.RAA09158@unix.asb.com> On 16 Jul 96 at 19:21, Mark M. wrote: > > A problem with a c'punk-style encrypted fs with source code and wide > > distribution is, of course, that attackers will KNOW that there is a > > duress key. > > I don't see how this would effect the security of such a filesystem. There > is absolutely nothing that an attacker can do to get the real key. An attacker > would just ignore all computers that have duress key capability. 1. Confiscate computer (along with physical drive) with duress-capable encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file system driver to figure out how the duress-key works, if there are multiple keys, where data is stored; 4. make sure you've rubber-hosed or subpeoned all passphrases or keys; 4a. if the system destroys data, you've got backups ("Very funny kiddo; now give us the real key...") 4b. even if there are two filesystems, the attacker will want access to both, just to make sure... Duress keys rely on a form of security through obscurity. They make sense for real-time situations where the attacker has to rush in, gain access quickly, and leave real fast (ie, bank robberies). If the attacker has plenty of time, he can prepare for that possibility. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Wed Jul 17 23:26:46 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 18 Jul 1996 14:26:46 +0800 Subject: Opiated file systems Message-ID: <199607172125.RAA09155@unix.asb.com> On 16 Jul 96 at 13:30, Jim Gillogly wrote: > "Deranged Mutant" writes: > >A problem with a c'punk-style encrypted fs with source code and wide > >distribution is, of course, that attackers will KNOW that there is a > >duress key. > > Good point. This suggests a design desideratum for any such system should > be that the user may choose not to have a duress key, maintaining > semi-plausible deniability for those who choose to have one. Semi-plausible. (See my other reply to this: an attacker could get ahold of the HD and your system, reverse engineer the driver used, to see what you're doing; backups of the encrypted partition in case of destructive measures are helpful ... they could even return your computer to you and take it apart carefully.) The problem with a duress key is that it relies on "security through obscurity". Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From sfuze at sunspot.tiac.net Wed Jul 17 23:48:46 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Thu, 18 Jul 1996 14:48:46 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Mon, 15 Jul 1996, Alan Horowitz wrote: > Your straining my credulity to claim that you can't get ahold of the > regular phone number of them. Come on, are you 7 years old? Oh really? I got off the phone yesterday with the people who handle my student loans. It seems they don't "have" a regular number. *right*. It took me about 15 calls on their part, and alot of pissiness on my part to finally get a local (Ohio) number for them. Gotta love those collection agencies. And NO they don't list anything other than their 800 number, and refuse to give it out. Who is paranoid here? --Millie From usura at berserk.com Wed Jul 17 23:57:26 1996 From: usura at berserk.com (Alex de Joode) Date: Thu, 18 Jul 1996 14:57:26 +0800 Subject: Anyone knows TCFS ? Message-ID: <199607171433.QAA01195@asylum.berserk.com> Does anyone use or know off Transparent Cryptografic File System ? More information available on URL http://mikonos.dia.unisa.it/tcfs bEST Regards, -- Alex de Joode | Berserk Consultancy -- Diemen, The Netherlands usura at berserk.com | mailto:info at berserk.com http://www.berserk.com/ From jya at pipeline.com Thu Jul 18 00:06:55 1996 From: jya at pipeline.com (John Young) Date: Thu, 18 Jul 1996 15:06:55 +0800 Subject: 119_816 Message-ID: <199607171129.LAA24955@pipe2.ny1.usa.pipeline.com> 6-17-96. NYP: "11 Officers Are Accused of Failure to pay Taxes. Claims of Sovereignty and 98 Dependents." At least 11 New York City police officers have been accused of failing to pay any Federal taxes for several years by declaring they each had 98 dependents and by insisting that the Government had no right to tax them. The officers relied on a package of instructions that described how to avoid paying taxes by declaring that they were sovereign citizens who did not have to pay taxes. "16 Indicted On Charges Of Internet Pornography." Exon-Reno-ing into one of the more distant frontiers of sexual crime, a Federal grand jury charged 16 people in the US and abroad with joining in a pornography ring. Its members shared homemade pictures, recounted their sexual experiences with children and even chatted electronically as two of the men molested a 10-year-old girl. The case appeared likely to heighten concerns about the spread of child pornography over the Internet. ----- http://pwp.usa.pipeline.com/~jya/119816.txt (11 kb for 2) 119_816 (For 2) From sfuze at sunspot.tiac.net Thu Jul 18 00:09:54 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Thu, 18 Jul 1996 15:09:54 +0800 Subject: Seek-and-Destroy In-Reply-To: Message-ID: On Mon, 15 Jul 1996, snow wrote: > > The sysadmins for xxx.lanl.gov don't like robots visiting their web site, > > They also aren't real happy with PC's, Mac's, or Netscape. I visited too. They don't like lynx either. :) -Millie From jimbell at pacifier.com Thu Jul 18 00:11:30 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 18 Jul 1996 15:11:30 +0800 Subject: Code used by George Washington made available at last Message-ID: <199607180408.VAA29434@mail.pacifier.com> At 07:35 PM 7/16/96 -0700, Bill Stewart wrote: >There's an AP article by Carl Hartman saying that historians now have >access to a secret handwritten code used by George Washington and >Marquis de Lafayette. (It's a newspaper article that somebody >across the train is reading; looks like today's SF Examiner...) They probably declassified it a week ago, discovering that the "national security" excuse no longer appeared to apply. Jim Bell jimbell at pacifier.com From ceridwyn at wolfenet.com Thu Jul 18 00:16:32 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Thu, 18 Jul 1996 15:16:32 +0800 Subject: preamble (was Re: Markoff on Clipper III) Message-ID: <2.2.32.19960717085253.00691dbc@gonzo.wolfenet.com> At 10:20 AM 7/15/96 -0700, you wrote: >At 3:50 AM -0700 7/15/96, Duncan Frissell wrote: >>At 09:35 PM 7/14/96 -0700, David Sternlight wrote: >>>Did you miss the part in the Constitution about "provide for the common >>>defence" >>That's a meaningless part of the Preamble. > >Anyone who thinks substantive parts of the Preamble are "meaningless" is >deserving only of contumely. Perhaps you should review your high school >civics course--you did have one of those, yes? I think what he meant (not that I'm trying to speak for him) is that the preamble was intended as an explanation of why the constitution was written, and not to be taken as an actual part of the constitution as such. //cerridwyn// From tc at mindvox.com Thu Jul 18 00:17:39 1996 From: tc at mindvox.com (Dave Banisar) Date: Thu, 18 Jul 1996 15:17:39 +0800 Subject: Intl consensus (was Re: How I Would Ban Strong Crypto in the U.S.) In-Reply-To: Message-ID: Not really. At the last OECD meeting in Paris a couple of weeks ago, there was no great love by quite a few countries for key escrow. The scandavian countries were pretty united against and all sorts of other raised objections. (tho some of those objections were to the US ramrodding key escrow through OECD). BTW. Those wizards at Wired have gotten our favorite spook Stewart Baker to write an article for an upcome issue talking about how the rest of the world save Japan loves key escrow and those big bad Japanese are thwarting the rest of the worlds "consensus". Its quite a load of inaccurate shit but our effort to rebut it was rejected by wired (I guess it wasnt trite enough for them). -d On Mon, 15 Jul 1996, Michael Froomkin wrote: > On Sun, 14 Jul 1996, Timothy C. May wrote: > > > So, who is in this "emerging consensus"? > > > Foreign governments? > (Process of elimination, not inside info...) > > > > A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) > Associate Professor of Law | > U. Miami School of Law | froomkin at law.miami.edu > P.O. Box 248087 | http://www.law.miami.edu/~froomkin > Coral Gables, FL 33124 USA | It's hot here. And humid. > > > From jya at pipeline.com Thu Jul 18 00:24:04 1996 From: jya at pipeline.com (John Young) Date: Thu, 18 Jul 1996 15:24:04 +0800 Subject: Gorelick's Urge Message-ID: <199607171328.NAA23475@pipe6.t2.usa.pipeline.com> Wall Street Journal, July 17, 1996 Panel to Oversee Protecting Systems From Hackers Washington -- President Clinton ordered the creation of a commission to recommend laws and regulations to protect vital government and private systems against attacks by terrorists or computer hackers. Jamie Gorelick, deputy U.S. attorney general, described the effort as having the "same level of urgency" as the Manhattan Project, the crash World War II effort to develop the atomic bomb. She said the commission, which will be headed by an appointee from the private sector, will have a large representation from corporations, because they control the nation's telecommunications system, electrical-power grid, banking, transportation and fuel-supply systems. "We are looking for a structure that cuts across the government and private sector," Ms. Gorelick told the Senate's Permanent Investigations Subcommittee. While some 22 federal agencies have some involvement with such problems, she said there is no central mechanism. While the new Commission on Critical Infrastructure Protection deliberates, President Clinton ordered the Federal Bureau of Investigation to head an interim task force. [End] From Econo.Ads at sweden.it.earthlink.net Thu Jul 18 00:28:28 1996 From: Econo.Ads at sweden.it.earthlink.net (Econo Ads) Date: Thu, 18 Jul 1996 15:28:28 +0800 Subject: Econo Ads 7/16 Message-ID: <199607172008.QAA10142@sweden.it.earthlink.net> ECONO ADS & MORE! July 16th, 1996 ____________________ We stand for Freedom of the Press, Freedom of Speech, and the Free Enterprise System that made America Great !! ___________________ REMOVAL: If you wish to receive no further mail from us, we understand. Just press "reply" and type the word remove in the subject or message area. No other words are necessary. This is an automated system and any other words or messages will only delay your being removed. ___________________ PRESIDENTIAL ELECTION POLL: In our next issue, you will be able to participate in the Internets Largest Election Poll. Be a part of Internet History! ___________________ To respond to any of these messages, DO NOT HIT REPLY! Rather, create a New E-Mail for each response and address it to the E-Mail address provided in the message you are responding to. _________________ -- Americans for Constitutional Action -- Invite you to join the drive to repeal the Federal Income Tax (&.the IRS), and replace it with a National Retail Sales Tax. Imagine -TAKE HOME YOUR ENTIRE PAY CHECK -- and spend it on whatever you want! Like to help with the petition drive? You can! Two Bills have already been introduced in the U.S House of Representatives to eliminate the federal income tax! Learn how to help in this historic effort. This is not some crackpot "tax rebellion" scheme, but rather a serious effort to restore sanity to our Federal Government. Respond now to learn all the facts, free! See our Home Page at http://www.webbuild.com/~acanc/index.htm . Or, E-Mail: acanc at nando.net for complete details. _______________________ If you sell advertising for a living, LOVE GOLF, and want to own your own business, we have a unique opportunity. Call 1-203-521-9466 and we'll send you the most amazing Yardage Book you've ever seen - and information. ____________________ GOLFERS - ENTREPRENEURS - Great opportunity to be part of the fast growing golf industry world. Manufacturing facility opening off shore plant for golf bags, etc. Looking for investors. Profit. Sponsors and involvement. Interested parties - contact W.L. Rose. E-Mail kenford at aol.com or fax 1-714-476-0190 _____________________ "FREE HOME BASE BUSINESS" For FREE information send #10 SASE to : HOME BASE, 2042 Craft Ln. , Sarasota Fl. 34239 _____________________ NEW TRAVEL WEB SITE The Traveler Savings SiteO helps you stretch your travel budget. Continually updated travel savings tips, articles and resources complement a guide to businesses offering discounts to travelers. http://home.sprynet.com/sprynet/inetmktg/ ____________________ ARCHERY SUPPLIES via the Internet. Bows, arrows, and accessories shipped directly to you. Free Bow tuning info. For complete information, PRESS REPLY and type the word ARCHERY ____________________ PLEASE PARDON MY INTRUSION ... ... but did you know, that within 30-60 days, you could be making $300 - $600 per day with your fax?? It's Simple! Let me show you how ... For FREE details, send E-Mail to: teammark at pin-point.com ____________________ IT'S PARTY TIME!!! Voice Personals Dateline. Single Guys and Ladies are waiting to meet you! Respond to create your own personal message. Local Areas - 1-900-835-5182 ext. 9200. 18+ $2.95 / min. Profit Systems, 612-776-8557 _______________________ ATTENTION CRUISE LOVERS! If you love Cruise Vacations, you need to subscribe to Cruise News. It's FREE. This E-Mail newsletter will come to you mailbox twice monthly. You will read the latest news from the Cruise Industry, special insider deals, reader contests (win a prize!), funny stories, and more. To subscribe, send an E-Mail to: CruiseNews at American-Dream.com ______________ ATTENTION GOLF LOVERS: Subscribe to Golfers E-Mail Express! It will come to your mailbox twice a month, with exciting new products and services & unusual offers for Golfers Only! It's FREE! To subscribe, send an E-Mail to: Golf at American-Dream.com ______________ STAY HOME AND MAKE $100 A DAY! Great new source-book of 100's of Work at Home ideas. For complete details, send an E-Mail to: Homework at American-Dream.com _______________________ ATTENTION ADVERTISERS: To receive information about advertising in a future issue of ECONO ADS, press REPLY and type the word: adinfo in the subject or message area. That's all you need to say. We will E-Mail complete details to you. ______________________ ECONO ADS This was mailed to List C on July 15th, 1996 ______________________ "We mutually pledge to each other our lives, our fortunes, and our sacred honor." -- Thomas Jefferson, The Delclaration of Independence July 4th, 1776 "It is impossible to travel faster than the speed of light, and certainly not desireable, as ones hat keeps blowing off!" --Woody Allen From gbroiles at netbox.com Thu Jul 18 00:28:58 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Thu, 18 Jul 1996 15:28:58 +0800 Subject: Cookie alternatives Message-ID: <2.2.16.19960717095113.23f7981c@mail.io.com> Hal Finney wrote: >It is interesting to consider how shopping carts might be done without >cookies and similar technologies which allow servers to get more >information about me than necessary. One partial solution would be to turn cookies into nonces - instead of using server-supplied cookies, which may or may not contain hashed/hidden information, client software (and by extension, the human(s) in charge of it) could control the generation and modification of cookies. Some cookie uses are predictable - e.g., "Put the current date and time in the cookie", or "Put the user's E-mail address in the cookie". The user could be presented with dialog boxes asking "Server sneaky.tricky.com would like to set a cookie which will record the date and time of this visit. OK?" or "Server sneaky.tricky.com would like Netscape to generate a random number to keep track of your visits. OK?" A switch from server-generated cookies to client-generated cookies shouldn't involve too many changes on the client software side. (One danger which occurs to me about such a scheme is the potential leakage of client state information, assuming that the algorithm used to generate the pseudorandom cookies is or will be known to attackers.) -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From middleman at rigel.infonex.com Thu Jul 18 00:29:37 1996 From: middleman at rigel.infonex.com (Middleman Remailer) Date: Thu, 18 Jul 1996 15:29:37 +0800 Subject: New MiddleMan Remailer! (reno) Message-ID: ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION I'm proud to announce the birth of a new middleman remailer! This new remailer uses John Perry's middleman mixmaster code and is located at cyberpass.net thanks to Lance Cottrell. Here are the statistics: NAME: Janet Reno SHORTNAME: reno ADDRESS: middleman at cyberpass.net MIXMASTER KEY: reno middleman at cyberpass.net b864a69c831f38593d24187122e954f6 2.0.3 -----Begin Mix Key----- b864a69c831f38593d24187122e954f6 258 AASx+Qa23TBIu7MTGZQekob8EJrxyhNPYPBRhzZC 17F5scF1MzFIk1PhY0O78QN29aYMHlo99jE37Hlh MvJpQ7HUrqnklRIaRZJBLxUcuBoTckMltIJEdh1r 9Lbh8e5AIoqPr6c9SAxr7Q3v2cthkwuBYEiWDlui 0vGtsX/EC6lTdwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB -----End Mix Key----- John Perry, will you please add my remailer to your list when you get a chance? middleman at cyberpass.net From root at edmweb.com Thu Jul 18 00:31:36 1996 From: root at edmweb.com (Steve Reid) Date: Thu, 18 Jul 1996 15:31:36 +0800 Subject: Opiated file systems Message-ID: > But, on the other hand, it wouldn't be to hard to have the user set both > keys (yeah, so that didn't actually say anything, so what...), and then do > an every-other-byte type thing (although that would be slow... every other > block would be more efficient), and have 2 EFS's in one file, and make it > so that on the "duress" one the extra space appears to be "free". > One could make it a real file system, and add a fake disk error to prevent > over-writing of the "non-duress" filesystem. This sounds a lot like security through obscurity... What happens when someone reverse-engineers the software and sees that it's carefully skipping over blocks? If you don't want people to know about your encrypted data, use stego. Even if They find the stego software, you can always produce the keys to unlock the duress data from two or three .gif files, and say "that's all there is." Use stego to hide data. Use encrypted filesystems for convenience. If you try to put the two together, you'll probably end up with feature-bloat. The idea of an encrypted filesystems being accessable over the internet sounds interesting, though. Sort of a cross between NFS and CFS. Would be great for backup purposes. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From ichudov at algebra.com Thu Jul 18 00:34:02 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 18 Jul 1996 15:34:02 +0800 Subject: Russian foreign intelligence CD-ROM In-Reply-To: Message-ID: <199607180417.XAA09943@manifold.algebra.com> Declan McCullagh wrote: > > LOOKING FOR A GREAT GIFT IDEA? The Russian Foreign Intelligence Service > (SVR) announced yesterday that it is releasing a six-hour long CD ROM that > tells the stirring 75-year history of Soviet and Russian foreign > intelligence. The CD ROM will be released in Russian and English versions > and sell for about $120. It promises to provide buyers with access to SVR > headquarters, and contains interviews with dozens of heretofore mysterious > intelligence officers described as having helped shape the existing world > order. (Itar-Tass, Interfax, July 16) > Knowing KGB habits as pertaining to releasing information to the public, I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and maybe 10% truth that was already publicly available. It is like buying a CDROM about the history of the Net from Dr. Grubor. Maybe it would be interesting and amusing, but not worth $120. Would be nice if I was proven wrong though. - Igor. From jsw at netscape.com Thu Jul 18 00:34:40 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 18 Jul 1996 15:34:40 +0800 Subject: Netscape download requirements In-Reply-To: <31EB61E5.520E@netscape.com> Message-ID: <31ED5EEF.5AA3@netscape.com> janke at unixg.ubc.ca wrote: > > Why is the 128-bit version available only in the United States? > It can't be due to ITAR since export of crypto to Canada is ok. > Does it have something to due with RSA only being patented in > the United States so that's the only place RSADSI wants it > used? I noticed that Netscape's SSL implementation is available > only to developers in the U.S. as well. Because we have not yet been able to obtain the address verification databases that we need for Canada. There is someone working on tracking this down right now. When we get the proper database we will add access to canada. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From declan at well.com Thu Jul 18 00:49:56 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 18 Jul 1996 15:49:56 +0800 Subject: Surf-filter lists Message-ID: Fine, call it "blocking," "restricting access to," or "muzzling." My point still stands. -Declan >-----BEGIN PGP SIGNED MESSAGE----- > >On Tue, 16 Jul 1996, Declan McCullagh wrote: > >> More to the point, as I wrote at the end of the original CWD, it's a >> bait-and-switch maneuver. Go after porn, they say, but the censor political >> information. > >ARGH! I've been keeping quiet about this for a while, but I thing I >gotta say something before I throttle my Zip drive... > >A Private organization cannot "censor" anything. The fundamental >definition of the word require some agent of the government take action >to censor. To accuse Surf-Watch, net-nanny, AOL, MSU, AT&T, or whatever >of "censorship" accomplishes nothing except to make us look the >fool. > >I agree that the problem with the "bait-and-switch" filtering of net >materials by these various filtering packages needs to be addressed. If I >want to protect my kids from seeing alt.naughty.pictures, I shoudl still >be able to unfilter political and health speech. The real problem isn't >censorship, it's disclosure by the makers of filtering packages about >what exactly their packages are going to filter for me and my family. >However, in the upcoming war of filtering packages (and it will get ugly) >trade secrets are going to make any company hesitant to reveal what it is >they are filtering and what criteria they are using to determine if >something qualifies. > > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 >Comment: PGP Signed with PineSign 2.2 > >iQCVAwUBMe0jezokqlyVGmCFAQH0SAP+ONXs2f4GxjIrC6cp2sc9CgTrebL4cBWB >UqpH4H3UO0TiKZN4T6MGVC6kCA3OwQnd0DNC0f0D6+iZTPkwN228Am6ZH4+t9hZs >OrmCbZCiWZipLfT1gphIHqFHSqIQ506LkkGgLK0gjsS2ahrI+cNYJA3yYBviMkB1 >zuj1KRJ+pMk= >=ddI5 >-----END PGP SIGNATURE----- > >____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu >\ /__ Finger for Geek Code Info <=> Finger for PGP Public Key > \/ / -=-=-=-=-=- -=-=-=-=-=- > \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html > >-----BEGIN GEEK CODE BLOCK----- >Version: 3.12 >GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ >K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++ >R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+** >------END GEEK CODE BLOCK------ From declan at well.com Thu Jul 18 00:53:57 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 18 Jul 1996 15:53:57 +0800 Subject: Philippine government moves to block incoming net-porn Message-ID: ---------- Forwarded message ---------- Date: Wed, 17 Jul 1996 21:44:36 -0700 (PDT) From: Declan McCullagh To: fight-censorship Subject: Philippine government moves to block incoming net-porn The attached note appears to have been sent to all ISPs in the Philippines. It asks them to report back on how they can "block entry of pornographic materials through the INTERNET." Note how it equates censoring porn with preventing sex tourism. General information about international net-censorship is at: http://www.cs.cmu.edu/~declan/international/ http://www.eff.org/pub/Global/Singapore/ Thanks to David Sobel for forwarding this. -Declan =================================================== REPUBLIC OF THE PHILIPPINES DEPARTMENT OF TRANSPORTATION AND COMMUNICATIONS NATIONAL TELECOMMUNICATIONS COMMISSION 865 VIBAL BLDG., EDSA CORNER TIMES ST., Q. C. 15 July 1996 M E M O R A N D U M TO: ALL REGISTERED VALUE ADDED SERVICES PROVIDERS RE: REQUEST OF THE DEPARTMENT OF JUSTICE TO BAR OR BLOCK ENTRY OF PORNOGRAPHIC MATERIALS THROUGH THE INTERNET The Special Committee for Children, constituted pursuant to E.O. 275 dated 14 September 1995, is tasked to ensure the special protection of children from all forms of neglect, abuse, cruelty, exploitation, discrimination and other conditions prejudicial to their development. Said Committee takes action on specific issues involving the implementation of the provisions of R. A. 7610 which covers several areas of concern, among others, child prostitution and other sexual abuse; child trafficking; obscene publications and indecent shows using children as performers or models; other acts of neglect, abuse, cruelty or exploitation and other conditions predjudicial to the child's development. The Committee has raised the concern on the INTERNET being used as a very convenient medium for advertising sex tourism in the Philippines, with particular focus on the alleged availability of Filipino children for sexual liaisons and entertainment. Some materials used in the network for the afformentioned puprose were given to this Commission. Secretary Teofisto T. Guingona, Jr., Department of Justice, requested this Commission to bar or block entry of pornographic materials through the INTERNET. In view of this, you are requested to give your comments/position and suggestions on this matter, particularly on the possibility of barring or blocking pornographic materials through the INTERNET, and submit the same to this Commission by 18 July 1996 attention to Director Edgardo V. Cabarios, CCAD at fax no. 921-7128. Your cooperation and prompt action on this matter is greatly appreciated. Signed Simeon J. Kintanar Commissioner From sfuze at sunspot.tiac.net Thu Jul 18 01:02:59 1996 From: sfuze at sunspot.tiac.net (sfuze@tiac.net) Date: Thu, 18 Jul 1996 16:02:59 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: On Tue, 16 Jul 1996, Lucky Green wrote: > How do you get a hold of the phone number if you don't know the location of > the company, they aren't on the net, and don't have the US phone numbers > CD-ROM handy? I am 33 and have yet to figure this one out... For most companies you can call the library's research section. As long as you don't have a mean librarian they will usually try to help. Unlisted ones are another story though (see my previous post) --Millie From frissell at panix.com Thu Jul 18 01:08:13 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 18 Jul 1996 16:08:13 +0800 Subject: Washington Post -- "Block but Verify" Message-ID: <2.2.32.19960717134050.00839ff8@panix.com> At 05:33 PM 7/16/96 -0400, Rabid Wombat wrote: > >A user-selectable menu would be, umm, interesting ... just how could one >describe, in terms offensive to absolutely no one, what one's product is >offering to block? Quite easily. The PICS standard has categories and software like CytberPatrol lets parents select by category. There is a granularity problem of course. 57. The CyberNOT list contains approximately 7000 sites in twelve categories. The software is designed to enable parents to selectively block access to any or all of the twelve CyberNOT categories simply by checking boxes in the Cyber Patrol Headquarters (the Cyber Patrol program manager). These categories are: Violence/Profanity: Extreme cruelty, physical or emotional acts against any animal or person which are primarily intended to hurt or inflict pain. Obscene words, phrases, and profanity defined as text that uses George Carlin's seven censored words more often than once every fifty messages or pages. Partial Nudity: Full or partial exposure of the human anatomy except when exposing genitalia. Nudity: Any exposure of the human genitalia. Sexual Acts (graphic or text): Pictures or text exposing anyone or anything involved in explicit sexual acts and lewd and lascivious behavior, including masturbation, copulation, pedophilia, intimacy and involving nude or partially nude people in heterosexual, bisexual, lesbian or homosexual encounters. Also includes phone sex ads, dating services, adult personals, CD-ROM and videos. Gross Depictions (graphic or text): Pictures or descriptive text of anyone or anything which are crudely vulgar, deficient in civility or behavior, or showing scatological impropriety. Includes such depictions as maiming, bloody figures, indecent depiction of bodily functions. Racism/Ethnic Impropriety: Prejudice or discrimination against any race or ethnic culture. Ethnic or racist jokes and slurs. Any text that elevates one race over another. Satanic/Cult: Worship of the devil; affinity for evil, wickedness. Sects or groups that potentially coerce individuals to grow, and keep, membership. Drugs/Drug Culture: Topics dealing with the use of illegal drugs for entertainment. This would exclude current illegal drugs used for medicinal purposes (e.g., drugs used to treat victims of AIDS). Includes substances used for other than their primary purpose to alter the individual's state of mind such as glue sniffing. Militant/Extremist: Extremely aggressive and combative behaviors, radicalism, advocacy of extreme political measures. Topics include extreme political groups that advocate violence as a means to achieve their goal. Gambling: Of or relating to lotteries, casinos, betting, numbers games, on-line sports or financial betting including non-monetary dares. Questionable/Illegal: Material or activities of a dubious nature which may be illegal in any or all jurisdictions, such as illegal business schemes, chain letters, software piracy, and copyright infringement. Alcohol, Beer & Wine: Material pertaining to the sale or consumption of alcoholic beverages. Also includes sites and information relating to tobacco products. Homosexual sites were excluded under "Sexual Acts" because many have links to personal ads or more explicit sites and the gun sites were excluded under "Militant/extremist." There will always be interpretation problems obviously. Actally, the individual is the best at filtering his own stuff. DCF From tcmay at got.net Thu Jul 18 01:08:43 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 16:08:43 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: At 2:12 AM 7/18/96, The Deviant wrote: >I have several friends that this has happened to, and pretty much it goes >like this... round 7:00 AM, when your just going to bed (well, some of us >don't have jobs till nighttime.. thank god.), they knock down your doors >and windows (yes, they do come through windows), and they take the >equipment, disks, tv's, CD players (yes, i know somebody who had their CD >player taken. And a pile of CDs. Music ones even.), clock radios, pretty >much everything electronic they can cary. If you ever DO get any of it >back, most likely it is not the same equipment, i.e. they coppied it all >and kept the original. I wonder when and how raids in the U.S. moved from the "Come out with your hands up" verbal announcement (for the cases that needed more than a knock on the door) to this blast-in-the-doors approach, where the raiders are dressed in "tactical black" and are wearing black Nomex hoods and carrying MP-5s and blast any "perp" who looks at them cross-eyed? As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G. Gordon Liddy have noted, any black-clad "ninjas" entering a home at 4 a.m. without clearly announcing themselves are asking for trouble. (Liddy got in a lot of trouble for calling for "head shots" on rampaging BATFags. Frankly, I'm not a good enough shot--especially in high-stress situations--to make head shots with my H & K .45, so I can only hope to make torso shots.) It's a mark of what has gone wrong with this country that ordinary citizens actually fear the midnight raids, the no-knock searches, the "threat suppression" by ninjas. (There are many cases where homeowners awoke to the sounds of crashing doors and windows, reached for a nightstand gun, and were shot dead by the "ninja" raiders. In some of these incidents, the raid was at the wrong house, or the "suspicions" of drug or terror involvement were later shown to be wrong. "Oops.") Personally, I think all folks should be armed at all times in their homes. Those who aren't are taking their chances. My personal choice is a Heckler & Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that has a 92% one-shot stop rate, with adequate penetration through Kevlar vests (typically worn by BATF raiders). I may die, but I hope I can take at least two of them with me. (Interestingly, the same class of folks who want to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing rounds. Fortunately, though KTW ammo is no longer available to "marks" (= civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum rounds are even better penetrators, but recoil and muzzle blast is pretty severe with these loads.) This may sound callous, even paranoid. I don't normally talk about such things, but such raids are becoming increasingly common. (Check out the case of the retired doctor in Malibu whose beachfront home was raided without any warnings by the local cops. He reached for a gun and was blasted with 9mm slugs. His wife survived. Turned out the County of L.A. had hopes to seize his property in a drug "forfeiture" and sell it at great profit. They suspected marijuana was being grown. No drugs, no plants, nada was ever found. "Oops.") (I expressed my views about being armed in a Usenet article last summer, and received a "friendly phone call" from a Deputy Sheriff of Santa Cruz County. (Someone who disliked my article faxed a copy of my article to the Sheriff's Department.) When he asked me some questions to find out why I was not trusting the police and "felt the need" to be armed, I got quite forceful in my comments about the role of the Second Amendment. (I should have just told him to fuck off, in retrospect. Anything volunteered to the cops is usually a mistake.) He said he might "send a vehicle" out to my ranch to "talk to me." I asked on what basis, on the basis of what criminal charges? I also said I'd "be ready." He announced unctuously that my "threat" had just been "logged" and would be considered in any future criminal procedures. Needless to say, I got a lot more of my guns ready. So far, a year later, they haven't raided me yet. Knock on wood. This country has gone to the dogs.) The fact is, the "War on Drugs" has tainted this country. Whatever one thinks of drugs, the result of this War has been that cops are now paramilatary in nature, that midnight raids have become much more common, that both cops and citizens are now armed with more firepower than ever before (I have more than 4000 rounds of ammo at my place, for my sniper rifle, my (so-called) assault rifle, and my various handguns. Anyone inside my house without an invitation is assumed to be a threat to me and will face retaliation.) Crypto is just another weapon to use to protect our liberty. Sorry for the rant, but this recounting of pre-dawn raids on computer users reminds me that the American political system will likely treat "rogue computers users" the way it treats suspected drug dealers: break down the doors, enter at dawn, kill anyone who moves, and let God sort out the innocent. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From peter.allan at aeat.co.uk Thu Jul 18 01:23:10 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Thu, 18 Jul 1996 16:23:10 +0800 Subject: Educational cryptanalysis competition (small prize) Message-ID: <9607171243.AA26209@clare.risley.aeat.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Educational Cryptanalysis Competition (opened 17 July 1996) ===================================== Cypherpunks teach. Here's your chance. I have a piece of code I wrote ages ago, before reading Schneier. Despite identifying these points as weaknesses I still cannot break it. weak keys rapid collapse in the case of chosen text attack reduced-round versions have a correlation attack Obviously my crytanalysis needs some serious help. The aim of this competition is: to show how to find AND EXPLOIT weaknesses in this cypher. Answers resembling "That's junk - use XXXXX." score zero. Well-prepared comprehensive answers could score highly. - - Entries will be judged on educational grounds as well as on raw results. - - All entries are placed by the entrant in the public domain, and there may be a compilation of good answers come out of this. (With entrants' names except where they state a prefernce for anonymity. ) - - Entries by teams are allowed. - - The number of entries is unlimited. - - The closing date is 30 Sept 1996. - - The judge is Peter Allan. (me) - - There is one prize (a box of chocolate coffee beans). A full pair of programs using this code can be collected from my mail filter. echo rlprm_2.0 | mail -s send_goodies peter.allan at aeat.co.uk Peter Allan peter.allan at aeat.co.uk #define RPT 15 #define CRYPT_DEPTH 4 /**********************************/ mkkey(origpass, key) /*** **** The pass (a text string) is used to produce **** a key. Chars used as int. Details in docs. **** 200000 passwords all gave different keys in my test. ***/ char origpass[9]; unsigned char key[8]; { char clearpass[9]; int i, j, k, l, m, ten; /*** make the key from the clearpass ***/ /*** unsigned char[8] from char[9] ***/ ten = FALSE; k = l = m = 0; strcpy(clearpass, origpass); for (i = 0; i < 8; i++) { if (clearpass[i] == '\n') ten = TRUE; if (ten) clearpass[i] = '\0'; } clearpass[8] = '\0'; for (i = 0; i < 8; i++) key[i] = (unsigned char) i; for (j = 1; j < 256; j++) { for (i = 0; i < 8; i++) key[i] = key[i] + clearpass[i] + j; /* swap bytes */ k = key[j % 8] % 8; l = key[k] % 8; m = key[k]; key[k] = key[l]; key[l] = m; /** this loop is redundant if chars are 8 bits *** and for all I know they are everywhere **/ for (i = 0; i < 8; i++) key[i] = key[i] % 256; m = m % 8; key[m] = 256 - key[m]; } /**** for (i = 0; i < 8; i++) printf("%d ", key[i]); puts(" "); ****/ } /**********************************/ sym_encrypt(abpos, key, authbuf, cipherbuf) int abpos; unsigned char key[8]; unsigned char authbuf[ABLEN]; unsigned char cipherbuf[MESSLEN]; { int i, j, k, ptr1, ptr2, rpt; int ka1, ka2, kk; unsigned char smoke[CRYPT_DEPTH][8]; unsigned char tmp; /*** **** From the key, make a set of keys to **** be used in order. ***/ for (j = 0; j < 8; j++) smoke[0][j] = key[j]; for (i = 1; i < CRYPT_DEPTH; i++) { for (j = 0; j < 8; j++) smoke[i][j] = smoke[i - 1][j]; for (j = 0; j < 8; j++) { if (j % 2) { smoke[i][j] = (smoke[i][j]) * 3; } else { smoke[i][j] = ((smoke[i][j]) * 3) / 4; } } } #ifndef NOCRYPT /*** **** see the tech waffle file for details ***/ for (rpt = RPT; rpt; rpt--) { if (cl_debug) printf("encryption repeat count is %d \n", rpt); for (i = 0; i < CRYPT_DEPTH; i++) { /**swap driven by values **/ for (k = 0; k < abpos - 1; k += 2) { kk = authbuf[k] ^ authbuf[k + 1]; ka1 = kk / 16; ka2 = kk % 16; kk = ka1 ^ ka2; if ((kk == 1) || (kk == 2) || (kk == 4) || (kk == 8) || (kk == 14) || (kk == 13) || (kk == 11) || (kk == 7)) { kk = authbuf[k]; authbuf[k] = authbuf[k + 1]; authbuf[k + 1] = kk; } } /** xor with key **/ for (k = 0; k < abpos; k++) authbuf[k] ^= (key[k % 8]); /**rotation **/ kk = authbuf[abpos - 1] / 32; ka1 = 0; for (k = 0; k < abpos; k++) { ka2 = authbuf[k] / 32; authbuf[k] = (authbuf[k] * 8) + ka1; ka1 = ka2; } authbuf[0] += kk; /**swap driven by key **/ if (cl_debug) printf(" depth is %d \n", i); for (j = 0; j < 8; j = j + 2) { ptr1 = smoke[i][j] % abpos; ptr2 = smoke[i][j + 1] % abpos; tmp = authbuf[ptr1]; authbuf[ptr1] = authbuf[ptr2]; authbuf[ptr2] = tmp; } } } #endif /*** Now that it has been encrypted it should **** be stored as 'hexabetical' [A-P]. ***/ for (i = 0; i < abpos; i++) { cipherbuf[i * 2] = (authbuf[i] % 16) + 'A'; cipherbuf[i * 2 + 1] = (authbuf[i] / 16) + 'A'; } cipherbuf[abpos * 2] = '\0'; } /********************************/ sym_decrypt(abpos, key, authbuf, cipherbuf) int abpos; unsigned char key[8]; unsigned char authbuf[ABLEN]; unsigned char cipherbuf[MESSLEN]; { int i, j, k, ptr1, ptr2, rpt; int ka1, ka2, kk; unsigned char smoke[CRYPT_DEPTH][8]; unsigned char tmp; for (i = 0; cipherbuf[i]; i = i + 2) { cipherbuf[i] = cipherbuf[i] - 'A'; cipherbuf[i + 1] = cipherbuf[i + 1] - 'A'; authbuf[i / 2] = cipherbuf[i] + cipherbuf[i + 1] * 16; } /*** **** From the key, make a set of keys to **** be used in order. ***/ for (j = 0; j < 8; j++) smoke[0][j] = key[j]; for (i = 1; i < CRYPT_DEPTH; i++) { for (j = 0; j < 8; j++) smoke[i][j] = smoke[i - 1][j]; for (j = 0; j < 8; j++) { if (j % 2) { smoke[i][j] = smoke[i][j] * 3; } else { smoke[i][j] = (smoke[i][j] * 3) / 4; } } } #ifndef NOCRYPT /*** **** repeat suitable number of times: **** first swap bytes in the authbuf **** then cycle bits round to prevent some swaps undoing others ***/ if (abpos == 0) return RUBBISH; /** zerodivide detected-avoided **/ for (rpt = RPT; rpt; rpt--) { /* printf("encryption repeat count is %d \n", rpt); */ for (i = CRYPT_DEPTH - 1; i > -1; i--) { for (j = 6; j > -1; j = j - 2) { /*** key-driven swap ***/ ptr1 = smoke[i][j] % abpos; ptr2 = smoke[i][j + 1] % abpos; tmp = authbuf[ptr1]; authbuf[ptr1] = authbuf[ptr2]; authbuf[ptr2] = tmp; } /**rotation **/ kk = authbuf[0] % 8; ka1 = 0; for (k = abpos - 1; k >= 0; k--) { ka2 = authbuf[k] % 8; authbuf[k] = (authbuf[k] / 8) + ka1; ka1 = ka2 * 32; } authbuf[abpos - 1] += (kk * 32); /** xor with key **/ for (k = 0; k < abpos; k++) authbuf[k] ^= (key[k % 8]); /*** value-driven swap ***/ for (k = 0; k < abpos - 1; k += 2) { kk = authbuf[k] ^ authbuf[k + 1]; ka1 = kk / 16; ka2 = kk % 16; kk = ka1 ^ ka2; if ((kk == 1) || (kk == 2) || (kk == 4) || (kk == 8) || (kk == 14) || (kk == 13) || (kk == 11) || (kk == 7)) { kk = authbuf[k]; authbuf[k] = authbuf[k + 1]; authbuf[k + 1] = kk; } } } } #endif } /**********************/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAgUBMezfIB98EdWB2LS9AQFbwgP+Oq8zBlI5d1comIQ5S2+ysnSDLAN5W/L2 UgQyrYZ/Cchn9I8CEFn9UDevmInpABSL8yNQWUHrb4cvWxiTGNnFz54gicaPT7Ki qVETDC5o7nxWOT8qhWmGNTApJC8RBjEkY+90HyYKf2sLEd8hkGLwOGSAF/YWxqkY TKqYWVNKCjA= =3qEU -----END PGP SIGNATURE----- From jimbell at pacifier.com Thu Jul 18 01:23:22 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 18 Jul 1996 16:23:22 +0800 Subject: An interesting instance of poltical anonymnity, now revealed Message-ID: <199607180522.WAA04203@mail.pacifier.com> At 11:09 PM 7/17/96 EDT, E. ALLEN SMITH wrote: > I find the CBS News response unfortunate. There's also the simple >question on lying to maintain the identity: what's so bad about lying? Why >he revealed himself is somewhat of lesson also. > -Allen > > _ Wednesday July 17 9:12 PM EDT _ > >'Primary Colors' Author Steps Forward > > NEW YORK (Reuter) - One of the best kept secrets in political, > journalistic and publishing circles was revealed Wednesday when > Newsweek journalist Joe Klein admitted he was ''Anonymous'', the > mysterious author of a novel based on President Clinton's 1992 > presidential campaign. If they really wanted to know who did it, why didn't they do a word analysis of the book, and compare it to known writers? Jim Bell jimbell at pacifier.com From llurch at networking.stanford.edu Thu Jul 18 01:28:21 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 18 Jul 1996 16:28:21 +0800 Subject: FTP SW to support PGP in OnNet Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Seems the demise of PGP in favor of S/MIME has been somewhat exaggerated. Blurb in this week's InfoWorld led me to http://www.ftp.com/mkt_info/onnet32/tr-pgp.htm It would be a mistake, though, to say that they have a clue: E-mail compatibility Most e-mail systems can send and receive only plain text (technically, 7-bit ASCII characters). So PGP converts the encrypted information (which is 8-bit) into plain ASCII text using the radix-64 algorithm. This has a side effect that enhances security even when you don't use encryption. If you merely add authentication to the message, radix-64 still converts the whole message using its own algorithm. The resulting message -- even though it's not securely encrypted -- looks garbled to the casual snoop. D'Oh! - -rich censor the internet! http://www.stanford.edu/~llurch/potw2/ boycott fadetoblack! http://www.fadetoblack.com/prquest.htm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMe1rFJNcNyVVy0jxAQEZHQH/aDm0unOzogxpzm+Cj/XozLvLIhrwnTt8 JZR+KH1CVONifOhwCdQsEn7aoH4YbhbolaWZBH0FG99g2KHbGhmbMA== =QSLW -----END PGP SIGNATURE----- From jeffb at issl.atl.hp.com Thu Jul 18 01:35:44 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Thu, 18 Jul 1996 16:35:44 +0800 Subject: Cookie alternatives In-Reply-To: <199607161607.JAA08875@jobe.shell.portal.com> Message-ID: <199607172056.QAA15431@jafar.issl.atl.hp.com> Hal writes: > However I think in current usage on the web cookies are most commonly > used basically as nonces, random values whose purpose is to maintain > continuity in a series of interactions. When a server gives a cookie > to a web browser, that browser supplies the cookie on future > interactions with the server. The cookie probably does not have any > specific data about the user or the interaction, but is used only to > link up the interactions which take place. It is most probably used as > an index into a database maintained on the server itself. [ snip ] > As a user of the web, I would prefer to have more control over the kind > of information which servers gather about my browsing habits. [ snip ] > Nevertheless to the extent > that I have bargaining clout in these interactions, I will prefer > systems which do not infringe so much upon my privacy. > > It is interesting to consider how shopping carts might be done without > cookies and similar technologies which allow servers to get more > information about me than necessary. I think you're exactly right about how cookies are used, but I believe privacy concerns stemming from cookies have been blown out of proportion lately. For the average Joe User running his single-user PC at home, connected by modem to his local ISP, it makes little difference whether a site issues a cookie to Joe or not; his IP address already uniquely distinguishes him. The site can simply use his IP address as its database index. If Joe deletes his cookie file each night before invoking the browser, the impact of cookies is completely negated. Now for those of us who access the net from multi-user systems or from behind a firewall, the cookie uniquely identifies a particular browser instance -- that is, it makes us equal to Joe. And that's the reason cookies were invented in the first place: because IP address and other information available to the server didn't provide a unique server database index. I don't mean there are no privacy implications at all, and there are clearly other ways of accomplishing the cookie's function. My point is that merely removing cookies doesn't really help Joe's privacy much. And it's Joe we ought to be concerned about as he represents the typical user of today as well as the future. -- Jeff From frissell at panix.com Thu Jul 18 01:44:31 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 18 Jul 1996 16:44:31 +0800 Subject: US versions of Netscape now available Message-ID: <2.2.32.19960717030231.00842610@panix.com> At 03:40 PM 7/16/96 -0700, David Sternlight wrote: >It doesn't "leak overseas" as if there were some regrettable lapse in the >plumbing. Someone has to commit a felony violation of Federal law. > >David It's not a felony without a felon. Unless and until the feds prosecute someone, they may claim it's a felony but they have yet to prove it in a court of law. It's just a matter of opinion. If a law is overturned on Constitutional grounds it is void ab initio. When I handed a copy of a label with RSA in four lines of Perl (as it then was) on a sticker to the correspondent for the Independent (of London) at CFP'95 in the presence of the NSA counsel, nothing happened. DCF From root at edmweb.com Thu Jul 18 01:45:35 1996 From: root at edmweb.com (Steve Reid) Date: Thu, 18 Jul 1996 16:45:35 +0800 Subject: Opiated file systems Message-ID: > But, on the other hand, it wouldn't be to hard to have the user set both > keys (yeah, so that didn't actually say anything, so what...), and then do > an every-other-byte type thing (although that would be slow... every other > block would be more efficient), and have 2 EFS's in one file, and make it > so that on the "duress" one the extra space appears to be "free". > One could make it a real file system, and add a fake disk error to prevent > over-writing of the "non-duress" filesystem. This sounds a lot like security through obscurity... What happens when someone reverse-engineers the software and sees that it's carefully skipping over blocks? If you don't want people to know about your encrypted data, use stego. Even if They find the stego software, you can always produce the keys to unlock the duress data from two or three .gif files, and say "that's all there is." Use stego to hide data. Use encrypted filesystems for convenience. If you try to put the two together, you'll probably end up with feature-bloat. The idea of an encrypted filesystems being accessable over the internet sounds interesting, though. Sort of a cross between NFS and CFS. Would be great for backup purposes. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From m5 at vail.tivoli.com Thu Jul 18 01:54:24 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 18 Jul 1996 16:54:24 +0800 Subject: Surf-filter lists In-Reply-To: Message-ID: <31ED710A.1756@vail.tivoli.com> Robert A. Hayden wrote: > A Private organization cannot "censor" anything. The fundamental > definition of the word require some agent of the government take action > to censor. I think you need a new dictionary. I don't see any reason why I shouldn't use the word "censor" to describe the action of a parent clipping articles from "Weekly Reader", for example. Whether some instance of censorship is interesting in a legal sense of course hinges on whether a government is involved. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From david at sternlight.com Thu Jul 18 02:03:19 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 17:03:19 +0800 Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates In-Reply-To: <1.5.4.32.19960716230339.002d0458@giasdl01.vsnl.net.in> Message-ID: At 11:10 AM -0700 7/16/96, Arun Mehta wrote: >At 10:13 15/07/96 -0700, David Sternlight wrote: >>actions in the Netherlands, the UK, and in the European >>Parliament suggest that an independent European escrow initiative might >>happen within a year. When it does it will be a trivial matter to harmonize >>it with some US offering. The mills in various countries are grinding too >>coincidentally for my taste. > >I don't doubt that the Europeans are quite likely to toe the American line -- Your comment is historically inaccurate. When "the Americans" came around to Europe selling Clipper, most told them to go peddle their papers. Then independent European escrow developments arose in a number of countries. This is a European line if it is anything, since there is no mandatory escrow requirement for domestic crypto in the US, nor has one reached the advanced state of play it has in the UK, Netherlands, European parliament (or is it the Council?), etc. There is no "toeing the American line" in this matter except in the minds of America-bashers. David From adamsc at io-online.com Thu Jul 18 02:04:35 1996 From: adamsc at io-online.com (Chris Adams) Date: Thu, 18 Jul 1996 17:04:35 +0800 Subject: Stuffs used for detection Message-ID: <199607180553.WAA12039@toad.com> On 14 Jul 96 06:32:40 -0800, jti at i-manila.com.ph wrote: > >In our school library, there is a depository area wherein you deposit your things and get the tag. >Since the library doesn't allow those tags to be brought out from the library, everytime you >brought it out and pass by the door, it will alarm. Does anyone know what stuff is that? How come >it is alarmed? I brought some metals but it wouldn't alarm... Why those tag would alarm them??? Usually they're magnetic... // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From stewarts at ix.netcom.com Thu Jul 18 02:04:43 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 18 Jul 1996 17:04:43 +0800 Subject: random numbers reverse-engineering Message-ID: <199607170739.AAA29679@cygnus.com> At 08:28 PM 7/15/96 +0300, Juri wrote: >Is there somewhere where I could find more information on finding out RNG >algorithms or reverse-engineering RNG's, once you have some quantity of >random numbers generated by some RNG? > >For example a local bank is giving each customer a list with 600 one-time >passwords (6-digit decimal numbers), and I believe they use the account >number as (one of the) seeds for the RNG. Is there some program that I >could use, together with the numbers and possible seed, to try to break >the RNG? If you have some guess about the algorithm being used, you can try it, and if they've chosen a weak algorithm, you may be successful. For instance, if they use a simple Linear Congruential Multiplicative PRNG, X[n+1] = ( a * X[n] + c ) mod m and if you've got a list of 600 one-time passwords, you can get a good approximation to m by taking the largest password and looking for prime numbers slightly higher than it. You can then try solving for a and c. On the other hand, if the account number is large, and each X[n+1] is the low-order 6 digits of Y'[n+1] = MD5(Y[n]) and Y[0] = account number, then it'll be much harder to reverse-engineer. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From stewarts at ix.netcom.com Thu Jul 18 02:05:24 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 18 Jul 1996 17:05:24 +0800 Subject: Defend Mail Bomb Message-ID: <199607180615.XAA12443@toad.com> At 11:25 PM 7/14/96 +0800, you wrote: >Is it possible to defend mail bomb? If not, detect who they are? Mail bombs are hard to defend against. If your company or ISP has a firewall or mail server that handles their incoming email, it can potentially be configured to block mail from known harassers, but it's much harder to do if automatically - ten megabytes of binary data might be mailbombs, or might be the CAD/CAM file that your engineering department wanted. If the mailbombs are all coming from one place, over a period of time, you can often look at the headers and track down where they came from, and contact the administrators of the machines the mail came from to ask them to stop the problem. But if the attacker is good, this requires looking at large numbers of log-files, and many administrators aren't willing to do this except for serious on-going problems. If the mailbombs are coming from anonymous remailers, most remailer operators are happy to put you on their block list, to block further anonymous mailbombs. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From matthew at itconsult.co.uk Thu Jul 18 02:09:38 1996 From: matthew at itconsult.co.uk (Matthew Richardson) Date: Thu, 18 Jul 1996 17:09:38 +0800 Subject: spam suckers (was Re: Chancellor Group....) In-Reply-To: <199607121652.JAA28494@slack.lne.com> Message-ID: <31edd2c9.170398019@itconsult.co.uk> >He's been flogging the same shit for a while- I've received three or four >of these spams at another address that I use to make Usenet posts. I've just noticed that one of my test mailboxes has received two of these. The only thing it has ever posted is to alt.test! That makes it look like a HUGE spam. Best wishes, Matthew From shamrock at netcom.com Thu Jul 18 02:11:17 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 18 Jul 1996 17:11:17 +0800 Subject: Sternlight on C'punks Message-ID: At 14:42 7/16/96, Peter D. Junger wrote: >How does one set up a kill-file for a mailing list? I run a Linux box >with sendmail and use the MH mail system. > >My best guess is that I will have to install procmail, but would like >your advice before going to a lot of labor. Procmail is the way to go. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From stewarts at ix.netcom.com Thu Jul 18 02:16:26 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 18 Jul 1996 17:16:26 +0800 Subject: Banning Anonymity As Well (was Re: How I Would Ban Strong Crypto Message-ID: <199607170719.AAA29368@cygnus.com> >> Also, the key which decodes the GAKed data is just too valuable and too >> easy to steal. > >Assuming the info is encrypted with one GAK key, yes. There might be >a series of keys, perhaps for each escrow agency, or an id-number >that identifies the key. I predict that the "Access requires two master key agents" feature that Clipper I pretended to have* gets lost along the way. It wasn't in Steve Walker's software key-gakking system that he and Dorothy were touting a year or so ago, and it's a bit of work to actually implement in software depending on the encryption methods used. [* The Clipper I chip didn't actually implement dual GAK agents, though it could have without much extra effort; that was all part of the process of loading the chip's master-key in the vault charade, and could therefore be easily changed later... ] # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From stewarts at ix.netcom.com Thu Jul 18 02:21:13 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 18 Jul 1996 17:21:13 +0800 Subject: Message pools _are_ in use today! Message-ID: <199607180615.XAA12448@toad.com> >>receive message pools by satellite dish-- hurray for true broadcasting! tcmay at got.net (Timothy C. May) wrote: >Yeah, and I should have mentioned the "PageSat" Usenet distribution model, >too. (It was a really hot topic 3-4 years ago, but I've heard little of it >in the past couple of years...the rise of the Web has made passive >downloads of Usenet a lot less interesting.) Volume has been a real problem. Usenet is probably close to 10MB/hour these days, which is 30 kbps if you don't compress it, or 10-15 kbps compressed (since the binary newsgroups are a good chunk of the volume and are already mostly compressed.) That's pushing what you can do with really-low-end satellites, and as Tim says, the Web has affected the size of the market for that kind of service. I don't know how easy it is to get one of these pseudonymously, and they do cost a bit, but an amusing transmission medium for message pools is alphanumeric pagers; you can get pager cards for PCs, or just limit your messages to 250-byte blocks.... Bay Area alphanumeric service probably costs $25/month, though nationwide is $60-100. >2. The authorities already have identified a suspect, call him "Bob," and >wish to know if he reading (and perhaps decrypting) messages to "Alice." > >As several of us have noted, #1 is tough--real tough. The authorities would >have to contact 10,000 or more ISPs who have local newsfeeds and subpoena >their logs of who read which newsgroups...assuming such logs are even kept Getting everybody is tough. Getting a lot of the potential suspects, however, isn't as tough as it looks - the vast majority of home Internet users are on AOL, Compuserve, Prodigy, UUNet, Netcom, or (RSN) AT&T. Anonymous Message Pool users are a bit more likely to use niche-market ISPs, especially under pseudonyms, but if the number of users increases significantly there'll still be a reasonable proportion on the big carriers, which are probably more cooperative and probably keep more complete logs. On the other hand, several of the big players are good places to get disposable accounts charged to that secured Visa debit card you opened under a pseudonym.... # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From middleman at cyberpass.net Thu Jul 18 02:21:27 1996 From: middleman at cyberpass.net (Janet Reno) Date: Thu, 18 Jul 1996 17:21:27 +0800 Subject: New Middleman (reno) Message-ID: <199607172303.QAA09932@rigel.infonex.com> ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION I'm proud to announce the birth of a new middleman remailer! This new remailer uses John Perry's middleman mixmaster code and is located at cyberpass.net thanks to Lance Cottrell. Here are the statistics: NAME: Janet Reno SHORTNAME: reno ADDRESS: middleman at cyberpass.net MIXMASTER KEY: reno middleman at cyberpass.net b864a69c831f38593d24187122e954f6 2.0.3 -----Begin Mix Key----- b864a69c831f38593d24187122e954f6 258 AASx+Qa23TBIu7MTGZQekob8EJrxyhNPYPBRhzZC 17F5scF1MzFIk1PhY0O78QN29aYMHlo99jE37Hlh MvJpQ7HUrqnklRIaRZJBLxUcuBoTckMltIJEdh1r 9Lbh8e5AIoqPr6c9SAxr7Q3v2cthkwuBYEiWDlui 0vGtsX/EC6lTdwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB -----End Mix Key----- John Perry, will you please add my remailer to your list when you get a chance? middleman at cyberpass.net From shamrock at netcom.com Thu Jul 18 02:22:09 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 18 Jul 1996 17:22:09 +0800 Subject: Sternlight on C'punks Message-ID: At 18:11 7/15/96, David Sternlight wrote: [...] >Nothing like a good personal defamation before even reading my posts, eh? >As those who have paid attention know, I post my policy views, not >flame-bait. The idea that I am deliberately trying to start flame wars is >pure paranoia. LOL. ROTF. While the poster of the message to which you are responding may not have read your posts, I have. Hundreds of them. Your USENET posts routinely lead to some of the longest flame wars I have ever seen. While starting flame wars may not be your intention, it most certainly is often the result of your posts. Consequently, you are one of only two people in my global USENET kill file. Not because I hate you, but because I don't enjoy reading the endless flame fests that seem to be the inevitable result of your posts. Deliberate or incidental, you *are* starting flame wars. No offense, -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From tcmay at got.net Thu Jul 18 02:23:52 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 17:23:52 +0800 Subject: "address verification databases"? (was: Netscape download...) Message-ID: At 9:45 PM 7/17/96, Jeff Weinstein wrote: > Because we have not yet been able to obtain the address verification >databases that we need for Canada. There is someone working on >tracking this down right now. When we get the proper database we >will add access to canada. > > --Jeff Jeff, can you tell us anything more about what these "address verification databases" are? For example, are they derived from government sources? Census data? (Naw, can't be, for at least two obvious reasons). Voting records? (Naw.) Credit card purchases? (??) While I can imagine various commercial firms have indicators that a "T. Christopher May" once lived in Rio Del Mar (the name of a town I lived in, though not an official "Postal Service" address), I really find it odd that, for example, there would be any database that could "parse" the informal information people provide (absent a well-defined set of addresses and precise spellings). In case I'm not making myself clear, there are no "official" addresses of persons in the U.S! Not even the tax system requires registration of all persons and specific addresses. This has come up in several "voter's rights" cases, where persons with no fixed address were nevertheless able to vote. If I, T.C. May, say my address is Moonbeam Trailer Park, who's to say it's not? Maybe it's where I'm staying with a girlfriend, maybe it's where I get my mail, maybe it's my spiritual home. And yet just which "address verification database" could possibly confirm that I live in (or get my mail at the Moonbeam Trailer Park at this exact moment? Absent any laws clearly defining what one's official name is, official phone number is, official zip code is, official address is, etc., just about anything we choose to put down on the Web form is kosher. At least the MIT system was based on ISP domain names, crude as this is, and not on putative names and residential or business addresses. Anyway, I don't know if Netscape is rejecting the information I'm providing them, as I've been unable to get through in roughly 30 connect attempts. But I'm still curious about what these "address verification databases." Sounds ominous to me. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Thu Jul 18 02:34:00 1996 From: snow at smoke.suba.com (snow) Date: Thu, 18 Jul 1996 17:34:00 +0800 Subject: US versions of Netscape now available In-Reply-To: Message-ID: On Tue, 16 Jul 1996, David Sternlight wrote: > At 3:36 AM -0700 7/16/96, Duncan Frissell wrote: > >At 04:18 PM 7/15/96 -0700, sameer wrote: > >> Not like that's tough to figure out. Congrats. It's cool to > >>actually be able to connect to my webserver using real encryption. > >>Glad the lawyers don't think Barksdale is going to jail anymore. > >I'm glad too. So how many minutes did it take to leak overseas? > It doesn't "leak overseas" as if there were some regrettable lapse in the > plumbing. Someone has to commit a felony violation of Federal law. No they don't. If they are French, Russian, English, Greek, etc. They _may_ be violating their countries laws, but they are not necessarily violating ours. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From aba at dcs.ex.ac.uk Thu Jul 18 02:39:18 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Thu, 18 Jul 1996 17:39:18 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: <199607171103.MAA00222@server.test.net> Joseph Block writes: > At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote: > >One problem, however, would be how to keep the "decoy" data, accessible > >with only the ambush key, "fresh" in that it must undergo a certain amount > >of turbulence to appear real. A problem yes. My thoughts were that you would effectively have two filesystems and use them both yourself for real work. That is to say that you would say have some consulting work doing some programming or something, and use the 1st encrypted filesystem for this work. If this work was covered by an NDA, so much the better, as it would provide an understandable reason for encrypting. > >The two file systems would essentially have to > >mirror each other, one with the juicy bits and one with the decoy bits. > >It would seem to be practically impossible to just build two file systems > >as one would 'disappear' when only the ambush key was used. Wouldn't it > >be sort of obvious that something was wrong if half the disk vanished? I don't think nuking the data is the way to go, from what I understand of the way these things work, is that they kick down the door in the dead of night and make sure you don't get to touch the equipment. Also they'd be sure to take a sector level backup of the drive as a first step. If you have your duress encrypted file system, with the "real" file system in the unused space of that filesystem, and the hidden file system is encrypted with an unknown (to them) 3DES key, I don't see how they are going to be able to prove that it is not just noise. (This is presuming it is a feature of this encrypting file system that it ensures unused space is always filled with noise anyway, even inside the first layer of encryption) The question of freshness Mark raised, if I understand correctly is interesting. I presume here he is talking about the fact that under analysis it is possible to retrieve information from hard drives which has been deleted and overwritten even multiple times with other data, due to the relative inaccuracy of disk head placement, and other factors. Perhaps it is even possible to tell how recent a magnetic pattern is even? In an encrypted file system with no hidden file system, if the unused space were filled with random garbage, you might expect that garbage to have been modified fewer times, or less recently than the real data. If there were a second hidden file system in those unused blocks, it might show up due to being written to more recently, or more often than expected. If the threat model includes this kind of analysis, I think it would be necessary to ensure that all the data is churned evenly, or sufficiently that there is little chance of extracting this kind of information. What I would suggest is that during periods of disk inactivity the data (even the unused space whether it is a 2nd partition or not) is re-encrytped with a new random IV at some frequency. The frequency chosen should be to ensure that all the data on the disk is recent, and that in the course of disk usage over a period of a week there are many re-writes with data re-encrypted with random IVs to all areas of the disk. > As far as churning goes, why not just mount both the decoy and the > encrypted filesystems simultaneously? I think you would have to mount them both during normal usage to avoid damaging the real filesystem hidden in the unused space. Only in the event of a duress situation would you mount only the duress file system. This next bit must be talking about the stegoed file system: > Have a perl script (stored on the hidden volume of course) that > automatically decodes random images from alt.binaries.pictures.* > into the decoy system and nukes the oldest decoy files. Careful. For stego you can't use publically available images -- they have to be images you scanned yourself, other-wise comparison will show that the images have been altered. (Law enforcement agents read a.b.p.* too). Adam -- #!/bin/perl -sp0777i At 1:30 PM 7/16/96 -0700, Jim Gillogly wrote: >"Deranged Mutant" writes: >>A problem with a c'punk-style encrypted fs with source code and wide >>distribution is, of course, that attackers will KNOW that there is a >>duress key. > >Good point. This suggests a design desideratum for any such system should >be that the user may choose not to have a duress key, maintaining >semi-plausible deniability for those who choose to have one. Perhaps a user settable number of duress keys with different behavior for each of them? ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From daw at cs.berkeley.edu Thu Jul 18 03:04:20 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Thu, 18 Jul 1996 18:04:20 +0800 Subject: Crypto 96 In-Reply-To: <199607172345.QAA08995@jobe.shell.portal.com> Message-ID: <4sknsp$cge@joseph.cs.berkeley.edu> In article <199607172345.QAA08995 at jobe.shell.portal.com>, Hal wrote: > Crypto 96 is coming up in about a month. Yeah, should be good fun -- see you there! I just wanted to point out that many of the papers you mentioned below are available on the Web, if you want to preview them. (Please excuse me if any of the URLs are wrong-- I'm logged in via a slowish link, so I've just copied the URLs from my bookmarks without checking them.) > Anonymous Communication and Anonymous Cash > Daniel Simon, Microsoft, USA http://pct.microsoft.com/research.html I think? > The Dark Side of 'Black-Box' Cryptography, or: Why Should We Trust Capstone? > Adam Young, Columbia Univ., USA > Moti Yung, IBM, USA http://www.cs.columbia.edu:80/~ayoung/ and discussed on sci.crypt and sci.crypt.research. > Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and > Other Systems > Paul Kocher, Stanford, USA http://www.cryptography.com/ for an early draft. > Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES > John Kelsey, Counterpane Systems, USA > Bruce Schneier, Counterpane Systems, USA > David Wagner, Univ. California at Berkeley, USA http://www.cs.berkeley.edu/~daw/me.html I wouldn't call it a ``big new result''; it talks about differential related-key attacks. From tcmay at got.net Thu Jul 18 03:07:19 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 18:07:19 +0800 Subject: Lying Purebred Sovok Tchurkas Write the History of the Net Message-ID: At 4:17 AM 7/18/96, Igor Chudov @ home wrote: >Knowing KGB habits as pertaining to releasing information to the public, >I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and >maybe 10% truth that was already publicly available. > >It is like buying a CDROM about the history of the Net from Dr. Grubor. >Maybe it would be interesting and amusing, but not worth $120. NOW you tell me! I just shelled out $42 for "The History of the Net," by Dr. John Grubor and Dr. Dmitri Vulis, 1996. And here I thought it was the real history of the Net, especially the part about how "the dandruff-covered Peter Vorobieff (spit) conspired with the purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew cripples dying of AIDS in Sovok-controlled clinics." When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot, I thought this was the actual truth. I guess not. Maybe Spafford is actually Rabbi Ruthenberg. --Tim May (hint: this a satire, based on the writings of Vulis, who speaks of people as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the charming word "(spit)" after nearly every person he references.) Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Thu Jul 18 03:16:15 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 18 Jul 1996 18:16:15 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: <199607170719.AAA29383@cygnus.com> At 02:29 PM 7/16/96 -0500, Declan wrote: >The emerging consensus is, in fact, nonexistant. ... >Michael writes: >>On Sun, 14 Jul 1996, Timothy C. May wrote: >>> So, who is in this "emerging consensus"? >>> >>Foreign governments? >>(Process of elimination, not inside info...) A consensus means that everybody more or less agrees. If I were looking for a group of people that more or less all agreed that governments needed access to all encrypted material within their grasp, I'd probably look for heads of governments, and counter-intelligence and internal-security organs of government, and assume that the spying-on-other-government organs of government won't mind because they can take care of their own crypto... As far as businesses go, the closest to a consensus I've seen is that some vendors think they can make money selling GAK tools, and some others don't really care governments can read the data their customers transmit as long as the government doesn't scare customers away. And then there are the folks whose current encryption is so wimpy that 40-bit-RC4 is a big step up, and they don't mind much either. As y'all have said, it's bogus, and for government to claim otherwise is really shoddy and dishonest, but hey, that's government for you.... # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From blackavr at aa.net Thu Jul 18 03:47:18 1996 From: blackavr at aa.net (Michael Myers) Date: Thu, 18 Jul 1996 18:47:18 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960718081151.0070f490@aa.net> At 09:48 PM 7/17/96 -0700, Timothy C. May wrote: >a lot of trouble for calling for "head shots" on rampaging BATFags. >Frankly, I'm not a good enough shot--especially in high-stress >situations--to make head shots with my H & K .45, so I can only hope to >make torso shots.) Gotta spend more time at the range...*grin* >Personally, I think all folks should be armed at all times in their homes. >Those who aren't are taking their chances. My personal choice is a Heckler >& Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that >has a 92% one-shot stop rate, with adequate penetration through Kevlar >vests (typically worn by BATF raiders). I may die, but I hope I can take at Just as a technical aside, the "entry" vests are becoming much more common, and can often stop up to 7.62 NATO, sometimes even .30-06 AP rounds. The handgun rounds don't even faze wearers of this vest. They'd be likely to go through the Lexan face shields, though (hint hint...Mozambique drill). >least two of them with me. (Interestingly, the same class of folks who want >to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing >rounds. Same bunch are also working to ban civilian ownership of bullet-resistant vests...seems like a pattern developing here, doesn't it? -- /^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\ Michael Myers Vote Libertarian....you'll sleep better! Don't like abortion? Don't have one. Don't like guns? Don't buy one. blackavr at aa.net E-mail for PGPv2.6.2 public key \____________ http://www.aa.net/~blackavr/homepage.htm ________________/ From stewarts at ix.netcom.com Thu Jul 18 03:48:35 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 18 Jul 1996 18:48:35 +0800 Subject: Government: Home-Business Message-ID: <199607170719.AAA29379@cygnus.com> >>Dear Friend, >>Thank you for your interest. Please take a minute to read this >>important information or simply print it out. > >>All the information here is 100% accurate and can be verified >>with the Department of HUD in Washington D.C. Bwa-hah-hah fnord.... >I'm getting more and more of this kind of crap sent to me. I have >a procmail script which greps a file of undesirable addresses I've >compiled, but that hasn't proven very useful as there aren't many >repeat offenders. (the procmail script is available at >http://www.universe.digex.net/~mbr/unix/junkmail.html) >How are other people dealing with this? So far, I've been sending them my offer for SPAM PREVENTION CONSULTING! at my usual rates of $250/hour, minimum 2 hours, plus any legal and collection fees required. One of them has a human reading the responses (the CHAG folks), who's not highly impressed (:-), while the folks with the hundreds-of-thousands-of-spam-victims-email-addresses lists have only robo-replied, though they've both sent a second set of spam and are thus billable :-) I assume, since the robo-spammers are posting from a new email address this time, that either their previous ISPs have dumped them, or perhaps that they're using the same ISP and multiple domain names to hide it, probably the former. CHAG is more blockable, since they're trying to portray an image of stability and trustworthiness, as opposed to hit-and-run. Meanwhile, large numbers of replies can always get their attention; I haven't tried forging the address of the robo-spammers' robo-reply-bot on a message to them to see if it knows not to spam itself, but if a thousand people were to do it, they might start to think it was a movement or something..... # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From stig at hackvan.com Thu Jul 18 03:59:13 1996 From: stig at hackvan.com (Stig) Date: Thu, 18 Jul 1996 18:59:13 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? In-Reply-To: <199607170040.UAA13512@alpha.pair.com> Message-ID: > Date: Tue, 16 Jul 1996 22:48:23 +0200 (MET DST) > From: Alex de Joode > To: cypherpunks at toad.com > Subject: Re: #E-CASH: PRODUCT OR SERVICE? > Newsgroups: list.cypherpunks > > [..] > : "Ecash" is a registered trademark of DigiCash. It is registered > : with the Benelux trademark office and the United States > : trademark office. I believe that it is considered unwise to use > : minor variations on trademarked names, but I'm not an > : intellectual property rights lawyer. > > The Benelux (Netherlands, Belgium and Luxembourg) trademark laws > don't allow for slight variations, certainly not if there is a > change that people get confused, it is very very likey that the > judges of the benelux trademark court will decide that > ecash and e-cash are just to simular, and will thus confuse the > public. (art 5 lid 1 BMW) > > btw: I'm surprised DigiCash didn't file for a European Trademark, > but opted for Benelux and US protection. Perhaps this has already been voiced on the main list (I get a filtered helping or two of cypherpunks), but *I'm* surprised that such a generic name as 'Ecash' was granted trademark status anywhere. It's like giving Microsoft a trademark on the term 'Email'... It's nuts! Was the term ecash not in use before DigiCash showed up on the scene? Stig From tcmay at got.net Thu Jul 18 04:21:12 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 19:21:12 +0800 Subject: How I Would Ban Strong Crypto in the U.S. Message-ID: At 7:29 PM 7/16/96, Declan McCullagh wrote: >(Note that Leahy is only occasionally a friend of the Net. His original >crypto bill had troubling additional criminal penalties; he shepharded >Digital Telephony through Congress; he is a co-sponsor of the vile >copyright bill pending right now. In sum, he'd hurt the Net more than help >it. This becomes a problem when netizens hold him up as an champion of our >freedoms -- and then when DT II comes along his fellow senators think it's >okay to vote for it 'cuz Mr. Net, Leahy, is a cosponsor.) By the way, I certainly don't hold him up as a champion of views I can support; I vividly recall his role in the disastrous DT Act. >My rebuttal to Gorelick's fantasy is: well, what about Japan, where the >country's constitution forbids wiretapping? Many countries have constitutions which say fine things, even though the reality is quite different. Some even constitutions which are in many ways better than the U.S. version...until of course the reality on the street is taken into account. Japan has an active SIGINT capability, called Chobetsu, directed domestically at U.S. installations (a la NSA's own SIGINT facility at Misawa AFB) and at domestic companies. Whatever their constitution may say, intercepts are used. Chip companies with facilities in Japan communicate with their facilities with the expectation that MITI and Chobetsu are making all attempts to intercept useful economic intelligence. Information on the intelligence agencies of various countries may be found in the standard reference by Jeffery Richelson, or on the Web at such URLs as http://www.onestep.com/milnet/iagency.htm Here is one entry for Chobetsu: Chobetsu Ground Self-Defense Forces Investigation Japan Division, Second Section, Annex Chamber In short, I don't believe that a New Crypto World Order, with buy-ins already apparent from most European and Asian countries, will be deterred by Japan's nominal promise in its constitution not to wiretap. As a friend of mine who spent the last nine years working for an American chip company in Tsukuba and Tokyo puts it, "Japan is a fucking police state." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From EALLENSMITH at ocelot.Rutgers.EDU Thu Jul 18 04:38:35 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Thu, 18 Jul 1996 19:38:35 +0800 Subject: US govt claims to want to combat "computer terrorism" Message-ID: <01I7742PEB009ED9YD@mbcl.rutgers.edu> Somehow, I suspect that their efforts will A: not include any non-GAKed cryptography involvement, and probably minimal GAKed cryptography - less chance of someone using superencryption in a hard-to-detect fashion. I also suspect that they'll be cutting down on anonymnity, or at least trying to. Notice the link to an almost completely unrelated incident, namely the Oklahoma City bombing. -Allen > _ Wednesday July 17 1:28 PM EDT _ >U.S. urges "Manhattan Project" for cyber security > WASHINGTON - The Clinton administration is urged U.S. industry to join > in a sweeping new drive to protect computer networks and other modern > lifelines from attack by terrorists and others. [... Jamie Gorelick, or whatever her name is (yes, the pro-GAKing one), said:] > "What we need, then, is the equivalent of the 'Manhattan Project' > for infrastructure protection, a cooperative venture between the > government and private sector to put our best minds together to come > up with workable solutions to one of our most difficult > challenges," she told the Governmental Affairs permanent > subcommittee on investigations. > President Clinton set the stage for such a blitz Monday with an > executive order setting up a blue-ribbon panel that will recommend > measures to safeguard such lifelines as telecommunications, power > systems, water supply, and gas and oil storage and transportation. The > panel is to be chaired by a presidential appointee drawn from the > private sector and will include representatives from government and > industry. [...] > The administration began to focus on the issue after the April 19, > 1995, bombing that killed 168 people in an Oklahoma City federal > office building. > Copyright, Reuters Ltd. All rights reserved From rah at shipwright.com Thu Jul 18 05:10:25 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 18 Jul 1996 20:10:25 +0800 Subject: Hettinga Rants in WiReD... Message-ID: Now if they'll send me the check... :-) About two months ago, I wrote an 'Idees Fortes' piece for Wired. It's about digital bearer bonds. If I remember the title, it's something like "The Internet as Buttonwood Tree". You guys have heard most of it from me before. Thus, as usual, it is, again, TiReD... People tell me it's in the latest issue, which is out now, but I haven't gone looking for it on the newstand yet. Maybe they'll send me a clipping. With the check. Did I tell you they haven't sent the check. That's a recurring problem with me lately... Maybe I should update my non-repudiation rant... You shoulda seen the first version. Or, maybe you did... I can't remember. The editor said something about it being too out there, or something like that. For WiReD?... ;-) It's late. I'm going to sleep. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From david at sternlight.com Thu Jul 18 05:14:44 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 20:14:44 +0800 Subject: US versions of Netscape now available In-Reply-To: Message-ID: At 10:51 PM -0700 7/17/96, snow wrote: >On Tue, 16 Jul 1996, David Sternlight wrote: >> At 3:36 AM -0700 7/16/96, Duncan Frissell wrote: >> >At 04:18 PM 7/15/96 -0700, sameer wrote: >> >> Not like that's tough to figure out. Congrats. It's cool to >> >>actually be able to connect to my webserver using real encryption. >> >>Glad the lawyers don't think Barksdale is going to jail anymore. >> >I'm glad too. So how many minutes did it take to leak overseas? >> It doesn't "leak overseas" as if there were some regrettable lapse in the >> plumbing. Someone has to commit a felony violation of Federal law. > > No they don't. If they are French, Russian, English, Greek, etc. They > _may_ be violating their countries laws, but they are not necessarily >violating ours. That is only true if they find a way to crack Netscape's software distribution security from overseas, or somehow found a user machine with the software on it and cracked IT. IF the thing leaks it is much more likely because someone on our side of the border was complicit. Do I _think_ it will stay on this side of the border? Of course not. But any leaked copies will be illicit and won't be in the "mass" market of non-US Netscape versions. I think the government realizes this and the safeguards are designed to deal with the mass of overseas users, not the odd clever hacker and his friends. David From tcmay at got.net Thu Jul 18 05:34:59 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 20:34:59 +0800 Subject: The Orchid Ring of (Probable) Child Pornographers Message-ID: At 11:29 AM 7/17/96, John Young wrote: > "16 Indicted On Charges Of Internet Pornography." > > Exon-Reno-ing into one of the more distant frontiers of > sexual crime, a Federal grand jury charged 16 people in > the US and abroad with joining in a pornography ring. > Its members shared homemade pictures, recounted their > sexual experiences with children and even chatted > electronically as two of the men molested a 10-year-old > girl. The case appeared likely to heighten concerns > about the spread of child pornography over the Internet. This incident happened very near me, in Greenfield, California, near Salinas. (No, I was not involved!) Apparently the "Orchid Ring" (or "Orchid Club") was using a password-protected system of some sort, according to an article in today's "Mercury News." The Internet was used, but I don't know the details (e.g., whether IRC was used, ordinary e-mail, or some soft of "intranet" linking the participants). ObList Relevance: Even if they were not using PGP or the like, it is not a leap to imagine the usefullness of crypto for such intranets. It'll be interesting to see how this unfolds. BTW, from the reports it appears likely that these were indeed "child pornographers," not simple violators of the CDA. That is, full-fledged Horsemen of the Infocalypse. As such, potentially powerful ammunition for those who would like restrictions placed on crypto. (Especially if it turns out that law enforcement learned of the Orchid Ring through non-encrypted communications.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From david at sternlight.com Thu Jul 18 05:46:04 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 20:46:04 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: (Apologies if I answered this yesterday--I'm seeing some posts twice for some reason.) At 7:50 PM -0700 7/16/96, Lucky Green wrote: >At 18:11 7/15/96, David Sternlight wrote: >[...] >>Nothing like a good personal defamation before even reading my posts, eh? >>As those who have paid attention know, I post my policy views, not >>flame-bait. The idea that I am deliberately trying to start flame wars is >>pure paranoia. > >LOL. ROTF. While the poster of the message to which you are responding may >not have read your posts, I have. Hundreds of them. Your USENET posts >routinely lead to some of the longest flame wars I have ever seen. That's because I hold logically supportable (and I provide such support in my posts) but unpopular views (at least for the alt. crypto groups and this one). If people cannot tolerate rational dissent and deal with it rationally, they don't believe in free speech and their own beliefs are built on sand. It's "free speech only for those who agree with them". As I like to characterize it, it's the same cloth from which the demagogue who cries "Power to the People!" is cut when he really means "Power to me and my friends." When they react by name-calling, personal attacks, and the rest of the armamentarium of flame wars, it is THEY who are doing it. The very concept of "flame bait" is a way of blaming the victim. It is a close relative of the child's "he made me do it" defense. And when on occasion (as happens) I rise to provocation, my take on it isn't that the other guy posted "flame bait" but that I allowed myself to be out of control. It's always possible to respond with the standard weapons against provocation when such is deliberate: rapier-like wit, reductio ad absurdum, literate sarcasm, or simple silence aka the filter file. Actual contumely in a response is seldom necessary, except perhaps by reference on rare occasion. We're not children here. But more likely, if one feels provoked by a rational comment (as distinct from personal defamation), that's usually a warning flag that one's own beliefs need re-examining and may not be all that robust. In such a case a rational discussion is the best way. The above DOES take some learning (wanna see my scars?). Some of the more vicious defamers in this medium never show up in "normal" polite society so it takes a bit of experience to learn how to deal with them here. Since the net is a free medium, such countermeasures must be learned--after trying the standard approach of attempting to invoke "community pressure" on more blatant defamers I've concluded it's pretty ineffective. This medium has some historical baggage which doesn't help. There's the contempt the newly experienced have for those a day or so behind them in the learning process--often encapsulated in the word "luser". There's the contempt the newly hatched super-bright have for those less bright than they, until those super-bright types grow up and discover it takes more than brains to have a life. Computers attract a lot of bright but immature kids, and though the net has now pretty much "grown up" some artifacts of the early history still remain. > >While starting flame wars may not be your intention, it most certainly is >often the result of your posts. Sure, and in my current analogy, another's theft may not be my intention but it is often the result of my having some money. Does that make me responsible for the theft? I think not. > Consequently, you are one of only two >people in my global USENET kill file. Not because I hate you, but because I >don't enjoy reading the endless flame fests that seem to be the inevitable >result of your posts. I have repeatedly and publicly said that it is anyone's right to kill file anyone else for any reason or no reason. Part of freedom is the freedom not to listen. In fact I've posted instructions on how to kill file me on occasion for those who asked. > >Deliberate or incidental, you *are* starting flame wars. No more than the person with money is starting theft. Theft is done by thieves, not by their victims. > >No offense, None taken, but I suggest you need to think more deeply about this. David From david at sternlight.com Thu Jul 18 05:48:42 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 20:48:42 +0800 Subject: US versions of Netscape now available---NOT In-Reply-To: Message-ID: At 8:13 PM -0700 7/17/96, Timothy C. May wrote: >At 2:03 AM 7/18/96, Tom Weinstein wrote: > >>Yes. We've had a few thousand people download it. Unfortunately, we >>only have one machine serving downloads right now, and it tends to melt >>down a couple times a day. > >I've tried four times, and each time has timed out. (That is, I've filled >out the Web form four times and tried n times each iteration...at least I >get to experiment with variations on my name and address each time :-}) > >I guess I'll have to connect to the Italian and/or Swedish sites again. Has >the software arrived there yet? > Very droll. I had no trouble downloading it first try. Perhaps you should switch to Netcom. :-) David From tcmay at got.net Thu Jul 18 05:48:52 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 18 Jul 1996 20:48:52 +0800 Subject: New Infowarfare Panel Message-ID: At 8:01 PM 7/17/96, Dave Banisar wrote: >If y'all have heard, Clinton signed an executive order 2 days ago creating a >new panel to examine how to "protect" "critical" computer systems. The panel >will be made of of the usual suspects with a non-govt person ($5.00 says it >will be someone from one of those wonderfully independant companies like SAIC, >MITRETEC, EDS, E-Systems). > >Needless to say, it looks an awful lot like NSDD-145 all over again with the >panel recommending changes to the law to allo for greater coordination of LE, >intell for govt computers and god knows what for non-govt computers. > >Anyway, the directive is now up on our site at >http://www.epic.org/security/infowar/eo_cip.html Thanks. It's certainly beginning to look like "infowar" is the new funding/legislation fount....I suggest it be given honorary status as a "Horseman." Winn Schwartau is running conferences, is talking about the imminent danger of the nation's computer networks being knocked out (paraphrasing his latest "Wired" item: "imagine your ATM network being knocked out and people being unable to gain access to their money"). Schwartau is predicting/advocating a "fifth branch" of the military to deal with the this threat. A cyberforce, as it were. Color me skeptical, but I see this all as a lot of hype and fear-mongering. Folks in the Pentagon, FBI, and NSA probably see it as a way to get more funding, Folks in the consulting business probably see it as a way to crank up the seminar prices and increase the number and frequency of "Information Warfare" workshops and seminars. And the anti-terrorism folks will use it to tighten up. (Of course, tonight's explosion of the TWA 800 looks to be a bomb, from all indications...this _could_ be the "Oklahoma II" incident that will trigger more draconian surveillance legislation. Just a concern I have.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Thu Jul 18 05:49:30 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 18 Jul 1996 20:49:30 +0800 Subject: Opiated file systems Message-ID: <199607180708.AAA09887@mail.pacifier.com> At 05:06 PM 7/17/96 +0000, Deranged Mutant wrote: >1. Confiscate computer (along with physical drive) with duress-capable >encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file >system driver to figure out how the duress-key works, if there are >multiple keys, where data is stored; 4. make sure you've rubber-hosed >or subpeoned all passphrases or keys; 4a. if the system destroys data, >you've got backups ("Very funny kiddo; now give us the real key...") >4b. even if there are two filesystems, the attacker will want access >to both, just to make sure... It has long occurred to me, considering the size and low power of the typical 3.5" hard drive compared with the size of the typical house or apartment, that it might be an interesting project to remotely connect such a (hidden) drive to your computer using a reasonably surreptious link that is difficult to trace. Say, an IR optical link, a single bare (unjacketed) optical fiber, a LAN with hidden nodes, or a similar system. Maybe an inductive pickup. In any raid, they'll have to decide what to take, and chances are very good that they won't find every hidden item. Jim Bell jimbell at pacifier.com From david at sternlight.com Thu Jul 18 05:50:54 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 20:50:54 +0800 Subject: Lying Purebred Sovok Tchurkas Write the History of the Net In-Reply-To: Message-ID: At 11:36 PM -0700 7/17/96, Timothy C. May wrote: >NOW you tell me! I just shelled out $42 for "The History of the Net," by >Dr. John Grubor and Dr. Dmitri Vulis, 1996. > >And here I thought it was the real history of the Net, especially the part >about how "the dandruff-covered Peter Vorobieff (spit) conspired with the >purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew >cripples dying of AIDS in Sovok-controlled clinics." > >When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot, >I thought this was the actual truth. I guess not. Maybe Spafford is >actually Rabbi Ruthenberg. VERY funny. Made my day. > >--Tim May > >(hint: this a satire, based on the writings of Vulis, who speaks of people >as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the >charming word "(spit)" after nearly every person he references.) You didn't have to explain it. Some things are best unsaid for maximum effect. David From usura at replay.com Thu Jul 18 05:57:36 1996 From: usura at replay.com (Alex de Joode) Date: Thu, 18 Jul 1996 20:57:36 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: <199607180929.LAA03315@basement.replay.com> In article Stig wrote: : > Date: Tue, 16 Jul 1996 22:48:23 +0200 (MET DST) : > From: Alex de Joode : > To: cypherpunks at toad.com : > Subject: Re: #E-CASH: PRODUCT OR SERVICE? : > Newsgroups: list.cypherpunks : > : > [..] : > : "Ecash" is a registered trademark of DigiCash. It is registered : > : with the Benelux trademark office and the United States : > : trademark office. I believe that it is considered unwise to use : > : minor variations on trademarked names, but I'm not an : > : intellectual property rights lawyer. : > : > The Benelux (Netherlands, Belgium and Luxembourg) trademark laws : > don't allow for slight variations, certainly not if there is a : > change that people get confused, it is very very likey that the : > judges of the benelux trademark court will decide that : > ecash and e-cash are just to simular, and will thus confuse the : > public. (art 5 lid 1 BMW) : > : > btw: I'm surprised DigiCash didn't file for a European Trademark, : > but opted for Benelux and US protection. : Perhaps this has already been voiced on the main list (I get a filtered : helping or two of cypherpunks), but *I'm* surprised that such a generic name : as 'Ecash' was granted trademark status anywhere. : It's like giving Microsoft a trademark on the term 'Email'... It's nuts! : Was the term ecash not in use before DigiCash showed up on the scene? Untill januari 1st 1996 you could trademark anything in The Benelux. A bank (ABM*AMRO) has a trademark on 'the bank'; they essentially upgraded a generic name into a trademark, but the recent changes made that impossible since the Benelux Trademark Buro has to check if a name is a generic name and they now have the power to refuse a registration. bEST Regards, -- -AJ- From david at sternlight.com Thu Jul 18 06:02:10 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 18 Jul 1996 21:02:10 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: At 6:46 PM -0700 7/17/96, Declan McCullagh wrote: >---------- Forwarded message ---------- >Date: Wed, 17 Jul 1996 15:54:24 -0500 >From: Declan McCullagh >To: fight-censorship+ at andrew.cmu.edu >Subject: Gorelick testifies before Senate, unveils new executive order > >Deputy Attorney General Jamie Gorelick testified yesterday before Sen. >Sam Nunn's cyberscare hearing (take #3), where she ranted about the >evils of the Net and unveiled an executive order signed by the >president on Monday. Here's the problem in a nutshell: Everyone who has looked at our systems, from Cliff Stoll on to blue ribbon scientific commissions, has come to the conclusion that our society is vulnerable to willful sabotage from abroad, ranging from information sabotage (hacking electronic financial transactions) to physical sabotage (hacking power grid control computers to cause widespread power failures leading to serious damage to people and things; hacking the phone companies' computers, etc.). Some cases have already been observed. The field has already got a name and lots of publications. It's called "information warfare" and the government is taking it VERY seriously. Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors. Your friendly neighborhood ISP, for instance, probably can't affort the iron belt and steel suspenders needed to make his system and its connectivity sabotage-proof, and so on. Even cheap but clever solutions involving encryption in such systems require standards and common practices across many institutions. In such a case, where public benefits from government action greatly exceed public (taxpayer) costs, and the private sector cannot (or will not) act unaided, the classical basis for government action in the interests of the citizenry exists. It's the economist's "lighthouse" argument. The motivation has nothing to do with privacy, government snooping, or any of the other things some get so excited about, though the solutions certainly have side effects in those domains. The goal should be to minimize the deleterious side-effects, not to throw out the baby with the bath water. David From jsw at netscape.com Thu Jul 18 06:04:21 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 18 Jul 1996 21:04:21 +0800 Subject: "address verification databases"? (was: Netscape download...) In-Reply-To: Message-ID: <31EDEC0A.7206@netscape.com> Timothy C. May wrote: > > At 9:45 PM 7/17/96, Jeff Weinstein wrote: > > > Because we have not yet been able to obtain the address verification > >databases that we need for Canada. There is someone working on > >tracking this down right now. When we get the proper database we > >will add access to canada. > > > > --Jeff > > Jeff, can you tell us anything more about what these "address verification > databases" are? > > For example, are they derived from government sources? Census data? (Naw, > can't be, for at least two obvious reasons). Voting records? (Naw.) Credit > card purchases? (??) Our database was obtained from American Business Information. They make those CDROMs with 11 million business names and addresses, and other such products. There is a link to their web page from our US download page. > While I can imagine various commercial firms have indicators that a "T. > Christopher May" once lived in Rio Del Mar (the name of a town I lived in, > though not an official "Postal Service" address), I really find it odd > that, for example, there would be any database that could "parse" the > informal information people provide (absent a well-defined set of addresses > and precise spellings). > > In case I'm not making myself clear, there are no "official" addresses of > persons in the U.S! Not even the tax system requires registration of all > persons and specific addresses. This has come up in several "voter's > rights" cases, where persons with no fixed address were nevertheless able > to vote. If I, T.C. May, say my address is Moonbeam Trailer Park, who's to > say it's not? Maybe it's where I'm staying with a girlfriend, maybe it's > where I get my mail, maybe it's my spiritual home. And yet just which > "address verification database" could possibly confirm that I live in (or > get my mail at the Moonbeam Trailer Park at this exact moment? Absent any > laws clearly defining what one's official name is, official phone number > is, official zip code is, official address is, etc., just about anything we > choose to put down on the Web form is kosher. Our verification software does not check that the person whose name is entered in the form lives at the address entered in the form. We do verify some parts of the information entered. Things like is the state code one of the 50 states, does the zip code match the state, etc. (NOTE - these may not be the exact checks implemented currently. I have not examined the code myself, but these are the types of checks being done.) > At least the MIT system was based on ISP domain names, crude as this is, > and not on putative names and residential or business addresses. We also screen out based on domain names. > Anyway, I don't know if Netscape is rejecting the information I'm providing > them, as I've been unable to get through in roughly 30 connect attempts. We will be increasing capacity soon. The demand is very high. It costs us real dollars to buy hardware and T3 lines to allow people to download the software for free. > But I'm still curious about what these "address verification databases." > Sounds ominous to me. I'm sorry that my choice of words disturbed you. I hope my explanation will allay at least some of your fears. There are many people here (including Jim Barksdale) who are very concerned about maintaining personal privacy. Certainly if we could we would make the US versions of our software available in the same way that we currently make the export versions available. At least people now have the choice of obtaining the US version over the internet. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From JeanPaul.Kroepfli at ns.fnet.fr Thu Jul 18 06:27:04 1996 From: JeanPaul.Kroepfli at ns.fnet.fr (Jean-Paul Kroepfli) Date: Thu, 18 Jul 1996 21:27:04 +0800 Subject: overseas PGPfone and Netscape Message-ID: <01BB74A5.CDC6BC00@JPKroepfli.S-IP.EUnet.fr> I've seen some threads about (1) the new PGPfone, (2) the new US-version of Netscape and leakage. So my question: [Important] Do you know some non-US URL with the latest version of PGPfone for Win? (I monitored the usual European repositories quasi day to day, but it was always the old version) [Less important] Ibid. for the new US-Netscape (with full 128-SSL) (I suppose there is a copyright problem for such a -hum- mirroring) Best regards, Jean-Paul ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- Jean-Paul et Micheline Kroepfli (our son: Nicolas and daughter: Celine) eMail: JeanPaul.Kroepfli at utopia.fnet.fr Also Compuserve and MSNetwork Phone: +33 81 55 52 59 (F) PostMail: F-25640 Breconchaux (France) or: +41 21 843 27 36 (CH) or: CP 138, CH-1337 Vallorbe Fax: +33 81 55 52 62 (Switzerland) Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting PGP Fingerprint : 19 FB 67 EA 20 70 53 89 AF B2 5C 7F 02 1F CA 8F "The InterNet is the most open standard since air for breathing" From frissell at panix.com Thu Jul 18 07:06:28 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 18 Jul 1996 22:06:28 +0800 Subject: "address verification databases"? (was: Netscape download...) Message-ID: <2.2.32.19960718113355.0085b478@panix.com> At 12:47 AM 7/18/96 -0700, Jeff Weinstein wrote: > Our database was obtained from American Business Information. >They make those CDROMs with 11 million business names and addresses, >and other such products. There is a link to their web page from our >US download page. > Our verification software does not check that the person whose name >is entered in the form lives at the address entered in the form. >We do verify some parts of the information entered. Things like >is the state code one of the 50 states, does the zip code match >the state, etc. (NOTE - these may not be the exact checks implemented >currently. I have not examined the code myself, but these are the >types of checks being done.) I got my copy after entering my accomodation address in New York City so the address part of the control mechanism is not a problem. DCF From dlv at bwalk.dm.com Thu Jul 18 07:07:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 18 Jul 1996 22:07:07 +0800 Subject: Russian foreign intelligence CD-ROM In-Reply-To: <199607180417.XAA09943@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > Knowing KGB habits as pertaining to releasing information to the public, > I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and > maybe 10% truth that was already publicly available. KGB ru1ez, d00d! > It is like buying a CDROM about the history of the Net from Dr. Grubor. > Maybe it would be interesting and amusing, but not worth $120. Do you mean Dr. John M. Grubor, the man who created both Internet and Usenet? He's brilliant. I'm looking forward to reading his book and the CD ROM. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Jul 18 07:08:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 18 Jul 1996 22:08:22 +0800 Subject: Lying Purebred Sovok Tchurkas Write the History of the Net In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > (hint: this a satire, based on the writings of Vulis, who speaks of people > as "lying purebred Sovok Tchurkas" (whatever _they_ are) Tim May is mistaken. Please either provide a (non-forged) quote from me calling anyone "Tchurka" (whatever _that_ is) or apologize and retract. P.S. Sternlight is an asshole. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From bryce at digicash.com Thu Jul 18 07:10:36 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Thu, 18 Jul 1996 22:10:36 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? In-Reply-To: <199607180929.LAA03315@basement.replay.com> Message-ID: <199607181115.NAA10074@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Someone wrote something like: > > : It's like giving Microsoft a trademark on the term 'Email'... It's nuts! > : Was the term ecash not in use before DigiCash showed up on the scene? I don't know, was it? Let's say that DigiCash was founded six years ago (1990). Anyone have any references? Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMe4cykjbHy8sKZitAQELfgL9F/qHKfS9MtcEgWSGdFJ0wK5UmLJpxPKo LpF6z8xrwl5IwyJGtAGOUV3qtemoAfN8sP4323eozvWCpXPQfkNGowUmymVm5BF2 Qi/41Mtv6T5xYq7tH0u1u2G1KTMDdIq6 =FonC -----END PGP SIGNATURE----- From wb8foz at nrk.com Thu Jul 18 07:40:24 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 18 Jul 1996 22:40:24 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: Message-ID: <199607181149.HAA10639@nrk.com> > > > Your straining my credulity to claim that you can't get ahold of the ..........^^ > > regular phone number of them. Come on, are you 7 years old? Can I assume YOU will be happy to track down such on request for all here on the list ;-? They do NOT want you to have a number where they don't get ANI. They don't want you knowing where they are. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From dlv at bwalk.dm.com Thu Jul 18 07:56:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 18 Jul 1996 22:56:39 +0800 Subject: An interesting instance of poltical anonymnity, now In-Reply-To: <199607180522.WAA04203@mail.pacifier.com> Message-ID: <7JD0qD165w165w@bwalk.dm.com> jim bell writes: > > > > NEW YORK (Reuter) - One of the best kept secrets in political, > > journalistic and publishing circles was revealed Wednesday when > > Newsweek journalist Joe Klein admitted he was ''Anonymous'', the > > mysterious author of a novel based on President Clinton's 1992 > > presidential campaign. > > If they really wanted to know who did it, why didn't they do a word analysis > of the book, and compare it to known writers? Someone did in fact. There was a long article in _New York magazine a few months ago, whose author did computer analysis of Klein's writings and the novel and showed them to match. You may be able to find it in a library. Don't feel sorry for Klein - he's a fucking statist who opposes freedom of speech. If CBS fires the creep for lying, it'll serve him just right. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Clay.Olbon at dynetics.com Thu Jul 18 08:01:07 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Thu, 18 Jul 1996 23:01:07 +0800 Subject: TLA abuse (?) [non-crypto, mostly] Message-ID: David K. Merriman wrote: >Officer (sorry, don't recall his rank) Hughes says *he* thinks the models >could conceivably be 18; a judge they showed it to said _she_ thought >(personal opinion) younger. Hence, the forwarding to FBI for quasi-official >determination. Child pornography is illegal, however I don't believe that pictures of nekkid children are always considered to be child pornography (however much small-minded twirps want you to believe that they are). I know several "fundamentalists" who decry what our society has sunk to with images such as David's posted on the net for all to see. I take the opposing view, decrying the idiocy of declaring parts of our own bodies to be obscene. Unfortunately I don't see victory any time soon. Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From nobody at REPLAY.COM Thu Jul 18 08:08:27 1996 From: nobody at REPLAY.COM (Anonymous) Date: Thu, 18 Jul 1996 23:08:27 +0800 Subject: (fwd) Re: US versions of Netscape now available---NOT Message-ID: <199607181206.OAA14091@basement.replay.com> Sternlight writes: : >>Yes. We've had a few thousand people download it. Unfortunately, we : >>only have one machine serving downloads right now, and it tends to melt : >>down a couple times a day. : > : >I've tried four times, and each time has timed out. (That is, I've filled : >out the Web form four times and tried n times each iteration...at least I : >get to experiment with variations on my name and address each time :-}) : > : >I guess I'll have to connect to the Italian and/or Swedish sites again. Has : >the software arrived there yet? : : Very droll. I had no trouble downloading it first try. Perhaps you should : switch to Netcom. :-) : Tim you may use this as entry data: Whatever YaKnow cybernut at nutcom.com 10401 Wilshire Blvd, Suite 805 Los Angeles, CA 90024-4628 (310) 475-3799 Your friend. From dlv at bwalk.dm.com Thu Jul 18 08:35:48 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 18 Jul 1996 23:35:48 +0800 Subject: Mail-order Ph.D.'s Message-ID: I've received an obnoxious e-mail signed by *Dr.* David Sternlight. :-) David, did you buy your sheepskin in a pizzeria? How much did you pay? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From m5 at vail.tivoli.com Thu Jul 18 09:18:18 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 19 Jul 1996 00:18:18 +0800 Subject: Cypherpunks and Toad.com copyrights .. In-Reply-To: Message-ID: <31EE3350.64D@vail.tivoli.com> Damien Lucifer wrote: > > I'd like to put the words > > Cypherpunks at toad.com > > On a tee-shirt. Why? Is there not enough noise on the list already? Why not advertise the "Squish the Tentacle" game while you're at it? ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From rah at shipwright.com Thu Jul 18 09:29:38 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 19 Jul 1996 00:29:38 +0800 Subject: Systemics Announces First Internet Trading System Message-ID: --- begin forwarded text Date: Thu, 18 Jul 1996 12:48:03 +0200 From: Ian Grigg To: rah at shipwright.com Subject: Systemics Announces First Internet Trading System Systemics Announces First Internet Trading System 17 July 1996. Copyright (c) 1996 Systemics Ltd. 1996 could well be the year that marks the start of the Internet Financial System. Consider these developments: * Intense competition between rival payment systems has erupted as the large payment institutions have woken up - the new territory is on the Internet. * Earlier this year The Spring Street Brewery surprised Wall Street by conducting its own IPO - by the simple expedient of using the Web as a communication medium. After several weeks of hectic phone answering, CEO Andrew D. Klein realised he was in the wrong business and announced plans to start a new industry: Internet investment banking. * Across the pond in that other giant of international finance, the paperless trading system Crest starts up this week at the London Stock Exchange, signalling massive job losses. The exchange's troubles began late last year when exchange-member ShareLink was discovered delivering trading information on the Internet. The exchange severed ShareLink's "feed". Claim led to counter-claim, with litigation close behind, in a slanging match that ruptured images of the calm, polite English way of trading. Before saner heads could move in to force closed-doors negotiations, the palace revolution was underway. Suing one of ourselves? It's just not cricket. And now, Systemics Ltd has added in the last remaining ingredient, the Internet Stock Exchange. After a year of hectic, but secret, development by a small team of cyberventurers, the Exchange went live in June with Systemics own debt. A cohort of private investors were placed with Systemics bonds, which now trade on a nightly basis. Trades have been mostly small and experimental, as the investors, all computer professionals, get to grips with the new-found power of instant access to the 'market'. The Genesis of a new Financial System Ian Grigg, co-founder of the team, concentrates on the business aspects during the daytime, and in his spare time, helps with coding the market. "It seemed like a simple thing back then, take the basics of digital cash, add in securities, and build a market to trade the securities for cash." In the summer of last year, co-founder Gary Howland was working on digital cash protocols for DigiCash. Meanwhile the Internet was exploding into the public eye, as conventional media started to realise the potential of the new medium. Howland conducted long email discussions with his future co-founder. "There was this awesome potential energy, just sitting around in the digital cash concept waiting for chance to go kinetic." Grigg was attending lectures on Finance as part of an MBA from London Business School. "In the day time, I was learning the basics of what a bond was, and at night we would have these unlimited discussions on where the net was heading. With each lecture, each discussion, the feeling was getting stronger - we had the tools in front of us. We could build an Internet Financial System." The Systemics team aren't the only ones to have seen the potential. Bob Hettinga, a prolific net writer, had described the basic concepts as much as a year before. Grigg thinks that it took the combination of diverse skill sets and motives for ideas to turn into reality. "We're continually surprised that nobody else saw it and jumped in. But if you analyse the work that went in to the software and the building of knowledge in the core disciplines, it really is a major project that is too risky for any conventional company. I would guess it can only be done by a small, tightly focused team with key individuals. Or, by one of those great, wide ranging alliances that bring in diverse stake holders." The Internet Financial System will consist of Issuers, Payment Systems, Markets and Investors, just like in the physical world. An Issuer runs a special service suite on the Internet to manage the financial instruments. Those instruments are placed by the Issuer with a private group of Investors. Then, when the Exchange accepts the issue and runs a Market in that instrument, Investors can trade the instruments using Systemics Trader, a specialised browser. Instruments are bought and sold for digital cash, provided by an Internet Payment System. The Systemics team are proud of what they have achieved. Grigg explains: "The small investor gets direct access to the markets. Settlement is immediate - when the trade is done, the money or instruments are waiting for collection. And with the security of modern forms of cryptography, there's a lot of peace of mind. This Exchange carries no risk, which results in a cost to the Investor that is so small that it creates a new segment." Internet Trading Takes Off In the first instance, it was necessary to prove the system under real trading conditions. Systemics issued its own debt as one year zero coupon bonds with a face value of USD 10. Each of the investors was given a tranche at an issue price of $9, allowing investors to earn a dollar for every nine dollars invested over the full year. To manage the portfolio of cash and bonds, each investor downloaded Systemics Trader. On the 25th of June, the first live market was opened by the Exchange for the first investor trades. "Since then, we have gradually settled into a routine. The market opens at 1915 GMT, for a six hour trading session. This time slot seemed to give the best access for our investors, who are located in diverse time slots and daily patterns." Trades are not frequent as people who have never traded before get to grips with the concept. "Our investors are all long term associates who understand the future of the Internet. They were keen to invest in what we think is the most advanced project on the Internet today. For all that, trading got off to a slow start as investors proved initially timid at risking their own cash and bonds." However, within a week, the backers are showing all the signs of an aggressive investor community. "If they're not happy, they don't trade." Demands for additional instruments caught Systemics by surprise, as investors pointed out that without a comparison between instruments, there is no decision on value. "It's obvious in hindsight, there's a limit to what people can do in a one-bond exchange." The challenge now is to decide on alternative instruments. Secure Payments are based on Cryptography At another level, the Exchange is just a complicated shop on the Internet. It buys and sells financial instruments for cash, and relies on a secure value transfer system to make the trade. "When we laid down the strategic components a year ago, there was no sure availability of any payment system, let alone one up to the rigors of finance. So we had to do our own," said Howland. In a forthcoming paper, he describes a design for a digital payments mechanism built upon the cryptographic key format in Phil Zimmermann's Pretty Good Privacy, the Internet standard for email encryption and digital signatures. "PGP is the only system that is widely available and provides good security. The challenge was to turn it from a message passing system into a value passing system." The Systemics payment system works on the notion of a value-containing box that is controlled by a PGP key. A server holds the public key, anyone who has the private key can control the box. A box can be used as an account, allowing the conventional management schemes of accountancy to be used. In this case, the server ascribes value to the box, and the users write instructions to transfer value from one box to another. Or, it can be used as a coin, allowing cash emulation. In this case, users transmit secret keys, and coins are cashed in by issuing instructions to transfer the value in a received coin to a box account. Howland states that this design allows for immediate settlement in both financial instruments and cash, a critical issue in financial markets. Also, the use of PGP keys makes independant verification of the protocols a relatively low cost task by leveraging off of the enourmous amount of trust placed in PGP. Systemics believes in open cryptography. "We intend to publish all our protocols with example software, and our goal is to publish a complete and working payment system. Cryptography and digital payment mechanisms are socially beneficial and should be widely disseminated." Systemics have already published their Cryptix library, providing strong cryptographic solutions for Java and Perl developers. The Investor Takes Control Systemics Trader, the specialised trading browser, is written in Java. "As far as we know, this is the first serious application written in Java outside Sun itself," commented Mike Wynn, author of Systemics Trader. Working as an HTML browser, Systemics Trader can pass through firewalls set up to allow WWW browsing. This has doubled the potential user base; about half of Systemics' investors work on secure systems. Systemics Trader manages a portfolio of financial instruments and cash using a 'box' as a digital account. 'Limit' and 'Market' orders can be submitted, tracked and cancelled. The 'board' for market instruments can be monitored on an investor-demand basis, so as to present the latest prices to the investor. A secure registered mail protocol is used to ensure messages containing value get delivered from the Exchange to the investor. Given the vagueries of the Internet, Systemics Trader has to sign for each payment that is sent to it before the payment is considered to be delivered. Then, both parties to the trade know that the deal is done. Future versions will manipulate both digital cash and digital accounts, as well as multiple currencies. Real-time feeds are also a possibility. For now, however, Systemics is concentrating on building in the basic features and reliability that risking an individual's money will demand. Wynn's plans are oriented towards the developing a trading library that can be used as the basis for a whole class of browsers. "In the short term, our investors and testers are still proving the system for us. In coming weeks, we intend to release a new version of Systemics Trader for widespread demonstration purposes on our test markets." An Internet Team Systemics Ltd, an Irish company, holds the brand and fronts for the team in any formal discussions. But the real capital is in the heads of the many individuals who have contributed. Outside the tiny core is a small group of "insiders" who contribute ideas, software development and testing. And outside this group is the Internet software community. Enourmous amounts of freely available software have gone into the system, making the efforts of the group just the tip of the iceberg, and the core team just the bunch of penguins sitting on the tip. "We are an Internet team, not a company in some office. What some are calling the virtual company is really a series of concentric circles flowing out over the Internet. The pebble dropped in the centre of the well is the idea, the development waves move out and reflect back in to form the product. Think about Internet development as that big node where all the waves rush in to one point." Acknowledgements This information release from Systemics Ltd. Copyright 1996 Systemics Ltd. Free and widespread distribution is permitted, as long as attribution is maintained. Please point your readers at our home page: http://www.systemics.com/. This release will be located in docs/releases/1996-07-17.html Systemics, Systemics Trader and Cryptix are trade marks of Systemics, Ltd. The Spring Street Brewery can be found at http://plaza.interport.net/witbeer/ and Wit Capital at http://www.witcap.com/ ShareLink is at http://www.esi.co.uk/sharelink/. Also see InfoTrade http://www.infotrade.co.uk/. Bob Hettinga, prolific net poster, is at http://www.vmeng.com/rah/ or rather, his e$ homepage is. Subscribe to the e$ mailing lists for the latest digital cash gossip. Pretty Good Privacy and PGP are trademarks of PGP, Inc. Phil Zimmermann and PGP are thse days better found at their new corporate home: http://www.pgp.com/ Java is a trademark of JavaSoft, found at http://www.javasoft.com/ --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From seth at hygnet.com Thu Jul 18 10:08:48 1996 From: seth at hygnet.com (Seth I. Rich) Date: Fri, 19 Jul 1996 01:08:48 +0800 Subject: Cybank breaks new ground; rejects public-key encryption Message-ID: <199607181335.JAA28123@arkady.hygnet.com> C Matthew Curtin (cmcurtin at megasoft.com) wrote: >People need to learn that the sort of snake oil that is being sold as >"secure" just won't cut it. Your concern for the customers of Cybank >is valid, however, so I propose something along these lines: > >Announce, very publicly, such that every Cybanlk customer would hear >about it in time, that you have cracked their hokey little non-crypto >scheme, and that you intend to publish your work in a full-disclosure >paper to be published on Month Day, Year. [...] I chuckled when this whole Cybank thing started. Only a month or so ago, they had some funky bug in their mail system such that all their internal email was being cc'd to the First Virtual users' mailing list (and also to one poor individual). They were helpless and completely unable to figure it out, as we watched their (not very happy) internal messages float unrequested into our mailboxes. Seth --------------------------------------------------------------------------- Seth I. Rich - seth at hygnet.com "Info-Puritan elitist crapola!!" Systems Administrator / Webmaster, HYGNet (pbeilard at direct.ca) Rabbits on walls, no problem. From Clay.Olbon at dynetics.com Thu Jul 18 10:11:36 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Fri, 19 Jul 1996 01:11:36 +0800 Subject: Symantec's Your Eyes Only Message-ID: jim bell wrote: >At 11:57 AM 7/16/96 -0400, Clay Olbon II wrote: > >>Now my $.02. I am concerned about the lack of a distinction between >>transient communications and stored data. This is apparent in the GAK >>proposals, but is also increasingly apparent in mainstream corporate >>products such as this one and ViaCrypt BE. It is apparent (to me anyway) >>that corporate access to stored data (data owned by the company, on >>machines owned by the company) is probably necessary. I do not see this >>same need for access to transient communications. Am I way off base on >>this one? > > >This has been mentioned a number of times by various people. It should be >obvious that it is pointless to escrow the key of a data stream that you are >not recording, such as a telephone conversation. Also, if you have no >permanent need for that data (also, the telephone conversation) it is >unnecessary. As might be expected, however, the proponents of GAK don't >distinguish between keys for storage and keys for communication. > >Such an oversight is predictable. It's likely that governments will be >more >interested in keys for communication, because the data is far more easily >(and secretly) accessible. Were they to admit that nobody has a need for >his own communication data key, they'd lose a substantial fraction of their >target data. > My point was not that govts want to escrow communication keys, it was that this is appearing more and more in commercial products marketed to businesses. I run the computer system for a small office and I would rather not see employee email - maybe I am just naive. However, there obviously is a demand for this type of product. It must come from either a lack of understanding of crypto, or a freeh-style authoritarianism on the part of corporate executives. I wouldn't rule either one out. If it is the latter, I'm not sure there is anything we can do. Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From Clay.Olbon at dynetics.com Thu Jul 18 10:28:19 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Fri, 19 Jul 1996 01:28:19 +0800 Subject: ABC News on internet telephony Message-ID: There was a pretty long piece on the evening news on using the internet for long distance and how much money can be saved. Even had several demos of intercontinental phone calls. The disappointing aspect was they didn't mention PGPfone (although if they had, I'm sure child pornographers and terrorists would have been mentioned as well :-) Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From rednax at asiapac.net Thu Jul 18 10:57:38 1996 From: rednax at asiapac.net (rednax) Date: Fri, 19 Jul 1996 01:57:38 +0800 Subject: Seek And Destroy Message-ID: <199607181403.WAA12919@gandalf.asiapac.net> Hmm, this page however, does something if you are using netscape www.angelfire.com/pages0/cbp3/index.html -- r 3 |) |\| @ >< rednax at asiapac.net "violent! you mean it's alive??" From Doug.Hughes at Eng.Auburn.EDU Thu Jul 18 11:15:46 1996 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Fri, 19 Jul 1996 02:15:46 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: If people break into my house with the element of surprise wearing all black in the middle of the night, they have the element of surprise FIRMLY on their side.. I'd have to believe that reaching for a gun was the most stupid thing I could do in the entire world in this sort of circumstance. "You'd be right, but you'd be dead" - Dr. SNMP If you don't reach for a gun, at least you have the 'chance' for restitution on your side. If you're dead, you have no options. nuff said. From Doug.Hughes at Eng.Auburn.EDU Thu Jul 18 11:20:31 1996 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Fri, 19 Jul 1996 02:20:31 +0800 Subject: spam suckers (was Re: Chancellor Group....) In-Reply-To: <199607171827.LAA12519@niobe.c2.net> Message-ID: > > FYI: I've been forwarding complaints about the moneyworld spam >to the following addresses: > >dyno at cyberspace.com >barer at cyberspace.com >abuse at mci.net >enforcement at sec.gov > Our site is being systematically spammed (slowly) one user at a time. I setup a procmail filter that bounces the mail globally, and sends a copy to hostmaster at mci.net (with a little note about litigation for harassment and unauthorized use of resources for good measure.) And yes, we just got another VRFY just now.. Tell tale signs: If you start getting VRFY's from 208.129.19.69 (moneyworld.com) then you're going to receiving email from chag at moneyworld.com very shortly thereafter. (for those unaware - VRFY is an SMTP command to verify an email address. Some sites disable them, other sites trap them, some do nothing at all) I don't know who the right person to complain to is, but it sure is irritating. I think I'll start CC'ing abuse at mci.net as well. -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug at eng.auburn.edu From jf_avon at citenet.net Thu Jul 18 11:21:03 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 19 Jul 1996 02:21:03 +0800 Subject: SecureDrive(IDEA), Realdeal and plaintext attack Message-ID: <9607181432.AB05188@cti02.citenet.net> Cc: cypherpunks at toad.com galactus at stack.urc.tue.nl Iolo Davidson On 18 Jul 96 at 4:19, Edgar Swank wrote: > JFA wrote: > > Question: > > > > Since realdeal overwrite everything with 0s, and that theses > > zeroed sectors are encrypted later with IDEA, will that give an > > attacker an edge? The attacker will likely know that there are > > large disk areas that contains 0s. > > > > Any comments? > Yes. Each sector encrypted by SecureDrive also incorporates a "salt" > value derived from the sector address and (usually random) volume > serial. So encrypted zeroed sectors will be different from each other > and (without the IDEA key) cannot be distinguished from sectors > containing data. IDEA is reputed to be resistant against known plaintext attacks. But I did not read about wether or not it is resistant to several-plaintexts (?choosen plaintext) attack. If the sectors were not salted, each zeroed sectors would translate in an identical way on the encrypted disk. So, there would be only one cyphertext-plaintext pair repeated over many empty sectors. If you salt the encryptor, there are many different cyphertexts corresponding to one single plaintext. Can the salt be figured out by an attacker? If yes, would the many-cyphertext to single-ultimate-plaintext could give an edge to an attacker? In that case, it would be effectively better to not wipe a drive with zeroes. The problem is, realdeal cannot be turned selectively for only one drive while not wiping the other one. Thanks for your reply. JFA DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From WlkngOwl at unix.asb.com Thu Jul 18 11:53:22 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 19 Jul 1996 02:53:22 +0800 Subject: Adapting PGP to other languages Message-ID: <199607181505.LAA17747@unix.asb.com> On 17 Jul 96 at 18:10, anonymous-remailer at shell.port wrote: > Does anyone know how to tanslate PGP into Burmese? The PGP sources have a language tool in the 'contrib' directory for translating the language files. Being fluent in 'Burmese' or whatever language you want to translate it to is helpful. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Thu Jul 18 11:56:28 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 19 Jul 1996 02:56:28 +0800 Subject: Making encoding out of an authentication cipher Message-ID: <199607181505.LAA17741@unix.asb.com> On 17 Jul 96 at 19:36, EVERHART at Arisia.GCE.Com wrote: > Had an interesting thought, maybe worth passing on for commentary. > > (...since "authentication" ciphers are considered "harmless" by > those interested in spying on your info...) > > Suppose you have a secure hash function H(msg) that delivers a random [..] There's a section in Schneier's Applied Cryptography about using hash algorithms for ciphers. There are several ways of doing this, although some are stronger than others. One you adapt the hash algorithm to a cipher, it's a cipher, not a hash algorithm, and is regulated. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From iang at cs.berkeley.edu Thu Jul 18 12:02:08 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Fri, 19 Jul 1996 03:02:08 +0800 Subject: DES & IDEA built right into the Linux kernel... In-Reply-To: <4se8do$dlp@abraham.cs.berkeley.edu> Message-ID: <4slk11$9oi@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article , The Deviant wrote: >On 15 Jul 1996, Ian Goldberg wrote: > >> Date: 15 Jul 1996 13:07:20 -0700 >> From: Ian Goldberg >> To: cypherpunks at toad.com >> Newsgroups: isaac.lists.cypherpunks >> Subject: Re: DES & IDEA built right into the Linux kernel... >> >> In article <199607130507.WAA25103 at myriad>, >> Anonymous wrote: >> >> Nicholas Leon has created tools that allow DES >> >> and IDEA encryption at the device level for the Linux kernel. Some of >> >> the patches are in the 2.0.4 kernel, and the rest can be found at >> >> >> >> http://www.binary9.net/nicholas/linuxkernel/patches/ >> > >> > >> >Yep, you can mount encrypted files or partitions as filesystems. (sorta >> >like securedrive/securedevice for messydos.) Nifty stuff... >> >> Except that last I checked (2.0.6) it was completely insecure. The >> DES-encrypted filesystem ignored your password and always used a key of >> all 0's (which is a weak key in DES, to boot). I've been touching it up >> to do DES and IDEA _right_ (CBC mode within each block, IV based on block >> number), and plan to put in some simple stego as well. >> >> - Ian > >Hrmm.. Sounds interesting... how long till your patch is done? > > --Deviant > Well, it seems encryption now works, and stego works, but stego'ing an encrypted filesystem doesn't. :-( I'll keep looking at it... - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe5TWkZRiTErSPb1AQHpUgP+MnrTrgPoGLL8WHugMsvhBZfQ45mj5mdj ZpSO/bjtn/YUtsmzmGOr2EjWWHesIZ+Xm30g16qLD/TAxnYpShZrvQH5YoYwZzLh y0T937Q+ZjOMDKJLFsVghA4jB2iBbwbp7EAMIQLZHsxZYj+pbnE9SUZuwgQlcmAC OyMfK0ZBs9g= =T3ID -----END PGP SIGNATURE----- From amehta at giasdl01.vsnl.net.in Thu Jul 18 12:08:16 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Fri, 19 Jul 1996 03:08:16 +0800 Subject: Message-ID: <1.5.4.32.19960718150227.002de9ac@giasdl01.vsnl.net.in> At 18:10 17/07/96 -0700, someone via anonymous-remailer at shell.portal.com wrote: >Does anyone know how to tanslate PGP into Burmese? I've been talking to human rights people here -- we certainly plan to translate into one or more Indian languages, and perhaps soon there will be action at an Asian level as well. Is this an urgent requirement? If so, I can try to arrange. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ From WlkngOwl at unix.asb.com Thu Jul 18 12:12:18 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 19 Jul 1996 03:12:18 +0800 Subject: Crypto 96 Message-ID: <199607181505.LAA17744@unix.asb.com> On 17 Jul 96 at 16:45, Hal wrote: > Crypto 96 is coming up in about a month. This looks like a more > interesting program than last year, IMO. According to the preliminary [..] > Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES > John Kelsey, Counterpane Systems, USA > Bruce Schneier, Counterpane Systems, USA > David Wagner, Univ. California at Berkeley, USA > > There are actually several cryptanalysis type papers for which > I can't tell from the title whether they will be big new > results or not. Anybody know what "key schedule" cryptanalysis > is? The way a key is transformed into a larger key or S-box. I assume cryptanalysis of these means that there may be weaknesses which can be exploited. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jthomas at webwonderinc.com Thu Jul 18 12:19:25 1996 From: jthomas at webwonderinc.com (Joe Thomas) Date: Fri, 19 Jul 1996 03:19:25 +0800 Subject: Encrypted files in terror case Message-ID: <31EE3FA8.5219@webwonderinc.com> Excerpts from a N.Y. Times News Service piece available at http://www.nando.net/newsroom/ntn/info/071896/info12_18308.html : NEW YORK (Jul 18, 1996 02:00 a.m. EDT) -- In the seven weeks since the trial of Ramzi Ahmed Yousef began, the case, charging a plot to blow American jumbo jets out of the sky, has come to hinge on one off-white laptop computer. [Most of the story, dealing with the defense contention that Philipine police altered files on the laptop, deleted.] Several witnesses reported that some computer files were in code, part of which the police could not decipher. Last week, after the jury adjourned for lunch, Duffy [the judge in the case] prodded the defense to point out that encoding files was not unusual and that some software programs offer such an option. "I don't want the jury to think that encryption is something that only bad guys do," Duffy said. From jk at stallion.ee Thu Jul 18 12:35:39 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Fri, 19 Jul 1996 03:35:39 +0800 Subject: Cybank breaks new ground; rejects public-key encryption In-Reply-To: <199607181335.JAA28123@arkady.hygnet.com> Message-ID: Thu, 18 Jul 1996, Seth I. Rich wrote: > >scheme, and that you intend to publish your work in a full-disclosure > >paper to be published on Month Day, Year. [...] > > ago, they had some funky bug in their mail system such that all their > internal email was being cc'd to the First Virtual users' mailing list There must be something wrong with bank people all over the world. One local bank that now is offering payments using their WWW server here in Estonia, and every time I publicly announce some security flaw in their system, I have to convince them this bug really exists, they never want to believe me. Also those bank persons are saying they will believe me only when I really break into their system and transfer money from somewhere else's account. It just seems the reward they are offering me is not enough for my work. What might be a good reward for hacking into an Internet bank and showing I can steal their money? J�ri Kaljundi AS Stallion jk at stallion.ee From jeffb at issl.atl.hp.com Thu Jul 18 12:37:01 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Fri, 19 Jul 1996 03:37:01 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: <199607181514.LAA16918@jafar.issl.atl.hp.com> David Sternlight writes: > Here's the problem in a nutshell: Everyone who has looked at our systems, > from Cliff Stoll on to blue ribbon scientific commissions, has come to the > conclusion that our society is vulnerable to willful sabotage from abroad, > ranging from information sabotage (hacking electronic financial > transactions) to physical sabotage (hacking power grid control computers to > cause widespread power failures leading to serious damage to people and > things; hacking the phone companies' computers, etc.). Some cases have > already been observed. The field has already got a name and lots of > publications. It's called "information warfare" and the government is > taking it VERY seriously. > > Serious studies have shown that the kinds of protections to make the > systems we depend on robust against determined and malicious attackers (say > a terrorist government, or one bent on doing a lot of damage in retaliation > for one of our policies they don't like), have costs beyond the capability > of individual private sector actors. > In such a case, where public benefits from government action greatly exceed > public (taxpayer) costs, and the private sector cannot (or will not) act > unaided, the classical basis for government action in the interests of the > citizenry exists. It's the economist's "lighthouse" argument. > > The motivation has nothing to do with privacy, government snooping, or any > of the other things some get so excited about, though the solutions > certainly have side effects in those domains. The goal should be to > minimize the deleterious side-effects, not to throw out the baby with the > bath water. I for one reject your premise and your conclusions. There is no indication that government is capable of addressing this "problem" in a useful way. In fact, I argue that the situation is at least partially of government construction. The government's hindrance of crypto technology has undoubtedly slowed down and in many cases entirely prevented the application of current technology to protect the very systems the government now purports to be concerned about. (This is not conjecture or speculation; it is fact. I personally have witnessed -- and, in some cases, been part of -- the many hundreds of hours of productivity lost to producing and distributing security software in ways that protect the company from ITAR violations, or trying to formulate adequate solutions for the company's non-US customers.) My message to a government concerned about the dangers of "information warfare" (and its apologists): get out of the way and let industry work on security. Then you can choose from the products offered for your protection or develop your own. But don't sit there and prevent or help prevent deployment of security technology while decrying the lack of security. I don't claim that the current security deficiencies are entirely due to ITAR restrictions but it is certainly a significant factor, and there is still zero evidence that the government is competent to help. Let them first fix their own problems (e.g. the alleged 250,000 DoD computer breakins), *then* come help us in the private sector. -- Jeff From iang at cs.berkeley.edu Thu Jul 18 13:21:59 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Fri, 19 Jul 1996 04:21:59 +0800 Subject: overseas PGPfone and Netscape In-Reply-To: <01BB74A5.CDC6BC00@JPKroepfli.S-IP.EUnet.fr> Message-ID: <4slmrl$a80@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <01BB74A5.CDC6BC00 at JPKroepfli.S-IP.EUnet.fr>, Jean-Paul Kroepfli wrote: >I've seen some threads about (1) the new PGPfone, (2) the new US-version of Netscape and leakage. >So my question: >[Important] Do you know some non-US URL with the latest version of PGPfone for Win? >(I monitored the usual European repositories quasi day to day, but it was always the old version) >[Less important] Ibid. for the new US-Netscape (with full 128-SSL) >(I suppose there is a copyright problem for such a -hum- mirroring) >Best regards, >Jean-Paul I haven't tried to download it myself, yet (I'm on the wrong side of a slow link (though it's faster since I got my new ZyXEL yesterday)), so maybe this is explained for me, but does netscape publish checksums for their US binaries? This isn't just an issue of making sure your copy wasn't munged in transit; without checksums, what's stopping netscape from embedding the info you provide in the binary before shipping it to you, so that if it shows up on hacktic, they know who did it? Could various people with various architectures post MD5 or SHA1 hashes of the files they downloaded? - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe5elUZRiTErSPb1AQF1DQP/b8o5CZvG49kXY+N9SCNEN+72oX/l6NrC 9WX6UqoY2Qr+OdWLTcYVwUjVqFwMnSFaY9bcTpf8/6zkeDznk2RfDPI1Idw/W80N OxqSZv0Kp3Ng8ibpRvOXkEKLvu/WXlnUMldLv4VQginYvNPEvKkLOiRNpMnArNwj +aohOGJ03/8= =Xni4 -----END PGP SIGNATURE----- From perry at piermont.com Thu Jul 18 13:29:27 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 19 Jul 1996 04:29:27 +0800 Subject: Cybank breaks new ground; rejects public-key encryption In-Reply-To: Message-ID: <199607181605.MAA02021@jekyll.piermont.com> =?ISO-8859-1?Q?J=FCri_Kaljundi?= writes: > There must be something wrong with bank people all over the world. One > local bank that now is offering payments using their WWW server here in > Estonia, and every time I publicly announce some security flaw in their > system, I have to convince them this bug really exists, they never want to > believe me. I would suggest a much simpler technique. Explain to them the next time you point out a flaw, that you will be explaining these flaws by publishing exploits in the local newspaper, and that all future flaws will be explained in the newspapers until such time as they begin to take you seriously. > What might be a good reward for hacking into an Internet bank and > showing I can steal their money? Don't bother. Just describe the flaws in public enough, and then you have no risk because you are not committing a crime, and you have a gain because you get an increase in your reputation for supplying accurate information. Perry From mab at research.att.com Thu Jul 18 13:36:30 1996 From: mab at research.att.com (Matt Blaze) Date: Fri, 19 Jul 1996 04:36:30 +0800 Subject: NSA response to key length report Message-ID: <199607181604.MAA12956@nsa.research.att.com> July 18, 1996 There is currently being circulated, to members of Congress and possibly elsewhere, a four page document entitled ``Brute-Force Cryptanalytic Attacks'' that calls into question some of the conclusions of the ``Minimum Key Lengths for Symmetric Ciphers'' white paper [1]. The document bears no author or organization attribution, but we are told that it originated from NSA. The NSA document argues that ``physical realities'' make parallel key search much more expensive and time consuming than our white paper estimated. However, the NSA document appears to have been written from the perspective of general parallel processing or cryptanalysis rather than exhaustive key search per se. It ignores several elementary principles of parallel processing that apply specifically to exhaustive key search machines of the type that our white paper considered. In particular, NSA argues that interconnections, heat dissipation, input/output bandwidth, and interprocessor communication make it difficult to ``scale up'' a key search machine by dividing the task among a large number of small components. While these factors do limit the scalability of more general purpose multiprocessor computers (such as those made by Cray), they do not apply at all to specialized exhaustive key search machines. The NSA argument ignores the most fundamental feature of brute-force key search: the processors performing the search have no need to communicate with other components of the system while they perform their share of the search, and therefore the system has no need for any of the global interconnections that limit scaling. Indeed, there is no reason that all the components of a parallel search machine must be located even within the same city, let alone the same computer housing. We note that one of our co-authors (Eric Thompson, of Access Data, Inc.) designs and builds medium-scale FPGA-based key search machines with exactly this loosely-coupled structure, and regularly uses them to recover keys for clients that include the FBI. The NSA document also calls into question our cost estimates for ASIC components, suggesting that ASIC chips of this type cost NSA approximately $1000.00 each. However, our $10.00 per chip estimate is based on an actual price quote from a commercial chip fabrication vendor for a moderate-size order for an exhaustive search ASIC designed in 1993 by Michael Wiener [2]. Perhaps NSA could reduce its own costs by changing vendors. Finally, the NSA report offers estimates of the time required to perform exhaustive search using a Cray model T3D supercomputer. This is a curious choice, for as our report notes, general-purpose supercomputers of this type make poor (and uneconomical) key search engines. However, even the artificially low performance results for this machine should give little comfort to the users of 56 bit keys. According to NSA, 56 bit keys can be searched on such a machine in less than 453 days. ``Moore's law'' predicts that it will not be long before relatively inexpensive general-purpose computers offer similar computational capability. /s/ Matt Blaze Whitfield Diffie References: [1] Blaze, M., Diffie, W., Rivest, R., Schneier, B., Shimomura, T., Thompson, E., and Wiener, M. ``Minimum Key Lengths for Symmetric Key Ciphers for Commercial Security.'' January 1996. Available from ftp://ftp.research.att.com/dist/mab/keylength.txt [2] Wiener, M. ``Exhaustive DES Key Search.'' Presented at Crypto-93, Santa Barbara, CA. August 1993. ========================================================================= [Transcription of document circulated to various members of congress and others in June, 1996, apparently by NSA] BRUTE-FORCE CRYPTANALYTIC ATTACKS Two published theoretical estimates of cost versus time to perform brute-force hardware attacks on selected cryptography key lengths differ between themselves and differ significantly from what we find when we buy or build computers to carry out such attacks. The differences lie in assumptions made in the theoretical estimates, which are not fully spelled out by the authors, and in scaling up hypothesized small machines to ever larger ones without accounting for physical realities. The factors not accounted for are: o R&D costs for the first machine, typically on the order of $10 million. o As more and more chips are added to a machine, two effects occur: o Interconnections increase and increase running time; o Heat from the chips eventually limit [sic] the size of a machine. o Memory costs are not included. o When get [sic] to the very fast processing speed estimates, machines can become Input/Output bound; so [sic] it cannot achieve the estimated speed. o Assuming every algorithm can be tested in same amount of time and key length is the only difference. Table 1 are [sic] the average time estimates made for a given cost done by Michael Wiener of Bell Norther Research in 1995. These are published in Bruce Schneier's Applied Cryptography book. Note that these are average times, one-half of the total exhaust time. Table 2 are [sic] the estimates for total exhaust times using Field Programmmable Gate Arrays (FPGA) and Application Specific ICs (ASICs) done for the Business Software Alliance by Blaze, Diffie, Rivest, Schneier, Shimomura, Thompson, and Wiener in 1996. In addition to the above factors not accounted for they have assumed ASICs cost as low as $10. We find ASICs more typically cost $1000 and their capabilities can vary considerably depending upon the specific task. Table 3 are out estimates based on our experience with a Cray T3D supercomputer with 1024 nodes. This machine costs $30 million. [Tables 1, 2, and 3 not transcribed here.] From nobody at zifi.genetics.utah.edu Thu Jul 18 13:38:45 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Fri, 19 Jul 1996 04:38:45 +0800 Subject: Cypherpunks and Toad.com Message-ID: <199607181616.KAA13409@zifi.genetics.utah.edu> root at HellSpawn wrote: >I'd like to put the words > >Cypherpunks at toad.com > >On a tee-shirt. Is cypherpunks, toad.com, or the combination thereof >copyrighted or trademarked or otherwise limited for use? Not that I know of, and you are of course free to do anything you want, but I urge you to leave off the "@toad.com" to prevent clueless subscription requests/noise. There are a number of cpunk tshirts already, one of which contains TCM's sigfile, so the word is likely not copyrighted??? From rpowell at algorithmics.com Thu Jul 18 13:42:17 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Fri, 19 Jul 1996 04:42:17 +0800 Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download In-Reply-To: <1.5.4.32.19960718150222.0030bf9c@giasdl01.vsnl.net.in> Message-ID: <96Jul18.115805edt.20483@janus.algorithmics.com> >>>>> In article <1.5.4.32.19960718150222.0030bf9c at giasdl01.vsnl.net.in>, Arun Mehta writes: > In response to my question about how I might use PGPfone without my ISP knowing, > At 10:52 16/07/96 -0400, Robin Powell wrote: >> >> Hmm... This looks like a _really_ good place for stego. Granted, you >> might get a significant slow down, but it might be worth it depending >> on your needs. > Wouldn't that be very, very slow? It would suffice if I could > have the ISP think that the packets were for irc, or something > else they allow... I actually wasn't reffering to your particular situation so much as a general comment. Having a game of nettrek with encrypted voice in the unused packets would be _very_ secure, I should think... -Robin From law at Samoa.org Thu Jul 18 13:46:32 1996 From: law at Samoa.org (law at Samoa.org) Date: Fri, 19 Jul 1996 04:46:32 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: I prefer to keep a large jar of marbles available in the entry room, aoupled with a hard floor, it makes it a bit tricky for an entry team towork properly.. You can probably check out your local crack house for tips on preventing forced entry..there seems to be a constant race between LEO entry tactics and what the drug dealer do to defend themselves.. I might also suggest that you check out Bo Gritz'z SPIKE phase 8 video tape http://www.bogritz.com/products8.html "Perhaps one of most exciting phases and controversial. In Phase 8 you learn Close Quarters Combat (CQC). You'll learn how to identify friend or foe so that you don't shoot a friend. You'll also learn how to clear a room safely and identify a terrorist and hostage." SPIKE 8 also has a good section on room defense. but then who am I to talk. bob's lawyer Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From ichudov at algebra.com Thu Jul 18 13:51:39 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 19 Jul 1996 04:51:39 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607181704.MAA16235@manifold.algebra.com> Timothy C. May wrote: > As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G. > Gordon Liddy have noted, any black-clad "ninjas" entering a home at 4 a.m. > without clearly announcing themselves are asking for trouble. (Liddy got in > a lot of trouble for calling for "head shots" on rampaging BATFags. > Frankly, I'm not a good enough shot--especially in high-stress > situations--to make head shots with my H & K .45, so I can only hope to > make torso shots.) > > It's a mark of what has gone wrong with this country that ordinary citizens > actually fear the midnight raids, the no-knock searches, the "threat > suppression" by ninjas. > > Personally, I think all folks should be armed at all times in their homes. > Those who aren't are taking their chances. My personal choice is a Heckler > & Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that > has a 92% one-shot stop rate, with adequate penetration through Kevlar > vests (typically worn by BATF raiders). I may die, but I hope I can take at > least two of them with me. (Interestingly, the same class of folks who want > to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing > rounds. Fortunately, though KTW ammo is no longer available to "marks" (= > civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum > rounds are even better penetrators, but recoil and muzzle blast is pretty > severe with these loads.) Then I also suggest that you install a metal door and put metal cages on your windows. That will at least give you some time to wake up if someone tries to break into your house. Also get a good dog. Without that, having a gun will not do you much good. It will be more trouble than itis worth because you cannot understand the situation quickly enough after you wake up, so you may kill someone peaceful who entered your home with good intentions, which will get you in jail. If you had a metal door, you would have enough time to wake up and assess the situation. One-sided approaches to security rarely are successful. - Igor. From liberty at gate.net Thu Jul 18 13:55:06 1996 From: liberty at gate.net (Jim Ray) Date: Fri, 19 Jul 1996 04:55:06 +0800 Subject: US versions of Netscape now available Message-ID: <199607181521.LAA44436@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- [I've wanted, and tried (honest!) to stay out of this emerging flamewar, but David Sternlight wrote: <...> >It doesn't "leak overseas" as if there were some regrettable lapse in the >plumbing. Someone has to commit a felony violation of Federal law. Also known as "civil disobedience," a dangerous concept which is probably being taught today in civics classes in highschools across the nation. [HORRORS!] On a more serious note, I think that the requirements on the Netscape download page might actually be a "Good Thing," since they expose the public, in an election year, to the info-lust of the GAK crowd in a way that cypherpunks alone never could. I, too, wish that "my life as an arms trafficker," or the CJR book/t-shirt requests, or some of the wilder stuff like Vince's export-a-cryptosystem-to-Anguilla page were linked to Netscape's page discussing ITAR requirements, but I fully understand that Netscape is a business and that they must deal, on a continuing basis, with the government. The government officials whose jobs depend on stupid regs. can be rather humor-impaired. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "It is long past time to end the laughable presumption that voters who can easily cope with the choices offered at Burger King are somehow 'confused' by more than two choices at the voting booth." -- me Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray Coming soon, the "Pennies For Perot" page. Keep billionaires off welfare! ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMe5TwW1lp8bpvW01AQFbpgP/aic2ShJ5N09eVJLxZAUfkP1FsNlNRdFY MNgLvE8+0PnlLoXA2Js5HVo7Zad7URYrtwrSG2C7MwPcs6zwXgxLT6pf+oCg05/m fqaGbc/bWFLTyJDV/+BNEZCWRXPr19FvHv+0NNEVYbQ81IuQsLIgBf/E3g2KXD6X Ma44rCMPTFU= =JR+d -----END PGP SIGNATURE----- From Ryan.Russell at sybase.com Thu Jul 18 13:58:00 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Fri, 19 Jul 1996 04:58:00 +0800 Subject: "address verification databases"? (was: Netscape download...) Message-ID: <9607181646.AA19157@notesgw2.sybase.com> So... I just have to know someone's name and phone number in the US? Ryan ---------- Previous Message ---------- To: tcmay cc: cypherpunks From: jsw @ netscape.com (Jeff Weinstein) @ smtp Date: 07/18/96 12:47:22 AM Subject: Re: "address verification databases"? (was: Netscape download...) Timothy C. May wrote: > > At 9:45 PM 7/17/96, Jeff Weinstein wrote: > > > Because we have not yet been able to obtain the address verification > >databases that we need for Canada. There is someone working on > >tracking this down right now. When we get the proper database we > >will add access to canada. > > > > --Jeff > > Jeff, can you tell us anything more about what these "address verification > databases" are? > > For example, are they derived from government sources? Census data? (Naw, > can't be, for at least two obvious reasons). Voting records? (Naw.) Credit > card purchases? (??) Our database was obtained from American Business Information. They make those CDROMs with 11 million business names and addresses, and other such products. There is a link to their web page from our US download page. > While I can imagine various commercial firms have indicators that a "T. > Christopher May" once lived in Rio Del Mar (the name of a town I lived in, > though not an official "Postal Service" address), I really find it odd > that, for example, there would be any database that could "parse" the > informal information people provide (absent a well-defined set of addresses > and precise spellings). > > In case I'm not making myself clear, there are no "official" addresses of > persons in the U.S! Not even the tax system requires registration of all > persons and specific addresses. This has come up in several "voter's > rights" cases, where persons with no fixed address were nevertheless able > to vote. If I, T.C. May, say my address is Moonbeam Trailer Park, who's to > say it's not? Maybe it's where I'm staying with a girlfriend, maybe it's > where I get my mail, maybe it's my spiritual home. And yet just which > "address verification database" could possibly confirm that I live in (or > get my mail at the Moonbeam Trailer Park at this exact moment? Absent any > laws clearly defining what one's official name is, official phone number > is, official zip code is, official address is, etc., just about anything we > choose to put down on the Web form is kosher. Our verification software does not check that the person whose name is entered in the form lives at the address entered in the form. We do verify some parts of the information entered. Things like is the state code one of the 50 states, does the zip code match the state, etc. (NOTE - these may not be the exact checks implemented currently. I have not examined the code myself, but these are the types of checks being done.) > At least the MIT system was based on ISP domain names, crude as this is, > and not on putative names and residential or business addresses. We also screen out based on domain names. > Anyway, I don't know if Netscape is rejecting the information I'm providing > them, as I've been unable to get through in roughly 30 connect attempts. We will be increasing capacity soon. The demand is very high. It costs us real dollars to buy hardware and T3 lines to allow people to download the software for free. > But I'm still curious about what these "address verification databases." > Sounds ominous to me. I'm sorry that my choice of words disturbed you. I hope my explanation will allay at least some of your fears. There are many people here (including Jim Barksdale) who are very concerned about maintaining personal privacy. Certainly if we could we would make the US versions of our software available in the same way that we currently make the export versions available. At least people now have the choice of obtaining the US version over the internet. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From perry at piermont.com Thu Jul 18 14:10:47 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 19 Jul 1996 05:10:47 +0800 Subject: US versions of Netscape now available In-Reply-To: Message-ID: <199607181526.LAA01920@jekyll.piermont.com> David Sternlight writes: > >I'm glad too. So how many minutes did it take to leak overseas? > > It doesn't "leak overseas" as if there were some regrettable lapse in the > plumbing. Someone has to commit a felony violation of Federal law. Yes, just like its a crime to smoke grass, or have sex with someone you aren't married to in half the states in the union. Of course, we all know that the truth is that other than bluenose fools like David Sternlight, most people in society have accepted that the government is just plain stupid and happily go on doing what they would do anyway. David serves, however, as a useful reminder of the fact that there are people out there who were so badly conditioned in childhood that they are unable to disagree with authority no matter how badly they would like to. I suspect that if a sufficiently highly placed government official told David to strip naked and have sex with a dog in public and phrased it as an order, he would do it, even though he would find the act repugnant. Luckily, after the revolution, the private sector will open centers to help people like David get over their inability to function without authority figures telling them what to do. Since the private sector has high incentives not to waste money, unlike government sponsored programs we can expect David and others like him to eventually become useful members of society. Perry From david at sternlight.com Thu Jul 18 14:10:59 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 05:10:59 +0800 Subject: Sternlight on C'punks In-Reply-To: Message-ID: At 8:35 PM -0700 7/16/96, Lucky Green wrote: >At 14:42 7/16/96, Peter D. Junger wrote: >>How does one set up a kill-file for a mailing list? I run a Linux box >>with sendmail and use the MH mail system. >> >>My best guess is that I will have to install procmail, but would like >>your advice before going to a lot of labor. > >Procmail is the way to go. Peter Junger posted some assertions about how something becomes "public domain" as far as ITAR is concerned. I asked a triaging question to clarify his concepts for myself, and to resolve what seemed to me to be at least a lack of clarity in his assertions. He didn't respond; instead of a rational response to a polite substantive question, he asks about kill filing. Does the sequence of events tell you anything? David From wb8foz at nrk.com Thu Jul 18 14:14:01 1996 From: wb8foz at nrk.com (David Lesher) Date: Fri, 19 Jul 1996 05:14:01 +0800 Subject: Mail-order Ph.D.'s In-Reply-To: Message-ID: <199607181618.MAA11826@nrk.com> > > I've received an obnoxious e-mail signed by *Dr.* David Sternlight. :-) > > David, did you buy your sheepskin in a pizzeria? How much did you pay? Oh Gawd, NOW you've done it..... We will NOW get treated to UnProfessor's SternFUD's entire life history. How he went & designed the first rockets, then gave the idea to Goddard. Then he went to England and invented tea. Next he came back & was a personal advisor for Tricky Dick. Later, he discovered the oil in Alaska. In the middle he invented the concept of money.... Dimitri, did you HAVE to do that? BTW, I'm thinking of starting a pool on how long 'til a) FUD launches his first 'Punk Plonk. b) He goes away, for a while. Both are 100% sure things; the only odds are WHEN... Write me off the list if you are interested.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From esherman at umich.edu Thu Jul 18 14:18:02 1996 From: esherman at umich.edu (Erika) Date: Fri, 19 Jul 1996 05:18:02 +0800 Subject: Cypherpunks and Toad.com In-Reply-To: <199607181616.KAA13409@zifi.genetics.utah.edu> Message-ID: And if the e-mail group moves from one server to another, the tshirts will be wrong.. On Thu, 18 Jul 1996, Anonymous wrote: > root at HellSpawn wrote: > > >I'd like to put the words > > > >Cypherpunks at toad.com > > > >On a tee-shirt. Is cypherpunks, toad.com, or the combination thereof > >copyrighted or trademarked or otherwise limited for use? > > Not that I know of, and you are of course free to do anything you want, > but I urge you to leave off the "@toad.com" to prevent clueless subscription > requests/noise. There are a number of cpunk tshirts already, one of which > contains TCM's sigfile, so the word is likely not copyrighted??? > > > > > > From rah at shipwright.com Thu Jul 18 14:23:37 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 19 Jul 1996 05:23:37 +0800 Subject: Cybank breaks new ground; rejects public-key encryption In-Reply-To: Message-ID: At 12:05 PM -0400 7/18/96, Perry E. Metzger wrote: > I would suggest a much simpler technique. > > Explain to them the next time you point out a flaw, that you will be > explaining these flaws by publishing exploits in the local newspaper, > and that all future flaws will be explained in the newspapers until > such time as they begin to take you seriously. Frankly, newspapers sound like too much work. Just post them here. That should get their attention. It worked for Ian. :-). Sort of like the old Alaskan bumper sticker: "Eat caribou. 10,000 wolves can't be wrong." Well, maybe it's a non-sequitur. But, I did think "1,000 Cypherpunks" before remembering said bumpersticker from my childhood. Which is close enough, I figure... :-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From david at sternlight.com Thu Jul 18 14:24:06 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 05:24:06 +0800 Subject: (fwd) Re: US versions of Netscape now available---NOT In-Reply-To: <199607181206.OAA14091@basement.replay.com> Message-ID: At 5:06 AM -0700 7/18/96, Anonymous wrote: >Sternlight writes: > >: >>Yes. We've had a few thousand people download it. Unfortunately, we >: >>only have one machine serving downloads right now, and it tends to melt >: >>down a couple times a day. >: > >: >I've tried four times, and each time has timed out. (That is, I've filled >: >out the Web form four times and tried n times each iteration...at least I >: >get to experiment with variations on my name and address each time :-}) >: > >: >I guess I'll have to connect to the Italian and/or Swedish sites again. Has >: >the software arrived there yet? >: >: Very droll. I had no trouble downloading it first try. Perhaps you should >: switch to Netcom. :-) >: > >Tim you may use this as entry data: > > Whatever YaKnow > cybernut at nutcom.com > 10401 Wilshire Blvd, Suite 805 > Los Angeles, CA 90024-4628 > (310) 475-3799 > > >Your friend. Isn't that nice. Some creep is proud enough of his skill at accessing the trivially available InterNIC finger data that he posts it to invoke harassment. And being a coward as well, he hides behind an anonymous remailer. David From ogren at cris.com Thu Jul 18 14:24:57 1996 From: ogren at cris.com (David F. Ogren) Date: Fri, 19 Jul 1996 05:24:57 +0800 Subject: Making encoding out of an authentication cipher Message-ID: <199607181647.MAA02366@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- To: EVERHART at Arisia.GCE.Com, cypherpunks at toad.com Date: Thu Jul 18 12:44:15 1996 > Suppose you have a secure hash function H(msg) that delivers a random > long period set of hash bits for msg, which is computationally infeasible > to invert and such that the value of H(msg) depends very sensitively on > all bits of msg. These things are used for authentication and tend to > be > all over the world. > > Now suppose I have a key and apply the following transform, where "+" > will mean binary exclusive OR. > > Cipher: > H(key) + M(1) = C(1) > H(key+M(1)) + M(2) = C(2) > H(key+M(2)) + M(3) = C(3) > > and so on where M(n) is the message and C is the enciphered message. > > Decipher: > > H(key) + C(1) = M(1) > H(key+M(1)) + C(2) = M(2) > H(key+M(2)) + C(3) = M(3) > > and so on. > > If the hash function is cryptographically strong, is this or is this > not > a strong cipher? Are there fast hash functions around? > This, along with several other methods (Karn, Luby-Rackoff and MDC are some others) have been suggested in order to convert a hash function into and encryption algorithm. And while the method you suggest has not been broken (at least to my knowledge) there are at least two major problems: 1. It is slow. This method would appear to be approximately the speed of MDC. And MDC (using SHA, what appears to be the most secure hash) is (very roughly) 5 times slower than Blowfish and 3 times slower than IDEA. And although MDC is faster than 3DES in software, 3DES could easily outpace MDC in hardware. 2. (To directly quote Bruce Schneier from Applied Cryptography, page 353) "While these constructions can be secure, they depend on the choice of the underlying hash function. A good one-way hash function doesn't necessarily make a secure encryption algorithm. Cryptographic requirements are different. For example, linear cryptoanalysis is not a viable attack against one-way hash functions, but works against encryption algorithms." (Any typos are mine.) - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMe5p4uSLhCBkWOspAQFzLQf+J7VGyboBIb4/x2uT3ACs/xgMP11EnggF 6xnrT/TalqJofF1KcEGa3+DgfRRSAn0lxe2jGnLRCAj85zNwXNBy6V4A9pr/0Ldg lD0aHpDFBRXZngqHtCANce8OJvC/EwPbotOuFR+V2vwrB7CHD+4XlNxcfcWDZN7i /ffD6YdUnOpKtvj5ElmPmbOfODC10XD35nRbu1NMurmJQESA14Ohzk9KhRzVkNtv pYkwcCqkR2kWGnWSkew9Zfw4U+IOdFiwb9etgiOEl86hM38cK1SM1RxArEfW3vIw k2EM6o/rF4OIiDUYlJ3STxYAn7kAnOQ6PeYeUu48WmX1Y3q05qmFrQ== =Hj2r -----END PGP SIGNATURE----- From alano at teleport.com Thu Jul 18 14:40:27 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 19 Jul 1996 05:40:27 +0800 Subject: US versions of Netscape now available Message-ID: <2.2.32.19960718165727.00aa42c4@mail.teleport.com> At 11:35 AM 7/17/96 -0700, Yap Remailer wrote: >Have you heard any reports of anyone successfully downloading it >period? Netscape always times out in the middle of a download. I >think the server is so overloaded that it's actually impossible to >download the software. Yep. Got it just after the announcement. Came through fine. (After that, i could not get it to download anything, but the first try worked fine.) Sounde like it is overloaded. (Of course, since it is mentioned on their homepage and they only have one machine serving it, what do you expect?) >I sure wish there were an ftp site overseas somewhere, then I could >actually get the damned thing. Give it a week and i am sure that someone will have it available. Something announced this far and wide will manage to leak out somewhere... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From steven at knoware.nl Thu Jul 18 15:11:27 1996 From: steven at knoware.nl (Steven Seyffert) Date: Fri, 19 Jul 1996 06:11:27 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: <199607181758.TAA11840@utrecht.knoware.nl> Part of original message below Well Stig, the world is getting crazier by the second..... What about the dutch man that made a trademark out of the name 'Route 66' combined with the highway sign. He got it and now has a nice swimming pool.........of about 100 meters long.......and it's heated! -- ________________________________________________________________________ Steven Seyffert Webmaster at http://www.sale.nl/ Korenbloemstraat 17 3551 GM, Utrecht Utrecht, the Netherlands +31 (0)30-2441251 webmaster at sale.nl private: steven at knoware.nl ---------- : From: Stig : To: cypherpunks at toad.com : Subject: Re: #E-CASH: PRODUCT OR SERVICE? : Date: woensdag 17 juli 1996 5:00 : : > btw: I'm surprised DigiCash didn't file for a European Trademark, : > but opted for Benelux and US protection. : : Perhaps this has already been voiced on the main list (I get a filtered : helping or two of cypherpunks), but *I'm* surprised that such a generic name : as 'Ecash' was granted trademark status anywhere. : : It's like giving Microsoft a trademark on the term 'Email'... It's nuts! : Was the term ecash not in use before DigiCash showed up on the scene? : : Stig : : : From david at sternlight.com Thu Jul 18 15:32:44 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 06:32:44 +0800 Subject: New Infowarfare Panel In-Reply-To: Message-ID: At 8:30 PM -0700 7/17/96, Timothy C. May wrote: >Winn Schwartau is running conferences, is talking about the imminent danger >of the nation's computer networks being knocked out (paraphrasing his >latest "Wired" item: "imagine your ATM network being knocked out and people >being unable to gain access to their money"). > >Schwartau is predicting/advocating a "fifth branch" of the military to deal >with the this threat. A cyberforce, as it were. > >Color me skeptical, but I see this all as a lot of hype and fear-mongering. >Folks in the Pentagon, FBI, and NSA probably see it as a way to get more >funding, Folks in the consulting business probably see it as a way to crank >up the seminar prices and increase the number and frequency of "Information >Warfare" workshops and seminars. Haven't there been some worked examples of information warfare that make this fear and the need to deal with it legitimate? As I recall my background reading in the public press, wasn't the etiology that we figured out how to do some pretty nasty things (the Gulf war was one presenting occasion) to enemies' info infrastructures to threaten their entire social system. Then, as I understand it, someone smart said something like "If we can do this to them, then someone can do this to us." and we were off to the races. It's the military and counterintel community's job to think like this and act to protect us. I don't think imputing selfish motives is dispositive. David From david at sternlight.com Thu Jul 18 15:34:07 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 06:34:07 +0800 Subject: ABC News on internet telephony In-Reply-To: Message-ID: At 6:41 AM -0700 7/18/96, Clay Olbon II wrote: >There was a pretty long piece on the evening news on using the internet for >long distance and how much money can be saved. Even had several demos of >intercontinental phone calls. The disappointing aspect was they didn't >mention PGPfone (although if they had, I'm sure child pornographers and >terrorists would have been mentioned as well :-) > There's something fundamental going on here beneath the surface. Surprisingly, a recent item (maybe the one you reported) on this suggests that the big phone companies are trying to use this phenomenon rather than stop it. I think it was AT&T who announced that they had web software that improved the quality of such internet voice calls. Surprisingly constructive, in contrast to the coalition of small phone companies screaming for the FCC to "stop it". The FCC has wisely said they're not going to act right now because it could kill an incipient new technology. This is the rankest speculation on my part, but could some of the bigger, smarter phone company cum internet providers have done some serious analysis and concluded that we're moving away from distance-based rates for voice calls. Might they even have examined where we'll be in the next ten years (with ADSL, etc.) and decided that the network technology and simple market economics makes fixed charges per "line" more profitable to them than metered usage? Maybe this is wishful thinking on my part, but some of the bigger actors are starting to behave in a surprisingly counter-intuitive (based on the way we stereotype them) fashion on this topic. David From tcmay at got.net Thu Jul 18 15:42:12 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 06:42:12 +0800 Subject: Borders *are* transparent Message-ID: At 5:51 AM 7/18/96, snow wrote: >On Tue, 16 Jul 1996, David Sternlight wrote: >> At 3:36 AM -0700 7/16/96, Duncan Frissell wrote: >> >At 04:18 PM 7/15/96 -0700, sameer wrote: >> >> Not like that's tough to figure out. Congrats. It's cool to >> >>actually be able to connect to my webserver using real encryption. >> >>Glad the lawyers don't think Barksdale is going to jail anymore. >> >I'm glad too. So how many minutes did it take to leak overseas? >> It doesn't "leak overseas" as if there were some regrettable lapse in the >> plumbing. Someone has to commit a felony violation of Federal law. > > No they don't. If they are French, Russian, English, Greek, etc. They > _may_ be violating their countries laws, but they are not necessarily >violating ours. This is a terribly important point: if a citizen of Foobaria succeeds in connecting to the Netscape site--perhaps by experimenting with various combinations of domain names and submitted address/zipcode combinations--and Netscape sends him the file, he has not committed a crime in his own country. (Unless they have their own laws....) Ironically, under the ITARs, as I understand them, a citizen of Foobaria who "exports" (= retrieves from Netscape's site) such materials actually *has* violated our ITARs. (It is possible for persons outside the U.S. to violate U.S. laws, of course. You can all imagine examples.) Prosecuting a person in Foobaria for violating U.S. ITAR regs would of course be problematic, and unlikely. Likewise, much "export-controlled" software is freely purchasable without any form of identification or proof of citizenship/residency in any of thousands of U.S. software stores. (I don't know if the copies of Netscape Navigator on the shelves in U.S. stores are now the "U.S." version, as opposed to be a somwhat-crippled version, but I sure do know that a *lot* of nominally-export-controlled software _is_ freely purchasable.) Much of this software goes out of the country in luggage. In my various flights out of the U.S. over the years, never have my bags been so much as glanced at, except presumably for bombs with sniffers, scanners, etc. Further, I have mailed optical disks out of the country--a single one of these can store a whole lot of stuff. (As I said in a 1992 interview, a DAT is like a shoulder-fired Stinger missile.) On a trip to France and Monaco last year, I deliberately carried several optical cartridges and couple of DATs, all crammed with software, PGP, RSADSI's MailSafe, Mathematica, etc. To make a point, and as props for my talk on crypto anarchy. Certainly there was no checking on the way out at SFO, and no checking whatsoever at Charles de Gaulle in Paris. (On my return trip, the bored inspector in San Francisco asked what my purpose in being overseas has been. Had I said "tourism" I would've been waved through. Instead, for interest, I said "Meeting with Russian cryptographers in Monte Carlo," just to see what would happen. He asked me what "cryptographers" are or do... "They make secret codes." He then waved me through. Sigh.) None of this is surprising, of course. Borders _are_ transparent. There are so _many_ degrees of freedom for getting stuff across borders. The hope that a bunch of *bits* can be stopped in ludicrous. _This_ is why I expect the Netscape beta to arrive overseas pretty soon. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From m5 at vail.tivoli.com Thu Jul 18 15:58:49 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 19 Jul 1996 06:58:49 +0800 Subject: New Infowarfare Panel In-Reply-To: Message-ID: <31EE8BCE.50B@vail.tivoli.com> David Sternlight wrote: > As I recall my background reading in the public press, wasn't the etiology > that we figured out how to do some pretty nasty things (the Gulf war was > one presenting occasion) to enemies' info infrastructures to threaten their > entire social system. My personal recollection is that many of the InfoWar techniques we crafted during the Gulf War involved using high speed fighter-bomber aircraft to drop guided munitions on top of selected pieces of the communications infrastructure. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From maldrich at grci.com Thu Jul 18 16:02:41 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Fri, 19 Jul 1996 07:02:41 +0800 Subject: spam suckers (was Re: Chancellor Group....) In-Reply-To: Message-ID: On Thu, 18 Jul 1996, Doug Hughes wrote: > > FYI: I've been forwarding complaints about the moneyworld spam > >to the following addresses: > > > >dyno at cyberspace.com > >barer at cyberspace.com > >abuse at mci.net > >enforcement at sec.gov > > I don't know who the right person to complain to is, but it sure is > irritating. I think I'll start CC'ing abuse at mci.net as well. The Oracle of the Internet (and other sources) report that: The spam is coming from Financial Connections, Inc. Their smail address is: 2508 5th Avenue, Suite 104 Seattle, Washington 98121 Their SA is Robert (Bob) Williams. His voice mail box, available at 206.269.0846, is full right now but get those war-dialers ready just in case. Also, his e-mail address is "dyno at cyberspace.com". It's not known if he has any anti-mailbomb fixtures (yet) in place at this time. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From markm at voicenet.com Thu Jul 18 16:11:48 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 19 Jul 1996 07:11:48 +0800 Subject: SecureDrive(IDEA), Realdeal and plaintext attack In-Reply-To: <9607181432.AB05188@cti02.citenet.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 18 Jul 1996, Jean-Francois Avon wrote: > IDEA is reputed to be resistant against known plaintext attacks. > But I did not read about wether or not it is resistant to > several-plaintexts (?choosen plaintext) attack. > > If the sectors were not salted, each zeroed sectors would translate in > an identical way on the encrypted disk. So, there would be only one > cyphertext-plaintext pair repeated over many empty sectors. > > If you salt the encryptor, there are many different cyphertexts > corresponding to one single plaintext. > > Can the salt be figured out by an attacker? It doesn't matter whether an attacker knows the salt. Sectors that are zeroed are indistinguishable from secrtors that have data. An attacker wouldn't know which sectors are composed of zeroes. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMe6HIbZc+sv5siulAQHpIgP+L8fJC/NMixjiQxdHuIJAkPxKqWpY3PBC KlqubQddtQG5CYWEjmC3aLks/kBVHLw/WGg7QM4C3Hl6Hmp/X85qiNCME6rhYjZq 1Jqbit1FVRHOEz9Nw7suOZlabHkQDTx9mEYvq0bWtAlPRXizWz60UwBt5W+n3SBT hpO/gwkvWs4= =4raq -----END PGP SIGNATURE----- From markm at voicenet.com Thu Jul 18 16:18:28 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 19 Jul 1996 07:18:28 +0800 Subject: Steganography Message-ID: -----BEGIN PGP SIGNED MESSAGE----- There has been some discussion on steganography in the past few days. I've been thinking about the subject so here is a list of my random thoughts: 1. Steganography "standard": Current steganography software relies almost totally on security through obscurity. The problem with such an approach is that there is no standard way to extract data from .gif or .jpg files. If two people want to communicate using stego, they have to have some secure channel through which they could negotiate a protocol that could extract information from data files. This brings up the same Catch-22 situation that exists with conventional cryptography. My idea is that there should be some common, well-known way to de-stego data files. This really doesn't weaken the security of any stego software because if strong crypto that doesn't append any headers on to the message is used in conjunction with stego software, then the output of a stego program would just appear to be random garbage. There would be no way for the feds to prove that the random data was encrypted. I don't know much about graphic and sound file formats, but I think that in most cases the least-significant bit of a graphics or sound file should be pretty random anyway. 2. Recognizing stegoed data: Another problem with stegonography is that while many programs use some kind of identifying header so the recipient can tell whether the file contains hidden information or not, this also allows a snooper to determine the same thing. I think that the ability for the recipient to identify whether the data is stegoed or not is important. So I came up with the idea of using a MAC keyed with the session key used to encrypt the hidden data for checking if the picture contains stegoed data. With this approach, an attacker would not be able to verify if a file contained hidden data or not since the session key would be encrypted with the recipient's public key. 3. Message pools: With steganography more widespread, the use of message pools becomes a lot more interesting. People could communicate anonymously using one of the alt.binaries.* groups with everyone else reading the group completely oblivious to this fact. The posts would be pictures that would decode normally, but only the recipient would be able to decrypt the hidden data. Since the binaries newsgroups are among the most popular on the Usenet, reading one of the binaries newsgroups would draw less suspicion then reading alt.anonymous.messages. I don't know how reliable some of the binaries groups are since many NNTP servers don't carry them or expire the articles early, but since cross-posting seems to be fairly common on those newsgroups anyway, a cross-posted file with stegoed data would have a good chance of reaching the recipient. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMe6OdLZc+sv5siulAQHMOAP/Yv6SLWY/CCXzXj/91q0hh2M3oVjMr7a6 RBEKCaExosbjJojoTlM9epyzO/gC4jrAj+3IIeciPLHyJPgF2CJmW3NU4bRHPls5 d2kEUPCIc/mLVcbieEC4OO7QlYeFY0vIBn+y1CO3V0kLN20N6Y3845p4a7BY6Wa+ u7dE12QbZLc= =8xQ7 -----END PGP SIGNATURE----- From vinnie at webstuff.apple.com Thu Jul 18 16:22:54 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Fri, 19 Jul 1996 07:22:54 +0800 Subject: Mac Crypto/ internet commerce workshop , sept 5-6, cupertino.. Message-ID: The Mac Crypto / Internet commerce workshop,( gathering, conference) will happen...YES (if more like machack than anything else.) The dates will be Sept 5/6, Here in Cupertino, CA at Apple. In addition I will also host the Aug (late) or Sept Cypher-punks meeting one of those nights too. My goals are: 1) to provide a vehicle to educate any and all Apple employees and Developers who are responsible for apple's future on the internet about what is going on in the Internet commerce world. 2) To provide a forum where developers can work together to create internet commerce producs for the Macintosh platform. I am responding to the copious feedback that I have recieved from developers both at WWDC and MacHack, through the various mailing lists that I run (Mac-crypto, net-thinkers etc) and through personal contacts. >>>>>>>> I am looking for folks to talk, papers etc.. <<<<<<<<< The (real) prelminary agenda goes something like: (day one) Introductions and overviews: 1) Introduction to crypto technology, what is it who are the players. 2) Introduction to electronic commerce (Finacial cryptograpy), e-cash, e-checks, digital bearer bonds, etc. 3) How to use this technology today, where is the oppertunities. 4) What needs to be done on the Mac, oppertnunites. (day two) Tech stuff. 1) Random number generation on the Mac, (the key to strong crypto) 2) Password management and the Mac (How to get something better than the Powertalk keychain) 3) Optimizing crypto on the PPC. 4) How to write a OT network server that will give you the performance required for transacting business. remember this is a totatly grass-roots thing, but we are gathering momentum. Look at how effective Internet-config is on the Mac. The conference will materialize more in August, consider this an official anouncement. So book your air tickets, while they are cheap.. (bring a parachute?) be there, aloha! Vinnie Moscaritolo Developer Tech Support http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From paul at mycroft.actrix.gen.nz Thu Jul 18 16:27:33 1996 From: paul at mycroft.actrix.gen.nz (Paul Foley) Date: Fri, 19 Jul 1996 07:27:33 +0800 Subject: Cybank breaks new ground; rejects public-key encryption In-Reply-To: Message-ID: <199607181918.HAA04314@mycroft.actrix.gen.nz> else's account. It just seems the reward they are offering me is not enough for my work. What might be a good reward for hacking into an Internet bank and showing I can steal their money? Getting to keep the money :-) From harka at nycmetro.com Thu Jul 18 16:29:02 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Fri, 19 Jul 1996 07:29:02 +0800 Subject: Secure IRC conversations Message-ID: Hi there, does anybody know of a way to have encrypted conversations on the IRC or via ytalk? Thanks, Harka ___ Blue Wave/386 v2.30 [NR] From tcmay at got.net Thu Jul 18 16:38:54 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 07:38:54 +0800 Subject: Opiated file systems Message-ID: At 8:05 AM 7/18/96, jim bell wrote: >It has long occurred to me, considering the size and low power of the >typical 3.5" hard drive compared with the size of the typical house or >apartment, that it might be an interesting project to remotely connect such >a (hidden) drive to your computer using a reasonably surreptious link that >is difficult to trace. Say, an IR optical link, a single bare (unjacketed) >optical fiber, a LAN with hidden nodes, or a similar system. Maybe an >inductive pickup. In any raid, they'll have to decide what to take, and >chances are very good that they won't find every hidden item. I think the druggies call this a "rat line": two apartments next to each other, with the humans living in one and the drugs stored in the other. The drugs are gotten through a hole in the wall. (Hey, I'm not saying it works, or that it stops raids, prosecutions, convictions, etc. Just noting the existence.) Any multi-unit apartment can do this already, with data. The hard disk can be upstairs and two units away, connected with Ethernet (as many apartment buildings out here in California already are), or whatever. Any raid on Unit 3B, for example, finds that no files are stored locally. A separate investigation and/or search warrant for whereever the files actually are stored would be of course problematic and/or delayed. (Friends of mine have worked on "remote storage" ideas for exactly such applications. Clearly there are many options: storage in other local sites, storage in offshore sites, encrypted storage, even storage by a "priest" functionary ("Son, I am ready to receive your digitally transmitted confession.").) Lots of possibilities. For various reasons, few have been pursued. (Mostly because, I think, there have been relatively few raids on data, and when there have been raids, there were usually other HUMINT-type factors involved. E.g., few child porn rings are going to be broken only on the basis of seized disks. As this situation changes, expect more "data archival" services to evolve.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From virgo at nob.tiac.net Thu Jul 18 17:10:43 1996 From: virgo at nob.tiac.net (virgo at nob.tiac.net) Date: Fri, 19 Jul 1996 08:10:43 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: This is nothing new. How many people remember Operation Sundevil? This has been going on for over 10 years now -- it's only now that people actually *care*. IMHO, Millie From david at sternlight.com Thu Jul 18 17:14:08 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 08:14:08 +0800 Subject: US versions of Netscape now available In-Reply-To: Message-ID: At 8:26 AM -0700 7/18/96, Perry E. Metzger wrote: >David Sternlight writes: >> >I'm glad too. So how many minutes did it take to leak overseas? >> >> It doesn't "leak overseas" as if there were some regrettable lapse in the >> plumbing. Someone has to commit a felony violation of Federal law. > >Yes, just like its a crime to smoke grass, or have sex with someone >you aren't married to in half the states in the union. Of course, we >all know that the truth is that other than bluenose fools like David >Sternlight, most people in society have accepted that the government >is just plain stupid and happily go on doing what they would do >anyway. > >David serves, however, as a useful reminder of the fact that there are >people out there who were so badly conditioned in childhood that they >are unable to disagree with authority no matter how badly they would >like to. I suspect that if a sufficiently highly placed government >official told David to strip naked and have sex with a dog in public >and phrased it as an order, he would do it, even though he would find >the act repugnant. > >Luckily, after the revolution, the private sector will open centers to >help people like David get over their inability to function without >authority figures telling them what to do. Since the private sector >has high incentives not to waste money, unlike government sponsored >programs we can expect David and others like him to eventually become >useful members of society. > Your contumely arises from your ignorance in that you are clearly unfamiliar with my consistent position on the Digital Telephony Act and many other issues. Not everyone who disagrees with you on some issues is a fool or a knave, and to say so suggests the need for a mirror. David From vznuri at netcom.com Thu Jul 18 17:20:19 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 19 Jul 1996 08:20:19 +0800 Subject: Surf-filter lists In-Reply-To: Message-ID: <199607181803.LAA01203@netcom18.netcom.com> > >L.D. fails to say why NOW and gay history sites and gun rights sites and >EFF and LPF and SAFE @ MIT and HotWired should be blocked. absolutely no reason is necessary. when a parent says to their child, "because I said so", what recourse does that child have? the service is doing the equivalent of this, and will be appropriate for and appeal to the many parents who raise their children in this authoritarian manner. a company does not have to give reasons. as TCM just wrote, people will vote with their cash. the ultimate determinant is if the company is profitable under a capitalist system. they could have ex-nazi's doing the filtering, and if they are making money even when their customers know about it, what's the problem? now, Meeks is doing a valuable public service in *informing* the public of criteria customers may be interested in they may not have been previously aware of (to the minor extent that he did so in an objective way). however, they are the ones to make the decision. they may decide that they like the whole idea of secrecy. the market is deciding as we speak. the article is in a sense part of this decision-making process. your own opinion is not irrelevant-- I have never said that. it's a nice additional perspective. I'm only saying its a small factor and you're awfully presumptuous to think everyone (esp. those that use the services) feels the same way about a lot of subjective material as you do. McCullagh, have you thought out your position at all on this? all the responses I have gotten from you show you haven't put much thought into the matter and are quite caught off guard by my fairly basic points. let me ask you: Yahoo *routinely* rejects zillions of URLs submitted to them. an equally emotional article could be written that highlights their editorial decisions in borderline cases. "Yahoo rejected a link to [x]!!! that's censorship!!!". please figure out what you are and are not opposed to, and have a clearcut stand. don't you see the amazing similarity between rating services and Yahoo? what, in principle, is the difference? your own arbitrary opinions? He also fails >to understand that Brock and I both wrote the article. the article is ambiguous about who wrote what. It's clearly Meeks writing style. I give you credit for whatever research you contributed. if I were you I would not want to be associated with that particular article however > He finally fails >to understand that CyberPatrol's categories are anything but clear. I don't recall the service you were picking apart in particular, but I thought Meeks ranting over the "monkey with his eye poked out" as not necessarily "gratuitous depictions of violence" was a real big lose position for himself. the categories may be clear enough for the *customers*, i.e. parents, and that's all that matters. you can rant all you want, but if people are paying money and continue to do so in spite of your objections, where does that leave the validity of your opinion? From jti at i-manila.com.ph Thu Jul 18 17:20:21 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Fri, 19 Jul 1996 08:20:21 +0800 Subject: Internet Through Radio Message-ID: <01BB752B.81D53DE0@ip65.i-manila.com.ph> Does anyone know how to Internet through radio using packet modems? By next year, our telephone company will be implementing metered phones, this will be unfair to modem users since they do that to prevent people from talking to the phone for long hours. From jbugden at smtplink.alis.ca Thu Jul 18 17:25:35 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Fri, 19 Jul 1996 08:25:35 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <9606188377.AA837727446@smtplink.alis.ca> At 4:13 AM on 96/07/18 Timothy C. May wrote: >It's a mark of what has gone wrong with this country that >ordinary citizens actually fear the midnight raids, the no-knock >searches, the "threat suppression" by ninjas. I recommend an article sub-titled: Fourteen ways of looking at a blackshirt. I've excerpted particularily relevant pieces below. Eternal Fascism by Umberto Eco New York Review of Books (June 22, 1995) In spite of some fuziness regarding the difference between various historical forms of fascism, I think it is possible to outline a list of features that are typical of what I would like to call Ur-Fascism, or Eternal Fascism. These features cannot be organized into a system; any of them contradict each other, and are also typical of other kinds of despotism or fanaticism. But it is enough that one of them to be present to allow fascism to coagulate around it. [...] 3. Irrationalism also depends on the cult of action for action's sake. Action being beuatiful in itself, it must be taken before, or without, reflection. Thinking is a form of emasculation. [...] 4. The critical spirit makes distinctions, and to distinguish is a sign of modernism. In modern culture the scientific community praises disagreement as a way to improve knowledge. For Ur-Fascism, disagreement is treason. 5. Besides, disagreement is a sign of diversity. Ur-Fascism grows up and seeks consensus by exploiting and exacerbating the natural fear of difference. The first appeal of a fascist or prematurely fascist movement is an appeal against the intruders. Thus Ur-Fascism is racist by definition. 6. Ur-Fascism derive from individual or social frustration. [...] 11. In such a perspective everybody is educated to become a hero. In every mythology the hero is an exceptional being, but in Ur-Fascist ideology heroism is the norm. This cult of heroism is strictly linked with the cult of death. It is not by chance that a motto of the Spanish Falangists was Viva la Muerte ("Long Live Death!"). In nonfascist societies, the lay public is told that death is unpleasant but must be faced with dignity; believers are told that it is the painful way to reach a supernatural hapiness. By contrast, the Ur-Fascist hero craves heroic death, advertised as the best reward for a heroic life. The Ur-Fascist hero is impatient to die. In his impatience, he more frequently sends other people to death. [...] Franklin Roosevelt's words of November 4, 1938, are worth recalling: "If American democracy ceases to move forward as a living force, seeking day and night by *peaceful means* (emphasis mine) to better the lot of our citizens, fascism will grow in strength in our land." Freedom and liberation are an unending task. ---------------------- If you set out to defeat an enemy because you despise what they do or say, make sure that you are different - not just stronger. Ciao, James From tcmay at got.net Thu Jul 18 17:29:47 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 08:29:47 +0800 Subject: New Infowarfare Panel Message-ID: At 6:14 PM 7/18/96, David Sternlight wrote: >At 8:30 PM -0700 7/17/96, Timothy C. May wrote: > >>Winn Schwartau is running conferences, is talking about the imminent danger >>of the nation's computer networks being knocked out (paraphrasing his >>latest "Wired" item: "imagine your ATM network being knocked out and people >>being unable to gain access to their money"). >> >>Schwartau is predicting/advocating a "fifth branch" of the military to deal >>with the this threat. A cyberforce, as it were. >> >>Color me skeptical, but I see this all as a lot of hype and fear-mongering. >>Folks in the Pentagon, FBI, and NSA probably see it as a way to get more >>funding, Folks in the consulting business probably see it as a way to crank >>up the seminar prices and increase the number and frequency of "Information >>Warfare" workshops and seminars. > >Haven't there been some worked examples of information warfare that make >this fear and the need to deal with it legitimate? I'm certainly not saying "information warfare" is impossible--for example, I did some work in the late 70s for DARPA on knocking out satellites with particle beam weapons. Specifically, I rebutted MIT Professor Kosta Tsipas' claim that directed energy weapons in orbit would require tens (or more) of Space Shuttle trips _per shot_. I showed the DARPA people how it could be done with 5 orders of magnitude less energy, and speculated that "ticklings" of satellites could be done with commercially available ion implanters--they got real concerned and I was not invited to the classified sessions where they discussed this threat model, as I lacked a clearance. However, the current wave of publicity about "information warfare" seems to focus on _possible_ scenarios, with Hollywoodesque overtones. (And I just learned that "infowar consultant" Schwartau is indeed "working on a movie." Not to ascribe impure motives to him--who's to say what's impure?--but it still sounds like hype to me.) >As I recall my background reading in the public press, wasn't the etiology >that we figured out how to do some pretty nasty things (the Gulf war was >one presenting occasion) to enemies' info infrastructures to threaten their >entire social system. Then, as I understand it, someone smart said >something like "If we can do this to them, then someone can do this to us." >and we were off to the races. Sure, we dropped conductive fibers on their power lines, we blew their dishes out with Special Ops sniper fire, and we did a lot of other such things. Could this destroy the nation's "infrastructure"? Hey, there have been scenarios for disrupting Wall Street, for all sorts of things. Bombs in power plants, knocking over high tension lines, etc. Some things never change. But destroying or even seriously damagaing the U.S. infrastructure would be _very_ hard to do. Sure, the government should think about such things. Utilities companies routinely plan for efforts to disrupt service. (I live a mile or two from where "Earth Action Now!" knocked over a power line about the time treehugger activist Judi Bari was partly blown up while apparently transporting a homemade bomb down here to Santa Cruz.) >It's the military and counterintel community's job to think like this and >act to protect us. I don't think imputing selfish motives is dispositive. I noted that there is a recent wave of hype: books, conferences, calls for action, even movie deals (:-}). Given that there is no real evidence that these mysterious "HERF guns" have ever been used, nor is there evidence that they would do much beyond knocking out the PCs in the office they were aimed at, this is why I said "color me skeptical." By the way, I was interviewed for the BBC programme "The I-Bomb," had discussions a while back with someone working on HERF guns, and have been in touch with Schwartau on this latest round (he contacted me). I'm still skeptical. "Extraordinary claims require extraordinary proof." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Thu Jul 18 17:40:43 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 19 Jul 1996 08:40:43 +0800 Subject: ABC News on internet telephony Message-ID: <199607182136.RAA25253@unix.asb.com> On 18 Jul 96 at 9:41, Clay Olbon II wrote: > There was a pretty long piece on the evening news on using the internet for > long distance and how much money can be saved. Even had several demos of > intercontinental phone calls. The disappointing aspect was they didn't > mention PGPfone (although if they had, I'm sure child pornographers and > terrorists would have been mentioned as well :-) PGPfone isn't marketed very well. Other Internet phone software is advertised in magazines, promotions with ISPs, etc. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From alanh at infi.net Thu Jul 18 17:40:50 1996 From: alanh at infi.net (Alan Horowitz) Date: Fri, 19 Jul 1996 08:40:50 +0800 Subject: Can't block caller ID in Massachusetts? In-Reply-To: <199607181149.HAA10639@nrk.com> Message-ID: > They do NOT want you to have a number where they don't get ANI. > They don't want you knowing where they are. So don't call them. I don't recall there being an requirement to call an 800 number for permission to purchase, food, shelter or clothing. From aba at atlas.ex.ac.uk Thu Jul 18 17:52:00 1996 From: aba at atlas.ex.ac.uk (Adam Back) Date: Fri, 19 Jul 1996 08:52:00 +0800 Subject: Opiated file systems In-Reply-To: <199607162030.NAA10344@mycroft.rand.org> Message-ID: <199607181001.LAA00078@server.test.net> Jim Gillogly writes: > "Deranged Mutant" writes: > >A problem with a c'punk-style encrypted fs with source code and wide > >distribution is, of course, that attackers will KNOW that there is a > >duress key. > > Good point. This suggests a design desideratum for any such system should > be that the user may choose not to have a duress key, maintaining > semi-plausible deniability for those who choose to have one. For plausibility it would probably be best if very few people used the duress key feature. If PGP had an infrequently used duress key feature, it would provide quite a bit of plausible deniability: lots of people have PGP. This was the basis for comments earlier in this thread about it being desirable to have a very popular file system with these features included. The more users (mostly for it's normal features) the less suspicious having the software on your system becomes. One problem is that some of the additional requirements to do a good job of obscuring whether or not there is data in the unused part of an encrypted file system add overheads. For example re-encrypting the unused data with random IVs so that it doesn't appear stale even if the duress key feature was not requested. If that overhead is too great it will be annoying for people who do not wish to use the duress key feature. It might possibly be a good idea to do re-encrypting of the blocks anyway as it would obscure usage patterns. (eg I am thinking when the disk starts up it will be cold, as it warms up the heads will be positioned fractionally differently, and from this kind of analysis it might be possible to make inferences about the amount of data used in the file system, etc.) Adam -- #!/bin/perl -sp0777i Message-ID: On Thu, 18 Jul 1996, [ISO-8859-1] J�ri Kaljundi wrote: > enough for my work. What might be a good reward for hacking into an > Internet bank and showing I can steal their money? How about the money? ;) Millie. From david at sternlight.com Thu Jul 18 18:09:57 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 09:09:57 +0800 Subject: New Infowarfare Panel In-Reply-To: Message-ID: At 12:09 PM -0700 7/18/96, Mike McNally wrote: >David Sternlight wrote: > >> As I recall my background reading in the public press, wasn't the etiology >> that we figured out how to do some pretty nasty things (the Gulf war was >> one presenting occasion) to enemies' info infrastructures to threaten their >> entire social system. > >My personal recollection is that many of the InfoWar techniques we crafted >during the Gulf War involved using high speed fighter-bomber aircraft to >drop guided munitions on top of selected pieces of the communications >infrastructure. I'm talking about some of the information that started slowly leaking out later, not the prime-time TV pyrotechnics. David From JeanPaul.Kroepfli at ns.fnet.fr Thu Jul 18 18:13:16 1996 From: JeanPaul.Kroepfli at ns.fnet.fr (Jean-Paul Kroepfli) Date: Fri, 19 Jul 1996 09:13:16 +0800 Subject: overseas PGPfone and Netscape Message-ID: <01BB7500.DB668740@JPKroepfli.S-IP.EUnet.fr> Ian Goldberg wrote: >Could various people with various architectures post MD5 or SHA1 hashes >of the files they downloaded? (i) very good idea (ii) Do you know where I can find a MSWin or MSDOS executable of SHA? Jean-Paul ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- Jean-Paul et Micheline Kroepfli (our son: Nicolas and daughter: Celine) eMail: JeanPaul.Kroepfli at utopia.fnet.fr Also Compuserve and MSNetwork Phone: +33 81 55 52 59 (F) PostMail: F-25640 Breconchaux (France) or: +41 21 843 27 36 (CH) or: CP 138, CH-1337 Vallorbe Fax: +33 81 55 52 62 (Switzerland) Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting PGP Fingerprint : 19 FB 67 EA 20 70 53 89 AF B2 5C 7F 02 1F CA 8F "The InterNet is the most open standard since air for breathing" From junger at pdj2-ra.F-REMOTE.CWRU.Edu Thu Jul 18 18:20:46 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Fri, 19 Jul 1996 09:20:46 +0800 Subject: "address verification databases"? (was: Netscape download...) In-Reply-To: <9607181646.AA19157@notesgw2.sybase.com> Message-ID: <199607182153.RAA26496@pdj2-ra.F-REMOTE.CWRU.Edu> With much help from Tom Weinstein and a bit of luck, I have succeeded in downloading the Linux version. But the time I tried before it finally worked, I typed in the New York City area code (212) rather than the Cleveland area code (216) and since I had given them a Cleveland address and ZIP code, they (the server, that is) said that I had made an error. So that must be one thing that they check. It seems strange that they can require that you have a phone, let alone that they require that your phone be in the same city where you are. (At one time I considered commuting between Cleveland and New York. I didn't consider it that seriously, but I am sure that there a people who do exactly that.) -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From wb8foz at nrk.com Thu Jul 18 18:42:20 1996 From: wb8foz at nrk.com (David Lesher) Date: Fri, 19 Jul 1996 09:42:20 +0800 Subject: (fwd) Re: US versions of Netscape now available---NOT Message-ID: <199607182209.SAA13526@nrk.com> > > Whatever YaKnow > > cybernut at nutcom.com > > 10401 Wilshire Blvd, Suite 805 > > Los Angeles, CA 90024-4628 > > (310) 475-3799 > > > > > > Isn't that nice. Some creep is proud enough of his skill at accessing the > trivially available InterNIC finger data that he posts it to invoke > harassment. And being a coward as well, he hides behind an anonymous > remailer. Of course, SternFUD himself advertised all the same material & much more hornblowing on http://www.switchboard.com; Check it out yourself. (I do note UnProfessor has removed the Panasana address that was there previously.) [IMAGE] DR. DAVID STERNLIGHT PROVIDES ECONOMIC AND STRATEGIC PLANNINGCONSULTING SERVICES FOR HIGH-TECHNOLOGY FIRMS. Strategic uncertainty is now the norm for the business environment. Wrenching events such as the fall of the Soviet Union, major shifts in technology and its location, and new directions in national and international policy strongly affect the medium and long-term business future...... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From dfloyd at IO.COM Thu Jul 18 18:43:07 1996 From: dfloyd at IO.COM (Douglas R. Floyd) Date: Fri, 19 Jul 1996 09:43:07 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: <199607182213.RAA10532@pentagon.io.com> > > (Friends of mine have worked on "remote storage" ideas for exactly such > applications. Clearly there are many options: storage in other local sites, > storage in offshore sites, encrypted storage, even storage by a "priest" > functionary ("Son, I am ready to receive your digitally transmitted > confession.").) The problem I ran into firsthand with archive sites is that they tend to turn into porn or pirated software servers. One could then have the software delete after a download. Anyway, one is always open to a denial of service attack where someone just throws chunks of /dev/random at you. (About last April when I wrote an offsite secure storage program, I was testing it on another site. Some 2 bit children found out about it and decided to turn it into a porn server, causing major bandwidth to be taken up. I then set it to delete any files grabbed when one specifies the MD5 hash. This stopped the onrush of outgoing stuff, however I got a bunch of people dumping large amounts of random junk just to deny others service out of spite. To foil this, I set a per megabyte limit. Then, they just anon-remailed bunches of little files. I got tired of the abuse and pulled the plug on it. It didn't even reach beta testing.) If someone has any ideas on how to slow down attacks like this, please E-mail me. It would be nice to have an offsite storage place, but without the necessity of giving a bunch of personal info (as with Mcaffee's WebStor). From jimbell at pacifier.com Thu Jul 18 18:52:58 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 19 Jul 1996 09:52:58 +0800 Subject: Gorelick testifies before Senate, unveils new executive order Message-ID: <199607182057.NAA18681@mail.pacifier.com> At 03:04 AM 7/18/96 -0700, David Sternlight wrote: >Serious studies have shown that the kinds of protections to make the >systems we depend on robust against determined and malicious attackers (say >a terrorist government, or one bent on doing a lot of damage in retaliation >for one of our policies they don't like) "Policies"? There you go again. A "policy," at least in regard to the US government, is not merely opinion, but is action. Action which may (legitimately) anger people. Action which may not genuinely be in the interests of American people, although you'd never get those government thugs to admit it. If somebody overseas doesn't like a US government "policy," maybe the best thing to do is to determine whether it's actually beneficial to the ordinary American citizen, or whether its benefits can be achieved simply by changing government behavior. So what's the best way to avoid "terrorism"? Maybe the fastest, more efficent, and overall best way to avoid it is to get the US government to stop doing things that foment it, rather than trying to protect against it after the fact. , have costs beyond the capability >of individual private sector actors. Your friendly neighborhood ISP, for >instance, probably can't affort the iron belt and steel suspenders needed >to make his system and its connectivity sabotage-proof, and so on. Even >cheap but clever solutions involving encryption in such systems require >standards and common practices across many institutions. None of which require government actions to achieve. If anything, what is required is that governments STOP doing things which discourage such implementations of encryption. Government is the problem, not the solution. >In such a case, where public benefits from government action greatly exceed >public (taxpayer) costs, This is the classic Sternlight misrepresentation. Chances are excellent that this public benefit you speak of is almost totally a benefit to government employees, not ordinary citizens. Government's "solutions" are predictably skewed to maintain government budgets, not actually designed to solve the underlying problem. Jim Bell jimbell at pacifier.com From david at sternlight.com Thu Jul 18 18:59:21 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 09:59:21 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: At 8:14 AM -0700 7/18/96, Jeff Barber wrote: >David Sternlight writes: > >> Here's the problem in a nutshell: Everyone who has looked at our systems, >> from Cliff Stoll on to blue ribbon scientific commissions, has come to the >> conclusion that our society is vulnerable to willful sabotage from abroad, >> ranging from information sabotage (hacking electronic financial >> transactions) to physical sabotage (hacking power grid control computers to >> cause widespread power failures leading to serious damage to people and >> things; hacking the phone companies' computers, etc.). Some cases have >> already been observed. The field has already got a name and lots of >> publications. It's called "information warfare" and the government is >> taking it VERY seriously. >> >> Serious studies have shown that the kinds of protections to make the >> systems we depend on robust against determined and malicious attackers (say >> a terrorist government, or one bent on doing a lot of damage in retaliation >> for one of our policies they don't like), have costs beyond the capability >> of individual private sector actors. > >> In such a case, where public benefits from government action greatly exceed >> public (taxpayer) costs, and the private sector cannot (or will not) act >> unaided, the classical basis for government action in the interests of the >> citizenry exists. It's the economist's "lighthouse" argument. >> >> The motivation has nothing to do with privacy, government snooping, or any >> of the other things some get so excited about, though the solutions >> certainly have side effects in those domains. The goal should be to >> minimize the deleterious side-effects, not to throw out the baby with the >> bath water. > >I for one reject your premise and your conclusions. There is no >indication that government is capable of addressing this "problem" >in a useful way. Let's see what the study group recommends. There are a lot of things the government can do, and plenty of historical precedent. To take one example, in the merchant marine industry the government for years paid a subsidy for shipbuilders to add certain "national defense features" to ships they were building, to harden them in excess of normal civilian requirements so they'd be robust in time of war. No shipbuilder could afford such features unaided, and without them we either had a dramatically reduced shipping capability in wartime or a very vulnerable one. Things have changed since then, but the basic principles in the example are still valid. > In fact, I argue that the situation is at least >partially of government construction. The government's hindrance of >crypto technology has undoubtedly slowed down and in many cases >entirely prevented the application of current technology to protect >the very systems the government now purports to be concerned about. There are no restrictions on using as good domestic crypto as you can get, and this issue is about the robustness of our domestic information infrastructure. Clearly if hardening were cost-justified to the civilian companies it would have been done already. One of the core problems is that the benefits from hardening cannot be captured by the individual compnanies, so they cannot cost-justify doing it. But the losses from failure to harden can cost the wider society much treasure. That's a natural case for government intervention on behalf of the wider society. It's exactly like the "lighthouse" argument. The benefits from a lighthouse can't justify an individual shipbuilder building one, but the losses to society from the random aggregation of shipwrecks are far greater than the cost of lighthouses. Ergo, the government builds the lighthouses. > >(This is not conjecture or speculation; it is fact. I personally have >witnessed -- and, in some cases, been part of -- the many hundreds of >hours of productivity lost to producing and distributing security software >in ways that protect the company from ITAR violations, or trying to >formulate adequate solutions for the company's non-US customers.) Irrelevant to the central issue we're discussing, and by comparison, a gnat. > >My message to a government concerned about the dangers of "information >warfare" (and its apologists): get out of the way and let industry work >on security. Then you can choose from the products offered for your >protection or develop your own. But don't sit there and prevent or help >prevent deployment of security technology while decrying the lack of >security. This isn't about preventing domestic deployment but assisting it. You are raising an entirely unrelated issue--crypto export policy. > >I don't claim that the current security deficiencies are entirely due >to ITAR restrictions but it is certainly a significant factor, and there >is still zero evidence that the government is competent to help. Let >them first fix their own problems (e.g. the alleged 250,000 DoD computer >breakins), *then* come help us in the private sector. Again as irrelevant as the argument that we shouldn't jail criminals until we've eliminated the economic inequities that allegedly produce crime. David From aba at dcs.ex.ac.uk Thu Jul 18 19:10:53 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 19 Jul 1996 10:10:53 +0800 Subject: US versions of Netscape now available In-Reply-To: Message-ID: <199607182111.WAA00315@server.test.net> David Sternlight writes: > >> It doesn't "leak overseas" as if there were some regrettable lapse in the > >> plumbing. Someone has to commit a felony violation of Federal law. > > > > No they don't. If they are French, Russian, English, Greek, etc. They > > _may_ be violating their countries laws, but they are not necessarily > >violating ours. > > That is only true if they find a way to crack Netscape's software > distribution security from overseas, or somehow found a user machine with > the software on it and cracked IT. IF the thing leaks it is much more > likely because someone on our side of the border was complicit. I'm not sure that is necesarily true. The checks are normally very flimsy, and near trivial for anyone to break. I don't think anyone knows _who_ exports new versions of PGP etc, so I'm not saying you're wrong either, only saying: we have no way of knowing. > Do I _think_ it will stay on this side of the border? Of course not. But > any leaked copies will be illicit and won't be in the "mass" market of > non-US Netscape versions. Well, I understand some of the previous (commercial) 128 bit versions of Netscape leaked, and I presume they were not available from all the usual ftp sites because they were commercial. Presumably as this latest netscape beta is freely distributable, once it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc. (the US version of PGP is on various non-US ftp sites, I don't see any reason why freely distributable netscape binaries should be different). Adam -- #!/bin/perl -sp0777i Message-ID: <199607182142.OAA01934@gulch.spe.com> -----BEGIN PGP SIGNED MESSAGE----- jk at stallion.ee writes: > There must be something wrong with bank people all over the world. One > local bank that now is offering payments using their WWW server here in > Estonia, and every time I publicly announce some security flaw in their > system, I have to convince them this bug really exists, they never want to > believe me. Also those bank persons are saying they will believe me only > when I really break into their system and transfer money from somewhere > else's account. It just seems the reward they are offering me is not > enough for my work. What might be a good reward for hacking into an > Internet bank and showing I can steal their money? Probably not as high as the reward for hacking into a bank and not showing them that you can steal their money. Regards, pjm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQEVAwUBMe6vumAA81GB0e9dAQHrFgf+N1hMc+4/L3v9kBZAa2+IvoaoW4nqOXhW 8vRxzXFbJZXH0AGQzptIsoHS2o3Pp66qG6cKdI87taDuO8qaGmP4mxiCrK89jmo+ fsy1OUJf+7531tvahrNe984F5UAUw0pNFx728PzCwOeYaI57zhq4UhkSdtbHoI9h WOWV1649x2AIp1odYiZ7y4+54KSkQf4e846pEMNujil6+BMdFOI1XZgYU0jX0rqS Wq0qh6QtXMoQ3oF3sHmnR0BISGrIPwZEASVRxiKBvu26gAzH620uBOBLKtY6i/yr G7O2C+fit5aHAoOJxIC8O9RhyrUOAqUe5peYfzzMVWGO5wMOdOu/7Q== =/xyE -----END PGP SIGNATURE----- From jim at ACM.ORG Thu Jul 18 19:14:51 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Fri, 19 Jul 1996 10:14:51 +0800 Subject: New Infowarfare Panel In-Reply-To: Message-ID: <199607182314.QAA15523@mycroft.rand.org> >At 12:09 PM -0700 7/18/96, Mike McNally wrote: >>My personal recollection is that many of the InfoWar techniques we crafted >>during the Gulf War involved using high speed fighter-bomber aircraft to >>drop guided munitions on top of selected pieces of the communications >>infrastructure. David Sternlight writes: >I'm talking about some of the information that started slowly leaking out >later, not the prime-time TV pyrotechnics. Please elaborate. Worked examples of info warfare would be useful for us to study... making useful government policy based on unsupported recollections and dubious anecdotes is difficult. (I won't drag in the more cypherpunk-related example I had in mind, for fear of derailing this conversation from this specific topic.) Jim Gillogly Hevensday, 25 Afterlithe S.R. 1996, 23:13 From talon57 at well.com Thu Jul 18 19:15:01 1996 From: talon57 at well.com (talon57 at well.com) Date: Fri, 19 Jul 1996 10:15:01 +0800 Subject: ABC news on Internet Telephony Message-ID: <199607182054.NAA04198@well.com> David Sternlight writes: >There's something fundamental going on here beneath the surface. >Surprisingly, a recent item (maybe the one you reported) on this >suggests that the big phone companies are trying to use this >phenomenon rather than stop it. I think it was AT&T who announced >that they had web software that improved the quality of such >internet voice calls. Surprisingly constructive, in contrast to >the coalition of small phone companies screaming for the FCC to >"stop it". The FCC has wisely said they're not going to act right >now because it could kill an incipient new technology. There is something fundamental going on here, a lack of common sense, and/or critical reasoning. Lets try it again. Who is the most likely to be disintermediated by a global packet network? (how do you get to your ISP?) I assume by "big phone company" vs "little phone company" you are refering to long distance vs local service, tell me, if the RBOC's continue merging, at what level do they become a " big phone company." The RBOC's are not the only local service providers of course, here in Illinois alone there are more than 80 (at my last count) providers of local service, and soon there will be many more. The other "urban myth" you are helping to support is the notion that it is the local providers that are fighting deregulation. Ameritech filed for total unbundling in March of '93, and you don't see them insisting on having a percentage of the long distance market before the long distance companies are allowed to compete in the local loop. >This is the rankest speculation on my part, but could some of the >bigger, smarter phone company cum internet providers have done >some serious analysis and concluded that we're moving away from >distance-based rates for voice calls. Might they even have >examined where we'll be in the next ten years (with ADSL, etc.) >and decided that the network technology and simple market >economics makes fixed charges per "line" more profitable to them >than metered usage? Maybe this is wishful thinking on my part, but >some of the bigger actors are starting to behave in a surprisingly >counter-intuitive (based on the way we stereotype them) fashion on >this topic. point to point circuits are more efficiently handled by circuit switching rather than packet switching networks. Nicholas Negroponte wrote an interesting piece about asynchronous vs synchronous, I believe it is in his book "Being Digital." ADSL is an interesting attempt at digital telephony but expensive and basically would mean replacing existing central office switches. (backbone bandwidth) In a packet network you have to either dedicate a portion of the bandwidth for a synchronous circuit, or you have to have a very fast network and use very small packets (ATM), expensive either way. A single central office has many times the bandwidth of the widest part of the internet, and the average state has hundreds of CO's. If even a small portion of the Internets current users tried placing a call things would grind to a halt. A huge increase in the number of backbones and their bandwidth would solve this, but who will pay the bill? TANSTAAFL Sometime ago the discussion was on the cost of laying new fiber, may I suggest the realworld heuristic of "a million dollars a mile." Please note I am not trying to make fun of anyone personnally, I am in the words of Jubal Harshaw "heaping scorn upon an inexcuseably silly idea, a practice I shall always follow." Brian communicate globally, censor locally From aba at dcs.ex.ac.uk Thu Jul 18 19:25:32 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 19 Jul 1996 10:25:32 +0800 Subject: Opiated file systems In-Reply-To: <199607180630.XAA29062@netcom8.netcom.com> Message-ID: <199607182219.XAA00332@server.test.net> Bill Frantz writes: > At 1:30 PM 7/16/96 -0700, Jim Gillogly wrote: > >"Deranged Mutant" writes: > >>A problem with a c'punk-style encrypted fs with source code and wide > >>distribution is, of course, that attackers will KNOW that there is a > >>duress key. > > > >Good point. This suggests a design desideratum for any such system should > >be that the user may choose not to have a duress key, maintaining > >semi-plausible deniability for those who choose to have one. > > Perhaps a user settable number of duress keys with different behavior for > each of them? I'm not sure what you had in mind for differing behaviours (were you thinking nuking of data variety?), but I think the option for multiple hidden file systems may be a feature some people would want. However, I think it would greatly reduce an individuals plausible deniability of there existing a 2nd hidden file system, if they admit to a 1st hidden file system. They have admitted that they are willing to play the duress key game, so what's to say they haven't done it again. Adam -- #!/bin/perl -sp0777i THE CYPHERPUNK ENQUIRER PRESENTS: "Adventures in Alternative Journalism" The Analysis Piece Alice stared at the two strange creatures. She was completely dumbfounded. "So let me see if I've got this right. You make really good wheels. But if the Queen of Hearts had wheels, her subjects who occasionally raid your borders would be able to get away faster, and you wouldn't catch as many of them. Is that right, Tweedledumb?" "I'm Tweedledumber. He's Tweedledumb. Yes, that's right. We have a technological lead over the Cards, and we have to maintain it." "So you won't sell them wheels?" "Well, it's more complex than that. A large part of our population is engaged in making wheels, and we make a lot of money selling them to the Cards. So we made a compromise. We only sell them SQUARE wheels." "But of course," Tweedledumb chimed in, "it's very expensive to make both square and round wheels. So most of our people only make square wheels, so they can sell them to both us and the Cards. Of course, our people are allowed to buy round wheels, IF they can find them." "AND," stated Tweedledumber, "since the wheel is patented here, we get to collect a hefty licensing fee for every wheel sold." "But the Cards DO have wheels!" Alice could see over the fence, and the Cards were happily zipping around all over the place. "And so do a lot of people over here. What happened?" "Well, we couldn't stop the Cards from building their OWN wheels ... " "And people like buying the Card wheels because they're faster than our wheels, and they're cheaper, because they don't have to pay us the licensing fee ..." "You see, we have a licensing treaty with the Cards for most things, so if they make something we have a patent on, they have to pay us, but the wheel can't be exported, so it can't EXIST over there, so our patents don't apply ... " "But I don't understand! You said you needed to catch people, but now you can hardly catch anyone!" Alice was totally astounded at what she was hearing. "It's only a stopgap measure anyway." Tweedledumber clasp his hands behind his back and started pacing. "We need to get an agreement with the Queen of Hearts that both of our people will only use, oh, say, pentagonal and maybe hexagonical wheels. That way, everyone can get around faster, but we'll still be able to catch them." "But who's WE?" "Anybody with a TLA on their shirt. WE get round wheels." "What's a TLA?" Alice almost felt relieved when she saw the familiar grin materialize. The rest of the Cheshire Cat soon followed. "A TLA, my dear, is a Three Letter Anachronism. When people start referring to you by your initials, you've overstayed your welcome. If everyone starts calling ME TCC, I'll know it's time to find another job." The caterpillar spoke up from its perch on the toadstool. "Wrong, tuna breath. TLA's are the only thing standing between society and total chaos." Alice turned to face the caterpillar, who responded by blowing a lungful of hookah smoke in her face. "THESE two goons only deal with the dangers of the Queen of Hearts and her soldiers, I have to worry about the domestic situation. So we came up with a solution. There are certain unscrupulous locals who engage in terrible things, terrorism, drug dealing, child molestation, money laundering ... we have to be able to catch them. If they had wheels, they could outrun us. But if we had ACCESS to those wheels when we needed it ... by the way, speaking of drug dealers, we know about that mushroom, and the pills. You might want to think really hard about playing ball with us, the Queen of Hearts is rather fond of cutting off dope addict's heads." "Access to wheels? Does that have anything to do with those ropes hanging off the back of those carts?" "Yup. We pull on that rope, the wheels fall off. And since we may have to stop a LOT of people at one time, we could have a riot, or another Butthole Surfers concert, we figure that we should be able to stop about ten percent of the population at once, a little less in the rural areas ... well, they've gotta be REALLY LONG ROPES ... and there have to be A WHOLE LOT of them ... course, the ones with the ropes we let have octagonal wheels ... " "But can't just anybody pull the rope? You'll have wheels falling off all over the place." "Price you have to pay for a safe society. Besides, we have trusted third parties holding to to the other end." "How will you get people to use it, when they can get regular wheels from the Cards?" "How else? We could pass a law. But it's easier just to threaten all the wheel dealers - put the rope on or we shut you down. Spread the word that only criminals don't use ropes - what are you afraid of? Got something to hide? Eventually we'll have to outlaw the round wheel, of course, but for the time being, some creative social engineering should do the trick." The caterpillar took another long drag on the hookah. "Good shit. Dole was right about this stuff." "But can't people get real wheels for free?" "Sure, we've pulled off enough they're lying around all over the place. But then you need an axle, bearings, steering - most people still just go down and buy the whole package. We get them, we're in - guy up in Seattle makes something like 90% of all carts sold here, you should see the shit we've got on HIM! No problemo. And those idiots at Netscape - we've got them doing a complete background check on anybody who wants a round wheel - come back in five days, and maybe you can have it." "So, Alice, are you learning anything?" Alice liked the Cheshire Cat, but it did have very sharp teeth, and very long claws, and it did have the habit of appearing out of nothing. Alice felt that it should be treated with respect. "Not really, your cattiness. It doesn't make any sense at all!" "It isn't supposed to. You have to look at it the right way. From their perspective, it makes perfect sense." "I'm confused." "Don't worry about it. It gets worse before it gets better. Come on, we're going to a party. Tim May and John Gilmore are throwing a Mad Tea Party." "Are they really mad?" "May's crazy as a loon. You'll like him. Gilmore, he's just still pissed at Shimamura for that stunt in the hot tub ... " From aba at dcs.ex.ac.uk Thu Jul 18 19:41:49 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 19 Jul 1996 10:41:49 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: <199607182215.XAA00331@server.test.net> writes: > On Wed, 17 Jul 1996, Adam Back wrote: > > A problem yes. My thoughts were that you would effectively have two > > filesystems and use them both yourself for real work. That is to say > > that you would say have some consulting work doing some programming or > > something, and use the 1st encrypted filesystem for this work. If > > this work was covered by an NDA, so much the better, as it would > > provide an understandable reason for encrypting. > > Good Idea, but I also like the idea of selective-duress, i.e. not > necisarily having a duress key at all. That was my meaning: either 1 or 2 filesystems, at the users option, and for the file system to look the same to anyone not holding the 2nd key (if there is one) whether or not there is a 2nd hidden file system. > There's also an Idea me and Mouse had, which is to have a fault-tolerant > duress system. Its something like this... You have a Duressfs and a > Non-Duressfs. If they enter the duress key is entered wrong, but only by > a certain percentage of characters (i.e. sex instead of hex), it lets you > see the Duressfs. If you do this too many consecutive times, it runs the > DuressNuke function (optional?). More subtle than straight nuke the data, but still they'll have the backup, and the code to reverse-engineer. Another idea might be to have secret shared keys to your encrypted fs, so you can't access your file system without your friend(s) co-operation. That would give your friends an opportunity to nuke their share of the key before they got their dawn raid. You could automate the nuking, with some pre-arranged policy for key destruction (eg the computers could bounce messages off each other, and if this stops the key-portion gets nuked). However, the opposition is already one step ahead: simultaneous dawn raids were the fad during operation Sun-Devil, just in case of such schemes I presume. Adam -- #!/bin/perl -sp0777i Message-ID: <199607182148.WAA00324@server.test.net> Rob writes: > On 16 Jul 96 at 19:21, Mark M. wrote: > > > A problem with a c'punk-style encrypted fs with source code and wide > > > distribution is, of course, that attackers will KNOW that there is a > > > duress key. > > > > I don't see how this would effect the security of such a filesystem. > > There is absolutely nothing that an attacker can do to get the real > > key. An attacker would just ignore all computers that have duress > > key capability. > > [attack on duress system] > > 3. reverse-engineer file system driver to figure out how the > duress-key works, I thought the presumption was that source code was provided (for the duress feature too)? The whole system should be designed to withstand scrutiny as to whether or not there is a duress file system on any given disk, on the assumption that the opponent as full access to the source. ie. the attacker can not tell without the hidden file system key (if one exists) whether the unused space on your drive is really just that: unused space filled with garbage, or whether it is in fact another encrytped filesystem. They might be suspicious, but I don't think they would be able to claim you were in comptempt of court, if you provide the 1st key and claim there is no other key: the software has support for either 1 or 2 filesystems. Adam From markm at voicenet.com Thu Jul 18 19:50:15 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 19 Jul 1996 10:50:15 +0800 Subject: Cookie alternatives In-Reply-To: <199607172056.QAA15431@jafar.issl.atl.hp.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 17 Jul 1996, Jeff Barber wrote: > I think you're exactly right about how cookies are used, but I believe > privacy concerns stemming from cookies have been blown out of proportion > lately. For the average Joe User running his single-user PC at home, > connected by modem to his local ISP, it makes little difference whether > a site issues a cookie to Joe or not; his IP address already uniquely > distinguishes him. The site can simply use his IP address as its > database index. If Joe deletes his cookie file each night before > invoking the browser, the impact of cookies is completely negated. That's not entirely correct. Cookies can be used to establish the route a person used to get from one page to the next. Of course, this can also be done by using the "HTTP-REFERER:" header, but some servers might not have that capability. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMe7PI7Zc+sv5siulAQHNuAP+Ou5n+NA5Ij+mra6MaDGBajHzX+f7y8nT 9w/GSGcvIMyTVY3tVklH6i1JpF00qcMG1JYFPrzdc//w8a88tK10/Hnj9j62PzUQ jqgcoPcoEmZMZK46chlaffeZcLMGb1CJvOMzNjJ12UJxuqEUYcLLX9rsSmjlZLzX 4gob7M0DMtM= =0+TI -----END PGP SIGNATURE----- From ceridwyn at wolfenet.com Thu Jul 18 20:05:08 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Fri, 19 Jul 1996 11:05:08 +0800 Subject: 119_816 Message-ID: <2.2.32.19960718235050.006c0f38@gonzo.wolfenet.com> At 11:29 AM 7/17/96 GMT, you wrote: > 6-17-96. NYP: > > "11 Officers Are Accused of Failure to pay Taxes. Claims of > Sovereignty and 98 Dependents." > > At least 11 New York City police officers have been > accused of failing to pay any Federal taxes for several > years by declaring they each had 98 dependents and by > insisting that the Government had no right to tax them. > The officers relied on a package of instructions that > described how to avoid paying taxes by declaring that > they were sovereign citizens who did not have to pay > taxes. Anyone know which "package of instructions" they were using, and where they can be obtained online? //cerridwyn// From ceridwyn at wolfenet.com Thu Jul 18 20:29:05 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Fri, 19 Jul 1996 11:29:05 +0800 Subject: Surf-filter lists Message-ID: <2.2.32.19960718232909.006ab4e4@gonzo.wolfenet.com> At 02:31 PM 7/17/96 -0500, you wrote: >A Private organization cannot "censor" anything. The fundamental >definition of the word require some agent of the government take action >to censor. To accuse Surf-Watch, net-nanny, AOL, MSU, AT&T, or whatever >of "censorship" accomplishes nothing except to make us look the >fool. I am not going to go into petty details about the actual definition of censor, and how private organizations do censor, but private citizens have the option of getting their information from an uncensored source, the same as when a government censors. The only difference is the government is allowed to use physical coercion, whereas on the surface corporations are not yet allowed to do so. I will, however, address your argument on a different level. Your view of this issue typifies one of the primary objections I have to many of the arguments amongst libertarians. The problem is NOT JUST GOVERNMENT. It is with any authority that has power over you. When a private entity becomes powerful enough that they have the ability to forcefully exert their influence over you, they are just as bad as Government. Granted, Surf-Watch and so forth haven't yet become that big, but there are some rather large Media companies who have, as well as institutions such as the Church. For example, I think our mainstream news IS censored, and not necessarily by the government, more by corporations intent on keeping us in the mindframe that will make them the most money and prolong and extend their power. I am not saying that a private entity doesn't or shouldn't have the Legal Right to censor, but I am saying that censorship of any form by any entity is a Bad Thing and the public (not the government, mind) should fight it on all fronts. This, in my mind, is the only reason to be dismayed by the decision on the CDA. It was found that the government shouldn't censor on the Internet because there were forms of Corporate censorship available. It would have truely been a great day if the decision had been that the government shouldn't censor on the Internet because censorship is wrong. >I agree that the problem with the "bait-and-switch" filtering of net >materials by these various filtering packages needs to be addressed. If I >want to protect my kids from seeing alt.naughty.pictures, I shoudl still >be able to unfilter political and health speech. The real problem isn't >censorship, it's disclosure by the makers of filtering packages about >what exactly their packages are going to filter for me and my family. That is another problem, not the Real Problem. The Real Problem is that parents are scared to have to explain to children why something they've seen is wrong or bad. They are afraid to teach their children their beliefs and values, so instead would rather just filter everything that conflicts with those beliefs, so that they believe it by default. This is a big problem when those children grow away from their parent's influence though, and creates bigotry and intolerance. (They don't know why they believe what they do, but believe it with fearful vengeance). //cerridwyn// From jti at i-manila.com.ph Thu Jul 18 20:43:56 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Fri, 19 Jul 1996 11:43:56 +0800 Subject: Home Made Telephone Voice Changer Message-ID: <01BB752B.7FF7A440@ip65.i-manila.com.ph> Does anyone know how to make a home-made telephone voice changer? From shamrock at netcom.com Thu Jul 18 21:06:31 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 19 Jul 1996 12:06:31 +0800 Subject: Telecom regulations - Reuters coverage Message-ID: At 23:22 7/17/96, E. ALLEN SMITH wrote: [...] >>FCC Chairman Hundt Sees Tax On Telecom Industry > >> FAJARDO, Puerto Rico - A small tax will probably be imposed on >> telecommunications companies' revenues to subsidize telephone access >> in rural areas and help wire classrooms for the Internet, Federal >> Communications Commission Chairman Reed Hundt told the nation's >> governors. > >[...] > >> But ensuring that residents in sparsely populated areas have access at >> affordable rates and meeting the administration's goal of wiring every >> classroom in the nation for Internet access will require annual >> subsidies of about $10 billion, Hundt said. Ten billion today will of course mean 100 billion tomorrow. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From shamrock at netcom.com Thu Jul 18 21:13:24 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 19 Jul 1996 12:13:24 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: At 20:19 7/16/96, Stig wrote: >Perhaps this has already been voiced on the main list (I get a filtered >helping or two of cypherpunks), but *I'm* surprised that such a generic name >as 'Ecash' was granted trademark status anywhere. > >It's like giving Microsoft a trademark on the term 'Email'... It's nuts! >Was the term ecash not in use before DigiCash showed up on the scene? No that I am aware of. Furthermore, to the best of my knowledge, DigiCash's Ecash is the only ecash that I am aware of. The other "ecashs" lack various properties of cash, as previously explained by Bryce. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From david at sternlight.com Thu Jul 18 21:17:19 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 12:17:19 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: At 1:32 PM -0700 7/18/96, Jeff Barber wrote: >David Sternlight writes: >> >> At 8:14 AM -0700 7/18/96, Jeff Barber wrote: >> >David Sternlight writes: >> > >> >> Here's the problem in a nutshell: Everyone who has looked at our systems, >> >> from Cliff Stoll on to blue ribbon scientific commissions, has come >>to the >> >> conclusion that our society is vulnerable to willful sabotage from >>abroad, >> >> ranging from information sabotage (hacking electronic financial >> >> transactions) to physical sabotage (hacking power grid control >>computers to >> >> cause widespread power failures leading to serious damage to people and >> >> things; hacking the phone companies' computers, etc.). Some cases have >> >> already been observed. The field has already got a name and lots of >> >> publications. It's called "information warfare" and the government is >> >> taking it VERY seriously. > >> >I for one reject your premise and your conclusions. There is no >> >indication that government is capable of addressing this "problem" >> >in a useful way. >> >> Let's see what the study group recommends. There are a lot of things the >> government can do, and plenty of historical precedent. > >There *are* a lot of things government can do. There aren't a lot of >things it can do well. But you want to wait and see what a *government >study group* decides to recommend? Gee, who can guess what they'll decide? You should do your homework. It's going to have a lot of industry people on it and be chaired by an industry person. > > >> To take one example, >> in the merchant marine industry the government for years paid a subsidy for >> shipbuilders to add certain "national defense features" to ships they were >> building, to harden them in excess of normal civilian requirements so >> they'd be robust in time of war. No shipbuilder could afford such features >> unaided, and without them we either had a dramatically reduced shipping >> capability in wartime or a very vulnerable one. Things have changed since >> then, but the basic principles in the example are still valid. > >This wonderful little anecdote proves nothing by itself. How many of >these merchant ships survived u-boat torpedos thanks to this hardening? >I'd guess the number's pretty near zero. You should do your homework. It has to do with being able to carry military cargoes. Those features worked perfectly. > > >> > In fact, I argue that the situation is at least >> >partially of government construction. The government's hindrance of >> >crypto technology has undoubtedly slowed down and in many cases >> >entirely prevented the application of current technology to protect >> >the very systems the government now purports to be concerned about. >> >> There are no restrictions on using as good domestic crypto as you can get, >> and this issue is about the robustness of our domestic information >> infrastructure. > >This is simply wrong. There *are* restrictions on domestic crypto. They >are restrictions imposed by the crypto export policy. Maybe there isn't >an outright ban but there *are* nevertheless real restrictions (look up >"restrict" in a dictionary near you). And tell Netscape there are no >restrictions. We've all seen what they're going through to provide >download access to domestic customers for products with strong encryption. >News flash for David: jumping through these types of government-imposed >hoops costs *real money* that could be better spent elsewhere. You should do your homework. There are many restrictions in this world; business licenses, paying for services used, etc. My point was that there are no laws prohibiting strong domestic crypto and you know that to be true. > > >> Clearly if hardening were cost-justified to the civilian >> companies it would have been done already. > >It is being done as we speak. The government has clearly slowed the >process down though. And the more governmental involvement, the slower >the process will go. (And the quality of the result will likely suffer >too.) You are evading my point, which is that some protections are too expensive for an individual firm to cost-justify but are justified in public benefits from such protections. And there's no evidence that government regulations have slowed down protections on domestic financial networks, domestic air traffic control networks, etc. I would not object if you were making valid points, but you're not. You're evading the basic argument and trying to respond by nit-picking. > > >> One of the core problems is that the benefits from hardening cannot be >> captured by the individual compnanies, so they cannot cost-justify doing >> it. > >This hasn't been demonstrated to my satisfaction. I disagree, and I bet >most American companies would too. Again, you haven't done your homework. Ask any serious company what they'd like to be able to do, and what they can afford (cost-justify) doing. I can tell you from direct personal experience (I've been a senior technical executive of two Fortune 50 companies) that you are flat wrong. Don't take my word for it--ask the security chief of any Fortune 50 company. Some companies used to have an aphorism "If you haven't had at least one security violation, you're spending too much money on security." I don't agree, but it reflects what companies used to think they could afford unaided. Yet these days a "security violation" isn't just some safe left unlocked in a guarded area but the West Coast power grid going down or a 747 being spoofed into a mountain. > > >> it. But the losses from failure to harden can cost the wider society much >> treasure. That's a natural case for government intervention on behalf of >> the wider society. It's exactly like the "lighthouse" argument. The >> benefits from a lighthouse can't justify an individual shipbuilder building >> one, but the losses to society from the random aggregation of shipwrecks >> are far greater than the cost of lighthouses. Ergo, the government builds >> the lighthouses. > >Apples and oranges. The costs of protecting companies' resources is not >so high and the potential costs of not doing so are far higher. "not so high" compared to what? what level of protection? "costs of not doing so" doesn't capture public losses, which is the basis for government intervention.You haven't done your homework. I suggest you read any introductory economics text that covers public policy economics, or any good cost/benefit analysis text. > > >> >My message to a government concerned about the dangers of "information >> >warfare" (and its apologists): get out of the way and let industry work >> >on security. Then you can choose from the products offered for your >> >protection or develop your own. But don't sit there and prevent or help >> >prevent deployment of security technology while decrying the lack of >> >security. >> >> This isn't about preventing domestic deployment but assisting it. You are >> raising an entirely unrelated issue--crypto export policy. > >I'm merely pointing out the hypocrisy of a government that bemoans the >lack of security infrastructure even as it has been hard at work raising >obstacles to those that would build it. Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's, or AT&T's domestic computer networks has little to do with crypto export policy. > > >> >I don't claim that the current security deficiencies are entirely due >> >to ITAR restrictions but it is certainly a significant factor, and there >> >is still zero evidence that the government is competent to help. Let >> >them first fix their own problems (e.g. the alleged 250,000 DoD computer >> >breakins), *then* come help us in the private sector. >> >> Again as irrelevant as the argument that we shouldn't jail criminals until >> we've eliminated the economic inequities that allegedly produce crime. > >Putting the government in charge of fixing security problems is likely >to result in an infrastructure optimized for surveillance, as we've seen >with other government-sponsored initiatives (Clipper, DigitalTelephony, >etc.). The subject matter of the Commission's inquiry has more to do with authentication than message encryption, and more to do with infrastructure and network security. And as it happens there is no problem getting export licenses for authentication-only software with as secure a key as you like and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page as this issue. >The only security assistance that business and the public have ever >gotten from the government has been the kind with unacceptable conditions >(like undisclosed algorithms, "escrowed" keys, secret courts, etc.). Again, you are trying to fight a different battle in the wrong arena. This isn't about your ability to encrypt your traffic. It's about securing the domestic infrastructure against information warfare. I know this is beginning to sound tiresome, but you'd better do your homework. David From ceridwyn at wolfenet.com Thu Jul 18 21:18:22 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Fri, 19 Jul 1996 12:18:22 +0800 Subject: Opiated file systems Message-ID: <2.2.32.19960719003204.00684018@gonzo.wolfenet.com> >a (hidden) drive to your computer using a reasonably surreptious link that >is difficult to trace. Say, an IR optical link, a single bare (unjacketed) >optical fiber, a LAN with hidden nodes, or a similar system. Maybe an I find the idea of the optical fiber very interesting. Is there such a beast currently available? I really don't know anything about fiber, and therefore it would be very difficult for me to construct such a system myself... From cme at ACM.ORG Thu Jul 18 21:19:20 1996 From: cme at ACM.ORG (Carl Ellison) Date: Fri, 19 Jul 1996 12:19:20 +0800 Subject: Reasonable validation of a software package In-Reply-To: <31E87985.6EF9@ozemail.com.au> Message-ID: At 11:33 -0400 7/13/96, Michael Froomkin wrote: >This illustrates the need for and role of certification authorities. > >See http://www.law.miami.edu/~froomkin/articles/trusted.htm for some >info. > ["this" being the possibility that someone would generate lots of signed public keys with your name on them] However, there's nothing to stop generation of many certificates from trusted CAs with your name on them. In fact, if you have a name like Michael Smith, and if a CA is successful, there *will be* lots of certificates with your name on them, even without anyone's trying to do anything crooked. The problem people overlook is that a CA binds a public key to a name but the name is in the CA's name space. For me, a verifier, to derive any value from a certificate binding (key,name), the name has to be in *my* name space. If there were such a thing as a global namespace meaningful to everyone, then we could both use it. That's the X.500 falacy/pipe-dream. The fact is, no global name space could be held in one human's mind, so there's no way a global name space could be meaningful to me. So, to use a certificate from a CA, I need to map a name from its name space (DN) into a name in my name space (nickname). Every time I've looked at that process, I've had to have a secure channel over which to learn from the person I call by that nickname what DN he goes by. If I have that secure channel, then he could tell me his public key fingerprint ove that cnnel -- and I wouldn't need the CA. - Carl +------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2| | "Officer, officer, arrest that man! He's whistling a dirty song." | +-------------------------------------------- Jean Ellison (aka Mother) -+ From roy at sendai.scytale.com Thu Jul 18 21:24:47 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Fri, 19 Jul 1996 12:24:47 +0800 Subject: Minneapolis radio on Netscape US Version Message-ID: <960718.181812.5w2.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- KCFE has a brief and shallow "Business Report" in the afternoon. Yesterday, one of the items was Netscape's getting permission to make the US version available over the Internet. The bit mentioned a "strengthened method of scrambling data" and also mentioned the Gov't concern that it might be downloaded by terrorist groups. Some good, some bad. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe7JdBvikii9febJAQE28wP/eyvR1jfi5oU4sHwsnro6EwbHMr45Qptb wdX+0CDEtLCZv2eXQt+guWy4jIuEMrvd5obFiTGDJECkQ1aecYNiosQgdyJzqNgb 5xm98V7MlWBWGr7P5Ev4uOsC7mXbPvnPZ2BiCtlG5H+jnv4KKv7fr1ZtSngU+8Xl vDCp8MwQN9Q= =ZVdP -----END PGP SIGNATURE----- From jti at i-manila.com.ph Thu Jul 18 21:34:17 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Fri, 19 Jul 1996 12:34:17 +0800 Subject: Reverse Engineer Message-ID: <01BB752B.7DCF4600@ip65.i-manila.com.ph> What do you mean by "reverse engineer?" I have heard this word several times especially in the world of hacking, but... can someone tell me what it really meant? From jeffb at issl.atl.hp.com Thu Jul 18 21:53:42 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Fri, 19 Jul 1996 12:53:42 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: <199607182032.QAA17421@jafar.issl.atl.hp.com> David Sternlight writes: > > At 8:14 AM -0700 7/18/96, Jeff Barber wrote: > >David Sternlight writes: > > > >> Here's the problem in a nutshell: Everyone who has looked at our systems, > >> from Cliff Stoll on to blue ribbon scientific commissions, has come to the > >> conclusion that our society is vulnerable to willful sabotage from abroad, > >> ranging from information sabotage (hacking electronic financial > >> transactions) to physical sabotage (hacking power grid control computers to > >> cause widespread power failures leading to serious damage to people and > >> things; hacking the phone companies' computers, etc.). Some cases have > >> already been observed. The field has already got a name and lots of > >> publications. It's called "information warfare" and the government is > >> taking it VERY seriously. > >I for one reject your premise and your conclusions. There is no > >indication that government is capable of addressing this "problem" > >in a useful way. > > Let's see what the study group recommends. There are a lot of things the > government can do, and plenty of historical precedent. There *are* a lot of things government can do. There aren't a lot of things it can do well. But you want to wait and see what a *government study group* decides to recommend? Gee, who can guess what they'll decide? > To take one example, > in the merchant marine industry the government for years paid a subsidy for > shipbuilders to add certain "national defense features" to ships they were > building, to harden them in excess of normal civilian requirements so > they'd be robust in time of war. No shipbuilder could afford such features > unaided, and without them we either had a dramatically reduced shipping > capability in wartime or a very vulnerable one. Things have changed since > then, but the basic principles in the example are still valid. This wonderful little anecdote proves nothing by itself. How many of these merchant ships survived u-boat torpedos thanks to this hardening? I'd guess the number's pretty near zero. > > In fact, I argue that the situation is at least > >partially of government construction. The government's hindrance of > >crypto technology has undoubtedly slowed down and in many cases > >entirely prevented the application of current technology to protect > >the very systems the government now purports to be concerned about. > > There are no restrictions on using as good domestic crypto as you can get, > and this issue is about the robustness of our domestic information > infrastructure. This is simply wrong. There *are* restrictions on domestic crypto. They are restrictions imposed by the crypto export policy. Maybe there isn't an outright ban but there *are* nevertheless real restrictions (look up "restrict" in a dictionary near you). And tell Netscape there are no restrictions. We've all seen what they're going through to provide download access to domestic customers for products with strong encryption. News flash for David: jumping through these types of government-imposed hoops costs *real money* that could be better spent elsewhere. > Clearly if hardening were cost-justified to the civilian > companies it would have been done already. It is being done as we speak. The government has clearly slowed the process down though. And the more governmental involvement, the slower the process will go. (And the quality of the result will likely suffer too.) > One of the core problems is that the benefits from hardening cannot be > captured by the individual compnanies, so they cannot cost-justify doing > it. This hasn't been demonstrated to my satisfaction. I disagree, and I bet most American companies would too. > it. But the losses from failure to harden can cost the wider society much > treasure. That's a natural case for government intervention on behalf of > the wider society. It's exactly like the "lighthouse" argument. The > benefits from a lighthouse can't justify an individual shipbuilder building > one, but the losses to society from the random aggregation of shipwrecks > are far greater than the cost of lighthouses. Ergo, the government builds > the lighthouses. Apples and oranges. The costs of protecting companies' resources is not so high and the potential costs of not doing so are far higher. > >My message to a government concerned about the dangers of "information > >warfare" (and its apologists): get out of the way and let industry work > >on security. Then you can choose from the products offered for your > >protection or develop your own. But don't sit there and prevent or help > >prevent deployment of security technology while decrying the lack of > >security. > > This isn't about preventing domestic deployment but assisting it. You are > raising an entirely unrelated issue--crypto export policy. I'm merely pointing out the hypocrisy of a government that bemoans the lack of security infrastructure even as it has been hard at work raising obstacles to those that would build it. > >I don't claim that the current security deficiencies are entirely due > >to ITAR restrictions but it is certainly a significant factor, and there > >is still zero evidence that the government is competent to help. Let > >them first fix their own problems (e.g. the alleged 250,000 DoD computer > >breakins), *then* come help us in the private sector. > > Again as irrelevant as the argument that we shouldn't jail criminals until > we've eliminated the economic inequities that allegedly produce crime. Putting the government in charge of fixing security problems is likely to result in an infrastructure optimized for surveillance, as we've seen with other government-sponsored initiatives (Clipper, DigitalTelephony, etc.). The only security assistance that business and the public have ever gotten from the government has been the kind with unacceptable conditions (like undisclosed algorithms, "escrowed" keys, secret courts, etc.). If the government wants to do that to its employees, fine. (In fact, if a private company wants to do that to its employees, that's fine too; I won't be working for them, but IMO it's their prerogative.) But I don't want the government telling industry what to do with its security. Furthermore, I don't want my tax dollars involved in funding (or perhaps worse, "incentivising") it. Just get government out of this business. -- Jeff From roy at sendai.scytale.com Thu Jul 18 21:54:07 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Fri, 19 Jul 1996 12:54:07 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: <960718.180506.7L4.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, iang at cs.berkeley.edu writes: > This isn't just an issue of making sure your copy wasn't munged in transit; > without checksums, what's stopping netscape from embedding the info you > provide in the binary before shipping it to you, so that if it shows > up on hacktic, they know who did it? I trust Netscape, but I also cut the cards... [18:02] 1 [d:\tmp]:sendai# md5sum -b ns_inst.exe 0f4de3e744ec4e356ba9f8feb3ded7ec *ns_inst.exe [18:03] 1 [d:\tmp]:sendai# dir ns_inst.exe Volume in drive D is unlabeled Serial number is 4362:1EF5 Directory of d:\tmp\ns_inst.exe ns_inst.exe 3008531 7-16-96 20:24 3,008,531 bytes in 1 file(s) 3,010,560 bytes allocated 10,551,296 bytes free Their file delivery CGI could use some work... no reason I can see to offer the filename 'pick.cgi' for everything. Anyone sniffing the link knows the filename from previous forms submissions, anyway. OBRealCrypto: What's the best method for authenticating successive interactions with a CGI? Currently, the password is being passed clear as a hidden input field, but I have to believe there's a better way than that. One point is that the user will not be explicitly ending his session, but just wandering off to other pages. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe7F1hvikii9febJAQErowP+Kk+3RTSSeovzP6NcJquaM3DDwcVt4j1G KkXlKAAkQ2wTtueMeGsq4XNHf7bzwVOe2oMlqYTYzT2MIHgEvqbizrm3usCXeWK6 5iX1uIXnI3DDBuvCIZGkJs10wFJ6BvhHu3OxAsTadx5CwIMG1wDsLyIqoOs2wyV3 A4Ze99/SmpQ= =tjRf -----END PGP SIGNATURE----- From jsw at netscape.com Thu Jul 18 21:55:33 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Fri, 19 Jul 1996 12:55:33 +0800 Subject: US versions of Netscape now available In-Reply-To: Message-ID: <31EEEA3F.5015@netscape.com> Adam Back wrote: > Presumably as this latest netscape beta is freely distributable, once > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc. Just a minor nit. No netscape software is freely distributable. The license agreement does not allow people who download it to redistribute it. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From EVERHART at Arisia.GCE.Com Thu Jul 18 22:15:13 1996 From: EVERHART at Arisia.GCE.Com (EVERHART at Arisia.GCE.Com) Date: Fri, 19 Jul 1996 13:15:13 +0800 Subject: Cookies etc... Message-ID: <960718202354.62@Arisia.GCE.Com> On VMS, I have an applique which can be used to control completely what can be opened by apps you don't trust. It is perfectly capable of ensuring that nothing you haven't authorized is opened behind your back, mainly by telling you before the open proceeds what is being tried and giving you the ability to prevent it. Forcing use of some other disk (or scratch area) instead is of course also possible, selectively. The problem of things like cookies being left around without explicit permission (or other covert actions) would seem to be that there is no basis for assuming that the app is doing any of this as the agent of the person running the app. With EACF I can completely control this sort of thing; native out-of-the-box VMS has some facilities for partial control as well, which can be adequate. In doing so, they step outside the normal paradigm of assuming the "subject" is the user. I would contend that the "subject" should in fact be considered much more complex than user ID. At minimum, use of a tuple containing userid, program being run, location of user, privileges present, time of day, and identifiers ("group memberships") would seem to be needed for serious efforts, so that "subject" has some relation to what actually happens. The ability to treat certain actions as dynamically altering security or integrity levels is important too. Apps that leave files on your system without telling you are doing covert functions; these should be treated with great suspicion. So where are the critics of this? Does leaving such files constitute unauthorized computer use? I would say so. Anyone see the marshals coming to Netscape or Microsoft to haul anyone off to jail? Leaving files around would seem to deserve INFORMED consent. Do we get it? If your OS isn't as secure as VMS, maybe you want to think about this. ;-) Glenn Everhart at gce.com From ceridwyn at wolfenet.com Thu Jul 18 22:16:43 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Fri, 19 Jul 1996 13:16:43 +0800 Subject: An interesting instance of poltical anonymnity, now Message-ID: <2.2.32.19960719003729.006c94a8@gonzo.wolfenet.com> At 06:56 AM 7/18/96 EDT, you wrote: >Don't feel sorry for Klein - he's a fucking statist who opposes freedom of >speech. If CBS fires the creep for lying, it'll serve him just right. Than they should fire him on that basis (anti-free speech etc), not on the basis of preserving anonymity. //cerridwyn// From EVERHART at Arisia.GCE.Com Thu Jul 18 22:17:46 1996 From: EVERHART at Arisia.GCE.Com (EVERHART at Arisia.GCE.Com) Date: Fri, 19 Jul 1996 13:17:46 +0800 Subject: Opiated file systems Message-ID: <960718203303.62@Arisia.GCE.Com> Hmm... I can set up a cryptodisk on a not necessarily contiguous file on another cryptodisk; the software is free. The second cryptodisk would appear to be just a binary file on the first; would it not be an obscured filesystem? (The drivers have been given away for years public domain for vms, vax or alpha, in source. My old rsx11d driver was published similarly back in 1977 or 78.) In fact, though, the containing file of a cryptodisk does not have to have any specific name or location, and can be hidden away as though it were, say, a sound file or something else among the rest of the system store. Before someone comes demanding your keys, they first have to realize that something might in fact be encrypted. My approach would be to have lots of these obscured cryptodisks for the stuff I wanted private, if I wanted to hide a lot, and have the usual assortment of cleartext stuff of all sorts lying around. The default operation mode forgets the keys automatically once you log off...or even at dismount. If you're stuck with a whole partition being hidden, this is harder to do. When any file of over a few kb can be a separate filestructure when the proper magic is applied, locating the keys can be impossible. glenn From adam at homeport.org Thu Jul 18 22:18:20 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 19 Jul 1996 13:18:20 +0800 Subject: (fwd) Re: US versions of Netscape now available---NOT In-Reply-To: Message-ID: <199607190206.VAA11239@homeport.org> David Sternlight wrote: | > Whatever YaKnow | > cybernut at nutcom.com | > 10401 Wilshire Blvd, Suite 805 | > Los Angeles, CA 90024-4628 | > (310) 475-3799 | >Your friend. | | Isn't that nice. Some creep is proud enough of his skill at accessing the | trivially available InterNIC finger data that he posts it to invoke | harassment. And being a coward as well, he hides behind an anonymous | remailer. I see nothing cowardly about opposing a bad law from where the Feds can't harrass you. If the Feds were 'moral and upright' about enforcing the ITARs, instead of keeping Phil under indictment until the last minute, harrassing MIT via Sandia National Labs, and refusing to make clear the laws under which we live, then you might call it cowardly to oppose the law from behind a shield of anonymity. However, the Feds don't play by any set of rules known to the public. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From wb8foz at nrk.com Thu Jul 18 22:38:04 1996 From: wb8foz at nrk.com (David Lesher) Date: Fri, 19 Jul 1996 13:38:04 +0800 Subject: Netscrape download Message-ID: <199607190151.VAA14421@nrk.com> [From Phil Karn] Netscape's use of a CGI interface to download the US version (128-bit key) of Netscape Navigator raises the possibility that they are "serializing" or "personalizing" each copy they send out, perhaps in response to a DoS request that they do so in order to trace unauthorized redistribution. One way to test this theory without redistributing the actual code is to compare MD5 hashes of the distributions. After two days of unsuccessful attempts at obtaining the code from their overloaded server, I've just successfully downloaded the SunOS, BSDI and Windows 95 versions of Netscape Navigator. Here are the MD5 hashes of the files I received: BSDI version: 4ec4a705e2e4c6560475852fae807c8c SunOS version: e72ff352ca7c619cb31b8f8ef3651b28 Windows 95 version: 8e936813f12a1b3b77ed03d9239ebd5d Anybody care to compare these to the copies they obtain, assuming the logjam on the server breaks sometime soon? Phil -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close...........(v)301 56 LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead........vr vr vr vr.................20915-1433 From sandfort at crl.com Thu Jul 18 22:54:59 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 19 Jul 1996 13:54:59 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607181704.MAA16235@manifold.algebra.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 18 Jul 1996 ichudov at algebra.com wrote: > ...having a gun will not do you much good...you may kill someone > peaceful who entered your home with good intentions,... "Peacefully enters Tim's house in the middle of the night with "good intentions"? Tim's friends know his proclivities and would call first or at least knock. All others will be (and should be) hors de combat. >which will get you in jail. Nope, not true. Say what you will about California, but the one thing it did right was pass a law that said anyone found in your house at night is presumptively a threat to which you may respond with deadly force. Shoot on sight, in other words. > If you had a metal door, you would have enough time to wake up > and assess the situation. This is good advice though. Ironically, the only person I know with such a door is an ex-cop. Who should know better? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at got.net Thu Jul 18 22:58:20 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 13:58:20 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: At 3:18 AM 7/17/96, Stig wrote: >Perhaps this has already been voiced on the main list (I get a filtered >helping or two of cypherpunks), but *I'm* surprised that such a generic name >as 'Ecash' was granted trademark status anywhere. > >It's like giving Microsoft a trademark on the term 'Email'... It's nuts! >Was the term ecash not in use before DigiCash showed up on the scene? I agree, but note that Microsoft has gone a long way toward getting the courts to give it full monopoly ownership of the term "windows," or "Windows." I guess that windows-based Symbolics machine I was using in 1984, or those Xerox PARC windows-based D-machine, were violating the standard Microsoft set years later. (I admit that I bought Windows 1.0 about six months before I bought my first Macintosh, but I also note that Windows 1.0 was a ludicrous joke, and did not become a serious product until Windows 3.0 was released in 1990. And Apple had their windows (Windows is a TM of The Microsoft Corporation, all rights reserved) based machine, the Lisa, out in 1982-3.) As for Digicash's claims on "digicash," "ecash," etc., it won't matter much. The whole legal knot (including the patents and claims on the algorithms) makes things more complicated, but I don't worry too much about Digicash claiming people can't use the term "ecash." (If anything, Digicash may have failed to protect the name aggressively enough, and it may have entered the English language as band-aid did.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From daw at cs.berkeley.edu Thu Jul 18 22:59:17 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Fri, 19 Jul 1996 13:59:17 +0800 Subject: Educational cryptanalysis competition (small prize) In-Reply-To: <9607171243.AA26209@clare.risley.aeat.co.uk> Message-ID: <4smp0e$dac@joseph.cs.berkeley.edu> In article <9607171243.AA26209 at clare.risley.aeat.co.uk>, Peter M Allan wrote: > Obviously my crytanalysis needs some serious help. > Answers resembling "That's junk - use XXXXX." score zero. If you have a n-byte plaintext P[0..n-1], define f(P) as f(P) = P[0] ^ P[1] ^ P[2] ^ ... ^ P[n-1]. Now encrypt P[0..n-1] under your cipher to obtain C[0..n-1]. (Ignore the final reversible unkeyed transformation to hex, which has no impact on security.) My observation is that f(C) = rotate_byte(f(P), rot_constant) ^ key_dep_byte no matter how many rounds you use. Here rot_constant is a key-independent constant, and key_dep_byte depends only on the key (and not on the plaintext or anything). Therefore, (for example) knowing C[0..n-1] reveals f(P) when one known-plaintext is available. I'll leave it as an exercise to discover why and derive the values of the two constants. Hint: it's enough to prove it for one round. I think that I don't need to spend any more time on it (though I am sure there are many more weaknesses lurking in the code). In all fairness I can reasonably conclude that That's junk. Use triple DES. Take care, -- Dave Wagner From tcmay at got.net Thu Jul 18 23:28:53 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 14:28:53 +0800 Subject: Alternative Journalism Message-ID: At 11:04 PM 7/18/96, enquirer at alpha.c2.org wrote: > THE CYPHERPUNK ENQUIRER PRESENTS: > ... >"Don't worry about it. It gets worse before it gets better. Come on, we're >going to a party. Tim May and John Gilmore are throwing a Mad Tea Party." > >"Are they really mad?" > >"May's crazy as a loon. You'll like him. Gilmore, he's just still pissed >at Shimamura for that stunt in the hot tub ... " Ssshhh! Don't let it out that I'm crazy as a loon. BTW, "loon" is now considered to be derogatory slur and has been replaced by the more PC term "differently outlooked." We differently outlooked persons are forbidden by U.S. and California law from owning firearms, a method used increasingly to seize the firearms of those who have ever come into contact with the mental health profession. (Hint: Never, ever, ever, ever have yourself admitted to any kind of psychiatric facility for any reason whatsoever! Never, ever, etc. let a family member have you admitted for treatment, observation, or analysis. You will likely find that your right to own a firearm has evaporated if you do any of these things.) Personally, whenever I fill out the forms to buy a gun, I have no compunctions about lying. (The checking procedures are primitive, fortunately, unless one is so stupid as to answer "Yes" to any of the questions the form asks.) That I am a felon has never stopped me from picking up a gun. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From JonWienk at ix.netcom.com Thu Jul 18 23:30:22 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Fri, 19 Jul 1996 14:30:22 +0800 Subject: Opiated file systems Message-ID: <199607190313.UAA15414@dfw-ix12.ix.netcom.com> You had better make sure that you TEMPEST-shield any such hidden drive. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB From kpdarby at juno.com Thu Jul 18 23:30:34 1996 From: kpdarby at juno.com (Kevin P Darby) Date: Fri, 19 Jul 1996 14:30:34 +0800 Subject: Remailers & NYMs Message-ID: <19960718.225653.8023.0.kpdarby@juno.com> Does anyone know some good PGP encrypted remailers, that are secure and pretty fast? How about a few good NYMs? KPD ------------------------------------------------------------------------------------------------------------------- "Injustice anywhere is a threat to justice everywhere" --Rev. Dr. Martin Luther King, Jr. ------------------------------------------------------------------------------------------------------------------- From ichudov at algebra.com Thu Jul 18 23:31:38 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 19 Jul 1996 14:31:38 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607190227.VAA24586@manifold.algebra.com> Sandy Sandfort wrote: > > > If you had a metal door, you would have enough time to wake up > > and assess the situation. > > This is good advice though. Ironically, the only person I know > with such a door is an ex-cop. Who should know better? That was the essense of my letter. The problem of Tim's approach is that he has no time to react to a situation. The intruders will kill him faster than he will be able to shoot. Also, do not forget that if you sleep at night, your eyes will not be used to bright light. Thus, an intruder with a bright flashlight would be able to make you almost blind (and yes, you can keep the flashlight away from your body). I of course have no idea about Tim's accommodations, but in my apartment it takes about one second to break into my door if you have a heavy axe. Then three seconds after you break into the door you are in my bedroom and can shoot at me. Would a gun under my pillow help? I don't think so. Now if I had a good door, I would have tim to wake up, cock the gun, maybe call for help, and so on. Quite a different situation. Re: peaceful people in your house. Did you ever have bad dreams? Did you ever have guests in your house? Imagine that you have a guest who at 4am woke up and went to the bathroom. Then you see a bad dream how you are being robbed, see the guy in the dark, forget that he is your guest, and shoot him. Not very pretty, huh? Again, if your house was well protected, you would not be so alert and would allow yourself some time to wake up and think. If you do not believe me, refer to the rec.guns FAQ. It has all been discussed there. And really, I do not get why anyone wants to argue over this point: if you are concerned about ninjas, extraterrestials, robbers or whoever breaking into your house, PROTECT YOUR F^&*($G HOUSE. Then you can get a gun, blaster, grenade launcher or whatever, but none of the above will save you if you have only 4 seconds warning. I am not asking Tim to get rid of his gun -- I am merely suggesting how to _improve_ security. - Igor. From m5 at vail.tivoli.com Thu Jul 18 23:35:55 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 19 Jul 1996 14:35:55 +0800 Subject: New Infowarfare Panel In-Reply-To: Message-ID: <31EEEFFD.386B@vail.tivoli.com> David Sternlight wrote: > >My personal recollection... high speed fighter-bomber aircraft ... > I'm talking about some of the information that started slowly leaking out > later, not the prime-time TV pyrotechnics. Well, a lot of stuff "leaked out", but I'm not sure how much was actually acknowledged to be true. There was the thing about the "virus" in the printer drivers, or something like that, but I seriously don't see how any sort of software "attack" would have much significance once the Iraqi national microwave network was blasted into oblivion. The point is that I don't personally believe that there's much of a credible threat of one of these "Infowar Attacks" that this new commission plans to anticipate (by some means of divination; I am really eager to see what that turns out to be). Commercial systems are disparate enough and so inherently flaky that I doubt some terrorist agency could do much worse than your run-of-the-mill catastrophic system failure. The power grid is an exception, perhaps, but to attack that with any sort of real effect would probably require a physical attack, and in any case even the grid seems capable of random failures that bring about random chaos without the need for creepy foreigners. I also dispute the "lighthouse" story. That setup only is meaningful when there's a service necessary to the well-being of the community in a situation where no mechanism for ready cash flow to a provider exists. I question the premise that commercial suppliers of security systems & consulting can't solve corporate security problems effectively. Indeed, a good argument could be made that we're better defended by a wide variety of different security systems, rather than a single General Issue Uncle Sam Security System. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From mccoy at communities.com Thu Jul 18 23:38:33 1996 From: mccoy at communities.com (Jim McCoy) Date: Fri, 19 Jul 1996 14:38:33 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? Message-ID: Lucky wrote: > At 20:19 7/16/96, Stig wrote: [regarding the "Ecash" trademark...] > >It's like giving Microsoft a trademark on the term 'Email'... It's nuts! > >Was the term ecash not in use before DigiCash showed up on the scene? > > No that I am aware of. Furthermore, to the best of my knowledge, DigiCash's > Ecash is the only ecash that I am aware of. The other "ecashs" lack various > properties of cash, as previously explained by Bryce. Digicash's ecash lacks various properties of real cash from the users point of view (offline transferability, large scale acceptance, etc.) and a great many from the issuers perspective (too many to list...), but we still seem to want to call it electronic cash when it isn't. It may be "Ecash" but it sure ain't digital cash... jim From nobody at zifi.genetics.utah.edu Thu Jul 18 23:47:17 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Fri, 19 Jul 1996 14:47:17 +0800 Subject: New Infowarfare Panel Message-ID: <199607190403.WAA26099@zifi.genetics.utah.edu> David Sternlight wrote: >I'm talking about some of the information that started slowly leaking out >later, not the prime-time TV pyrotechnics. It doesn't "slowly leak out" as if there were some regrettable lapse in the plumbing. Someone has to commit the federal crime of military espionage! From johnbr at nortel.ca Thu Jul 18 23:50:04 1996 From: johnbr at nortel.ca (john (j.) brothers) Date: Fri, 19 Jul 1996 14:50:04 +0800 Subject: ABC News on internet telephony Message-ID: <"23952 Thu Jul 18 21:34:10 1996"@bnr.ca> In message "ABC News on internet telephony", you write: > > General topic of internet telephony > There's something fundamental going on here beneath the surface. > Surprisingly, a recent item (maybe the one you reported) on this suggests > that the big phone companies are trying to use this phenomenon rather than > stop it. I think it was AT&T Sprint has also come out in favor of the internet phone. > This is the rankest speculation on my part, but could some of the bigger, > smarter phone company cum internet providers have done some serious > analysis and concluded that we're moving away from distance-based rates for > voice calls. I will weigh in with my own stinky speculation: Sprint, MCI and AT&T (and possibly LDDS) own pretty much the entire commercial network physically. Every other long distance company leases lines from the big 3 (or 4,etc) and resells them, except for certain very specific points. And the Internet phone has pretty much given them the chance to drive their competitors out of business if it succeeds. After all, there is a constant demand for internet bandwidth. Every T3 they pull out of long distance services is a T3 they can throw into data services. It gives them a real cost savings compared to installing another high bandwidth backbone. They'll lose money from their customers who switch too, but those three are the ones with the lion's share of business lines, which won't be switching to Inet phone anytime soon. and they gain all the business customers who leave the dying small companies. And yes, fixed rate will be the way to go, especially for small bandwidth applications. Bandwidth is exploding - 1 Terabit optical networks have been created. A single phone line becomes miniscule. Now, if you want a much bigger pipe, they might charge you per hour for that. The thing I find second most interesting about this is how the large companies are fighting regulation, while the small ones are demanding it. That is a big change from yesteryear. And I know that AT&T has benefitted in a major way from gov't regulation in the past, but that doesn't make it right for it to be applied now. From JonWienk at ix.netcom.com Thu Jul 18 23:52:12 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Fri, 19 Jul 1996 14:52:12 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids [Noise] Message-ID: <199607190313.UAA18815@dfw-ix7.ix.netcom.com> I personally keep a Desert Eagle .44 Magnum (66 oz empty, 8+1 capacity, semi-auto,) with +P+ 240 grain FMJSP hunting loads. It's not just a gun, it's an adventure. :) Even if it doesn't penetrate body armor, the impact will knock anyone entering entering through your window at 0400 on their duff long enough for a follow-up shot or two to finish the job. This is in addition to a 12-gage pump shotgun and an M-1 carbine. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB From sandfort at crl.com Thu Jul 18 23:52:22 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 19 Jul 1996 14:52:22 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607190227.VAA24586@manifold.algebra.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 18 Jul 1996 ichudov at algebra.com (Igor) wrote: > Re: peaceful people in your house. Did you ever have bad dreams? Did > you ever have guests in your house? I have had guns, bad dreams and guests in my house all at the same time, many times. So far, I've managed to avoid shooting anyone. > Imagine that you have a guest who at 4am woke up and went to > the bathroom. Then you see a bad dream how you are being > robbed, see the guy in the dark, forget that he is your guest, > and shoot him. Not very pretty, huh? Not pretty but fortunately very unlikely. I can imagine everything you said except forgetting someone is in my house. When I have someone under the mantle of my protection, my senses and my awareness are *hightened* not reduced. Okay, so this is my excuse to tell my L.Neil Smith gun story. On my way driving to the East Coast, I stopped over for a night with Smith. If you are familiar with his writing you might imagine that his house is no stranger to firearms. That night I got up to (guess what) go to the bathroom. On my way back to the couch where I was sleeping, I was attacked by... Neil's cat. It reached out from under a table and scratched my foot. I was afraid he would go for my face or something once I was asleep again, so I went to Neil's room to ask him to put the cat someplace. Neil, wearing nothing but his shorts and a BIG .44 automag came out to see what I wanted. I told him and he put the cat in the basement. I thanked him and said the gun wasn't necessary as I didn't want him to shoot the cat. His response was, "I wasn't planning on shooting the cat." Gulp! And yet I live. I'll trust a gunnie over a jackbooted ninja any time and any place. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From paquin at netscape.com Thu Jul 18 23:54:22 1996 From: paquin at netscape.com (Tom Paquin) Date: Fri, 19 Jul 1996 14:54:22 +0800 Subject: Netscape download requirements In-Reply-To: <199607160905.FAA26831@mailserver1.tiac.net> Message-ID: <31EEDA69.31D8@netscape.com> Horse's mouth here, or mostly. First, the Weinsteins are right on the money in almost everything they say, so I won't repeat them. Second, I don't get to read this group much, so an apology for post-n-dash. Jeff and Tom W keep me informed, however, so here're some thoughts. > Well one 'ITAR gangsta' can alwas upload the linux version to a > 'liberated ftp site'. Great. Convince the government to withdraw our permission and never to give it again while the current laws stand. Please don't do this. > so why not do a 'whois netscape.com' > and enter the Netscape Communications Corps. data ? Afterall whois > to know .... Anonymous wrote: > > Tim you may use this as entry data: There are ways to spoof this but without serious IP spoofing and SSL hacking you'll leave a trail which could be followed if someone wanted to. I have no idea what the probabilities of an investigation are, but looking at the data we log, every lie we've received would be trivially tracked down if a motivated government agency came along. There isn't much about your connections that we don't log. If you all hack us, one of three things will happen: (1) someone will make us stop doing this (2) someone will slow it down more by forcing me to check more -or- (3) they'll let us stay up so they can (try to) come get you I'd bet on the first. Why screw with this? We worked hard to make this possible and you want to ruin it. Sheesh. "I hate the government so I'll blow up a federal building and then the FBI will get more money and attention and power and, um, that'll show 'em, er, ah....." sameer wrote: > > Have you considered selling this export verification system? No. I don't have redistribution rights to all of it. If someone were really interested, I'd talk to them, but the government would probably need to be told before any tech transfer took place, I'd bet. Also, our govt permission is pretty specialized; I don't think anyone can just go use it unless they are willing to brave those untested waters I keep getting reminded about. > Have you heard any reports of anyone successfully downloading it > period? Netscape always times out in the middle of a download. I > think the server is so overloaded that it's actually impossible to > download the software. Yeah, we're getting clobbered. We're working on it. Lots of people are making it, though. The site management guys know about the problem and are scurrying, anyway. > I sure wish there were an ftp site overseas somewhere, then I could > actually get the damned thing. If you get NoCookie: please check your system clock. I'm hoping that's most people's problems (those who don't have cookies disabled or r/o). For those of you who think some of our info requests go too far: well, my position to the US was: I want to do a download. I'll do what it takes. Given all the ITAR vagueness and total lack of case law, I think both sides did very well. While I don't agree with the usefulness of the laws in place, I think the guys in ODTC had their public service hats on very firmly the day they said OK to us. It would have been quite easy for them to maintain the old line but they wanted, in their way, to do the public a service. This is something I would like more of in Washington. This is the wrong place to wage battle. Rather than attack some odd piece of enforcement, participate in the debate over the regulations themselves. Strides are being made. This is a good time for your voice to be heard. If you don't like this mechanism, don't use it. It's your choice. -- Tom Paquin Netscape Communications Corp about:paquin From vinnie at webstuff.apple.com Thu Jul 18 23:55:33 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Fri, 19 Jul 1996 14:55:33 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: Tim, I understand you are pissed about what's going on in society but this really isnt a great strategy; >Personally, I think all folks should be armed at all times in their homes. >Those who aren't are taking their chances. doesn't this make you a prisoner of sorts... it is not healthy to go through long periods of time in orange alert. this might sound macho but it's impracticle. > My personal choice is a Heckler >& Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that >has a 92% one-shot stop rate, with adequate penetration through Kevlar >vests (typically worn by BATF raiders). >Fortunately, though KTW ammo is no longer available to "marks" (= >civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum >rounds are even better penetrators, but recoil and muzzle blast is pretty >severe with these loads.) Your choice of weapon is admirable, but I would suggest that something more akin to Glaser safety slugs, SW.40 or .45 would be better. with proper training you can perform an upward stitch, legs first. the point is the Glaser won't pentrate the walls and nail your neighbors. The +P penetration is way to strong and most likely to pass through. A scatergun is generaly a better weapon for home defense. there is something about looking down a 12 guage that changes your mind, Ninja suit or not. Besides this kind of strategy is better used on gangsta types. >I may die, but I hope I can take at least two of them with me. pretty dumb attitude, I would also profess that One Live Tim May, even in Jail is worth more to the protection of freedom than one martyred nekid hippy. getting into a gunfight with an entry team that has had much more practice than you can only lead to one conclusion, really the only protection from these Ninja's is through some form of covenant community. All joking aside that what Bo Gritz was really trying to do in Idaho, build a place where your neighbor watches each others back. It doesnt mater whether your agree with his politics or not, the point is he has an workable idea, Now couple that with redundant instant communication..the kind that is hard to jam. hmm imagine what Waco would have been like if the Branch Davidians: 1) were not morons. 2) knew how to use the news media 3) had redundant, spread spectrum, satilite, and underground comms into the net. This equals instant net coverage, to rival CNN. It makes for a hard target.Armed with your Militia-Mailer(tm) the strong crypto edition and live video, these folks would never consider getting near you. In some ways we already have one now, there are quite a few Cypher-punks out there, and it's pretty easy to get the word out. Historicaly folks like BATF prefer softer targets, they are safer. Ever wonder why doesnt the Reno squad hit the crack houses..well thats kind of dangerous, these folks know what they are doing and the cost to raid them can be very expensive in lives. And what do you get when your done, another well payed judge simply lets em out again.. It's also clear that there is another manufactured arms race going on, this time instead of Communism it's the "war on some drugs" It is costing us an incredable amount of tax dollars, it fucks with our freedoms, and produces limited results. This war also has the side-effect of producing a general feeling of disenfrancisement among the very citizens it is designed to protect. Folks like Her Klinton, piss off the the American people, when on one hand they spout rhetoric about how drugs are bad, and on the other hand condone them. Fighting back through firepower is unlikely to acheive the goal you want, It endangers innocent (if there are any left) folks and leaves you looking like a HCI poster child. I can see it now, "Crazed Naked Hippy Dies in battle with Federal Officers, linked to ITAR regulated Munitions factory". A better approach is to disarm and expose these bozos for what they are, and for christ sakes get out there and VOTE... dammit... and get your friends to VOTE.. But what do I know.. I just play a lawyer in Bob's rants.. Vinnie Moscaritolo "Law - Samoan Style" http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From jeffb at issl.atl.hp.com Fri Jul 19 00:07:37 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Fri, 19 Jul 1996 15:07:37 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: <199607190304.XAA17972@jafar.issl.atl.hp.com> David Sternlight writes: > > At 1:32 PM -0700 7/18/96, Jeff Barber wrote: > >> Let's see what the study group recommends. There are a lot of things the > >> government can do, and plenty of historical precedent. > > > >There *are* a lot of things government can do. There aren't a lot of > >things it can do well. But you want to wait and see what a *government > >study group* decides to recommend? Gee, who can guess what they'll decide? > > You should do your homework. It's going to have a lot of industry people on > it and be chaired by an industry person. This isn't the same panel I saw mentioned on this list. That one had, as I recall, two individuals being selected by each of several cabinet departments and executive agencies. > Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's, > or AT&T's domestic computer networks has little to do with crypto export > policy. Big companies like IBM, AT&T, etc. have *international* networks. Hence, the connection to the crypto export policy, which prevents comprehensive security programs from being deployed. As a "senior techinical executive" (oxymoron alert) to Fortune 50 companies, I assume you know that and are simply choosing to ignore it for the sake of your current argument. > >Putting the government in charge of fixing security problems is likely > >to result in an infrastructure optimized for surveillance, as we've seen > >with other government-sponsored initiatives (Clipper, DigitalTelephony, > >etc.). > > The subject matter of the Commission's inquiry has more to do with > authentication than message encryption, and more to do with infrastructure > and network security. And as it happens there is no problem getting export > licenses for authentication-only software with as secure a key as you like > and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page > as this issue. There is more to security than authentication, as I'm sure you also know but are choosing to ignore. Authentication alone may suffice in some situations but clearly not all. And in fact, this merely supports my point: left to government's preference, we'll all be well-authenticated when the surveillance tapes are introduced into evidence. (:-) > Again, you are trying to fight a different battle in the wrong arena. > This isn't about your ability to encrypt your traffic. It's about securing > the domestic infrastructure against information warfare. I know this is > beginning to sound tiresome, but you'd better do your homework. Indeed. This isn't a different battle, though; it's all interwoven. I don't want the government responsible for "securing the domestic infrastructure..." for the same reason that I don't want them telling me where or to whom I can sell crypto. They haven't any right to, IMO, and besides, I don't trust them to look out for my interests. -- Jeff From ichudov at algebra.com Fri Jul 19 00:09:14 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 19 Jul 1996 15:09:14 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607190415.XAA26616@manifold.algebra.com> Sandy Sandfort wrote: > And yet I live. I'll trust a gunnie over a jackbooted ninja > any time and any place. > I can agree with that (and most of your other points). I simply pointed out that protection of the access to one's house is necessary to ensure that firearms under the pillow can be used effectively and more safely. - Igor. From joelm at eskimo.com Fri Jul 19 00:10:27 1996 From: joelm at eskimo.com (Joel McNamara) Date: Fri, 19 Jul 1996 15:10:27 +0800 Subject: MSNBC and cookies Message-ID: <199607190426.VAA10722@mail.eskimo.com> In attempting to check out different Net media coverage of TWA 800, it appears the msnbc.com site won't let you in without a cookie. Repeated cookie cancels with Navigator 3.0 drop you into an indigestive loop of the server continuing to try to force feed you cookies. When you finally click OK, you get in. Am I spacing, or is this the first site anyone's stumbled on that requires a cookie for access? I've never been shut out of a site for canceling a cookie. The first cookie request does have a user ID field. If the server (or client) isn't misbehaving, this seems like a wee bit of a privacy issue. I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM PDT. Anyone care to confirm this. Joel From steve at miranova.com Fri Jul 19 00:12:56 1996 From: steve at miranova.com (Steven L Baur) Date: Fri, 19 Jul 1996 15:12:56 +0800 Subject: Netscrape download In-Reply-To: <199607190151.VAA14421@nrk.com> Message-ID: >>>>> "David" == David Lesher writes: I already trashed the Linux .tgz I downloaded, all I've got left to compare are the Microsoft Windows '95 (spit, to borrow a term), and Microsoft Windows 3.1 (spit, to borrow a term). David> Windows 95 version: David> 8e936813f12a1b3b77ed03d9239ebd5d 8e936813f12a1b3b77ed03d9239ebd5d ns_inst-95.exe # md5sum ns_inst-31.exe 0f4de3e744ec4e356ba9f8feb3ded7ec ns_inst-31.exe Linux executable: $ md5sum =netscape-3.0b5 a82666e8c83a39c4e4653f0de2a930cf /usr/local/www/bin/netscape-3.0b5 I seriously doubt they're playing any games. Also, I got onto their system within a half hour of spotting the announcement sitting in my cypherpunks.spool file and had no trouble downloading even though it wouldn't let me into the site with Lynx. I'd say they gave this list preferential, timely treatment ... -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone except you in November. From alanh at infi.net Fri Jul 19 00:26:22 1996 From: alanh at infi.net (Alan Horowitz) Date: Fri, 19 Jul 1996 15:26:22 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: DAvid Sternlight, There are not only public benefits when the government gets bigger and bigger and bigger. Even though you can't put a dollar value on loss of freedom, it is a loss. From tcmay at got.net Fri Jul 19 00:29:23 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 15:29:23 +0800 Subject: Filtering out Queers is OK Message-ID: At 11:29 PM 7/18/96, Cerridwyn Llewyellyn wrote: >I am not saying that a private entity doesn't or shouldn't have the Legal >Right to censor, but I am saying that censorship of any form by any >entity is a Bad Thing and the public (not the government, mind) should >fight it on all fronts. This, in my mind, is the only reason to be >dismayed by the decision on the CDA. It was found that the government >shouldn't censor on the Internet because there were forms of Corporate >censorship available. It would have truely been a great day if the >decision had been that the government shouldn't censor on the Internet >because censorship is wrong. Filtering is not "wrong," Cerridwyn, it is a rational response to garbage being spewed constantly. I filter lots of items. I read "Scientific American" and "The Economist" because they filter (or "censor," in the sense some are objecting to here) nonsense about "queer rights" and "peircing fashions," to name but a few things I have no interest in hearing about. If I had kids, I'd make sure that lots of negative memes were kept away from them until they reached an age where it no longer mattered, where there views are already basically set. I see nothing wrong in this. Anyone who disagrees is, of course, free to set his filters differently, but not to insist that my filters be changed. And the government is not free to pass any laws about what filter sites can and can't do. Unfortunately, I think many on this list are so taken by "liberalistic" notions that they think the State needs to intervene to stop me from filtering my son's access to "The Joys of Queer Sex." (As a libertarian, I really don't care what sexual practices others practice, so long as I am not forced to either fund or witness their practices. And so long as I am free to filter out their practices as I see fit, including for my minor children and/or members of my household.) >That is another problem, not the Real Problem. The Real Problem is that >parents are scared to have to explain to children why something they've >seen is wrong or bad. They are afraid to teach their children their >beliefs and values, so instead would rather just filter everything that >conflicts with those beliefs, so that they believe it by default. This is Some parents simply get tired of spending time each night trying to undo the propaganda taught in many public school, such as books like "I Have Two Mommies." Many of these parents eventually give up and put their kids in religious or private schools (even though they continue to pay taxes for schools their own children are no longer using). Queers are, as far as I'm concerned, perfectly free to practice their AIDS-spreading practices to any and all receptive anuses they can find, but I eschew this lifestyle and will fight to the death for this right to avoid their practices from being forced on me or my children (if I had any, which I don't). I think of AIDS as "evolution in action." Retroviruses which have existed for millenia now find new vectors for spreading in our population. I cry no tears for those dying of AIDS, and work to reduce to tax dollars spent on such things as "AIDS research." Let those who introduced the new vector pay for the research. What do you call ten million AIDS deaths? You figure it out. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From apache at quux.apana.org.au Fri Jul 19 00:51:20 1996 From: apache at quux.apana.org.au (Charles Senescall) Date: Fri, 19 Jul 1996 15:51:20 +0800 Subject: ********Apology********** Message-ID: To the dozens of people subject to a careless error on my part and who would have received bounced mail from me I apologise. I have fixed the error. Sorry. From hallam at ai.mit.edu Fri Jul 19 01:06:12 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Fri, 19 Jul 1996 16:06:12 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <4skrnb$8bp@life.ai.mit.edu> Message-ID: <31EF19A5.15FB@ai.mit.edu> Timothy C. May wrote: > I wonder when and how raids in the U.S. moved from the "Come out with your > hands up" verbal announcement (for the cases that needed more than a knock > on the door) to this blast-in-the-doors approach, where the raiders are > dressed in "tactical black" and are wearing black Nomex hoods and carrying > MP-5s and blast any "perp" who looks at them cross-eyed? If people decide that they are going to permit widespread ownership of guns then these tactics are inevitable. They are rare in the UK because gun ownership is relatively rare. I find this type of talk typical wishy washy libertarian twaddle. There are dangerous people arround besides the government and the government is the only agency that is going to protect society from them. If you don't like living in a country where the police are armed to the teeth then move to the UK where there are very few armed police. Of course you will find that the price of freedom of mind is a minor restriction on your personal freedom, you won't be allowed a weapon either but that is the tradeoff. If you want to own guns then you should accept the fact that you risk having your head blown off in the middle of the night by a SWAT team. Just as the car has introduced the risk of being killed in a trafic accident the gun has introduced new risks. If society dosen't like the risks then it can opt to ban the technology. If you want to own a gun because you have some kind of personality problem and you need to prop up your ego then Phill From anonymous-remailer at shell.portal.com Fri Jul 19 01:12:30 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 19 Jul 1996 16:12:30 +0800 Subject: No Subject Message-ID: <199607190516.WAA19014@jobe.shell.portal.com> Hello! Sorry for the off topic. I want to ask how to install Netscape3.0b5a under NT. I keep getting "Netscape is unable to locate the server: home.netscape.com. The server does not have a DNS entry." Thanks From declan+ at CMU.EDU Fri Jul 19 01:27:17 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 19 Jul 1996 16:27:17 +0800 Subject: TLA abuse (?) [non-crypto, mostly] In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 18-Jul-96 Re: TLA abuse (?) [non-cryp.. by "Clay Olbon II"@dynetics > Child pornography is illegal, however I don't believe that pictures of > nekkid children are always considered to be child pornography (however much > small-minded twirps want you to believe that they are). I know several > "fundamentalists" who decry what our society has sunk to with images such The Knox case established that lascivious exhibition of the genitals (required for conviction) could take place when the kid was clothed. In that case, the girls were dancing around wearing leotards. I have my cites at work. -Declan From kdf at gigo.com Fri Jul 19 01:34:04 1996 From: kdf at gigo.com (John Erland) Date: Fri, 19 Jul 1996 16:34:04 +0800 Subject: Periodic Mix-to-DOS Port Inquiry Message-ID: (Please reply via netmail - I haven't regular list access.) Is Mixmaster ported to DOS yet? Thanks... -- : Fidonet: John Erland 1:203/8055.12 .. speaking for only myself. : Internet: kdf at gigo.com From ceridwyn at wolfenet.com Fri Jul 19 02:07:11 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Fri, 19 Jul 1996 17:07:11 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960719063324.00695be4@gonzo.wolfenet.com> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . >Nope, not true. Say what you will about California, but the one >thing it did right was pass a law that said anyone found in your >house at night is presumptively a threat to which you may respond >with deadly force. Shoot on sight, in other words. I find it hard to believe "anyone". If "anyone" happens to be law enforcement, as has been proven again and again: yer screwed no matter what (either dead or in jail forever). //cerridwyn// From tcmay at got.net Fri Jul 19 02:08:30 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 17:08:30 +0800 Subject: MSNBC and cookies Message-ID: At 4:25 AM 7/19/96, Joel McNamara wrote: >In attempting to check out different Net media coverage of TWA 800, it >appears the msnbc.com site won't let you in without a cookie. Repeated >cookie cancels with Navigator 3.0 drop you into an indigestive loop of the >server continuing to try to force feed you cookies. When you finally click >OK, you get in. > >Am I spacing, or is this the first site anyone's stumbled on that requires a >cookie for access? I've never been shut out of a site for canceling a >cookie. The first cookie request does have a user ID field. If the server >(or client) isn't misbehaving, this seems like a wee bit of a privacy issue. > >I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM >PDT. Anyone care to confirm this. Microsoft and GE, the parent corporation of NBC, are participants in the FBI's "Web Awareness Program." Like the FBI's "Library Awareness Program," which tracked which books were being checked out by which patrons, the Web Awareness Program tracks user interests at Web sites. The WAP has already allowed the FBI and other intelligence agencies to check up on several people who appeared to have an unusual interest in the TWA 800 case. (Don't spend too much time in certain sites, friends.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Jul 19 02:28:50 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 19 Jul 1996 17:28:50 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: At 2:27 AM 7/19/96, Igor Chudov @ home wrote: >Sandy Sandfort wrote: >> >> > If you had a metal door, you would have enough time to wake up >> > and assess the situation. >> >> This is good advice though. Ironically, the only person I know >> with such a door is an ex-cop. Who should know better? > >That was the essense of my letter. The problem of Tim's approach is that >he has no time to react to a situation. The intruders will kill him >faster than he will be able to shoot. Look, I took this discussion to private e-mail with Igor earlier today, figuring the rest of you had already gotten my basic point in my main article and did not need further explanations. However, as Igor is imputing motives and plans to me, I have to comment. First, as I explained to Igor in e-mail, my home has _multiple_ (7 or 8) windows on the ground floor, several (3) sliding glass doors, and a couple of outside doors. The expense of fortifying each to Igor-recommended, Ninja-resistant levels would be quite high. (And I have seen houses with bars on all the windows...not a pretty sight, and not something I moved to my hill to turn around and imprison myself with. Not only are such bars ugly, they are expensive. And a potential fire hazard, as several cases have shown; people have been trapped in burning homes, unable to unlock the bars.) Second, and in line with Sandy's comments, I am quite aware--and quite careful--when visitors or guests are staying in my home. The scenario of my not realizing a noisemaker is one of my guests is implausible. In any case, most of the time I have no guests. Those who train with guns understand the dangers, the risks, and the proper handling of situations. Third, there are no plausible scenarios for "someone peaceful who entered your home with good intentions." If someone is in my home, uninvited and without my knowledge, the law in California and in most other states says that I am justified in firing. Period. I don't have to read him his rights, I don't have to ask if his intentions are peaceful, I don't have to have proof that he plans to shoot me. All I have to have is reasonable fear that I or my family/guests could be in danger. (The exact legal wording is something like this, but may be slightly different.) I know of few if any cases where a prowler was shot in a darkened house--or even during daylight--and any successful prosecution or lawsuit resulted. Fourth, the huge increase in "home invasions" in recent years should cause anyone to stop and ponder self-protection. ("Home invasion" is the practice of a gang of robbers hitting a house hard and fast, tying up or shooting the occupants, and then ransacking the place for anything they can carry. Often the occupants are shot execution-style.) Cops are not likely to be of much help. Fifth, when intruders, robbers, wandering drunks, and home invaders think there is no chance of a homeowner defending himself, crime rates tend to be high. In communities of the West where large percentages of homeowners have shotguns and assorted handguns, the crime rate appears to be much lower than in "disarmed" places back East. (We could argue the statistics on this til the cows come home, and I don't plan to. Talk.politics.guns is the place.) >Also, do not forget that if you sleep at night, your eyes will not be >used to bright light. Thus, an intruder with a bright flashlight would >be able to make you almost blind (and yes, you can keep the flashlight >away from your body). Your point being? I have no idea if intruders are planning to use flashlights to blind victims, but I rather doubt it. The nature of the most common intruder-defender situation is that the intruder typically does not want to awaken the defender...indeed, he tries to strike when he thinks the defender is away. (And most cases of intruders killing the defenders is when the defenders surprise the intruders.) Obviously there are all kinds of scenarios, but I'm skeptical that flashlights are a useful strategem for either side to count on. (I am thinking about getting a ultra-bright flashlight, though.) >I of course have no idea about Tim's accommodations, but in my apartment >it takes about one second to break into my door if you have a heavy axe. >Then three seconds after you break into the door you are in my bedroom and >can shoot at me. Would a gun under my pillow help? I don't think so. The good news for we defenders, and this applies to both the gun case and the hypothesized "flashlight" case is that most intruders are poorly trained in gun-handling, are armed with fairly wimpy guns (e.g., .38s), have practiced very little, and rarely carry high-power flashlights (such as the extremely bright "Sure-Fire" tactical flashlights). Cops are, of course, another story. The point being that a citizen who practices at the range, firing at least 500 rounds a year or so at combat-range targets, is usually _much_ better-prepared to win a firefight with a street punk carrying a .38 or .25 he's never fired before. (Ninjas are another story, of course.) (However, to a person who is unarmed, a shot from a .38 or a .25, or even a .22, can result in death.) >Now if I had a good door, I would have tim to wake up, cock the gun, >maybe call for help, and so on. Quite a different situation. Yeah, fine, you've now made your "good door" point several times, here and in private mail to me. So get a "good door" already! (BTW, my door is a solid-core heavy door, with Schlage lock and deadbolt, so it ain't wimpy. Ninjas have special tools to zap even such doors, but, frankly, I'd expect them to come in through the windows. As I said, I don't plan to spend thousands of dollars installing Lexan windows and bars, for various reasons. And windows are almost always the point of entry for burglars, not crashing through the front door.) >If you do not believe me, refer to the rec.guns FAQ. It has all >been discussed there. Puh-leese! As Perry would say, don't teach Grandpa how to suck eggs. I've been shooting since 1974 (not counting childhood target practice) and am pretty well-versed in such things. >I am not asking Tim to get rid of his gun -- I am merely suggesting >how to _improve_ security. Yeah, but you have a one-track mind ("get a good door"). And bringing in all the nonsense about bad dreams and sleepwalkers and lawsuits by people strolling through living rooms for "peaceful purposes" (though not invited by the owner!) and the like...this set of nonsense can only be interpreted in the context of your thinking that having guns in a house is dangerous. Do as you wish, Igor. Please, by all means, replace your apartment door with a heavier one, even a steel-core one. But don't conflate this advice with nonsense about dreams, sleepwalkers, getting arrested for defending a home, and suchlike. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ecgwulf at worldnet.att.net Fri Jul 19 02:42:06 1996 From: ecgwulf at worldnet.att.net (Llywarch Hen) Date: Fri, 19 Jul 1996 17:42:06 +0800 Subject: New Infowarfare Panel Message-ID: <2.2.16.19960719061357.230f34a8@postoffice.worldnet.att.net> >I'm certainly not saying "information warfare" is impossible--for example, >I did some work in the late 70s for DARPA on knocking out satellites with >particle beam weapons. Specifically ... There is an interesting document at http://www.rand.org/publications/electronic/. _Strategic Information Warfare: A New Face of War_, by Roger C. Molander, Andrew S. Riddile, and Peter A. Wilson. -- Llywarch Hen From frantz at netcom.com Fri Jul 19 03:08:08 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 19 Jul 1996 18:08:08 +0800 Subject: "address verification databases"? (was: Netscape download...) Message-ID: <199607190719.AAA14861@netcom8.netcom.com> Personally, I don't mind being in a data base of people interested in products with strong crypto. (For another one, ask majordomo at toad.com.) BTW, I must be lucky, I down loaded it on the first try. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From grafolog at netcom.com Fri Jul 19 03:46:58 1996 From: grafolog at netcom.com (Jonathon Blake) Date: Fri, 19 Jul 1996 18:46:58 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <31EF19A5.15FB@ai.mit.edu> Message-ID: Hallan-bakar: On Fri, 19 Jul 1996, Hallam-Baker wrote: > dangerous people arround besides the government and the government is the The most dangerous person is the world is a an armed law enforcement officer. The least dangerous person is that same law enforcement officer, dead. The _only_ difference between a gang of thugs, and a government, is that the latter admit to being thugs, whilst the former deny that. They both operate on the same prinicple -- steal from others, and kill those that oppose them. > only agency that is going to protect society from them. If you don't like Governments are the agencies _most_ likely to abuse one's freedom. << Take Northern Ireland, as an example of what happens, when a government tries to pacify a region, by prohibiting everything. >> > living in a country where the police are armed to the teeth then move to > the UK where there are very few armed police. Of course you will find that Note in passing that the British Army is more than perfectly willing to massacre the civilian population, it purportedly protects. Of course, that is in their capacity as an occupation force, as part of their pacification procedures. > the price of freedom of mind is a minor restriction on your personal freedom, > you won't be allowed a weapon either but that is the tradeoff. Thanks, but if it is all the same to you, I'd rather live in a country where everybody << including six year olds >> carry, and can use Uzi's, etc, as a matter of course. Where weapons are just another thing to carry around, and used to kill those who don't respect human rights --- like the British and American governments, for starters. xan jonathon grafolog at netcom.com From hua at xenon.chromatic.com Fri Jul 19 03:47:37 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Fri, 19 Jul 1996 18:47:37 +0800 Subject: Privatize the NSA (Was: NSA response to key length report) In-Reply-To: <199607181604.MAA12956@nsa.research.att.com> Message-ID: <199607190716.AAA20359@server1.chromatic.com> It sounds like most of their "counter-arguments" are just stalling tactics. If you are a lawyer for someone you know is guilty, you still would choose to find every reason in the book to attack the prosecution's case. Here we have precisely the same effect with the NSA. Any tactical manuveur to keep stalling the impending collapse of ITAR. (It is human .. er .. rather .. bureaucrat-esque to claim innocence in the face of overwhelming evidence of guilt.) > The NSA document also calls into question our cost estimates for ASIC > components, suggesting that ASIC chips of this type cost NSA > approximately $1000.00 each. However, our $10.00 per chip estimate is > based on an actual price quote from a commercial chip fabrication > vendor for a moderate-size order for an exhaustive search ASIC > designed in 1993 by Michael Wiener [2]. Perhaps NSA could reduce its > own costs by changing vendors. Perhaps, in their fit of downsizing, Congress should privatize the NSA? Ern From david at sternlight.com Fri Jul 19 03:50:00 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 18:50:00 +0800 Subject: US versions of Netscape now available In-Reply-To: Message-ID: At 2:11 PM -0700 7/18/96, Adam Back wrote: >Presumably as this latest netscape beta is freely distributable, once >it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc. Not at all. That would be software piracy--and they'd stand the same chance of going to jail they would if they had Lotus Notes or Microsoft Word on such sites, crypto or no. David From alano at teleport.com Fri Jul 19 04:23:00 1996 From: alano at teleport.com (Alan) Date: Fri, 19 Jul 1996 19:23:00 +0800 Subject: "address verification databases"? (was: Netscape download...) In-Reply-To: <199607190719.AAA14861@netcom8.netcom.com> Message-ID: <199607190810.BAA07064@linda.teleport.com> > > Personally, I don't mind being in a data base of people interested in > products with strong crypto. (For another one, ask majordomo at toad.com.) > BTW, I must be lucky, I down loaded it on the first try. I could not get it to download. I then ignored the program and went to do something else. After about 3-4 minutes, it finally connected. It seems to work, it just takes a bloody long time. As for being on lists... I tend to assume I am on alot of lists. I expect to be one of the people up against the wall when the police state comes... (But they will have to make an appointment first. I am busy.) [For those who will nitpick about the lack of usual sig lines... I am Telnetted in and not using my usual mailer. Waiting for a download to finish.] From gbroiles at netbox.com Fri Jul 19 04:23:30 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Fri, 19 Jul 1996 19:23:30 +0800 Subject: "address verification databases"? Message-ID: <2.2.16.19960719081433.364784b4@mail.io.com> At 10:57 PM 7/17/96 -0700, Tim May wrote: >At 9:45 PM 7/17/96, Jeff Weinstein wrote: > >> Because we have not yet been able to obtain the address verification >>databases that we need for Canada. There is someone working on >>tracking this down right now. When we get the proper database we >>will add access to canada. >> >> --Jeff > >Jeff, can you tell us anything more about what these "address verification >databases" are? > >For example, are they derived from government sources? Census data? (Naw, >can't be, for at least two obvious reasons). Voting records? (Naw.) Credit >card purchases? (??) I followed the links and explored the web site of the "address verification" provider ( http://www.abii.com ). The data they have about me is outdated (by at least a year) and apparently derived from a phone book or directory assistance. I picked up a copy of "The Net" magazine at the store tonight because it's got an article listing several of these Web-accessible address/phone databases. The article doesn't say anything especially fascinating but it does list three such sites: http://www.abii.com/lookupusa/adp/peopsrch.htm http://www.searchamerica.com/ http://www.switchboard.com/ -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From mpd at netcom.com Fri Jul 19 04:29:47 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 19 Jul 1996 19:29:47 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: <199607190748.AAA08518@netcom2.netcom.com> tcmay at got.net (Timothy C. May) writes: > Filtering is not "wrong," Cerridwyn, it is a rational > response to garbage being spewed constantly. I filter lots > of items. I read "Scientific American" and "The Economist" > because they filter (or "censor," in the sense some are > objecting to here) nonsense about "queer rights" and > "peircing fashions," to name but a few things I have no > interest in hearing about. Filtering is wonderful. Long live filtering. I used to read "Scientific American" too, back in the days when the table of contents wasn't illustrated with cute little icons. Back then, reputable scientists, as opposed to staff writers and less reputable scientists, actually wrote all the articles, which were about science, and not political screeds mascarading as science. And to conserve bandwidth, please reread the above paragraph substituting "Nova" for "Scientific American" and "watch" for "read." Having offended "Scientific American" and PBS, let us now proceed to the main agenda item, offending homosexuals. > If I had kids, I'd make sure that lots of negative memes > were kept away from them until they reached an age where it > no longer mattered, where there views are already basically > set. If I had kids, I would be overjoyed that the new technology of the information age permitted them to investigate any topic of their choice in the safety of their own home. Of course, there would be some reasonable limits during their very early years, if only to prevent them from waking up screaming in the middle of the night, but I expect most of these could be eliminated by the time they reached their early teens. If I had kids, I am sure Tim would support my right to give them access to the entire universe of human knowlege and thought as early as possible, and to let them form their own opinions on every conceivable subject, even if those opinions differed from my own. Where I suspect we differ, is that I would not only advocate such an advantage for my kids, but for his as well. The problem with giving parents the absolute right to control their childrens' input of memes until the children are too old and stupid to learn anything new, is that it creates generational propagation of obsolete ideologies. All the Dole children think exactly like Bob. All the Hitler children think exactly like Adolf. Same for the Mengele children, the Nixon children, the Stalin children, the Netanyahu children, etc... > I see nothing wrong in this. Anyone who disagrees is, of > course, free to set his filters differently, but not to > insist that my filters be changed. And the government is not > free to pass any laws about what filter sites can and can't > do. Before the days of home computers and filters, we had things called public libraries. They provided all citizens with unfiltered access to information of their choice, even children. Members of the American Library Association are pretty good at torching paper trails of what people choose to read, and allowing children who have reached the age of reason access to almost everything in the library, as long as they don't talk too loudly or stick gum to the seats. Parents may not like this, but up until now, the librarians have stood their ground. The movement towards accessing information from home PCs, coupled with the new "parents rights" movement and filtering software, creates a situation where no one under the age of 18 can have access to any information their parents don't want them to see. As the Web replaces the library, young people won't even be able to preserve the same anonymous access to controversial information they have always had in the past. This is a step backwards for youth rights. > Unfortunately, I think many on this list are so taken by > "liberalistic" notions that they think the State needs to > intervene to stop me from filtering my son's access to "The > Joys of Queer Sex." > (As a libertarian, I really don't care what sexual > practices others practice, so long as I am not forced to > either fund or witness their practices. And so long as I am > free to filter out their practices as I see fit, including > for my minor children and/or members of my household.) The age of filtering has arrived. You can filter your childrens' access to sex manuals, grandma's access to the elder abuse web page, and your underpaid Ethiopian leaf blower operator's access to anything having to do with laws against sub-minimum wages or slavery. > Some parents simply get tired of spending time each night > trying to undo the propaganda taught in many public school, > such as books like "I Have Two Mommies." Many of these > parents eventually give up and put their kids in religious > or private schools (even though they continue to pay taxes > for schools their own children are no longer using). I certainly believe that the education dollar should be in the hands of the education consumer, that the NEA and the AFT should be splintered into a million pieces and scattered to the winds, and that providing educational services should become a competitive business run with the efficiency of Federal Express. Nonetheless, I am not going to panic when the kids come home after having read "Uncle Bruce's Asshole Has Two Uses" or "Grandma Visits the Euthanasia Clinic" in class. The solution to bad speech is more speech. Older kids can make up their own minds about such things after hearing all sides, including their parents', and younger kids generally take what is said at home at face value anyway. > Queers are, as far as I'm concerned, perfectly free to > practice their AIDS-spreading practices to any and all > receptive anuses they can find, but I eschew this lifestyle > and will fight to the death for this right to avoid their > practices from being forced on me or my children (if I had > any, which I don't). As an individual who has no desire to engage in gay sex, or watch it being performed while I am eating, I must admit my attitudes towards the "gay community" have undergone a certain evolution in recent years. Back in the '70s, gays supported a wide-ranging platform of human rights issues, and a lot of activists whose work I admired on many issues I supported "happened to be gay." Now that the gay community has narrowed its focus solely to the issue of consensual adult sodomy rights, and shown alarming signs of sucking up to the Radical Religious Right, I really don't have warm feelings towards it anymore. They have marginalized many of their former supporters and seem more interested in pleasing Jesse Helms than in showing anything resembling ideological integrity. I really believe the gay movement of today would sell out almost anyone if they thought it would guarantee the right of homosexual men to join the Republican Party and plug each others assholes in private in the community of their choice. A right I support, of course, as long as I don't have to watch it or pay for it. > I think of AIDS as "evolution in action." Retroviruses > which have existed for millenia now find new vectors for > spreading in our population. I cry no tears for those dying > of AIDS, and work to reduce to tax dollars spent on such > things as "AIDS research." Let those who introduced the new > vector pay for the research. I'm not sure this is "evolution in action", as much as the "law of unintended consequences." Kind of like feeding ground up sheep to cows and discovering that the brains of hamburger eaters are turning to swiss cheese. Not a morality issue at all. Homosexual transmission of HIV is not the significant vector in most of the world anyway, with the exception of the US and a few other countries where the virus happened by pure accident to find its way into a high risk population. > What do you call ten million AIDS deaths? You figure it > out. If this is like the lawyer joke, it isn't very nice. In any case, to summarize... 1. Let a thousand filters bloom today. 2. Filtering what you read is good. 3. Filtering what other people read is bad. 4. Choosing your own perversions is good. 5. Making other people watch is bad. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From eagle at armory.com Fri Jul 19 04:33:26 1996 From: eagle at armory.com (Jeff Davis) Date: Fri, 19 Jul 1996 19:33:26 +0800 Subject: Alternative Journalism In-Reply-To: Message-ID: <9607190123.aa15828@deepthought.armory.com> At 11:04 PM 7/18/96, enquirer at alpha.c2.org wrote: > THE CYPHERPUNK ENQUIRER PRESENTS: > > ... >"May's crazy as a loon. You'll like him. Gilmore, he's just still pissed >at Shimamura for that stunt in the hot tub ... " A certain New York Times columnist questions Markoff's ethics, and I believe John that the toad.com logs showed no intrusion by Mitnick. I managed to peg a precise time on Kevin's multi-system intrusion on my home Sparc 20, which helped peg him in NC off the 1(800) ANI he was gaining access through. One of Mitnick's friends had the audacity to contact Stanton at EFF about the possibility of defending him. He was told there were no classical civil liberties to argue in the case... So I suppose it's best to let sleeping dogs lie, eh? -- According to John Perry Barlow: *What is EFF?* "Jeff Davis is a truly gifted trouble-maker." *email * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** US Out Of Cyberspace!!! Join EFF Today! *email * From grafolog at netcom.com Fri Jul 19 04:39:54 1996 From: grafolog at netcom.com (Jonathon Blake) Date: Fri, 19 Jul 1996 19:39:54 +0800 Subject: Alternative Journalism In-Reply-To: Message-ID: Tim: On Thu, 18 Jul 1996, Timothy C. May wrote: > questions the form asks.) That I am a felon has never stopped me from But you aren't a _convicted_ felon yet, Tim. That makes a _big_ difference. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From ses at tipper.oit.unc.edu Fri Jul 19 04:56:38 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 19 Jul 1996 19:56:38 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: On Thu, 18 Jul 1996, Timothy C. May wrote: > Filtering is not "wrong," Cerridwyn, it is a rational response to garbage > being spewed constantly. I filter lots of items. I read "Scientific > American" and "The Economist" because they filter (or "censor," in the > sense some are objecting to here) nonsense about "queer rights" and Actually, the Economist has, er, come out strongly in favour of gay rights on numerous occasions- most recently on the issue of same sex marriages. From aba at dcs.ex.ac.uk Fri Jul 19 05:17:40 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 19 Jul 1996 20:17:40 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EEEA3F.5015@netscape.com> Message-ID: <199607190709.IAA00119@server.test.net> Jeff Weinstein writes: > Adam Back wrote: > > Presumably as this latest netscape beta is freely distributable, once > > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc. > > Just a minor nit. No netscape software is freely distributable. > The license agreement does not allow people who download it > to redistribute it. Oh dear! So I am incorrect... but wait, what about people like sunsite northern europe (Imperial College London: ftp.doc.ic.ac.uk) who already have a license to be a Netscape mirror site. Would this license allow them to distribute this latest 128 bit netscape beta (were it to leak)? Adam -- #!/bin/perl -sp0777i Message-ID: <4snish$div@joseph.cs.berkeley.edu> In article , Steven L Baur wrote: > Linux executable: > $ md5sum =netscape-3.0b5 > a82666e8c83a39c4e4653f0de2a930cf /usr/local/www/bin/netscape-3.0b5 Looks like we match: ~ $ md5sum /opt/netscape-3.0b5a-US/bin/netscape a82666e8c83a39c4e4653f0de2a930cf /opt/netscape-3.0b5a-US/bin/netscape Also, for any others who might like to compare their Linux .tar file: ~ $ md5sum netscape.tar.Z fdface7dbbf0ea350847edf1ad37e4a8 netscape.tar.Z > Also, I got onto their system within a half hour of spotting the > announcement sitting in my cypherpunks.spool file and had no trouble > downloading even though it wouldn't let me into the site with Lynx. > I'd say they gave this list preferential, timely treatment ... Three cheers for Netscape! -- Dave From ceridwyn at wolfenet.com Fri Jul 19 05:23:51 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Fri, 19 Jul 1996 20:23:51 +0800 Subject: Netscape download requirements Message-ID: <2.2.32.19960719084701.006a8aac@gonzo.wolfenet.com> I realize you're probably overloaded with email/etc, but as you don't read c'punks, I'll take a chance with a personal note anyway... >> Well one 'ITAR gangsta' can alwas upload the linux version to a >> 'liberated ftp site'. >Great. Convince the government to withdraw our permission >and never to give it again while the current laws stand. >Please don't do this. Allow the government to think that we think it has the right to give us their permission and we've lost everything. The government should need OUR permission, not the other way 'round. To give the government the impression that we will bow to it's power on these matters may be financially beneficial for a corporation, but is unacceptable and humiliating for free individuals. >I'd bet on the first. Why screw with this? We worked hard >to make this possible and you want to ruin it. Sheesh. Because freedom doesn't come in degrees, it's all or nothing. >"I hate the government so I'll blow up a federal building >and then the FBI will get more money and attention and >power and, um, that'll show 'em, er, ah....." Exporting crypto-systems and killing people is comparing apples and hand grenades. Please come up with a relevant analogy. >For those of you who think some of our info requests go too far: well, >my position to the US was: I want to do a download. I'll do what it >takes. Given all the ITAR vagueness and total lack of case law, I >think both sides did very well. While I don't agree with the While I am one of those who believe your info requests do go too far, I also appreciate the fact that you wouldn't be able to "do a download" without it. I thank you for your efforts on these fronts, and have two things to say regarding: 1) Please don't chastise individuals who take direct action and use civil disobediance as a measure to change bad laws and policies (ie by making your companies software available internationally). When done on a mass scale, the long-term benefits FAR outweigh the short term consequences. While you as a corporation find it much more difficult to take such actions, as they would most likely ruin your corporation, individuals acting in this capacity cannot be ruined quite so readily. 2) Please don't misuse the information you gain by logging all your network traffic. I like using Navigator, and would hate to have to give up using it due to some breach of trust by Netscape regarding someone's personal info. >wrong place to wage battle. Rather than attack some odd piece >of enforcement, participate in the debate over the regulations >themselves. Strides are being made. This is a good time for >your voice to be heard. If you don't like this mechanism, don't >use it. It's your choice. I agree mostly. I would rephrase, however, to say: In addition to attacking odd pieces of enforcement, participate in the debate over the regulations themselves. Besides, contrary to your gist, this is probably one of the most prominent pieces of enforcement, and therefore a very logical candidate for attack. //cerridwyn// From dani at 193.144.104.4 Fri Jul 19 05:47:22 1996 From: dani at 193.144.104.4 (dani diaz) Date: Fri, 19 Jul 1996 20:47:22 +0800 Subject: GOPHERD FOR SOLARIS 2.5 Message-ID: <199607190933.CAA20979@toad.com> Hi!, I�m looking for a gopher server for Solaris 2.5, I�ve tried in the Sunsite, but succesless. Does anybody know where else may I find a gopher server for Solaris 2.4?. Thanks in advance. Danny. dani at gva.es _/_/_/_/ _/_/_/ _/ _/ _/_/_/ Daniel D�az Luengo. dani at gva.es _/ _/ _/ _/ _/_/ _/ _/ Conseller�a de Presid�ncia _/ _/ _/_/_/ _/ _/_/ _/ C/Micalet n�5. _/_/_/_/ _/ _/ _/ _/ _/_/_/ Valencia-(Spain) (96)-386-38-57 From ceridwyn at wolfenet.com Fri Jul 19 05:53:22 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Fri, 19 Jul 1996 20:53:22 +0800 Subject: MSNBC and cookies Message-ID: <2.2.32.19960719100042.006a150c@gonzo.wolfenet.com> >Microsoft and GE, the parent corporation of NBC, are participants in the >FBI's "Web Awareness Program." Like the FBI's "Library Awareness Program," >which tracked which books were being checked out by which patrons, the Web >Awareness Program tracks user interests at Web sites. > >The WAP has already allowed the FBI and other intelligence agencies to >check up on several people who appeared to have an unusual interest in the >TWA 800 case. > >(Don't spend too much time in certain sites, friends.) This is interesting. Where can one find reliable sources to verify this information? (The existance of a WAP, and the use of it in the TWA 800 case). //cerridwyn// From david at sternlight.com Fri Jul 19 05:57:04 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 20:57:04 +0800 Subject: Reasonable validation of a software package In-Reply-To: <199607170728.AAA29471@comsec.com> Message-ID: At 1:12 PM -0700 7/18/96, Carl Ellison wrote: > >The problem people overlook is that a CA binds a public key to a name but >the name is in the CA's name space. For me, a verifier, to derive any >value from a certificate binding (key,name), the name has to be in *my* >name space. > >If there were such a thing as a global namespace meaningful to everyone, >then we could both use it. That's the X.500 falacy/pipe-dream. Think of the common name on a certificate as if it were a first-come, first-served serial number of alphanumeric form. There's no reason to believe that John Smith is YOUR John Smith. Your John Smith might tell you he's John Smith 37. It's kinda like vanity license plates. The alternative is every privacy fan's nightmare--embedded SSNs or some such in certificates. Some of the problems, of course, will be of the users' own making and there they get to pay their money and take their choice. What I mean is that you can optionally include or suppress your e-mail address in Type I certificates, and real address in Type IIs. If you include it you improve the chances of being the "right" John Smith someone is after. If you prefer privacy you will also be less accessible. I see nothing unusual about that--after all, people with unlisted phone numbers are ultimately inaccessible except (pretty much) to those to whom they give the info. > >The fact is, no global name space could be held in one human's mind, so >there's no way a global name space could be meaningful to me. Nor is there any reason it should be. It isn't, now. > >So, to use a certificate from a CA, I need to map a name from its name >space (DN) into a name in my name space (nickname). Every time I've looked >at that process, I've had to have a secure channel over which to learn from >the person I call by that nickname what DN he goes by. Why does it have to be a secure channel? Why can't it be published (for instance by including the address in the certificate)? >If I have that >secure channel, then he could tell me his public key fingerprint ove that >cnnel -- and I wouldn't need the CA. Why wouldn't you use the certificate to bind the public key to the name and address? What need would there be for fingerprint communication? How is this different from 20 John Smiths in the phone book at 20 different street addresses? I'd better know the address of the John Smith I want if I'm to get his phone number from a directory. Note that I'm not attacking what you say. There's clearly something you're getting at that I don't understand--since you post sensible stuff (as far as I recall). Help me out here. David From david at sternlight.com Fri Jul 19 06:26:07 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 21:26:07 +0800 Subject: ABC news on Internet Telephony In-Reply-To: <199607182054.NAA04198@well.com> Message-ID: At 1:54 PM -0700 7/18/96, talon57 at well.com wrote: >David Sternlight writes: > >>There's something fundamental going on here beneath the surface. >>Surprisingly, a recent item (maybe the one you reported) on this >>suggests that the big phone companies are trying to use this >>phenomenon rather than stop it. I think it was AT&T who announced >>that they had web software that improved the quality of such >>internet voice calls. Surprisingly constructive, in contrast to >>the coalition of small phone companies screaming for the FCC to >>"stop it". The FCC has wisely said they're not going to act right >>now because it could kill an incipient new technology. > >There is something fundamental going on here, a lack of common >sense, and/or critical reasoning. Starting off with defamation is a sure tipoff that what follows is crap. And sure enough... > >Lets try it again. Who is the most likely to be disintermediated by >a global packet network? (how do you get to your ISP?) > >I assume by "big phone company" vs "little phone company" you are >refering to long distance vs local service, tell me, if the RBOC's >continue merging, at what level do they become a " big phone >company." No. I'm referring to the consortium of small phone companies that asked the FCC to stop it, in contrast to big phone companies which explicitly refused to join in that request. The big ones were both long-distance carriers and big local ones (a distinction that will soon disappear). > > The RBOC's are not the only local service providers of course, >here in Illinois alone there are more than 80 (at my last count) >providers of local service, and soon there will be many more. And...? > >The other "urban myth" you are helping to support is the notion >that it is the local providers that are fighting deregulation. >Ameritech filed for total unbundling in March of '93, and you don't >see them insisting on having a percentage of the long distance >market before the long distance companies are allowed to compete in >the local loop. I'm doing no such thing. I'm reporting the empirical data. Have you some problem with facts? > >ADSL is an interesting attempt at digital telephony but expensive >and basically would mean replacing existing central office >switches. (backbone bandwidth) I'm not sure this is accurate. The ADSL modems are already down to the price of v.34s at the start of v.34 and ADSL is still in its initial stage. Being able to sell 6 MEGAbyte/sec bandwidth over ordinary copper phone pair will increase telco revenues substantially with little additional cost except at the switch. Switch mods don't require replacement and their cost per dollar of revenue (even if they give away 6Mb bandwidth at ISDN prices for 128Kb bandwidth) is pretty low. They could even charge what the cable guys do for basic service (using video dial tone), add current charges for local phone service, include a free Internet connection, and make money. In fact, PacBell stopped wiring California for fiber and simply buried incomplete cable in most locations last year because ADSL is so much better a deal, infrastructure cost-wise. If you haven't already done so you should check out the web sites for the ADSL consortium. > >In a packet network you have to either dedicate a portion of the >bandwidth for a synchronous circuit, or you have to have a very >fast network and use very small packets (ATM), expensive either >way. ATM is going bye-bye according to the trade press. It IS too expensive. As for the synchronous circuit, if you're talking a signalling path that's provided for and takes a tiny part of the bandwidth. At the switch it won't look any different than today's call routing. > >A single central office has many times the bandwidth of the widest >part of the internet, and the average state has hundreds of CO's. >If even a small portion of the Internets current users tried >placing a call things would grind to a halt. A huge increase in the >number of backbones and their bandwidth would solve this, but who >will pay the bill? Now we're back on topic. Dunno how the increased bandwidth will be paid for if lots of people start doing internet phone. Perhaps a new pricing model with metered, but not distance-sensitive rates. Perhaps a special charge for voice packets. Perhaps the number of subscribers attracted by cheap phone will be enough to pay for the bandwidth under current pricing models. Perhaps the split between the ISPs and the backbones will have to change. Love will find a way. > >TANSTAAFL Last time I looked my ISP was charging me about $20 a month--hardly "free". And business users pay more. > >Sometime ago the discussion was on the cost of laying new fiber, >may I suggest the realworld heuristic of "a million dollars a >mile." Naah. The existing bandwidth that would go dark if phone calls shifted to the net would become available. And I understand there's a huge amount of dark fiber already in existence. I don't think this is the scarce resource. I'ts starting to look like you're attempting proof by assertion rather than referring to the known data. > >Please note I am not trying to make fun of anyone personnally, I am >in the words of Jubal Harshaw "heaping scorn upon an inexcuseably >silly idea, a practice I shall always follow." I will refrain from heaping scorn on what appears to be a wild set of ill-thought-through and uninformed objections. Your better-informed colleagues will do it for me. If it's any comfort, I thought exactly as you do until I started to read the discussions of this topic by experts. (By the way there's a lot of material on Internet Phone on AT&T's web site.) David From junger at pdj2-ra.F-REMOTE.CWRU.Edu Fri Jul 19 07:56:24 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Fri, 19 Jul 1996 22:56:24 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EEEA3F.5015@netscape.com> Message-ID: <199607191157.HAA00011@pdj2-ra.F-REMOTE.CWRU.Edu> Jeff Weinstein writes: : Adam Back wrote: : > Presumably as this latest netscape beta is freely distributable, once : > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc. : : Just a minor nit. No netscape software is freely distributable. : The license agreement does not allow people who download it : to redistribute it. But--to nitpick at the nit--nothing in the license agreement that I can find forbids one from distributing it to others who are not foreign persons and are not outside the United States. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From usura at replay.com Fri Jul 19 08:50:11 1996 From: usura at replay.com (Alex de Joode) Date: Fri, 19 Jul 1996 23:50:11 +0800 Subject: US versions of Netscape now available Message-ID: <199607191213.OAA03214@basement.replay.com> In article <199607190709.IAA00119 at server.test.net> you wrote: : Jeff Weinstein writes: : > Adam Back wrote: : > > Presumably as this latest netscape beta is freely distributable, once : > > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc. : > : > Just a minor nit. No netscape software is freely distributable. : > The license agreement does not allow people who download it : > to redistribute it. : Oh dear! So I am incorrect... but wait, what about people like : sunsite northern europe (Imperial College London: ftp.doc.ic.ac.uk) : who already have a license to be a Netscape mirror site. Would this : license allow them to distribute this latest 128 bit netscape beta : (were it to leak)? I would like to know what Netscape's position on the above mentioned scenario is .. (Uploading "possibly" received 128 bit binaries to official netscape mirrors outside the US, that is) (guess why ...) bEST Regards, -- -AJ- From david at sternlight.com Fri Jul 19 08:53:40 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 19 Jul 1996 23:53:40 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: At 8:04 PM -0700 7/18/96, Jeff Barber wrote: > >> Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's, >> or AT&T's domestic computer networks has little to do with crypto export >> policy. > >Big companies like IBM, AT&T, etc. have *international* networks. Hence, >the connection to the crypto export policy, which prevents comprehensive >security programs from being deployed. As a "senior techinical executive" >(oxymoron alert) to Fortune 50 companies, I assume you know that and are >simply choosing to ignore it for the sake of your current argument. There are exceptions to ITAR for this purpose (overseas offices of US companies). In addition, like the argument that we shouldn't jail anyone until all social evils are cured, your argument fails. IBM can secure their domestic network (at least) without having to secure their global network. As for your suggestion that I am special pleading, that's just unsupported defamation. I suppressed nothing--it is you who are omitting the facts I mention just above. Only a fool would accuse another of special pleading when the possibility the accuser doesn't understand the argument, or have all the data exists. If you have any integrity you'll apologize. > > >> >Putting the government in charge of fixing security problems is likely >> >to result in an infrastructure optimized for surveillance, as we've seen >> >with other government-sponsored initiatives (Clipper, DigitalTelephony, >> >etc.). >> >> The subject matter of the Commission's inquiry has more to do with >> authentication than message encryption, and more to do with infrastructure >> and network security. And as it happens there is no problem getting export >> licenses for authentication-only software with as secure a key as you like >> and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page >> as this issue. > >There is more to security than authentication, as I'm sure you also know >but are choosing to ignore. Another attempt to accuse, read minds, and impute motives. We're talking about securing networks such as communications, transportation, and power, against hacker attacks. Authentication is the core, not encryption. A main problem is the spoofer instructing the network to self-destruct. Long-key authentication can address this when coupled with the safeguarding of keys. and some system precautions not related to encryption. > Authentication alone may suffice in some >situations but clearly not all. So what? What part of "more to do with....than" don't you understand? I never said "all"--that's a straw man to try to shift the ground of the discussion rather than attempting a direct refutation. > >> Again, you are trying to fight a different battle in the wrong arena. >> This isn't about your ability to encrypt your traffic. It's about securing >> the domestic infrastructure against information warfare. I know this is >> beginning to sound tiresome, but you'd better do your homework. > >Indeed. So do it. > This isn't a different battle, though; it's all interwoven. So what? Everything is connected to everything else. >I don't want the government responsible for "securing the domestic >infrastructure..." for the same reason that I don't want them telling >me where or to whom I can sell crypto. Fair comment--you're certainly entitled to your opinion. > They haven't any right to, IMO, Read the Constitution. >and besides, I don't trust them to look out for my interests. At least some of one's interests we might both agree. There's the old joke "I'm from Washington and I'm here to help you." David From ceridwyn at wolfenet.com Fri Jul 19 09:07:15 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Sat, 20 Jul 1996 00:07:15 +0800 Subject: Filtering out Queers is OK Message-ID: <2.2.32.19960719095559.00692920@gonzo.wolfenet.com> >Filtering is not "wrong," Cerridwyn, it is a rational response to garbage >being spewed constantly. I filter lots of items. I read "Scientific >American" and "The Economist" because they filter (or "censor," in the >sense some are objecting to here) nonsense about "queer rights" and >"peircing fashions," to name but a few things I have no interest in hearing >about. Choosing what you read and choosing what other people (including your children) read is the difference between filtering and censoring. I didn't say filtering was wrong, I said censorship was wrong. >If I had kids, I'd make sure that lots of negative memes were kept away >from them until they reached an age where it no longer mattered, where >there views are already basically set. I am sorry to hear. I think we underestimate childrens' ability to decide for themselves what is right and wrong, and I think the seemingly inate desire for parents to want children that are all but clones of themselves is especially dangerous and certainly harmful. I think that restricting access to "negative memes" from anyone (including children) actually does more harm than good. I didn't particularly want to get into this, so I will leave it up to you to read John Stuart Mill's "On Liberty" for very strong arguements in my support. >I see nothing wrong in this. Anyone who disagrees is, of course, free to >set his filters differently, but not to insist that my filters be changed. I absolutely agree. Unfortunately, the filtering programs we were discussing allow a user very little, if any, ability to "set his filters differently". >And the government is not free to pass any laws about what filter sites can >and can't do. Again, I agree, and thought I had made that clear. However, that doesn't mean we can't object on a social (opposed to governmental) level. I repeat: just because a government doesn't have the right to oppose private censorship doesn't make it OK. >Unfortunately, I think many on this list are so taken by "liberalistic" >notions that they think the State needs to intervene to stop me from >filtering my son's access to "The Joys of Queer Sex." I was under the impression that most on the list were avowed libertarians, and would rather the State didn't intervene in any part of your (or your son's) life. However, I would still argue that restricting your son's access is more of a detriment to your son than allowing it, then discussing why it is Wrong (or whatever) and why he feels it is necessary to read such things. I would also argue that you are right in that the State has no right to force you to raise your child in any way. But, as I stated in another post, the problem is not just the government. >Some parents simply get tired of spending time each night trying to undo >the propaganda taught in many public school, such as books like "I Have Two >Mommies." Many of these parents eventually give up and put their kids in >religious or private schools (even though they continue to pay taxes for >schools their own children are no longer using). I fail to see how trying to breed attitudes that you allegedly avow is "propaganda". The book you cited is intended as a means of teaching acceptance, not necessarily approval. You say you tolerate homosexuals, but that is not a wide-spread practice yet. Violence and ridicule is the more common response to openly homosexual behaviour, and that book is meant to stop such bigoted reactions. You'll note that nowhere in the book does it say anyone *should* be homosexual, it merely says that it's okay if you are and you should accept others who are. >Queers are, as far as I'm concerned, perfectly free to practice their >AIDS-spreading practices to any and all receptive anuses they can find, but >I eschew this lifestyle and will fight to the death for this right to avoid >their practices from being forced on me or my children (if I had any, which >I don't). Please show me an instance where you or your children (if you had any) would have been forced into practicing homosexuality by anything taught in a public school or shown on a web page. Exposure to a lifestyle and having that life- style's practices forced on you are not the same. Would you allow your children to learn about Nazi Germany? I find the lifestyle of the Nazi positively disgusting, but wouldn't think to prevent my child from learning about it. Same thing with other cultures, religions, political principles, etc. The simple fact that this particular issue is regarding sexuality bears no significance to the arguement. A child (or any other person) should not be restricted access to any sort of information available about any topic, unless she is restricting her own access (filtering). //cerridwyn// From david at sternlight.com Fri Jul 19 09:08:32 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 00:08:32 +0800 Subject: Borders *are* transparent In-Reply-To: Message-ID: At 11:24 AM -0700 7/18/96, Timothy C. May wrote: >This is a terribly important point: if a citizen of Foobaria succeeds in >connecting to the Netscape site--perhaps by experimenting with various >combinations of domain names and submitted address/zipcode >combinations--and Netscape sends him the file, he has not committed a crime >in his own country. (Unless they have their own laws....) Incorrect. Netscape Navigator is as much commercial software as Microsoft Word, It is NOT freeware and if he pirates it without permission he's at least in violation of copyright which almost every country is a signatory to. Where I come from we call that "theft". Your ethics may vary in California. > >Likewise, much "export-controlled" software is freely purchasable without >any form of identification or proof of citizenship/residency in any of >thousands of U.S. software stores. True, but you have to agree to the licensing warning on the box (and let's not do the tired shrink-wrap licensing argument again, please--it's on the outside of the box). > (I don't know if the copies of Netscape >Navigator on the shelves in U.S. stores are now the "U.S." version, Yes. > as >opposed to be a somwhat-crippled version, but I sure do know that a *lot* >of nominally-export-controlled software _is_ freely purchasable.) That no more gives you the legal right to violate ITAR after purchasing, or violate the license terms, than buying fertilizer gives you the legal right to make bombs in violation of the AT&F code. (No wise-guy complaints about how software isn't a bomb--though some I've bought clearly is :-). It's an analogy about principles, not function.) > >Much of this software goes out of the country in luggage. In my various >flights out of the U.S. over the years, never have my bags been so much as >glanced at, except presumably for bombs with sniffers, scanners, etc. >Further, I have mailed optical disks out of the country--a single one of >these can store a whole lot of stuff. I didn't say you couldn't do it. In fact I said the opposite--that I had no doubt it would leak. My point was that it wouldn't become mass-market software overseas because the leakers would be violating ITAR or copyright, or licensing and thus couldn't get away with selling or giving away the result at scale overseas. As Jeff pointed out, getting a licensed copy of Navigator does NOT include redistribution rights (unless you buy a site license directly from them--and they won't sell a site license for the US version for overseas use in violation of ITAR). In this respect it is significantly different from PGP or RSAREF. for which there ARE at least some redistribution rights under the license. >On a trip to France and Monaco last year, I deliberately carried several >optical cartridges and couple of DATs, all crammed with software, PGP, >RSADSI's MailSafe, Mathematica, etc. To make a point, and as props for my >talk on crypto anarchy. Certainly there was no checking on the way out at >SFO, and no checking whatsoever at Charles de Gaulle in Paris. "Nyaah, nyaah, you can't catch me" doesn't mean that if they do they won't prosecute. Your waving around that stuff in France is not only juvenile, but also may put you in violation of French crypto law. That you can get away with 80 in a 55 mile zone until the cops see you doesn't mean 80 is legal nor that everyone else can do it with impunity. > >(On my return trip, the bored inspector in San Francisco asked what my >purpose in being overseas has been. Had I said "tourism" I would've been >waved through. Instead, for interest, I said "Meeting with Russian >cryptographers in Monte Carlo," just to see what would happen. He asked me >what "cryptographers" are or do... "They make secret codes." He then waved >me through. Sigh.) There's no law against meeting, and customs inspectors aren't expected to launch interrogations to see what you told them if you're not on some watch list. Like many laws, this one might be used if something egregious happens. If the Russian got caught later with US Netscape by French authorities, and it came to the attention of US authorities that he said "Tim May gave it to me", THEN you might expect to "assist the police with their enquiries". > >None of this is surprising, of course. Borders _are_ transparent. There are >so _many_ degrees of freedom for getting stuff across borders. The hope >that a bunch of *bits* can be stopped in ludicrous. Again you make the long-discredited straw man argument that the purpose of ITAR is to hermetically seal. It is not. It is to keep legitimate US mass market purveyors from selling strong crypto overseas, and to provide a means to punish those who are caught violating it. I'm sure there are lots of tax cheaters. That doesn't mean the IRS code should be abolished (though I'd like to see massive simplification for other reasons). I'm sure there are still thieves. That doesn't mean we should make theft legal. I'm sure there are still those who cannot read. That doesn't mean teaching reading is useless or silly or should be stopped. > >_This_ is why I expect the Netscape beta to arrive overseas pretty soon. Nobody disputes that. It won't be readily available though, except for those who have no compunctions about software piracy. David From junger at pdj2-ra.F-REMOTE.CWRU.Edu Fri Jul 19 09:17:23 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sat, 20 Jul 1996 00:17:23 +0800 Subject: Netscape download requirements In-Reply-To: <31EEDA69.31D8@netscape.com> Message-ID: <199607191244.IAA00368@pdj2-ra.F-REMOTE.CWRU.Edu> Tom Paquin writes: : sameer wrote: : > : > Have you considered selling this export verification system? : : No. I don't have redistribution rights to all of it. If : someone were really interested, I'd talk to them, but the : government would probably need to be told before any tech transfer : took place, I'd bet. : : Also, our govt permission is pretty specialized; I don't think : anyone can just go use it unless they are willing to brave those : untested waters I keep getting reminded about. Would it be possible to get a copy of the terms of the written permission that I gather Netscape has received from the government? Or is this another area where the government insists on obscurity? (I do want to thank Netscape--and especially Tom Weinstein who tried to give me a lot of assistance--for making the downloading possible. On the other hand, I certainly don't think that we owe any thanks to the government agencies that made all this rigamarole necessary.) -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From dlv at bwalk.dm.com Fri Jul 19 09:20:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 00:20:29 +0800 Subject: Mail-order Ph.D.'s In-Reply-To: <199607181618.MAA11826@nrk.com> Message-ID: <250aRD171w165w@bwalk.dm.com> David Lesher writes: > We will NOW get treated to UnProfessor's SternFUD's entire life history. > > How he went & designed the first rockets, then gave the idea to > Goddard. Then he went to England and invented tea. Next he came > back & was a personal advisor for Tricky Dick. Later, he discovered > the oil in Alaska. In the middle he invented the concept of > money.... He also invented the radio, but Marconi+Popov stole the credit from him. And he's the founder of public-key cryptography. Oh - he also invented Ethernet and TCP/IP. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jsw at netscape.com Fri Jul 19 09:21:41 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Sat, 20 Jul 1996 00:21:41 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: <31EF632D.2B88@netscape.com> Roy M. Silvernail wrote: > Their file delivery CGI could use some work... no reason I can see to > offer the filename 'pick.cgi' for everything. We will be fixing this problem soon. > Anyone sniffing the link > knows the filename from previous forms submissions, anyway. You can't sniff the link, since the form submission and the file download are via SSL. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at netscape.com Fri Jul 19 09:25:09 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Sat, 20 Jul 1996 00:25:09 +0800 Subject: overseas PGPfone and Netscape In-Reply-To: <01BB74A5.CDC6BC00@JPKroepfli.S-IP.EUnet.fr> Message-ID: <31EF6237.180D@netscape.com> Ian Goldberg wrote: > I haven't tried to download it myself, yet (I'm on the wrong side of a > slow link (though it's faster since I got my new ZyXEL > yesterday)), so maybe this is explained for me, but does netscape > publish checksums for their US binaries? > > This isn't just an issue of making sure your copy wasn't munged in transit; > without checksums, what's stopping netscape from embedding the info you > provide in the binary before shipping it to you, so that if it shows > up on hacktic, they know who did it? > > Could various people with various architectures post MD5 or SHA1 hashes > of the files they downloaded? I'm sorry, but I don't have time to run the checksums right now. Feel free to compare checksums of downloaded files. You won't find any secret tagging. Note also that the download is via SSL. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From junger at pdj2-ra.F-REMOTE.CWRU.Edu Fri Jul 19 09:31:07 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sat, 20 Jul 1996 00:31:07 +0800 Subject: MSNBC and cookies In-Reply-To: <199607190426.VAA10722@mail.eskimo.com> Message-ID: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu> Joel McNamara writes: : In attempting to check out different Net media coverage of TWA 800, it : appears the msnbc.com site won't let you in without a cookie. Repeated : cookie cancels with Navigator 3.0 drop you into an indigestive loop of the : server continuing to try to force feed you cookies. When you finally click : OK, you get in. : : Am I spacing, or is this the first site anyone's stumbled on that requires a : cookie for access? I've never been shut out of a site for canceling a : cookie. The first cookie request does have a user ID field. If the server : (or client) isn't misbehaving, this seems like a wee bit of a privacy issue. : : I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM : PDT. Anyone care to confirm this. I can confirm it. I never gave them the cookie. Had one hell of a job backing out. I don't know what would have happened if I had set my cookies file to be read only. It's a nuisance, but I suppose there is no reason that a commercial service can't do such a thing. But what happens when one tries to access it with Lynx? I too am using Navigator 3.0 (the new beta with strong crypto)--I wonder if people who use MS's explorer or whatever it is called are faced with the same problems? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From dlv at bwalk.dm.com Fri Jul 19 09:39:02 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 00:39:02 +0800 Subject: New Infowarfare Panel In-Reply-To: <31EE8BCE.50B@vail.tivoli.com> Message-ID: Mike McNally writes: > My personal recollection is that many of the InfoWar techniques we crafted > during the Gulf War involved using high speed fighter-bomber aircraft to > drop guided munitions on top of selected pieces of the communications > infrastructure. That didn't do much... Iraq's TCP/IP network proved too resilient for U.S. bombs. Interestingly, one of the Russians who built it now works for sprintnet. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Jul 19 09:42:02 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 00:42:02 +0800 Subject: (fwd) Re: US versions of Netscape now available---NOT In-Reply-To: <199607182209.SAA13526@nrk.com> Message-ID: David Lesher writes: > [IMAGE] DR. DAVID STERNLIGHT PROVIDES ECONOMIC AND STRATEGIC > PLANNINGCONSULTING SERVICES FOR HIGH-TECHNOLOGY FIRMS. > > Strategic uncertainty is now the norm for the business environment. > Wrenching events such as the fall of the Soviet Union, major shifts in What? SternFUN claims to be singlehandedly responsible for the fall of our beloved Soviet Union? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mishania at demos.su Fri Jul 19 09:50:55 1996 From: mishania at demos.su (Mikhail A. Sokolov) Date: Sat, 20 Jul 1996 00:50:55 +0800 Subject: Secure IRC conversations In-Reply-To: Message-ID: <199607191336.RAA10931@megillah.demos.su> > > Hi there, > > does anybody know of a way to have encrypted conversations on the IRC or via ytalk? > Well, as for irc, not unless you make your client do it. Though, try using more secure dcc protocol, described as Direct Client to Client protocol -- implementing whatever you want there to be is possible and easy. See rfc1459. > Thanks, > Harka -mishania From frissell at panix.com Fri Jul 19 09:57:41 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 20 Jul 1996 00:57:41 +0800 Subject: Gorelick testifies before Senate, unveils new executive order Message-ID: <2.2.32.19960719133458.00830ef0@panix.com> David Sternlight writes: > Here's the problem in a nutshell: Everyone who has looked at our systems, > from Cliff Stoll A *famous* security expert. >on to blue ribbon scientific commissions, The last of which recommended that crypto be entirely deregulated. > Serious studies have shown that the kinds of protections to make the > systems we depend on robust against determined and malicious attackers (say > a terrorist government, or one bent on doing a lot of damage in retaliation > for one of our policies they don't like), have costs beyond the capability > of individual private sector actors. Defense is cheaper than attack in encryption because it is easier to make coherent information incoherent (see Usenet) than it is to make incoherent information coherent. > In such a case, where public benefits from government action greatly exceed > public (taxpayer) costs, and the private sector cannot (or will not) act > unaided, the classical basis for government action in the interests of the > citizenry exists. It's the economist's "lighthouse" argument. But since the Internet and the WANs and LANs that you are talking about are all "private value-added networks," the benefits of enhanced security a fully captured by the users of those networks and there is no "public goods" problems. (BTW, there were private lighthouses too.) Note too that major money center banks disagree with you. There was a recent article about the fact that they are not reporting computer intrusions and just fixing the problems themselves. They don't seem interested in official security "help" with all the disadvantages (publicity and security leaks) that it brings. DCF From dlv at bwalk.dm.com Fri Jul 19 09:59:09 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 00:59:09 +0800 Subject: New Infowarfare Panel In-Reply-To: <199607190403.WAA26099@zifi.genetics.utah.edu> Message-ID: <46aBRD175w165w@bwalk.dm.com> nobody at zifi.genetics.utah.edu (Anonymous) writes: > David Sternlight wrote: > > > > >I'm talking about some of the information that started slowly leaking out > >later, not the prime-time TV pyrotechnics. > > It doesn't "slowly leak out" as if there were some regrettable lapse in > the plumbing. Someone has to commit the federal crime of military espionage! SternFUN invented plumbing too??? (gasp) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From E.J.Koops at kub.nl Fri Jul 19 10:04:05 1996 From: E.J.Koops at kub.nl (Bert-Jaap Koops) Date: Sat, 20 Jul 1996 01:04:05 +0800 Subject: Filtering out Queers is OK Message-ID: <13CD51B9655D@frw3.kub.nl> I'd rather say, filtering out TCM is OK. Bert-Jaap From weffross at counsel.com Fri Jul 19 10:06:46 1996 From: weffross at counsel.com (Walter A Effross -- American Univ. - Washington ) Date: Sat, 20 Jul 1996 01:06:46 +0800 Subject: No Subject Message-ID: <9607191331.AA13063@ad0.reach.com> To: cypherpunks at toad.com Inet unsubscribe weffross at counsel.com Thanks! From junger at pdj2-ra.F-REMOTE.CWRU.Edu Fri Jul 19 10:14:09 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sat, 20 Jul 1996 01:14:09 +0800 Subject: #E-CASH: PRODUCT OR SERVICE? In-Reply-To: Message-ID: <199607191139.HAA32618@pdj2-ra.F-REMOTE.CWRU.Edu> Lucky Green writes: : Furthermore, to the best of my knowledge, DigiCash's : Ecash is the only ecash that I am aware of. The other "ecashs" lack various : properties of cash, as previously explained by Bryce. This pretty well proves that ``ecash'' is a generic term--even though if it is correct the genus at the moment includes only one element--and thus that the trademark ``Ecash''--if that is what the trademark is--is awfully weak. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From jya at pipeline.com Fri Jul 19 10:18:03 1996 From: jya at pipeline.com (John Young) Date: Sat, 20 Jul 1996 01:18:03 +0800 Subject: BIG_dif Message-ID: <199607191259.MAA23555@pipe6.t2.usa.pipeline.com> 7-19-96. NYP: "AT&T and Wells Fargo Investing in an Electronic Cash Card." The companies said that they would form the American affiliate of Mondex. Any one with a Mondex card can transfer electronic cash to anyone else with a card. This flexibility has raised concerns both about the possibility of counterfeiting and of money laundering. Because of these concerns, Mondex has been modified in the United States so that banks will be able to track card use. That will allow them to audit for fraud, if not recreate every transaction. Data from Mondex cards will be used for various product marketing. "We believe there should be privacy, but there is a big difference between privacy and anonymity," Dudley Nigg, executive vice president of Wells Fargo, said. ----- http://pwp.usa.pipeline.com/~jya/bigdif.txt (4 kb) BIG_dif From ravage at einstein.ssz.com Fri Jul 19 10:20:48 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 20 Jul 1996 01:20:48 +0800 Subject: Inventor of radio... Message-ID: <199607191414.JAA25284@einstein.ssz.com> Hi all, I would like to correct a misconception about who is credited with the invention of radio. Nikola Tesla has held the credit for the creation since the resolution of the original lawsuit in the mid-80's. Tata. Jim Choate Forwarded message: > Subject: Re: Mail-order Ph.D.'s > From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) > Date: Fri, 19 Jul 96 07:37:24 EDT > > He also invented the radio, but Marconi+Popov stole the credit from him. From jeffb at issl.atl.hp.com Fri Jul 19 10:36:22 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Sat, 20 Jul 1996 01:36:22 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: <199607191255.IAA00550@jafar.issl.atl.hp.com> David Sternlight writes: > > At 8:04 PM -0700 7/18/96, Jeff Barber wrote: > >> Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's, > >> or AT&T's domestic computer networks has little to do with crypto export > >> policy. > > > >Big companies like IBM, AT&T, etc. have *international* networks. Hence, > >the connection to the crypto export policy, which prevents comprehensive > >security programs from being deployed. As a "senior techinical executive" > >(oxymoron alert) to Fortune 50 companies, I assume you know that and are > >simply choosing to ignore it for the sake of your current argument. > > There are exceptions to ITAR for this purpose (overseas offices of US > companies). In addition, like the argument that we shouldn't jail anyone > until all social evils are cured, your argument fails. IBM can secure their > domestic network (at least) without having to secure their global network. > As for your suggestion that I am special pleading, that's just unsupported > defamation. I suppressed nothing--it is you who are omitting the facts I > mention just above. Only a fool would accuse another of special pleading > when the possibility the accuser doesn't understand the argument, or have > all the data exists. If you have any integrity you'll apologize. Yeah, right. You clearly chose not to address the requirements of international company networks in your argument. You admit that such companies have international networks, and that you knew it. It was obviously relevant and you could have and should have addressed it. The fact that you chose not to speaks to your own lack of integrity. To gain the upper hand in the argument is clearly your supreme objective; any point that doesn't fit the argument is simply not addressed. > >> >Putting the government in charge of fixing security problems is likely > >> >to result in an infrastructure optimized for surveillance, as we've seen > >> >with other government-sponsored initiatives (Clipper, DigitalTelephony, > >> >etc.). > >> > >> The subject matter of the Commission's inquiry has more to do with > >> authentication than message encryption, and more to do with infrastructure > >> and network security. And as it happens there is no problem getting export > >> licenses for authentication-only software with as secure a key as you like > >> and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page > >> as this issue. > > > >There is more to security than authentication, as I'm sure you also know > >but are choosing to ignore. > > Another attempt to accuse, read minds, and impute motives. We're talking > about securing networks such as communications, transportation, and power, > against hacker attacks. Authentication is the core, not encryption. A main > problem is the spoofer instructing the network to self-destruct. Long-key > authentication can address this when coupled with the safeguarding of keys. > and some system precautions not related to encryption. In the last round, you mentioned financial networks. You conveniently left those out here. I argue that these as well as others require encryption. Again, the fact that you fail to exclude any "inconvenient" scenarios in whatever happens to be the matter under discussion destroys your credibility (well, it would have, if you had any amongst the members of this list). > > Authentication alone may suffice in some > >situations but clearly not all. > > So what? What part of "more to do with....than" don't you understand? I > never said "all"--that's a straw man to try to shift the ground of the > discussion rather than attempting a direct refutation. On the contrary, you are the one who responds to each objection by pointing out that there is at least one situation where the current regulations do not completely rule out solutions. As one who has dealt with security problems in the trenches, I have been involved in numerous attempts to tiptoe through the mine-field of crypto regulations in search of solutions. I would prefer not to have to do so as it's a huge waste of my time, and my (and everyone else's) money and other resources. > >> Again, you are trying to fight a different battle in the wrong arena. > >> This isn't about your ability to encrypt your traffic. It's about securing > >> the domestic infrastructure against information warfare. I know this is > >> beginning to sound tiresome, but you'd better do your homework. > > This isn't a different battle, though; it's all interwoven. > > So what? Everything is connected to everything else. Ouch, David, stop it. Once again, I'm skewered by your rapier wit. > >I don't want the government responsible for "securing the domestic > >infrastructure..." for the same reason that I don't want them telling > >me where or to whom I can sell crypto. > > They haven't any right to, IMO, > > Read the Constitution. I have. News flash for David: not everyone agrees on the meaning of various clauses in the Constitution. Believe it or not, reasonable people hold opinions that differ from the gospel-according-to-Sternlight. The constitution means whatever the Supreme Court says it means and that changes from time to time even though the constitution generally does not. > >and besides, I don't trust them to look out for my interests. > > At least some of one's interests we might both agree. There's the old joke > "I'm from Washington and I'm here to help you." Unfortunately, you seem to believe them most of the time, and want us to believe them too in this case, while I choose to believe them rarely if ever. As this debate has now deteriorated to the "Sternlight claims defamation, demands apology" point, and the substantive content is quickly approaching zero, I'll try to make this my last post. (List breathes collective sigh of relief.) -- Jeff From elfgard at pooh-corner.com Fri Jul 19 10:56:49 1996 From: elfgard at pooh-corner.com (elfgard at pooh-corner.com) Date: Sat, 20 Jul 1996 01:56:49 +0800 Subject: Reverse Engineer Message-ID: <199607191411.KAA06664@piglet.pooh-corner.com> > What do you mean by "reverse engineer?" I have heard this word several times especially in the world of hacking, but... can someone tell me what it really meant? Interesting question. Hmmm... I would answer this question for you but then I would have to kill you. That is basically like asking a car thief to tell yuo about how he breaks into cars and what cars hes broken into lately. My suggestion to you is to pick up one of those MEGA lame books like "What is a Cyberpunk!" and read that. It may not tell you shit, but it will give you a broad understanding about what you want to know. Elfgard *The One and Only* elfgard at netlite.com http://www.netlite.com From troy_d at ix.netcom.com Fri Jul 19 11:20:55 1996 From: troy_d at ix.netcom.com (Troy Denkinger) Date: Sat, 20 Jul 1996 02:20:55 +0800 Subject: Filtering out Queers is OK Message-ID: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com> At 07:07 PM 7/18/96 -0700, you wrote: [Cerridwyn Llewyellyn's text snipped] [Lucid argument snipped, I was with you until right around here] >I see nothing wrong in this. Anyone who disagrees is, of course, free to >set his filters differently, but not to insist that my filters be changed. >And the government is not free to pass any laws about what filter sites can >and can't do. We have an interesting problem here, though. You say that the government has no right to tell you how to set your filter; no doubt about that, imo. However, most people who use these filters are going to be quite happy to allow some corporate entity the privilege of setting their filters for them and, if the consumer should ask about criteria and such, they are told that that's a trade secret. So, people will be allowing a corporate entity that exists for profit to set their filters for them. This is a very scary thing and perhaps even more frightening than having the government do it. I think that the people on this list tend to maintain a healthy scepticism toward the various TLAs, but we have to remember that a large, multinational corporation has not even got a sense of a greater "national good" or even "national security" to guide it. [snip] I'll preface my following remarks by saying that I'm not a libertarian. >Some parents simply get tired of spending time each night trying to undo >the propaganda taught in many public school, such as books like "I Have Two >Mommies." Many of these parents eventually give up and put their kids in >religious or private schools (even though they continue to pay taxes for >schools their own children are no longer using). First point first. The "propaganda" taught in schools is generally aimed at teaching our children how to think. Perhaps rote learning and cultural naivete make us all comfortable at night and let us sleep better, but in a world where critical thinking is undervalued I'd rather have my and my childrens' views challenged than constantly affirmed. (Btw, I have no children at this moment, so it's quite possible to contend I'm talking out my ass here; time will tell.) Public school funding is way off topic, so I'll concede your "point" and let it slide. [Now the meat of the queer bashing, how charming. Sad to see you sully what was a decent argument up to this point with ignorant foolishness] >Queers are, as far as I'm concerned, perfectly free to practice their >AIDS-spreading practices to any and all receptive anuses they can find, but >I eschew this lifestyle and will fight to the death for this right to avoid >their practices from being forced on me or my children (if I had any, which >I don't). When was the last time a homosexual attempted to force their practices on you? I'll leave your fictitious children out of it for the moment. Are you an active eschewer or simply a theoretical eschewer? Have you ever been hit on by a gay person? I have; I told them I wasn't gay and that was that. No one forced their "AIDS-spreading practices" on me. >I think of AIDS as "evolution in action." Retroviruses which have existed >for millenia now find new vectors for spreading in our population. I cry no >tears for those dying of AIDS, and work to reduce to tax dollars spent on >such things as "AIDS research." Let those who introduced the new vector pay >for the research. I usually read your posts to this list and often find them insightful, however the above statement leaves me wondering if some ignoramus has taken control of your keyboard or if the above was a simple, but remarkable, typing error. Following your reasoning, it's also proper to say that cancer and heart disease as well as violent crime resulting in death of a victim are also "evolution in action" isn't it? Your assertions are absurd and unfounded. Your final point that those who "introduced the new vector" should pay for the research for a cure continues to spotlight your inchoate notions on this topic. Pray tell, who introduced the vector? Who was responsible for the spread of the virus? Who are the victims of this disease? Who are the future victims of this disease--do they have to pay because obviously they're engaged in some kind of risky behaviour? What part does an unresponsive worldwide health structure have to pay? How responsible are you for the social blight that leads the underclasses to participate in risky behaviour through hopelessness or lack of education? Really, Mr. May, look further than your own front yard for a change. You live in a world -- welcome to it. Troy Denkinger From wb8foz at nrk.com Fri Jul 19 11:22:12 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 20 Jul 1996 02:22:12 +0800 Subject: Gorelick testifies before Senate, unveils new executive order (fwd) Message-ID: <199607191430.KAA16845@nrk.com> SternFUD claims: > There are exceptions to ITAR for this purpose (overseas offices of US > companies). Clearly UnProfessor failed to read recent Phil Karn's testimony at the Senate Subcommittee. Phil, representing both himself *and Qualcomm* explained how Qualcomm had attempted to export a Triple DES application to their own Hong Kong office, *for use by the AMCIT employees there* to communicate with Califunny. The request was denied with a FORM LETTER checked "resubmit a non-Triple DES method" or words close to that. Further, Phil told the Subcommittee that every time they need a bug fix on the CDMA code running on the system in HK; they must resubmit the whole package back for approval. A BUG FIX! They've been through this many times, each one taking eons. Just suppose ARCO needed all new permits every time they adjusted the crude mix, or retuned the cat cracker? -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From jim at ACM.ORG Fri Jul 19 11:23:51 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Sat, 20 Jul 1996 02:23:51 +0800 Subject: Netscrape download In-Reply-To: <199607190151.VAA14421@nrk.com> Message-ID: <199607191425.HAA16887@mycroft.rand.org> >[From Phil Karn] >Netscape's use of a CGI interface to download the US version >(128-bit key) of Netscape Navigator raises the possibility >that they are "serializing" or "personalizing" each copy they >send out, perhaps in response to a DoS request that they do so >in order to trace unauthorized redistribution. >SunOS version: >e72ff352ca7c619cb31b8f8ef3651b28 This is the same one I got. No funny business there. Jim Gillogly Mersday, 26 Afterlithe S.R. 1996, 14:25 From perry at piermont.com Fri Jul 19 11:36:41 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 20 Jul 1996 02:36:41 +0800 Subject: Secure IRC conversations In-Reply-To: Message-ID: <199607191510.LAA04553@jekyll.piermont.com> harka at nycmetro.com writes: > does anybody know of a way to have encrypted conversations on the > IRC or via ytalk? An encrypted version of ytalk is available -- you'll have to hunt around to find it. Perry From wb8foz at nrk.com Fri Jul 19 12:07:38 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 20 Jul 1996 03:07:38 +0800 Subject: PictureTel Licenses Cylink Security Technology For Encrypted Videoconfe (fwd) Message-ID: <199607191526.LAA17075@nrk.com> Message-ID: Clarinet reports: SUNNYVALE, Calif.--(BUSINESS WIRE)--July 19, 1996--Cylink Corp. (NASDAQ: CYLK) today announced that it has licensed its patented security technology, the Diffie-Hellman, Hellman-Merkle patents covering public key cryptography, to PictureTel Corp. (NASDAQ:PCTL) to be used in its System 4000 group videoconferencing systems. The Cylink license allows access to all implementations of Public Key cryptography, including Diffie-Hellman key exchanges and Digital Signature Standard (DSS), ..... ============== Hmm..... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From frissell at panix.com Fri Jul 19 12:11:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 20 Jul 1996 03:11:52 +0800 Subject: BIG_dif Message-ID: <2.2.32.19960719151139.0083afac@panix.com> > Because of these concerns, Mondex has been modified in > the United States so that banks will be able to track > card use. That will allow them to audit for fraud, if > not recreate every transaction. Data from Mondex cards > will be used for various product marketing. > > "We believe there should be privacy, but there is a big > difference between privacy and anonymity," Dudley Nigg, > executive vice president of Wells Fargo, said. So, how will the identity of the cardholder be tracked when they are transferred physically from one person to another? Presumably bank tracking will only work when the card is submitted to a "public" terminal. "Wallet" transfers won't be tracked immediately. Also, if an API is realeased, interesting possibilities are created. DCF From wombat at mcfeely.bsfs.org Fri Jul 19 12:59:09 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sat, 20 Jul 1996 03:59:09 +0800 Subject: Filtering out Queers is OK In-Reply-To: <2.2.32.19960719095559.00692920@gonzo.wolfenet.com> Message-ID: > >Filtering is not "wrong," Cerridwyn, it is a rational response to garbage > >being spewed constantly. I filter lots of items. I read "Scientific > >American" and "The Economist" because they filter (or "censor," in the > >sense some are objecting to here) nonsense about "queer rights" and > >"peircing fashions," to name but a few things I have no interest in hearing > >about. > ... hmmm ... You seem to be fighting a losing battle; the Wall Street Journal carried an article about piercing AND an article about using Kool Aid as hair dye this week. Who knows - the Economist may not be far behind (although the mag has gotten so thin, there wouldn't seem to be much room). - r.w. From wendigo at pobox.com Fri Jul 19 13:10:13 1996 From: wendigo at pobox.com (Mark Rogaski) Date: Sat, 20 Jul 1996 04:10:13 +0800 Subject: Reverse Engineer In-Reply-To: <01BB752B.7DCF4600@ip65.i-manila.com.ph> Message-ID: <199607191530.LAA13859@apollo.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be Jerome Tan wrote: : : What do you mean by "reverse engineer?" I have heard this word several = : times especially in the world of hacking, but... can someone tell me = : what it really meant? : Reverse engineering is the process of taking a piece of executable code, be it a Win95 program or firmware for a cellular phone eeprom, and running it through a disassembler. The disassembler converts the machine code into assembly instructions. From there, a person with a lot of spare time, a good understanding of compiler design, and a lot of caffeine can translate the assembly instructions into a higher level language (ie. C, C++, VisualBasic). The first part is easy (and writing a disassembler is a good project for upper-level Comp Sci courses), but the second part is a real bear and people with the knowledge and drive to do it have my respect. - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe+p8g0HmAyu61cJAQEyFAQAq+zOnHz6ZV+dtKZ08hSXkoLMEsteJXP3 NPnYRmfnGf+Xtl9GJaewMqYbXIbGTYePDlAqXw0Oxa3AI4+vtyQAe1u4PbqUdqHq rgvqW9xYnR41U3eFAgp1WjINAZa5am6C1CpQxwI6oETmF8S6uMtJpBQxpYMKBUSA 8NhOKhQfuaE= =+ZvY -----END PGP SIGNATURE----- From somebody at tempest.ashd.com Fri Jul 19 13:18:48 1996 From: somebody at tempest.ashd.com (somebody at tempest.ashd.com) Date: Sat, 20 Jul 1996 04:18:48 +0800 Subject: Secure IRC conversations In-Reply-To: Message-ID: On Thu, 18 Jul 1996 harka at nycmetro.com wrote: > Hi there, > > does anybody know of a way to have encrypted conversations on the IRC or via ytalk? If you use a unix irc client there is a function call for crypt that can be used to crypt decrypt data with a key. This not the best or most secure way of doing things but it does work and it is easy to make use of many of "Elite/warezpuppy/gotnobrian wanna b" scripts have this already coded in. Example are phoenix, venom, and the list goes on. Carlos From Clay.Olbon at dynetics.com Fri Jul 19 13:54:14 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Sat, 20 Jul 1996 04:54:14 +0800 Subject: The risks of information warfare Message-ID: I would like to put forth the assertion that "society", of late, has become exceptionally poor at judging relative risk. I think this is due in large part to the sensationalism of the media (although this is not an entirely new phenomena - "remember the Maine"). I will cite a few examples: 1. Radon causes 25% of all lung cancer. Of course every study but one shows no link between radon and lung cancer. Still, Americans spend billions testing and reducing the "threat". 2. Second hand smoke kills. Probably, but the only statistical link was found by picking and choosing which studies to use. And the freedoms of millions of Americans are dramatically restricted based on this premise. 3. Terrorism is a big threat to the "national security". Of course more people are killed in the bathtub than by terrorists, but that is beside the point. My reason for bringing these up is that I think much of the "information warfare" 5th horseman is overblown hype - in the same category as 1-3 above. Of course, many security professionals will disagree, because it is in their best interests to do so - their level of funding depends on it. Sure, there have been break-ins and some loss of $$ (of course that is what insurance companies are for). I have seen nothing, to date, that would justify massive increases in government power over the private sector; this of course, has never stopped them before. The desire to "do something" appears to infect every politician, fortunately our system has checks and balances to limit the ability for them to "do something" - because more often than not it is the wrong "something"! Unfortunately, these checks and balances have been seriously eroded over the past 60 or so years. It is now much more necessary to actively oppose such idiocy as the FDA regulating tobacco or the govt imposing "policy" over the entire information infrastructure. It is hard to "buck the tide", but those of us who are skeptical of government "solutions" to "problems" that may or may not exist must actively oppose them. Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From harka at nycmetro.com Fri Jul 19 14:04:01 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Sat, 20 Jul 1996 05:04:01 +0800 Subject: Responding to Pre-daw Message-ID: -=> Quoting In:hallam at ai.mit.edu to Harka <=- In> If you want to own guns then you should accept the fact that you risk In> having your head blown off in the middle of the night by a SWAT team. In> Just as the car has introduced the risk of being killed in a trafic In> accident the gun has introduced new risks. If society dosen't like the In> risks then it can opt to ban the technology. Except that getting killed in a traffic accident IS an accident (mostly :)) while having black clad Fed's storming into your house was _consciously_ decided by them, because THEY have a problem with YOUR guns (?!)... Harka ___ Blue Wave/386 v2.30 [NR] From nobody at REPLAY.COM Fri Jul 19 14:18:47 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 20 Jul 1996 05:18:47 +0800 Subject: Netscape Message-ID: <199607191626.SAA09380@basement.replay.com> Hi! There appears to be some new Netscape files with US encryption in ftp://utopia.hacktic.nl/pub/replay/pub/incoming/ netscape-fts2-hp10.tar.gz Fast Track Server 2.0 for HPUX10 netscape-fts2-nt.exe Fast Track Server 2.0 for WinNT netscape-hpus-30b5.tar.gz Navigator 3.0b5 for HP-UX netscape-linux-30b5.tar.gz Navigator 3.0b5 for Linux netscape-ssl30-src.tar.gz SSL 3.0 source code netscape32us-30b5.exe Navigator 3.0b5 for Win95/NT By the way, is it possible to get a certificate for the Fast Track 128 bit servers outside of north america? Or would the certificate issuer be conspiring to export crypto if he exported a certificate? From brianh at u041.oh.vp.com Fri Jul 19 14:50:18 1996 From: brianh at u041.oh.vp.com (Brian Hills) Date: Sat, 20 Jul 1996 05:50:18 +0800 Subject: VRML Message-ID: Hello, Does anybody know of a mailing-list for VRML? I have tried www-VRML at wired.com but there is nothing, least not returned. Any help and/or direction would be appreciated. Thanks in Advance, brianh at u041.oh.vp.com UNTIL WE MEET AGAIN :-) From steve at miranova.com Fri Jul 19 16:22:01 1996 From: steve at miranova.com (Steven L Baur) Date: Sat, 20 Jul 1996 07:22:01 +0800 Subject: MSNBC and cookies In-Reply-To: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: >>>>> "Peter" == Peter D Junger writes: (About accessing http://www.msnbc.com/ ) Peter> I can confirm it. I never gave them the cookie. Had one hell of a Peter> job backing out. I don't know what would have happened if I had set Peter> my cookies file to be read only. Peter> It's a nuisance, but I suppose there is no reason that a Peter> commercial service can't do such a thing. But what happens Peter> when one tries to access it with Lynx? You lose! Typical Microsoft arrogance: Welcome to MSNBC Welcome to MSNBC [LINK] http://www.msnbc.com/default.asp? (and the links don't work of course). Since Lynx is the only browser blind^H^H^H^H^Hvisually challenged people can use, failure to make a site readable with Lynx is a clear case of discrimination. -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone except you in November. From tcmay at got.net Fri Jul 19 16:33:12 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 07:33:12 +0800 Subject: Filtering out Queers is OK Message-ID: At 8:48 AM 7/19/96, Simon Spero wrote: >On Thu, 18 Jul 1996, Timothy C. May wrote: >> Filtering is not "wrong," Cerridwyn, it is a rational response to garbage >> being spewed constantly. I filter lots of items. I read "Scientific >> American" and "The Economist" because they filter (or "censor," in the >> sense some are objecting to here) nonsense about "queer rights" and > >Actually, the Economist has, er, come out strongly in favour of gay >rights on numerous occasions- most recently on the issue of same sex >marriages. Sure, and I didn't exactly state what my position _is_ on so-called queer rights. I said I have no interest in hearing nonsense about it, e.g., the drumbeat of propaganda, etc. Of course, it should come as no surprise that I believe everyone has the legal right to refuse to associate with anyone. Thus, a shop owner or employer, in my view, has every right to refuse service or employment to whomever he wishes. While many may not _like_ this (including me, when I am banned from certain businesses, as I am), it is part and parcel of liberty. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From grafolog at netcom.com Fri Jul 19 16:50:22 1996 From: grafolog at netcom.com (Jonathon Blake) Date: Sat, 20 Jul 1996 07:50:22 +0800 Subject: MSNBC and cookies In-Reply-To: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: Peter: On Fri, 19 Jul 1996, Peter D. Junger wrote: > : I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM > But what happens when one tries to access it with Lynx? What page? I just tried it, and all I saw I was "Wwelcome to MSNBC" and "[LINK]". Tried to link, and found myself back on the same screen. The only thing that isn't usual for the site, in comparison to the stuff that comes out of Redmond, is a high sticker price. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From frissell at panix.com Fri Jul 19 18:15:45 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 20 Jul 1996 09:15:45 +0800 Subject: Kellstrom Calls for DT Funding Message-ID: <2.2.32.19960719183314.00847ac0@panix.com> In a "briefing" on TWA 800 when one of the reporters tossed Big Jim Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a softball question about what he needed to fight terrorism; he took the opportunity to call for full funding of the Digital Telephony Bill. He said the usual about how bad guys conspire and we need to tap. DCF From tcmay at got.net Fri Jul 19 18:42:45 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 09:42:45 +0800 Subject: Filtering out Queers is OK Message-ID: At 3:45 PM 7/19/96, Troy Denkinger wrote: >We have an interesting problem here, though. You say that the government >has no right to tell you how to set your filter; no doubt about that, imo. >However, most people who use these filters are going to be quite happy to >allow some corporate entity the privilege of setting their filters for them >and, if the consumer should ask about criteria and such, they are told that >that's a trade secret. So, people will be allowing a corporate entity that And? After all, when Coca Cola offers only one formula for Coke (these days, at least) and yet keeps the formula a treade secret, is this not similiarly restrictive of "choice"? The fact is that consumers never have full freedom about what other agents or companies offer to trade to them. >exists for profit to set their filters for them. This is a very scary thing >and perhaps even more frightening than having the government do it. I think >that the people on this list tend to maintain a healthy scepticism toward >the various TLAs, but we have to remember that a large, multinational >corporation has not even got a sense of a greater "national good" or even >"national security" to guide it. Magazines, newspapers, and other such sources routinely make editorial decisions about what to cover. And no, they do not necessarily publicize the inner workings of their editorial process. Are we to be "scared" that "Newsweek," for example, has their own filters and is a multinational corporation (gulp)? "Newsweek" has many secrets of their own; the most recent being that their own Joe Klein was the author of the anonymous novel "Primary Colors," and the publisher knew it. People and companies have their own agendas, their own filters, and their own reasons for doing things they do. Get used to it. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From karn at unix.ka9q.ampr.org Fri Jul 19 18:45:02 1996 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 20 Jul 1996 09:45:02 +0800 Subject: Netscrape download In-Reply-To: <199607191425.HAA16887@mycroft.rand.org> Message-ID: <199607191915.MAA00310@unix.ka9q.ampr.org> Thanks. Others have confirmed the BSDI and Windows 95 version, so I guess they're all the same. Phil From dlv at bwalk.dm.com Fri Jul 19 19:02:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 10:02:38 +0800 Subject: take the pledge In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com> Message-ID: "Perry E. Metzger" writes: > I'd like to ask people to publically pledge that they will not reply > to David's messages. This is such a pledge. I've already said this before, but I'll say it again: *Dr.* David Sternlight is an asshole and I pledge not to reply to his messages. Can we talk cryptography now? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frissell at panix.com Fri Jul 19 19:08:50 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 20 Jul 1996 10:08:50 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960719195905.008675d0@panix.com> At 10:19 AM 7/19/96 -0700, Sandy Sandfort wrote: >> >[In California] anyone found in your house at night is >> >presumptively a threat to which you may respond with deadly >> >force. Shoot on sight, in other words. > >To which Cerridwyn responded: > >> I find it hard to believe "anyone". If "anyone" happens to be >> law enforcement, as has been proven again and again: yer screwed >> no matter what (either dead or in jail forever). > >Hard to believe or not, that's the presumption. Now in law, >it's a rebuttable presumption, but it's still a get-out-of-jail >card if you did not know the shadow at the end of the call was >a cop who was LAWFULLY in your house. In this regard, I called into a local (NYC) National Commie Radio talk show (Brian Lehrer's) last year and was talking with the host about G. Gordon Liddy's remarks on shooting federal agents who unlawfully break into your hose. I said that self defense *could* (not necessarily *would*) work as a defense to a murder charge involving the killing of federal agents in this circumstance. He asked me if I could come up with any examples from real life where this had worked and I immediately shot back with "Yeah, Randy Weaver and Kevin Harris." That was the so-called Ruby Ridge case. They were acquitted of murder. Then there was the guy in New York who shot six NYC cops who surrounded the apartment where he was hiding (none died). He was acquitted of assault and attempted murder charges because he argued that he thought the cops had been sent to kill him by the drug dealers that it was his profession to rob. Love those NYC juries. And they say that there's no justice for a black man in Amerikkka. Don't try this at home though kids. Better to be elsewhere when they come looking for you. DCF From hua at xenon.chromatic.com Fri Jul 19 20:23:54 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 11:23:54 +0800 Subject: Responding to Pre-daw In-Reply-To: Message-ID: <199607192338.QAA24445@server1.chromatic.com> > > > Except that getting killed in a traffic accident IS an accident (mostly :) > > > while having black clad Fed's storming into your house was _consciously_ > > > decided by them, because THEY have a problem with YOUR guns (?!)... > > > > I think the original point was that they MIGHT storm into your house > > by mistake (say, because they incorrectly accepted a informant's > > story). Therefore, it is truly a mistake. > > Well, not really. It would be severe case of neglegence which is not the > same as a mistake. When you drive, you have to prove that you know what > you are doing by getting a driver's licence. Uh ... I think you missed the point of my mail. I think I explained it later on, but here it is in different words. It may be clearer this time. > If you are a SWAT guy and some informer would come along and say "This > and that person is a terrorist, I know for sure" and you go into that > house and shoot everything that moves, well, doesn't sound much like an > accident to me... I think it would be unfortunate if you think that SWAT team members are trained to storm in and shoot anything that moves. They are trained to provide protection to themselves while attempting to apprehend the target. That, to you, may be a subtle difference, but it make a big difference to me: 1. In your interpretation, they literally rampage through the target site without much regard for the destruction they may cause. 2. In my interpretation, they are trying their best to balance the need to quickly apprehend the target, with the serious potential of being harmed in the process. In circumstances where there is beyond a shadow of a doubt that the target is criminal, then I would support their actions fully. But it is clear that mistakes have been made in the past. The tragic consequences of those mistakes are unforgivable. Therefore, the mistakes MUST be prevented. That said, I think, in most cases (and I believe most LE believe this too), there does not need to be a violent conflict. I believe they can choose a different scenario. They do not have to choose a scenario where they have to be in immediate danger. The recent Montana standoff is an example where government agents did NOT choose to storm in (good or bad decision is another debate). It is not unreasonable to be scared into doing irrational things if someone storms into your house at 4am. However, if you get a phone call saying your house is surrounded, you might have more time to think straight and realize that there is some horrible mistake. And, as far as I know, it is perfectly legal to be a little paranoid. Ern From tcmay at got.net Fri Jul 19 20:52:29 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 11:52:29 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: At 5:21 PM 7/19/96, Arun Mehta wrote: >I must admit all this talk about what kinds of bullet best >penetrates Kevlar makes me >shake my head and wonder what's happening to the world -- >particularly since you are >far more likely to use this weaponry in a rage against a loved one than >against >someone breaking down your door. The "good" guys arming By "you," I have to presume you mean "me." No, I am not at likely to use this weapon in a rage against a loved one. Trust me. In any case, by far the most common weapon used for family killings is the ordinary knife. Easily available, in multiple forms, it kills efficiently (if not always quickly). >themselves so that the "bad" >don't invade reminds me of the stupid arms race between the US >and the Soviets: I >wonder how many burglars in Western Europe carry guns -- in the US, you'd >be real stupid if you didn't carry the latest weaponry. It may sound "stupid" to you...I suggest you read up on evolutionary game theory. Sometimes one has no choice but to respond to an arms buildup. Unilateral disarmament rarely works. By the way, many burglars consciously and carefully choose to be unarmed, as confrontation is _not_ what they want, and they know that possession of a firearm during a robbery significantly worsens their situation if they are apprehended. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From vacuo at nemesis.meaning.com Fri Jul 19 21:01:56 1996 From: vacuo at nemesis.meaning.com (vacuo) Date: Sat, 20 Jul 1996 12:01:56 +0800 Subject: NSA response to key length report Message-ID: <199607200016.RAA24381@black.colossus.net> In message <199607192110.RAA07548 at crypto.com> Matt Blaze writes: > Particularly impressive is that our key length report was hardly > above criticism from several angles, but their rebuttal managed > somehow to avoid them. > > What I find most disturbing about this is that their report was > provided secretly to policymakers in the administration and in > Congress, without independent technical review that would have > quickly exposed the fallacy of the arguments. I never would have > seen it had several of the recipients not faxed it to me. This is > the first hard evidence I've seen of NSA providing anything less > than the highest quality technical analysis to other parts of the > government. A non-specialist reader would be easily misled by the > technically dense, but completely irrelevant, "rebuttal". It smacks > of either ill-informed sloppiness, or, perhaps worse, self-serving > disingenuous cynicism. Either conclusion is scary, and, to me in > fact, quite surprising. It is only surprising because you are a naive fool. The NSA will stop at nothing to control us and you are just helping by allowing yourself to be playing by their own rules and will set yourself up for them to use as an example to the rest of us when they get your ass. Don't be an idiot - wake up and LOOK. Read puzzle palace. We can't win on there terms. They aren't playing fair and we shouldn't either. From sdavidm at iconz.co.nz Fri Jul 19 21:11:32 1996 From: sdavidm at iconz.co.nz (David Murray) Date: Sat, 20 Jul 1996 12:11:32 +0800 Subject: Borders *are* transparent Message-ID: <199607192310.LAA13923@iconz.co.nz> At 11:24 AM 7/18/96 -0700, TCM wrote: > ... Borders _are_ transparent. There are >so _many_ degrees of freedom for getting stuff across borders. The hope >that a bunch of *bits* can be stopped in ludicrous. > >_This_ is why I expect the Netscape beta to arrive overseas pretty soon. Undoubtedly. Interestingly (to me, anyway), I noticed on my last trip to Hong Kong that the Netscape products for sale in the legitimate shops had "US/Canada only - not for export" (or similar) printed on the packaging. (Also of note, the hot Pirate CD of that time "Internet Xpress", with such goodies as Symantec Java Cafe, Spry Internet Office Pro, Netscape Fast Track Server v2.0, Commerce Builder v1.5, also featured ViaCrypt PGP v2.71 for Windows. Nice to see encryption as a must have net tool...) dm From jimbell at pacifier.com Fri Jul 19 21:22:32 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 20 Jul 1996 12:22:32 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <199607200036.RAA15172@mail.pacifier.com> At 03:49 PM 7/19/96 -0500, Igor Chudov @ home wrote: >> >> I may be a little nuts, but does it strike anyone else that a good >> self defense weapon against ninja raids would be a hand gernade? >> > >Maybe not even a little:) > >I suggest wiring an anti-tank mine to your door every night. If >ninjas break in, everyone goes to hell. No need to wake up and be >alert in sleep -- all will be done automatically. So before that >ninja raid you will sleep better. I've had a substantially better idea. Hang carbon-fiber bundles from the ceiling, which are charged to about 10,000 volts when an intrusion is detected. They'll glom onto anything conductive within their range, and anyone with the bad fortune to be breaking into the house at that moment _might_ live to regret it. (resistors could be added to limit the current to non-fatal but exceedingly painful levels. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Fri Jul 19 21:25:44 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 20 Jul 1996 12:25:44 +0800 Subject: Bare fibers Message-ID: <199607200153.SAA18305@mail.pacifier.com> At 05:32 PM 7/18/96 -0700, Cerridwyn Llewyellyn wrote: > >>a (hidden) drive to your computer using a reasonably surreptious link that >>is difficult to trace. Say, an IR optical link, a single bare (unjacketed) >>optical fiber, a LAN with hidden nodes, or a similar system. Maybe an > >I find the idea of the optical fiber very interesting. Is there such >a beast currently available? I really don't know anything about fiber, >and therefore it would be very difficult for me to construct such a >system myself... Unjacketed fiber exists, but since its primary use is to build up jacketed fibers and fiber bundles, it is rarely seen in industry outside of the companies which normally use it. But it is available. The fiber is usually coated with a very thin layer of clear plastic to protect against moisture and abrasion, and the diameter is around 0.5 to 1.0 millimeters in diameter. Terminating fiber is specialized; it is cleaved using diamond tools, and is usually polished after mounting in a holder. These days, transmitters and receivers are easily available. For a relatively short run, plastic fibers would probably be the best bet. Jim Bell jimbell at pacifier.com From wb8foz at nrk.com Fri Jul 19 21:28:42 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 20 Jul 1996 12:28:42 +0800 Subject: Kellstrom Calls for DT Funding In-Reply-To: <2.2.32.19960719183314.00847ac0@panix.com> Message-ID: <199607200149.VAA19633@nrk.com> > > In a "briefing" on TWA 800 when one of the reporters tossed Big Jim > Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a > softball question about what he needed to fight terrorism; he took the > opportunity to call for full funding of the Digital Telephony Bill. He said > the usual about how bad guys conspire and we need to tap. > Not it was his baby all the way, hence his personal interest.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From alanh at infi.net Fri Jul 19 21:35:40 1996 From: alanh at infi.net (Alan Horowitz) Date: Sat, 20 Jul 1996 12:35:40 +0800 Subject: take the pledge In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com> Message-ID: > Look, folks, we all know that 99% of what David Sternlight posts is > garbage. Why don't we all pledge not to answer any of his posts, and > then he'll go away. Thanks Perry for a great idea. Add my name to the list. From alanh at infi.net Fri Jul 19 21:39:26 1996 From: alanh at infi.net (Alan Horowitz) Date: Sat, 20 Jul 1996 12:39:26 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: <199607191255.IAA00550@jafar.issl.atl.hp.com> Message-ID: What does this Sternlight guy do for a living? From hua at xenon.chromatic.com Fri Jul 19 21:47:38 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 12:47:38 +0800 Subject: Filtering out Queers is OK In-Reply-To: <199607190748.AAA08518@netcom2.netcom.com> Message-ID: <199607192315.QAA24402@server1.chromatic.com> > The problem with giving parents the absolute right to control > their childrens' input of memes until the children are too old > and stupid to learn anything new, is that it creates generational > propagation of obsolete ideologies. All the Dole children think > exactly like Bob. All the Hitler children think exactly like > Adolf. Same for the Mengele children, the Nixon children, the > Stalin children, the Netanyahu children, etc... The same can be said of the children of the more politically correct. My opinion is that religion is a waste of time and resources, and therefore, those who force their children to be religious is doing precisely the same harm you allude to. That is strictly MY opinion. If there are enough of me around, should we be allowed to force the government to take children away from their religious parents? More mildly, can the government "protect" a child from religious ideas? What gives the society more rights to regulate how the child shall be brought up, except the narrow interest of protecting the physical safety of the child? It is not even clear that the government may force a child to accept secular ideas that may violate the child's religious background, even if the government has a compelling secular interest in doing so. Yes, we would like fewer Hitler's in the future. But should we NOT let the people decide how the raise their children because there is some risk of a few of them turning into future Hitlers? Ern From EALLENSMITH at ocelot.Rutgers.EDU Fri Jul 19 21:48:33 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sat, 20 Jul 1996 12:48:33 +0800 Subject: MSNBC and cookies Message-ID: <01I79JPZV1F49EDBND@mbcl.rutgers.edu> From: IN%"junger at pdj2-ra.F-REMOTE.CWRU.Edu" "Peter D. Junger" 19-JUL-1996 13:57:57.15 >It's a nuisance, but I suppose there is no reason that a commercial >service can't do such a thing. But what happens when one tries to >access it with Lynx? At least with VAX/VMS Lynx (I assume the other version would be doing the same thing), you get stopped at "Welcome to MSNBC [IMAGE]". Both links lead to the same page, namely the one you're already on. -Allen From tcmay at got.net Fri Jul 19 21:56:44 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 12:56:44 +0800 Subject: Ignorance is Strength, Escrow is Security Message-ID: At 9:01 PM 7/19/96, Steve Reid wrote: >I'm sure the evil Iraqi terrorists (and other horsemen) are snooping the >line, using their newly purchased PCs and FPGAs to crack the 40-bit crypto >so that they can gain the wonderful advantages of 128-bit SSL, which will >of course prevent wiretaps from working, thus aiding them in their >terrorist attacks and bringing about the end of the world as we know it. The Iraqi People's Benovolent Security Protection Brigade (IPBSPB) has no need to snoop the lines, at least for my communications, as I am voluntarily escrowing my communications keys as well as my storage key with the IPBSPB. To the United States government requesting a global key escrow regimen, be careful what you ask for, as you may get it. (Question: I know that the Iraqi IPBSPB has close relations with the French SDECE, so does this mean I can just escrow my keys with the Iraqis and assume they have let the boys at SDECE get copies?) "America will be stronger when 137 nations of the world and their notoriously corrupt security services have access to all communications of Americans." Ignorance is Strength, Escrow is Security, Arbeit Macht Frei. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Jul 19 22:00:07 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 13:00:07 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: At 6:42 AM 7/19/96, snow wrote: >On Thu, 18 Jul 1996, Doug Hughes wrote: > >> If people break into my house with the element of surprise wearing >> all black in the middle of the night, they have the element of surprise >> FIRMLY on their side.. I'd have to believe that reaching for a gun >> was the most stupid thing I could do in the entire world in this sort >> of circumstance. >> "You'd be right, but you'd be dead" - Dr. SNMP >> If you don't reach for a gun, at least you have the 'chance' for >> restitution on your side. If you're dead, you have no options. > > If you are trained a certain way, you _are_ going to reach for >a weapon, and hell, at least then my kid will have enough money to go to >whatever college she wants. Snow is absolutely right! Surprised in the night, with no clear identification of the entrants (and yelled "Police!!" claims are used by home invaders, so I would not trust this anyway), a trained person will instinctively reach for his weapon. I again ask what was so wrong with the "You are surrounded. Come out with your hands up." routine of years past. Instead of anonymous ninjas in paramilitary black raiding a house and shooting anything that moves, use some "due process." And "due process" is what it's about. Presentation of a warrant, or at least pretty careful announcement of identity. Blasting down doors without presentation of an arrest or search warrant is just not the American way. Are there circumstances that can ever justify no-warning attacks? I suppose so, such as when clear evidence of, say, a bomb-making or terrorist cell is invovled. Neither condition was met at at either Ruby Ridge or Waco, nor in the vast number of midnight drug raids. If a black-clad ninja enters my house without warning, I'll have to react the only way I know how, by reaching for my gun. I don't have the luxury of freezing, exposing my neck (wolf-style), and hoping that the ninjas are "just" the police. And very interestingly, many cops are saying the same thing. They realize that the dangers of being killed in a firefight in the confusion of a pre-dawn raid are not worth the meager gains. And SWAT-raiding the wrong house has resulted in many a million-dollar judgements agasint police departments. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hallam at ai.mit.edu Fri Jul 19 22:07:50 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Sat, 20 Jul 1996 13:07:50 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <4snp6n$s9u@life.ai.mit.edu> Message-ID: <31F01F8B.794B@ai.mit.edu> Jonathon Blake wrote: > On Fri, 19 Jul 1996, Hallam-Baker wrote: > > > dangerous people arround besides the government and the government is the > The _only_ difference between a gang of thugs, and a government, > is that the latter admit to being thugs, whilst the former deny > that. They both operate on the same prinicple -- steal from > others, and kill those that oppose them. The people of the USA fortunately disagree. Its no coincidence that Limbaugh has been unable to continue his tv show after his coverage of the OKC bombing. It is not socialy acceptable to call for the murder of Police officers in most countries. By doing so you are discrediting yourself and those who support you. > > only agency that is going to protect society from them. If you don't like > > Governments are the agencies _most_ likely to abuse one's > freedom. << Take Northern Ireland, as an example of what > happens, when a government tries to pacify a region, by > prohibiting everything. >> Troops were sent into Northern Ireland originally to protect the Catholic minority from the protestants. The two communities have been murdering each other for centuries and there are bigots on both sides who think that the events of three hundred years ago "prove" that the other is evil incarnate. Do you support the "punishment beatings" performed by the IRA. So far this year they have committed grievous bodliy harm against 270 people. They have also murdered 4 people. There have been no deaths from police or army use of firearms in that period. Your assertion is therefore false. If you want to discuss the politics of Ireland you should at least visit the place. You will find remarkably less sympathy for your romantic visions of bloodshed amongst the people who have to live with the consequences. The British people have little sympathy for either side and would quite happily leave the two sides to slaughter each other if it wasnt for the fact that the majority of the population wish to remain British and have voted to remain so in regular referenda and national elections. Phill From alanh at infi.net Fri Jul 19 22:09:18 1996 From: alanh at infi.net (Alan Horowitz) Date: Sat, 20 Jul 1996 13:09:18 +0800 Subject: Responding to Pre-daw In-Reply-To: <199607192233.PAA24315@server1.chromatic.com> Message-ID: On Fri, 19 Jul 1996, Ernest Hua wrote: > Worse yet, the bureaucrats, whose asses are on the line when a tragic mistake > occurs which planet are you talking about, Ernest? Ernie, you figure any FBI folks are going to get disciplined for illegally giving files to the White House? From gregorye at microsoft.com Fri Jul 19 22:11:55 1996 From: gregorye at microsoft.com (Gregory Ellison) Date: Sat, 20 Jul 1996 13:11:55 +0800 Subject: Inventor of radio... Message-ID: Friday, July 19, 1996 7:14 AM, Jim Choate wrote: >> I would like to correct a misconception about who is credited with the >> invention of radio. Nikola Tesla has held the credit for the creation since >> the resolution of the original lawsuit in the mid-80's. I've heard this decision referred to many times but have been unable to locate any specifics. Can anyone provide a pointer? -- Gregory "Opinions expressed herein are entirely my own and not the opinions of my employer." My PGP key is on the keyservers > From david at sternlight.com Fri Jul 19 22:16:55 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 13:16:55 +0800 Subject: PictureTel Licenses Cylink Security Technology For EncryptedVideoconfe (fwd) In-Reply-To: <199607191526.LAA17075@nrk.com> Message-ID: At 8:26 AM -0700 7/19/96, David Lesher wrote: >Message-ID: > >Clarinet reports: > > SUNNYVALE, Calif.--(BUSINESS WIRE)--July 19, 1996--Cylink Corp. >(NASDAQ: CYLK) today announced that it has licensed its patented >security technology, the Diffie-Hellman, Hellman-Merkle patents >covering public key cryptography, to PictureTel Corp. (NASDAQ:PCTL) >to be used in its System 4000 group videoconferencing systems. > > The Cylink license allows access to all implementations of >Public Key cryptography, including Diffie-Hellman key exchanges and >Digital Signature Standard (DSS), ..... That's what Cylink claims. RSADSI disagrees vigorously. Stay tuned for the court results. David From hua at xenon.chromatic.com Fri Jul 19 22:18:07 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 13:18:07 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids) In-Reply-To: Message-ID: <199607192255.PAA24351@server1.chromatic.com> > > Just why do you suppose a pissed-off six-year-old (because, let's say, > > another six-year-old stole his lunch) would not blast someone? > > I can only assume that > #1: You've never lived where both long arms, and side > arms were a part of normal casual dress attire. > #2: You have no comprehension of non-wasp culture norms. Before you make some irresponsible accusations, please investigate the facts. I grew up in both Western-style and backward country Taiwan. Neither required side arms, and we did fine. Neither are what you might consider "wasp". And I certainly would not want your own childhood distortions to become the social norm. I am sure they killed and lynched many Asians "in the good ol' days". I'm not for those days. The point is, you would not give a gun to someone with mental disorders. Right? (If you would, then we might as well just stop the conversation here.) The reason you would not is because there is a "significant" chance that this person would not respect basic social values like life, liberty, etc ... If I remember correctly, there were MANY times when, if I had a weapon capable of killing someone near invisibly (say a poison dart), I just might have used it. Of course, as an adult I would live to regret having the ability and resources to following through on a fit of childhood rage. When your BIG goal is to get to 16.5 so you can a learner's permit, you just don't have a well-balanced view of the world yet. In addition, when you don't have a family, when you don't have buy-in of ANY SORT into your community, when you have ZERO future (as in the lives of some inner city kids), you simply do not care about these other concepts like brotherhood and community. I have always argued that those who have vesting in a community will work harder to make that community great. The same principle applies to companies where the employees get profit sharing or own significant stock. If you HAVE to care because it would benefit you to care, YOU WILL. If you don't have to care, YOU WON'T. A 6 (or 12 or 18) year old, simply does not have to care. I can bribe my 2 year old with one simple thing: Sweets. He is vested in his immediate futures in cookies and ice cream. Beyond that, he has nothing vested whatsoever (mostly because he just isn't aware of anything serious yet). As a stereotypical geek at 12, at 18, at 24 and now at 30, I am still not completely sure I am mature enough that I would trust my own judgements with a gun. And I have had the fortune of a reasonably good, well-educated, upper-middle-class life. I would hate to see what would have happened if I grew up in a gheto. Ern From paquin at netscape.com Fri Jul 19 22:21:51 1996 From: paquin at netscape.com (Tom Paquin) Date: Sat, 20 Jul 1996 13:21:51 +0800 Subject: Netscape download requirements In-Reply-To: <31EFCCCC.B13@netscape.com> Message-ID: <31F00BD6.3DEA@netscape.com> sameer wrote: > What's the big deal here? Obviously, I'm tired and should have shut up long ago. BTW the "pick.cgi" renaming stuff should be fixed now. Thanks for the prods. -- Tom Paquin Netscape Communications Corp about:paquin From hfinney at shell.portal.com Fri Jul 19 22:29:24 1996 From: hfinney at shell.portal.com (Hal) Date: Sat, 20 Jul 1996 13:29:24 +0800 Subject: MSNBC and cookies In-Reply-To: Message-ID: <199607200318.UAA16515@jobe.shell.portal.com> I find that MSNBC is now working OK without cookies. I tried off and on during the day today (Friday) and last night and it didn't work, but it is working OK now. I can get in with lynx or with my cookie-blocked Netscape. I sent them a nasty letter this afternoon complaining about it so either that may have helped or it is obsolete. Maybe it was just a glitch? Hal From mab at crypto.com Fri Jul 19 22:31:15 1996 From: mab at crypto.com (Matt Blaze) Date: Sat, 20 Jul 1996 13:31:15 +0800 Subject: NSA response to key length report In-Reply-To: <199607190716.AAA20359@server1.chromatic.com> Message-ID: <199607192110.RAA07548@crypto.com> Ernest Hua writes: > > It sounds like most of their "counter-arguments" are just stalling tactics. > > If you are a lawyer for someone you know is guilty, you still would choose > to find every reason in the book to attack the prosecution's case. Here we > have precisely the same effect with the NSA. Any tactical manuveur to keep > stalling the impending collapse of ITAR. > > (It is human .. er .. rather .. bureaucrat-esque to claim innocence in the > face of overwhelming evidence of guilt.) Particularly impressive is that our key length report was hardly above criticism from several angles, but their rebuttal managed somehow to avoid them. What I find most disturbing about this is that their report was provided secretly to policymakers in the administration and in Congress, without independent technical review that would have quickly exposed the fallacy of the arguments. I never would have seen it had several of the recipients not faxed it to me. This is the first hard evidence I've seen of NSA providing anything less than the highest quality technical analysis to other parts of the government. A non-specialist reader would be easily misled by the technically dense, but completely irrelevant, "rebuttal". It smacks of either ill-informed sloppiness, or, perhaps worse, self-serving disingenuous cynicism. Either conclusion is scary, and, to me in fact, quite surprising. -matt From jimbell at pacifier.com Fri Jul 19 22:37:21 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 20 Jul 1996 13:37:21 +0800 Subject: Kellstrom Calls for DT Funding Message-ID: <199607200001.RAA13302@mail.pacifier.com> At 02:33 PM 7/19/96 -0400, Duncan Frissell wrote: >In a "briefing" on TWA 800 when one of the reporters tossed Big Jim >Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a >softball question about what he needed to fight terrorism; he took the >opportunity to call for full funding of the Digital Telephony Bill. He said >the usual about how bad guys conspire and we need to tap. Too bad these people aren't required to show specific examples where the "bad guys" got away as a result of their failure to be able to do wiretaps. Jim Bell jimbell at pacifier.com From adamsc at io-online.com Fri Jul 19 22:37:46 1996 From: adamsc at io-online.com (Chris Adams) Date: Sat, 20 Jul 1996 13:37:46 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <199607200307.UAA05495@cygnus.com> On 18 Jul 96 01:20:16 -0800, tcmay at got.net wrote: >I wonder when and how raids in the U.S. moved from the "Come out with your >hands up" verbal announcement (for the cases that needed more than a knock >on the door) to this blast-in-the-doors approach, where the raiders are >dressed in "tactical black" and are wearing black Nomex hoods and carrying >MP-5s and blast any "perp" who looks at them cross-eyed? OTOH, you have to admit that the possibility of being attacked by a (most likely) better armed criminal has bothered many cops - it has to be a rather stresful job. Sadly, they seem to either a) overreact as noted above or b) be led by idiots who order the above... I used to be a fidonet point off of a board run by a cop. He was very reasonable, and unfortunately seemed to be right at the point where he had enough "empowerment" to be blamed but not enough to shine a little common sense into things... Almost like Vietnam - the grunts get shot and ridiculed because the desk-pilots can't make a valid policy. I liked Tom Clancy's description of the CIA: "We have a lot of people who are good at ordering their martninis shaken, not stirred." >As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G. >Gordon Liddy have noted, any black-clad "ninjas" entering a home at 4 a.m. >without clearly announcing themselves are asking for trouble. (Liddy got in >a lot of trouble for calling for "head shots" on rampaging BATFags. >Frankly, I'm not a good enough shot--especially in high-stress >situations--to make head shots with my H & K .45, so I can only hope to >make torso shots.) See, you need to use that computer - automated defense systems. Bet it could do okay with a ballistics module... >least two of them with me. (Interestingly, the same class of folks who want >to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing >rounds. Fortunately, though KTW ammo is no longer available to "marks" (= >civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum What's really funny is that nobody seems to notice that criminals aren't that concerned with breaking laws. I think some people need to go to Dogbert's school of Common Sense... // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From sandfort at crl.com Fri Jul 19 22:44:02 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 20 Jul 1996 13:44:02 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids) In-Reply-To: <199607192139.OAA23712@server1.chromatic.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 19 Jul 1996, Ernest Hua wrote: > I suspect you might be baiting ... but ... > > If you can trust a six-year-old with an Uzi, I assume that you believe > the six-year-old can "properly" judge what is a threat and what isn't? > Just why do you suppose a pissed-off six-year-old (because, let's say, > another six-year-old stole his lunch) would not blast someone? Works for me. Throughout most of the history of the US, children have routinely been intrusted with deadly weapons--rifles, pistols and shotguns. I got my first real gun when I was seven or eight. (Before that, I had a BB gun as long as I can remember.) I gave my daugher one when she was nine or ten. I know of one FOUR YEAR OLD whose parents gave her a gun. (I have no doubt she would use it far more judiciously than your average cop.) For two hundred years Americans have been able to buy small guns made especially for children. I've seen them and they were beautiful little guns. Nowadays, the gun manufacturers has eschewed them--probably for PR reasons. > Would you just hand out guns to all teenagers? Hell no! Let them or their parents buy them. > You might have had a different childhood, but when I (and most of my > friends) were 6 (or 12 or even 18), our primary concern was having fun, Ditto, bro. And guns are great fun. That's why Thomas Jefferson opined that giving a young man a gun would do far more to build his character then engaging in sports. (I agree.) Next time you are in the San Francisco Bay Area, let me know and I'll take you shooting. Looks like you need some character building. :-) > This means that a group of 1000 KKK members will kill a group of 10 > blacks due to overwhelming force. Again, history shows you to be wrong. Gun control started in the antibellum South as a means to disarm the newly freed blacks. When the Black Muslims bought a Southern plantation in the '60s they were harassed--until they armed themselves with AR-15s. After that, no more problems. Finally, I know a lawyer who was a Freedom Rider in the '60s. Whenever they were confronted with threats of force, they shot back. Presto, off into the woods shrank the cowardly Klansmen. Other--unarmed--civil rights workers ended up being encorporated into dams and land fills. > One principle in the Constitution (which I personally respect > very much) is that a majority should not force its views on a > minority. Me too. That's what we gun owners are fighting to preserve. > Incidentally, if you are interested, I DO have a child (almost 2 yrs), > and I certainly would not even contemplate letting him have a gun (no > matter how well he can use it) until he can legal get one himself. I > will certainly invoke serious wrath (on him and anyone else involved) > if I ever found him with a gun. Unfortunately, the first you might know of it is when he comes across a gun and ends up shooting himself or someone else because of the gun ignorance to which you have condemned him. Good luck. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ravage at einstein.ssz.com Fri Jul 19 22:49:35 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 20 Jul 1996 13:49:35 +0800 Subject: American People the relation to the Police Message-ID: <199607200138.UAA27472@einstein.ssz.com> Hello, Forwarded message: > Date: Fri, 19 Jul 1996 19:51:39 -0400 > From: Hallam-Baker > Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids > > The people of the USA fortunately disagree. Its no coincidence that Limbaugh > has been unable to continue his tv show after his coverage of the OKC bombing. > It is not socially acceptable to call for the murder of Police officers in most > countries. By doing so you are discrediting yourself and those who support you. I am a US citizen. My family were French Heugonauts who came here to escape persecution on religious grounds in the late 1590's. One of my ancestors, Rufus Choate, was a lawyer who argued Women Suffrage to the Supreme Court (he lost AFAIK) in the 1890's. I am operating under two premises. First, that the Constitution is the supreme law of the land. I am also interpreting it literally, under the assumption that our founding fathers were reasonably intelligent men and knew how to express their intents clearly. It is only our desire to avoid the uncertainty that some of the rights imply (eg speech) as well as the potential damage they might cause that clouds the issues for us. In short the uncertainty in constitutional law comes from us and not the Constitution. I disagree. This country fought two wars of liberation (you forgot about 1812) and a civil war to discredit this thesis in relation to a Democracy founded upon individual liberty. It is no coincidence that the Tree of Liberty needs watered with blood on occasion. It is how the value of human life and the pursuits thereof are measured. The entire point of the Second Amendment to the Constitution is to guarantee that the Federal Government does not have sole access to and use of deadly force. The Militia exists to fight the Federal government and other internal insurrections. The Army and Navy are pointed outward, from a constitutional point any use of these forces inside the border of the United States against US citizens is prohibited. At no point is the military given authority over any civil organization or individuals in the Constitution other than in times of war with declaration of Martial Law. I further contend that without Martial Law being called the current use of the military in civil law enforcement are unconstitutional. I will further contend that various parts of the Constitution clearly show intent on the part of the founding fathers to limit the ability of the Federal government to use force. We should recognize what they seemed to have understood viceraly. All rights stem from an individual being alive. Civilization and Democracy in particular should be to increase the ability of an individual to do this. They also understood that democratic government were entered into by the founders (at least, automatic citizenship clouds this issue down the road) voluntarily and with the clear intent to better their position in the world. To this end the avoidance of the use of violence at all costs short of losing your life is a major plus. The constitutional point is to reduce the need for violence. Revolution and War are not murder unless you lose. This is a basic tenet of civilization. I want to be sure you understand I am NOT calling for the use of force against anyone. I believe the only legitimate use of force is in the immediate and direct threat to ones life. I also think that the majority of our current problems can be resolved by the inclusion of the 9th and 10th Amendment in our legal system. > Do you support the "punishment beatings" performed by the IRA. So far this > year they have committed grievous bodliy harm against 270 people. They have > also murdered 4 people. There have been no deaths from police or army use > of firearms in that period. Your assertion is therefore false. How many of them died? Beaten? And from what? Seems I see a article now and again about somebody getting killed from rubber bullets, tear gas, beatings, etc. from police and other related forces. > If you want to discuss the politics of Ireland you should at least visit the > place. You don't have to fall off a mountain to understand the implications of a fall, understanding does not require direct experience in all cases. > You will find remarkably less sympathy for your romantic visions of > bloodshed amongst the people who have to live with the consequences. The > British people have little sympathy for either side and would quite happily > leave the two sides to slaughter each other if it wasnt for the fact that > the majority of the population wish to remain British and have voted to > remain so in regular referenda and national elections. If true, it doesn't speak very highly of the British people. Jim Choate From ichudov at algebra.com Fri Jul 19 22:52:14 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 20 Jul 1996 13:52:14 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607200036.RAA15172@mail.pacifier.com> Message-ID: <199607200134.UAA01969@manifold.algebra.com> jim bell wrote: > At 03:49 PM 7/19/96 -0500, Igor Chudov @ home wrote: > >> I may be a little nuts, but does it strike anyone else that a good > >> self defense weapon against ninja raids would be a hand gernade? > > > >Maybe not even a little:) > > > >I suggest wiring an anti-tank mine to your door every night. If > >ninjas break in, everyone goes to hell. No need to wake up and be > >alert in sleep -- all will be done automatically. So before that > >ninja raid you will sleep better. > > I've had a substantially better idea. Hang carbon-fiber bundles from the > ceiling, which are charged to about 10,000 volts when an intrusion is > detected. They'll glom onto anything conductive within their range, and > anyone with the bad fortune to be breaking into the house at that moment > _might_ live to regret it. (resistors could be added to limit the current > to non-fatal but exceedingly painful levels. It the voltage is 10000 volts, it is always fatal, right? And if you set good enough resistors, then the voltage for the human body itself would be much less than 10000V -- most of the voltage will be taken by resistors themselves. Right? - Igor. From shamrock at netcom.com Fri Jul 19 22:55:47 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 20 Jul 1996 13:55:47 +0800 Subject: "address verification databases"? (was: Netscape download...) Message-ID: At 17:53 7/18/96, Peter D. Junger wrote: >With much help from Tom Weinstein and a bit of luck, I have succeeded >in downloading the Linux version. But the time I tried before it >finally worked, I typed in the New York City area code (212) rather >than the Cleveland area code (216) and since I had given them a >Cleveland address and ZIP code, they (the server, that is) said that I >had made an error. So that must be one thing that they check. Despite the ITAR, Netscape's US version is already available from the usual free-world FTP sites. Next time, you might want to get your copy there. BTW, can somebody please tell me why PGP generated *.asc files show up in Netscape as "VRML Worlds"? TIA, -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From ravage at einstein.ssz.com Fri Jul 19 22:59:15 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 20 Jul 1996 13:59:15 +0800 Subject: Inventor of radio... (fwd) Message-ID: <199607200304.WAA27741@einstein.ssz.com> Forwarded message: > From: Gregory Ellison > Subject: RE: Inventor of radio... > Date: Fri, 19 Jul 1996 12:02:00 -0700 > > I've heard this decision referred to many times but have been unable to > locate any specifics. Can anyone provide a pointer? You should be able to find it via the patent office webpage. I believe the year was 1985, but I could be wrong. Jim Choate From erleg at sdinter.net Fri Jul 19 23:12:38 1996 From: erleg at sdinter.net (Erle Greer) Date: Sat, 20 Jul 1996 14:12:38 +0800 Subject: Viacrypt PGP version 4.0 Message-ID: <2.2.32.19960720021701.006b1570@pop3.sdinter.net> Is there a free/trial/steal/shareware version of Viacrypt PGP Personal version 4.0, rather than forking over $129.00? /---\ |======================================| / /\/ \ |If a train station is where a train | \ \ / |stops, then what is a workstation? | \ \ / |--------------------------------------| /\ |/| /\ |I am not saying that there are no | / \ |\| / \ |gods; just that I haven't had the | / \|/|/ \ |pleasure to meet one. | --------\-------- |--------------------------------------| / |Disclaimer: My opinions never reflect | \ |that of my employer. | v |======================================| |Please respond via E-Mail; I rarely | |check the newsgroups for responses. | |======================================| | mailto:vagab0nd at sd.cybernex.net | | http://www.sdinter.net/~erleg | | If you think my Sig is big... | |======================================| From jimbell at pacifier.com Fri Jul 19 23:13:11 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 20 Jul 1996 14:13:11 +0800 Subject: Singapore officials censor U.S. newgroup posting Message-ID: <199607200006.RAA13627@mail.pacifier.com> At 01:00 PM 7/19/96 -0500, Declan McCullagh wrote: >This move by Singapore to censor a newsgroup posting is a good example of >the overbreadth of government censorship. It's a bait-and-switch maneuver: >say you're going after porn but censor "offensive" speech. >The regulations ban contents that "tend to bring the Government into hatred >or contempt," Isn't it too bad governments don't ban THEIR OWN actions which "tend to bring the Government into hatred or contempt"? After all, I think behind every example of "hatred or contempt" for government, you'll find an act by government which caused it. Jim Bell jimbell at pacifier.com From ravage at einstein.ssz.com Fri Jul 19 23:17:19 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 20 Jul 1996 14:17:19 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids (fwd) Message-ID: <199607200300.WAA27723@einstein.ssz.com> Forwarded message: > Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids > Date: Fri, 19 Jul 1996 20:34:34 -0500 (CDT) > From: ichudov at algebra.com (Igor Chudov @ home) > It the voltage is 10000 volts, it is always fatal, right? And if you set > good enough resistors, then the voltage for the human body itself would > be much less than 10000V -- most of the voltage will be taken by resistors > themselves. It depends on several things. It is possible using the right combination of frequency and voltage (ie Tesla Coil) to have literaly millions of volts running over your body with no effect. There is an effect of electricity, The Skin Effect, where as the frequency and voltage rise the actual flow of electrons moves to the outer surface of conductors. There is little or no rf current flowing in the center of the wire. Jim Choate From alano at teleport.com Fri Jul 19 23:20:01 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 20 Jul 1996 14:20:01 +0800 Subject: [noise] Re: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960719223454.00aedf1c@mail.teleport.com> At 03:49 PM 7/19/96 -0500, you wrote: >ObCrypto: how about putting an [anti-tank] mine inside your computer. >When ninjas try to get to your files, the computer and [depending on >your bloodthirstiness and load of explosives] ninjas will get >destructed. Has anyone ever done that? Sounds like an interesting way to secure a remailer. (Especially against Scientology raids. "This remailer will self-destruct in five seconds." *BOOM*) There was a case locally where some idiot booby-trapped his cache of weapons and explosives. Seemed a wee bit self-defeating. (Blew all of his explosives all over the place when it finally went off. No one was hurt, but it spread grenades and other choice bits all over the place.) The local kids got alot of souveneers out of that one... For more information on these and other ultimate chaotic acts, check out _Agent of Chaos_ by Norman Spinrad. This and other books of an anarchist nature are available from your local library. --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From sandfort at crl.com Fri Jul 19 23:20:09 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 20 Jul 1996 14:20:09 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 19 Jul 1996, David Sternlight wrote: > At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote: > > >Allow the government to think that we think it has the right to give > >us their permission and we've lost everything. The government should > >need OUR permission, not the other way 'round. > > ...This is a (as far as it goes) a democracy, not a 'Llewyellyn > and those who agree with him' dictatorship. Actually, for what it's worth, this (meaning the US) is a Constitutionally limited democratic republic, NOT a dictatorship of the majority, the proletariate, etc. That has been tried and failed too many times to mention. Read the Ninth and Tenth Amendments to the Constitution for further enlightenment. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From llurch at networking.stanford.edu Fri Jul 19 23:21:58 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sat, 20 Jul 1996 14:21:58 +0800 Subject: Netscape In-Reply-To: <199607191626.SAA09380@basement.replay.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 19 Jul 1996, Anonymous wrote: [on hacktic] > netscape-fts2-hp10.tar.gz Fast Track Server 2.0 for HPUX10 > netscape-fts2-nt.exe Fast Track Server 2.0 for WinNT > netscape-hpus-30b5.tar.gz Navigator 3.0b5 for HP-UX > netscape-linux-30b5.tar.gz Navigator 3.0b5 for Linux > netscape-ssl30-src.tar.gz SSL 3.0 source code > netscape32us-30b5.exe Navigator 3.0b5 for Win95/NT And thus it begins... I think it's a bad idea to provoke the TLAs like this, but I suppose it's inevitable. (But doesn't anyone use Macs or Suns?) Fight for the spin: "Since Netscape isn't allowed to sell its software overseas, people are going to pirate it, thereby losing the US o' A both technology and money." > By the way, is it possible to get a certificate for the > Fast Track 128 bit servers outside of north america? Why would you want one when the source for Apache-SSL is available? Besides, it's a Serious Copyright Violation, said with minimal irony. This whole thing isn't Netscape's fault; in fact, they're doing their best to be the good guys. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfAfZZNcNyVVy0jxAQGCgQH9EH+19if1GlnbPW/RwRmMEC3N9lUnVb3v EfDcMAyRa2xA9ud9JLmChVio9McBkE/8Hkvj0dj6IOpnVni+GjoX8Q== =88i4 -----END PGP SIGNATURE----- From harka at nycmetro.com Fri Jul 19 23:36:55 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Sat, 20 Jul 1996 14:36:55 +0800 Subject: Responding to Pre-daw Message-ID: -=> Quoting In:hua at chromatic.com to Harka <=- > > If you want to own guns then you should accept the fact that you risk > > having your head blown off in the middle of the night by a SWAT team. > > Just as the car has introduced the risk of being killed in a trafic > > accident the gun has introduced new risks. If society dosen't like the > > risks then it can opt to ban the technology. > > Except that getting killed in a traffic accident IS an accident (mostly :) > while having black clad Fed's storming into your house was _consciously_ > decided by them, because THEY have a problem with YOUR guns (?!)... In> I think the original point was that they MIGHT storm into your house In> by mistake (say, because they incorrectly accepted a informant's In> story). Therefore, it is truly a mistake. Well, not really. It would be severe case of neglegence which is not the same as a mistake. When you drive, you have to prove that you know what you are doing by getting a driver's licence. If you are a SWAT guy and some informer would come along and say "This and that person is a terrorist, I know for sure" and you go into that house and shoot everything that moves, well, doesn't sound much like an accident to me... Harka ___ Blue Wave/386 v2.30 [NR] From hua at xenon.chromatic.com Fri Jul 19 23:39:11 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 14:39:11 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids) In-Reply-To: Message-ID: <199607192139.OAA23712@server1.chromatic.com> > > the price of freedom of mind is a minor restriction on your personal > > freedom, you won't be allowed a weapon either but that is the tradeoff. > > Thanks, but if it is all the same to you, I'd rather live > in a country where everybody << including six year olds >> > carry, and can use Uzi's, etc, as a matter of course. Oh my ... you aren't serious, are you? I suspect you might be baiting ... but ... If you can trust a six-year-old with an Uzi, I assume that you believe the six-year-old can "properly" judge what is a threat and what isn't? Just why do you suppose a pissed-off six-year-old (because, let's say, another six-year-old stole his lunch) would not blast someone? Would you just hand out guns to all teenagers? You might have had a different childhood, but when I (and most of my friends) were 6 (or 12 or even 18), our primary concern was having fun, avoiding stuff we don't like (like homework), attracting females (or males, as the case may be), attracting attention in general, avoiding being one-upped (in conversation or in sports or otherwise) but always on-upping someone else, ... Oh ... and ice cream ... but that was mostly me ... most of my friends wanted candy. No where in this list of high priority items is respect for human life, peace and brotherhood among mankind, end world hunger, etc ... There are very good historical reasons why 18 and 21 are reasonable (though sometimes conservative) guesses at the age of maturity, responsibility and consent. If you are not killing someone else because they (may) have an Uzi, I think, sooner or later, you will figure out a way to kill him before he can pull it out. This means that a group of 1000 KKK members will kill a group of 10 blacks due to overwhelming force. One principle in the Constitution (which I personally respect very much) is that a majority should not force its views on a minority. Incidentally, if you are interested, I DO have a child (almost 2 yrs), and I certainly would not even contemplate letting him have a gun (no matter how well he can use it) until he can legal get one himself. I will certainly invoke serious wrath (on him and anyone else involved) if I ever found him with a gun. By the way, would you let a 6 year old drive? or fly? (Assuming that they are physical capable and trained to do such.) Ern From a-billol at microsoft.com Fri Jul 19 23:41:24 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Sat, 20 Jul 1996 14:41:24 +0800 Subject: Reverse Engineer Message-ID: > >What do you mean by "reverse engineer?" I have heard this word several times >especially in the world of hacking, but... can someone tell me what it really >meant? Reverse engineering is process of 'mimicking' the specifications of another product by copying the 'abstract interface' of it. Example: I write a desktop application that greatly increases employee productivity, and it sells like hotcakes. Another company decides that I am gaining too much market share with my product and decides to reverse engineer the product so that they can create a competing product. They hire an engineer who takes the program and analyzes the input and output with a detailed script of test patterns (heaven forbid he might even decompile the program and snoop). By doing so, he now has a complete product specification minus the implementation (i.e. how it works). He then takes the product specification and gives it to another engineer (actually it's done through 'clean' liaisons) who then creates a product that does the exact same thing as mine--but with a different implementation process. Because the product copies the specification and not the implementation, it does not infringe on copyrights or patents. From tcmay at got.net Fri Jul 19 23:45:36 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 14:45:36 +0800 Subject: Don't "Rush" to Judgment Message-ID: At 11:51 PM 7/19/96, Hallam-Baker wrote: >The people of the USA fortunately disagree. Its no coincidence that Limbaugh >has been unable to continue his tv show after his coverage of the OKC bombing. Gee, Phill, you might want to hire a new fact-checker, >From the latest issue I have of the Usenet Limbaugh Newsletter: "LIMBAUGH WATCH "July 16, 1996 - It's now 1336 days after Bill Clinton's election, but Rush is still on the air with 650 radio affiliates (with more than 20 million listeners weekly world-wide), 234 TV affiliates, and a newsletter with more than 500,000 subscribers." If you simply make up your facts, say so. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Sat Jul 20 00:15:24 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 20 Jul 1996 15:15:24 +0800 Subject: Filtering out Queers is OK In-Reply-To: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 19 Jul 1996, Troy Denkinger wrote: > We have an interesting problem here, though. You say that the government > has no right to tell you how to set your filter; no doubt about that, imo. > However, most people who use these filters are going to be quite happy to > allow some corporate entity the privilege of setting their filters for them > and, if the consumer should ask about criteria and such, they are told that > that's a trade secret. So, people will be allowing a corporate entity that > exists for profit to set their filters for them. This is a very scary thing > and perhaps even more frightening than having the government do it. I think > that the people on this list tend to maintain a healthy scepticism toward > the various TLAs, but we have to remember that a large, multinational > corporation has not even got a sense of a greater "national good" or even > "national security" to guide it. However, parents are free not to purchase filtering software that claims that their criteria is a trade secret. I don't see this as a threat at all. The parents who refuse to buy this software don't have to worry about the filtering software preventing little Johnny from visiting a site that has information on homosexuality or subscribing to a computer science mailing list (which are apparently blocked by some filtering software for some reason). - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMe/8b7Zc+sv5siulAQGerAP+IWpgJ6hpbKOZcs1TPZwYLIqQLG+LccPD nOMKVKmgMndzywuqO1lg59+VX2cA2qODwQ6SjQQ+gG2eImD6nPsPpD8Q/7D1hlHW JhpPjp2UFt/xL3FtYG9/g2/4mYHx7Z0xVl51BNPHDiBMnyaskTzdk0yV2Tpo2T/8 EovM30/Lx2Q= =qGzJ -----END PGP SIGNATURE----- From hua at xenon.chromatic.com Sat Jul 20 00:17:12 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 15:17:12 +0800 Subject: Responding to Pre-daw Message-ID: <199607192233.PAA24315@server1.chromatic.com> > > If you want to own guns then you should accept the fact that you risk > > having your head blown off in the middle of the night by a SWAT team. > > Just as the car has introduced the risk of being killed in a trafic > > accident the gun has introduced new risks. If society dosen't like the > > risks then it can opt to ban the technology. > > Except that getting killed in a traffic accident IS an accident (mostly :) > while having black clad Fed's storming into your house was _consciously_ > decided by them, because THEY have a problem with YOUR guns (?!)... I think the original point was that they MIGHT storm into your house by mistake (say, because they incorrectly accepted a informant's story). Therefore, it is truly a mistake. That said, it is still not justifiable for a SWAT team to FORCE a situation where they may necessarily be in physical danger, and therefore, are forced to respond with overwhelming force when the target may reasonably be innocent. Worse yet, the bureaucrats, whose asses are on the line when a tragic mistake occurs, will rarely, if ever, admit to any wrongdoing. They may be forced out, at worse; there may be a symbolic verbal lynching in front of the Congress, but that would be about it. If such a tragedy were to occur to me, and I were to survive, I would want the responsible PERSONS fully acknowledge their mistakes (and be properly punished). It is a travesty of justice to blame a no-name, faceless "system" as was done in the well-known recent cases (whether or not the target was ultimately found guilty of any misdeeds). Ern From stewarts at ix.netcom.com Sat Jul 20 00:27:13 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 20 Jul 1996 15:27:13 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) Message-ID: <199607200439.VAA10181@toad.com> At 03:27 AM 7/19/96 -0700, you wrote: >Roy M. Silvernail wrote: >> Anyone sniffing the link >> knows the filename from previous forms submissions, anyway. > You can't sniff the link, since the form submission and the > file download are via SSL. Presumably 40-bit RC4 for most users? :-) (It is still strong enought to reduce casual eavesdropping....) # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From jti at i-manila.com.ph Sat Jul 20 00:27:32 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Sat, 20 Jul 1996 15:27:32 +0800 Subject: Firewall Penetration Message-ID: <01BB75F4.8F028E40@ip160.i-manila.com.ph> Is it possible to penetrate a firewall? From aba at dcs.ex.ac.uk Sat Jul 20 00:30:12 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sat, 20 Jul 1996 15:30:12 +0800 Subject: Opiated file systems In-Reply-To: <199607191718.NAA04087@unix.asb.com> Message-ID: <199607191806.TAA00542@server.test.net> Rob writes: > On 18 Jul 96 at 11:01, Adam Back wrote: > > > For plausibility it would probably be best if very few people used the > > duress key feature. > > And how can you guarantee that? User apathy, people not reading documentation, documenting it as an advanced feature... etc. How many people actually generate a PGP key revocation cert in advance in case of losing the key for instance? > Also: an attacker doesn't care about what percentage of (other) > users use duress feature of not. His concern is whether you use it. Good point. But what other data does the attacker have aside from how many others do? Even knowing how many others do would be tricky.. are they telling the truth when they say they aren't? > Note that you'd have to be careful of what you say and do over email > in the clear (or encrypted to someone cooperating with an attacker): > if you post an excerpt of source code or maybe somehting like > Edupage, or if you save mail, there might be reason enough for the > attacker to expect to see some of that on your encrypted fs after > he's rubber-hosed your key from you. If he doesn't, and he knows you > have a possibility of using the duress-key feature... Smart analysis, yes you'd have to be very careful to partition the way you used the two file systems. You'd have to pretend that the 2nd partition did not exist when comunicating with any one who you didn't trust. Perhaps you could have some assistance even... making the duress file system read only when you have the hidden fs mounted as an option to remove the chance of accidentally copying something from the hidden fs that you couldn't (otherwise) explain being your possesion? Someone cooperating with the attacker could be tricky though, ultimately there's not much you can do about infiltration aside from always using a nym for correspondence to do with your hidden persona which goes with your hidden fs. > Oh yeah. Psychology is a good way of determining the likelihood of > using a duress system. Hmm, the psychological aspect of your plausible deniability. Don't think cryptographic protocols can do much about that. > With the extra work and overhead of a duress system, you're better > off using stego on some gifs or graphics files. But I don't think stego solves your whole problem: you still have to have software to access the stegoed data. Where do you store this? Nearly back to square one. (If the answer is on a floppy this applies equally to a duress file system). The one advantage of stegoed data is that you expect the least sig. bits in image files to be random, where-as you don't expect the LSBs in unused space (even in encrytped file systems once you're inside the encryption layer) to be random. However the disadvantage is 8 - 24 times reduction in space efficiency. (Your earlier point). Adam From Your_Pal at IConNet.COM Sat Jul 20 00:30:51 1996 From: Your_Pal at IConNet.COM (Your_Pal at IConNet.COM) Date: Sat, 20 Jul 1996 15:30:51 +0800 Subject: WORD Mail: A Part of Our Lives... Message-ID: <199607200324.XAA17883@icon35.iconnet.com> It's our birthday. Come blow out the candles at . Love, The Word Staff From geeman at best.com Sat Jul 20 00:31:45 1996 From: geeman at best.com (geeman at best.com) Date: Sat, 20 Jul 1996 15:31:45 +0800 Subject: NSA response to key length report Message-ID: <01BB75C4.B64C15A0@geeman.vip.best.com> What I don't get is why the "report" is so semi-literate? The grammar errors are curious given the supposed source; it even makes me a little skeptical as to the source. My take on the bit about "high processing speeds -> I/O bound" isn't that they're talking IPC, but bus timing (??) I don't have the original paper handy and I don't recall what the proposed processor speeds are. "Total exhaust time" --- is this truly as meaningless as it sounds? ---------- From: Matt Blaze[SMTP:mab at crypto.com] Sent: Friday, July 19, 1996 2:10 PM To: Ernest Hua Cc: cypherpunks at toad.com Subject: Re: NSA response to key length report Ernest Hua writes: > > It sounds like most of their "counter-arguments" are just stalling tactics. > > If you are a lawyer for someone you know is guilty, you still would choose > to find every reason in the book to attack the prosecution's case. Here we > have precisely the same effect with the NSA. Any tactical manuveur to keep > stalling the impending collapse of ITAR. > > (It is human .. er .. rather .. bureaucrat-esque to claim innocence in the > face of overwhelming evidence of guilt.) Particularly impressive is that our key length report was hardly above criticism from several angles, but their rebuttal managed somehow to avoid them. What I find most disturbing about this is that their report was provided secretly to policymakers in the administration and in Congress, without independent technical review that would have quickly exposed the fallacy of the arguments. I never would have seen it had several of the recipients not faxed it to me. This is the first hard evidence I've seen of NSA providing anything less than the highest quality technical analysis to other parts of the government. A non-specialist reader would be easily misled by the technically dense, but completely irrelevant, "rebuttal". It smacks of either ill-informed sloppiness, or, perhaps worse, self-serving disingenuous cynicism. Either conclusion is scary, and, to me in fact, quite surprising. -matt From harka at nycmetro.com Sat Jul 20 00:39:52 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Sat, 20 Jul 1996 15:39:52 +0800 Subject: MSNBC and cookies Message-ID: -=> Quoting In:tcmay at got.net to Harka <=- In> patrons, the Web Awareness Program tracks user interests at Web sites. In> The WAP has already allowed the FBI and other intelligence agencies to In> check up on several people who appeared to have an unusual interest in In> the TWA 800 case. In> (Don't spend too much time in certain sites, friends.) Or be there 'anonymized'... (http://www.anonymizer.com) Harka ___ Blue Wave/386 v2.30 [NR] From mpd at netcom.com Sat Jul 20 00:40:17 1996 From: mpd at netcom.com (Mike Duvos) Date: Sat, 20 Jul 1996 15:40:17 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: <199607191957.MAA03907@netcom14.netcom.com> David Sternlight writes: > This is simply incorrect. It is a supportable advocacy for > most adults, but children's minds tend to be like > sponges--everything they take in (up until a certain age) is > thought to be true, interesting, worth experimenting with, > based on authority, etc. Read Piaget. Piaget was very good at "proving" how fundamentally different the minds of children were from those of adults, and at constructing elaborate webs of complex terminology and doctrine to support his notions. Unfortunately, his experiments suffered from obvious flaws. I recall one in which he trained a child to relate the terms "more" and "less" to whether the same amount of fluid was poured into a taller or shorter container. Piaget concluded that this demonstrated that children have no quantitative skills. Others had a less flattering description of the research, and realized that all Piaget had accomplished was to teach his subjects incorrect meanings for a few common words. Similar defects can be found is most of his other constructs, and better designed experiments do not demonstrate the effects he claimed. > What is more, a parent can't watch them every second while > they're on the net, nor will they ask all the questions they > should about certain material they see. I'd no more permit > young kids to view gay or bestial or porno sites on the net > than I'd let them view propaganda for how good pigs taste > (unsupervised), if I were an orthodox Jew. Again, we are applying a standard to the Net which has never been applied to libraries. Any orthodox Jewish child can read all he or she wants in a library about the wonders of pig-eating, without any possibility of parental supervision or disclosure of their un-Jewish interests. But it is now being advocated that on the Net, no child has a right to view even a syllable of any information their parents do not want them to see. While gay or bestial sex is frequently the excuse for such antics, it is clear that parents will be using this new technology to impose a level of control over their childrens' minds which has heretofore never been possible. This should worry us all. > When they've passed the developmental stage (I rely on the > experts in this field for that determination) where they > have independent critical judgement and the security to > exercise it, THEN I would open up their horizons. Generally, very young children do not have the neural wiring in place to suspend emotional reactions to imagery based on intellectual considerations. Seeing an picture of someone being hurt in a movie causes them the same emotional pain as seeing someone hurt in real life, even though they may know perfectly well that the former image is fictional in nature. Almost all children develop this important critical faculty by the age of 12, by which point, they manage to only be sickened by the evening news, and not by the latest "Nightmare on Elm Street" sequel. While limiting the "horizons" of persons in their middle to late teens is often justified by arguments about developmental stages, the truth is that it is simply an attempt by their keepers to control how they think and to what views, mostly political and social in nature, they are exposed to. > I speak as a father who has raised four children who turned > out to be independent beings to successful adulthood and > families of their own, not as a theoretician. Do they troll on Usenet too? :) From perry at piermont.com Sat Jul 20 01:04:00 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 20 Jul 1996 16:04:00 +0800 Subject: take the pledge Message-ID: <199607191606.MAA04690@jekyll.piermont.com> Look, folks, we all know that 99% of what David Sternlight posts is garbage. Why don't we all pledge not to answer any of his posts, and then he'll go away. If necessary, someone can be appointed to post a weekly "the views expressed by David are junk and we are deliberately not replying to them directly" message. David has plenty of places to argue with the wind. We don't need to add this one. I'd like to ask people to publically pledge that they will not reply to David's messages. This is such a pledge. Perry From tcmay at got.net Sat Jul 20 01:06:11 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 16:06:11 +0800 Subject: Government = Obscenity? Message-ID: At 6:00 PM 7/19/96, Declan McCullagh wrote: >This move by Singapore to censor a newsgroup posting is a good example of >the overbreadth of government censorship. It's a bait-and-switch maneuver: >say you're going after porn but censor "offensive" speech. I'm surprised Duncan has not come forth with one of his patented "My Dad says..." comments, so I will emulate his style. Imagine a child refusing in school to do an assignment that involves connecting to various government Web sites... "My Dad says government is obscene, and that I'm not old enough yet to look at obscenity." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sat Jul 20 01:07:57 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 16:07:57 +0800 Subject: High Voltage Management Message-ID: At 1:34 AM 7/20/96, Igor Chudov @ home wrote: >jim bell wrote: ... >> I've had a substantially better idea. Hang carbon-fiber bundles from the >> ceiling, which are charged to about 10,000 volts when an intrusion is >> detected. They'll glom onto anything conductive within their range, and >> anyone with the bad fortune to be breaking into the house at that moment >> _might_ live to regret it. (resistors could be added to limit the current >> to non-fatal but exceedingly painful levels. > >It the voltage is 10000 volts, it is always fatal, right? And if you set >good enough resistors, then the voltage for the human body itself would >be much less than 10000V -- most of the voltage will be taken by resistors >themselves. > >Right? Right! 10,000 volts is always fatal. In fact, I died many times during my high school days, playing with 20,000 volt neon sign transformers, 100,000 volt Tesla coils, and (gasp) 250,000 volt Van de Graaf generators. (By the way, the neon sign transformer was actually pretty dangerous, and my handling of it was careless, I now see. Be careful when you convert one of these into a Jacob's Ladder, or use it for plasma studies.) However, maybe the a.c. nature of some of these voltage sources revived me on the "reverse" cycle. (The V.D.G. is not a.c....so this blows this theory.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sopwith at redhat.com Sat Jul 20 01:11:54 1996 From: sopwith at redhat.com (Elliot Lee) Date: Sat, 20 Jul 1996 16:11:54 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607200134.UAA01969@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 19 Jul 1996, Igor Chudov @ home wrote: > > It the voltage is 10000 volts, it is always fatal, right? And if you set > good enough resistors, then the voltage for the human body itself would > be much less than 10000V -- most of the voltage will be taken by resistors > themselves. > > Right? Wrong. What kills is not voltage but current. That is why you can safely recieve a static shock (on the order of thousands of volts, but microamperes) and yet still be killed by ordinary AC power (110 volts here, a whole lot of amps available :). - --Elliot -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfBqGiaSlK8942+NAQGVXAQApub7Av5NJhhaT+GFvPrdWsjKdRKkciCn waOH51N6J2WvyZHUIrw8amxFBHmjEGIdu9Bx0yngYh7U+ijW4aCP5bOrzf8WYlla zodx6J+4N6aNYFj1q0gt9QRfrQKN4O3/mp8gx6EsyZJfco7/PR1V7MjWR3qzzOng qpCqPquGoXo= =Nujf -----END PGP SIGNATURE----- From gimonca at skypoint.com Sat Jul 20 01:19:11 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Sat, 20 Jul 1996 16:19:11 +0800 Subject: BIG_dif (fwd) Message-ID: Forwarded message: > Date: Fri, 19 Jul 1996 12:59:14 GMT > From: jya at pipeline.com (John Young) > > 7-19-96. NYP: > > "AT&T and Wells Fargo Investing in an Electronic Cash > Card." > [etc.] > Because of these concerns, Mondex has been modified in > the United States so that banks will be able to track > card use. That will allow them to audit for fraud, if > not recreate every transaction. Data from Mondex cards > will be used for various product marketing. > In other words, they took a bad product and made it worse. From perry at alpha.jpunix.com Sat Jul 20 01:24:41 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Sat, 20 Jul 1996 16:24:41 +0800 Subject: The PGP keyserver at jpunix.com Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The PGP keyserver at jpunix.com is temporarily shut down due to technical difficulties. For some reason, it won't process keys without failing. I suspect a corrupted keyring. I'm expecting to FTP a new master keyring shortly. Please be patient and I apologize for any inconvenience. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfBasVOTpEThrthvAQGffwP/f1PuovMRixg58kFedhDQ8+ioX4MMgYo+ AKi0wK2TW10iswaqLm6Q2CV0rh+D2p2Ao8SgYaxoCV8qNgF+qssx8B84zKeq8xWI gGtX3qPhW1VCcyv6czCP+F2QOtmxPquHDhis62XMeI4RoFMj20fdcmTycHEQAZZp CflWX30YH5Q= =ZX9n -----END PGP SIGNATURE----- From david at sternlight.com Sat Jul 20 01:27:53 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 16:27:53 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: At 1:49 AM -0700 7/20/96, Timothy C. May wrote: >At 6:42 AM 7/19/96, snow wrote: >>On Thu, 18 Jul 1996, Doug Hughes wrote: >> >>> If people break into my house with the element of surprise wearing >>> all black in the middle of the night, they have the element of surprise >>> FIRMLY on their side.. I'd have to believe that reaching for a gun >>> was the most stupid thing I could do in the entire world in this sort >>> of circumstance. >>> "You'd be right, but you'd be dead" - Dr. SNMP >>> If you don't reach for a gun, at least you have the 'chance' for >>> restitution on your side. If you're dead, you have no options. >> >> If you are trained a certain way, you _are_ going to reach for >>a weapon, and hell, at least then my kid will have enough money to go to >>whatever college she wants. > >Snow is absolutely right! Surprised in the night, with no clear >identification of the entrants (and yelled "Police!!" claims are used by >home invaders, so I would not trust this anyway), a trained person will >instinctively reach for his weapon. > >I again ask what was so wrong with the "You are surrounded. Come out with >your hands up." routine of years past. Probably something to do with flushing dope down the toilet, or destroying evidence. Perhaps it's too much to expect them to disconnect the sewer line and hit your interior with a water hose and an electricity cut-off before raiding it. David From sopwith at redhat.com Sat Jul 20 01:31:28 1996 From: sopwith at redhat.com (Elliot Lee) Date: Sat, 20 Jul 1996 16:31:28 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607200036.RAA15172@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 19 Jul 1996, jim bell wrote: > > I've had a substantially better idea. Hang carbon-fiber bundles from the > ceiling, which are charged to about 10,000 volts when an intrusion is > detected. They'll glom onto anything conductive within their range, and > anyone with the bad fortune to be breaking into the house at that moment > _might_ live to regret it. (resistors could be added to limit the current > to non-fatal but exceedingly painful levels. Cutting off the power supply would render this method useless very quickly. Oh, so you are going to use batteries? That "when an intrusion is detected" part sounds rather interesting... Wouldn't be too hard to either befuddle. The point is: - You cannot be alert at all times. - Even if you can, you cannot cover all possibilities with a 100% ensurance of safety. IOW, if a 'pre-dawn unannounced ninja raid' [sic] occurs on you, you are pretty well beat, if only because the other side knows what they are doing and you have no idea of their plans. The only protection against lawlessness is not lawlessness, it is reason. - -- Elliot -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfBpeCaSlK8942+NAQH3cQQAz3gcbfA+qjNuAA9BteO7lxAEKO8QMV9o vlunLDuZFQtWSVLvhcRR6GDw4gRfxeIswzVAqMIvcQ1vrwCYkhlctA1Thaoep16a EX95eQ3Os9W24WIVUSW5e16AWczHEzLBeiVX0TBHN+Pqx8JuN5WHOH6yY/+txNht C287kJI+4Sw= =9/er -----END PGP SIGNATURE----- From AFDA2 at aol.com Sat Jul 20 01:32:31 1996 From: AFDA2 at aol.com (AFDA2 at aol.com) Date: Sat, 20 Jul 1996 16:32:31 +0800 Subject: Crim Law Message Board Message-ID: <960720010442_580798506@emout08.mail.aol.com> Criminal defense attorneys are welcome to use the new message board located at the web site maintained by the Association of Federal Defense Attorneys (AFDA), located at http://www.afda.org The message board was installed on Friday, July 19, and it's there to serve the interests of the defense community. The board should be used strictly for professional purposes, to exchange ideas on the law, ask colleagues for input on strategies, share views or inquire about government agents and witnesses, and so forth. No personal or social conversation, please. You are also welcome to join AFDA online by clicking the "Join AFDA" bar on the home page of the web site. System Operator email to: Operator at afda.org From adamsc at io-online.com Sat Jul 20 02:14:45 1996 From: adamsc at io-online.com (Chris Adams) Date: Sat, 20 Jul 1996 17:14:45 +0800 Subject: Opiated file systems Message-ID: <199607200558.WAA12898@toad.com> On 19 Jul 96 22:31:16 -0800, dfloyd at IO.COM wrote: >> A) Only accept files with valid PGP signatures from accepted keys - this >> is one area where PGP's commandline interface is a plus - just write a >> batch script. Demand that a separate file be sent first, signed by a >> certain key. This file would contain valid filenames for the rest of the >> session. If a non-listed file is sent, kill the session. This could all >> be automated with a simple program. You could probably even use SSLs and >> similar to do it on a website if you could swill the PGP bit - maybe a >> plugin? > >This defeats the purpose of the data haven. If I did stuff like that, >then why not use McAffee's WebStor, where you FTP files over to your >personal "vault"? What I was trying to propose was that you provide a key for usage when they first initiate usage of your site. They could then use that key to send stuff to you. Neither party needs to know who the other person is, merely that he is using the agreed upon key. This would let you revoke the keys of offenders. >> B) bounce trash back. > >If someone is shipping through a remailer, how would that help? I'm assuming most remailers allow 2 way traffic. Alternately, just send email to the remailer operator. Rather than get spammed by the bounceback, he would probably block that site from sending to you... (Or revoke their account entirely) >I plan to make this as anonymous as possible. Reason? Everything else is >just posing. I was intending this to be a place that one could be assured >of anonymity -- the data haven doesn't even know if the user can use PGP. I was using PGP as an example. If you really want portable, use that Java PK library and write a custom frontend for it. You just need to use an agreed upon key for verification. Now, if they wanted, a secure method might be using PK-aware remailers - pk channel from you to remailer, using your keys, pk channel from remailer to them, using their keys. This would let you exchange a key securely... Of course, it would involve trusting the remailer operator, but you'd have to do that anyway. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From tcmay at got.net Sat Jul 20 02:59:33 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 17:59:33 +0800 Subject: American People the relation to the Police Message-ID: At 1:38 AM 7/20/96, Jim Choate wrote: >I disagree. This country fought two wars of liberation (you forgot about >1812) and a civil war to discredit this thesis in relation to a Democracy >founded upon individual liberty. It is no coincidence that the Tree of Liberty Well, to many of us, the wrong side won the War of the Rebellion (aka the Civil War, aka the War Between the States, etc.). A bunch of southern states wanted to seceed, which my reading of the founding documents said was clearly an option if sentiment was strong enough in that direction. Constitutional scholars of course debate this, and I've seen arguments that the documents eventually agreed to in 1789-90 in some ways undercut this "right" to seceed. I think this to be untrue, and that the signers of the Declaration and of the Constitution would be surprised to learn that they were signing a one-way, unreversible, no way out document, binding their communities to be part of the United States of America forever, even if their populace clearly wants out. So, the wrong side won. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pgut001 at cs.auckland.ac.nz Sat Jul 20 03:00:29 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sat, 20 Jul 1996 18:00:29 +0800 Subject: Making encoding out of an authentication cipher Message-ID: <199607200530.RAA17573@cs26.cs.auckland.ac.nz> Green alien space slime made ogren at cris.com ("David F. Ogren") write: >1. It is slow. This method would appear to be approximately the speed of >MDC. And MDC (using SHA, what appears to be the most secure hash) is (very >roughly) 5 times slower than Blowfish and 3 times slower than IDEA. And >although MDC is faster than 3DES in software, 3DES could easily outpace MDC >in hardware. It depends. On a PC (the most common type of computer hardware) you're limited by the bus speed. Most encryption cards are still ISA (so far I've managed to find a single PCI DES card, everyone is still shipping ISA cards because they're the lowest common denominator). This means that even with a 15 MB/sec DES chip you can't get more than 1 MB/sec throughput. I think the breakeven point for MDC/SHA vs the ISA bus is either a P5/90 or a P5/100 (I don't have access to either of them to check this right now). This isn't just for MDC, virtually anything on any recent PC is faster than the ISA bus (in fact from Eric Youngs libdes figures there are CPU's which will do software 3DES faster than hardware 3DES on an ISA bus). Peter. From david at sternlight.com Sat Jul 20 03:01:09 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 18:01:09 +0800 Subject: take the pledge In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com> Message-ID: >> Look, folks, we all know that 99% of what David Sternlight posts is >> garbage. Perry is notorious for posting garbage and the above mote in his own eye is a prime example. 99%? Let's see some data and specifics. I'm always willing to discuss substantive disagreements, presented civilly. It's pathetic that Perry, can't even make a rational counter-argument but has to resort to unsupported defamation. >Why don't we all pledge not to answer any of his posts, and >then he'll go away. Nobody compels you to answer any of my posts. Calling for a "pledge" and an organized boycott suggests you are afraid people won't agree with you without trying to make it "politically correct" to do what YOU want. Some freedom-lover you are. The truth is none of my points have been refuted by you, and being unable to deal with rational critical comment, you resort to this. Go for it. I won't mind, and the noise level will go way down, especially among the defamers, who don't respond with much substance anyway. David From blancw at accessone.com Sat Jul 20 03:21:56 1996 From: blancw at accessone.com (blanc) Date: Sat, 20 Jul 1996 18:21:56 +0800 Subject: MSNBC and cookies Message-ID: <01BB75CB.92B27380@blancw.accessone.com> From: Hal I find that MSNBC is now working OK without cookies. I tried off and on during the day today (Friday) and last night and it didn't work, but it is working OK now. I can get in with lynx or with my cookie-blocked Netscape. I sent them a nasty letter this afternoon complaining about it so either that may have helped or it is obsolete. Maybe it was just a glitch? ...................................................................... I think that's probably what it was -- they also had some initial problems with the cable broadcast. .. Blanc From frantz at netcom.com Sat Jul 20 03:33:34 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 20 Jul 1996 18:33:34 +0800 Subject: Netscape download requirements Message-ID: <199607200634.XAA15478@netcom8.netcom.com> At 8:44 AM 7/19/96 -0400, Peter D. Junger wrote: >(I do want to thank Netscape--and especially Tom Weinstein who tried >to give me a lot of assistance--for making the downloading possible. >On the other hand, I certainly don't think that we owe any thanks to >the government agencies that made all this rigamarole necessary.) I echo Peter's thanks. Netscape is helping us demonstrate a market for strong, non-GAKed crypto. This market exists in spite of what the GAK fans say. If the American people carefully considered the issues of GAK, I strongly believe they would come down on the side of privacy, and not on the side of total government access to communication. That is why our government is trying so hard to institute GAK thru international treaty, the path with the least public input and scrutiny. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From blackavr at aa.net Sat Jul 20 03:33:48 1996 From: blackavr at aa.net (Michael Myers) Date: Sat, 20 Jul 1996 18:33:48 +0800 Subject: High Voltage Management Message-ID: <2.2.32.19960720063533.007255cc@aa.net> At 04:30 AM 7/20/96 -0700, Timothy C. May wrote: >volt Van de Graaf generators. (By the way, the neon sign transformer was >actually pretty dangerous, and my handling of it was careless, I now see. >Be careful when you convert one of these into a Jacob's Ladder, or use it >for plasma studies.) Been there. Done that. Bad idea to have the Jacob's Ladder out as "atmosphere" for a party, especially one where alcohol is available... "Hey, that's pretty cool...what is it?" "It's a Jacob's Ladder...careful...it's hot." (Time passess...Darwin and Jack Daniels intervene) BZZZZZT! "Yeow! That thing burned me!" "Well, what were you doing?...I told you it was hot!" "Uh...I was trying to light my cigarette on it." -- /^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\ Michael Myers Vote Libertarian....you'll sleep better! Don't like abortion? Don't have one. Don't like guns? Don't buy one. blackavr at aa.net E-mail for PGPv2.6.2 public key \____________ http://www.aa.net/~blackavr/homepage.htm ________________/ From tcmay at got.net Sat Jul 20 03:40:44 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 18:40:44 +0800 Subject: Kellstrom Calls for DT Funding Message-ID: [File under the "be careful what you ask for" heading] At 12:58 AM 7/20/96, jim bell wrote: >At 02:33 PM 7/19/96 -0400, Duncan Frissell wrote: >>In a "briefing" on TWA 800 when one of the reporters tossed Big Jim >>Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a >>softball question about what he needed to fight terrorism; he took the >>opportunity to call for full funding of the Digital Telephony Bill. He said >>the usual about how bad guys conspire and we need to tap. > > >Too bad these people aren't required to show specific examples where the >"bad guys" got away as a result of their failure to be able to do wiretaps. I don't think asking for this evidence is a good idea. After all, there probably _are_ such examples. It stands to reason. But so what? The issue is not whether extensive wiretapping would catch certain conspirators and head off certain crimes, the issue is one of how liberal and free societies are to operate. Our system has frowned upon such Orwellian schemes as mandating that video cameras be placed in all residences and in all hotel rooms, regardless of whether certain crimes would be detected or deterred. The proper argument is not to demand proof of how useful such measures as the FBI would like to see are, but, rather, to focus on basic rights issues. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From david at sternlight.com Sat Jul 20 03:58:41 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 18:58:41 +0800 Subject: Reverse Engineer In-Reply-To: <199607191411.KAA06664@piglet.pooh-corner.com> Message-ID: At 3:05 AM -0700 7/19/96, elfgard at pooh-corner.com wrote: >> What do you mean by "reverse engineer?" I have heard this word several >>times especially in the world of hacking, but... can someone tell me what >>it really meant? > >Interesting question. >Hmmm... > >I would answer this question for you but then I would have to kill >you. > >That is basically like asking a car thief to tell yuo about how he >breaks into cars and what cars hes broken into lately. > >My suggestion to you is to pick up one of those MEGA lame books like >"What is a Cyberpunk!" and read that. It may not tell you shit, but >it will give you a broad understanding about what you want to know. This is such a smug, superior, put-off that I have to give the original questioner his answer. Reverse engineering means taking a product and from inspection and analysis, figuring out a way to duplicate it. Engineering is starting out with specs and coming out with the product. Reverse engineering is starting out with the product, coming up with specs and then duplicating the product. David From ichudov at algebra.com Sat Jul 20 03:58:44 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 20 Jul 1996 18:58:44 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607192049.PAA31477@manifold.algebra.com> > > I may be a little nuts, but does it strike anyone else that a good > self defense weapon against ninja raids would be a hand gernade? > Maybe not even a little:) I suggest wiring an anti-tank mine to your door every night. If ninjas break in, everyone goes to hell. No need to wake up and be alert in sleep -- all will be done automatically. So before that ninja raid you will sleep better. Or you can have a minefield in your backyard. ObCrypto: how about putting an [anti-tank] mine inside your computer. When ninjas try to get to your files, the computer and [depending on your bloodthirstiness and load of explosives] ninjas will get destructed. Has anyone ever done that? Have phun, - Igor. From dlv at bwalk.dm.com Sat Jul 20 04:03:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 19:03:22 +0800 Subject: Inventor of radio... In-Reply-To: <199607191414.JAA25284@einstein.ssz.com> Message-ID: Jim Choate writes: > > Hi all, > > I would like to correct a misconception about who is credited with the > invention of radio. Nikola Tesla has held the credit for the creation since > the resolution of the original lawsuit in the mid-80's. > > Tata. > > Jim Choate > > Forwarded message: > > > Subject: Re: Mail-order Ph.D.'s > > From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) > > Date: Fri, 19 Jul 96 07:37:24 EDT > > > > He also invented the radio, but Marconi+Popov stole the credit from him. > > You are gravely mistaken. Radio was invented by *Dr.* David Sternlight, Ph.D. (Both AM and FM.) E-cash, ecash, and e*cash are registered trademarks of *Dr.* David Sternlight, Ph.D., Ph.D., Ph.D., patent pending, all rights reserved in perpetuity. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Jul 20 04:03:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 19:03:28 +0800 Subject: Reverse Engineer In-Reply-To: <199607191530.LAA13859@apollo.gti.net> Message-ID: <46wBRD4w165w@bwalk.dm.com> Mark Rogaski writes: > : What do you mean by "reverse engineer?" I have heard this word several = > : times especially in the world of hacking, but... can someone tell me = > : what it really meant? > : > > Reverse engineering is the process of taking a piece of executable code, > be it a Win95 program or firmware for a cellular phone eeprom, and > running it through a disassembler. The disassembler converts the > machine code into assembly instructions. From there, a person with > a lot of spare time, a good understanding of compiler design, and a lot > of caffeine can translate the assembly instructions into a higher level > language (ie. C, C++, VisualBasic). The first part is easy (and writing > a disassembler is a good project for upper-level Comp Sci courses), but > the second part is a real bear and people with the knowledge and > drive to do it have my respect. Small correction: oftentimes one is trying to figure out the 'secret' algorithm used by the program, and that can be done by analyzing the assembler just as well. I did this a few times to break 'secret' cryptosystems. Certain programs encrypt their executable code and decrypt it at runtime to make reverse engineering more difficult. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From root at edmweb.com Sat Jul 20 04:05:25 1996 From: root at edmweb.com (Steve Reid) Date: Sat, 20 Jul 1996 19:05:25 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) Message-ID: >> Anyone sniffing the link >> knows the filename from previous forms submissions, anyway. > You can't sniff the link, since the form submission and the >file download are via SSL. How ironic. :> Remember why people are downloading the software in the first place. They only have eight-cent exportable 40-bit SSL. I'm sure the evil Iraqi terrorists (and other horsemen) are snooping the line, using their newly purchased PCs and FPGAs to crack the 40-bit crypto so that they can gain the wonderful advantages of 128-bit SSL, which will of course prevent wiretaps from working, thus aiding them in their terrorist attacks and bringing about the end of the world as we know it. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From adamsc at io-online.com Sat Jul 20 04:09:43 1996 From: adamsc at io-online.com (Chris Adams) Date: Sat, 20 Jul 1996 19:09:43 +0800 Subject: Opiated file systems Message-ID: <199607200456.VAA07195@cygnus.com> On 18 Jul 96 06:13:42 -0800, jimbell at pacifier.com wrote: >>1. Confiscate computer (along with physical drive) with duress-capable >>encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file >>system driver to figure out how the duress-key works, if there are >>multiple keys, where data is stored; 4. make sure you've rubber-hosed >>or subpeoned all passphrases or keys; 4a. if the system destroys data, >>you've got backups ("Very funny kiddo; now give us the real key...") >>4b. even if there are two filesystems, the attacker will want access >>to both, just to make sure... > >It has long occurred to me, considering the size and low power of the >typical 3.5" hard drive compared with the size of the typical house or >apartment, that it might be an interesting project to remotely connect such >a (hidden) drive to your computer using a reasonably surreptious link that >is difficult to trace. Say, an IR optical link, a single bare (unjacketed) >optical fiber, a LAN with hidden nodes, or a similar system. Maybe an >inductive pickup. In any raid, they'll have to decide what to take, and >chances are very good that they won't find every hidden item. Induction would be a good choice. Hmmm, how about using the house water pipes? (Or heater ducts?) Not only should they conduct water, it does offer the possibility of some VERY funny hiding spots. If you were seriously worried, you could even waterproof the drive (Enough epoxy and almost anything can be waterproofed ) and power it off of a turbine in the water pipe! I imagine hiding it in a septic tank would probably discourage searchers as well... Finally, I'd have a duress code (or emergency button or timer ... etc) wired up to a thermite charge. Might be a bit permanent, but certainly would come in handy. (hmmm. Wire it up behind an access panel in a heater duct. Set it so there are something like 15 screws that need to be unfastened to get to it, including some elsewhere. If it's done in the wrong order, WHOOSH) Oh, and did I mention that putting it in a (metal) duct or pipe would probably be enough to tempest shield a drive? (As I understand it, monitors are the least secure part of the system, followed by cpus.) In fact, it ought to be enough to throw off a metal detecter/search device as well. You could even leave a crudload of old MFM drives (20MB! wheee!) in similar spots as decoys... Put things like encrypted copies of the constitution, large scans of 4th ammendment plaintext, etc, on those... Ought to be at least irritating and it might be interesting to have them have to read that into record at a trial as well... BTW, I'd try a fiber-optic connector to the machine because 1) it's waterproof and you wouldn't have to be quite as paranoid about leaks, 2) it's far more secure, 3) it's faster and 4) it's probably impossible to trace like a metal wire (i.e. run current through and trace magnetic fields...). Put it in the usual snarl of wires (Cable TV, telephone - multiple lines of course, home intranet, etc) and it could be really nasty. Finally, if it was wired up on a home network, you could protect by carefully choosing your network architecture, hopefully getting one that allows hidden devices (i.e. only shows up on access attempts, perhaps only w/right password.) // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From wombat at mcfeely.bsfs.org Sat Jul 20 04:10:59 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sat, 20 Jul 1996 19:10:59 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: On Thu, 18 Jul 1996, Vinnie Moscaritolo wrote: > > Fighting back through firepower is unlikely to acheive the goal you want, > It endangers innocent (if there are any left) folks and leaves you looking > like a HCI poster child. I can see it now, "Crazed Naked Hippy Dies in > battle with Federal Officers, linked to ITAR regulated Munitions factory". > > A better approach is to disarm and expose these bozos for what they are, > and for christ sakes get out there and VOTE... dammit... and get your > friends to VOTE.. > My community had an accidental Ninja raid on the wrong house a year or so back; the local yokels inadvertantly raided the home of a secret service agent. Luckily, the agent was away, and only the wife and kids were home. Nobody started a firefight and nobody died. A lot of people ended up looking like bozos, especially the local swat team in their ninja-bunny-suits with no visable police i.d. whatsoever. The community outrage likely did more for personal freedom than a dead nekid hippie martyr armed with an HK could have ... - r.w. From chesnok at manifold.algebra.com Sat Jul 20 04:14:09 1996 From: chesnok at manifold.algebra.com (Dmitri Chesnokov) Date: Sat, 20 Jul 1996 19:14:09 +0800 Subject: Thanks to Prof. Sternlight for postings to CYPHERPUNKS Message-ID: <199607200538.AAA07597@manifold.algebra.com> > > Look, folks, we all know that 99% of what David Sternlight posts is > > garbage. Why don't we all pledge not to answer any of his posts, and > > then he'll go away. > > Thanks Perry for a great idea. Add my name to the list. It is not surprising that some members of cypherpunks mailing list failed to answer well-reasoned arguments of Prof. Sternlight. It is sad but not at all unexpected that some of us resorted to ad hominem attacks and attacked the person of Prof. Sternlight instead of trying to refute his arguments. It is reprehensible that after the ad hominem attacks failed to silence a progressive and socially-responsible scientist such as David, the same people are desperately trying to organize a boycott of his postings. This boycott and fake "pledges" IMPOSED on members of Cypherpunks list by those who were thought to have AUTHORITY on this list are contrary to the notion of freedom of speech. Dr. David Sternlight is undoubtedly one of the best experts in cryptography and Government Information Policy, who is generous enough to share his observations with us. We should thank you, David, for taking your time and helping Cypherpunks to reach new heights in our understanding of what should be the proper role of the government. Please continue posting to our mailing list. There are people who are interested in your views! We have seen how so called "scientific establishment" on usenet -- a bunch of "physicists" not known for anything but their intolerance to novel ideas -- tried and failed to silence Prof. Archimedes Plutonium. A real tragedy was prevented by a small number of freedom lovers like myself who supported Archimedes in his tough times. Protect freedom of speech! Do not let evil libertarians silence an opposition scientist! Dmitri Chesnokov. From ecgwulf at worldnet.att.net Sat Jul 20 04:16:37 1996 From: ecgwulf at worldnet.att.net (Llywarch Hen) Date: Sat, 20 Jul 1996 19:16:37 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.16.19960720081320.2427098c@postoffice.worldnet.att.net> Timothy C. May wrote: >If a black-clad ninja enters my house without warning, I'll have to react >the only way I know how, by reaching for my gun. I don't have the luxury of >freezing, exposing my neck (wolf-style), and hoping that the ninjas are >"just" the police. Sir, you are not allowing for just how incredibly stupid the cops are. When they show up at your house, it is all over. They've already decided that you are scum. You'd have us believe that you lie awake stroking your gun. You have not had the opportunity to look closely at the business end of a gun. The hole looks enormous. Come off it grandpa. This is not a fashion show -- 'black-clad' indeed. The one 'black-clad' character that comes to mind is the _Economist_ editor found dead last year on his kitchen table wearing a tight-fitting latex number who expired having sex with him/itself. Of course this says nothing about the _Economist's_ readership, except most likely in your case. Forget the crocodile pits and the other juvenile stunts. If you have the slightest bit of incriminating material (queer porn?) on your hard drive, you'll roll over in no time and give your pals to the cops. These assholes would rather shoot you than admit to a mistake. One bullet from one of them, and they'll all execute you on the spot to cover for the idiot. -- Llywarch Hen From david at sternlight.com Sat Jul 20 04:18:02 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 19:18:02 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: At 3:25 PM -0700 7/19/96, Sandy Sandfort wrote: >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > >C'punks, > >On Fri, 19 Jul 1996, David Sternlight wrote: > >> At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote: >> >> >Allow the government to think that we think it has the right to give >> >us their permission and we've lost everything. The government should >> >need OUR permission, not the other way 'round. >> >> ...This is a (as far as it goes) a democracy, not a 'Llewyellyn >> and those who agree with him' dictatorship. > >Actually, for what it's worth, this (meaning the US) is a >Constitutionally limited democratic republic, NOT a dictatorship >of the majority, the proletariate, etc. That has been tried and >failed too many times to mention. Read the Ninth and Tenth >Amendments to the Constitution for further enlightenment. I've been around for so long that I knew when I typed the above someone would try to take my words literally in order to avoid my point and pick the above nit. My point stands--this is not a 'whoever and those who agree with him' dictatorship. The administration has the legislative permission the Constitution provides for through our elected representatives, and a few who disagree have no standing to say that the government should ask their permission yet again. If they disagree with what Congress and the administration have done, there are well-established ways to petition Congress to change it. If they fail, t.s.--that's the way our system works. YOU don't get to force your will on the wider population, nor do YOU get to tell them that they are poor benighted fools who should agree with YOUR views on civil liberties. To assert otherwise is fascism, authoritarianism, dictatorship, pick one. David From snow at smoke.suba.com Sat Jul 20 04:25:07 1996 From: snow at smoke.suba.com (snow) Date: Sat, 20 Jul 1996 19:25:07 +0800 Subject: ABC News on internet telephony In-Reply-To: Message-ID: On Thu, 18 Jul 1996, David Sternlight wrote: > At 6:41 AM -0700 7/18/96, Clay Olbon II wrote: > >There was a pretty long piece on the evening news on using the internet for > This is the rankest speculation on my part, but could some of the bigger, > smarter phone company cum internet providers have done some serious > analysis and concluded that we're moving away from distance-based rates for > voice calls. Might they even have examined where we'll be in the next ten > years (with ADSL, etc.) and decided that the network technology and simple > market economics makes fixed charges per "line" more profitable to them > than metered usage? Maybe this is wishful thinking on my part, but some of > the bigger actors are starting to behave in a surprisingly > counter-intuitive (based on the way we stereotype them) fashion on this > topic. It is my understanding that billing is one of the biggest headaches and expenses for a phone company. Going to a flat rate would solve a decent amount of that wouldn't it? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From frantz at netcom.com Sat Jul 20 04:28:08 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 20 Jul 1996 19:28:08 +0800 Subject: Giving 6 year old kids Uzi's Message-ID: <199607200649.XAA25479@netcom7.netcom.com> At 2:39 PM 7/19/96 -0700, Ernest Hua wrote: >You might have had a different childhood, but when I (and most of my >friends) were 6 (or 12 or even 18), our primary concern was having fun, >avoiding stuff we don't like (like homework), attracting females (or >males, as the case may be), attracting attention in general, avoiding >being one-upped (in conversation or in sports or otherwise) but always >on-upping someone else, ... When I was in high school (age 14-18), I was on the high school rifle team. That means I carried a rifle into school at the beginning of the season and back home at the end of the season. I should not be necessary to mention it, but I never shot anyone then, before, or since. >Incidentally, if you are interested, I DO have a child (almost 2 yrs), >and I certainly would not even contemplate letting him have a gun (no >matter how well he can use it) until he can legal get one himself. I >will certainly invoke serious wrath (on him and anyone else involved) >if I ever found him with a gun. I have two children, ages 20 and 24. We never gave them toy guns. (Guns are serious things. If you want toys, spend your own money.) However, we did give them the opportunity to learn about and shoot real guns when they were quiet young. I first shot a rifle at age 8 at summer camp. I recommend teaching children about proper use of guns at a similar age, with tight supervision. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From adamsc at io-online.com Sat Jul 20 04:29:04 1996 From: adamsc at io-online.com (Chris Adams) Date: Sat, 20 Jul 1996 19:29:04 +0800 Subject: Opiated file systems Message-ID: <199607200454.VAA10536@toad.com> On 18 Jul 96 18:49:04 -0800, dfloyd at IO.COM wrote: >The problem I ran into firsthand with archive sites is that they tend to >turn into porn or pirated software servers. One could then have the >software delete after a download. Anyway, one is always open to a denial >of service attack where someone just throws chunks of /dev/random at you. >If someone has any ideas on how to slow down attacks like this, please >E-mail me. It would be nice to have an offsite storage place, but without >the necessity of giving a bunch of personal info (as with Mcaffee's >WebStor). A) Only accept files with valid PGP signatures from accepted keys - this is one area where PGP's commandline interface is a plus - just write a batch script. Demand that a separate file be sent first, signed by a certain key. This file would contain valid filenames for the rest of the session. If a non-listed file is sent, kill the session. This could all be automated with a simple program. You could probably even use SSLs and similar to do it on a website if you could swill the PGP bit - maybe a plugin? B) bounce trash back. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From hua at xenon.chromatic.com Sat Jul 20 04:30:04 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 19:30:04 +0800 Subject: Bureaucractic Slime Factor (Was: NSA response to key length report) In-Reply-To: <199607192110.RAA07548@crypto.com> Message-ID: <199607200018.RAA24698@server1.chromatic.com> > What I find most disturbing about this is that their report was > provided secretly to policymakers in the administration and in > Congress, without independent technical review that would have > quickly exposed the fallacy of the arguments. I never would have > seen it had several of the recipients not faxed it to me. This is Yes. This is the bureaucratic slime factor. It pissed me off when Freeh lobbied behind the scenes for Digital Telephony. It pissed me off when government officials use effectively hidden channels precisely because they know they cannot get away with it in the full light of public scrutiny. Another way B.S.F. shows up is exemplified by gross mistatements like Gore's recent "emerging consensus" claim. It's the old "it's technically true but we know damn well we are effectively lying to the public" trick. I am actually kind of surprised that there are some on this list who might have considered giving Gore the benefit of the doubt. Ern From hua at xenon.chromatic.com Sat Jul 20 04:30:33 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 19:30:33 +0800 Subject: No Subject Message-ID: <199607192221.PAA24259@server1.chromatic.com> > >If I had kids, I'd make sure that lots of negative memes were kept away > >from them until they reached an age where it no longer mattered, where > >there views are already basically set. > > I am sorry to hear. I think we underestimate childrens' ability to decide > for themselves what is right and wrong, and I think the seemingly inate > desire for parents to want children that are all but clones of themselves > is especially dangerous and certainly harmful. I think that restricting access > to "negative memes" from anyone (including children) actually does more > harm than good. I didn't particularly want to get into this, so I will (Don't make the point if you don't want to discuss it.) I have a child, and if you don't, you really should try to raise a child for a week. What a child considers "right" or "wrong" is very much dependent upon about a million different factors, very few of which, you have any serious notion, let alone control. In addition, a child, in parallel, learns behavior at the same time it is judging what to absorb; therefore, you can't just "turn on" learning mode and "turn off" judging, "download values", "turn off" learning and "turn on" judging. Most things children pick up are not really that "damaging". However, certain things in life are strictly designed to damage. Anything from a verbal "fuck you" to an Uzi. Therefore, restrictions on access to those sorts of things are not that unreasonable, until the child has learned enough to understand the consequences of their actions, and can functionally and socially adapt to their choice of environments. Ern From paquin at netscape.com Sat Jul 20 04:31:30 1996 From: paquin at netscape.com (Tom Paquin) Date: Sat, 20 Jul 1996 19:31:30 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: <31EFC546.50D6@netscape.com> > > what's stopping netscape from embedding the info you > > provide in the binary before shipping it to you, so that if it shows > > up on hacktic, they know who did it? Nothing, but we're not doing that, and nobody has asked us to. If we did something like that, I imagine you'd know up front. > Their file delivery CGI could use some work... No doubt. > no reason I can see to > offer the filename 'pick.cgi' for everything. We've been busy getting the damn process to work and get approved. It's simple this way. There's one CGI and when you run it, it produces output and ergo that's the "filename" you see. With some time, we could get clever and synthesize the name you want. It's not the highest of priorities in this process right now. -- Tom Paquin Netscape Communications Corp about:paquin From nobody at REPLAY.COM Sat Jul 20 04:37:25 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 20 Jul 1996 19:37:25 +0800 Subject: Netscape Message-ID: <199607200930.LAA08360@basement.replay.com> Rich Graves wrote: >[on hacktic] >> netscape-fts2-hp10.tar.gz Fast Track Server 2.0 for HPUX10 >> netscape-fts2-nt.exe Fast Track Server 2.0 for WinNT >> netscape-hpus-30b5.tar.gz Navigator 3.0b5 for HP-UX >> netscape-linux-30b5.tar.gz Navigator 3.0b5 for Linux >> netscape-ssl30-src.tar.gz SSL 3.0 source code >> netscape32us-30b5.exe Navigator 3.0b5 for Win95/NT > >And thus it begins... I think it's a bad idea to provoke the TLAs >like this, but I suppose it's inevitable. Why is it a bad idea? If you don't do it, you support the ITAR by your lack of action! Every day that you don't export strong crypto you assist the enemy. >(But doesn't anyone use Macs or Suns?) Mac download didn't work yesterday. The download page doesn't say if the Solaris versions are for Sparc or Intel (they are different and incompatible binaries, aren't they?). >> By the way, is it possible to get a certificate for the >> Fast Track 128 bit servers outside of north america? > >Why would you want one when the source for Apache-SSL is available? Just for fun. To show the TLAs what complete morons they are... >Besides, it's a Serious Copyright Violation, said with minimal irony. This whole thing isn't Netscape's fault; in fact, they're >doing their best to be the good guys. Do you Seriously Believe that Netscape would prefer foreigners to develop and use competing products? Of course not. They are probably secretly applauding the brave exporters. From dougr at skypoint-gw.globelle.com Sat Jul 20 04:42:14 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Sat, 20 Jul 1996 19:42:14 +0800 Subject: Home Made Telephone Voice Changer In-Reply-To: <01BB752B.7FF7A440@ip65.i-manila.com.ph> Message-ID: On Wed, 17 Jul 1996, Jerome Tan wrote: > Does anyone know how to make a home-made telephone voice changer? While I haven't tried this particular kludge, taking a VSC equipped tape player (Radio Shack used to sell these, and may still) inserting an automotive cassette-stereo CD adapter (the inductive coupling kind that are built into cassette shells) and driving that with a cheap mike & low power audio amp ... should enable you to lower your voice pitch substantially. Have fun, -Doug From snow at smoke.suba.com Sat Jul 20 04:43:04 1996 From: snow at smoke.suba.com (snow) Date: Sat, 20 Jul 1996 19:43:04 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607181704.MAA16235@manifold.algebra.com> Message-ID: On Thu, 18 Jul 1996, Igor Chudov @ home wrote: > Timothy C. May wrote: > > As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G. > > civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum > > rounds are even better penetrators, but recoil and muzzle blast is pretty > > severe with these loads.) > Then I also suggest that you install a metal door and put metal cages on > your windows. That will at least give you some time to wake up if > someone tries to break into your house. Also get a good dog. > Without that, having a gun will not do you much good. It will be more > trouble than itis worth because you cannot understand the situation > quickly enough after you wake up, so you may kill someone peaceful who > entered your home with good intentions, which will get you in jail. If > you had a metal door, you would have enough time to wake up and assess > the situation. While most of what you say about preventing someone from braking in to your house has a great deal of merit, I strongly challenge the idea that anyone coming thru a locked door or window at 4 in the morning has "peaceful intentions". Prudence indicates that you treat such individuals as hostiles until otherwise proven. In otherwords: Bullshit, anyone coming thru a window at 4am is either a hostile, or you are doing society a favor by removing that person from the gene pool. I may be a little nuts, but does it strike anyone else that a good self defense weapon against ninja raids would be a hand gernade? Seriously, hang it by your bed, and when they break in, grab it. If they shoot, they die. You are probably already dead. If they don't shoot, put the pin back in and continue on about your business. A bit of overkill maybe, but you don't really need to aim all that well. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From david at sternlight.com Sat Jul 20 04:49:38 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 19:49:38 +0800 Subject: US versions of Netscape now available In-Reply-To: <31EEEA3F.5015@netscape.com> Message-ID: At 4:57 AM -0700 7/19/96, Peter D. Junger wrote: >Jeff Weinstein writes: > >: Adam Back wrote: >: > Presumably as this latest netscape beta is freely distributable, once >: > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc. >: >: Just a minor nit. No netscape software is freely distributable. >: The license agreement does not allow people who download it >: to redistribute it. > >But--to nitpick at the nit--nothing in the license agreement that I >can find forbids one from distributing it to others who are not >foreign persons and are not outside the United States. It's a copyright work. There is no need to be explicit--redistribution of copyright intellectual property (except for fair use excerpts) is an infringement without explicit permission of the copyright owner, isn't it? Next you'll be telling us that one can Xerox best-sellers without permission and send them to Patagonia unless there's an explicit sale prohibition against it. Tthe license terms would have to allow redistribution explicitly for any flavor of it to be non-infringing--they don't have to prohibit some flavors specifically, yes? David From david at sternlight.com Sat Jul 20 04:51:28 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 19:51:28 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: At 12:44 PM -0700 7/19/96, Lucky Green wrote: >At 3:04 7/18/96, David Sternlight wrote: > >>Serious studies have shown that the kinds of protections to make the >>systems we depend on robust against determined and malicious attackers (say >>a terrorist government, or one bent on doing a lot of damage in retaliation >>for one of our policies they don't like), have costs beyond the capability >>of individual private sector actors. Your friendly neighborhood ISP, for >>instance, probably can't affort the iron belt and steel suspenders needed >>to make his system and its connectivity sabotage-proof, and so on. Even >>cheap but clever solutions involving encryption in such systems require >>standards and common practices across many institutions. > >However, the neighorhood IPS doesn't need the kind of defenses required for >the powergrid and other crucial systems. The systems that do require such >heightend security are typically run by parties that can afford such >security. If they choose not to implement them, then it stands to reason >that their threat evaluation does not deem it necessary. Let market forces >govern, lest we spend money on countermeasures for inflated threats. I suggest that your comment about non-neighborhood IPS systems is speculative and isn't based on reading the formal threat assessment analysis. You are entitled to your opinion but it's just that, not an analytic argument. It also contains at least one false assumption: that if "their" threat evaluation deems it important, they can afford to implement it. As we know this is flat out false. Many aviation experts have said that we could make airplanes a lot safer than they are now (for example), but nobody could afford to fly them if we did. David From hua at xenon.chromatic.com Sat Jul 20 04:54:13 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Sat, 20 Jul 1996 19:54:13 +0800 Subject: Filtering out Queers is OK In-Reply-To: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com> Message-ID: <199607192209.PAA24069@server1.chromatic.com> > > I see nothing wrong in this. Anyone who disagrees is, of course, free to > > set his filters differently, but not to insist that my filters be changed. > > And the government is not free to pass any laws about what filter sites can > > and can't do. > > that's a trade secret. So, people will be allowing a corporate entity that > exists for profit to set their filters for them. This is a very scary thing > and perhaps even more frightening than having the government do it. I think If I'm not mistaken, the point here is that you can always choose NOT to go with filter XYZ, and instead, purchase services with filter ABC. It is still not perfect, but then, that is the point. We do not trust any SINGLE entity. However, if I have a choice of entities, then I am willing to try one, and let them abuse me in the short term. Simple free market principle says that a filter will show up with me needs sooner or later. If the filter is the government, I have no direct choice. I have very very indirect choices, but I cannot just shut off the service if I don't like it. Ern From david at sternlight.com Sat Jul 20 05:00:34 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 20:00:34 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: At 7:07 PM -0700 7/18/96, Timothy C. May wrote: >Filtering is not "wrong," Cerridwyn, it is a rational response to garbage >being spewed constantly. I filter lots of items. I read "Scientific >American" and "The Economist" because they filter (or "censor," in the >sense some are objecting to here) nonsense about "queer rights" and >"peircing fashions," to name but a few things I have no interest in hearing >about. > >I think of AIDS as "evolution in action." Retroviruses which have existed >for millenia now find new vectors for spreading in our population. I cry no >tears for those dying of AIDS, and work to reduce to tax dollars spent on >such things as "AIDS research." Let those who introduced the new vector pay >for the research. Pretty good summary of one position. I'd add that in addition, some groups you mention blackmail society by being loud and in your face, and prey on others' fear of being thought politically incorrect, to gain amounts of public treasure and air time vastly disproportionate to their needs or their problem in the heirarchy of needs and problems facing society. Putting it a bit more directly, gays are a small percentage of society but many are constantly demanding air time, infiltrating the media to create exposure vastly disproportionate to their numbers, and demanding public funds per capita way in excess of what the poor, the heart-disease or cancer-ridden, or the heterosexuals get for _their_ needs. In their latest attempt at public blackmail they're trying to get the nation to agree that we should provide incentives for homosexual marriages (the marriage benefits of Federal law are incentives to behavior society wants to encourage, not an inherent "right" of marriage). David From vinnie at webstuff.apple.com Sat Jul 20 05:05:16 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Sat, 20 Jul 1996 20:05:16 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: Arun you are lost.. >particularly since you are far more likely to use this weaponry in a rage > against a loved one than against someone breaking down your door. Thats plain HCI statistic crap, DONT YOU BELIVE IT, those numbers are based on drug dealers killing other drug dealers.. read the real FBI numbers, they are on the net. Anyways the real reason that the "more likely" argument bothers me is that its like saying that Crypto is more likely to be used by criminals than law abiding citzens. > >I wonder about that -- between Tweedledee Clinton and Tweedledum >Dole, does it matter whether you vote or not? bad attitude. thats the reason we have Her Klinton to begin with,, apathy > The system seems to make sure that before you even get to a >position where someone can seriously vote for you, you've already >sold your soul. there is some truth to that Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From david at sternlight.com Sat Jul 20 05:07:22 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 20:07:22 +0800 Subject: Netscape download requirements In-Reply-To: <2.2.32.19960719084701.006a8aac@gonzo.wolfenet.com> Message-ID: At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote: >Allow the government to think that we think it has the right to give >us their permission and we've lost everything. The government should >need OUR permission, not the other way 'round. That's what happened, or didn't you notice that ITAR is based on laws passed by an elected Congress? Didn't you notice that thus far when people with one position on the matter have tried to persuade Congress to modify ITAR, they have failed? This is a (as far as it goes) a democracy, not a 'Llewyellyn and those who agree with him' dictatorship. David From shamrock at netcom.com Sat Jul 20 05:07:27 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 20 Jul 1996 20:07:27 +0800 Subject: Gorelick testifies before Senate, unveils new executive order Message-ID: At 3:04 7/18/96, David Sternlight wrote: >Serious studies have shown that the kinds of protections to make the >systems we depend on robust against determined and malicious attackers (say >a terrorist government, or one bent on doing a lot of damage in retaliation >for one of our policies they don't like), have costs beyond the capability >of individual private sector actors. Your friendly neighborhood ISP, for >instance, probably can't affort the iron belt and steel suspenders needed >to make his system and its connectivity sabotage-proof, and so on. Even >cheap but clever solutions involving encryption in such systems require >standards and common practices across many institutions. However, the neighorhood IPS doesn't need the kind of defenses required for the powergrid and other crucial systems. The systems that do require such heightend security are typically run by parties that can afford such security. If they choose not to implement them, then it stands to reason that their threat evaluation does not deem it necessary. Let market forces govern, lest we spend money on countermeasures for inflated threats. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From david at sternlight.com Sat Jul 20 05:08:26 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 20:08:26 +0800 Subject: ABC News on internet telephony In-Reply-To: <199607191718.NAA04083@unix.asb.com> Message-ID: At 5:58 AM -0700 7/19/96, Deranged Mutant wrote: >ISPs have functioned better using flat monthly rates, and the biggies are like >AT&T are going in the same direction for internet access. I don't >see this as being 'counter-intuitive' at all. I said counter-intuitive to the way we stereotype them. We stereotype the phone companies as greedily pursuing metered rates and distance-sensitive ones at that. Every so often we see a horror story that they're about to charge per packet, or put in a modem tax, or some such. History supports such fears. > The costs to the >ISPs and telcos aren't really based on where you call or how long you >are on anymore. I don't have the data to know if that's generally true, but I'll take your word for it for the moment. Can you post or e-mail me something definitive? > >Big questions are how the main hubs for the internet are maintained >(esp. when some of the big telcos maintain them... a conflict of >interest, perhaps). Will fees become too much that smaller ISPs are >put out of business, or that we'll start seeing ISPs merge? (Remember >when there were mainly local cable companies?) Count on it. But I speculate the demise of smaller ISP's will come at least in part in another way--the capital base of the big telcos means that they can offer more reliable service, fewer busy signals, better customer service, and more rapid introduction of advanced technologies AT SCALE as they grow. But isn't that the way markets are supposed to work? David > >On 18 Jul 96 at 11:03, David Sternlight wrote: > >[..] >> This is the rankest speculation on my part, but could some of the bigger, >> smarter phone company cum internet providers have done some serious >> analysis and concluded that we're moving away from distance-based rates for >> voice calls. Might they even have examined where we'll be in the next ten >> years (with ADSL, etc.) and decided that the network technology and simple >> market economics makes fixed charges per "line" more profitable to them >> than metered usage? Maybe this is wishful thinking on my part, but some of >> the bigger actors are starting to behave in a surprisingly >> counter-intuitive (based on the way we stereotype them) fashion on this >> topic. > >--- >No-frills sig. >Befriend my mail filter by sending a message with the subject "send help" >Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) > AB1F4831 1993/05/10 Deranged Mutant >Send a message with the subject "send pgp-key" for a copy of my key. From mpd at netcom.com Sat Jul 20 05:11:55 1996 From: mpd at netcom.com (Mike Duvos) Date: Sat, 20 Jul 1996 20:11:55 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: <199607200000.RAA10799@netcom11.netcom.com> Ernest Hua writes: > The same can be said of the children of the more politically > correct. My opinion is that religion is a waste of time and > resources, and therefore, those who force their children to > be religious is doing precisely the same harm you allude to. Of course they are. > That is strictly MY opinion. If there are enough of me > around, should we be allowed to force the government to take > children away from their religious parents? More mildly, > can the government "protect" a child from religious ideas? > What gives the society more rights to regulate how the child > shall be brought up, except the narrow interest of > protecting the physical safety of the child? It is not even > clear that the government may force a child to accept > secular ideas that may violate the child's religious > background, even if the government has a compelling secular > interest in doing so. This is the usual smokescreen the "parents rights" lobby brings to the bargaining table. Rather than make the debate over the rights of the child, and what resources the state should make available to the child to protect those rights, they make it a contest between the parent and the state to see who gets to violate the child's rights the most. Since most people regard parents as more benevolent than the state towards children, the parents automatically win without the reasonableness of their behavior ever coming under discussion. So instead of arguing whether children should have access to education, libraries, computers, and other resources in their own right, we get the usual endless debate over whether the state or the parent should exercise the absolute iron-fisted control parents all seem to think is such a wonderful thing, with anything other than state collaboration with the parents wishes being represented as the state usurping the parental role. Been there. Done that. And as the Scottish would say, "It's Crap." > Yes, we would like fewer Hitler's in the future. But should > we NOT let the people decide how the raise their children > because there is some risk of a few of them turning into > future Hitlers? Again, children have a right to go to libraries, get educated, and use telecommunications resources without interference by EITHER the state or their parents. As is usual, the people who are against children having these rights try to sell everyone the notion that the only choice is between their two handpicked and equally unacceptable alternatives - iron-fisted state control or iron-fisted parental control of everything children do. We see the same rhetoric at work with things like curfew laws as well. The question is always phrased as "should the state or the parents set curfews." Whereas, the real question is "Should police or parents have the right to harrass a 17 year old who is out in public, behaving himself, simply because it is 9 PM at night?" The best way to raise "Fewer Hitlers" is to have a generation of children who lack the internalized rage produced by being walked on like doormats by numerous authority figures while they are growing up. This includes both parents and representatives of the government. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From grafolog at netcom.com Sat Jul 20 05:12:01 1996 From: grafolog at netcom.com (Jonathon Blake) Date: Sat, 20 Jul 1996 20:12:01 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids) In-Reply-To: <199607192139.OAA23712@server1.chromatic.com> Message-ID: Ernest. On Fri, 19 Jul 1996, Ernest Hua wrote: > > in a country where everybody << including six year olds >> > > carry, and can use Uzi's, etc, as a matter of course. > Oh my ... you aren't serious, are you? Deadly. > Just why do you suppose a pissed-off six-year-old (because, let's say, > another six-year-old stole his lunch) would not blast someone? I can only assume that #1: You've never lived where both long arms, and side arms were a part of normal casual dress attire. #2: You have no comprehension of non-wasp culture norms. > Would you just hand out guns to all teenagers? I'd expect them to buy the guns, but yes. > friends) were 6 (or 12 or even 18), our primary concern was having fun, > avoiding stuff we don't like (like homework), attracting females (or Lot like mine. Thing was, without the FN's, or the Uzi's there wouldn't have been a childhood to grow out of. > By the way, would you let a 6 year old drive? or fly? (Assuming that > they are physical capable and trained to do such.) Yes. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From sandfort at crl.com Sat Jul 20 05:13:17 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 20 Jul 1996 20:13:17 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.32.19960719063324.00695be4@gonzo.wolfenet.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, I wrote: > >[In California] anyone found in your house at night is > >presumptively a threat to which you may respond with deadly > >force. Shoot on sight, in other words. To which Cerridwyn responded: > I find it hard to believe "anyone". If "anyone" happens to be > law enforcement, as has been proven again and again: yer screwed > no matter what (either dead or in jail forever). Hard to believe or not, that's the presumption. Now in law, it's a rebuttable presumption, but it's still a get-out-of-jail card if you did not know the shadow at the end of the call was a cop who was LAWFULLY in your house. If that last sentence was not clear, please realize that cops who knowingly break the law lose most of the special immunities their status normally gives them. The jury will decide if you acted reasonably, of course, but the presumption is that you did until the cops can rebut it with sufficient evidence. In any event, I still think it's better to be judged by twelve than to be carried by six, n'est-ce pas? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From david at sternlight.com Sat Jul 20 05:30:52 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 20:30:52 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: At 5:55 AM -0700 7/19/96, Jeff Barber wrote: >Yeah, right. You clearly chose not to address the requirements of >international company networks in your argument. You admit that such >companies have international networks, and that you knew it. It was >obviously relevant and you could have and should have addressed it. >The fact that you chose not to speaks to your own lack of integrity. >To gain the upper hand in the argument is clearly your supreme objective; >any point that doesn't fit the argument is simply not addressed. As usual, when someone calls names it is a tip-off that his argument is bogus. 1. Each country can defend its domestic infrastructure without having to defend the international infrastructure and the international infrastructure will pretty much take care of itself. Multinationals should defend their branches on the territory of the host countries and within their rules, not from the US. 2. The presenting issue here is information warfare against the US. What is more what you say is false. I did say that there were exceptions to ITAR for some US companies, which permit strong crypto to be used in their overseas operations. What is more, for many months now State has permitted US Cits to take strong crypto out of the country for personal use, if they agree to some elementary safeguards. Your comment is yet another example of the juvenile argument ("juvenile" in the sense that one sees it a lot in young children whose logical sophistication hasn't yet developed) that if something isn't perfect it shouldn't be done at all. Rest omitted. I'm not going to take any more time with someone who lards his prose with deliberate personal offense and the questioning of motives. Plonk! David From david at sternlight.com Sat Jul 20 05:34:59 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 20:34:59 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: <2.2.32.19960719133458.00830ef0@panix.com> Message-ID: At 6:34 AM -0700 7/19/96, Duncan Frissell wrote: >David Sternlight writes: > >> Here's the problem in a nutshell: Everyone who has looked at our systems, >> from Cliff Stoll > >A *famous* security expert. > >>on to blue ribbon scientific commissions, > >The last of which recommended that crypto be entirely deregulated. We're not reading from the same page. This discussion is about information warfare and the robustness of US financial, information, control, and power infrastructures, not ITAR. Could you be kind enough to check the Subject, read Gorelick's testimony, and perhaps even (dare I suggest it) read the discussion prior to your post? > >> Serious studies have shown that the kinds of protections to make the >> systems we depend on robust against determined and malicious attackers (say >> a terrorist government, or one bent on doing a lot of damage in retaliation >> for one of our policies they don't like), have costs beyond the capability >> of individual private sector actors. > >Defense is cheaper than attack in encryption because it is easier to make >coherent information incoherent (see Usenet) than it is to make incoherent >information coherent. Again you are off-topic and non-responsive. > >> In such a case, where public benefits from government action greatly exceed >> public (taxpayer) costs, and the private sector cannot (or will not) act >> unaided, the classical basis for government action in the interests of the >> citizenry exists. It's the economist's "lighthouse" argument. > >But since the Internet and the WANs and LANs that you are talking about are >all "private value-added networks," the benefits of enhanced security a >fully captured by the users of those networks and there is no "public goods" >problems. (BTW, there were private lighthouses too.) Again you are off-topic and non-responsive. > >Note too that major money center banks disagree with you. There was a >recent article about the fact that they are not reporting computer >intrusions and just fixing the problems themselves. They don't seem >interested in official security "help" with all the disadvantages (publicity >and security leaks) that it brings. Again you are off-topic. We're talking about information warfare threats of the sort that bring entire systems and infrastructures crashing down. But thanks for responding. I share your concerns. I feel your pain. Vote for me in '93. :-) David From sameer at c2.net Sat Jul 20 05:38:25 1996 From: sameer at c2.net (sameer) Date: Sat, 20 Jul 1996 20:38:25 +0800 Subject: Netscape download requirements In-Reply-To: <31EFCCCC.B13@netscape.com> Message-ID: <199607191914.MAA04018@niobe.c2.net> > My very personal opinion: I loathe giving out my phone number > to anonymous corporate entities. I do it from time to time, but > never without a bristle. I would prefer if we weren't asking > for it, but I'm engaged in an opitimization exercise, or you > might look at it as minimization of evil. Whatever. What's the big deal here? I gave netscape my work number, my work address when I downloaded the us netscape. Give them some number that isn't private. sheesh. i criticized netscape for not doing the export-controlled download in the past, and now they are doing it. they deserve to be congratulated. They're doing good things for the state of security on the net. -- Sameer Parekh Voice: 510-986-8770 Community ConneXion, Inc. FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From wb8foz at nrk.com Sat Jul 20 05:45:32 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 20 Jul 1996 20:45:32 +0800 Subject: MSNBC and cookies In-Reply-To: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: <199607191710.NAA17552@nrk.com> > > It's a nuisance, but I suppose there is no reason that a commercial > service can't do such a thing. But what happens when one tries to > access it with Lynx? > -- > Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Err... W/ Lynx it's a dead-end. You get nowhere. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From snow at smoke.suba.com Sat Jul 20 05:45:51 1996 From: snow at smoke.suba.com (snow) Date: Sat, 20 Jul 1996 20:45:51 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: On Thu, 18 Jul 1996, Doug Hughes wrote: > If people break into my house with the element of surprise wearing > all black in the middle of the night, they have the element of surprise > FIRMLY on their side.. I'd have to believe that reaching for a gun > was the most stupid thing I could do in the entire world in this sort > of circumstance. > "You'd be right, but you'd be dead" - Dr. SNMP > If you don't reach for a gun, at least you have the 'chance' for > restitution on your side. If you're dead, you have no options. If you are trained a certain way, you _are_ going to reach for a weapon, and hell, at least then my kid will have enough money to go to whatever college she wants. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From david at sternlight.com Sat Jul 20 05:45:59 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 20:45:59 +0800 Subject: Filtering out Queers is OK In-Reply-To: <2.2.32.19960719095559.00692920@gonzo.wolfenet.com> Message-ID: At 2:55 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote: >I think we underestimate childrens' ability to decide >for themselves what is right and wrong, I think your comments, in the context of this discussion, are less than fully informed. This is a matter that has been given extensive and serious scientific study over the years, independently of any specific moral or "civil liberties" issues. Read Piaget, for example. David From aba at dcs.ex.ac.uk Sat Jul 20 05:47:27 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sat, 20 Jul 1996 20:47:27 +0800 Subject: Opiated file systems In-Reply-To: <199607191718.NAA04076@unix.asb.com> Message-ID: <199607191743.SAA00535@server.test.net> Rob writes: > On 18 Jul 96 at 22:48, Adam Back wrote: > [...] > > ie. the attacker can not tell without the hidden file system key (if > > one exists) whether the unused space on your drive is really just > > that: unused space filled with garbage, or whether it is in fact > > another encrytped filesystem. > > There has to be a way to tell the system that the sectors are used > when not the drive isn't mounted and the filesystem isn't active. Ah I see what you're getting at. My solution (I'm sure I wrote this somewhere in this thread) was that you'd always have to mount both file systems during normal usage, otherwise you'd risk damaging the hidden fs. You'd only mount the duress fs alone in a duress situation. Not attractive, but I don't see any easy way around it. > > They might be suspicious, but I don't think they would be able to > > claim you were in comptempt of court, if you provide the 1st key and > > claim there is no other key: the software has support for either 1 > > or 2 filesystems. > > Having a copy of the driver is enough to arouse suspicion. If they > don't find anything useful in that one partition, they'll assume > the second is in use and that you're not giving up the key. You may > very well get accused of maintaining a second system even if you are > not and do not have anything incriminating in the one encrypted fs. You could be right, I'm not sure how it would go in practice. But I don't think there is really much more you can do unless you assume the ability to conceal a piece of hardware from your opponents. Say like a floppy disk with the stego or duress drivers on? But that gives rise to all sorts of problems also... where do you store it when you're not using the computer? What if they grab you while you're at the computer? When you leave the computer for 5 mins? Adam From david at sternlight.com Sat Jul 20 05:48:20 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 20:48:20 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: At 12:48 AM -0700 7/19/96, Mike Duvos wrote: This is simply incorrect. It is a supportable advocacy for most adults, but children's minds tend to be like sponges--everything they take in (up until a certain age) is thought to be true, interesting, worth experimenting with, based on authority, etc. Read Piaget. What is more, a parent can't watch them every second while they're on the net, nor will they ask all the questions they should about certain material they see. I'd no more permit young kids to view gay or bestial or porno sites on the net than I'd let them view propaganda for how good pigs taste (unsupervised), if I were an orthodox Jew. When they've passed the developmental stage (I rely on the experts in this field for that determination) where they have independent critical judgement and the security to exercise it, THEN I would open up their horizons. I speak as a father who has raised four children who turned out to be independent beings to successful adulthood and families of their own, not as a theoretician. David From nobody at REPLAY.COM Sat Jul 20 05:50:23 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 20 Jul 1996 20:50:23 +0800 Subject: Borders *are* transparent Message-ID: <199607192000.WAA26326@basement.replay.com> Sternlight blathered [regarding Tim]: ... >"Nyaah, nyaah, you can't catch me" doesn't mean that if they do they won't >prosecute. Your waving around that stuff in France is not only juvenile, Starting off with defamation is a sure tipoff that what follows is crap. And sure enough...[he sure makes it convenient for sarcastic "cowards" like me to use his own words against him.] >but also may put you in violation of French crypto law. ... Perry's right, DS *would* do it with a dawg. >>... Borders _are_ transparent. ... > >Again you make the long-discredited straw man argument that the purpose of >ITAR is to hermetically seal. It is not. It is to keep legitimate US mass >market purveyors from selling strong crypto overseas, ... You tell the stated purpose, the NSA's own lawyers have told PRZ and others (off the record, of course) that there is a domestic (and therefore a Constitutionally impermissible) purpose. Read the Bill of Rights. >[yadda yadda yadda.] >> >>_This_ is why I expect the Netscape beta to arrive overseas pretty soon. > >Nobody disputes that. It won't be readily available though, except for >those who have no compunctions about software piracy. Hell, they can pay Netscape anonymously. David, if you try double standards around here any more, I will make fun of you more, EVERY TIME. I will not stop. I note that you have the common [but not necessarily fucking] statist flaw of needing to get in the last word in every argument, rather than just agreeing to disagree. Chill out. For the health of the list, please try to tone down the volume and number of your posts to something more closely approaching reasonable. From rah at shipwright.com Sat Jul 20 06:01:51 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Jul 1996 21:01:51 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.32.19960719195905.008675d0@panix.com> Message-ID: At 3:59 PM -0400 7/19/96, Duncan Frissell wrote: ... > Liddy's remarks on shooting federal agents who unlawfully break into your > hose. ^^^^ Now *that's* an invasion of privacy... ;-) Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From vznuri at netcom.com Sat Jul 20 06:06:03 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 20 Jul 1996 21:06:03 +0800 Subject: Surf-filter lists In-Reply-To: <2.2.32.19960718232909.006ab4e4@gonzo.wolfenet.com> Message-ID: <199607191810.LAA07845@netcom9.netcom.com> agree with most of your points CL, but >That is another problem, not the Real Problem. The Real Problem is that >parents are scared to have to explain to children why something they've >seen is wrong or bad. They are afraid to teach their children their >beliefs and values, so instead would rather just filter everything that >conflicts with those beliefs, so that they believe it by default. This is >a big problem when those children grow away from their parent's influence >though, and creates bigotry and intolerance. (They don't know why they >believe what they do, but believe it with fearful vengeance). as I wrote in the CuD article, it seems pretty darn reasonable to me to adopt a philosophy in which the younger the kid, the more that is blocked, and to decrease this blocking to none at all as they get older. the argument is not, "to block or not to block" as a lot of black-and-white polarized accounts are portraying it. I would like to see people stop ranting at parents merely because they want to block things like sex, violence, pornography, etc. especially when younger children are involved. I'm amazed at how often I see this argument, "the problem is not junk on the internet, the problem is hypersensitive and backward parents who can't innoculate their children". frankly I think that's what childhood is all about: not being exposed to all the harsh aspects that grownups call "reality". do we ask that children work in factories and make their own living? of course not. childhood is about *not* being exposed to the full harshness of reality, about being insulated from it by protective parents. it's a very innate and natural instinct for parents to embrace-- virtually the definition of parenthood. admittedly it can become authoritarian, but at root it's very basic to human nature. From bkmarsh at feist.com Sat Jul 20 06:09:05 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sat, 20 Jul 1996 21:09:05 +0800 Subject: The risks of information warfare In-Reply-To: Message-ID: On 19 Jul 1996, Clay Olbon II wrote: > 2. Second hand smoke kills. Probably, but the only statistical link was > found by picking and choosing which studies to use. And the freedoms of > millions of Americans are dramatically restricted based on this premise. That and the fact that it can be physically sickening to the people who have to be around such individuals. > 3. Terrorism is a big threat to the "national security". Of course more > people are killed in the bathtub than by terrorists, but that is beside the > point. The government can't do much about accidental bathtub deaths though. Terrorism can be dealt with on a much more tangible level. > My reason for bringing these up is that I think much of the "information > warfare" 5th horseman is overblown hype - in the same category as 1-3 > above. Of course, many security professionals will disagree, because it is > in their best interests to do so - their level of funding depends on it. I look at it this way. Information warfare has the *potential* of being as potentially destructive as conventional warfare due to the very nature of our country's infrastructure. However, when we look at other means of war that were supposed to be the "ultimate" force, like nuclear weapons, we've historically seen that they work better as pawns in the power struggle rather than as actual playing pieces. The main difference between nukes and infowar is that an attack by the latter means is more feasible for just about anyone as opposed to an actual country or powerful organization having nukes. > Sure, there have been break-ins and some loss of $$ (of course that is what > insurance companies are for). I have seen nothing, to date, that would > justify massive increases in government power over the private sector; Neither have I. It would seem that the government has worked more towards actively discouraging any good infosec policies than helping out. Let them take care of foreign nations amassing large groups of Internet connected work stations in their military bases and I think we can handle the infrequent malicious individual. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 So, what is your excuse now? From jt at freenix.fr Sat Jul 20 06:09:14 1996 From: jt at freenix.fr (Jerome Thorel) Date: Sat, 20 Jul 1996 21:09:14 +0800 Subject: lambda 2.09 - French Telco Act Censored? Message-ID: netizen's --> Lambda Bulletin 2.09 <-- contents -->> www.freenix.fr/netizen + Censoring Censorship Attempts French Telco Act's Internet control sections may be unconstitutional. + Encryption : The OECD fails to act on key-escrow policy * * * * * * * * CENSORING CENSORSHIP ATTEMPTS -- A LA FRANCAISE The French Telco Act, which was voted by the Parliament on June 7, may follow the same path than the US Communications Decency Act. A group of Socialists Senators has sent a request to examine eventual unconstitutionality of the law. The new Act, due to meet new criteria for telecoms competition in France, has also taken some steps to create an administrative control of speech and services via online services and the Internet. The new council, le Conseil Sup�rieur de la T�l�matique, "could block the free communication of thoughts and opinions, and may eventually establish a principle of preliminary declaration" for online speech, reads the document given to the Conseil Constitutionnel, the supreme watchdog of the French 1958 Constitution (and the principles of the 1789 Declaration des Droits de l'Homme et du Citoyen). Indeed, the law may breach article 34 of the Constitution which says that the Parliament alone could indict rules concerning "the basic garanties given to citizens for the exercice of their civil liberties". But the newly created CST may appreciate if a Web site or a newgroup could be illicite according to the French Penal Code. This "appreciation" is not sufficiently well defined in the Telco Act, constitutionnal jurists said. Article 66 of the Constitution also states that the appreciation of the Penal Code should be the role of the penal judiciary (le Juge Penal), but shouldn't depend on any administrative body or any administrative judge (Juge Administratif). But other voices said that the existing Conseil Sup�rieur de l'Audiovisuel (which regulates broadcasting content) is based on the same principles. Then, the Conseil Constitutionnel will have to make a difference between a TV program and a Usenet feed. That's what the Philadelphia Court acted when they censored the CDA. Final decision awaited in Paris before the end of July (July 26th in theory). * * * * * * * * OECD FAILS TO ACT ON KEY-ESCROW ENCRYPTION; THE US ACCUSED OF "POLICY LAUNDERING" The Paris-based OECD, the 24-members club of industrialised nations, has failed to take a step towards international recongnition of key-escrow encryption. The meeting of June 26-28 in Paris, scheduled to take a firm decision about the possibility of law enforcement agencies to read electronic mail of private individuals and corporations, didn't succeed to act on a compromise. The OECD's general secretary has no special power to draw regulations and must find a common policy on the matter. Sources said the OECD has been set apart between "the key escrow group" -- mainly USA, France and Britain -- and the "laxist" group -- mainly Japan and Europe's Scandinavian countries like Sweden, Denmark and Finland (Germany was still uncertain). A press release of the OECD says that no final decisions were made. There will be no other comment of the case. "The OECD experts grappled with achieving a balance between respect of national sovereignty and developing an international approach. This dialogue will be continued at a third meeting of the group, scheduled to take place on 26-27 September, in Paris. An OECD spokeswoman said the organisation asked independant experts from the Electronic Privacy Information Center (Washington, DC) to participate in preliminary meetings. The EPIC prefers not to make any comment until the next meeting in September. Sources said the US were willing to "use" the OECD as a "policy laundering" machine : to pressure the organisation in order to have the key escrow policy approved by the 24 countries. US intelligence officials would have been using it as a political weapon at home, where Congress, public-interests groups and industry pressure groups are on the verge to act against any key-escrow policy. * * * * * * * * **LAMBDA SPECIALS -- WEB ONLY!!! - see www.freenix.fr/netizen** Forget the Internet. Here are some subversive archives. Unfortunatly, mainly in French. -->> Coca-Cola's weird business strategy during WW2. (You won't heard this story during 1996 Olympics). Based on a book published in 1993, "For God, Country and Coca-Cola, by Mark Pendergrast (Scribner's Sons Publishing, New York). From the Berlin Olympics to 1945, Coca-Cola builded a strong presence in Germany while sitting besides GI's in the Us War effort. Check interesting pictures taken from the book: >> www.freenix.fr/netizen/special/coca-colabo.html -->> Special Psychedelics French stories about the renewal of medical psychedelic research. And a letter from Tim Leary, psyche pope of the 60's, published in English. >> www.freenix.fr/netizen/special/tl-letter.html * * * * * * * * Jerome Thorel =-= Journaliste/Free-lance Reporter =-= Paris, France =+= the lambda bulletin --> http://www.freenix.fr/netizen =+= From amehta at giasdl01.vsnl.net.in Sat Jul 20 06:11:58 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sat, 20 Jul 1996 21:11:58 +0800 Subject: Borders *are* transparent Message-ID: <1.5.4.32.19960719191346.003005d8@giasdl01.vsnl.net.in> At 02:08 19/07/96 -0700, David Sternlight wrote: >At 11:24 AM -0700 7/18/96, Timothy C. May wrote: > >>This is a terribly important point: if a citizen of Foobaria succeeds in >>connecting to the Netscape site--perhaps by experimenting with various >>combinations of domain names and submitted address/zipcode >>combinations--and Netscape sends him the file, he has not committed a crime >>in his own country. (Unless they have their own laws....) ... > It won't be readily available though, except for >those who have no compunctions about software piracy. Is enought information available for someone else to write software that would be able to communicate with Netscape's at the US-level of crypto? If so, the US government is simply forcing Netscape to open a window of opportunity for some foreign software company to come up with a competing product for the international market. A case of cutting off your nose to spite your face? Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From paquin at netscape.com Sat Jul 20 06:24:11 1996 From: paquin at netscape.com (Tom Paquin) Date: Sat, 20 Jul 1996 21:24:11 +0800 Subject: US versions of Netscape now available In-Reply-To: <199607191213.OAA03214@basement.replay.com> Message-ID: <31EFCCF5.5E5C@netscape.com> Alex de Joode wrote: > I would like to know what Netscape's position on the above mentioned > scenario is .. (Uploading "possibly" received 128 bit binaries to > official netscape mirrors outside the US, that is) (guess why ...) I guess I should look again, but I *thought* our licenses explicitly excepted use of "US-Only" software (defined in the license) from the standard exclusions. I think the attys lifted some of the definitions straight from ITAR and may have quoted 22USC. Maybe we screwed up and got the wrong license in the beta and missed the check. I don't know. I'll look. *sigh* As far as company policy goes, it's a good bet that we won't willingly break any laws. Licensing export-restricted software to a "foreign person" (includes companies, etc) without a particular export license would probably be a mistake which would get corrected quickly. We have made some mistakes. Occasional known distribution errors have occured, and in each case we do what the law says: notify ODTC, and do whatever we can to clean up. Nothing big and nasty has come up and I think ODTC has been fine with us. To my knowledge, every cleanup attempt has been met with cooperation from all hands involved. -- Tom Paquin Netscape Communications Corp about:paquin From WlkngOwl at unix.asb.com Sat Jul 20 06:24:55 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 20 Jul 1996 21:24:55 +0800 Subject: Opiated file systems Message-ID: <199607191718.NAA04087@unix.asb.com> On 18 Jul 96 at 11:01, Adam Back wrote: > For plausibility it would probably be best if very few people used the > duress key feature. And how can you guarantee that? Also: an attacker doesn't care about what percentage of (other) users use duress feature of not. His concern is whether you use it. Note that you'd have to be careful of what you say and do over email in the clear (or encrypted to someone cooperating with an attacker): if you post an excerpt of source code or maybe somehting like Edupage, or if you save mail, there might be reason enough for the attacker to expect to see some of that on your encrypted fs after he's rubber-hosed your key from you. If he doesn't, and he knows you have a possibility of using the duress-key feature... Oh yeah. Psychology is a good way of determining the likelihood of using a duress system. With the extra work and overhead of a duress system, you're better off using stego on some gifs or graphics files. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From ceridwyn at wolfenet.com Sat Jul 20 06:31:07 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Sat, 20 Jul 1996 21:31:07 +0800 Subject: Firewall Penetration Message-ID: <2.2.32.19960720085907.006b1ba4@gonzo.wolfenet.com> At 05:29 PM 7/19/96 +0800, you wrote: >Is it possible to penetrate a firewall? yes. //cerridwyn// From EALLENSMITH at ocelot.Rutgers.EDU Sat Jul 20 06:37:59 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sat, 20 Jul 1996 21:37:59 +0800 Subject: Filtering out Queers is OK Message-ID: <01I7ABUH1S8C9EDBN7@mbcl.rutgers.edu> From: IN%"tcmay at got.net" 19-JUL-1996 04:37:28.75 >If I had kids, I'd make sure that lots of negative memes were kept away >from them until they reached an age where it no longer mattered, where >there views are already basically set. >I see nothing wrong in this. Anyone who disagrees is, of course, free to >set his filters differently, but not to insist that my filters be changed. >And the government is not free to pass any laws about what filter sites can >and can't do. >Unfortunately, I think many on this list are so taken by "liberalistic" >notions that they think the State needs to intervene to stop me from >filtering my son's access to "The Joys of Queer Sex." State? I'd call it right for private individuals as well. Ultimately, it's the job of the state, if it has one, to protect the rights of individuals... including minors. Private individuals can protect those rights as well, just as we can stop someone from getting mugged by shooting the mugger. >(As a libertarian, I really don't care what sexual practices others >practice, so long as I am not forced to either fund or witness their >practices. And so long as I am free to filter out their practices as I see >fit, including for my minor children and/or members of my household.) Well, as a libertarian the only excuse I can see for parental rights is parental responsibilities. If something is needed in order to carry out those responsibilities, then the parent has the right to make those decisions (unless it's shown that the parent isn't competent to). But I need to see something before I can say that the parent has that right. It's the same thing that I need to see before I can say that I'm harming some environmentalist by driving my car (global warming or whatever nonsense). It's called proof. >Some parents simply get tired of spending time each night trying to undo >the propaganda taught in many public school, such as books like "I Have Two >Mommies." Many of these parents eventually give up and put their kids in >religious or private schools (even though they continue to pay taxes for >schools their own children are no longer using). Actually, I perfectly well agree with you that schools (especially the public variety) shouldn't be promoting PC values. (We've got a college at Rutgers, Livingston, with the avowed purpose of promoting "diversity." Unsurprisingly, even the administration is beginning to admit it has a reputation for being, shall we say, scholastically unachieving?) Neither should they be promoting any other set of values, other than that of "learn." Parents smart enough to send their kids to such a school will see them succeed, in a properly meritocratic society; ones sending their kids to schools where ideology is more important than giving the kids the information they need to make up their own minds won't see them succeed, overall. >Queers are, as far as I'm concerned, perfectly free to practice their >AIDS-spreading practices to any and all receptive anuses they can find, but >I eschew this lifestyle and will fight to the death for this right to avoid >their practices from being forced on me or my children (if I had any, which >I don't). Fascinating. So you and I are both opinating from the same amount of direct knowledge of parenting... and I'm going with better and clearer memories of being a child and teenager. >I think of AIDS as "evolution in action." Retroviruses which have existed >for millenia now find new vectors for spreading in our population. I cry no >tears for those dying of AIDS, and work to reduce to tax dollars spent on >such things as "AIDS research." Let those who introduced the new vector pay >for the research. >What do you call ten million AIDS deaths? You figure it out. Well, let's see, it's currently spreading via heterosexual transmission since the "queers" are the ones who've been smart enough to start using condoms. (Check out Southeast Asia, for instance. I've looked at studies (such as from ChristNet) trying to show otherwise; they had so many scientific flaws that I stopped reading.) Think of it as evolution in action. -Allen From seth at hygnet.com Sat Jul 20 06:39:24 1996 From: seth at hygnet.com (Seth I. Rich) Date: Sat, 20 Jul 1996 21:39:24 +0800 Subject: Reverse Engineer Message-ID: <199607191647.MAA30629@arkady.hygnet.com> >> What do you mean by "reverse engineer?" I have heard this word several >> times especially in the world of hacking, but... can someone tell me >> what it really meant? >Interesting question. >Hmmm... > >I would answer this question for you but then I would have to kill >you. Well, I don't have to be subject to such childishness. Reverse engineering code is like decompiling it. Starting with the compiled code, you can translate it backwards (to some degree) and see how it works. It's not as easy as taking a compiled program and ending up with the original C code, but if it's worth enough to you you -can- end up with the same information. Seth --------------------------------------------------------------------------- Seth I. Rich - seth at hygnet.com "Info-Puritan elitist crapola!!" Systems Administrator / Webmaster, HYGNet (pbeilard at direct.ca) Rabbits on walls, no problem. From WlkngOwl at unix.asb.com Sat Jul 20 06:40:21 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 20 Jul 1996 21:40:21 +0800 Subject: Opiated file systems Message-ID: <199607191718.NAA04076@unix.asb.com> On 18 Jul 96 at 22:48, Adam Back wrote: [..] > The whole system should be designed to withstand scrutiny as to > whether or not there is a duress file system on any given disk, on the > assumption that the opponent as full access to the source. > > ie. the attacker can not tell without the hidden file system key (if > one exists) whether the unused space on your drive is really just > that: unused space filled with garbage, or whether it is in fact > another encrytped filesystem. There has to be a way to tell the system that the sectors are used when not the drive isn't mounted and the filesystem isn't active. > They might be suspicious, but I don't think they would be able to > claim you were in comptempt of court, if you provide the 1st key and > claim there is no other key: the software has support for either 1 > or 2 filesystems. Having a copy of the driver is enough to arouse suspicion. If they don't find anything useful in that one partition, they'll assume the second is in use and that you're not giving up the key. You may very well get accused of maintaining a second system even if you are not and do not have anything incriminating in the one encrypted fs. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From paquin at netscape.com Sat Jul 20 06:43:34 1996 From: paquin at netscape.com (Tom Paquin) Date: Sat, 20 Jul 1996 21:43:34 +0800 Subject: Netscape download requirements In-Reply-To: <2.2.32.19960719084701.006a8aac@gonzo.wolfenet.com> Message-ID: <31EFCCCC.B13@netscape.com> Cerridwyn Llewyellyn wrote: > > Allow the government to think that we think it has the right to give > us their permission and we've lost everything. Unfortunately, I am involved n a business, and what is acceptable or humiliating for free individuals is fiercely practical, not philosophical. Quite in particular: my president solicits the best legal advice he can get, and decides whether or not he, himself, wants to go to jail, and what the risk of that is. "Free" takes on a whole new meaning. I cannot appeal to his sense of how severe the risks are. > Exporting crypto-systems and killing people is comparing apples > and hand grenades. Please come up with a relevant analogy. You missed the point. Right now the government is in the midst of a policy review. Your inclination to view that policy as irrlevant simply doesn't matter. Proving to them that a more tolerant policy would not be in their interest is not in our interest. Screw with this system and I can bet how the policy review will come out. > 1) Please don't chastise individuals who take direct action and use > civil disobediance as a measure to change bad laws and policies (ie by > making your companies software available internationally). Fine. Go there, do that. Please don't use our mechanism as an integral part. Once you have the data, there are all sorts of ways you can exercise considerable civil disobedience completely on your own without involving our mechanism. > 2) Please don't misuse the information you gain by logging all your > network traffic. We log everything having to do with the US downloads. I'm not involved in the eleventy-skillion other net connections which come in here. > I agree mostly. I would rephrase, however, to say: In addition to > attacking odd pieces of enforcement, participate in the debate over > the regulations themselves. You may or may not have noticed, but our president has testified, effectively, in Washington several times. We participate in "public" (means govt) debate on this heavily. We are engaged. > Besides, contrary to your gist, this > is probably one of the most prominent pieces of enforcement, and > therefore a very logical candidate for attack. Like I said, if you want to attack, please attack without dragging our mechanism into it. Allow companies to provide you the data while you mount your attack. You can be more effective. You'll have more tools. More will be out there. More of you will have access to something to be disobedient with. My very personal opinion: I loathe giving out my phone number to anonymous corporate entities. I do it from time to time, but never without a bristle. I would prefer if we weren't asking for it, but I'm engaged in an opitimization exercise, or you might look at it as minimization of evil. Whatever. -- Tom Paquin Netscape Communications Corp about:paquin From ichudov at algebra.com Sat Jul 20 06:47:02 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 20 Jul 1996 21:47:02 +0800 Subject: Mail-order Ph.D.'s In-Reply-To: <250aRD171w165w@bwalk.dm.com> Message-ID: <199607191710.MAA30328@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > > David Lesher writes: > > We will NOW get treated to UnProfessor's SternFUD's entire life history. > > > > How he went & designed the first rockets, then gave the idea to > > Goddard. Then he went to England and invented tea. Next he came > > back & was a personal advisor for Tricky Dick. Later, he discovered > > the oil in Alaska. In the middle he invented the concept of > > money.... > > He also invented the radio, but Marconi+Popov stole the credit from him. > And he's the founder of public-key cryptography. > Oh - he also invented Ethernet and TCP/IP. Do you mean Dr. John M. Grubor, the man who created both Internet and Usenet, right? He's brilliant. > > :-) > > --- > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > - Igor. From david at sternlight.com Sat Jul 20 06:50:53 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 21:50:53 +0800 Subject: Subject: Re: Netscape download requirements Message-ID: > >At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote: > >> >>>I'd bet on the first. Why screw with this? We worked hard >>>to make this possible and you want to ruin it. Sheesh. >> >>Because freedom doesn't come in degrees, it's all or nothing. > Wrong. Society has long made a distinction between liberty and license, and "freedom" is a definitional and even societal-situational thing that keeps advancing. Check out history. Read some Supreme Court decisions of the more thoughtful kind. > >> >>>"I hate the government so I'll blow up a federal building >>>and then the FBI will get more money and attention and >>>power and, um, that'll show 'em, er, ah....." >> >>Exporting crypto-systems and killing people is comparing apples >>and hand grenades. Please come up with a relevant analogy. > It IS relevant in the underlying principles it illustrates. That the details aren't of the same magnitude is irrelevant. Didn't you learn "reductio ad absurdum" in school? > >> >>1) Please don't chastise individuals who take direct action and use >>civil disobediance as a measure to change bad laws and policies (ie by >>making your companies software available internationally). When >>done on a mass scale, the long-term benefits FAR outweigh the short >>term consequences. While you as a corporation find it much more >>difficult to take such actions, as they would most likely ruin your >>corporation, individuals acting in this capacity cannot be ruined quite >>so readily. > It is ludicrous for some cypherpunks to try to compare their "cause" with freeing the slaves or overthrowing a tyrannical and abusive dictator. In fact it is romantic fantasy. Not every prosecution is of Jean Valjean; not every arrest for speeding is the destruction of freedom as we know it. Not every theoretical consequence is a current abuse. "Trust everyone, but always cut the cards" is a better guide for living in a democratic society than "distrust everyone and insist on all or nothing". > Essentially, one who opposes or deliberately sabotages Netscape's compromise with full ITAR deregulation is a fascist in that he is trying to force his will on those of his fellow citizens who want to download the secure US version in the US, and deny _them_ _their_ rights. David From jya at pipeline.com Sat Jul 20 07:00:03 1996 From: jya at pipeline.com (John Young) Date: Sat, 20 Jul 1996 22:00:03 +0800 Subject: MON_dex Message-ID: <199607191621.QAA20445@pipe5.t1.usa.pipeline.com> A business wire of 7-18-96 reports at length on the massive globalization of Mondex, of which the new AT&T/Wells Fargo Ecash card is a part. It does not answer DCF's lost wallet questions. ----- http://pwp.usa.pipeline.com/~jya/mondex.txt (12 kb) MON_dex From amehta at giasdl01.vsnl.net.in Sat Jul 20 07:23:26 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sat, 20 Jul 1996 22:23:26 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <1.5.4.32.19960719172155.002fe578@giasdl01.vsnl.net.in> I must admit all this talk about what kinds of bullet best penetrates Kevlar makes me shake my head and wonder what's happening to the world -- particularly since you are far more likely to use this weaponry in a rage against a loved one than against someone breaking down your door. The "good" guys arming themselves so that the "bad" don't invade reminds me of the stupid arms race between the US and the Soviets: I wonder how many burglars in Western Europe carry guns -- in the US, you'd be real stupid if you didn't carry the latest weaponry. More to the point as far as this list is concerned, Vinnie pointed out: >hmm imagine what Waco would have been like if the Branch Davidians: > >1) were not morons. >2) knew how to use the news media >3) had redundant, spread spectrum, satilite, and underground comms into the >net. > >This equals instant net coverage, to rival CNN. It makes for a hard >target.Armed with your Militia-Mailer(tm) the strong crypto edition and >live video, these folks would never consider getting near you. Are there good books (or even better, sources on the net) that would teach you how to set up and use spread spectrum and other communication technologies without easy detection? In India, the government controls most of the spectrum, and hardly allows the use of radio. However, spread spectrum is likely to be used for wireless local loop, and it would be harder for them to figure out that you are engaging in unauthorised communication if you use similar frequency bands as the local telecom provider. >A better approach is to disarm and expose these bozos for what they are, >and for christ sakes get out there and VOTE... dammit... and get your >friends to VOTE.. I wonder about that -- between Tweedledee Clinton and Tweedledum Dole, does it matter whether you vote or not? The system seems to make sure that before you even get to a position where someone can seriously vote for you, you've already sold your soul. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From WlkngOwl at unix.asb.com Sat Jul 20 07:25:14 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 20 Jul 1996 22:25:14 +0800 Subject: ABC News on internet telephony Message-ID: <199607191718.NAA04083@unix.asb.com> ISPs have functioned better using flat monthly rates, and the biggies are like AT&T are going in the same direction for internet access. I don't see this as being 'counter-intuitive' at all. The costs to the ISPs and telcos aren't really based on where you call or how long you are on anymore. Big questions are how the main hubs for the internet are maintained (esp. when some of the big telcos maintain them... a conflict of interest, perhaps). Will fees become too much that smaller ISPs are put out of business, or that we'll start seeing ISPs merge? (Remember when there were mainly local cable companies?) On 18 Jul 96 at 11:03, David Sternlight wrote: [..] > This is the rankest speculation on my part, but could some of the bigger, > smarter phone company cum internet providers have done some serious > analysis and concluded that we're moving away from distance-based rates for > voice calls. Might they even have examined where we'll be in the next ten > years (with ADSL, etc.) and decided that the network technology and simple > market economics makes fixed charges per "line" more profitable to them > than metered usage? Maybe this is wishful thinking on my part, but some of > the bigger actors are starting to behave in a surprisingly > counter-intuitive (based on the way we stereotype them) fashion on this > topic. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From aba at dcs.ex.ac.uk Sat Jul 20 07:25:25 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sat, 20 Jul 1996 22:25:25 +0800 Subject: Netscape patch 40 bit -> 128 bit? Message-ID: <199607191045.LAA00321@server.test.net> Has anyone with access to both the 40 bit and 128 bit version of the latest netscape beta considered doing a binary diff on the binaries to see how much of the code is different? Adam From jsw at netscape.com Sat Jul 20 07:32:08 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Sat, 20 Jul 1996 22:32:08 +0800 Subject: Borders *are* transparent In-Reply-To: Message-ID: <31F0C881.5902@netscape.com> Timothy C. May wrote: > Likewise, much "export-controlled" software is freely purchasable without > any form of identification or proof of citizenship/residency in any of > thousands of U.S. software stores. (I don't know if the copies of Netscape > Navigator on the shelves in U.S. stores are now the "U.S." version, as > opposed to be a somwhat-crippled version, but I sure do know that a *lot* > of nominally-export-controlled software _is_ freely purchasable.) The retail version of Netscape Navigator sold in US stores has been the US version for almost a year now. The first run were the export version, because the marketing people thought it would be easier. When I explained the issue, they made the change to the stronger US version immediately. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From paquin at netscape.com Sat Jul 20 07:41:52 1996 From: paquin at netscape.com (Tom Paquin) Date: Sat, 20 Jul 1996 22:41:52 +0800 Subject: Netscape download requirements In-Reply-To: <31EEDA69.31D8@netscape.com> Message-ID: <31EFC5E8.4028@netscape.com> Peter D. Junger wrote: > Would it be possible to get a copy of the terms of the written > permission that I gather Netscape has received from the government? > Or is this another area where the government insists on obscurity? I don't know. Some people here are asking to release that. If I recall, the letter only says something like "using the mechanism defined in our meeting of M/D/Y." I could be wrong. Everyone in the room took copious notes, so this is not an "opportunity" if you're inclined to think that way. -- Tom Paquin Netscape Communications Corp about:paquin From rp at rpini.com Sat Jul 20 07:42:08 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 20 Jul 1996 22:42:08 +0800 Subject: Netscape download requirements Message-ID: <1.5.4.32.19960719222040.008f8914@193.246.3.200> Why can't anybody in US write a little program that compares the two 4.5 meg install files and make a patcher? (It seems simple to do, is very inconspicuous and of course does not violate the ITAR - although it might violate some copyright stuff, but hey, whos willing to enforce something like that, when it's anonymously posted or mailed) I suppose the difference will be small, if one consideres an offset after the alternative parts (something like: generalgeneralgeneralUSUSUSUSUSUSUSUSgeneralgeneral and generalgeneralgeneralWORLDWORLDgeneralgeneral remo ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 --------< words are what reality is made of >-------- From david at sternlight.com Sat Jul 20 07:42:20 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 20 Jul 1996 22:42:20 +0800 Subject: Filtering out Queers is OK In-Reply-To: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com> Message-ID: At 8:45 AM -0700 7/19/96, Troy Denkinger wrote: >However, most people who use these filters are going to be quite happy to >allow some corporate entity the privilege of setting their filters for them >and, if the consumer should ask about criteria and such, they are told that >that's a trade secret. So, people will be allowing a corporate entity that >exists for profit to set their filters for them. This is a very scary thing >and perhaps even more frightening than having the government do it. Not so fast, D'Artagnan. Let's deconstruct your statement that it's a scary thing: 1. Is it scary to the people who buy and use it? Apparently not, since they hae free choice. 2. Is your finding it scary relevant? Apparently not, since you don't have to buy it and thus have free choice. What's left except authoritarianism on your part? David From jsw at netscape.com Sat Jul 20 07:57:25 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Sat, 20 Jul 1996 22:57:25 +0800 Subject: Netscape download requirements In-Reply-To: <1.5.4.32.19960719222040.008f8914@193.246.3.200> Message-ID: <31F0CC92.44D7@netscape.com> Remo Pini wrote: > > Why can't anybody in US write a little program that compares the two 4.5 meg > install files and make a patcher? (It seems simple to do, is very > inconspicuous and of course does not violate the ITAR - although it might > violate some copyright stuff, but hey, whos willing to enforce something > like that, when it's anonymously posted or mailed) Actually a lawyer once told me that such a patch might be considered a "defense repair", and thus be regulated by the ITAR. I kid you not. Your bits would fall into the same bucket as missile parts. The more I learn about ITAR and the way the government tries to link software to it, the more amazed I get. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rah at shipwright.com Sat Jul 20 08:02:35 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Jul 1996 23:02:35 +0800 Subject: FC97: Anguilla, Anyone? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- July 19, 1996 Boston, Massachusetts "What are you doing the last week of February, 1997? How about going to Anguilla?" Those are the two lines which started an awful lot of interesting stuff... It was the end of May, and I was winding up a contract for someone, and was thinking about what to do next. I got to thinking about what a great year it has been since about September or so, when 36 Boston-area financial cryptography types, Peter Cassidy and I founded the Digital Commerce Society of Boston. Since then, the whole idea of actually selling stuff over the net, not just displaying it there, has really caught on. I've written rants all over the net, done guest editorials for InfoWorld and Wired, spoken at Apple and Internet World, and done lots of other great stuff, all around the emerging technology of digital commerce, and, in particular, financial cryptography on public networks. We've had speakers at DCSB ranging from Win Treese of Open Market and Donald Eastlake of Cybercash, to Mark Bernkopf, a certified Beltway Bandit, by way of the Fed's Open Market Operations and the Clinton White House, to a well-known cypherpunk, Perry Metzger, giving a talk wryly titled "Gold-Denominated Burmese Opium Futures?". Julie Rackliffe, membership manager of Boston's Computer Museum, has been an enormous help, organizing the first of the Society's large activities, a networking party at the Downtown Harvard Club's 38th-floor lounge, featuring a beautiful sunset, and complementary cocktails and hors' deuvres, all sponsored by the Open Software Foundation. At the Computers, Freedom and Privacy conference in April, I met Ray Hirschfeld, manager of CWI, and director of the CAFE digital cash project. I also met Ian Goldberg, who made himself famous this winter by hacking a great big hole in Netscape's SSL protocol, and then, a few months later, doing the same thing to Digicash's ecash mint software, both of which are now much safer to use as a result of his efforts. That evening, in a digital-coin session that lasted until about 2 AM, about 10 of us die-hards, including Ian and Ray, talked about the emerging technology of financial cryptography, and how it was going to be impossible for anyone to ignore Real Soon Now. Other people, ;-), muttered about "asking forgiveness, not permission" from the various government regulators around the world, and just making stuff like anonymous digital cash a fait accompli on the internet from a small island banking haven somewhere. Thinking about all this reminded me of someone else, who actually *lived* on a small island banking haven, Vince Cate, another cypherpunk who founded Offshore Information Services, on the island of Anguilla in the eastern Carribbean. When I was a kid, I used to live on nearby St. Thomas, and as a result of our common interests in everything from kitesailing and multihulls to technomadness, Vince and I found ourselves on lots of other e-mail lists besides cypherpunks. This winter was especially nasty in Boston, and I found myself pining for the tropics more than once, particularly in February, when the weather was its worst... And then, as they say here in Massachusetts, "Dawn broke on Marble-head." It all came together: Why not have a financial cryptography conference, in February, on Anguilla? Someplace where, given the internet access already there, someday, someone could actually create the "First Anonymous Bank of Cyberspace". (Well, maybe not this year. ;-)) This conference idea just kept sounding better and better. I kept tweaking it as I thought about it. I thought it should be a peer-reviewed conference, where people could not only talk about the state of the art in cryptography as it is applied to finance, but the states of the art in finance, law, and economics, as they applied to strong cryptography on a public network. I added a workshop the week before, where the technically clueful but cryptographically unaware could get hands-on training in setting up SSL servers, or Digicash mintware, or learn about digital bearer certificates and other animals in the financial crypto bestiary. I thought about exhibit space, where people could show their wares. About having the bandwidth to support this... and that's when I e-mailed Vince Cate with the idea, starting with the line, "Vince, what are you doing in February?" Vince *really* liked the idea. :-). We kicked stuff around for a bit, and I then approached Ray Hirschfeld (with the same two questions you see at the top of this letter), to see whether he'd be interested in putting together a conference committee and running the conference from the "content" side. After some thinking, he came back with a "yes", and, after I got myself off the floor, ;-), I e-mailed Ian Goldberg, who said *he'd* be interested, *if* he could get his advisor at Berkeley to approve Ian's taking some time off in February, which he thought probable. I e-mailed Julie Rackliffe, and she said she'd be delighted to moonlight a bit and handle marketing for both workshop and conference, and the management of the conference itself. Vince came back later with what looks to be a conference site, complete with estimates for T1 internet access (yes, Virginia, there are T1s in the Caribbean). The site, like the rest of Anguilla, came through Hurricane Bertha with flying colors. Ray has even come up with a simple name for the conference, "Financial Cryptography 1997", or FC97, with apologies to Mr. Kaczynski. :-). Ian came back to say he was in. So, it looks like we're ready for the next step, which is to raise money from about 10 charter sponsors to cover what will be our sunk costs prior to collecting revenue for exhibit space, workshop and conference revenue. Here's what what we have in mind so far... Ray has started to assemble the conference committee with some impressive names on it so far -- including some who will surprise you -- which will referee papers. We're hoping for the conference as a whole to be more in the way of a union of cryptography and finance than an intersection of the two fields. The conference procedings will be published, particularly on the web, but on paper as well. The conference itself will run from Monday, February 24, through Friday, February 28, 1997, from the hours of 8:30AM to 12:30PM. The afternoons will be taken up with various sponsored activities, one each afternoon, including lunch, and each evening, including dinner. We're figuring that the total number of conference hours in this conference will be the same as most other technical conferences, but they'll be stretched out over the whole week. We did this for several reasons. The first is, we're in Anguilla, and people *will* bug out in the afternoons whether we want them to or not, so we might as well bug out together, and the second is *also* that we're in Anguilla, and people can't go anywhere else after going to all the trouble of getting there anyway, so we might as well stretch the conference out over the whole week. :-). Finally, like Cannes, people will be going to this conference for much more than the technical sessions. We're leaving lots of time for informal discussions and networking, and, of course, for seeing the exhibits and products of our sponsors and exhibitors. We're currently hoping for a target price for a conference ticket of (all prices in US dollars) $1,000, a nice round number, which should include breakfast. Lunch and dinner will be paid for by the afternoon activity sponsor and the evening activity sponsor, respectively. We're hoping to arrange conference discounts on airfare to Anguilla and lodging. The workshop, run by Ian Goldberg, and to be held the week before (February 17/24), will run during the same hours, 8:30 AM to 12:30 PM, but, given the educational nature of the workshop, the afternoons and evening will be open for lab time to experiment with new technologies and to learn more on one's own or in the company of one of the instructors. We want a 5-to-1 student-instructor ratio, and we're planning to hire instructors, all known to the net community, who, along with their stipend, will receive a complementary conference ticket and room and board for three weeks (one week pre-workshop preparation, and one week each for the workshop and conference). We plan to charge $5,000 for each workshop participant. We want to have a T1 to the net, a workstation for each participant and several different kinds of servers to work with. There will be exhibit space for companies who just want to exhibit and not be a conference sponsor. These companies will also get 2 conference tickets per booth. There will also be booths reserved for charter sponsors at discount prices. So, right now, we're looking for 10 charter sponsors. These companies will have their names on all conference communications, including e-mail, banners, and collateral literature. In addition, their names will be on either an afternoon or evening activity, including dinner or lunch, where applicable. They also get 5 conference tickets, and that discount on booth space. As I said before, the sponsorship money will be used to cover sunk costs: advance fees, deposits and the like, plus an operating reserve. Money various people are going to want up-front, before proceeding with any work. A full accounting of money spent will be available to the sponsors, since we consider them our most important stakeholders in this first-ever Financial Cryptography conference and workshop. Of course, as we determine costs for specific things, there will also be an opportunity for sponsors in-kind, but right now, we're looking for actual money. :-). Upon collection of revenue from the conference, workshops, and exhibits, paying off the costs incurred to date, the sponsorship money will then be used to pay for the specific activity they want to sponsor. Any money left over, of course, is ours, :-), but sponsors *will* get their money's worth. We promise. Ray and the conference committee are getting reimbursement for their expenses, but in the "chinese wall" tradition of these kinds of conferences, they are not being paid anything for their time. Ian, as workshop leader, is getting paid a good fee for his time (*much* better than t-shirts and bugs bounties), plus a share of the workshop's profits, if any, and the workshop instructors will get a good stipend. Vince, Julie and I are going to get paid for our efforts (well, we hope :-)) but, believe me, nobody's going to get rich doing this conference, by any stretch. We'll all be very happy if we can make it happen, everyone is happy when it's over, and we get paid reasonably for the time we spent on it. The sponsors' choice of activity blocks, afternoon or evening, or for any day of the week, will be on a first come, first served basis. The first 10 sponsors to get us a check gets those slots. If we don't get enough sponsors by our self-imposed deadline of September 15th, then all checks will be returned and we'll cancel the conference, or at least examine other options. Sponsors' checks should be payable, in U.S. Dollars, to "Financial Cryptography, 1997". After we get requisite number of sponsors, the checks will be deposited in an Anguillan bank, and the partnership running the conference and workshop will operate under Anguillan law. For the time being, I'm the net.contact for particulars, if you know anyone who's interested in helping us sponsor this event. Julie Rackliffe will handle most of the actual contact with the sponsors after we're through this first "expression of interest" phase. Once Ray gets his conference committee assembled and they've finished writing one, look for a Call for Papers in all the usual lists and newsgroups. Once Ian has assembled his team of instructors, look for information on the workshop and its contents from him in the same kinds of places. I'll announce when we have the requisite sponsorship as soon as we get the sponsor list filled. Some time after that announcement, Vince Cate will be putting together a website on Anguilla which will not only offer information about the conference, but also a way to register, and hopefully pay for :-), your conference tickets. With a stiff tailwind, we might be able to arrange travel and hotel reservations too, or at least point you to web-savvy travel people who can help you. So, if you, or any one you know, is interested in being a sponsor for this event, please let me know. I think you'll be pleasantly surprised by our sponsorship pricing. We think it's well within the signing authority of most of the senior people who read this, and should fit quite reasonably into the promotion budget of any firm who wants to compete in the financial cryptography business, or any business it affects, as these kinds of markets begin to take off. Well, that's it. Here's hoping you'll join us in Anguilla. Then you, too, will know what *you're* doing the last week in February! Cheers, Bob Hettinga FC97 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe+r7PgyLN8bw6ZVAQH6mAP+PINf7JSZzUj5+wnvb4v6kbl2q4r1mrbm BAF5fBTk3vCYT+Kljm7sFbFptq5HQP0kU7xqVUkILQ/Gc2wSWPXzhHAaKNq90tct pJzw/cVAISZyBO+BNqHVJEQHFJEyo93jmuEzKUhainULQMX1dLnglV1PD7m754t0 d7VmPf1pi64= =883q -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From bdolan at use.usit.net Sat Jul 20 08:03:31 1996 From: bdolan at use.usit.net (Brad Dolan) Date: Sat, 20 Jul 1996 23:03:31 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: <199607192139.OAA23712@server1.chromatic.com> Message-ID: On Fri, 19 Jul 1996, Ernest Hua wrote: > > > > the price of freedom of mind is a minor restriction on your personal > > > freedom, you won't be allowed a weapon either but that is the tradeoff. > > > > Thanks, but if it is all the same to you, I'd rather live > > in a country where everybody << including six year olds >> > > carry, and can use Uzi's, etc, as a matter of course. > > Oh my ... you aren't serious, are you? > > I suspect you might be baiting ... but ... > > If you can trust a six-year-old with an Uzi, I assume that you believe > the six-year-old can "properly" judge what is a threat and what isn't? > Just why do you suppose a pissed-off six-year-old (because, let's say, > another six-year-old stole his lunch) would not blast someone? > > Would you just hand out guns to all teenagers? My twelve-year-old daughter asked for and received a .22 for her birthday. Her four and six year old siblings enjoy shooting it, under close supervision. Rural America has a very different culture than urban America and urban America's recent attempts to impose its values (like hoplophobia) on us really chafes. bd From jsw at netscape.com Sat Jul 20 08:05:23 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Sat, 20 Jul 1996 23:05:23 +0800 Subject: Borders *are* transparent In-Reply-To: <1.5.4.32.19960719191346.003005d8@giasdl01.vsnl.net.in> Message-ID: <31F0D2BE.55B6@netscape.com> Arun Mehta wrote: > Is enought information available for someone else to write > software that would be able to > communicate with Netscape's at the US-level of crypto? If so, the > US government is simply > forcing Netscape to open a window of opportunity for some foreign > software company to come up with a competing product for the > international market. A case of cutting off your nose to spite your face? It has already been done several times over. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From tcmay at got.net Sat Jul 20 08:27:00 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 20 Jul 1996 23:27:00 +0800 Subject: Filtering out Queers is OK Message-ID: At 7:48 AM 7/19/96, Mike Duvos wrote: >Filtering is wonderful. Long live filtering. > >I used to read "Scientific American" too, back in the days when >the table of contents wasn't illustrated with cute little icons. ... Well, of course I agree, and have said as much. "Sci Am" used to be so much better, before the "Wired" people moved in. (As to comments by some others that both of the mags I cited have carried articles about piercings, tattoos, gay rights, blah blah...of course, I would not expect otherwise. It is the blaring of the issues that I avoid, not all mention.) >If I had kids, I am sure Tim would support my right to give them >access to the entire universe of human knowlege and thought as >early as possible, and to let them form their own opinions on >every conceivable subject, even if those opinions differed from >my own. Where I suspect we differ, is that I would not only >advocate such an advantage for my kids, but for his as well. No, we wouldn't differ, depending on what is meant by "advocacy." You are perfectly within your rights to advocate what you wish, and I may even listen. Where advocacy crosses into coercion is where I draw the line. Mandatory indoctrination in schools which are either mandatory to attend (given the truancy laws) or taxpayer-funded is "coercion" in my book. >The problem with giving parents the absolute right to control >their childrens' input of memes until the children are too old >and stupid to learn anything new, is that it creates generational >propagation of obsolete ideologies. All the Dole children think >exactly like Bob. All the Hitler children think exactly like >Adolf. Same for the Mengele children, the Nixon children, the >Stalin children, the Netanyahu children, etc... Well, I rather doubt this. The Kennedy children were liberals, not fascists like dear old Dad. Most tycoons have liberal, do-gooder children. Newt's half-sister is as different from Newt as one can imagine. And so on. In any case, even conceding your point (which I don't), the fact that certain memes tend to get propagated generationally is no argument for forced intervention by the State in the home situation. >The movement towards accessing information from home PCs, coupled >with the new "parents rights" movement and filtering software, >creates a situation where no one under the age of 18 can have >access to any information their parents don't want them to see. I don't support the CDA or any other such laws felonizing what I or other content providers offer. Thus, "Tim's Really Kool Sites" could offer access to all sorts of material. If a parent blocks access to this, this is not an issue for the State to worry about. (By State I include other entities beside the family.) If, however, Junior's friends have unrestricted access, he can access the interesting sites there. (And no, this would not be a matter for the State (courts) to interfere with. Think of it this way: it is _still_ up to parents to control access...that is the consistent principle.) >As the Web replaces the library, young people won't even be able >to preserve the same anonymous access to controversial >information they have always had in the past. This is a step >backwards for youth rights. They should use Web proxies. And they are welcome to come to my house and use my Web tools! (Again, no law should forbid either proxies or "library-type" use, consistent with a non-coercive society.) >The age of filtering has arrived. You can filter your childrens' >access to sex manuals, grandma's access to the elder abuse web >page, and your underpaid Ethiopian leaf blower operator's access >to anything having to do with laws against sub-minimum wages or >slavery. I can't filter my Ethiopian's acces to the Web if he has his own account, on his own system. I suppose if I were paying for it, or if I were letting him use my system, then I would have whatever filters invoked that I wished. Seems fair to me. ("My house, my rules.") A more realistic and timely example is that corporations are restricting access to pornographic and/or frivolous sites on the Web...seems a lot of folks at large companies tend to do exactly what I like to do: wander the Web and find interesting stuff. Except I'm on my own time, employees at Lockheed and Intel who look like they're busy on the Web actually aren't, by the standards of their companies. (How long will it be before someone builds one of those buttons that immediately switches a screen from "Minka's Sex Page" to a harmless-looking spreadsheet or seemingly work-related Web page? I guess with multiple windows and URL navigating, a fast employee can still save himself....) >As an individual who has no desire to engage in gay sex, or watch >it being performed while I am eating, I must admit my attitudes >towards the "gay community" have undergone a certain evolution in >recent years. Back in the '70s, gays supported a wide-ranging >platform of human rights issues, and a lot of activists whose >work I admired on many issues I supported "happened to be gay." My feelings exactly. The issue is part of a larger one, related to several interconnected trends/tropics, which I don't have the desire or time to discuss and so will simply list: - stridency, shrillness and militancy (where "demands" are made, chants are yelled, bridges and highways are shut down, etc.) - short attention spans, soundbites (in the press, magazines, etc.) - calls for legislation, indoctrination ("more laws") - "reclaiming" of names (blacks call themselves niggers, blacks demand that others call them "persons of color," homosexuals demand universities set up "Queer Studies" programs, etc.) I catch some interesting flak here in Santa Cruz for openly referring to blacks as "coloreds." (Hey, didn't they reclaim this name? All non-Caucasion males are, in this town, "persons of color." Thus we have "students of color," "queers of color," and the stupid phrase chanted in marches, "all womyn are people of color." Fine, "colored people" it is!) Likewise, what were once "homosexuals" became "gays." OK, I adopted this usage along with most of the rest of the country and world in the 70s. But now there are the aforementioned demands that "queer" be used. (This has become quite prevalent here in Northern California, with departments of Queer Studies, Queer Rights, etc. all over the place.) What's next, demands that we create "Fag Studies" and "Dyke Culture" departments on campus? >Now that the gay community has narrowed its focus solely to the >issue of consensual adult sodomy rights, and shown alarming signs >of sucking up to the Radical Religious Right, I really don't have Including the charming principle "all heterosexual sex is rape." All pornography is degrading to womyn and other people of color, unless, of course, it is part of the (I gather) large corpus of homosexual porn. So much for consistency. (Shockingly, Canada passed some laws restricting porn based on the arguments of feminazis like Andrea Dworkin and Catherine MacKinnon; they had egg on their face when lesbian erotica stores were raided.) I could go on about the bigotry of many "activists" in these communities. (I'm sure many are fine people, of course. It's the "in your face" queer activists demanding new and anti-liberty laws I object to.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Sat Jul 20 08:40:57 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 20 Jul 1996 23:40:57 +0800 Subject: Singapore officials censor U.S. newgroup posting Message-ID: This move by Singapore to censor a newsgroup posting is a good example of the overbreadth of government censorship. It's a bait-and-switch maneuver: say you're going after porn but censor "offensive" speech. Of course, this gives the lie to the Singapore government's assertion that "we are not censoring discussion groups." Some excerpts from the recent regulations requiring the registration of political or social groups: "Political and religious organisations are free to conduct discussions provided they guard against breaking the law or disrupting social harmony. The regulations ban contents that "tend to bring the Government into hatred or contempt," are "pornographic," or "depict or propagate sexual perversions such as homosexuality, lesbianism, and paedophilia." I have more information on the regulations at: http://www.eff.org/pub/Global/Singapore/ http://www.cs.cmu.edu/~declan/international/ -Declan --- Singapore Internet Regulators Take First Action, Censor Posting July 19, 1996 AP-Dow Jones News Service SINGAPORE -- In its first action since assuming powers this week to police the Internet, the Singapore Broadcasting Authority has yanked off a newsgroup's posting that criticized some lawyers, a newspaper reported Friday. The SBA acted on a complaint by an unidentified law firm, which said the contents of the anonymous posting defamed some of its lawyers in Singapore, according to a report in the Straits Times newspaper Friday. The newspaper said the posting on the newsgroup was apparently made by a disgruntled client who claimed he lost a case even though his lawyers told him he could win it. The client also questioned the ability of the lawyers who belongs to one of the oldest firms in Singapore, the Straits Times said. Under new SBA regulations that came into effect Monday, the government agency has the power to ask Internet service providers to remove material that it considers objectionable. A government-appointed panel of prominent citizens decides what is objectionable. The Straits Times said the posting is believed to have been made from the U.S., which means the SBA, in keeping with its own rules, will not be able to take action against the offender. The SBA says its rules are mainly directed against pornography, anti-government or seditious views, racially motivated slurs and articles that could inflame religious passions. Since Monday, Internet providers, political parties that maintain Web sites, groups and individuals who run discussion sites on politics and religion, and on-line newspapers are deemed to have become automatically licensed. This means refusal to follow the SBA rules will result in fines. The amounts are yet to be determined. [...] From perry at alpha.jpunix.com Sat Jul 20 08:42:08 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Sat, 20 Jul 1996 23:42:08 +0800 Subject: New type2.list/pubring.mix Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone! There is a new type2.list/pubring.mix combination on jpunix.com. The new list reflects the re-birth of rebma. Welcome back! The combo is available through the Web at www.jpunix.com as well as anonymous FTP at ftp.jpunix.com. Note: The PGP public keyserver at jpunix.com is temporarily down. I think I'm suffering from a corrupted keyring. I'm working on getting it back up. Please be patient. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfDcjVOTpEThrthvAQHfUgP/e0qcOi/3i99on9O3CrZB5n0dDEGZP83M mFspHOHGzmyoTEf71HmUzi5/1vTaNfykSj0JGM62PdVOM4hCchQsUH9IGodE0aWx L3FcIu5SQNzBZt66f2MU0QJ4uchn4lRcgtVypVJdxZZLaNDAQFwsxK2FDURuDnBm qw91fU5G3Yc= =LAmO -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sat Jul 20 08:50:06 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 20 Jul 1996 23:50:06 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: <5m9cRD186w165w@bwalk.dm.com> Alan Horowitz writes: > What does this Sternlight guy do for a living? *Dr.* SternFUD is on SSI because of a mental disability. Plus his parents support him. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From wb8foz at nrk.com Sat Jul 20 09:29:56 1996 From: wb8foz at nrk.com (David Lesher) Date: Sun, 21 Jul 1996 00:29:56 +0800 Subject: Gorelick testifies before Senate, unveils new executive order In-Reply-To: Message-ID: <199607201241.IAA21802@nrk.com> > > What does this Sternlight guy do for a living? Jeeze Alan..... NOW you've done it! I warned you........ -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From perry at piermont.com Sat Jul 20 09:35:01 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 21 Jul 1996 00:35:01 +0800 Subject: pledge status Message-ID: <199607201416.KAA07379@jekyll.piermont.com> I'm glad to report that a large number of people have now taken the pledge not to reply to David Sternlight's posts. Remember, replying to David almost never serves any useful purpose -- he is almost totally incapable of admitting he is wrong, and almost everyone disagrees with him already. By replying to him, you simply continue to encourage him to fill the mailing list with junk. Don't feed the Sternlight. Take the pledge. Perry From david at sternlight.com Sat Jul 20 09:45:49 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 00:45:49 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: At 12:57 PM -0700 7/19/96, Mike Duvos wrote: >David Sternlight writes: > > > This is simply incorrect. It is a supportable advocacy for > > most adults, but children's minds tend to be like > > sponges--everything they take in (up until a certain age) is > > thought to be true, interesting, worth experimenting with, > > based on authority, etc. Read Piaget. > >Piaget was very good at "proving" how fundamentally different the >minds of children were from those of adults, and at constructing >elaborate webs of complex terminology and doctrine to support his >notions. There are many others who have come to similar conclusions about the formation of independent judgement in children, and lots of non-Piaget experiments. Your comments are diversionary and in fact by the end of your post you come to agree with my basic point. > >Again, we are applying a standard to the Net which has never been >applied to libraries. Any orthodox Jewish child can read all he >or she wants in a library about the wonders of pig-eating, >without any possibility of parental supervision or disclosure of >their un-Jewish interests. That is also false in its implications. Librarians are in loco parentis, and most libraries are VERY careful about what materials young children are exposed to and what is more, are responsive to community pressure in the matter since most libraries are community-based. Again you have seized on the details of an example to act as if it were the argument itself, and nit-picked. My core point remains unrefuted. > >Generally, very young children do not have the neural wiring in >place to suspend emotional reactions to imagery based on >intellectual considerations. Seeing an picture of someone being >hurt in a movie causes them the same emotional pain as seeing >someone hurt in real life, even though they may know perfectly >well that the former image is fictional in nature. > >Almost all children develop this important critical faculty by >the age of 12, by which point, they manage to only be sickened by >the evening news, and not by the latest "Nightmare on Elm Street" >sequel. So after trying to refute my point, you come to agree with it and want to shift the issue to the question of at what age.... I'm not competent to assess that nor, I assert, are you; I suggest it varies with the child and it's up to the individual parent to make those subtle distinctions, issue by issue, child by child. > >While limiting the "horizons" of persons in their middle to late >teens is often justified by arguments about developmental stages, >the truth is that it is simply an attempt by their keepers to >control how they think and to what views, mostly political and >social in nature, they are exposed to. Now you've really got me on the ropes to understand you. As I parse the above sentence it says limiting is often justified but it might not be. What kind of definitive conclusion is that? I suggest none, and your bottom line is that it's case by case. If so, it's up to the parents to figure out where THEIR kid is on the scale--nobody else has as much time, motivation, or opportunity to observe. David. From setho at westnet.com Sat Jul 20 09:55:16 1996 From: setho at westnet.com (Seth Oestreicher) Date: Sun, 21 Jul 1996 00:55:16 +0800 Subject: American People the relation to the Police Message-ID: <1.5.4.32.19960720125602.00927ca8@westnet.com> > > >Well, to many of us, the wrong side won the War of the Rebellion (aka the >Civil War, aka the War Between the States, etc.). A bunch of southern >states wanted to seceed, which my reading of the founding documents said >was clearly an option if sentiment was strong enough in that direction. Even President Lincoln agreed that it was the right of the South to seceed...... > >Constitutional scholars of course debate this, and I've seen arguments that >the documents eventually agreed to in 1789-90 in some ways undercut this >"right" to seceed. I think this to be untrue, and that the signers of the >Declaration and of the Constitution would be surprised to learn that they >were signing a one-way, unreversible, no way out document, binding their >communities to be part of the United States of America forever, even if >their populace clearly wants out. > The Federalist Papers made it quite clear that the States were to remain "independant". The Federal government was *not* designed for it's own self preservation, but to preserve the collective rights of the States. We wound up with our form of government today out of pure ignorance of the populace. When was the last time a jury exercised it's right to *not* convict on the basis of a wrongful law? When was the last time someone questioned the validity of our central bank, the Federal Reserve, even though it so clearly violates the Consitution? Why doesn't the NRA use the historic representation of the Second Amendment instead of trying to have us believe we are some sort of militia? (In a literal translation of the amendment into today's English, it would read: Since we don't trust the military because it could be used against the American people, but we realize that having a trained military is important for the successful defence of the States, we will make sure that no one can take the guns of the populace so they may defend themselves from the aformentioned military.) Why does ANYONE believe that there is a seperation of church and state? Why is foreign aid allowed to continue when it is not allowed by the Constitution? (I could go on and on.....) Ignorance of our history and our real *inalienable* rights has given us the Government which so many fear today. From perry at piermont.com Sat Jul 20 09:58:58 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 21 Jul 1996 00:58:58 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.16.19960720081320.2427098c@postoffice.worldnet.att.net> Message-ID: <199607201438.KAA07420@jekyll.piermont.com> Llywarch Hen writes: > You have not had the opportunity to look closely at the business end > of a gun. The hole looks enormous. The opening in the barrel of just about every rifle or pistol I've looked at seems to be about half an inch or less. Perhaps you have been looking at the 18" guns on the battleship "New Jersey"? Perry From perry at piermont.com Sat Jul 20 10:00:09 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 21 Jul 1996 01:00:09 +0800 Subject: Netscape download requirements In-Reply-To: <31F0CC92.44D7@netscape.com> Message-ID: <199607201449.KAA07438@jekyll.piermont.com> Jeff Weinstein writes: > Remo Pini wrote: > > Why can't anybody in US write a little program that compares the > > two 4.5 meg install files and make a patcher? (It seems simple to > > do, is very inconspicuous and of course does not violate the ITAR > > - although it might violate some copyright stuff, but hey, whos > > willing to enforce something like that, when it's anonymously > > posted or mailed) > > Actually a lawyer once told me that such a patch might be considered > a "defense repair", and thus be regulated by the ITAR. I kid you not. > Your bits would fall into the same bucket as missile parts. The more > I learn about ITAR and the way the government tries to link software > to it, the more amazed I get. As a practical matter, however, such a piece of software could circulate widely overseas without the U.S. being able to do anything about it. Perry From wb8foz at nrk.com Sat Jul 20 10:04:28 1996 From: wb8foz at nrk.com (David Lesher) Date: Sun, 21 Jul 1996 01:04:28 +0800 Subject: take the pledge In-Reply-To: Message-ID: <199607201308.JAA21951@nrk.com> > > > Look, folks, we all know that 99% of what David Sternlight posts is > > garbage. Why don't we all pledge not to answer any of his posts, and > > then he'll go away. > > Thanks Perry for a great idea. Add my name to the list. Hell, even *I* will agree with Perry on this one. If we ignore the FUD, he'll go away soon enough. Sign me up. [For 'Punks, of course -- it's too much fun to bait him in alt.fan.david-sternlight..] -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sat Jul 20 10:24:57 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sun, 21 Jul 1996 01:24:57 +0800 Subject: Reverse Engineer In-Reply-To: Message-ID: <199607201514.LAA10501@pdj2-ra.F-REMOTE.CWRU.Edu> "Bill Olson (EDP)" writes: : Reverse engineering is process of 'mimicking' the specifications of : another product by copying the 'abstract interface' of it. Example: : : I write a desktop application that greatly increases employee : productivity, and it sells like hotcakes. Another company decides that I : am gaining too much market share with my product and decides to reverse : engineer the product so that they can create a competing product. They : hire an engineer who takes the program and analyzes the input and output : with a detailed script of test patterns (heaven forbid he might even : decompile the program and snoop). By doing so, he now has a complete : product specification minus the implementation (i.e. how it works). He : then takes the product specification and gives it to another engineer : (actually it's done through 'clean' liaisons) who then creates a product : that does the exact same thing as mine--but with a different : implementation process. Because the product copies the specification and : not the implementation, it does not infringe on copyrights or patents. Good explanation. But note that reverse engineering is not a way of getting around patent violations. It only works to protect oneself from copyright violations, since a reverse-engineered product is not (arguably) a copy of the original. It is also useful when the actual workings of the original, or the way the original is made, is a (trade) secret. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From sandfort at crl.com Sat Jul 20 10:32:17 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 21 Jul 1996 01:32:17 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 19 Jul 1996, David Sternlight wrote: > I've been around for so long that I knew when I typed the above > someone would try to take my words literally in order to avoid > my point and pick the above nit. I don't think the 9th and 10th Amendments are nits. > If they disagree with what Congress and the administration have > done, there are well-established ways to petition Congress to > change it. Read the 9th, David. Our rights exist whether or not the current regime recognizes them. The reason Congress gets away with so many violation is in part due to the current population being willing to exchange a false sense of security for out and out violations of the clear words of the Bill of Rights. That may be democracy, but at the expense of Constitutionally guaranteed freedoms. Read the 9th and 10th, David. > If they fail, t.s.--that's the way our system works. Or doesn't work. > YOU don't get to force your will on the wider population, No, you merely get to stop others from forcing their will on you. > nor do YOU get to tell them that they are poor benighted fools > who should agree with YOUR views on civil liberties. To assert > otherwise is fascism, authoritarianism, dictatorship, pick one. No, David, it's free speech. Read the 1st Amendmend, David. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From EALLENSMITH at ocelot.Rutgers.EDU Sat Jul 20 10:57:25 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sun, 21 Jul 1996 01:57:25 +0800 Subject: US versions of Netscape now available Message-ID: <01I7AI5ZK7EI9EDBUO@mbcl.rutgers.edu> From: IN%"paquin at netscape.com" 20-JUL-1996 09:00:37.83 >Alex de Joode wrote: >> I would like to know what Netscape's position on the above mentioned >> scenario is .. (Uploading "possibly" received 128 bit binaries to >> official netscape mirrors outside the US, that is) (guess why ...) >I guess I should look again, but I *thought* our licenses explicitly >excepted use of "US-Only" software (defined in the license) from the >standard exclusions. I think the attys lifted some of the definitions >straight from ITAR and may have quoted 22USC. Maybe we screwed >up and got the wrong license in the beta and missed the check. >I don't know. I'll look. *sigh* BTW, is the license essentially copyright-based? If so, you're going to have trouble using it in a country that you can't legally sell/give away with limits the stuff to; it is assumed that you aren't losing anything. I may be wrong, of course, but that's my understanding of how penalties, etcetera are determined under copyright law. -Allen From ichudov at algebra.com Sat Jul 20 11:10:49 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 21 Jul 1996 02:10:49 +0800 Subject: Firewall Penetration In-Reply-To: <01BB75F4.8F028E40@ip160.i-manila.com.ph> Message-ID: <199607201452.JAA02178@manifold.algebra.com> Jerome Tan wrote: > > Is it possible to penetrate a firewall? > Yes. Sometimes people create incredibly stupid configurations of firewalls. - Igor. From david at sternlight.com Sat Jul 20 11:15:09 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 02:15:09 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: At 8:13 AM -0700 7/20/96, Sandy Sandfort wrote: > >Read the 9th, David. Our rights exist whether or not the current >regime recognizes them. The reason Congress gets away with so >many violation is in part due to the current population being >willing to exchange a false sense of security for out and out >violations of the clear words of the Bill of Rights. That may >be democracy, but at the expense of Constitutionally guaranteed >freedoms. Read the 9th and 10th, David. "9th Amendment The enumeration in the Constitution of certain rights shall not be construed to deny or disparage others retained by the people." Nothing in here about ITAR. "10th Amendment The powers not delegated to the United States shall not be construed to extend ^^^ to any suit in law or equity, commenced or prosecuted against one of the United States by citizens of another State or by citizens or subjects of any foreign state." Nothing in here about ITAR. On the other hand: "We the People of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defence," ... "The Congress shall have power ... To regulate commerce with foreign nations, and among the several states, and with the Indian tribes; ... To make all laws which shall be necessary and proper for carrying into execution the foregoing powers, and all other powers vested by the Constitution in the government of the United States, or in any department or officer thereof." Looks like ITAR is covered there. So don't (as the Russians say) try to teach your Grandmother how to suck eggs. David From david at sternlight.com Sat Jul 20 11:21:09 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 02:21:09 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: <199607192139.OAA23712@server1.chromatic.com> Message-ID: At 5:31 AM -0700 7/20/96, Brad Dolan wrote: >My twelve-year-old daughter asked for and received a .22 for her birthday. >Her four and six year old siblings enjoy shooting it, under close >supervision. > >Rural America has a very different culture than urban America and urban >America's recent attempts to impose its values (like hoplophobia) on us >really chafes. Though it is well known that I am in favor of gun control regulations, I have to support Brad Dolan here. There is a huge and traditional gun culture in rural American, particularly in the midwest. The way most Jewish kids get Bar Mitzvahed at 13 as a rite of passage into adulthood, or the way most kids get their learner's permit to drive as such a symbol is the way many midwestern kids get their first gun. David From Ryan.Russell at sybase.com Sat Jul 20 11:21:26 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Sun, 21 Jul 1996 02:21:26 +0800 Subject: Firewall Penetration Message-ID: <9607201621.AA17135@notesgw2.sybase.com> It depends. ---------- Previous Message ---------- To: cypherpunks cc: From: jti @ i-manila.com.ph (Jerome Tan) @ smtp Date: 07/19/96 05:29:11 PM Subject: Firewall Penetration Is it possible to penetrate a firewall? From EALLENSMITH at ocelot.Rutgers.EDU Sat Jul 20 11:21:30 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sun, 21 Jul 1996 02:21:30 +0800 Subject: Filtering out Queers is OK Message-ID: <01I7AH0OXYGW9EDBUO@mbcl.rutgers.edu> From: IN%"david at sternlight.com" "David Sternlight" 20-JUL-1996 09:08:49.96 >I speak as a father who has raised four children who turned out to be >independent beings to successful adulthood and families of their own, not >as a theoretician. Most of my knowledge on the subject comes from a friend of mine... who's a grandfather (raised 5 children) and a trained child psychiatrist. Until he left his most recent position (in Alabama), he was the head of their child psychiatry training program. -Allen From sandfort at crl.com Sat Jul 20 11:42:50 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 21 Jul 1996 02:42:50 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 20 Jul 1996, David Sternlight wrote: > "9th Amendment > > The enumeration in the Constitution of certain rights shall not > be construed to deny or disparage others retained by the people." > > Nothing in here about ITAR. No David, there isn't. That's because ITAR represents neither an enumerated nor unenumerated right of the people. The application of ITAR to speech, however, is a violation of the 1st Amendment which is enumerated. > "10th Amendment > > The powers not delegated to the United States shall not be > construed to extend to any suit in law or equity, commenced or > prosecuted against one of the United States by citizens of > another State or by citizens or subjects of any foreign > state." You "accidentally" misquoted the 10th. It actually says: The powers not delegated to the United States by the Constitution nor prohibited by it to the States, are reserved to the States respectively, or to the people. > Nothing in here about ITAR. See my explanation of the 9th Amendment, supra. > "We the People of the United States, in order to form a more perfect union, > establish justice, insure domestic tranquility, provide for the common > defence," > > ... > > "The Congress shall have power > > ... > > To regulate commerce with foreign nations, and among the several states, > and with the Indian tribes; > > ... > > To make all laws which shall be necessary and proper for carrying into > execution > the foregoing powers, and all other powers vested by the Constitution in the > government of the United States, or in any department or officer thereof." > > Looks like ITAR is covered there. Wrong. Everything quoted above was adopted prior to the adoption of the Bill of Rights. In other words, the 1st, 2nd,...9th and 10th AMENDMENTS came after and modify (or amend, get it?) the clauses you rely so much on. Now I see you have "accidentally" forgotten to address my response to your blatently unconstitutional assertion that I don't have the right to say that the system is being abused. Please defend that assertion, or at least tell us how you think the 1st Amendment is a nit. > So don't (as the Russians say) try to teach your Grandmother > how to suck eggs. Believe me, David, I don't think I could teach you anything. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From david at sternlight.com Sat Jul 20 12:08:16 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 03:08:16 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: At 9:22 AM -0700 7/20/96, Sandy Sandfort wrote: >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >On Sat, 20 Jul 1996, David Sternlight wrote: > >> "9th Amendment >> >> The enumeration in the Constitution of certain rights shall not >> be construed to deny or disparage others retained by the people." >> >> Nothing in here about ITAR. > >No David, there isn't. That's because ITAR represents neither an >enumerated nor unenumerated right of the people. The application >of ITAR to speech, however, is a violation of the 1st Amendment >which is enumerated. So now you're switching your ground to the First Amendment? Why can't you argue straight out? > >> "10th Amendment >> >> The powers not delegated to the United States shall not be >> construed to extend to any suit in law or equity, commenced or >> prosecuted against one of the United States by citizens of >> another State or by citizens or subjects of any foreign >> state." > >You "accidentally" misquoted the 10th. It actually says: > > The powers not delegated to the United States by the > Constitution nor prohibited by it to the States, are > reserved to the States respectively, or to the people. Slip of the editor, not a conspiracy. THe point is that it says "not delegated to the United States", and as I showed below, powers which cover ITAR were so delegated. > >> Nothing in here about ITAR. > >See my explanation of the 9th Amendment, supra. > >> "We the People of the United States, in order to form a more perfect union, >> establish justice, insure domestic tranquility, provide for the common >> defence," >> >> ... >> >> "The Congress shall have power >> >> ... >> >> To regulate commerce with foreign nations, and among the several states, >> and with the Indian tribes; >> >> ... >> >> To make all laws which shall be necessary and proper for carrying into >> execution >> the foregoing powers, and all other powers vested by the Constitution in the >> government of the United States, or in any department or officer thereof." >> >> Looks like ITAR is covered there. > >Wrong. Everything quoted above was adopted prior to the adoption >of the Bill of Rights. In other words, the 1st, 2nd,...9th and >10th AMENDMENTS came after and modify (or amend, get it?) the >clauses you rely so much on. This is an unsustainable position for which you have no legal basis. Your implied claim is that an amendment implicitly repeals prior language. As we've seen from other amendments, if prior language is to be repealed that is done explicitly or by reference in the amendment. There are some Supreme Court cases because there are conflicts between the implicit content of some amendments (the famous "penumbra of the Constitution") and prior language. And we've seen many cases where even strict constructionists held in Dicta that prior powers weren't implicitly repealed by the First, particularly in speech cases. The famous "Freedom of Speech does not extent to the right to falsely shout "Fire!" in a crowded theatre" is one. "The Constitution is not a suicide pact." is another. But Con Law is a bit off topic for this group, eh? Let's agree to disagree. >Believe me, David, I don't think I could teach you anything. That's both false and defamatory unless you're commenting on your own shortcomings as a teacher. Some here will tell you that they've taught me a lot, and that when evidence or logic are clear, I do alter my views. In the instant case neither appertains, at least not so far. Best; David From vinnie at webstuff.apple.com Sat Jul 20 12:44:23 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Sun, 21 Jul 1996 03:44:23 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607200646.CAA15585@lists.gateway.com> Message-ID: On 19 Jul 1996 19:51:39 Hallam-Baker wrote >It is no coincidence that the Tree of Liberty needs to be watered with >blood on occasion. As a native Bostonian, I have to tell you that the original "Tree of Liberty" was cut down many many years ago and in it's place now stands a storefront, if you look up onto the second floor you will notice a frieze of a tree. This is all that stands to commemerate the "Tree of Liberty". oh btw that storefront is in the comabat zone of boston, and the last time I checked that store was called either the "Naked I"or the "Pussycat lounge", can you guess what they sell? It's been a while since I've been in that neighborhood, so I dont remeber the street corner, ask bob hettinga if you want to know where. Speaking of Bob Hettinga put it to words best, told me that standing on the Concord bridge he could see the colors of the American flag eminating outwards to the rest of the country. Yup this is where it all started.. Vinnie Moscaritolo "Law - Samoan Style" http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From david at sternlight.com Sat Jul 20 12:52:45 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 03:52:45 +0800 Subject: pledge status In-Reply-To: <199607201416.KAA07379@jekyll.piermont.com> Message-ID: At 7:16 AM -0700 7/20/96, Perry E. Metzger wrote: >I'm glad to report that a large number of people have now taken the ^^^^^^^^^^^^^^^^^^^^^^^^ >pledge not to reply to David Sternlight's posts. > >Remember, replying to David almost never serves any useful purpose -- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >he is almost totally incapable of admitting he is wrong, and almost ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^ >everyone disagrees with him already. By replying to him, you simply ^^^^^^^^^ >continue to encourage him to fill the mailing list with junk. > >Don't feed the Sternlight. Take the pledge. > >Perry Interesting view of the truth. Keep up the good work, Metzger. A few more like this and you'll be a spammer. Plonk! David From rah at shipwright.com Sat Jul 20 12:54:32 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 21 Jul 1996 03:54:32 +0800 Subject: take the pledge In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Look, folks, we all know that 99% of what David Sternlight posts is > garbage. Why don't we all pledge not to answer any of his posts, and > then he'll go away. The more I see, the more I agree. I filter relevant stuff out of here onto e$pam, and I've only sent out about two of Mr. Sternlight's "n-ty" total posts in the past four days or so. He certainly is articulate and well read, but he's considerably mired in heirarchical statist thinking. It's a wonder he doesn't trip, walking with his head turned exactly backward like that... Our political differences aside, and in the spirit of keeping my killfile from frying under the load of plonking him, ;-), I would like to propose what could be called a compromise. I challenge Mr. Sternlight to do two things: 1. Not to respond to this post. :-). Actually, I believe that's part of my problem with Mr. Sternlight. He's about the best tat-titter I've ever seen. On my high-school forensics team, he would bat .500 in all his matches, because he would win all his negative debates and have no affirmative case for the rest. Or, more to the point, he might have one, but he never seems to present it except in rebuttal. Unfortunately, the judges don't count those points, David, and even though this is just a mail list, the same rules of logic and rhetoric are there, whether we like them or not. Which brings me to the second challenge, 2. Write something from scratch. That is, actually *start* a thread. From scratch. Probably one of the causes of a lot of the vitriol on this list is instant "Oh, yeah, sez who!" ability that e-mail gives us. I would be very interested in something from Mr. Sternlight where he gave us some facts, some deduction from those facts, and some well-thought-out conclusions from those deductions. It would probably be a treat to read, and, when done, would not be nearly as objectionable as his frequent and voluminous pot-shots from behind the hedgerows. Witty repartee is nice, occasionally, but, like rich food, it can make one bloated and bilious when consumed in any quantity. On a small tangent, my idea of a perpetual motion machine would be a Sternlight/Hallam-Baker flamewar, those two seeming to be the greatest tat-titters on this list (exclusive of those in my kill-file, who, of necessity, will remain nameless here). Of course, this would be a paradox, because even though Mr. (yes, *Mr.*, in the Oxfordian sense, Phill) H-B is a thoroughgoing liberal crypto-socialist (in the "Myra Brekenridge" sense of crypto) and Mr. Sternlight is an equal and opposite conservative, they both end up holding the same end of the stick in arguments around here. I find that quite interesting to think about from the standpoint of political philosophy, but it doesn't make them any less annoying to read. For the moment, anyway. Cheers, Bob Hettinga -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfEYH/gyLN8bw6ZVAQFFAgP7BvdsuU0NG0x70z1/jBkSLQeRC9Cbk4NQ HoRYWvMRvpRazkDnWRwQvtgnEGWHCZ5jCHTPXu5R68QaHLUHYXGjoUlqtUZYVfTF R6ZCaZ/Lsvoh0zlr5dOACbfKGKm2+ZTHd8YuOdpBZQTcSzAzVv6lRJ0xMOmkJjXB BxabINghUoc= =3rDH -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From sandfort at crl.com Sat Jul 20 13:12:10 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 21 Jul 1996 04:12:10 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 20 Jul 1996, David Sternlight wrote: > But Con Law is a bit off topic for this group, eh? Let's agree > to disagree. Sure, I'll let you wiggle out of a discussion in which you were previously all to willing to participate. I don't think, though, that you should get off the hook so easily for your amazing--and unsupportable assault on free speech, to wit: > nor do YOU get to tell them that they are poor benighted fools > who should agree with YOUR views on civil liberties. To assert > otherwise is fascism, authoritarianism, dictatorship, pick one. I'd appreciate it if you would defend, retract or "explain" why I don't get to tell ANYONE that they should agree with my views of civil liberties. This is the third time I've addressed your curious statement. Please explain yourself. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From david at sternlight.com Sat Jul 20 13:40:17 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 04:40:17 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: At 10:40 AM -0700 7/20/96, Sandy Sandfort wrote: >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >On Sat, 20 Jul 1996, David Sternlight wrote: > >> But Con Law is a bit off topic for this group, eh? Let's agree >> to disagree. > >Sure, I'll let you wiggle out of a discussion in which you were >previously all to willing to participate. No wiggling involved. I think I refuted you decisively but recognize that we've reached the point of diminishing returns for this group and that a discussion focussing mostly on the interpretation of Constitutional mechanics would be by and large off topic here. I was attempting to be considerate, not evasive. I'll take it as far as you like (within the bounds of civility) via e-mail. > I don't think, though, >that you should get off the hook so easily for your amazing--and >unsupportable assault on free speech, to wit: > >> nor do YOU get to tell them that they are poor benighted fools >> who should agree with YOUR views on civil liberties. To assert >> otherwise is fascism, authoritarianism, dictatorship, pick one. > >I'd appreciate it if you would defend, retract or "explain" why >I don't get to tell ANYONE that they should agree with my views >of civil liberties. This is the third time I've addressed your >curious statement. Please explain yourself. Glad to explain it. I used "tell" in the sense of compel, not in the sense of expressing one's opinion. "Joe told us what to do" is different from "Joe expressed his opinion of what we should do" in the sense I used it. Thanks for asking; David From david at sternlight.com Sat Jul 20 13:43:33 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 04:43:33 +0800 Subject: Firewall Penetration In-Reply-To: <01BB75F4.8F028E40@ip160.i-manila.com.ph> Message-ID: At 7:52 AM -0700 7/20/96, Igor Chudov @ home wrote: >Jerome Tan wrote: >> >> Is it possible to penetrate a firewall? >> > >Yes. Sometimes people create incredibly stupid configurations of firewalls. A more interesting answer (in which I'm also interested) would address the possibility of penetrating a well-executed, well-managed firewall. David From david at sternlight.com Sat Jul 20 13:45:15 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 21 Jul 1996 04:45:15 +0800 Subject: Reverse Engineer In-Reply-To: Message-ID: At 8:14 AM -0700 7/20/96, Peter D. Junger wrote: >"Bill Olson (EDP)" writes: > >: Reverse engineering is process of 'mimicking' the specifications of >: another product by copying the 'abstract interface' of it. Example: >: >: I write a desktop application that greatly increases employee >: productivity, and it sells like hotcakes. Another company decides that I >: am gaining too much market share with my product and decides to reverse >: engineer the product so that they can create a competing product. They >: hire an engineer who takes the program and analyzes the input and output >: with a detailed script of test patterns (heaven forbid he might even >: decompile the program and snoop). By doing so, he now has a complete >: product specification minus the implementation (i.e. how it works). He >: then takes the product specification and gives it to another engineer >: (actually it's done through 'clean' liaisons) who then creates a product >: that does the exact same thing as mine--but with a different >: implementation process. Because the product copies the specification and >: not the implementation, it does not infringe on copyrights or patents. > >Good explanation. But note that reverse engineering is not a way of >getting around patent violations. It only works to protect oneself from >copyright violations, since a reverse-engineered product is not >(arguably) a copy of the original. It is also useful when the actual >workings of the original, or the way the original is made, is a (trade) >secret. Important comment. Further, as I understand it if an implementation is obvious to one practiced in the art, one's ability to protect such an implementation is also limited. David From jimbell at pacifier.com Sat Jul 20 13:49:22 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 21 Jul 1996 04:49:22 +0800 Subject: US versions of Netscape now available Message-ID: <199607201837.LAA22002@mail.pacifier.com> At 10:59 AM 7/19/96 -0700, Tom Paquin wrote: s far as company policy goes, it's a good bet that we won't >willingly break any laws. Licensing export-restricted software >to a "foreign person" (includes companies, etc) without a >particular export license would probably be a mistake which would >get corrected quickly. I don't think there is any contradiction here. ITAR arguably prohibits disclosure; it does not prohibit licensing WITHOUT explicit disclosure. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Sat Jul 20 13:54:56 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 21 Jul 1996 04:54:56 +0800 Subject: lambda 2.09 - French Telco Act Censored? Message-ID: <199607201837.LAA22011@mail.pacifier.com> At 09:41 PM 7/19/96 +0100, Jerome Thorel wrote: >OECD FAILS TO ACT ON KEY-ESCROW ENCRYPTION; THE US ACCUSED OF "POLICY >LAUNDERING" > >The Paris-based OECD, the 24-members club of industrialised nations, has >failed to take a step towards international recongnition of key-escrow >encryption. The meeting of June 26-28 in Paris, scheduled to take a firm >decision about the possibility of law enforcement agencies to read >electronic mail of private individuals and corporations, didn't succeed to >act on a compromise. The OECD's general secretary has no special power to >draw regulations and must find a common policy on the matter. [deleted] > >Sources said the US were willing to "use" the OECD as a "policy laundering" >machine : to pressure the organisation in order to have the key escrow >policy approved by the 24 countries. US intelligence officials would have >been using it as a political weapon at home, where Congress, >public-interests groups and industry pressure groups are on the verge to >act against any key-escrow policy. Lemme see... The Europeans are now complaining about the US government pushing key escrow on them? So where did that "emerging consensus" go?!? Jim Bell jimbell at pacifier.com From alano at teleport.com Sat Jul 20 13:55:01 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 21 Jul 1996 04:55:01 +0800 Subject: [NOISE} Re: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960720183725.00e38e60@mail.teleport.com> At 10:10 AM 7/20/96 -0800, Vinnie Moscaritolo wrote: >Speaking of Bob Hettinga put it to words best, told me that standing on the >Concord bridge he could see the colors of the American flag eminating >outwards to the rest of the country. Yup this is where it all started.. Should teach him not to drink so much in the combat zone in Boston. ]:> --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From JonWienk at ix.netcom.com Sat Jul 20 13:56:51 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Sun, 21 Jul 1996 04:56:51 +0800 Subject: Opiated file systems In-Reply-To: <199607191718.NAA04087@unix.asb.com> Message-ID: <199607201848.LAA07682@dfw-ix10.ix.netcom.com> Here is an idea for implementing DuressSFS and/or NukeTheData functions on demand with plausible deniability for all (without all your keys, TLA's wouldn't know how many encrypted partitions you had: 1. Doing anything with the encrypted file system requires 2 keys. 2. The first key decrypts the FAT (the FAT info is always written to the disk encrypted) and an encrypted control sector, which is cylinder 0, head 0, sector JustAfterTheMBRAndPartionTable. This control sector is divided into 16 32-byte (256-bit) fields or records. 3. If a hash of the key entered matches the undecrypted contents of record 0, (bytes 0-31) the EFS enters an infinite whole-drive encryption loop, using a hash of the key provided and any handy entropy, to produce a new key. The EFS will produce new keys as frequently as possible by hashing any entropy it can gather while nuking the data on the drive. While this is happening, dummy messages should be displayed, such as "Starting Windows 95...", "An exception has ocurred at XXXX:XXXXXXXX Press any key to continue." (when the entropy stock needs replenishment) or any other reasonably common startup messages. (NukeTheData) (TM) 4. If the first key is not the NukeTheData key, the EFS prompts for a second key. 5. After receiving the second key, the EFS hashes it and compares the hash to the data in the control sector records, and mounts any encrypted logical drive(s) with matching key hashes. 6. If an incorrect second key is entered X times(X between 3 and 20), (NukeTheData = True) is assumed, and executed. Using this system, without the first key, it should be impossible to tell how many separate encrypted logical drives there are on the disk. Without the second key(s) the data in the ELD's should be worthless. On bootup, the pass phrase entry screen should be designed to look exactly like the CMOS bootup password screen, and no messages indicating the existence of EFS should be displayed until after a correct 2nd key has been entered. Why advertise your security measures? Unless "they" have been tipped off to the fact that you use EFS, they can easily destroy all of the data through ignorance, especially if you have a PostIt note with the NukeTheData password/phrase (which wouldn't have to be "good"--you could use "GovtStupid" or something similar) stuck to the side of your monitor, and keep your mouth shut during interrogation. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB From alano at teleport.com Sat Jul 20 13:56:54 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 21 Jul 1996 04:56:54 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960720183720.00de3c00@mail.teleport.com> At 10:38 AM 7/20/96 -0400, Perry E. Metzger wrote: > >Llywarch Hen writes: >> You have not had the opportunity to look closely at the business end >> of a gun. The hole looks enormous. > >The opening in the barrel of just about every rifle or pistol I've >looked at seems to be about half an inch or less. Perhaps you have >been looking at the 18" guns on the battleship "New Jersey"? There is a time and space dilation when the gun is pointed directly at you and about to be fired. (Been there, done that...) Perception tends to be skewed when all of the adrenaline is pumping into your bloodstream because of a perceived impending death. Believe me, it does look big. A 12 gauge especially... (Had a brother who came close to shooting me because he thought I was a burglar. Not fun.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From jimbell at pacifier.com Sat Jul 20 13:57:04 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 21 Jul 1996 04:57:04 +0800 Subject: ABC News on internet telephony Message-ID: <199607201846.LAA22368@mail.pacifier.com> At 02:12 AM 7/19/96 -0500, snow wrote: > It is my understanding that billing is one of the biggest headaches >and expenses for a phone company. Going to a flat rate would solve a >decent amount of that wouldn't it? I've heard it claimed that billing and customer service is half of their costs, at least. If that's the case, then "flat rate" billing can't be far behind. Prodded by "free" Internet phone, they can't avoid it for much longer. Jim Bell jimbell at pacifier.com From alano at teleport.com Sat Jul 20 14:02:57 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 21 Jul 1996 05:02:57 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's Message-ID: <2.2.32.19960720183717.00b2478c@mail.teleport.com> At 08:31 AM 7/20/96 -0400, Brad Dolan wrote: >> Would you just hand out guns to all teenagers? > >My twelve-year-old daughter asked for and received a .22 for her birthday. >Her four and six year old siblings enjoy shooting it, under close >supervision. I learned how to shoot very young. My father taught me, as well as enrolling me in NRA competitions around age 14. They still have high school rifle teams where I used to live as well. But then the culture is quite different towards guns in Alaska than it is here... (For one, people do not view them as toys and/or possessed by evil spirits or the like...) >Rural America has a very different culture than urban America and urban >America's recent attempts to impose its values (like hoplophobia) on us >really chafes. I bet the "National Curfew" crap that Clinton is trying to push is not going down well either. He seems to think that the problems of a small fraction of the country apply to the whole country... (But it makes for good sound bites.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From alano at teleport.com Sat Jul 20 14:22:57 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 21 Jul 1996 05:22:57 +0800 Subject: [NOISE] Re: Firewall Penetration Message-ID: <2.2.32.19960720190133.00af90a4@mail.teleport.com> At 05:29 PM 7/19/96 +0800, Jerome Tan wrote: >Is it possible to penetrate a firewall? Yes, but it requires alot of time and money. (As well as a nice car and a six figure income.) I recommend taking the firewall out to a nice restaurant, feeding it dinner, taking it out for drinks and then back to your house or apartment. If everything works, you should be able to penetrate said firewall. But she will not return your calls in the morning... --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From sandfort at crl.com Sat Jul 20 14:46:48 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 21 Jul 1996 05:46:48 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 20 Jul 1996, David Sternlight wrote: > Glad to explain it. I used "tell" in the sense of compel, not > in the sense of expressing one's opinion. "Joe told us what to > do" is different from "Joe expressed his opinion of what we > should do" in the sense I used it. Really? But you wrote: >> nor do YOU get to tell them that they are poor benighted fools >> who should agree with YOUR views on civil liberties. To assert >> otherwise is fascism, authoritarianism, dictatorship, pick one. Oh, I see, "tell," "should" and "assert" REALLY mean compel. And what, exactly, would I, the "teller" be compelling them to do? I now understand how you are able to win so many debates. I guess I'd just better give up and take THE PLEDGE, you're just too sly for me. Sorry Perry, you were right. S a n d y P.S. For those of you who choose to suffer Sternlight, I leave you with this little quote from Lewis Caroll. You might find it useful to cite when jousting with our sophistic friend: "When /I/ use a word," Humpty Dumpty said, in rather a scornful tone, "it means just what I choose it to mean-- neither more nor less." "The question is," said Alice, whether you /can/ make words mean so many different things." "The question is," said Humpty Dumpty, "which is to be master--that's all." And now back to David Sternlight for what he really wants, the Last Word. :-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From amehta at giasdl01.vsnl.net.in Sat Jul 20 14:52:23 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sun, 21 Jul 1996 05:52:23 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <1.5.4.32.19960720185045.0031750c@giasdl01.vsnl.net.in> At 01:10 20/07/96 -0700, Timothy C. May wrote: >By "you," I have to presume you mean "me." No, I am not at likely to use >this weapon in a rage against a loved one. Trust me. This was not intended to suggest how "you" might behave, I don't know you that well, it would have been less confusing for me to have used the pronoun "one." >It may sound "stupid" to you...I suggest you read up on evolutionary game >theory. Sometimes one has no choice but to respond to an arms buildup. >Unilateral disarmament rarely works. There are surely alternatives to the extremes of unilateral disarmament and an arms race? For instance, slowing down the race? More often than not, it is the US that has upped the ante. They consistently had more nuclear warheads than the Soviet Union, new technologies that disrupted the status quo came generally from the West. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From adam at homeport.org Sat Jul 20 15:21:47 1996 From: adam at homeport.org (Adam Shostack) Date: Sun, 21 Jul 1996 06:21:47 +0800 Subject: Netscape download requirements In-Reply-To: <31EFCCCC.B13@netscape.com> Message-ID: <199607201935.OAA17617@homeport.org> Don't screw with the system, and I can bet how the policy review will come out. We just had a policy review; the National Academy of Sciences had a very prestigious group do a review of our Cryptographic Policy. It suggested liberalization. Clearly, someone didn't like that, so the Powers That Be are doing another policy review in the hopes of getting a review that they like. If they don't get something they like, there will be another policy review, chaired by Loius Freeh, and taking testimony from such prestigious cryptographers as Dr. Denning. Adam Tom Paquin wrote: | > Exporting crypto-systems and killing people is comparing apples | > and hand grenades. Please come up with a relevant analogy. | | You missed the point. Right now the government is in the midst | of a policy review. Your inclination to view that policy as | irrlevant simply doesn't matter. Proving to them that a more | tolerant policy would not be in their interest is not in our | interest. | | Screw with this system and I can bet how the policy review | will come out. -- "It is seldom that liberty of any kind is lost all at once." -Hume From JonWienk at ix.netcom.com Sat Jul 20 15:27:17 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Sun, 21 Jul 1996 06:27:17 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607202002.NAA17000@dfw-ix1.ix.netcom.com> On Fri, 19 Jul 1996, ichudov at algebra.com (Igor Chudov @ home) wrote: >I suggest wiring an anti-tank mine to your door every night. If >ninjas break in, everyone goes to hell. No need to wake up and be >alert in sleep -- all will be done automatically. So before that >ninja raid you will sleep better. A claymore mine would be much better. It would send the "ninjas" to hell, without necessarily forcing you to join them. On Fri, 19 Jul 1996, David Sternlight wrote: [Snip] >Probably something to do with flushing dope down the toilet, or destroying >evidence. Perhaps it's too much to expect them to disconnect the sewer line >and hit your interior with a water hose and an electricity cut-off before >raiding it. If tests are available that can detect trace amounts of drugs in your urine 30 days after snorting cocaine, they ought to be able to detect traces of drugs in the toilet bowl/sewer pipe 5 minutes after you flush... The whole "war on drugs" has been an excuse for abrogating our Constitutional rights. Much of the impetus for banning "assault weapons" and "Saturday night specials" is a by-product of media hype of crimes committed by drug dealers and gangs. Drug crime has been used as an excuse to involve the military in law enforcement, (That's how the FBI got the tanks involved at Waco!) and it has been the primary factor in the incrased popularity of SWAT raids. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB P.S. Chesnokov = Chudov = Vulis = Sternlight = Detweiler From cibir at netcom.com Sat Jul 20 15:35:08 1996 From: cibir at netcom.com (Joseph Seanor) Date: Sun, 21 Jul 1996 06:35:08 +0800 Subject: Reverse Engineer In-Reply-To: <01BB752B.7DCF4600@ip65.i-manila.com.ph> Message-ID: On Wed, 17 Jul 1996, Jerome Tan wrote: > What do you mean by "reverse engineer?" I have heard this word several times especially in the world of hacking, but... can someone tell me what it really meant? > Speaking of reverse engineering something, what is a program that will allow you de-compile a visual basic app? Joe From cibir at netcom.com Sat Jul 20 15:36:54 1996 From: cibir at netcom.com (Joseph Seanor) Date: Sun, 21 Jul 1996 06:36:54 +0800 Subject: Viacrypt PGP version 4.0 In-Reply-To: <2.2.32.19960720021701.006b1570@pop3.sdinter.net> Message-ID: On Fri, 19 Jul 1996, Erle Greer wrote: > Is there a free/trial/steal/shareware version of Viacrypt PGP Personal > version 4.0, rather than forking over $129.00? > My company sells it for $100, if you want the full version with the book and everything. Joseph Seanor From perry at piermont.com Sat Jul 20 15:37:18 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 21 Jul 1996 06:37:18 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <1.5.4.32.19960720185045.0031750c@giasdl01.vsnl.net.in> Message-ID: <199607202011.QAA07854@jekyll.piermont.com> Arun Mehta writes: > >It may sound "stupid" to you...I suggest you read up on evolutionary game > >theory. Sometimes one has no choice but to respond to an arms buildup. > >Unilateral disarmament rarely works. > > There are surely alternatives to the extremes of unilateral > disarmament and an arms race? For instance, slowing down the > race? Don't ask the question as though it is theoretical. Don't try answering it as though your personal values have any bearing, because there is indeed an objective answer here. Try doing some game theory simulations and see how well unilateral disarmament works. Oh, and don't give us stuff about how humans are above evolutionary pressures or nonsense like that, because we aren't any more above such pressures than we are above the laws of physics. Perry From tcmay at got.net Sat Jul 20 15:59:17 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 21 Jul 1996 06:59:17 +0800 Subject: Curfews again Message-ID: At 6:37 PM 7/20/96, Alan Olsen wrote: >I bet the "National Curfew" crap that Clinton is trying to push is not going >down well either. He seems to think that the problems of a small fraction >of the country apply to the whole country... (But it makes for good sound >bites.) Yes, I have written about the local "curfew" in my local newsgroup (scruz.general), and I forwarded at least one of these articles to this list, as you may recall. Consistent with my views on gun control, mandatory doping of children, the outlawing of certain dietary items, and on and on, I would be mighty pissed if a kid of mine was picked up the cops and hauled off to a processing center for eventual disposition for the thought crime of being on the street without an excuse acceptable to the local gendarmes. (In fact, I think I'd be tempted to just not answer any phone calls from the reeducation center staffers; getting through to me on the phone can often be difficult, of course, and I doubt they know about e-mail.) I told someone in scruz.general who argued strongly for the need for curfews on kids that her points had convinced me, that I now understood her position, that I now agreed with it, and that I would be doing my part by making a citizen's arrest of any curfew violators I found in my area...especially cute 16-year-old girls. (I never heard from her again...after she stopped foaming at the mouth she probably contacted the Thought Crimes Task Force of the Sheriff's Department.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From perry at alpha.jpunix.com Sat Jul 20 16:19:46 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Sun, 21 Jul 1996 07:19:46 +0800 Subject: PGP Keyserver at jpunix.com Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The problem with the PGP keyserver at jpunix.com has been corrected. It turned out to be a corrupted keyring. The keyserver is once again available via email at pgp-public-keys at jpunix.com as well as by WWW from www.jpunix.com. The WWW interface uses Bal's PGP WWW interface. I apologize for the downtime and the inconvenience. On the up side, I didn't lose any key requests during the downtime. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfFE6lOTpEThrthvAQE3cQP/cy7x/LnmfC/31AcIgom3X2Cc/YMR01Jw 95kPt7W0JAz154DZezXLyR79Q7fJ4DYSkHRO6HFGwd5QiCkHrUjv/xweECPf9Q4s x41VnTFxrXGr3+YTm47vL+gBnuVmSTP4ujMC9s6r2zcGOCE3jQXKBLEhGNB6kPxg ab37bM4iGHo= =oONb -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Sat Jul 20 16:21:54 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 21 Jul 1996 07:21:54 +0800 Subject: A Snake-Oil FAQ Message-ID: <199607202058.QAA19736@unix.asb.com> I've written a short "Snake Oil FAQ" below. It's incomplete and needs some work (adding a few definitions, rewording, aesthetic formatting, etc.), so think of it as a 'beta' FAQ (please don't post it on web pages, though I don't mind if it's distributed among anyone interested in criticizing or contributing). Comments and suggestions would be appreciated. Note that the aim is to write something accessible to 'newbies'. (Jeremy Barrett contributed to this, BTW) Snake-Oil Warning Signs Encryption Software to Avoid (Revision 0.1) Introduction ====================================================================== Good cryptography is an excellent and necessary tool for almost anyone. However, there are a multitude of choices for what products to use. Many good cryptographic products are available, both commercial and free. However there are also some extremely bad cryptographic products (known in the field as "Snake Oil"), which not only fail do their job of providing security, but are based on, and add to, the many misconceptions and misunderstandings surrounding cryptogra phy and security. It is extremely important that users of cryptography actively question the product they are considering using, to insure the security and integrity of their data-- be it personal or business informat ion. In order to make a more informed decision, it is necessary to understand some of the "red flags" to watch out for, and what they mean. For a variety of reasons, this document is general in scope and does not mention specific products or algorithms as being "good" or "Snake Oil". Some Common Snake-Oil Warning Signs ====================================================================== The following are some of the "red flags" one should watch for when looking at an encryption product: Technobabble ------------ The vendor's descrption of the product may contain a lot of hard-to-follow use of technical terms to describe how the product works. If this appears to be confusing nonsesense, it may very well be (even to someone familiar with the terminology). Technobabble is a good means of confusing a potential user and masking the fact that the vendor doesn't understand anything either. A sign of technobabble is a descrption which drops a lot of technical terms for how the system works without actually explaining how it works. New Type of Cryptography? ------------------------- Beware of any vendor who claims to have invented a "new type of cryptography". Avoid software which claims to use 'new paradigms' of computing such as cellular automata, neural nets, genetic algorithms, chaos theory, etc. Just because software uses to different mehtod of computation doesn't make it more secure. Anything that claims to have invented a new public key cryptosystem without publishing the details or underlying mathematical principles is highly suspect. Proprietary Algorithms ---------------------- Avoid software which uses "proprietary" or "secret" algorithms. Security through obscurity is not considered a safe means of protecting your data. If the vendor does not feel confident that the method used can withstand years of scrutiny by the academic community, neither should you. Beware of specially modified versions of well-known algorithms. This may unintentionally weaken the cipher. The use of a trusted algorithm, along with technical notes explaining the implementation (if not availablity of the source code for the product) are a sign of good faith on the part of the vendor that you can take apart and test the implementation yourself. Old Ciphers Never Die... ------------------------ Beware of something that sounds like a sophisticated nineteenth- century or even World War II scheme, or something based on a mechanical system. If the product's authors sound like they are entirely unfamiliar with the state of the art, that's a good warning sign. Experienced Security Experts ---------------------------- Beware of any product claiming that "experienced security experts" have analyzed it, but it won't say who (especially if the scheme has not been published in a reputable journal). Unbreakability -------------- Some vendors will claim their software is "unbreakable". This is marketing hype, and a common sign of snake-oil. Avoid any vendor that makes unrealistic claims. No algorithm is unbreakable. Even the best algorithms are breakable using "brute force" (trying every possible key), but if the key size is large enough, this is impractical even with vast amounts of computing power. Be wary of marketing gimmicks related to "if you can crack our software" contests. One-Time-Pads ------------- A snake-oil vendor may claim the system uses a one-time-pad (OTP), which is theoretically unbreakable. A OTP system is not an algorithm. It involves generating a random key at least the size of the message and garbling the message with it. When the message is decrypted, the key is destroyed. Only one message is encrypted with a OTP, and it is used only once. They key is random: generated using a real random source, such as specialized hardware, radioctive decay timings, etc., and not from an algorithm or cipher. Anything else is not a one-time-pad. The vendor may confuse random session keys or initialization vectors with OTPs. Algorithm or product XXX is insecure ------------------------------------ Avoid anything that makes claims that particular algorithms or other products are insecure without backing up those claims (or at least siting references to them). Avoid anything that misrepresents 'weaknesses' of other algorithms. (For example, if the product claims it doesn't use public key crypto, citing timing attacks or factoring as reasons.) Keys and Passwords ------------------ The "key" and the "password" are often not the same thing. The "key" generally refers to the actual data used by the cipher algorithm. The "password" refers to the word or phrase the user types in, which the software converts into the key (usually through a process called "hashing" or "key initialization"). The reason this is done is because the characters a user is likely to type in do not cover the full range of possible characters. (Such keys would be more redundant and easier for an attacker to gues s.) By hashing a key can be made from an arbitrary password that covers the full range of possible keys. It also allows one to use longer words, or phrases and whole sentences as a "passphrase", wh ich is more secure. Anything that restricts users passwords to something like 10 or 16 or even 32 characters is foolish. If the actual "password" is the cipher's key (rather than hashing it into a key, as explained abo ve), avoid it. Anything that claims to solve the "key management problem" is also be to avoided. (Key management is an inherent problem with crypto.) Convenience is nice, but be wary of anything that sounds too easy to use. Avoid anything that lets anyone with your copy of the software to access files, data, etc. without having to use some sort of key or passphrase. Avoid anything that doesn't let you generate your own keys (ie, the vendor sends you a key in the mail). Avoid anything by a vendor who does not seem to understand the difference between public-key cryptography and private-key cryptography. Lost keys and passwords ----------------------- If there's a third-party utility that can crack the software, avoid it. If the vendor claims it can recover lost passwords (without using a key-backup or escrow feature), avoid it. Exported from the USA --------------------- If the software is made in North America, can it be exported? If the answer is yes, chances are it's not very strong. Strong cryptography is considered munitions in terms of export from the United States, and requires approval from the State Department. Chances are if the software is exportable, the algorithm is weak or it is crackable (hence it was approved for export). If the vendor is unaware of export restrictions, avoid the software: the vendor is not familiar with the state of the art. Because of export restrictions, some legitimate (not-Snake Oil) products may have a freely exportable version for outside of the USA, which is different from a separate US/Canada-only distribution. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From tcmay at got.net Sat Jul 20 16:27:10 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 21 Jul 1996 07:27:10 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: Game theory is terribly important to Cypherpunks. At 8:11 PM 7/20/96, Perry E. Metzger wrote: >Arun Mehta writes: >> >It may sound "stupid" to you...I suggest you read up on evolutionary game >> >theory. Sometimes one has no choice but to respond to an arms buildup. >> >Unilateral disarmament rarely works. >> >> There are surely alternatives to the extremes of unilateral >> disarmament and an arms race? For instance, slowing down the >> race? > >Don't ask the question as though it is theoretical. Don't try >answering it as though your personal values have any bearing, because >there is indeed an objective answer here. Try doing some game theory >simulations and see how well unilateral disarmament works. > >Oh, and don't give us stuff about how humans are above evolutionary >pressures or nonsense like that, because we aren't any more above such >pressures than we are above the laws of physics. Moreover, folks should pay careful attention to the way the _appearance_ of strength is critical. I don't mean bluffing, thought that sometimes has a place, I mean the "scaring off" of would-be challengers/attackers/intruders. For example, one well-known variant in evolutionary game theory is the "game of chicken," immortalized in the race-to-the-cliff in "Rebel Without a Clue^H^H^H^H^HCause." While such games sound foolish to many--and such a cliff race is not something I'd ever partake in--they are quite common and confer evolutionary advantages to the winners. To put it simply, the leader of a pack, whether dogs, humans, whatever, may face challenges from other pack members. If he can convince them that he'll win, that he's the craziest motherfucker on the planet, the challenges are reduced. A weak-appearing leader is of course attacked more quickly. (These are separate issues from the actual strength of skill of the participants, but it's a basic fact that a leader who can avoid as many challenges as possible will likely last longer.) Seen another way, there is considerable game-theoretic advantage in being seen as "crazy." If the other guy veers off long before impact or going over the cliff, because he think his opponent is crazy enough to ignore "rationality," much is gained by the victor. Avoiding fighting is often the most important consideration, and arms races often accomplish this goal! Even the "MAD" policy of "mutually assured destruction" has game-theoretic justification. (Indeed, this is virtually a truism, given the role game theory and the RAND Corporation played in the devising of the MAD strategy.) While humanists and liberals may cluck at the admittedly horrible consequences of MAD, were it ever implemented, it is solidly grounded in these "games." Fortunately, the goal of MAD was to not have to be used, and it appears now to have worked quite well (albeit at high cost). The application of these ideas to gun ownership is pretty clear, even to those who have not studied or thought much about these topics: a person contemplating a crime will be more likely to do so with an unarmed person. Duh. And less likely against someone he suspects is armed. Still less likely againt a "gun nut." Seeing an "NRA" sticker in the window of a car parked outside is likely to make him think twice, fearing a "gun nut" is inside. Being perceived as a gun nut does have some advantages. Hence the availabilty of signs saying: "Trespassers will be Shot," and, my favorite: "I have a .45 and a shovel; I doubt you'll be missed." (5 points to whomever first identifies the movie this was in) (One of the interesting speculations is what role this thinking played in the development of U.S. paramilitary S.W.A.T. teams, the "black-clad ninjas" we have been talking about recently. Creating a terrifying image, an image of crazed indifference, is a useful thing. Certainly the S.S. understood the power of their frightening uniforms and the "myth" of their bloodthirstiness. (Note: I am not saying their bloodthirstiness was a myth, but that they deliberately cultivated this image. Intimidation works, game-theoretically.) Game theory is at the confluence of economics (costs), psychology (motivations, rewards), evolution (who survives to reproduce), sociobiology (essentially another name for evolutionary game theory), and other fields. All educated persons should know the basics of a bunch of related things: -- "the prisoner's dilemma" (another famous example) -- the iterated forms of this and other games -- the concept of payoff matrices -- the game of chicken -- the nature of arms races -- random reinforcement -- the concept of "defection" -- the ideas of positive-, zero-, and negative-sum games. More advanced stuff, e.g, Nash equilibria, is real useful to know about, but is not part of any ordinary conversations I have seen on the Net in many years of participating. In particular, game theory has a lot of usefullness to crypto and Cypherpunk themes. "All security is economics." Lots of obvious connections. Most Alice-Bob situations are essentially multi-party games, with all the related stuff about spoofing, expectations, reputations, cheating, etc. (Granted, many of these situations are far beyond the formal games that have been analyzed in detail to date. That is, it is not clear how crytpographic protocols affect such games; or at least this is a fertile area for further study.) A good understanding of game theory can be gotten in a few weeks by reading some of the main introductory texts. This will not qualify oneself as an expert, but will provide one with insight into why many of us make the points we make about economics, self-reliance, payoff outcomes, and so on. Useful sources: Axelrod, "The Evolution of Cooperation" --> the best place to start, IMO Hofstadter, various chapters in "Metamagical Themas" Poundstone, "The Prisoner's Dilemma" Kahn, "On Thermonuclear War" And of course various textbooks on game theory. (But read the popular accounts first, else the mathematical rigor will be meaningless and confusing.) The usefullness to cryptography, especially to the more outre stuff we are most interested in, has largely remained unexplored. I get the impression that few academic cryptographers know much about it. I predict that important insights will come as these fields come into more contact. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From furballs at netcom.com Sat Jul 20 16:32:21 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Sun, 21 Jul 1996 07:32:21 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <31F01F8B.794B@ai.mit.edu> Message-ID: On Fri, 19 Jul 1996, Hallam-Baker wrote: > Jonathon Blake wrote: > > > On Fri, 19 Jul 1996, Hallam-Baker wrote: > > > > > dangerous people arround besides the government and the government is the > > > The _only_ difference between a gang of thugs, and a government, > > is that the latter admit to being thugs, whilst the former deny > > that. They both operate on the same prinicple -- steal from > > others, and kill those that oppose them. > > The people of the USA fortunately disagree. Its no coincidence that Limbaugh > has been unable to continue his tv show after his coverage of the OKC bombing. > NIce try at a segway, but this reasoning is nothing more than bullshit. I get so tired of hearing the same press/DNC derived crap after 3 days... Limbaugh is giving up the show because it is run in syndication. Syndication is not a profitable format with the ensuing satellite blitz on the horizon. Limbaugh is a buisnessman and a commentator. He earns a living. He will do what is necessary to leverage his marketability to make the most money. Since you've gone to college, I'll have to explain it to you: It's called capitalism - look into it... > It is not socialy acceptable to call for the murder of Police officers in most > countries. By doing so you are discrediting yourself and those who support you. > > So tell that to G. Gordon Liddy... You fail to acknowledge the simple fact that a segment of society that feels not only disenfranchised, but that the system is irrepairable will stoop to whatever means they feel is necessary to make their point. They don't care what other people think - just what they believe in. Discrediting is a non issue. > > > > only agency that is going to protect society from them. If you don't like > > > > Governments are the agencies _most_ likely to abuse one's > > freedom. << Take Northern Ireland, as an example of what > > happens, when a government tries to pacify a region, by > > prohibiting everything. >> > > Troops were sent into Northern Ireland originally to protect the Catholic > minority from the protestants. The two communities have been murdering each > other for centuries and there are bigots on both sides who think that the > events of three hundred years ago "prove" that the other is evil incarnate. > > Do you support the "punishment beatings" performed by the IRA. So far this > year they have committed grievous bodliy harm against 270 people. They have > also murdered 4 people. There have been no deaths from police or army use > of firearms in that period. Your assertion is therefore false. > > If you want to discuss the politics of Ireland you should at least visit the > place. You will find remarkably less sympathy for your romantic visions of > bloodshed amongst the people who have to live with the consequences. The > British people have little sympathy for either side and would quite happily > leave the two sides to slaughter each other if it wasnt for the fact that > the majority of the population wish to remain British and have voted to > remain so in regular referenda and national elections. > > > Phill > Welcome to Yugoslavia. The last riots on the tele over there didn't look any different than pictures the BBC showed of Serajevo during the early days of the country's demise. ...Paul From deviant at pooh-corner.com Sat Jul 20 16:34:59 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 21 Jul 1996 07:34:59 +0800 Subject: Sternlight on C'punks In-Reply-To: <199607161754.KAA25543@netcom18.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 16 Jul 1996, Vladimir Z. Nuri wrote: > Date: Tue, 16 Jul 96 10:54:28 -0700 > From: "Vladimir Z. Nuri" > To: David Sternlight > Cc: cypherpunks at toad.com, vznuri at netcom.com > Subject: Re: Sternlight on C'punks > > > >And another thing. The reason I've not joined this group earlier had > >nothing to do with "worthy". It was because after discussion a year or so > >ago, Tim May suggested to me via e-mail that it would just generate a lot > >of controversy, at a time when people were so polarized that they couldn't > >hear each other and thus my presence here would serve no useful purpose. I > >took Tim's advice and stayed out. > > > > frankly I think a mailing list that can't tolerate informed > but dissenting views such as your own without self-destructing has > an inherent problem that exists independent of your participation. > perhaps it is a valuable public service to expose such a flaw. at > least, that's the hacker spirit. as for TCM recommending you not > join, I'm disappointed to hear anyone so ostensibly and vocally > committed to free speech would tell anyone that their presence > would be "disruptive" or "controversial" and recommend against it. > I'm enclined to agree with you. It is a bit embarasing for people on one of the newsgroups that encourages free speach like this one does to ask someone, basicly, not to speak because they don't agree with our oppinions. Personally, I'd like to welcome David to the list. I'm sure we need some, well.. out of lack of a better word, opposing, views. So far I've seen more flaimbaiting _AT_ him on this list than _BY_ him. > > >I thought that by now the more extreme dogmatists among you would have > >matured, especially given the evidence generated by the real world about > >how things are and are going if nothing rational and effective is done to > >stop it. Some of you have met me at Crypto and found I'm not the devil > >incarnate. Some of you know that we share many (but not all) policy views > >in common. > > well, I find you to have mellowed yourself after a legendary amount > of back and forth in cyberspace, although I would still consider > some of your own views "dogmatic" as you term it. > > > > >The presenting symptom for my joining now was a copy of a post by an MIT > >professor I respect to this group, which a colleague sent me. Perhaps I was > >too hasty in my belief that we can begin to hear each other. > > I personally find your GAK positions superior to those of the > administration, at least, although that's almost the lowest-common > denominator litmus test for not starting massive flamewars on the > list. > > a suggestion: get a pseudonym! if you only care about debate, you > That is a little bit of the "I'm afraid of your oppinion" approach, isn't it? Then his pseudonym would probably just wind up with the same reputation, and people would start comparing him to himself. Thats more likely to make a mess thant to solve anything. He has his views, I have mine, you have yours. Learn to live with it. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMe8cYTAJap8fyDMVAQHvrAf/R/YLvNiISulJ+VnNFxKdusmTnnTHMBG3 V5G4HBAZJ7CamOtfeHPmVZH+QtANZBt8//n4B1eW67sNLhoksQp4GRBUgVotBNsS g3PRNhkG7cIYTN1GOki6hImjvix7NTWG3KpgU1cQXfIDjgFi/9bf/bYGchQLVKpP 4WgjvilI3kWPUcXxhqdponRB9ZBLy7XPTgok/HtENSby2h+oRKL9cUZOjFAuthu2 veYlZ2loju5ovojE0yecYUykCpPiTf6x9AXBBtN4wA2YVMV95s3mzZRbYEeRBkYn WLcOQ1i1Ut0wM5/Bhge0NnjV9wZrykvr21EiGrh/X9wlzp9wrfxoAA== =Ht1c -----END PGP SIGNATURE----- From deviant at pooh-corner.com Sat Jul 20 16:39:45 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 21 Jul 1996 07:39:45 +0800 Subject: Metered Phone In-Reply-To: <1.5.4.32.19960717115720.008caa88@193.246.3.200> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 17 Jul 1996, Remo Pini wrote: > Date: Wed, 17 Jul 1996 13:57:20 +0200 > From: Remo Pini > To: cypherpunks at toad.com > Subject: Re: Metered Phone > > At 12:45 AM 7/15/96 -0700, you wrote: > >At 01:19 PM 7/7/96 +0800, you wrote: > >>Does anyone have any ideas about this metered phone? > >>I am from Philippines and heard some news that it will be > >>existing in 1997. Quite a big problem! Every dial will be counted, > >>every seconds will be measured... > > > >That sounds like you're getting newer telephone technology. > >In the US, most areas with newer telephone switches offer you > >the choice of flat rate service (you pay a constant price per month > >... > >Bill Stewart > > Well, in Switzerland all telephon-switches (including the ones the company I > work with manufactures) record: > 1. start of call > 2. destination of call > 3. source of call > 4. end of call > Well, I know the higher-end NorTel and Lucent switches (ah la the DMS100, 200, 250, the 5ESS and the 1AESS) there are, basicly, 5 catagories... 911, toll free (800,888,local non-metered), extra charge (900/976), and metered. pretty much non-metered is the only one that doesn't do the dest/src recording (unless you've got a DNR put on your line, which usually means the USSS/FBI are breathing down your neck. Had it happen once. definatly not fun.) Of course, those switches are all programmable, so you can add more. > After all, you can get a detailed list of all your calls by the end of the > month (the phonenumbers of the destination are somewhat obscured -> only the > first 4 digits). Only on metered calls (includeing 800/900 type) at most places. > As soon as you get digital switches (POTS or ISDN) your phonelife is > measured, stored and statistically evaluated. But most of the time (ok, most numbers, not most types of numbers) it keeps track of percentage of calls from this type of line, to this type of line, not exact info on which lines. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMe8mHDAJap8fyDMVAQG2mwf8C8h860oF7qV84DrsUJFSQxDhx4dGIXQz 6u/e4PF5aYnaPspJcE7cGCY/TMa3/tWiLhPmGhmEtyUyvmFJgHcValbsVw7zZvkd D1q0sdXtOa9FI3QpN6yqDKkXqCDk9Mq7UR1nbU/biQb53TeL8ypmy73ykRXl8TQd glSeyhNnOl5EUTbWxG6BUI5bGFxaxuX94MCTOa1LDwPCxDNbWW0K1vehlZsP5lpH obEHaHN2kYix7JoeCMDdLlyI6c5IdY45SEWakR8wonNnlRJgozGM1hDPhytN93BE iaZPzMxFVV41MayYtEpsaV1v2WSHoMXRpG3ihUoWE1Hlc6g5JJdJeg== =bvoR -----END PGP SIGNATURE----- From jt at freenix.fr Sat Jul 20 16:57:11 1996 From: jt at freenix.fr (Jerome Thorel) Date: Sun, 21 Jul 1996 07:57:11 +0800 Subject: lambda 2.09 - French Telco Act Censored? Message-ID: >At 09:41 PM 7/19/96 +0100, Jerome Thorel wrote: > >>OECD FAILS TO ACT ON KEY-ESCROW ENCRYPTION; THE US ACCUSED OF "POLICY >>LAUNDERING" [deleted] Jim Bell jimbell at pacifier.com wrote: >Lemme see... The Europeans are now complaining about the US government >pushing key escrow on them? So where did that "emerging consensus" go?!? That was not a complaint -- but a modest report . Anyway, the major countries which are to complaint about the US pressure are Japanese, Australians, and Scandinavian countries, which are less keen to let intelligence agencies controling individuals or industry secrets. France and the UK, however, are sitting side by side with the US. But I can add that my source is from the US :-) And that US business circles around OECD discussions think no international guidelines could emerge after any OECD meeting. Jerome Thorel ==-== Journaliste / Free-lance Reporter ==-== Paris, France ==-== ID Press Card +++ Carte de Presse No 72052 ==-== From ceridwyn at wolfenet.com Sat Jul 20 16:58:58 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Sun, 21 Jul 1996 07:58:58 +0800 Subject: Netscape download requirements Message-ID: <2.2.32.19960720213701.006a4fc8@gonzo.wolfenet.com> >If they disagree with what Congress and the administration have done, there >are well-established ways to petition Congress to change it. If they fail, >t.s.--that's the way our system works. YOU don't get to force your will on >the wider population, nor do YOU get to tell them that they are poor >benighted fools who should agree with YOUR views on civil liberties. To >assert otherwise is fascism, authoritarianism, dictatorship, pick one. I don't think that demanding more liberty can in any way fall into any of those three categories. What happened to protecting a minorities Rights from the Majority? Simply because a majority decided they should take away my Rights (in this case to encryption, and for the sake of argument, I will concede for the moment that a majority actually did decide this) doesn't mean they should be taken away. This is what the Constitution and other founding documents are designed to protect us against. Saying "I have the Right to give encryption to anyone I want" is not forcing my will on the wider population, it is an attempt to keep the wider population from forcing their un-Constitutional will on me. //cerridwyn// From ichudov at algebra.com Sat Jul 20 17:06:13 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 21 Jul 1996 08:06:13 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.32.19960720183720.00de3c00@mail.teleport.com> Message-ID: <199607202049.PAA09452@manifold.algebra.com> Alan Olsen wrote: > There is a time and space dilation when the gun is pointed directly at you > and about to be fired. (Been there, done that...) Perception tends to be > skewed when all of the adrenaline is pumping into your bloodstream because > of a perceived impending death. > > Believe me, it does look big. A 12 gauge especially... (Had a brother who > came close to shooting me because he thought I was a burglar. Not fun.) I am very curious how it happened. Thanks, - Igor. From iang at cs.berkeley.edu Sat Jul 20 17:14:25 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Sun, 21 Jul 1996 08:14:25 +0800 Subject: Opiated file systems In-Reply-To: Message-ID: <4srl21$2rr@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <199607182213.RAA10532 at pentagon.io.com>, Douglas R. Floyd wrote: >If someone has any ideas on how to slow down attacks like this, please >E-mail me. It would be nice to have an offsite storage place, but without >the necessity of giving a bunch of personal info (as with Mcaffee's >WebStor). Charge ecash? - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfFXfkZRiTErSPb1AQF9YAQAk/mY+nAp9iGeGwZh+lC7Q0RPK+xjFs6d dT+mu/WiS9UP13IJLe+Rs2i3AFRry/lD4XPdL/CDTgDC5nH+Yalb8MSVJr9WJTvM iiZk6twYNXygTK0kF+u3g5QCCofSQoJXTDp0gL1Qkd+gw2kFzYo5xkK6TsPtbZWh Ld08fPu15Gc= =QHCI -----END PGP SIGNATURE----- From iang at cs.berkeley.edu Sat Jul 20 17:14:29 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Sun, 21 Jul 1996 08:14:29 +0800 Subject: Opiated file systems In-Reply-To: <199607172125.RAA09158@unix.asb.com> Message-ID: <4srkst$2q0@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <199607182148.WAA00324 at server.test.net>, Adam Back wrote: >ie. the attacker can not tell without the hidden file system key (if >one exists) whether the unused space on your drive is really just >that: unused space filled with garbage, or whether it is in fact >another encrytped filesystem. > >They might be suspicious, but I don't think they would be able to >claim you were in comptempt of court, if you provide the 1st key and >claim there is no other key: the software has support for either 1 or >2 filesystems. > The fixes to the encrypted loopback filesystem support for Linux that I'll be finishing shortly (hopehopehope) incorporate, among other things, the following features: o encrypted filesystems o stego'ing a filesystem in a large (say audio) file Now, what if you do this: Record 1/2 an hour of music from your CD, say at 8k samples/sec, 8 bits/sample, stereo. In the _left_ channel, stego your real filesystem. In the _right_ channel, stego your duress filesystem. If the cops are suspicious that you have a huge sound file on your hard drive and they don't believe that it's just for audio purposes, you could (reluctantly) give up the duress key. Does this have the properties you want? - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfFW2kZRiTErSPb1AQFaEAP+IRZmsZCEsY4IiKU/TW5qta+2Aljly/3X wlW3Rp90idwh58erjY4Lnikk9fvvm0J2gb59eKObSTmAW5JzIwJpfrL00ZMJzCog LsGL+h0HvV4VKUAYomvIZ3MoKXad6tAfIEPuiOYhQvX56my/oLElyKBaUUgKeqOZ MwdM7pPLhbg= =Hesa -----END PGP SIGNATURE----- From iang at cs.berkeley.edu Sat Jul 20 17:20:04 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Sun, 21 Jul 1996 08:20:04 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: <4srk6q$2fd@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <31EF632D.2B88 at netscape.com>, Jeff Weinstein wrote: >Roy M. Silvernail wrote: >> Anyone sniffing the link >> knows the filename from previous forms submissions, anyway. > > You can't sniff the link, since the form submission and the >file download are via SSL. > But assumedly if they're downloading the 128-bit netscape, then they're only using the 40-bit version to do it... :-) - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfFUFkZRiTErSPb1AQGp+gQAsZAqh46sZSZGqEHXP54CyMvyEwTtYW1S cbaEiY4YH8lae7QoJ17nL1CX1YpqbCWLvw6z6ghDHZTuU8jwJIMxT9u+OliJFVRc +bQ9pDULtXX4frdP/xTVWM9WIGLeK6ylv89YxBhWALPaZl5q6qYfjtlK6JXl9LG7 CIWLzA9UO6M= =TFS4 -----END PGP SIGNATURE----- From frissell at panix.com Sat Jul 20 17:46:08 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 21 Jul 1996 08:46:08 +0800 Subject: MIT harassed over publication of PGP book Message-ID: <2.2.32.19960720220935.0086d2c0@panix.com> At 02:06 AM 7/10/96 EDT, Hal Abelson wrote: > >Now, we learn of a back channel communication from State to DOE to >Sandia, which has prompted Sandia to want to act as a policeman for >MIT vis a vis export controls. > >This is troubling for what it says about how the State Department is >dealing with export issues surrounding information about cryptography, >and about the extent to which policies are being administered in a >clear and above-board manner. A blue ribbon panel of Ivy League administrators warned in the mid 1950s that Universities which accepted public funds would lose their independence and become mere functionaries of the federal government. They were right and you all had fair warning. DCF From ichudov at algebra.com Sat Jul 20 17:46:45 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 21 Jul 1996 08:46:45 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607202002.NAA17000@dfw-ix1.ix.netcom.com> Message-ID: <199607202231.RAA09968@manifold.algebra.com> JonWienk at ix.netcom.com wrote: > > P.S. Chesnokov = Chudov = Vulis = Sternlight = Detweiler > That's an interesting equation. - Igor. From rp at rpini.com Sat Jul 20 18:01:21 1996 From: rp at rpini.com (Remo Pini) Date: Sun, 21 Jul 1996 09:01:21 +0800 Subject: ABC news on Internet Telephony Message-ID: <1.5.4.32.19960720223758.0097ee74@193.246.3.200> At 01:54 PM 7/18/96 -0700, you wrote: --- all the following points are based on swiss circumstances, they may not apply to US --- >point to point circuits are more efficiently handled by circuit >switching rather than packet switching networks. Nicholas >Negroponte wrote an interesting piece about asynchronous vs >synchronous, I believe it is in his book "Being Digital." Well, from a users point of view, sending packet data over a packet mode bearer service is more efficient (and cheaper). An interesting developement in this direction is the PMBS-A/B modes of ISDN (packet switching to the public switch). The existance of this service suggests its usability. >ADSL is an interesting attempt at digital telephony but expensive >and basically would mean replacing existing central office >switches. (backbone bandwidth) We have a well developed DQDB-MAN and ATM net around, and bandwidth is available (and getting cheaper by the minute). Currently, a onetime investment of around $2500 per client is necessary to provide >5MBit/s transfer volume (via the cable TV networks or the existing broadband networks) >In a packet network you have to either dedicate a portion of the >bandwidth for a synchronous circuit, or you have to have a very >fast network and use very small packets (ATM), expensive either >way. Not if you have a dedicated packet switching network for asynchronous packet transfer only. If you use it for both you don't have to have a very fast network, you have to have a network with predictable and constant packet delay. (that's not the same as fast!) >A single central office has many times the bandwidth of the widest >part of the internet, and the average state has hundreds of CO's. >If even a small portion of the Internets current users tried >placing a call things would grind to a halt. A huge increase in the >number of backbones and their bandwidth would solve this, but who >will pay the bill? I guess Internet-telephony is one of the bandwidth killers. >TANSTAAFL > >Sometime ago the discussion was on the cost of laying new fiber, >may I suggest the realworld heuristic of "a million dollars a >mile." There are of course a lot of alternatives: - Existing wiring (5 MBit/s over 6 copper wires is possible) - Usage of the cable networks - Radio transmissions (RITL - radio in the loop) - Satellite transmissions >Please note I am not trying to make fun of anyone personnally, I am >in the words of Jubal Harshaw "heaping scorn upon an inexcuseably >silly idea, a practice I shall always follow." Neither am I, but isn't anyone? ----------< fate favors the prepared mind >---------- Remo Pini Fon 1: +41 1 350 28 82 mailto:rp at rpini.com Fon 2: +41 1 465 31 90 http://www.rpini.com/remopini/ Fax: +41 1 350 28 84 soon:PGP: http://www.rpini.com/remopini/rpcrypto.html --------< words are what reality is made of >-------- From tomw at netscape.com Sat Jul 20 18:20:20 1996 From: tomw at netscape.com (Tom Weinstein) Date: Sun, 21 Jul 1996 09:20:20 +0800 Subject: Netscape In-Reply-To: <199607200930.LAA08360@basement.replay.com> Message-ID: <31F15D42.1CFB@netscape.com> Anonymous wrote: > > Rich Graves wrote: >> [on hacktic] >>> netscape-fts2-hp10.tar.gz Fast Track Server 2.0 for HPUX10 >>> netscape-fts2-nt.exe Fast Track Server 2.0 for WinNT >>> netscape-hpus-30b5.tar.gz Navigator 3.0b5 for HP-UX >>> netscape-linux-30b5.tar.gz Navigator 3.0b5 for Linux >>> netscape-ssl30-src.tar.gz SSL 3.0 source code >>> netscape32us-30b5.exe Navigator 3.0b5 for Win95/NT >> >> And thus it begins... I think it's a bad idea to provoke the TLAs >> like this, but I suppose it's inevitable. > > Why is it a bad idea? If you don't do it, you support the ITAR > by your lack of action! Every day that you don't export strong > crypto you assist the enemy. Why not consider what the consequences will be? Do you seriously believe that this will make the government stop enforcing ITAR? Do you believe it will make them change the law? No. What it will do is make them remove our permission to distribute this stuff. As for your claim that not breaking the law supports it, I must remind you that Jim Barksdale has testified before congress on several occasions about how braindead ITAR is. Just because we don't fight it the way you want us to doesn't mean we support it. >> (But doesn't anyone use Macs or Suns?) > > Mac download didn't work yesterday. The download page doesn't > say if the Solaris versions are for Sparc or Intel (they are > different and incompatible binaries, aren't they?). A lot of people have been downloading the Mac version. What was the problem you were having? If you're not seeing the NoCookie problem, please try again. I think we've got most of the other problems licked. The Solaris versions are for Sparc. >> Besides, it's a Serious Copyright Violation, said with minimal >> irony. This whole thing isn't Netscape's fault; in fact, they're >> doing their best to be the good guys. > > Do you Seriously Believe that Netscape would prefer foreigners > to develop and use competing products? Of course not. They are > probably secretly applauding the brave exporters. You are wrong. We are worried that our permission to provide these products will be withdrawn. If we could do it legally, we'd let anyone download it who wants it. But we can't. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From EVERHART at Arisia.GCE.Com Sat Jul 20 18:28:08 1996 From: EVERHART at Arisia.GCE.Com (EVERHART at Arisia.GCE.Com) Date: Sun, 21 Jul 1996 09:28:08 +0800 Subject: Info War Message-ID: <960720191512.94@Arisia.GCE.Com> If the government should happen to be serious about wanting to prevent some possible info war scenarios, one might expect a number of things to be seen. * I'd expect that there would be at least some statements about the unwisdom of standardizing on MS operating systems or unix versions which have little or no security, building an infrastructure with security holes one can drive a truck through. * I'd also expect that the anti-crypto campaign to be at least scaled WAY down, so as to encourage more open use of crypto components in security solutions. (Crypto won't help if your OS comes with a backdoor that allows anyone on the Internet to get r/w access to your disks...this has been reported to me in all Microsoft OSs they currently have, though with NT it's under certain common but not completely ubiquitous circumstances. The others are wide WIDE open. Other bugs doubtless exist. * I'd expect some comments on the automatic running of downloaded images and how to secure them. Java? Reported at Princeton to be totally unsecurable....no models exist. I believe you can run the thing securely, but by having some security in its environment., I'd expect a lot more about what is needed, and where it can be found, encouraging development of such features. If on the other hand this is a ploy to justify violating people's privacy and in fact is not concerned with improving our posture, I would expect more Clipper chips, etc., and nothing seriously beneficial. (I consider that freedom of speech & the press means that I can choose not only what to say, but how to say it. If I use a language (crypto) that is hard for some not spoken to to understand, I regard this as an essential part of the freedom. Last I looked, this is still written. (BTW, if you think that the Supreme Court is supposed to be the arbiter of constitutionality, your reading of Marbury vs. Madison is seriously flawed. Congress and the President (& other federal employees) take an oath of office and are supposed to be deciding that what they do is Constitutional before doing it. Alas that they generally don't take this seriously...) We'll see what actually happens. I'd like to hope for the real effort to avoid problems. I fear we will get the bogus one, suitable for control freaks but not useful ultimately in dealing with the threats. Glenn Everhart From shabbir at vtw.org Sat Jul 20 18:32:15 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Sun, 21 Jul 1996 09:32:15 +0800 Subject: INFO: Submit your testimony to Congress for hearings on July 25! Message-ID: <199607202316.TAA25104@panix3.panix.com> ============================================================================= ____ _ _ _ / ___|_ __ _ _ _ __ | |_ ___ | \ | | _____ _____ | | | '__| | | | '_ \| __/ _ \ _____| \| |/ _ \ \ /\ / / __| | |___| | | |_| | |_) | || (_) |_____| |\ | __/\ V V /\__ \ \____|_| \__, | .__/ \__\___/ |_| \_|\___| \_/\_/ |___/ |___/|_| Virtually attend the upcoming hearings on July 25, 1996 Submit your own testimony Listen to the RealAudio cybercast Ask Louis Freeh a question (FBI) Date: July 20, 1996 URL:http://www.crypto.com/ crypto-news at panix.com If you redistribute this, please do so in its entirety, with the banner intact. ----------------------------------------------------------------------------- Table of Contents Upcoming hearing information How to receive crypto-news Press contacts ----------------------------------------------------------------------------- UPCOMING HEARING INFORMATION The Senate Commerce committee will be holding hearings on the Burns/Leahy Pro-CODE bill (S.1726) this Thursday July 25, 1996 in Washington D.C. Like most everyone that doesn't live in Washington, you can't be there in the flesh. But you can be there virtually through www.crypto.com! A RealAudio cybercast of the hearing is being coordinated by Jonah Seiger (CDT). If you have the RealAudio software (it's free from www.realaudio.com) you can listen to the hearing live. You can also telnet into the chat room and pose questions to the staffers who will be online. If you wish to make your voice heard, take a moment and submit your own written testimony through the web page at http://www.crypto.com. When you submit your testimony, you can also submit a question for FBI Director Louis Freeh who is scheduled to testify. We'll provide a copy of the questions to the committee members, and urge them to pin down Director Freeh on some of the finer points of the issue. This is an amazing time for democracy. Never before have American citizens been able to have so much representation in the halls of Congress without actually being physically there. Don't let this debate go on without your input! A complete profile of the cybercast and the net-presence effort is available at http://www.crypto.com/ until the hearing, and at http://www.crypto.com/events/ after that. ----------------------------------------------------------------------------- HOW TO RECEIVE CRYPTO-NEWS To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com) or send mail to majordomo at panix.com with "subscribe crypto-news" in the body of the message. To unsubscribe, send a letter to majordomo at panix.com with "unsubscribe crypto-news" in the body. ----------------------------------------------------------------------------- PRESS CONTACT INFORMATION Press inquiries on Crypto-News should be directed to Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir at vtw.org Jonah Seiger (CDT) at +1.202.637.9800 or jseiger at cdt.org ----------------------------------------------------------------------------- End crypto-news ============================================================================= From vagab0nd at sd.cybernex.net Sat Jul 20 18:58:02 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Sun, 21 Jul 1996 09:58:02 +0800 Subject: Viacrypt PGP version 4.0 Message-ID: <2.2.32.19960720234134.006b5fd8@mail.sd.cybernex.net> At 12:46 PM 7/20/96 -0700, you wrote: >On Fri, 19 Jul 1996, Erle Greer wrote: > >> Is there a free/trial/steal/shareware version of Viacrypt PGP Personal >> version 4.0, rather than forking over $129.00? >> >My company sells it for $100, if you want the full version with the book >and everything. > >Joseph Seanor > That sounds like an excellent deal when I plan to purchase it, but I would like to see if there is a crippleware demo first. I already have had 2.6.2 configured with a Windows clipboard utility. I just want to see if the full Win/integrated clipboard feature is more efficient. Thanks Joseph! P.S. I am also erleg at sdinter.net, but Majordomo won't unsubscribe me because I don't seem to be on the 'who cypherpunks' list, but my old address is still mysteriously reeiving the list. Any hints? Yes, I wrote owner-cypherpunks with no reply. TIA! /---\ |=================================================| / /\/ \ |If a train station is where a train stops | \ \ / |then what is a workstation? | \ \ / |-------------------------------------------------| /\ |/| /\ |I am not saying that there are no gods; | / \ |\| / \ |just that I haven't had the pleasure to meet one.| / \|/|/ \ |-------------------------------------------------| --------\-------- |Disclaimer: My opinions never reflect that of my | / |employer. | \ |=================================================| v |Please CC: responses via E-Mail; I seldom check | |the newsgroups for responses. | |=================================================| | mailto:vagab0nd at sd.cybernex.net | | http://ww2.sd.cybernex.net/~vagab0nd/index.html | | If you think my Sig is big... | |=================================================| From ogren at cris.com Sat Jul 20 19:04:24 1996 From: ogren at cris.com (David F. Ogren) Date: Sun, 21 Jul 1996 10:04:24 +0800 Subject: ITAR's 40 bit limit Message-ID: <199607202345.TAA01019@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Sat Jul 20 19:41:41 1996 Another paradox of the US export regulations. The NSA is allowing 40 bit crypto exports. So as a hypothetical example assume that I write a crypto program that uses 40 bit RC4 to encode data (licensing from RSA). I then get an export license using the accelerated process for 40 bit RC4. I then export my program to Alice who wants to use it to transmit messages to Bob. If she uses my program to encrypt messages to Bob, any reasonably powerful attacker can decrypt her messages. However, what if she runs the program three times with three different passwords. (Ignore the problems of Inner-CBC and Outer-CBC for now.) Now the file is triple RC4 encoded with the equivalent of 80 bit security. Alice and Bob now have strong crypto. And if they run the program five times they have 120 bits of effective protection. The problem of using Inner-CBC is a little tricky, but if we assume that I can export in a DLL format, a Windows program could be written that calls the DLL repeatedly to layer it into triple or pentuple CBC RC4. The entire above discussion is entirely theoretical. I realize that it's a moot point since strong crypto is already perfectly accessible outside of the US. And that strong crypto algorithms can be exported in non-machine readable format (another paradox). (And that running 5-layer RC4 is a really inefficient block cipher.) I just wanted to point out yet another reason why ITAR regulations over crypto are not effectively preventing strong crypto. They are merely making it difficult for American business. - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfFutuSLhCBkWOspAQFH7gf9GDjh1tcktyx3Lo4iSxDFTFoB7fuuJO0l SNlkYH1Akchl02b/CWc6CDSAZ8hxoUfoZpqTD7U0xTs1QqOM7y45r1/RvAet870s mkWL7gS5RmiiGN1bgtm844RPAtAhaE0uzT6wJsPQSfAv94CvZGNJEtF2p5lASs2F fK50gmlSbjhhHoh85s/7Ugl7XzTmRGoZzdKQCGpkc6yTJu/aKDyWU3HVSEY9F4Y3 AaHkardJehv/9xqoxks5eqnwjTSJ8+cAptT1iBo6hW+CKv89wQKK/F8RbQb2FWL2 z4GqFfQHdbxVbnspDNtIRUP5qhJuFRhmuS/ARfTYgTN50Gm5g/Cz2w== =2k+F -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sat Jul 20 20:42:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 21 Jul 1996 11:42:30 +0800 Subject: Filtering out Queers is OK In-Reply-To: <199607192315.QAA24402@server1.chromatic.com> Message-ID: Ernest Hua writes: > The same can be said of the children of the more politically > correct. My opinion is that religion is a waste of time and > resources, and therefore, those who force their children to > be religious is doing precisely the same harm you allude to. > > That is strictly MY opinion. If there are enough of me > around, should we be allowed to force the government to take > children away from their religious parents? More mildly, can > the government "protect" a child from religious ideas? In Russia, under Khrushchev, teaching children religion was viewed as a serious form of child abuse, and its victims would often be taken away and placed in orphanages. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jsw at netscape.com Sat Jul 20 21:06:36 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Sun, 21 Jul 1996 12:06:36 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: <31F18C75.2A4C@netscape.com> Ian Goldberg wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > In article <31EF632D.2B88 at netscape.com>, > Jeff Weinstein wrote: > >Roy M. Silvernail wrote: > >> Anyone sniffing the link > >> knows the filename from previous forms submissions, anyway. > > > > You can't sniff the link, since the form submission and the > >file download are via SSL. > > > But assumedly if they're downloading the 128-bit netscape, then they're > only using the 40-bit version to do it... :-) Well yes, the first time they do it. But the many times they download new versions, from now until the end of time, they can use 128-bit SSL. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From dfloyd at IO.COM Sat Jul 20 21:07:46 1996 From: dfloyd at IO.COM (Douglas R. Floyd) Date: Sun, 21 Jul 1996 12:07:46 +0800 Subject: Opiated file systems In-Reply-To: <4srl21$2rr@abraham.cs.berkeley.edu> Message-ID: <199607210142.UAA07778@xanadu.io.com> > In article <199607182213.RAA10532 at pentagon.io.com>, > Douglas R. Floyd wrote: > >If someone has any ideas on how to slow down attacks like this, please > >E-mail me. It would be nice to have an offsite storage place, but without > >the necessity of giving a bunch of personal info (as with Mcaffee's > >WebStor). > > Charge ecash? > > - Ian Nice idea, but the purpose of this is to make a reliable reference implementation. I will worry about charging after there are reliable OSSS's in existance. Footnote: I cannot call this site once it is constructed a data haven due to the fact that it has no armor (read that its physical location can be found out). That is why I tend to call it an offsite secure storage server. From gnu at toad.com Sat Jul 20 21:10:42 1996 From: gnu at toad.com (John Gilmore) Date: Sun, 21 Jul 1996 12:10:42 +0800 Subject: Crypto '96 reminder -- register if you haven't! Message-ID: <199607210211.TAA26264@toad.com> If you haven't already registered for Crypto '96, you're late! But there's probably still time. They no longer guarantee that they will have space for you, but if they do, you'll get in. See http://www.iacr.org for details. It costs about $640 plus plane fare to attend ($420 conference registration, $220 for dorm space and meals). Plus transportation there and back. It's in a beautiful location at UC Santa Barbara, right next to the beach. The weather, food, and discussions are always good, and it's a great way to meet good cryptographers and discuss the future privacy and security of the world. If the papers look too complicated for you, relax; they're cryptic for academic bureacratic reasons. The actual presentations by their authors are quite well explained, and are often lively and entertaining. If you're doing something interesting with crypto, submit a note for the "rump session", short informal talks about work in progress, which will happen on Tuesday evening during the conference. I hope to be speaking there about my latest crypto projects. John Gilmore From jimbell at pacifier.com Sat Jul 20 21:46:49 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 21 Jul 1996 12:46:49 +0800 Subject: Netscape Message-ID: <199607210113.SAA05824@mail.pacifier.com> At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: >> Do you Seriously Believe that Netscape would prefer foreigners >> to develop and use competing products? Of course not. They are >> probably secretly applauding the brave exporters. > >You are wrong. We are worried that our permission to provide these >products will be withdrawn. As far as I can tell, you need no "permission" to "provide these products", at least domestically. The only restrictions that have been implied have been over the delivery of encryption over the 'net, and even that is questionable. Jim Bell jimbell at pacifier.com From markm at voicenet.com Sat Jul 20 22:13:18 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 21 Jul 1996 13:13:18 +0800 Subject: Netscape In-Reply-To: <31F15D42.1CFB@netscape.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 20 Jul 1996, Tom Weinstein wrote: > Why not consider what the consequences will be? Do you seriously > believe that this will make the government stop enforcing ITAR? The government has yet to enforce ITAR. The only thing they have been doing is threatening companies who make products with strong crypto. If anyone was ever actually put on trial for a violation of ITAR, it would almost certainly be found to be unconstitutional. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfGfu7Zc+sv5siulAQGCCgP+JApL6HQ31ZbG2j/FDmc7LJMjszd6ZcA1 GZDWMzPbI+JNt4zooUsYR9uJoNWz3NppdtRc7y6jp6etddTq+le99EDexujc2DSn s3rq0NSaK0VwZIee0GWhaWahw+URxDNU4A5gWsd/oz3UhVA9R/ltIwtwwE2ctxgi Iv9M/1Ftuoc= =rCQr -----END PGP SIGNATURE----- From mch at squirrel.com Sat Jul 20 22:29:40 1996 From: mch at squirrel.com (Mark C. Henderson) Date: Sun, 21 Jul 1996 13:29:40 +0800 Subject: Firewall Penetration In-Reply-To: <01BB75F4.8F028E40@ip160.i-manila.com.ph> Message-ID: <9607202018.TE16841@squirrel.com> On Jul 19, 17:29, Jerome Tan wrote: > Subject: Firewall Penetration > Is it possible to penetrate a firewall? You could try breaking in to the room the firewall is in. Once in the room, simply rewire the network to bypass the firewall. Be sure that you arrive in the room well equipped. You might want to have a spare router or two, some cables, tools, and hubs, and perhaps something to do address translation. -- Mark Henderson -- mch at squirrel.com, henderso at netcom.com, markh at wimsey.bc.ca ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 unstrip for Solaris, Wimsey crypto archive, TECO, computer security links, change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/ From liberty at gate.net Sat Jul 20 22:38:26 1996 From: liberty at gate.net (Jim Ray) Date: Sun, 21 Jul 1996 13:38:26 +0800 Subject: [Noise] was Re: Giving 6 year old kids [guns] Message-ID: <199607210332.XAA60290@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- After a conversation with a well-respected cypherpunk in private email, I have been convinced to reveal publicly that at age 6 [first grade] I had access to a .22 semiautomatic rifle and a 12GA shotgun, with good safety instruction and accuracy in each (though the 12GA's kick took a bit of getting-used-to). I was instructed to shoot any burglar, and I feel lucky that we never had any. The thought of taking these (or any!) guns to school _never_ entered my mind. I drove a car (on private land) when I was only a bit older. There are certain 6 year olds who are quite capable of taking proper responsibility with firearms, and there are also certain 26 year olds who probably should reconsider gun ownership. That's life. The reason I posted this non-cryptography stuff (sorry, Perry!) here is that many non-US citizens may not understand the strong "gun culture," (which is actually more a gun-safety culture, IMO) in this country. Gun-grabber-hypocrites like syndicated columnist Carl Rowan are provably the *least* safe gun owners, and the evidence also proves beyond any doubt the good old bumper-sticker saying: "Ted Kennedy's car has killed more people than my gun." [Any replies to private e-mail, please.] JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "It is long past time to end the laughable presumption that voters who can easily cope with the choices offered at Burger King are somehow 'confused' by more than two choices at the voting booth." -- me, in the Miami Herald, June 24, 1996, p. 10A. Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray Coming soon, the "Pennies For Perot" page. Keep billionaires off welfare! ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMfGbIm1lp8bpvW01AQG0fgP+LWV9lprYEWahaIhsyLHvMSnc6fjbpDF+ eeTac9Wb1+j78KzT8zxpmnw7I5/nuVZqJRFkZCSjKIclWf2/uzxbi+vRLwf7HWgn iIrnZgv3ozmYZUfCoYx31PbpjT0JYUTxsDvPO+TGwQYuLeYwBH865V3JAXGc7FDO KFB49zbWvnE= =GHZ8 -----END PGP SIGNATURE----- From alanh at infi.net Sat Jul 20 22:52:29 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 21 Jul 1996 13:52:29 +0800 Subject: pledge status In-Reply-To: Message-ID: One recalls the Russian novelist (can't think of his name, the one who wrote _Day in the Life of Ivan Denisovitch_), who stated that if even 1% of all of the Cheka/KGB's arrest-in-the-middle-of-the-night victims had put up some resistance, and maybe have killed a Chekist before being gunned down..... the whole damn system of Stalinist terror would have unraveled, from the lack of police willingness to die for the greater glory of Mr Stalin. I think this has relevance to the black-ninjas-pretending-that-they're-in-a-Hollywood-script thread about cops making unanounced search warrant services at 4am. I have tremendous admiration for my local LEO's. It's the federales that are the problem, usually. From alanh at infi.net Sat Jul 20 23:00:44 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 21 Jul 1996 14:00:44 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <1.5.4.32.19960720185045.0031750c@giasdl01.vsnl.net.in> Message-ID: > race? More often than not, it is the US that has upped the ante. > They consistently had more nuclear warheads than the Soviet > Union, new technologies that disrupted the status quo came > generally from the West. The USA practiced the WWII german approach.... high technology to make up for smaller resource base. The USSR practiced the WWII approach of the Allies.... drown the opponent in your production capacity of basic killing machines. If you are trying to make us believe that the USSR had smaller arsenals and lesser numbers of soliers manning the front lines, you are going to have to take your proposition to one of those "progressive" forums where historical fact is not permitted to get in the way of a good work of ideological fiction. You're two generations too late, old lad..... You should have been a writer of encyclopedia articles for the Stalin regime. From dlv at bwalk.dm.com Sun Jul 21 00:07:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 21 Jul 1996 15:07:12 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607202231.RAA09968@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > JonWienk at ix.netcom.com wrote: > > > > P.S. Chesnokov = Chudov = Vulis = Sternlight = Detweiler > > > > That's an interesting equation. Am I talking to myself? I'm definitely not talking to SternFUD. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Sun Jul 21 01:01:51 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 21 Jul 1996 16:01:51 +0800 Subject: A Snake-Oil FAQ In-Reply-To: <199607202058.QAA19736@unix.asb.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 20 Jul 1996, Deranged Mutant wrote: > Date: Sat, 20 Jul 1996 16:37:40 +0000 > From: Deranged Mutant > To: cypherpunks at toad.com > Subject: A Snake-Oil FAQ > > > I've written a short "Snake Oil FAQ" below. It's incomplete and > needs some work (adding a few definitions, rewording, aesthetic > formatting, etc.), so think of it as a 'beta' FAQ (please don't post > it on web pages, though I don't mind if it's distributed among > anyone interested in criticizing or contributing). Comments and > suggestions would be appreciated. Note that the aim is to write > something accessible to 'newbies'. (Jeremy Barrett contributed to > this, BTW) > > > Snake-Oil Warning Signs > Encryption Software to Avoid > > (Revision 0.1) > > Looks very nicely done. I think you pretty much covered it... but... > > Be wary of marketing gimmicks related to "if you can crack our > software" contests. > Even the best cryptographers and security professionals have done this. RSA did it with their Public Key system, which took 20+ years to break. Throughout history, many security mechanisms, even the best ones, including Cyphers, Locks, Firewalls, etc. have been known to go as far as to offer prizes (some extremely high, upwards of a million dollars, some as low as RSA's famous $100 prize) I think that this one really is just a bit too broad. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfHIJDAJap8fyDMVAQEucAf+JxcuBAIoI0pamvlryqLQETpwrBPoVaPi EUMNWNY1B3iG9nuQ/3U5mhdMNK0ih4RoCDifMPnKGD+iDIjUoMHmGEDtScBCLVe2 cDaAQ54JXpwNvlzhmfvaPc4wUZD/gDgtHBHLOoLZNarEPNgVLtYuFgeJeCEruqTX UU5usrgoMUZrxT/dRnYcPs6YRT7cgOxnOWNnTsZBiIpDyEkvGPZBxZhDp25DESTq q0zE9BLmWCgpHyi3QYXCfOTMLhkd4k/mt/LSZtEDHl55kLphtQN4N1Y1xgNK5BIs o5cjzh7aRLc0fvw8WG1i85dxtRBhXIPAUA8sRVyPhHu9qiw82D1qcA== =01xE -----END PGP SIGNATURE----- From jimbell at pacifier.com Sun Jul 21 01:38:18 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 21 Jul 1996 16:38:18 +0800 Subject: ABC news on Internet Telephony Message-ID: <199607210632.XAA16792@mail.pacifier.com> At 12:37 AM 7/21/96 +0200, Remo Pini wrote: >>A single central office has many times the bandwidth of the widest >>part of the internet, and the average state has hundreds of CO's. >>If even a small portion of the Internets current users tried >>placing a call things would grind to a halt. A huge increase in the >>number of backbones and their bandwidth would solve this, but who >>will pay the bill? > >I guess Internet-telephony is one of the bandwidth killers. Potentially. However, there has been some mention of a new standard for voice compression that puts voice into 2400 bits per second, a factor of about 25 lower than the phone company normally uses. (They use 8,000 samples per second at 8 bits per sample, companded.) At that rate, a pair of modern, 2.4 Gb/s fibers could handle 1 million simultaneous phone calls. Since some of the newer fiber systems put 8 or more separate channels down a single fiber, that would work out to 8 million conversations. I have to conclude that we shouldn't even be close to running out of Internet capacity, _IF_ it were driven by state-of-the-art fiber and similar-speed switches. But it probably isn't. At best, Internet probably only gets a fraction of the capacity of a given fiber wherever it flows. This will have to change. >>TANSTAAFL >> >>Sometime ago the discussion was on the cost of laying new fiber, >>may I suggest the realworld heuristic of "a million dollars a >>mile." > >There are of course a lot of alternatives: In most cases, "new fiber" isn't needed, and will probably only be rarely needed on long-distance links. As I understand it, most cableways are laid with extra tubes, into which new fiber cables can be blown in (using compressed air) long after the trench is filled. The specific example I saw, there were three 2" diameter tubes in a larger tube, and according to the contractor (I asked...) only one of the tubes would be filled at that time. In addition, while he wasn't sure, he thought that at least some of the 36-fiber cable in that one tube would remain "dark," or unused until it was later needed. I don't know how expensive it is to add that extra fiber cable into an existing tube, but it would be VASTLY cheaper than the original trenching operation. Further, much of the improved transmission technology can be used on the older fibers to increase their capacity: A fiber now used to transmit a single 2.4 gigabit signal can be upgraded, simply using new channelized transmitters and receivers to increase the data rate to 8 or 16 times the previous rate. Jim Bell jimbell at pacifier.com From llurch at networking.stanford.edu Sun Jul 21 01:41:12 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sun, 21 Jul 1996 16:41:12 +0800 Subject: Netscape In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 20 Jul 1996, Mark M. wrote: > On Sat, 20 Jul 1996, Tom Weinstein wrote: > > > Why not consider what the consequences will be? Do you seriously > > believe that this will make the government stop enforcing ITAR? > > The government has yet to enforce ITAR. The only thing they have been doing > is threatening companies who make products with strong crypto. If anyone was > ever actually put on trial for a violation of ITAR, it would almost certainly > be found to be unconstitutional. So do it. None of this anonymous bullshit, or trying to drag Netscape into it. I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only need one volunteer with a lot of time on his/her hands. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfHPwpNcNyVVy0jxAQEckQH/UfScMaluCISTxIQeFEGysHlJ0bdEirJS XVnuXDA/CPlD7TtCHBOUCcoCn/bCq5rMngLkbtKvDMHCgpRiADTpuA== =BWaW -----END PGP SIGNATURE----- From mpd at netcom.com Sun Jul 21 02:12:06 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 21 Jul 1996 17:12:06 +0800 Subject: Filtering out Queers is OK Message-ID: <199607210701.AAA00292@netcom10.netcom.com> David Sternlight (david at SternBot.com) writes: > There are many others who have come to similar conclusions > about the formation of independent judgement in children, > and lots of non-Piaget experiments. Your comments are > diversionary and in fact by the end of your post you come to > agree with my basic point. Every doctrine has its followers, and I will admit "Piaget-Speak" is still quite popular in certain circles, and its buzzwords are often heard in arguments promoting child inferiority and dismissing childrens' concerns. That hardly means I agree with your basic point, which is that parents should be able to do whatever they want in controlling their childrens' information sources without their children having any recourse against them. > That is also false in its implications. Librarians are in > loco parentis, This, of course, varies with local statutes, as does the legal definition of "In Loco Parentis." Generally it applies to teachers, people hired to care for children, and some relatives, such as grandparents. I am not familar with any locale where librarians are specifically mentioned, and most librarians will be more than happy to explain to you that a library is not a free babysitting service, and that they are not caregivers. > and most libraries are VERY careful about what materials > young children are exposed to and what is more, are > responsive to community pressure in the matter since most > libraries are community-based. Most libraries let "young adults" (read anyone who has hit their teenage years) read pretty much anything they want. "Parents on the warpath" have managed to apply pressure in recent years, and libraries are a bit less free than they used to be, but I think the American Library Association has done a pretty good job in standing its ground against agitators and pressure groups. > So after trying to refute my point, you come to agree with > it and want to shift the issue to the question of at what > age.... No - I stated in my original message that young children do need some reasonable constraints to guard them from exposure to material which might cause them emotional pain. This is far different from your assertion that minors (everyone under 18) should have no access to any information that their parents do not pre-approve. > I'm not competent to assess that nor, I assert, are you; I > suggest it varies with the child and it's up to the > individual parent to make those subtle distinctions, issue > by issue, child by child. Nothing subtle about it David. Once young people have passed through early childhood, the burden of proof is on anyone who suggests that they should be insulated from social and political reality to provide a convincing reason why. Parental capriciousness doesn't qualify. > As I parse the above sentence it says limiting is often > justified but it might not be. Parse the sentence again. What it says is that although "protecting children" is often the excuse used to limit older childrens' access to controversial material, the reality is that it is usually an effort to control their thinking on certain issues by making sure they have only one viewpoint, that of their parents. > If so, it's up to the parents to figure ou where THEIR kid > is on the scale--nobody else has as much time, motivation, > or opportunity to observe. As is usual with Statists, the argument is seen as a debate over who should be doing the controlling, the notion that everyone needs to be controlled being a foregone conclusion. Perhaps it's time to take Perry's pledge. :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From adamsc at io-online.com Sun Jul 21 03:29:24 1996 From: adamsc at io-online.com (Chris Adams) Date: Sun, 21 Jul 1996 18:29:24 +0800 Subject: pledge status Message-ID: <199607210810.BAA06451@cygnus.com> On 20 Jul 96 23:12:20 -0800, alanh at infi.net wrote: >One recalls the Russian novelist (can't think of his name, the one who >wrote _Day in the Life of Ivan Denisovitch_), who stated that if even 1% Solzhenitsyn? (Spelling may be wrong) Very good, BTW. >of all of the Cheka/KGB's arrest-in-the-middle-of-the-night victims had >put up some resistance, and maybe have killed a Chekist before being >gunned down..... the whole damn system of Stalinist terror would have >unraveled, from the lack of police willingness to die for the greater >glory of Mr Stalin. >I think this has > relevance to the >black-ninjas-pretending-that-they're-in-a-Hollywood-script thread about >cops making unanounced search warrant services at 4am. > >I have tremendous admiration for my local LEO's. It's the federales that >are the problem, usually. I'm thinking of Waco, where, I've heard, more experienced SWAT-types tried to talk their bosses out of a certain infamous mistake... // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From stewarts at ix.netcom.com Sun Jul 21 04:11:33 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 21 Jul 1996 19:11:33 +0800 Subject: Netscape Message-ID: <199607210854.BAA01300@toad.com> At 05:24 PM 7/19/96 -0700, Rich Graves wrote: >On Fri, 19 Jul 1996, Anonymous wrote: >[on hacktic] >> netscape-fts2-hp10.tar.gz Fast Track Server 2.0 for HPUX10 >> netscape-fts2-nt.exe Fast Track Server 2.0 for WinNT >> netscape-hpus-30b5.tar.gz Navigator 3.0b5 for HP-UX >> netscape-linux-30b5.tar.gz Navigator 3.0b5 for Linux >> netscape-ssl30-src.tar.gz SSL 3.0 source code >> netscape32us-30b5.exe Navigator 3.0b5 for Win95/NT > >And thus it begins... I think it's a bad idea to provoke the TLAs like this, >but I suppose it's inevitable. (But doesn't anyone use Macs or Suns?) Appears that they don't use Windows 3.1 16-bit versions either. BTW, the executable is _huge_ - over 3MB, and that doesn't seem to include all the plugins from previous versions. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From stewarts at ix.netcom.com Sun Jul 21 04:28:42 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 21 Jul 1996 19:28:42 +0800 Subject: Netscape Message-ID: <199607210918.CAA01556@toad.com> At 11:10 PM 7/20/96 -0400, "Mark M." wrote: >On Sat, 20 Jul 1996, Tom Weinstein wrote: >> Why not consider what the consequences will be? Do you seriously >> believe that this will make the government stop enforcing ITAR? > >The government has yet to enforce ITAR. The only thing they have been doing >is threatening companies who make products with strong crypto. If anyone was >ever actually put on trial for a violation of ITAR, it would almost certainly >be found to be unconstitutional. First of all, the goverrnment _has_ enforced ITAR; I've seen references (ummm, on the net...) to a few cases of things like exporting TV decryptors, as well as all the enforcement about illegal trafficking in guns and such. But second, if you're threatened with jail and large fines, and have to pay your lawyers lots of money to avoid being railroaded, that's enforcement even if it's not the full-scale due process type. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From paul at mycroft.actrix.gen.nz Sun Jul 21 04:32:44 1996 From: paul at mycroft.actrix.gen.nz (Paul Foley) Date: Sun, 21 Jul 1996 19:32:44 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607201438.KAA07420@jekyll.piermont.com> Message-ID: <199607210716.TAA09432@mycroft.actrix.gen.nz> "Perry E. Metzger" wrote: The opening in the barrel of just about every rifle or pistol I've looked at seems to be about half an inch or less. Perhaps you have been looking at the 18" guns on the battleship "New Jersey"? Perry They'd be 16" guns. I think only the Japanese had a battleship with 18 inchers. -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- "Outside of a dog, a book is a man's best friend: and inside a dog, it's too dark to read." -- Groucho Marx From stewarts at ix.netcom.com Sun Jul 21 04:48:05 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 21 Jul 1996 19:48:05 +0800 Subject: ITAR's 40 bit limit Message-ID: <199607210918.CAA01561@toad.com> At 07:45 PM 7/20/96 -0400, "David F. Ogren" wrote: >Another paradox of the US export regulations. >The NSA is allowing 40 bit crypto exports. So as a hypothetical example >assume that I write a crypto program that uses 40 bit RC4 to encode data >(licensing from RSA). I then get an export license using the accelerated >process for 40 bit RC4. ....... >However, what if she runs the program three times with three different >passwords. (Ignore the problems of Inner-CBC and Outer-CBC for now.) Now >the file is triple RC4 encoded with the equivalent of 80 bit security. Not always possible. The rule isn't just "40 bit crypto" it's "permission, which you won't get with over 40 bits unless you're very cooperative." Applications like Netscape's SSL don't give you the ability to feed your data through it three times; they process your stream of data and send it. Also, some 40-bit systems put known plaintext at the beginning of their output (e.g. a magic number saying that this file is in FooBar40 format) which means that even if you quintuply encrypt them, you still only have several layers of 40-bit encryption that you can peel one at a time. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From amehta at giasdl01.vsnl.net.in Sun Jul 21 05:11:27 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Sun, 21 Jul 1996 20:11:27 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <1.5.4.32.19960721091945.002f59b0@giasdl01.vsnl.net.in> At 21:57 20/07/96 -0700, Timothy C. May wrote: > >Fortunately, the goal of MAD was to >not have to be used, and it appears now to have worked quite well (albeit >at high cost). My problem with applying game theory to complex situations like the competition between powerful nations is that it is too simplistic. IANAE, of course, though I have done some control theory, and know how complex the modelling of any system becomes if it contains non-linearities, delays, etc. In a closed-loop system, i.e. with feedback, trying to predict behaviour without the foggiest notion of how to quantify the impact of Kennedy's grandstanding on the Kruschev mind (for instance) is questionable. To suggest that MAD worked well on the basis of the limited tryout we gave it has little validity. If it hadn't, we wouldn't be here, would we? We are trying to draw general conclusions based on a biased sample of one. Reminds me of this committee of the British Royal Air Force, trying to find ways to protect its planes better against German anti-aircraft guns. Someone proposed putting an extra layer of armour on those areas that received the most shelling, and most people seemed to like the idea. One upstart suggested the exact opposite: putting extra armour on those areas which had received the least shelling. "Remember," he said, "we can only examine the planes that came back." I also have a problem with the cost you mention. What is "winning" in the context of nations? The arms race wiped out the Soviet Union, and arguably seriously hampered the competitiveness of American industry (which was No.1 at the end of the war), allowing countries like Japan and Germany, with far smaller defence budgets, to overtake industrially. >Useful sources: Thank you for the tips: I will check them out. Game theory is fascinating -- I'm just not sure how applicable it is in formulating policy. Didn't work too well in Vietnam... Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From ecgwulf at worldnet.att.net Sun Jul 21 05:45:15 1996 From: ecgwulf at worldnet.att.net (Llywarch Hen) Date: Sun, 21 Jul 1996 20:45:15 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <2.2.16.19960721102109.1d6775d2@postoffice.worldnet.att.net> Timothy May wrote: >Game theory is terribly important to Cypherpunks. Definite agreement here. Wait ... it gets better. > . . . Creating a terrifying image, >an image of crazed indifference, is a useful thing. Certainly the S.S. >understood the power of their frightening uniforms and the "myth" of their >bloodthirstiness. (Note: I am not saying their bloodthirstiness was a myth, >but that they deliberately cultivated this image. Intimidation works, >game-theoretically.) What Timothy May espouses is not the appearance of craziness but actual insanity itself. > . . . Even the "MAD" policy of "mutually assured >destruction" has game-theoretic justification. (Indeed, this is virtually a >truism, given the role game theory and the RAND Corporation played in the >devising of the MAD strategy.) While humanists and liberals may cluck at >the admittedly horrible consequences of MAD, were it ever implemented, it >is solidly grounded in these "games." Fortunately, the goal of MAD was to >not have to be used, and it appears now to have worked quite well (albeit >at high cost). Recall that during the time MAD supposedly worked that both of Reagan and Brezhnev were comatose much, if not all of the time. The crazies were out of the picture. Who was in charge? Let's suppose it was the generals. Who would know better their systems were shit? Recall on the day that Reagan was shot that Alexander Haig appeared on national TV and announced 'I am in charge here.' Haig was not constitutionally in charge of anything. Did he mean 'we' not 'I'. Who would that 'we' be? The twentieth century is drawing to a close as the world's most bloodthirsty by far: 40 mil under Stalin, 25 mil under Mao, 8 mil under Hitler, and so on. There are no heroes. Timothy May suggests that we continue to play his stupid game. Much of the cold war for public consumption was predicated on the notion that ends do not justify means. It was rather profitable for some interests however. The numbers speak for a strong info-war capability. But what we are asked to do is to refight the last war with grandpa, who we find out stayed home and watched it on TV but gets off on all this scary shit. Especially the uniforms. Perhaps Timothy May through luck, manipulation and hard work has made it up toward the head of the line to feed at the public trough and then declare to the rest of us that we have a free and competitive market. He will cite Hudson, Heritage, RAND, ... AEI, and Cato whose shining lights best understand who it is that is signing their paychecks. These are the folks that bought us Vietnam, did not pay for it in lives or money, but profited immensely. He cites Kahn whose best game is the consulting game. Wanna buy a hot stock? Buy Steven Emerson -- guy's gonna take off. -- Llywarch Hen From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sun Jul 21 06:59:33 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sun, 21 Jul 1996 21:59:33 +0800 Subject: Netscape In-Reply-To: Message-ID: <199607211152.HAA03185@pdj2-ra.F-REMOTE.CWRU.Edu> Rich Graves writes: : -----BEGIN PGP SIGNED MESSAGE----- : : On Sat, 20 Jul 1996, Mark M. wrote: : > On Sat, 20 Jul 1996, Tom Weinstein wrote: : > : > > Why not consider what the consequences will be? Do you seriously : > > believe that this will make the government stop enforcing ITAR? : > : > The government has yet to enforce ITAR. The only thing they have been doin : g : > is threatening companies who make products with strong crypto. If anyone w : as : > ever actually put on trial for a violation of ITAR, it would almost certain : ly : > be found to be unconstitutional. : : So do it. None of this anonymous bullshit, or trying to drag Netscape into : it. : : I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only need : one volunteer with a lot of time on his/her hands. : Fortunately one does not have to be prosecuted to test the constitutionality of the ITAR as they apply to cryptography: the Bernstein and Karn cases have already been brought and at least one other is in the pipeline. But no one seems to be setting up a Legal Attack Fund to support such litigation. Perhaps some of those active on the cypherpunks list would be interested in creating and supporting such a fund. One would hope that those corporate interests who keep complaining about how the ITAR cut into their potential profits would be willing to contribute. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From jya at pipeline.com Sun Jul 21 07:29:52 1996 From: jya at pipeline.com (John Young) Date: Sun, 21 Jul 1996 22:29:52 +0800 Subject: Devil's Bargain Message-ID: <199607211209.MAA05035@pipe6.t2.usa.pipeline.com> The New York Times, July 21, 1996, WIR, p. 5. The Devil's Bargain of a Better World By Tim Weiner Washington. The arc of the burning plane falling into the ocean, the fire glowing on the dark waters, shed light on how vulnerable we are. When a jumbo jet falls from the sky, technology has failed or terrorism has succeeded. In the hours after Flight 800 went down off Fire Island, everyone in officialdom said there was no reason to believe it was a terrorist attack. Nearly everyone else instinctively believed it was. However the facts turn out, it is revealing that Americans thought first of a bomb borne by angry men on a mission from God. There was no more evidence to blame it on it was close enough to truth, given the absence of facts, Americans' shared fear of terror and their faith in technology. In any event, if the crash turns out to have been an accident -- horrible but still an act of God -- the relief may be fleeting. "It doesn't matter whether it was a bomb or not, in the way we think of it -- it's what we expect," said Ronald Steel, professor of International relations at the University of Southern California and author of "Temptations of a Superpower" (Harvard, 1995). "We know it's going to happen somewhere --if not this airplane, then the World Trade Center, Lockerbie, the bombs in Saudi Arabia and Paris and London. This is a part of our life. If for some reason this wasn't a bomb, we better get ready for one tomorrow." [See Steel's NYT Op-Ed today: http://jya.com/rsteel.txt.] High-Tech Freedom With the doubled-edge sword of technology, Americans have carved a world of gleaming aircraft and guided missiles. The airplanes that transport them, the cell phones and television cables and computers that link them, define how they live, how they work, how they take their pleasure. They are right up there with freedom of speech and religion, freedom from want and fear. They make America rich, powerful, and free. But Americans cannot control technology; increasingly, it controls them. And when the people Americans fear get their hands on it, the fear is accelerated and amplified by 500 channels of interwoven media hype. The airlines and telephones and E-mail that connect Americans connect those other people too: a computer disk is the crucial piece of evidence in the current trial of Ramzi Ahmed Yusef, accused of planning to blow a fleet of commercial planes from the sky (and in a pending case, of leading the World Trade Center bombing). The subway rider poisoned in Tokyo and the American soldier blown out of bed in Dhahran share a common knowledge: High technology may make a fine sword, but it is a flawed shield. It cannot stop every nut with a grudge. Americans are slowly getting used to the idea that one can no longer go through the world without passing through security. They are learning to live with terror and the technology of counter-terrorism, as people have for years in Tel Aviv and Cairo, Belfast and Berlin, Karachi and Algiers. They all visit those cities now; they enter them every time they walk through a metal detector. So life feels more and more like an international airport: identity checkpoints and security zones in concrete and glass buildings, pretty flowers planted in concrete barricades outside, robot voices delivering warnings. The fear means they arrive early to spend more down time waiting in line to pass through security. So they adapt, thinking: That's not a barricade, it's a flowerpot. They give up a little freedom in exchange for feeling safe, "all watched over," as the late poet Richard Brautigan wrote, "by machines of loving grace." Visitors The people who hate, love, envy and fear America's prosperity and power, also pass through that international airport. The United States needs their oil for fuel; it needs their sweat for work Americans don't do any more. They are woven into America, traveling through open lines of trade and telecommunications and technology. So everybody learns to live with the fear of the bomb in the cargo bay: you have to catch that plane if you have business abroad. If the United States were determined to buy machines that could sniff out the Semtex in the boombox, it could have done it -- the cost is perhaps $2 billion, or slightly less than one Stealth nuclear bomber. But that is not the war Washington prepared to fight after Vietnam. Generals today want wars they are sure to win. We -- the United States -- have the smart bombs, built with the billions that bankrupted Moscow and made America Number One. They -- the furious and the powerless -- have the dumb bombs, made from fertilizer and fuel oil, ignited by rage and religion. But the United States can't stop them all, not with its ever-tightening laws, not with its trillion- dollar military, not with its weapons and warheads. So the thinking goes. On the simplest level, terrorism works: it terrifies. It can increase the technology of control and erode the edges of the Constitution. That can fuel the fear of Big Brother, make people paranoid -- and in turn promote the homegrown madness that exploded last year in Oklahoma City. Terrorism cannot destroy the United States, but it has the power to wound, outrage, sadden and change it. When Iranians took Americans hostage and controlled the nation's politics from half a world away, when a suicide bomber blew up 241 American soldiers in Beirut and drove the Marines from Lebanon, when the World Trade Center shook, when the Dhahran barracks went up in smoke, it expressed a burning anger in the world, the anger of the poor and the powerless and the God-mad and the stateless. The Method Through repetition, Americans are slowly coming to recognize the method in this madness: These attacks are meant as blows against the global dominance of American culture, money, power and technology. Mr. Steel says the United States' stature as the one surviving superpower and the architect of the new world order is the very thing that makes it a target. "Terror," he says, "is the weapon that the powerless use against the powerful. We don't have any conception of what an ideologically threatening power we are to people who have different beliefs. Globalization and modernization are truly threatening to people. They're even threatening to the working class in this country because they drive down wages. The very faith in technology that we spread is something that runs head-on into another faith based on tradition, asceticism and authority. We're the alien ideology now." [End] ---------- The New York Times, July 21, 1996, p. 25. Top F.B.I. Investigator Is Known for Bluntness James K. Kallstrom the head of the Federal Bureau of Investigation s New York City office, is a technical wizard who has bugged, wiretapped and generally bedeviled mobsters, terrorists and other criminals for more than two decades. The crash investigation is the first major, high-profile investigation of Mr. Kallstrom's tenure of a year and a half. Since Wednesday night, Mr. Kallstrom has spent most of his time shuttling, in a Blackhawk military helicopter, between the F.B.I. command center, at 26 Federal Plaza in Lower Manhattan, and the crash site, where he has held two press conferences a day with a top official of the National Transportation Safety Board. Mr. Kallstrom is known for a no-nonsense, blunt approach with his colleagues. He also never passes up a chance to express some strongly felt opinions, they say. Often, Mr. Kallstrom has offered his long-held view that Congress is not doing enough to help Federal law enforcement in its fight against criminals who use new technologies, such as the Internet. Since the crash Wednesday night, Mr. Kallstrom has had a strong suspicion that it was tied to a bomb or missile. "You have a lot of things that look like terrorism," Mr. Kallstrom said at a press conference Friday afternoon. "At some point in time, we're going to reach critical mass and then we're going to be prepared to say exactly what we think it is." As late as last night, he said he had not seen anything to make him change that opinion. But publicly, at least, Mr. Kallstrom has been reluctant to declare that the crash was caused by a bomb or missile until physical evidence, enough to reach a "beyond a reasonable doubt" threshold, is found. By selecting Mr. Kallstrom as assistant director in charge of the New York Office in February 1995, the F.B.I. Director, Louis J. Freeh, chose one of the bureau's most respected surveillance experts, a man whose techniques played a critical role in the arrests of every major organized crime leader and terrorist in New York in the last 20 years, including those involved with the World Trade Center bombing in 1993. [End] From dlv at bwalk.dm.com Sun Jul 21 08:16:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 21 Jul 1996 23:16:26 +0800 Subject: Game Theory and its Relevance to Cypherpunks In-Reply-To: <2.2.16.19960721102109.1d6775d2@postoffice.worldnet.att.net> Message-ID: Llywarch Hen writes: > 25 mil under > Mao, 8 mil under Hitler, and so on. I'm not sure where you got these figures... Hitler had 12 million people killed in death camps alone, about half of whom were Jews. I've heard estimates of 100 mil killed during the cultural revolution alone. This doesn't even begin to include the _war dead, which would be relevant to your thread. As for historical parallels, these guys were pussies compared to the Mongol invasions, or for that matter Roman conquests. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ses at tipper.oit.unc.edu Sun Jul 21 08:16:40 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Sun, 21 Jul 1996 23:16:40 +0800 Subject: New Cypherpunks, New Danger Message-ID: paranoid rants have their place; however, if they keep bursting into cypherpunks without knocking first, there could be an accident. Lithium.... it's not just for watch batteries anymore. From dlv at bwalk.dm.com Sun Jul 21 08:27:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 21 Jul 1996 23:27:19 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607210716.TAA09432@mycroft.actrix.gen.nz> Message-ID: Paul Foley writes: > "Perry E. Metzger" wrote: > > The opening in the barrel of just about every rifle or pistol I've > looked at seems to be about half an inch or less. Perhaps you have > been looking at the 18" guns on the battleship "New Jersey"? > > Perry > > They'd be 16" guns. I think only the Japanese had a battleship with 18 > inchers. I've seen cruise missiles and they look much more impressive if you know what's inside. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frankw at in.net Sun Jul 21 08:28:16 1996 From: frankw at in.net (Frank Willoughby) Date: Sun, 21 Jul 1996 23:28:16 +0800 Subject: Firewall Penetration Message-ID: <9607211223.AA29688@su1.in.net> At 08:18 PM 7/20/96 -0700, Jerome Tan allegedly wrote: > Is it possible to penetrate a firewall? Absolutely. (Having done so a time or two) FWIW, of @70 firwalls on the market, only @5 are adequate to protect a company from the hazards of the Internet. Before anyone asks, Fortified Networks is a vendor-neutral InfoSec Consulting company and doesn't sell firewalls or other security products. Best Regards, Frank Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc. Fortified Networks Inc. - Information Security Consulting http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817 Home of the Free Internet Firewall Evaluation Checklist From pclow at pc.jaring.my Sun Jul 21 09:40:41 1996 From: pclow at pc.jaring.my (peng-chiew low) Date: Mon, 22 Jul 1996 00:40:41 +0800 Subject: Firewall Penetration In-Reply-To: <9607211223.AA29688@su1.in.net> Message-ID: <31F25025.3509@pc.jaring.my> Frank Willoughby wrote: > FWIW, of @70 firwalls on the market, only @5 are adequate to protect > a company from the hazards of the Internet. And of course, we would have to pay to find that out, right? :) From setho at westnet.com Sun Jul 21 09:49:41 1996 From: setho at westnet.com (Seth Oestreicher) Date: Mon, 22 Jul 1996 00:49:41 +0800 Subject: American People the relation to the Police Message-ID: <1.5.4.32.19960721143242.00912b24@westnet.com> At 09:34 AM 7/21/96 +0600, you wrote: >At 08:56 20/07/96 -0400, you wrote: >> Why >>is foreign aid allowed to continue when it is not allowed by the >>Constitution? (I could go on and on.....) > >Isn't there a gap between "not allowed" and "disallowed"? The >Constitution couldn't possibly have foreseen the problems of >today, and the global role the US plays (or seeks to). >Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org >http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key That's like saying the Bible is outdated because it was written several thousand years ago. If the law must change debate it, vote on it, and implement it. Don't circumvent it! I mean should we take away free speech because more people lie today than ever before in history? Or should we take away our religous rights because of the David Koresh's of the world? Should we take away the guns of the people because less than 30,000 people a year die of gunfire? (less than .01% of the nation!) Should we take away the double jeopardy clause just because O.J. Simpson *IS* guilty? Seth From david at sternlight.com Sun Jul 21 10:14:33 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 01:14:33 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607200646.CAA15585@lists.gateway.com> Message-ID: At 11:10 AM -0700 7/20/96, Vinnie Moscaritolo wrote: > On 19 Jul 1996 19:51:39 Hallam-Baker wrote >>It is no coincidence that the Tree of Liberty needs to be watered with >>blood on occasion. > >As a native Bostonian, I have to tell you that the original "Tree of >Liberty" was cut down many many years ago and in it's place now stands a >storefront, if you look up onto the second floor you will notice a frieze >of a tree. This is all that stands to commemerate the "Tree of Liberty". > > >oh btw that storefront is in the comabat zone of boston, and the last time >I checked that store was called either the "Naked I"or the "Pussycat >lounge", can you guess what they sell? > This is too good to pass up. The modern version, then is: "The tree of liberty must be titillated with the money of sex-seekers." David MIT '54 From david at sternlight.com Sun Jul 21 10:18:10 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 01:18:10 +0800 Subject: MIT harassed over publication of PGP book In-Reply-To: <2.2.32.19960720220935.0086d2c0@panix.com> Message-ID: At 3:09 PM -0700 7/20/96, Duncan Frissell wrote: >At 02:06 AM 7/10/96 EDT, Hal Abelson wrote: >> >>Now, we learn of a back channel communication from State to DOE to >>Sandia, which has prompted Sandia to want to act as a policeman for >>MIT vis a vis export controls. >> >>This is troubling for what it says about how the State Department is >>dealing with export issues surrounding information about cryptography, >>and about the extent to which policies are being administered in a >>clear and above-board manner. > >A blue ribbon panel of Ivy League administrators warned in the mid 1950s >that Universities which accepted public funds would lose their independence >and become mere functionaries of the federal government. They were right >and you all had fair warning. > As Hal Abelson should well know, at least the undergraduates at MIT used to call the John T. Dorrance Lab (a big food sciences building) "the Campbell's Soup Lab". It's not just government. David From ichudov at algebra.com Sun Jul 21 10:26:31 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 22 Jul 1996 01:26:31 +0800 Subject: Game Theory and its Relevance to Cypherpunks In-Reply-To: Message-ID: <199607211513.KAA14942@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > Llywarch Hen writes: > > 25 mil under > > Mao, 8 mil under Hitler, and so on. > > I'm not sure where you got these figures... Hitler had 12 million people > killed in death camps alone, about half of whom were Jews. I've heard estimates > of 100 mil killed during the cultural revolution alone. This doesn't even > begin to include the _war dead, which would be relevant to your thread. > > As for historical parallels, these guys were pussies compared to the > Mongol invasions, or for that matter Roman conquests. In Iran, Chenghis Khan killed 30 millions out of 40 who previously lived there. It basically proves that people now are no better and no worse than people then. Really, there is no reason for things to be otherwise. Similarly, I do not uderstand why futurists paint so rosy pictures of the 21st century. I think that it will be at least just as full of shit as this one. - Igor. From david at sternlight.com Sun Jul 21 10:29:13 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 01:29:13 +0800 Subject: Netscape In-Reply-To: <199607200930.LAA08360@basement.replay.com> Message-ID: At 3:27 PM -0700 7/20/96, Tom Weinstein wrote: >>> And thus it begins... I think it's a bad idea to provoke the TLAs >>> like this, but I suppose it's inevitable. >> >> Why is it a bad idea? If you don't do it, you support the ITAR >> by your lack of action! Every day that you don't export strong >> crypto you assist the enemy. > >Why not consider what the consequences will be? Do you seriously >believe that this will make the government stop enforcing ITAR? Do you >believe it will make them change the law? No. What it will do is make >them remove our permission to distribute this stuff. Remind anyone of the old aphorism "I will fight to the death the right to say it. Your death."? David From david at sternlight.com Sun Jul 21 10:48:38 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 01:48:38 +0800 Subject: Filtering out Queers is OK In-Reply-To: <199607210701.AAA00292@netcom10.netcom.com> Message-ID: At 12:01 AM -0700 7/21/96, Mike Duvos wrote: >David Sternlight (david at SternBot.com) writes: The above suggests your mind is closed. I'm going to respond once for the benefit of other readers before plonking you. Feel free to e-mail me if you really want a discussion and not just to hear yourself talk. > > > There are many others who have come to similar conclusions > > about the formation of independent judgement in children, > > and lots of non-Piaget experiments. Your comments are > > diversionary and in fact by the end of your post you come to > > agree with my basic point. > >Every doctrine has its followers, and I will admit "Piaget-Speak" >is still quite popular in certain circles, and its buzzwords are >often heard in arguments promoting child inferiority and >dismissing childrens' concerns. Irrelevant. > >That hardly means I agree with your basic point, which is that >parents should be able to do whatever they want in controlling >their childrens' information sources without their children >having any recourse against them. The job of a parent is exactly that. The "benevolent despotism" begins totally, when a child is unable to survive physically unaided, and gradually diminishes as a child achieves increasing independence--to eat, to walk, to read, to think, to make independent critical judgements. > > > That is also false in its implications. Librarians are in > > loco parentis, > >This, of course, varies with local statutes, as does the legal >definition of "In Loco Parentis." Generally it applies to >teachers, people hired to care for children, and some relatives, >such as grandparents. I am not familar with any locale where >librarians are specifically mentioned, and most librarians will >be more than happy to explain to you that a library is not a free >babysitting service, and that they are not caregivers. This is a massive evasion. I referred to librarians' traditional role in managing children's reading. Most libraries (for instance) won't permit young children in the adult stacks, and many have a children's card that isn't valid for certain kinds of books. Further, librarians often observe what children are reading and try to gently guide them--mostly informed by the child's tastes but also with a certain "keep them out of hot water" flavor. Big, busy libraries may not be able to do that, but I am forever grateful for mine in Hartford, Connecticut. Under the gentle guidance of librarians my intellectual development was stimulated in such a way that I'm convinced it was one factor in my eventually being able to get into MIT. And yes, they wouldn't let me into some sections until I was at an age where they thought I could handle it. > > > and most libraries are VERY careful about what materials > > young children are exposed to and what is more, are > > responsive to community pressure in the matter since most > > libraries are community-based. > >Most libraries let "young adults" (read anyone who has hit their >teenage years) read pretty much anything they want. We're not talking about "young adults" here. It's been clear from my comments from the beginning that I was talking about young children. Piaget didn't do all that much with teen-agers. > "Parents on >the warpath" have managed to apply pressure in recent years, and >libraries are a bit less free than they used to be, but I think >the American Library Association has done a pretty good job in >standing its ground against agitators and pressure groups. This has to do with attempted censorship of what adults may read, and is totally off-topic. > > > So after trying to refute my point, you come to agree with > > it and want to shift the issue to the question of at what > > age.... > >No - I stated in my original message that young children do need >some reasonable constraints to guard them from exposure to >material which might cause them emotional pain. More than that, you conceded that the constraints should be tailored to the age of the child (or at least what could be observed about the child's maturity). That was my only point and one with which you at first disagreed. Reread your post--you are really blind to your own prejudices about my posts. > >This is far different from your assertion that minors (everyone >under 18) should have no access to any information that their >parents do not pre-approve. I never said that. Please provide evidence that I did. > > > I'm not competent to assess that nor, I assert, are you; I > > suggest it varies with the child and it's up to the > > individual parent to make those subtle distinctions, issue > > by issue, child by child. > >Nothing subtle about it David. Once young people have passed >through early childhood, the burden of proof is on anyone who >suggests that they should be insulated from social and political >reality to provide a convincing reason why. Parental >capriciousness doesn't qualify. On this we disagree. It is a legitimate disagreement. And "capriciousness" is a dishonest misrepresentation of what I said. > > > As I parse the above sentence it says limiting is often > > justified but it might not be. > >Parse the sentence again. What it says is that although >"protecting children" is often the excuse used to limit older >childrens' access to controversial material, the reality is that >it is usually an effort to control their thinking on certain >issues by making sure they have only one viewpoint, that of their >parents. Reread your own sentence (which I note you don't quote). It says what I claim, not your revisionist rewriting above. > > > If so, it's up to the parents to figure ou where THEIR kid > > is on the scale--nobody else has as much time, motivation, > > or opportunity to observe. > >As is usual with Statists, the argument is seen as a debate over >who should be doing the controlling, the notion that everyone >needs to be controlled being a foregone conclusion. As usual with the intellectually bankrupt, calling names such as "Statist" is "the last resort of the scoundrel". Plonk! David From david at sternlight.com Sun Jul 21 10:56:48 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 01:56:48 +0800 Subject: Game Theory and its Relevance to Cypherpunks In-Reply-To: <1.5.4.32.19960721091945.002f59b0@giasdl01.vsnl.net.in> Message-ID: At 2:19 AM -0700 7/21/96, Arun Mehta wrote: >At 21:57 20/07/96 -0700, Timothy C. May wrote: >> >>Fortunately, the goal of MAD was to >>not have to be used, and it appears now to have worked quite well (albeit >>at high cost). > >My problem with applying game theory to complex situations like the >competition between powerful nations is that it is too simplistic. IANAE, >of course, though I have done some control theory, and know how >complex the modelling of any system becomes if it contains non-linearities, >delays, etc. In a closed-loop system, i.e. with feedback, trying to predict >behaviour without the foggiest notion of how to quantify the impact of >Kennedy's grandstanding on the Kruschev mind (for instance) is questionable. Some findings of game theory are really just formulations of common sense, or proofs of things intuitively suspected, and are both valid and useful. Some have worked their way into mainstream economics. I think, for example, of the "Prisoners' Dilemma". In fact it is exactly that result that is at the core of MAD. It only works in advance if both sides know the payoff matrix, which is why many of the "incomprehensible" leaks of our capabilities took place and why we took great pains (as did the Sovs--can you say "Markov"? or "Kolmogorov"?) to do demos of our capabilities that they could easily observe. David From david at sternlight.com Sun Jul 21 10:58:52 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 01:58:52 +0800 Subject: A Snake-Oil FAQ In-Reply-To: <199607202058.QAA19736@unix.asb.com> Message-ID: At 11:03 PM -0700 7/20/96, The Deviant wrote: >> >> Snake-Oil Warning Signs >> Encryption Software to Avoid >> >> (Revision 0.1) >> >> > >Looks very nicely done. I think you pretty much covered it... but... > >> >> Be wary of marketing gimmicks related to "if you can crack our >> software" contests. >> > >Even the best cryptographers and security professionals have done this. >RSA did it with their Public Key system, which took 20+ years to break. >Throughout history, many security mechanisms, even the best ones, >including Cyphers, Locks, Firewalls, etc. have been known to go as far as >to offer prizes (some extremely high, upwards of a million dollars, some >as low as RSA's famous $100 prize) > >I think that this one really is just a bit too broad. So is your comment. What was broken was not public key, but a particular key length (and by implication shorter ones). You can do that with just about any system, even a one-time pad, by brute force, but it won't buy you much more than sharpening your skills, for longer keys. One particular public key algorithm (you aren't too specific here) WAS broken a few years ago, but that was not RSA and isn't used any longer. If memory isn't playing tricks on me it was the knapsack algorithm. David From david at sternlight.com Sun Jul 21 11:18:18 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 02:18:18 +0800 Subject: Netscape download requirements In-Reply-To: <31EFCCCC.B13@netscape.com> Message-ID: At 12:34 PM -0700 7/20/96, Adam Shostack wrote: > Don't screw with the system, and I can bet how the policy >review will come out. > > We just had a policy review; the National Academy of Sciences >had a very prestigious group do a review of our Cryptographic Policy. >It suggested liberalization. > > Clearly, someone didn't like that, so the Powers That Be are >doing another policy review in the hopes of getting a review that they >like. If they don't get something they like, there will be another >policy review, chaired by Loius Freeh, and taking testimony from such >prestigious cryptographers as Dr. Denning. This is not a technocracy, and the NAS is not a government policy review body but an advisory one. Having said that, your cynicism is probably well founded. :-) David From vinnie at webstuff.apple.com Sun Jul 21 11:21:05 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Mon, 22 Jul 1996 02:21:05 +0800 Subject: Tom Broken interviews Pres Scrotum [NOISE] Message-ID: INTERVIEW OF THE PRESIDENT BY TOM BROKAW OF MSNBC The Roosevelt Room, July 15, 1996 MR. BROKAW: .... You and I have been looking at another question from the Internet: Does Chelsea net surf and, if so, how do you protect her from inappropriate material? Does she use the computer pretty handily? THE PRESIDENT: She does. I don't think she net surfs a lot, simply because, at least during the school year, she has too much homework at night, for several hours every night. But she does some. And, honestly, I can't protect her in that sense because she knows so much more about it than I do. But one of the things that we're trying to do -- I think with the support of everyone -- is, first of all, get a case up to the Supreme Court so that they can define what the First Amendment requires us to do and not to do in terms of legislation here. And then we need to find some sort of technological fix. During the break you said that Mr. Gates, Bill Gates, said that there's at least a possibility of developing a log -- MR. BROKAW: Yes, they've got a log built in now that you can go in and check on. THE PRESIDENT: Yes, so the parents can see what's been called up. And, of course, we're working on this V-chip with television and with the entertainment industry supporting us with the rating system. So there probably will be some sort of technological responses here. But then parents like me are going to have to assume the responsibility of becoming literate enough with the technology to work with our children and make sure that we and they make responsible choices. Vinnie Moscaritolo "Law - Samoan Style" http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From david at sternlight.com Sun Jul 21 11:27:18 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 02:27:18 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: At 12:23 PM -0700 7/20/96, Sandy Sandfort wrote: > >On Sat, 20 Jul 1996, David Sternlight wrote: > >> Glad to explain it. I used "tell" in the sense of compel, not >> in the sense of expressing one's opinion. "Joe told us what to >> do" is different from "Joe expressed his opinion of what we >> should do" in the sense I used it. > >Really? But you wrote: > >>> nor do YOU get to tell them that they are poor benighted fools >>> who should agree with YOUR views on civil liberties. To assert >>> otherwise is fascism, authoritarianism, dictatorship, pick one. > >Oh, I see, "tell," "should" and "assert" REALLY mean compel. And >what, exactly, would I, the "teller" be compelling them to do? I >now understand how you are able to win so many debates. I guess >I'd just better give up and take THE PLEDGE, you're just too sly >for me. My use of "assert" in the above paragraph is quite different. "Tell" applies to the act I'm discussing. "assert" refers to your comment about the act. As for your complaint about "should", it and tell are consistent with my meaning which was, to be more precise: Merriam Webster's Collegiate Dictionary, Tenth Edition: "tell...1. count, enumerate; 2. to relate in detail, narrate, give utterance to; 3. to make known, divulge, reveal; 4. to report to, inform; 5. order, direct; 6. to find out by observing, recognize. I used meaning 5 in the comment you asked about. As to your tone and subsequent remarks, this conversation is now closed. You may have the last word. To be sure I don't inadvertently continue it with you,... Plonk! David From david at sternlight.com Sun Jul 21 11:29:54 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 02:29:54 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: At 1:02 PM -0700 7/20/96, JonWienk at ix.netcom.com wrote: >>Probably something to do with flushing dope down the toilet, or destroying >>evidence. Perhaps it's too much to expect them to disconnect the sewer line >>and hit your interior with a water hose and an electricity cut-off before >>raiding it. > >If tests are available that can detect trace amounts of drugs in your >urine 30 >days after snorting cocaine, they ought to be able to detect traces of >drugs in >the toilet bowl/sewer pipe 5 minutes after you flush... "Your honor, I don't know who flushed it. I have many visitors to my home." is rather different than being caught with a large stash of cocaine on your night table. David From david at sternlight.com Sun Jul 21 11:56:31 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 02:56:31 +0800 Subject: Firewall Penetration In-Reply-To: <9607211223.AA29688@su1.in.net> Message-ID: At 5:23 AM -0700 7/21/96, Frank Willoughby wrote: >At 08:18 PM 7/20/96 -0700, Jerome Tan allegedly wrote: > >> Is it possible to penetrate a firewall? > >Absolutely. (Having done so a time or two) > >FWIW, of @70 firwalls on the market, only @5 are adequate to protect >a company from the hazards of the Internet. > o.k., I'll bite. Which 5? David From ichudov at algebra.com Sun Jul 21 11:58:20 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 22 Jul 1996 02:58:20 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607211702.MAA15624@manifold.algebra.com> David Sternlight wrote: > >As a native Bostonian, I have to tell you that the original "Tree of > >Liberty" was cut down many many years ago and in it's place now stands a > >storefront, if you look up onto the second floor you will notice a frieze > >of a tree. This is all that stands to commemerate the "Tree of Liberty". > > > >oh btw that storefront is in the comabat zone of boston, and the last time > >I checked that store was called either the "Naked I"or the "Pussycat > >lounge", can you guess what they sell? > > This is too good to pass up. The modern version, then is: > "The tree of liberty must be titillated with the money of sex-seekers." But of course. - Igor. From perry at piermont.com Sun Jul 21 12:00:50 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 22 Jul 1996 03:00:50 +0800 Subject: Netscape In-Reply-To: Message-ID: <199607211646.MAA10093@jekyll.piermont.com> "Mark M." writes: > > Why not consider what the consequences will be? Do you seriously > > believe that this will make the government stop enforcing ITAR? > > The government has yet to enforce ITAR. You are misinformed. Perry From snow at smoke.suba.com Sun Jul 21 12:13:40 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 03:13:40 +0800 Subject: Surf-filter lists In-Reply-To: <199607191810.LAA07845@netcom9.netcom.com> Message-ID: On Fri, 19 Jul 1996, Vladimir Z. Nuri wrote: > agree with most of your points CL, but > frankly I think > that's what childhood is all about: not being exposed to all the > harsh aspects that grownups call "reality". do we ask that children I thought it was in large part learning to be a grown-up. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From adam at homeport.org Sun Jul 21 12:20:44 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 22 Jul 1996 03:20:44 +0800 Subject: ABC news on Internet Telephony In-Reply-To: <199607210632.XAA16792@mail.pacifier.com> Message-ID: <199607211825.NAA20257@homeport.org> The internet can't get that much capacity, we don't have swiutching technology beyond the test phase to handle gigabits of data per second, and we don't have the routing technology to move packets from point A to points B-ZZZ when searching through a routing table hundreds of thousands of lines long that never has a chance to stabalize between the change messages that keep coming in. If you're interested, search for the writings of Noel Chiappa, who talks about this regularly on ietf, big-internet, etc. Adam jim bell wrote: | | Potentially. However, there has been some mention of a new standard for | voice compression that puts voice into 2400 bits per second, a factor of | about 25 lower than the phone company normally uses. (They use 8,000 samples | per second at 8 bits per sample, companded.) At that rate, a pair of | modern, 2.4 Gb/s fibers could handle 1 million simultaneous phone calls. | Since some of the newer fiber systems put 8 or more separate channels down a | single fiber, that would work out to 8 million conversations. | | I have to conclude that we shouldn't even be close to running out of | Internet capacity, _IF_ it were driven by state-of-the-art fiber and | similar-speed switches. But it probably isn't. At best, Internet probably | only gets a fraction of the capacity of a given fiber wherever it flows. | This will have to change. -- "It is seldom that liberty of any kind is lost all at once." -Hume From vagab0nd at sd.cybernex.net Sun Jul 21 12:35:40 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Mon, 22 Jul 1996 03:35:40 +0800 Subject: Length of passphrase beneficial? Message-ID: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net> -----BEGIN PGP SIGNED MESSAGE----- Feel free to skip to 'Actual Question:' below. I am one to succumb to the assumed benefits of overkill. I like the fact that everyone's use of crypto can cause each individual transmission to become less suspicious to prying eyes. I would love knowing that the govt. spent billions of CPU cycles on one of my transmissions only to find my softball schedule. We could lure them by making our subject lines 'Fertilizer-Bomb Recipe' or 'CHILDPORN.GIF Attached', not condoning either, of course. I have a 2048-bit PgP key and pseudorandom a/n character generator, from which I chose a large passphrase similar to: f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne (Yes, cut-n-paste, but my only in-house threat is my wife.) Actual Question: Does the length and randomness of a passphrase contribute at all to the overall security of a cryptosystem? Thanks in advance! -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQEVAwUBMfJn0HychImXHmeJAQFpeQf/cLkFsELVEOquVseK7m6Ze+R1zFzkrM8G T8M4NTdoOALSQKY5Xjj/YHPt9iGY28U5FAPJt/v77YFsewiLxskcJn5fd6G2wX2j gneSXat0ExIMdLkUuIFDZl2tUny7bBgj2AimIK2Pd0BVlYT8RXPaDhpeWjmHKZpg vbZaS4yuSSFBy8oucfjO7ivShcraRwIG0Rq6/GCXuhT6Oi0EOaCUWJ+ofYVSqMkb Jsz9ElMVVVFc+caPwYn5mSVy8Xj3u9UxKOPPoXOpEpJ3gGPsuoiemcwcB/F1VQ34 +uC1YtdndAAu5jRU5JCWYbqYA+BiWY4K/vl9jaJ29BKjLiVfKrU+wA== =W00K -----END PGP SIGNATURE----- vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From snow at smoke.suba.com Sun Jul 21 12:44:51 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 03:44:51 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids) In-Reply-To: <199607192139.OAA23712@server1.chromatic.com> Message-ID: On Fri, 19 Jul 1996, Ernest Hua wrote: > > Would you just hand out guns to all teenagers? I was 17 when Uncle Shithead handed me my first M-16, and I wasn't the youngest person in my company. > No where in this list of high priority items is respect for human life, I'm in my late 20's, and respect for human life is lower than ever. > Incidentally, if you are interested, I DO have a child (almost 2 yrs), > and I certainly would not even contemplate letting him have a gun (no > matter how well he can use it) until he can legal get one himself. I > will certainly invoke serious wrath (on him and anyone else involved) > if I ever found him with a gun. Yes, those guns are evil things. Evil I tell you, constantly shooting people for no reason, going off half-cocked and whooping it up all by their polished oiled ol selves. Isn't it funny how otherwise rational people can ascribe intentions and moral alignement (ie. good/evil) to an inert chunk of steel? > > By the way, would you let a 6 year old drive? or fly? (Assuming that > they are physical capable and trained to do such.) I was driving tractors(small ones) and motorcycles long before I turned 16. My father started teaching me to drive a car (thru asking questions &etc.) when I was about 12, and put me behind the wheel of a van when I was 15 (in a controled situation away from traffic). He also taught me the basics of gun saftey, and made sure that I took those classes that were available to me in the areas of gun saftey and marksmanship. Then again for all his faults my father is a relatively rational human being about most things. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Jul 21 12:45:09 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 03:45:09 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: On Fri, 19 Jul 1996, David Sternlight wrote: > At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote: > >Allow the government to think that we think it has the right to give > >us their permission and we've lost everything. The government should > >need OUR permission, not the other way 'round. > That's what happened, or didn't you notice that ITAR is based on laws > passed by an elected Congress? Didn't you notice that thus far when people > with one position on the matter have tried to persuade Congress to modify > ITAR, they have failed? This is a (as far as it goes) a democracy, not a > 'Llewyellyn and those who agree with him' dictatorship. I pledge allegience to this flag and THE REPUBLIC for which it stands. REPUBLIC, GET IT? Rule by LAW as opposed to the tyranny of STUPIDITY called democracy. ITAR _may_ be based on laws passed by congress, but since the NSA has yet to try the ITAR in court, and only uses it to threaten business with, we don't know how the courts will interpret these rules, much less the laws that give UNELECTED OFFICIALS the authority to make LAWS. Yer an idiot. Not just for what you wrote above, but for just about everything you've said since you started posting. I had never read any of your writings before, and they seemed rational so I was inclined to give you a chance, even tho' I disagreed with you. You have proben yourself to be a facist, and AFAIC there is only 1 use for a facist. Ballistic testing. Yes, I do know what a facist is, and no, I am not comparing you to The leader of Germany during WWII. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Sun Jul 21 12:45:54 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 22 Jul 1996 03:45:54 +0800 Subject: pledge status Message-ID: <199607211738.KAA02888@mail.pacifier.com> At 01:09 AM 7/21/96 -0800, Chris Adams wrote: >On 20 Jul 96 23:12:20 -0800, alanh at infi.net wrote: >>I think this has relevance to the >>black-ninjas-pretending-that-they're-in-a-Hollywood-script thread about >>cops making unanounced search warrant services at 4am. >> >>I have tremendous admiration for my local LEO's. It's the federales that >>are the problem, usually. >I'm thinking of Waco, where, I've heard, more experienced SWAT-types >tried to talk their bosses out of a certain infamous mistake... Subsequent to the initial Waco raid, the government was claiming that the Davidians were "ready" for them. I think it was easy to tell that this was a lie: Had they actually been READY, far more than 4 agents would have been dead. Jim Bell jimbell at pacifier.com From rah at shipwright.com Sun Jul 21 12:46:44 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 22 Jul 1996 03:46:44 +0800 Subject: Filtering out Queers is OK In-Reply-To: <199607210701.AAA00292@netcom10.netcom.com> Message-ID: At 11:41 AM -0400 7/21/96, David Sternlight wrote: > Plonk! , yourself... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From jeremey at forequest.com Sun Jul 21 12:51:05 1996 From: jeremey at forequest.com (Jeremey Barrett) Date: Mon, 22 Jul 1996 03:51:05 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Agreed... but there should be mention of stuff like "Here's our new cryptosystem, try and crack it. If you do, we'll give you the software free," or "here's a big block of ciphertext we encrypted with our proprietary algorithm which we won't describe, try and crack it, but it is unbreakable, however if you do crack it you win a free trip to visit us." Distinguishing what sounds to be a real contest and what sounds like a marketing gimmick would be good. On Sun, 21 Jul 1996, The Deviant wrote: > > > > Be wary of marketing gimmicks related to "if you can crack our > > software" contests. > > > > Even the best cryptographers and security professionals have done this. > RSA did it with their Public Key system, which took 20+ years to break. > Throughout history, many security mechanisms, even the best ones, > including Cyphers, Locks, Firewalls, etc. have been known to go as far as > to offer prizes (some extremely high, upwards of a million dollars, some > as low as RSA's famous $100 prize) > > I think that this one really is just a bit too broad. > > --Deviant > - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Jeremey Barrett Senior Software Engineer jeremey at forequest.com The ForeQuest Company http://www.forequest.com/ "less is more." -- Mies van de Rohe. Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gage, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver", he says, "will usually know what's wrong." -- 'fortune` output -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfJpFy/fy+vkqMxNAQEq3gP+MKgGjr/hW/IFnl4SDchCPyqy/MwXWjLj LSW+p7BoZJBNcYuK9HhPAH2myKGnXsGfVSAayV6ldTVToQDVsDKBsmFiAc8ONL4y wDMwAp/S69D8kJWRPODMyUbmBZH5cCSxB65/lN4sm/PIbByF/323w8axX0Q2/WTZ 30bnSBr3ep0= =srzc -----END PGP SIGNATURE----- From markm at voicenet.com Sun Jul 21 12:56:28 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 22 Jul 1996 03:56:28 +0800 Subject: Netscape In-Reply-To: <199607210918.FAA14603@quasar.voicenet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 21 Jul 1996, Bill Stewart wrote: > First of all, the goverrnment _has_ enforced ITAR; I've seen references > (ummm, on the net...) to a few cases of things like exporting TV decryptors, > as well as all the enforcement about illegal trafficking in guns and such. I haven't heard of anyone ever being indicted for exporting cryptography. I should have made it clear that I was refering to ITAR as it applies to crypto, and not other items that would fall under ITAR. > But second, if you're threatened with jail and large fines, and have > to pay your lawyers lots of money to avoid being railroaded, > that's enforcement even if it's not the full-scale due process type. Quite true. I was just refering to someone actually being tried and found guilty of violating ITAR by exporting cryptography. I'd be very interested in any references to companies or individuals being prosecuted for exporting crypto. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfJsOrZc+sv5siulAQHs1wP7BVKtK4HLcNR3oEAPL1k/5zCYVRy7q7wu gQZqsM+lwKkIGnPuhu16+Cp/AIyMfokuW4y2qyJ9vOQiS7+ikVgwPB2neB0PmpXM mpBMjOXhWPoqVS8jOxC85/lutsf7TZpxEDgV9eev2iyY/v4c5/BZJD7onN/qJYVV P9gOv+Oyki8= =NpZS -----END PGP SIGNATURE----- From david at sternlight.com Sun Jul 21 12:56:45 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 03:56:45 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: At 10:24 AM -0700 7/21/96, Robert A. Hayden wrote: >The purpose of a librarian is to aid patrons in locating >materials and to maintain the order of the library. The Library Bill of >Rights (which, of course, legally means nothing) guarantees access to any >materials by any patron. If little eight year old Johnny Doe comes and >asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more >that point Johnny to the "J" section. Not in the cities I'm familiar with. And so to do would be wrong, in my view. In fact, library children's programs do a LOT more than simply aiding patrons in locating materials and maintaining the order of the library, so your contention is false on its face. David From david at sternlight.com Sun Jul 21 13:06:13 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 04:06:13 +0800 Subject: American People the relation to the Police In-Reply-To: <1.5.4.32.19960721143242.00912b24@westnet.com> Message-ID: At 7:32 AM -0700 7/21/96, Seth Oestreicher wrote: >should we >take away our religous rights because of the David Koresh's of the world? I know lots of people who would like to take away the Religious Right. :-) David From JeanPaul.Kroepfli at ns.fnet.fr Sun Jul 21 13:10:25 1996 From: JeanPaul.Kroepfli at ns.fnet.fr (Jean-Paul Kroepfli) Date: Mon, 22 Jul 1996 04:10:25 +0800 Subject: Snake Oil FAQ Message-ID: <01BB773E.9AA1E700@JPKroepsli.S-IP.EUnet.fr> Very good idea, and nice implemantation of the idea. Please, let us know of the new version. Would be a minimal information about cyphering vs scrambling, secret vs public key system, useful for the newbies and not redondant with the large classical FAQ. Best regards, Jean-Paul ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- Jean-Paul et Micheline Kroepfli (our son: Nicolas and daughter: Celine) eMail: JeanPaul.Kroepfli at utopia.fnet.fr Also Compuserve and MSNetwork Phone: +33 81 55 52 59 (F) PostMail: F-25640 Breconchaux (France) or: +41 21 843 27 36 (CH) or: CP 138, CH-1337 Vallorbe Fax: +33 81 55 52 62 (Switzerland) Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting PGP Fingerprint : 19 FB 67 EA 20 70 53 89 AF B2 5C 7F 02 1F CA 8F "The InterNet is the most open standard since air for breathing" From editor at cdt.org Sun Jul 21 13:40:35 1996 From: editor at cdt.org (Bob Palacios) Date: Mon, 22 Jul 1996 04:40:35 +0800 Subject: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing; Join Cybercast of Hearing Message-ID: <31F2731F.56C4@cdt.org> ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 28 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 28 July 21, 1996 CONTENTS: (1) FBI Director to Testify at Senate Crypto Hearing; Netizens Can Participate in Hearing Live Online (2) How Will the Cybercast Work? (3) Submit Your Comments for the Hearing Record (4) How to Subscribe/Unsubscribe (5) About CDT, contacting us ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ** This document looks best when viewed in COURIER font ** ----------------------------------------------------------------------------- (1) FBI Director to Testify at Senate Crypto Hearing; Netizens can Participate in Hearing Live Online, Submit Testimony for the Record On Thursday July 25 the Full Senate Commerce Committee will hold a hearing to consider S. 1726, the 'Pro-CODE' bill designed to relax export controls on encryption. FBI Director Louis Freeh and other high-ranking Administration officials are scheduled to testify. A second panel of computer industry leaders, including Netscape CEO Jim Barksdale and others, will also give testimony for the committee. In an effort to ensure that concerned Internet users can participate in this important policy debate, the Senate Commerce Committee has arranged with CDT, VTW, HotWired, and DIGEX to bring the hearing live online. Netizens will also be able to submit testimony for the record. Details on the cybercast can be found below, or by visiting: http://www.crypto.com/events/072596/ This full committee hearing represents another important step forward towards passage of legislation designed to make encryption more widely available to computer users. Sponsored by Sen. Conrad Burns (R-MT), Sen. Patrick Leahy (D-VT), Senate Commerce Committee Chairman Larry Pressler (R-SD), Sen. Ron Wyden (D-OR), Senate Majority Leader Trent Lott (R-MS), Sen. Barbara Boxer (D-CA), and others, the Pro-CODE bill is designed to encourage the widespread availability of strong privacy and security technologies for the Internet. The bill was the subject of two hearings held on June 12 and June 26 before the Senate Commerce Subcommittee on Science, Space, and Technology. The June 26th hearing was the first Congressional hearing ever to be cybercast live on the Internet. (Details about that cybercast can be found at http://www.crypto.com/events/062696/). For more information, including the latest list of witnesses scheduled to testify at the July 25th hearing, background on the Pro-CODE bill, and other encryption issues, visit: Cybercast Information: - http://www.crypto.com/events/072596/ - http://www.hotwired.com/wiredside/ Background on the Encryption Debate: The Encryption Policy Resource Page - http://www.crypto.com/ The Internet Privacy Coalition - http://www.privacy.org/ipc/ Center for Democracy and Technology (CDT) - http://www.cdt.org/crypto/ Electronic Frontier Foundation (EFF) - http://www.eff.org/ Electronic Privacy Information Center (EPIC)- http://epic.org/ Voters Telecommunications Watch (VTW) - http://www.vtw.org/ ________________________________________________________________________ (2) HOW WILL THE CYBERCAST WORK? The Cybercast has several components which combine to provide a unique opportunity for Netizens to participate in the democratic process and to encourage communication between Members of Congress and the Internet Community on critical Internet policy issues: * Live Audio Simulcast: Using RealAudio software, the audio portion of the hearing will be available live online. Audio transcripts of the hearing will also be archived online. * Simultaneous Interactive Discussion Forum: During the hearing, Senate Commerce Committee Staff and a representative of CDT will participate in an interactive "chat room" from inside the hearing room. Anyone with a telnet application can join the chat room, ask questions of the Senate staff, and discuss the issues with fellow Netizens. Participants will also have an opportunity to provide questions to the Committee Chairman to ask of the Witnesses. * Still Video Images: Video images from inside the hearing room will be uploaded to http://www.crypto.com/events/072596/ throughout the course of the hearing. HOW TO JOIN THE HEARING LIVE ONLINE On Thursday July 25 at 9:30am EDT (6:30am PDT/1330 GMT), point your web browser to: http://www.crypto.com/events/072596/ The Audio URL will be posted here, along with live pictures from the Hearing and a link to the online discussion forum. Additional information is also available at: http://www.hotwired.com/wiredside/ WHAT YOU WILL NEED TO PARTICIPATE: * RealAudio (available free at http://www.realaudio.com/) * Membership at HotWired (Membership is free. Visit http://www.hotwired.com/ for details.) * A World Wide Web Browser * A Telnet Application ________________________________________________________________________ (3) TELL CONGRESS WHY ENCRYPTION IS IMPORTANT TO YOU - ADD YOUR VOICE TO THE CONGRESSIONAL RECORD Just like the previous hearing, you will be able to submit testimony online for inclusion in the Committee Record. Please be sure to visit http://www.crypto.com/ and add your voice to the debate over encryption policy on Capitol Hill. Responses will be tabulated and the results, along with selected statements, will be included in the Committee Record by Senator Larry Pressler. To add your voice to the crypto debate in Congress, visit: http://www.crypto.com/events/072596/ ------------------------------------------------------------------------ (4) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by nearly 10,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request at cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info at cdt.org World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.28 7/21/96 ----------------------------------------------------------------------- From vagab0nd at sd.cybernex.net Sun Jul 21 13:41:05 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Mon, 22 Jul 1996 04:41:05 +0800 Subject: Firewall Penetration Message-ID: <2.2.32.19960721182353.006f5238@mail.sd.cybernex.net> At 05:29 PM 7/19/96 +0800, you wrote: >Is it possible to penetrate a firewall? > -----BEGIN PGP SIGNED MESSAGE----- Without professional knowledge of firewalls, a simple and true answer is obvious. Of course they are penetrable; that's what they are for. They permit users to penetrate, while attempting to keep out intruders. If it were impossible to penetrate firewalls, then they would pretty much be useless to those with authorized access. How could they get in themselves? Maybe 'feasibility' is the question. That answer would depend on some variables on the intruder's end. If permissions and rights are allocated to regular users with authorization, then an intruder with adequate resources, knowledge, time, etc. should be able to get in. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQEVAwUBMfJ1H3ychImXHmeJAQH5XQf8DtJ+6W+NZGqm9Af9QVBzz73TbmJVqYB5 dZstXkk8tEyRd1LTG5hgIfXH8qKMl0a5tXoEdu72/UXbIvTyJapXcRgMZ0EctKJl hzfSvAGwNPzy5VUubUMOzsl4BId09KfB1+cpffAWa1rCyGsf6UOC7dftGLTlPVaf M1DG1pt1ruxLhc8hLdso86gP+q68sEBDFykIRCI0z6kTZj/U1W0MHtFLxkR1rkqX R/VqZ5LrvhRKYXVUD8iHMyPdyvvLDstddC3NcOf9mMDGqYp1LOGTJAKYT4mxhkEy 2ABfAISU+c4USl4C01RmgXni6gKDceWKHeTUvsBHAR6EUmUHso8Jng== =PVGa -----END PGP SIGNATURE----- vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From richieb at teleport.com Sun Jul 21 13:44:05 1996 From: richieb at teleport.com (Rich Burroughs) Date: Mon, 22 Jul 1996 04:44:05 +0800 Subject: Length of passphrase beneficial? In-Reply-To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net> Message-ID: On Sun, 21 Jul 1996, Erle Greer wrote: [snip] > I have a 2048-bit PgP key and pseudorandom a/n character > generator, from which I chose a large passphrase similar to: > > f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne > (Yes, cut-n-paste, but my only in-house threat is my wife.) Ugh. Erle, you might want to check out the Diceware method for generating passphrases. It lets you generate a lengthy passphrase that is random and that you might actually be able to remember :) I don't have a URL handy, but if you go to Altavista and search for "diceware" you should find it... It might be indexed at Yahoo, too... > Actual Question: > Does the length and randomness of a passphrase contribute at all > to the overall security of a cryptosystem? Actual short answer: yes :) Look for the passphrase FAQ, for a better explanation than I can give... ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From steve at miranova.com Sun Jul 21 13:51:38 1996 From: steve at miranova.com (Steven L Baur) Date: Mon, 22 Jul 1996 04:51:38 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: >>>>> "Deviant" == The Deviant writes: > On Sat, 20 Jul 1996, Deranged Mutant wrote: >> Subject: A Snake-Oil FAQ >> >> Be wary of marketing gimmicks related to "if you can crack our >> software" contests. Deviant> I think that this one really is just a bit too broad. Not really. What about the `unbreakable OTP' system challenge that went through this list a couple of months ago? ``Break our algorithm, and we sell you the company for $1''. The algorithm was broken, and the vendor slithered away never to be heard from again (but did not sell the worthless company). It's a good metric. -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone except you in November. From deviant at pooh-corner.com Sun Jul 21 13:56:29 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 22 Jul 1996 04:56:29 +0800 Subject: Netscape In-Reply-To: <199607210113.SAA05824@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 20 Jul 1996, jim bell wrote: > >> Do you Seriously Believe that Netscape would prefer foreigners > >> to develop and use competing products? Of course not. They are > >> probably secretly applauding the brave exporters. > > > >You are wrong. We are worried that our permission to provide these > >products will be withdrawn. > > As far as I can tell, you need no "permission" to "provide these products", > at least domestically. The only restrictions that have been implied have > been over the delivery of encryption over the 'net, and even that is > questionable. > If even that much. Most of the "permission" i've heard of was infered at best. The NSA, nor anybody else, has the _legal_ power to stop you from putting crypto on the Web, on FTP, or anywere else, so long as you do not _willingly_ give it to foreign citizens. If some non-citizen downloads it, and said they were a US citizen, its not your fault. you THOUGHT you were giving it to a citizen, which is all the law actually requires. Of course, if anybody like Netscape actually had the guts to take this to court, arguing that ITAR doesn't cover Crypto, the ACLU and other such would probably back them, and it'd stand a fair chance. Unfortunatly, everybody in a position to do this has decided they'd rather not risk having presidence (sp?) that this _was_ covered under ITAR, of which there is none. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfJ4NjAJap8fyDMVAQH1/Qf/RmVcN8GpTUbUbC7MfhF+S06wT4ANE92I CYIlEn6dWCwA5AAc0EN0WjFy6Tww/S6VCsxemuaxJk6wS0rbAY8ot8DDsAGiilV7 bzkNJOx472paf9fEjIaN7SHzjHd1gd/ZZnQIv1v9mUIYESsC860+8LGtt+g6i/um xpFZXp+6VXog7U941JZ+AOOUnYUVqWBhciOy+zf8MU98TcpKpjpg/PJcfsrQLZWm 5+9yI8OAbLiyrrtTRTGc+jjyRU9pQ7yxU/e0+sSXSQl5iETGG79Kx3urCnO1BqoU k3E2RgTOlQ7mOSAPZIAzUxsuIBEMEs7eQQn8D7EP5Bih/0la3zRCaQ== =QxJW -----END PGP SIGNATURE----- From perry at piermont.com Sun Jul 21 14:16:18 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 22 Jul 1996 05:16:18 +0800 Subject: Length of passphrase beneficial? In-Reply-To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net> Message-ID: <199607211851.OAA10237@jekyll.piermont.com> Erle Greer writes: > I have a 2048-bit PgP key and pseudorandom a/n character > generator, from which I chose a large passphrase similar to: > > f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne > (Yes, cut-n-paste, but my only in-house threat is my wife.) > > Actual Question: > Does the length and randomness of a passphrase contribute at all > to the overall security of a cryptosystem? The passphrase only does one thing for you, which is protect your keyring in case someone gets it. Since you keep the passphrase on line, you are actually less secure than if you used a memorable phrase. BTW, since the passphrase is used to hash into an IDEA key, more than 128 bits of input entropy would be wasted. Perry From dlv at bwalk.dm.com Sun Jul 21 14:19:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 22 Jul 1996 05:19:12 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: Robert Hettinga writes: > At 11:41 AM -0400 7/21/96, David Sternlight wrote: Please, people, let's not follow up on anything "Dr." David Sternlight posts to the cypherpunks mailing list, not matter what the provocation. > Cheers, > Bob Hettinga > > > ----------------- > Robert Hettinga (rah at shipwright.com) > e$, 44 Farquhar Street, Boston, MA 02131 USA > "'Bart Bucks' are not legal tender." > -- Punishment, 100 times on a chalkboard, > for Bart Simpson > The e$ Home Page: http://www.vmeng.com/rah/ > > --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From steve at miranova.com Sun Jul 21 14:32:02 1996 From: steve at miranova.com (Steven L Baur) Date: Mon, 22 Jul 1996 05:32:02 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: >>>>> "Jeff" == Jeff Weinstein writes: Jeff> Well yes, the first time they do it. But the many times they Jeff> download new versions, from now until the end of time, they can ^^^^^^^^^^^^^^^ Jeff> use 128-bit SSL. The world is ending September 17, 1996 I presume? ;-) -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone except you in November. From vagab0nd at sd.cybernex.net Sun Jul 21 14:32:26 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Mon, 22 Jul 1996 05:32:26 +0800 Subject: Length of passphrase beneficial? Message-ID: <2.2.32.19960721190841.0069e654@mail.sd.cybernex.net> At 02:51 PM 7/21/96 -0400, you wrote: > >Erle Greer writes: >> I have a 2048-bit PgP key and pseudorandom a/n character >> generator, from which I chose a large passphrase similar to: >> >> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne >> (Yes, cut-n-paste, but my only in-house threat is my wife.) >> >> Actual Question: >> Does the length and randomness of a passphrase contribute at all >> to the overall security of a cryptosystem? > >The passphrase only does one thing for you, which is protect your >keyring in case someone gets it. Since you keep the passphrase on >line, you are actually less secure than if you used a memorable >phrase. > >BTW, since the passphrase is used to hash into an IDEA key, more than >128 bits of input entropy would be wasted. > >Perry > Good point. Another bad thing about keeping the passphrase on-line is that I would have to trasport the passphrase on floppy if I required portability. Depending on how important my information may be, I could possible be carrying my whole life on a floppy. I see now that it is better to just memorize a phrase. Thanks! vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From wombat at mcfeely.bsfs.org Sun Jul 21 14:32:58 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Mon, 22 Jul 1996 05:32:58 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: > > I again ask what was so wrong with the "You are surrounded. Come out with > your hands up." routine of years past. Instead of anonymous ninjas in > paramilitary black raiding a house and shooting anything that moves, use > some "due process." > > And "due process" is what it's about. Presentation of a warrant, or at > least pretty careful announcement of identity. Blasting down doors without > presentation of an arrest or search warrant is just not the American way. > > Are there circumstances that can ever justify no-warning attacks? I suppose > so, such as when clear evidence of, say, a bomb-making or terrorist cell is > invovled. Neither condition was met at at either Ruby Ridge or Waco, nor in > the vast number of midnight drug raids. "No Knock" warrants came about in effort to limit the ability of the suspect to dispose of evidence - another result of the "war on drugs." - r.w. From dlv at bwalk.dm.com Sun Jul 21 14:40:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 22 Jul 1996 05:40:39 +0800 Subject: Netscape download requirements In-Reply-To: Message-ID: <33iFRD6w165w@bwalk.dm.com> snow writes: > On Fri, 19 Jul 1996, David Sternlight wrote: > I pledge allegience to this flag and THE REPUBLIC for which it stands. > > REPUBLIC, GET IT? Rule by LAW as opposed to the tyranny of STUPIDITY > called democracy. > ITAR _may_ be based on laws passed by congress, but since the NSA has > yet to try the ITAR in court, and only uses it to threaten business with, > we don't know how the courts will interpret these rules, much less the laws > that give UNELECTED OFFICIALS the authority to make LAWS. > > Yer an idiot. Not just for what you wrote above, but for just about > everything you've said since you started posting. I had never read any > of your writings before, and they seemed rational so I was inclined to > give you a chance, even tho' I disagreed with you. > > You have proben yourself to be a facist, and AFAIC there is only 1 > use for a facist. Ballistic testing. > > Yes, I do know what a facist is, and no, I am not comparing you to > The leader of Germany during WWII. I share your sentiment. "Dr." David Sternlight is the moral equivalent of Archimedes Plutonium, Dr. Jozeph Goebbels, and Janet Reno combined. Please don't follow up on anything David Sternlight sends to the cypherpunks mailing list, no matter what the provocation. The asshole thrives on attention. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ichudov at algebra.com Sun Jul 21 14:42:20 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 22 Jul 1996 05:42:20 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607211915.OAA17048@manifold.algebra.com> David Sternlight wrote: > > "Your honor, I don't know who flushed it. I have many visitors to my home." > is rather different than being caught with a large stash of cocaine on your > night table. It is not surprising that after the society decided to label natural economic activities (drug dealing) as crimes, it has to resort to unnatural methods of enforcing the unnatural legislation. Drug consumption (just as alcohol consumption) may be bad for the individual consumers. But it is a matter of individual informed choice. If the government (or society, to be more exact) decides to take away a natural right to consume whatever one pleases, it has no choice but to go farther and to take away more rights, for example rights to privacy and safety in their own homes. The problem is not the drug dealers (and not alcohol traffickers in the thirties), the problem is lack of respect for the freedom of individual consumers, which transforms itself into abolition of other rights. Here's what milton friedman said: ``restrictions on economic freedom inevitably affect freedom in general'' (Free to Choose). It's basically right. It is the same as the wisdom that bad deeds that one commits inevitably lead to more bad deeds. - Igor. From deviant at pooh-corner.com Sun Jul 21 14:43:28 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 22 Jul 1996 05:43:28 +0800 Subject: ITAR's 40 bit limit In-Reply-To: <199607210918.CAA01561@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 21 Jul 1996, Bill Stewart wrote: > Date: Sun, 21 Jul 1996 02:16:38 -0700 > From: Bill Stewart > To: cypherpunks at toad.com > Subject: Re: ITAR's 40 bit limit > > At 07:45 PM 7/20/96 -0400, "David F. Ogren" wrote: > >Another paradox of the US export regulations. > >The NSA is allowing 40 bit crypto exports. So as a hypothetical example > >assume that I write a crypto program that uses 40 bit RC4 to encode data > >(licensing from RSA). I then get an export license using the accelerated > >process for 40 bit RC4. > ........ > >However, what if she runs the program three times with three different > >passwords. (Ignore the problems of Inner-CBC and Outer-CBC for now.) Now > >the file is triple RC4 encoded with the equivalent of 80 bit security. > > Not always possible. The rule isn't just "40 bit crypto" it's "permission, > which you won't get with over 40 bits unless you're very cooperative." > Applications like Netscape's SSL don't give you the ability to feed your > data through it three times; they process your stream of data and send it. > So whats to stop you from making a string of proxy servers? --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfJ95jAJap8fyDMVAQEtZAf/TfMVJOeHKNhuycoMz9/VreCA3Y/42/cv NcHmz7+mv5MZd2M59kBEyahV8TBtxHB5iFHapKvhw+dUr620rBLVMiqbYYd4ZYST EMAt8ZwgEHYkmCLp66qvTDglpjXK79ucTUORPXESGTzs68p300EB0OLCYg21M67M 9RQIgpe3nXgUMvKfxoNFh5rViyA2FNn+GfvNSxnFf9nK++6ClA823qyXe3uj4BKe TIJ1N8H6FE9iUL1n8TM7qBDR67/HFHhNeyKfMVtelMWrdR38NbHdIFUjGNQzvLyI WLHp7ERMqheD4rBdCjrtfquhNscOWHPtMSjEVPFhx92IeDYYxYgZeg== =+ESF -----END PGP SIGNATURE----- From wombat at mcfeely.bsfs.org Sun Jul 21 14:53:16 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Mon, 22 Jul 1996 05:53:16 +0800 Subject: Thanks to Prof. Sternlight for postings to CYPHERPUNKS In-Reply-To: <199607200538.AAA07597@manifold.algebra.com> Message-ID: On Sat, 20 Jul 1996, Dmitri Chesnokov wrote: > > Dr. David Sternlight is undoubtedly one of the best experts in > cryptography and Government Information Policy, who is generous enough > to share his observations with us. We should thank you, David, for > taking your time and helping Cypherpunks to reach new heights in our > understanding of what should be the proper role of the government. > Please continue posting to our mailing list. There are people who are > interested in your views! > ROFLMAO O.K. Perry - I'll take the pledge I (state your name) will not feed the Fud. - r.w. From adam at homeport.org Sun Jul 21 14:53:17 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 22 Jul 1996 05:53:17 +0800 Subject: Length of passphrase beneficial? In-Reply-To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net> Message-ID: <199607212038.PAA20685@homeport.org> Erle Greer wrote: | f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne | (Yes, cut-n-paste, but my only in-house threat is my wife.) | | Actual Question: | Does the length and randomness of a passphrase contribute at all | to the overall security of a cryptosystem? Not directly. The SECRECY of a passphrase does contribute. If you do not provide it to your attacker (in the form of a file on your computer which a Microsoft Worm macro carried in a message might send out, that the search party might find, etc), then the length and difficulty of guessing protect you. For random text (I'll assume you're rolling dice) like that, figure you get about 5 bits of entropy per character. Your PGP secret key is IDEA encrypted with a 128 bit key, so you don't need any more than 30 characters of random text to get a passphrase space (or universe, to use Tim's metaphor) thats harder to search than the keyspace. I think its a poor assumption that your home won't be searched if you're doing something that makes you want a 2048 bit key. A thousand bits of keylength should be good enough for most things that don't need to stay secret more than 5-10 years. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at homeport.org Sun Jul 21 14:54:44 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 22 Jul 1996 05:54:44 +0800 Subject: A Snake-Oil FAQ In-Reply-To: <199607202058.QAA19736@unix.asb.com> Message-ID: <199607212041.PAA20700@homeport.org> Good faqs have pointers to other good sources of information, even when they're pretty near authoritative. I'd point to Schneier, Rivest, and Blaze as people whose endorsements carry real weight, and point to the sci.crypt faq for more info. Other than that, it looked like a good start. I look forward to being able to point people to it. Adam Deranged Mutant wrote: | I've written a short "Snake Oil FAQ" below. It's incomplete and | needs some work (adding a few definitions, rewording, aesthetic | formatting, etc.), so think of it as a 'beta' FAQ (please don't post | it on web pages, though I don't mind if it's distributed among | anyone interested in criticizing or contributing). Comments and | suggestions would be appreciated. Note that the aim is to write | something accessible to 'newbies'. (Jeremy Barrett contributed to | this, BTW) -- "It is seldom that liberty of any kind is lost all at once." -Hume From wombat at mcfeely.bsfs.org Sun Jul 21 15:00:40 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Mon, 22 Jul 1996 06:00:40 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607200134.UAA01969@manifold.algebra.com> Message-ID: On Fri, 19 Jul 1996 ichudov at algebra.com wrote: > > It the voltage is 10000 volts, it is always fatal, right? And if you set > good enough resistors, then the voltage for the human body itself would > be much less than 10000V -- most of the voltage will be taken by resistors > themselves. > Dammit Jim, he's a lawyer - not an engineer! From mpd at netcom.com Sun Jul 21 15:10:38 1996 From: mpd at netcom.com (Mike Duvos) Date: Mon, 22 Jul 1996 06:10:38 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: <199607211931.MAA23264@netcom2.netcom.com> David Sternlight spews forth: > The above suggests your mind is closed. I'm going to > respond once for the benefit of other readers before > plonking you. Feel free to e-mail me if you really want a > discussion and not just to hear yourself talk. How many gigs is the legendary SternBot Killfile by now? Do you use a RAID array? > This is a massive evasion. I referred to librarians' > traditional role in managing children's reading. Librarians have no role to "manage" anyones reading. They are there to assist patrons in locating the materials of their choice. The Library "Bill of Rights" does not specify ANY age limits for services provided to library patrons. > Further, librarians often observe what children are reading > and try to gently guide them--mostly informed by the child's > tastes but also with a certain "keep them out of hot water" > flavor. Again, librarians have better things to do than to peep over the shoulders of library patrons. Even tiny library patrons. > We're not talking about "young adults" here. It's been > clear from my comments from the beginning that I was > talking about young children. Piaget didn't do all that much > with teen-agers. You are the one who mentioned Piaget. Had you read my original message accurately, you would have seen that unlimited access to information was recommended once persons had entered their teenage years. There was no suggestion that very young children should be given access to material they might find disturbing. > This has to do with attempted censorship of what adults may > read, and is totally off-topic. No, actually it has to do with attempts by parents and religious agitators to control what young people may see in a library, like taking "Playboy" off the periodical rack, for instance, and requiring it to be signed out from behind the counter by those over 18. Such attempts have increased in number in recent years, and some have actually been successful. > More than that, you conceded that the constraints should be > tailored to the age of the child (or at least what could be > observed about the child's maturity). That was my only point > and one with which you at first disagreed. Reread your > post--you are really blind to your own prejudices about my > posts. Stating that very young children may require some guidance in their choice of reading and viewing material is not a statement that older minors should also be interfered with in this regard. Your suggestion that this is implied because it is an example of tailoring material to age, of which the first is also an example, is a clear case of incorrect abstraction from the general to the specific. >> Parse the sentence again. What it says is that although >> "protecting children" is often the excuse used to limit >> older childrens' access to controversial material, the >> reality is that it is usually an effort to control their >> thinking on certain issues by making sure they have only one >> viewpoint, that of their parents. > Reread your own sentence (which I note you don't quote). It > says what I claim, not your revisionist rewriting above. The original sentence was... "While limiting the "horizons" of persons in their middle to late teens is often justified by arguments about developmental stages, the truth is that it is simply an attempt by their keepers to control how they think and to what views, mostly political and social in nature, they are exposed." Seems quite clear to me. > As usual with the intellectually bankrupt, calling names > such as "Statist" is "the last resort of the scoundrel". > Plonk! Fortunately, there is no need to "Plonk" you David, because the time required to hit "delete" on your messages is an infinitesimal fraction of the time you waste writing them, and like most trained animals, you do occasionally manage to do something that amuses, even if it is only relieving yourself on stage. :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From vznuri at netcom.com Sun Jul 21 15:14:33 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Mon, 22 Jul 1996 06:14:33 +0800 Subject: NCs (network computers) Message-ID: <199607211953.MAA22885@netcom7.netcom.com> I thought this was a great message on the future "network computers" that may be coming out soon. a balanced view that shows how there may be a niche, and that there are also places where they will not be appropriate. the NCs could really potentially change the computer and cyberspace as we know it in a very significant way. ------- Forwarded Message From: JimBurd at aol.com Date: Fri, 19 Jul 1996 07:59:03 -0400 Subject: Re: NC When the idea of the NC was first floated, I thought to myself what an absolutely terrible idea it was. But as time goes on, and I read more about the concept, I'm beginning to see that it has certain advantages. These advantages are going to be useful in two areas: corporate sites, and non-technical households. (Note: This does *not* necessarily mean that the NC is going to be a success ;) In a corporate environment, where many people in many different departments have PCs on their desk, the IS dept has their hands full trying to keep these machines running. (I know, I've seen it first hand.) People do *not* leave their machines in the configurations that IS delivered to their desk. People bring in software from outside the company (games, personal software, etc.), this leaves a gaping security hole (for viruses, etc.). As people change their machines around, it is difficult to 'borrow' someone else's machine because it can be configured radically different from what you're used to seeing on your desk. The NC would reduce the per set cost of each desktop (nothing to sniff at). The software that runs the NC would be completely under the control of IS. So every machine looks the same and runs the same. There would be a single central point for virus checking, etc. It would also eliminate a *lot* (or all?) of the piracy issues that lurk in the background; you can make sure you have a license for every piece of software that is being used. It makes backing up everyone's data a *lot* simpler; it's all in one place. Now, the NC is *not* going to fly if IS tries to put it on *every* desktop. The computer geeks (software & hardware) are going to scream bloody murder if IS tries. But then, these users generally know enough (or more than IS) to maintain their own machines. The NC is going to be most useful for secretaries (oops, I mean exectuive assistants), accounting, production personel, etc. It is this *potential* that is going to help sell the NC early on. Whether or not the software companies come through with products to help the NC work is going to be crucial. How *well* the whole thing works is also going to be crucial. Also, let's not forget about the need for a backup server. If the server (or the network) go down, the whole company can grind to a halt. Planning for this eventuality is going to be very important. In the home market, the NC is going to be targeted at people like my mother or my grandparents. Last time I saw my grandparents (about a year ago), my grandmother asked me about all those 'funny letters' at the bottom of the screen on so many TV shows. She was talking about the web URLs being displayed. I told her what it was about, and she asked if there was really anything there worth seeing. (I had to tell her the truth -- not really.) Anyway, the point is this: There people are *not* going to buy a PC. They know that they are expensive and can be very difficult & expensive to keep running. An NC offers the possibility (let's see if it can come true) of a relatively low cost and simple use. The software can be provided/maintained by the local service provider. Whether this is AOL, MSN, or an ISP is probably still up in the air, and there is no reason that they can't all co-exist. Also, imagine the current headaches of the ISP trying to help a customer get connected when something is wrong. Is it hardware? Software? IRQ conflict? There is so *much* that can go wrong. Imagine if the person calling has *no* technical background. Arrgh! Now, imagine that the person calling has an NC. They run *standard* software and connect to the ISP. It has the potential to be *much*much* simpler. (Again, we must wait and see if the potential pans out.) Now whether or not you 'rent' software, I don't know. I can see a sizeable market for this in games perhaps (like Nintendo, today). You know, try it before you buy it. I do *not* think anyone in the home is going to run Quicken on an NC; but in the corporate environment, this type of centralized record keeping makes a lot of sense. No more trying to back up the hard disk on everyone's desk. Anyway, that's my 2 cents worth. I look forward to looking back in 5 years to see how the whole thing panned out (or bombed!). Jim :) From ses at tipper.oit.unc.edu Sun Jul 21 15:35:25 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Mon, 22 Jul 1996 06:35:25 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: [sorry Perry] On Sun, 21 Jul 1996, David Sternlight wrote: > So is your comment. What was broken was not public key, but a particular > key length (and by implication shorter ones). You can do that with just > about any system, even a one-time pad, by brute force, but it won't buy you Really? The only way I know of forcing a one-time pad is to use a hardware QM-based random number generator to generate every possible decrypt, thus creating a number of universes equal to the number of possible keys. Since you can't tell if you're universe is the right one, one should always verify the information obtained against a second source. IANAL, so I can't say if such a decrypt would count as probably cause. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From geeman at best.com Sun Jul 21 15:36:20 1996 From: geeman at best.com (geeman at best.com) Date: Mon, 22 Jul 1996 06:36:20 +0800 Subject: FW: A Snake-Oil FAQ Message-ID: <01BB7706.E2DA7F60@geeman.vip.best.com> I've made some comments below. Some deletions are marked with <> and insertions in [square brackets]. Other comments preceded with >>. thx for looking over the comments. g. ---------- From: Deranged Mutant[SMTP:WlkngOwl at unix.asb.com] Sent: Saturday, July 20, 1996 9:37 AM To: cypherpunks at toad.com Subject: A Snake-Oil FAQ I've written a short "Snake Oil FAQ" below. It's incomplete and needs some work (adding a few definitions, rewording, aesthetic formatting, etc.), so think of it as a 'beta' FAQ (please don't post it on web pages, though I don't mind if it's distributed among anyone interested in criticizing or contributing). Comments and suggestions would be appreciated. Note that the aim is to write something accessible to 'newbies'. (Jeremy Barrett contributed to this, BTW) Snake-Oil Warning Signs Encryption Software to Avoid (Revision 0.1) Introduction ====================================================================== Good cryptography is an excellent and necessary tool for almost anyone. However, there are a multitude of choices for what products to use. Many good cryptographic products are available, both commercial and free. However there are also some extremely bad cryptographic products (known in the field as "Snake Oil"), which not only fail do their job of providing security, but are based on, and add to, the many misconceptions and misunderstandings surrounding cryptogra phy and security. It is extremely important that users of cryptography actively question the product they are considering using, to insure the security and integrity of their data-- be it personal or business informat ion. In order to make a more informed decision, it is necessary to understand some of the "red flags" to watch out for, and what they mean. For a variety of reasons, this document is general in scope and does not mention specific products or algorithms as being "good" or "Snake Oil". Some Common Snake-Oil Warning Signs ====================================================================== The following are some of the "red flags" one should watch for when looking at an encryption product: Technobabble ------------ The vendor's descrption of the product may contain a lot of hard-to-follow use of technical terms to describe how the product works. If this appears to be confusing nonsesense, it may very well be (even to someone familiar with the terminology). Technobabble is a good means of confusing a potential user and masking the fact that the vendor doesn't understand anything either. A sign of technobabble is a descrption which drops a lot of technical terms for how the system works without actually explaining how it works. >> Additionally you will see terms that are * specially coined to sound as if they mean something * used in a way that the profession generally doesn't do. Check for other references to the "technologies" referred to, and if you find nothing in any literature (even by doing a not search) then you should be suspect. Examples include: New Type of Cryptography? ------------------------- Beware of any vendor who claims to have invented a "new type of cryptography". >> Or "new breakthroughs"; extremely smart people have been working on modern cryptographic systems for decades; the chances of someone reputable coming up with a viable "revolutionary, breakthrough" cryptosystem without exhaustive peer review and analysis are about zero. Avoid software which claims to use 'new paradigms' of computing such as cellular automata, neural nets, genetic algorithms, chaos theory, etc. Just because software uses to different mehtod of computation doesn't make it more secure. Anything that claims to have invented a new <> cryptosystem without publishing the details or underlying mathematical principles is highly suspect. >> any cryptosystem, no? Proprietary Algorithms ---------------------- Avoid software which uses "proprietary" or "secret" algorithms. Security through obscurity is not considered a safe means of protecting your data. If the vendor does not feel confident that the method used can withstand years of scrutiny by the academic community, neither should you. Beware of specially modified versions of well-known algorithms. This may unintentionally weaken the cipher. The use of a trusted algorithm, along with technical notes explaining the implementation (if not availablity of the source code for the product) are a sign of good faith on the part of the vendor that you can take apart and test the implementation yourself. Old Ciphers Never Die... ------------------------ Beware of something that sounds like a sophisticated nineteenth- century or even World War II scheme, or something based on a mechanical system. >> Note: the newbie won't know what those are. Descriptions of Vernam, Enigma, etc. would be a Good Thing here, or pointers to descriptions. I am not qualified to describe them adequately here, but the FAQ should somehow clarify this. If the product's authors sound like they are entirely unfamiliar with the state of the art, that's a good warning sign. >> How would that be manifest? See above comment about invented or misused terms. Maybe you could say: if a program's author cannot explain the historical precedents of his technology ("it's a substitution/permutation network..." or "it's a system relying on solving the discrete log problem in GF(9999999)" .... etc." then it's probably bogus. Experienced Security Experts ---------------------------- Beware of any product claiming that "experienced security experts" have analyzed it, but it won't say who (especially if the scheme has not been published in a reputable journal). Unbreakability -------------- Some vendors will claim their software is "unbreakable". This is marketing hype, and a common sign of snake-oil. Avoid any vendor that makes unrealistic claims. No algorithm is unbreakable. Even the best algorithms are breakable using "brute force" (trying every possible key), but if the key size is large enough, this is impractical even with vast amounts of computing power. Be wary of marketing gimmicks related to "if you can crack our software" contests. >> Other comments on cpunks have addressed this. Here's how it could be caveat-ed: Any such contest which seems to be OVERSTATED (e.g. "I'll give you the keys to the company ...") in relation to the size, maturity, and reputability of the offering entity (company or individual) is to be suspect. Netscape offering tee-shirts and such for breaking a system is one thing. Someone you have never heard of offering his entire company is something else. I think there will necessarily be some fuzziness here. One-Time-Pads ------------- A snake-oil vendor may claim the system uses a one-time-pad (OTP), which, when implemented ABSOLUTELY CORRECTLY, is unbreakable. A OTP system is not an algorithm. It involves generating a random key at least the size of the message and garbling the message with it. When the message is decrypted, the key is destroyed. Only one message is encrypted with a OTP, and it is used only once. They key is random: generated using a real random source, such as specialized hardware, radioctive decay timings, etc., and not from an algorithm or cipher. Anything else is not a one-time-pad. The vendor may [perhaps deliberately] confuse random session keys or initialization vectors with OTPs. >> The vendor may try to capitalize on the well-known unbreakability property of (properly used) OTP's and try to call whatever it is he is offering an OTP. Any variation from the fundamental rules of what an OTP is makes the claim bogus. Any vendor who tries to pass off his invention as OTP when it is not has, by definition, reduced his credibility to dangerously low levels. Algorithm or product XXX is insecure ------------------------------------ Avoid anything that makes claims that particular algorithms or other products are insecure without backing up those claims (or at least <> [citing] references to them). Avoid anything that misrepresents 'weaknesses' of other algorithms. (For example, if the product claims it doesn't use public key crypto, citing timing attacks or factoring as reasons.) >> Maybe some elaboration: the reputable cryptosystems in use today are all subject to various attacks with various levels of vulnerability. A vendor claiming this as some fatal flaw in those systems making them unusable also demonstrates that the vendor has no credibility. The reality is that these reuptable systems are and can be engineered to provide required security levels depending on the value of the data and the costs of mounting the attacks, and these parameters are known and understood. How? By years of academic research and analysis by the best minds in the field. Someone coming along and claiming new earthshattering weaknesses in those cryptosystems, who has not presented those findings to the crypto research community in the appropriate forums and had them subject to rigorous examination, is a fool and/or not to be trusted. This is a corollary to the warnings about claims of "new revolutionary" cryptosystems; it is just as fatal to credibility to claim that a trusted system is weak. Keys and Passwords ------------------ The "key" and the "password" are often not the same thing. The "key" generally refers to the actual data used by the cipher algorithm. The "password" refers to the word or phrase the user types in, which the software converts into the key (usually through a process called "hashing" or "key initialization"). The reason this is done is because the characters a user is likely to type in do not cover the full range of possible characters. (Such keys would be more redundant and easier for an attacker to gues s.) By hashing a key can be made from an arbitrary password that covers the full range of possible keys. It also allows one to use longer words, or phrases and whole sentences as a "passphrase", wh ich is more secure. Anything that restricts users passwords to something like 10 or 16 or even 32 characters is foolish. If the actual "password" is the cipher's key (rather than hashing it into a key, as explained abo ve), avoid it. Anything that claims to solve the "key management problem" is also be to avoided. (Key management is an inherent problem with crypto.) Convenience is nice, but be wary of anything that sounds too easy to use. Avoid anything that lets anyone with your copy of the software to access files, data, etc. without having to use some sort of key or passphrase. Avoid anything that doesn't let you generate your own keys (ie, the vendor sends you a key in the mail). Avoid anything by a vendor who does not seem to understand the difference between public-key cryptography and private-key cryptography. >> Again, how is the newbie to be helped detect this ?? Hmmm. Lost keys and passwords ----------------------- If there's a third-party utility that can crack the software, avoid it. If the vendor claims it can recover lost passwords (without using a key-backup or escrow feature), avoid it. Exported from the USA --------------------- If the software is made in North America, can it be exported? If the answer is yes, chances are it's not very strong. Strong cryptography is considered munitions in terms of export from the United States, and requires approval from the State Department. Chances are if the software is exportable, the algorithm is weak or it is crackable (hence it was approved for export). If the vendor is unaware of export restrictions, avoid the software: the vendor is not familiar with the state of the art. Because of export restrictions, some legitimate (not-Snake Oil) products may have a freely exportable version for outside of the USA, which is different from a separate US/Canada-only distribution. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From ichudov at algebra.com Sun Jul 21 15:39:08 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 22 Jul 1996 06:39:08 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <199607212015.PAA17473@manifold.algebra.com> Replying to our argument about securing access to one's house: I just recioved a permission from Alan to post his message to Cypherpunks maillist. He just confirmed my point that sleeping with a gun under the pillow in an unsecured house is extremely dangerous: Again, I am not crusading against guns and armed self-defense, but I am indeed saying that simply having a firearm at home does not insure safety and security. You have to go beyind having a gun and get a dog and/or a metal door. A good fence is also a plus, although may not always be possible. - Igor. Alan Olsen wrote: > > At 03:49 PM 7/20/96 -0500, you wrote: > >Alan Olsen wrote: > >> There is a time and space dilation when the gun is pointed directly at you > >> and about to be fired. (Been there, done that...) Perception tends to be > >> skewed when all of the adrenaline is pumping into your bloodstream because > >> of a perceived impending death. > >> > >> Believe me, it does look big. A 12 gauge especially... (Had a brother who > >> came close to shooting me because he thought I was a burglar. Not fun.) > > > >I am very curious how it happened. > > I returned back from a late night gaming session at about 2am. (I was about > 17 at the time.) I came through the back door (because i had the key to it). > He thought I was a burgaler and had a 12 gauge pointed at me. After the > first sharp peek of andreniline, I told him to put it away and I went to > bed. Not a fun way to end an evening... (If I had not been so tired, it > probibly would have effected me more. Luckly, my brother has enough sense > to no be short on the trigger finger.) > > --- > Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction - Igor. From setho at westnet.com Sun Jul 21 15:56:25 1996 From: setho at westnet.com (Seth Oestreicher) Date: Mon, 22 Jul 1996 06:56:25 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <1.5.4.32.19960721201853.008c533c@westnet.com> >Similarly, I do not uderstand why futurists paint so rosy pictures of >the 21st century. I think that it will be at least just as full of shit >as this one. I find it ironic that the greatest peace movement in history is recorded after World War I. Nobody wanted to fight any more. Yet, less than 40 years later entered World War II, a more damaging and far reaching war. People thought the League of Nations, and later the United Nations would solve the worlds problems. But things don't change. Jews and Arabs have fought their ENTIRE history. Americans are arogent enough to believe that *we* can help resolve a conflict 100 times older than our nation. Serbians and Croations have *ALWAYS* fought. Why should we expect otherwise today? Because we're ENLIGHTENED? Are we still not people? Things today are probably better than they have EVER been. (At least in the terms of war.) Mutually Assured Destruction has kept us out of many wars, and will probably continue to do so. So things may get better, not because we are enlightened. Things will get better due to the massive destructive power of the United States. Unfortunatly, political pressure will keep America from using that force, and terrorist activity will continue to escalate. Seth From dlv at bwalk.dm.com Sun Jul 21 16:14:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 22 Jul 1996 07:14:22 +0800 Subject: Filtering out Queers is OK In-Reply-To: <199607211931.MAA23264@netcom2.netcom.com> Message-ID: mpd at netcom.com (Mike Duvos) writes: > David Sternlight spews forth: > > > The above suggests your mind is closed. I'm going to > > respond once for the benefit of other readers before > > plonking you. Feel free to e-mail me if you really want a > > discussion and not just to hear yourself talk. > > How many gigs is the legendary SternBot Killfile by now? Do you > use a RAID array? Please don't respond to Steinlight's spam - thank you... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From setho at westnet.com Sun Jul 21 16:14:42 1996 From: setho at westnet.com (Seth Oestreicher) Date: Mon, 22 Jul 1996 07:14:42 +0800 Subject: pledge status Message-ID: <1.5.4.32.19960721204709.00910afc@westnet.com> >Subsequent to the initial Waco raid, the government was claiming that the >Davidians were "ready" for them. I think it was easy to tell that this was >a lie: Had they actually been READY, far more than 4 agents would have been >dead. See this month's Soldier of Fortune magazine (who has done an outstanding job of covering Waco issues) for a look at the connection between the FBI Counter Terrorism Unit and the Army's Delta Force. (If this is true, then once again our government is breaking the law, the Army is not allowed to be used in the policing of civilians!) Seth From setho at westnet.com Sun Jul 21 16:26:12 1996 From: setho at westnet.com (Seth Oestreicher) Date: Mon, 22 Jul 1996 07:26:12 +0800 Subject: Devil's Bargain Message-ID: <1.5.4.32.19960721200813.0091ed58@westnet.com> > The fear means they arrive early to spend more down time > waiting in line to pass through security. So they adapt, > thinking: That's not a barricade, it's a flowerpot. They > give up a little freedom in exchange for feeling safe, "all > watched over," as the late poet Richard Brautigan wrote, > "by machines of loving grace." > As the great Benjamin Frankling said: Those who would sacrifice essential freedom for temporary safety deserve neither. From dlv at bwalk.dm.com Sun Jul 21 16:32:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 22 Jul 1996 07:32:14 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607211915.OAA17048@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > David Sternlight wrote: > > It is not surprising that after the society decided to label > natural economic activities (drug dealing) as crimes, it has > to resort to unnatural methods of enforcing the unnatural > legislation. ... Please do not respond to anything "Dr." David Sternlight posts to this mailing list, no matter what nonsense he says. The asshole is starved for attension. He's just trolling for flames. Please ignore him. Thank you. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Sun Jul 21 16:38:52 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 22 Jul 1996 07:38:52 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 21 Jul 1996, Simon Spero wrote: > Date: Sun, 21 Jul 1996 16:05:59 -0400 (EDT) > From: Simon Spero > To: David Sternlight > Cc: The Deviant , > Deranged Mutant , cypherpunks at toad.com > Subject: Re: A Snake-Oil FAQ > > [sorry Perry] > > On Sun, 21 Jul 1996, David Sternlight wrote: > > > So is your comment. What was broken was not public key, but a particular > > key length (and by implication shorter ones). You can do that with just > > about any system, even a one-time pad, by brute force, but it won't buy you > > Really? The only way I know of forcing a one-time pad is to use a hardware > QM-based random number generator to generate every possible decrypt, thus > creating a number of universes equal to the number of possible keys. Since > you can't tell if you're universe is the right one, one should always > verify the information obtained against a second source. IANAL, so I can't > say if such a decrypt would count as probably cause. > > Simon > Yes, but this is even more un-revealing than the OTP'd message, cause now you have a list of messages that say Nuke Siam. Nuke Ohio. Nuke Hell. Nuke Shit. and so on and so forth, and any of them could be right. Its better just to rely on other techniques (physical key compromise, etc) than to have the _complete_ list of possibilities on OTP... > --- > Cause maybe (maybe) | In my mind I'm going to Carolina > you're gonna be the one that saves me | - back in Chapel Hill May 16th. > And after all | Email address remains unchanged > You're my firewall - | ........First in Usenet......... ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Umm... that would be Duke, next door in Durham... Of course, I'm an NCSU fan anyway, but... --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfKYgjAJap8fyDMVAQEHugf/QWCkRVsP4TYEUIp6ImA4NyDtnOCoI3qe pGWvcEC/4qbuwXnYJR9yO+OSQ3Kh0zYOzhLxKCPwVHtm8uwjaELxSUD7qGJOVRU5 4rw/envcubQ+hYxzxIkPZnq7tosJpDp9mNZOLcwhmE+g4oAMv6dKMJautqB737CE 5AWQU2+Nb2/HQ7ZUSNae/CCDjZRVnTSbuKapCCz5YaYk7QwIOK2komVKmA1fI8xi zLhdBagoS5Gtnt5nxnlHM+Gv57wxXZABJ4+woDbgr5/4grHkYW5Or3lqyNqV271A gvGkxYE6eO9IJH50Ryf8eTXLU4J81iGxDLglM3KlgF4hdWi8RnRvUw== =/egV -----END PGP SIGNATURE----- From jimbell at pacifier.com Sun Jul 21 16:42:27 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 22 Jul 1996 07:42:27 +0800 Subject: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing Message-ID: <199607212127.OAA10799@mail.pacifier.com> At 02:12 PM 7/21/96 -0400, Bob Palacios wrote: > The Center for Democracy and Technology /____/ Volume 2, Number 28 POLICY POST Volume 2, Number 28 July 21, 1996 > CONTENTS: (1) FBI Director to Testify at Senate Crypto Hearing; Netizens Can > Participate in Hearing Live Online >In an effort to ensure that concerned Internet users can participate in >this important policy debate, If there is anything worth complaining about, it is that there simply hasn't been a "debate" in this "important policy debate." The pro-GAK few have consistently avoided appearing in a format in which a genuine debate can occur. And I don't mean a question-and-answer scenario either, whether the questions are asked by Congress or the news media. I'm talking about a REAL debate, one where the pro-GAK's can be seen to _lose_ by being torn to pieces. Jim Bell jimbell at pacifier.com From werewolf at io.org Sun Jul 21 17:10:31 1996 From: werewolf at io.org (Mark Terka) Date: Mon, 22 Jul 1996 08:10:31 +0800 Subject: Does JPUNIX Remailer Have a Help File? Message-ID: <199607212155.RAA19549@io.org> -----BEGIN PGP SIGNED MESSAGE----- Anybody know if the nym server at jpunix has a help file that can be requested? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfEaEXBFBj7pSNyhAQG4Xwf9HKUs8yu2pWZ0OxVP6MZb8jn2DXNezELi UUbrKlmT2eAUv/MqFE3phprXn5dJC5n7BGRX72s/4tzJ87NhY6sF/w2pMKVWcbih gZTpEYFdP8RoJpK5fQ5rBUnOjWhx8YAgeF7/m8te4VKK787lilVmMgFZLnCHOVWs NqxiHP2A3fcQSZIAwKXIwj7Fay8KWMT7a1Q5y96SHUUez1Mnp45d41+2C17QbQZS wMXs4J/PN5eX5mkQXo/kRFgSWzi/GDLRWozBDZhZE9X3PIMoIflDkEoPwzWOIoCw L4fn1FRochUmaQseG1QwbC44H5eDd1i8VJhN/y2UecAEK5EDm8V1aQ== =YqA0 -----END PGP SIGNATURE----- From micron at accessone.net Sun Jul 21 17:29:51 1996 From: micron at accessone.net (Mike Ronn) Date: Mon, 22 Jul 1996 08:29:51 +0800 Subject: No Subject Message-ID: <9607212220.AA00769@pulm1.accessone.com> From frantz at netcom.com Sun Jul 21 17:39:11 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 22 Jul 1996 08:39:11 +0800 Subject: Opiated file systems Message-ID: <199607212227.PAA02786@netcom7.netcom.com> At 9:26 PM 7/19/96 -0800, Chris Adams wrote: >BTW, I'd try a fiber-optic connector to the machine because 1) it's >waterproof and you wouldn't have to be quite as paranoid about leaks, 2) >it's far more secure, 3) it's faster and 4) it's probably impossible to >trace like a metal wire (i.e. run current through and trace magnetic >fields...)... Just some random advice: My high-speed networking expert friend says that plastic fiber is good to about 4-5 miles, and is a lot easier to work with than glass fiber. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From vinnie at webstuff.apple.com Sun Jul 21 17:41:26 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Mon, 22 Jul 1996 08:41:26 +0800 Subject: Giving 6 year old kids Uzi's(the thread that wont die) In-Reply-To: <199607212043.QAA20311@lists.gateway.com> Message-ID: > Yes, those guns are evil things. Evil I tell you, constantly shooting >people for no reason, going off half-cocked and whooping it up all by >their polished oiled ol selves. > > Isn't it funny how otherwise rational people can ascribe intentions >and moral alignement (ie. good/evil) to an inert chunk of steel? I believe Jeff Cooper calls it "Hoplophobia - (1) An irrational fear of tools. (2) By extension, an irrational fear of weapons or things which may be used as weapons." " Hoplophobia is, after all, not a reasoned position, but rather a mental aberration. Being basically emotional, it is a feeling rather than an examined forensic position. " J Cooper. Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From dlv at bwalk.dm.com Sun Jul 21 17:49:00 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 22 Jul 1996 08:49:00 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: Simon Spero writes: > [sorry Perry] > > On Sun, 21 Jul 1996, David Sternlight wrote: Sigh. :-( --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From stewarts at ix.netcom.com Sun Jul 21 17:57:38 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 22 Jul 1996 08:57:38 +0800 Subject: Borders *are* transparent Message-ID: <199607212242.PAA11398@toad.com> At 01:13 AM 7/20/96 +0600, Arun Mehta wrote: >Is enought information available for someone else to write >software that would be able to >communicate with Netscape's at the US-level of crypto? If so, the >US government is simply >forcing Netscape to open a window of opportunity for some foreign >software company to come up with a competing product for the >international market. A case of cutting off your nose to spite your face? The encryption and protocols used by Netscape are their SSL protocol; you can get the Australia-written SSLeay package to do it, though if you want to use it in the US you need to make sure you've taken care of RSA patent-licensing issues. There are two ends of the problem - browser and server. It's really hard to compete with Netscape's browser, since they add N more features per week, though you could make a far smaller adjunct browser to handle secure transactions that you leave running in another window while doing Netscape. On the other hand, competing with their server is possible, being done, and potentially big business. During the Pro-CODE Senate hearings, Barksdale put up a poster of a web page in South Africa for a web-server called Sioux, which is some relative of Apache and maybe Apache-SSL, and which makes a big point on its web page about not being limited by US ITAR restrictions. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From jimbell at pacifier.com Sun Jul 21 18:01:32 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 22 Jul 1996 09:01:32 +0800 Subject: NCs (network computers) Message-ID: <199607212300.QAA14231@mail.pacifier.com> At 12:53 PM 7/21/96 -0700, Vladimir Z. Nuri wrote: >I thought this was a great message on the future "network computers" >that may be coming out soon. a balanced view that shows how there >may be a niche, and that there are also places where they will >not be appropriate. the NCs could really potentially change the >computer and cyberspace as we know it in a very significant way. I think that the concept of "network computers" as presented is nearly a joke. (It's a rehash of the common portrait of terminal/modem computers that was commonly promoted in the late 60's and early 70's.) Their main advantage was supposed to be cost: The "$500" figure is the one which is commonly presented. However, in the middle of 1995 the components of computers which were NOT bargains were memory, which was kept artificially high by what I can't help concluding was price fixing, and over-priced CPU's from Intel. The memory-price problem has now been solved after an extreme price decrease, and the CPU-price problem can be avoided to a great extent by staying with 486's or lower-end Pentiums. What, then, are the remaining advantages of a "NC"? The one thing that these network computers were supposed to save on, in addition to this, was a hard disk, but when I keep seeing those ads for $170 1-gigabyte hard disks, it's hard to imagine how anybody would WANT to save this amount. Let's do a comparison: Even a 28.8 kbps modem can't transmit much above 3500 bytes per second after decompression, which is about 3 million seconds of data to fill a 1 gigabyte hard disk, or about 800 hours. You'd have to be buying Internet access time for $170/800, or 20 cents per hour, to justify re-loading anything twice from the Internet as opposed to storing it locally. Hard disks are a bargain, and it isn't worth NOT having one. Jim Bell jimbell at pacifier.com From whallen at capitalnet.com Sun Jul 21 18:24:32 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Mon, 22 Jul 1996 09:24:32 +0800 Subject: Length of passphrase beneficial? Message-ID: <199607212302.TAA08173@ginger.capitalnet.com> At 15:38 96.07.21 -0500, Adam Shostack wrote: > >Erle Greer wrote: > I think its a poor assumption that your home won't be searched >if you're doing something that makes you want a 2048 bit key. Your kidding, because someone set up PGP to a large key your assuming their doing wrong and the guy's going to get busted. Wow. I set up a long key myself but never have used the silly thing, that mean I'm guilty too. (Gotta go, a black helecopter just landed in the back yard) > A >thousand bits of keylength should be good enough for most things that >don't need to stay secret more than 5-10 years. > Not if he keeps the passphrase to the key availiable to all. The original poster did mention it was to only his wife at home who was a risk. A psudo- random alph-nummeric key of the size he claims can't be memorized so it has to be on the h-drive or a floppy. He may as well fess up now to the Mrs before she publishes all cause she's in. Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From BMCarpenter at trevecca.edu Sun Jul 21 18:59:21 1996 From: BMCarpenter at trevecca.edu (Myers W. Carpenter) Date: Mon, 22 Jul 1996 09:59:21 +0800 Subject: Credit Card to eCash Message-ID: What would be the problems in setting up a web site to make a charge to a Credit Card/ATM card number and return Cash, like an ATM for the net? I belive this would be a easy tool to promoat wider use of eCash. Not everyone wants to go through setting up an account at Mark Twain or whereever, just the advantages of a more cash like system. With a few sites like this around, and hopefully therefore more eCash in the wallets of the public this could help to add to a critical mass to eCash and so on. I don't think it would create the critical mass nessary for eCash's success, but at least another log on the fire. anyway... myers From jamesd at echeque.com Sun Jul 21 19:09:34 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 22 Jul 1996 10:09:34 +0800 Subject: The Orchid Ring of (Probable) Child Pornographers Message-ID: <199607220000.RAA07789@dns2.noc.best.net> At 08:43 PM 7/17/96 -0700, Timothy C. May wrote: > As such, potentially powerful ammunition for > those who would like restrictions placed on crypto. (Especially if it turns > out that law enforcement learned of the Orchid Ring through non-encrypted > communications.) Fortunately they were caught by much lower tech methods. One of their models changed her mind and complained to her parents, the cops grabbed the guy and pursuaded him to spill the beans. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Sun Jul 21 19:29:48 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 22 Jul 1996 10:29:48 +0800 Subject: Netscape Message-ID: <199607220009.RAA08680@dns2.noc.best.net> At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: > Why not consider what the consequences will be? Do you seriously > believe that this will make the government stop enforcing ITAR? Yes: Widespread politically motivated disobedience forces the state to either demonize the disobedient, (as with drug users) or give up enforcement. This is a standard and effective method of forcing the repeal of laws, a method which has had a long record of success for several hundred years. The states cohesion derives from its legitimacy, and threats to legitimacy and cohesion are treated very seriously by government officials. Threatening the states legitimacy is arguably more effective in influencing government behavior than blowing up federal office buildings. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From adam at homeport.org Sun Jul 21 19:43:36 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 22 Jul 1996 10:43:36 +0800 Subject: Length of passphrase beneficial? In-Reply-To: <199607212302.TAA08173@ginger.capitalnet.com> Message-ID: <199607220125.UAA21460@homeport.org> Wayne H. Allen wrote: | At 15:38 96.07.21 -0500, Adam Shostack wrote: | > | >Erle Greer wrote: | | | > I think its a poor assumption that your home won't be searched | >if you're doing something that makes you want a 2048 bit key. | | Your kidding, because someone set up PGP to a large key your assuming | their doing wrong and the guy's going to get busted. Wow. I set up a long | key myself but never have used the silly thing, that mean I'm guilty too. | (Gotta go, a black helecopter just landed in the back yard) No, I said 'home won't be searched.' I don't know why you assumed that I meant the LEAs would get a warrant and bust somone. If you want a 2048 bit key because it makes you feel warm and fuzzy, fine. If you're also using a random passphrase, I think its fair to assume that you have a threat in mind. | > A | >thousand bits of keylength should be good enough for most things that | >don't need to stay secret more than 5-10 years. | > | Not if he keeps the passphrase to the key availiable to all. The original | poster did mention it was to only his wife at home who was a risk. A psudo- | random alph-nummeric key of the size he claims can't be memorized so it has I disagreed with that assesment. Breaking into a home is easy. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From ichudov at algebra.com Sun Jul 21 20:27:18 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 22 Jul 1996 11:27:18 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.16.19960722004904.1a3fece0@postoffice.worldnet.att.net> Message-ID: <199607220111.UAA19079@manifold.algebra.com> Llywarch Hen wrote: > In these parts most guns seemed to be used by the temporarily depressed > teenaged children of gun owners. One kid managed to live as a vegetable > having successfully removed the source of his unhappiness -- his brain. > Tough luck. Pretty hard to aim properly when you are upset. Lesson: keep > your cool. I promised that when I have children I will not have guns at home. I think that for me the danger outweighs the benefit. I would explain them basic gun safety and how to shoot though, but would not keep guns around them for any long period of time. Lots of kids impulsively do things that they later regret. Like, once one little boy hit me hard in the head with a heavy stick from behind my back. I have never met him before, never even talked to him and never angered him. He was 3-4 years younger than me so obviously he did not do it because he was a bully. After he did it he was really sorry and no one including his mom could explain why he did it. Thanks to his mom who prevented me from beating the shit out of him. Now, if he or myself had access to a firearm, the life now would not be nearly as good as it is. I've seen these sudden destructive impulses in kids many times. - Igor. From ecgwulf at postoffice.worldnet.att.net Sun Jul 21 20:30:51 1996 From: ecgwulf at postoffice.worldnet.att.net (Llywarch Hen) Date: Mon, 22 Jul 1996 11:30:51 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.16.19960722004904.1a3fece0@postoffice.worldnet.att.net> At 08:15 PM 7/21/96 +0000, you wrote: >Again, I am not crusading against guns and armed self-defense, but >I am indeed saying that simply having a firearm at home does not insure >safety and security. You have to go beyind having a gun and get a dog >and/or a metal door. A good fence is also a plus, although may not >always be possible. I'd certainly agree with that, but would like to add that an unloaded gun is of no use and a gun in the nightstand or in the trunk of your car is also of no use. For all cases other than home intrusion, the gun has to be worn -- I recommend a shoulder holster. In the case of home intrusion, one can hope that the intruder has no desire to be successful and permits you to get the drop on him. Perhaps he'll slam the refrigerator door allowing you to fumble around under your pillow for your weapon. I know of people who have walked out of museums with paintings trailing alarm wires -- so let's hope our intruder is an amateur and best of all is scared off by some phony security signs, fake alarm wires, etc. In these parts most guns seemed to be used by the temporarily depressed teenaged children of gun owners. One kid managed to live as a vegetable having successfully removed the source of his unhappiness -- his brain. Tough luck. Pretty hard to aim properly when you are upset. Lesson: keep your cool. Now for street wear I strongly recommend a variety of loads. Probably my favorite is a reversed semi-wadcutter. This puppy is extremely inaccurate since it starts tumbling as it leaves the barrel. At extremely close ranges it'll tear up some flesh and further out it'll walk nastily through outer clothing completely wrecking it for formal wear and continue through enough skin to be damaging. Low on kinetic energy, it will however transfer its entire momentum where it counts. A semi-automatic will not properly feed these, so you gotta be traditional if you are of the big clip persuasion. A few observations: since our hog leg is shoulder-holstered we will need a coat. Now if you want to take a piss, court-houses, airports and a few other public buildings are out. We would feel foolish being tackled and thrown to the floor while hunting for the restroom even if we slipped past security. So here we are, sweating and chafing with a gun and a coat and a urinary tract infection. Feel safe yet? -- Llywarch Hen From initialization at nemesis.meaning.com Sun Jul 21 20:36:10 1996 From: initialization at nemesis.meaning.com (initialization) Date: Mon, 22 Jul 1996 11:36:10 +0800 Subject: INFO: Submit your testimony to Congress for hearings on July 25! Message-ID: <199607220123.SAA28599@black.colossus.net> vtw at vtw.org writes: > UPCOMING HEARING INFORMATION > > The Senate Commerce committee will be holding hearings on the Burns/Leahy > Pro-CODE bill (S.1726) this Thursday July 25, 1996 in Washington D.C. > > Like most everyone that doesn't live in Washington, you can't be there > in the flesh. But you can be there virtually through www.crypto.com! > > A RealAudio cybercast of the hearing is being coordinated by Jonah Seiger > (CDT). If you have the RealAudio software (it's free from www.realaudio.com) > you can listen to the hearing live. You can also telnet into the chat room > and pose questions to the staffers who will be online. > > If you wish to make your voice heard, take a moment and submit your own > written testimony through the web page at http://www.crypto.com. When > you submit your testimony, you can also submit a question for FBI Director > Louis Freeh who is scheduled to testify. We'll provide a copy of the > questions to the committee members, and urge them to pin down Director > Freeh on some of the finer points of the issue. > > This is an amazing time for democracy. Never before have American citizens > been able to have so much representation in the halls of Congress without > actually being physically there. Don't let this debate go on without your > input! > > A complete profile of the cybercast and the net-presence effort is available > at http://www.crypto.com/ until the hearing, and at > http://www.crypto.com/events/ after that. > This is an amazing time for Big Brother, who, in the person of VTW, is gathering the names and addresses of all who oppose it, one by one, under the Rube of "testimony" and "democracy"? What do you think will happen next? You think Big Brother is going to hear what you say and say "oh my god they are right!" and then turn around and mend its ways? NO! You will be marked as a trouble maker in your file, and rounded up or worse, when the time comes! They have duped many into participating, and others, prominent ones like Blaze, Diffie, Schneier, Zimmermann, have been blackmailed into working for them. Turn your back on this sham "democracy". Fuck their "hearings". And demand truth from "VTW". VTW=NSA+FBI front. From adam at homeport.org Sun Jul 21 20:36:18 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 22 Jul 1996 11:36:18 +0800 Subject: Credit Card to eCash In-Reply-To: Message-ID: <199607220232.VAA21581@homeport.org> Well, theres the 90 days of float from the credit card clearing house, and then the chance of non-payment. The fraud issue (steal a credit card, get $10,000 in e-cash...) Adam | What would be the problems in setting up a web site to make a | charge to a Credit Card/ATM card number and return Cash, like an ATM for | the net? -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at got.net Sun Jul 21 20:45:15 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 22 Jul 1996 11:45:15 +0800 Subject: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court Message-ID: At 3:23 PM 7/21/96, James A. Donald wrote: >At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: >> Why not consider what the consequences will be? Do you seriously >> believe that this will make the government stop enforcing ITAR? > >Yes: > >Widespread politically motivated disobedience forces >the state to either demonize the disobedient, (as with drug users) >or give up enforcement. This is a standard and effective method >of forcing the repeal of laws, a method which has had a long record >of success for several hundred years. Further, I know someone who saw internal NSA memoranda from their legal folks that court challenges of the ITARs should be avoided if at all possible, as the ITARs would likely be overturned on constitutional grounds. (Not all of them, presumably. Shipment of hardware ("arms") would likely not be affected. But the ITARs that stop the spread of knowledge, published papers, and speech (such as speaking where a foreigner can hear!) would likely be overturned.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Sun Jul 21 21:02:13 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 22 Jul 1996 12:02:13 +0800 Subject: A Snake-Oil FAQ Message-ID: <199607220206.WAA00212@unix.asb.com> On 21 Jul 96 at 6:03, The Deviant wrote: > > I've written a short "Snake Oil FAQ" below. It's incomplete and > > needs some work (adding a few definitions, rewording, aesthetic > > formatting, etc.), so think of it as a 'beta' FAQ (please don't [..] > Looks very nicely done. I think you pretty much covered it... but... Thanks. > > Be wary of marketing gimmicks related to "if you can crack our > > software" contests. > > > > Even the best cryptographers and security professionals have done this. > RSA did it with their Public Key system, which took 20+ years to break. Note the words "marketing gimmicks". The $100 reward isn't a gimmick in the same way as "we'll give you our company" or "we'll give you five free copies of our software". But yes, that sentence could be reworded differently. > Throughout history, many security mechanisms, even the best ones, > including Cyphers, Locks, Firewalls, etc. have been known to go as far as > to offer prizes (some extremely high, upwards of a million dollars, some > as low as RSA's famous $100 prize) > > I think that this one really is just a bit too broad. Oddly enough, RSA's RC2/RC4 is also an exception to the proprietary algorithm warning, (some would dispute that), so that section needs some minor rewriting. *sigh* I'll work on it. Thanks, Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From david at sternlight.com Sun Jul 21 21:07:57 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 12:07:57 +0800 Subject: Netscape In-Reply-To: <199607210918.FAA14603@quasar.voicenet.com> Message-ID: At 10:42 AM -0700 7/21/96, Mark M. wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >On Sun, 21 Jul 1996, Bill Stewart wrote: > >> First of all, the goverrnment _has_ enforced ITAR; I've seen references >> (ummm, on the net...) to a few cases of things like exporting TV decryptors, >> as well as all the enforcement about illegal trafficking in guns and such. > >I haven't heard of anyone ever being indicted for exporting cryptography. I >should have made it clear that I was refering to ITAR as it applies to crypto, >and not other items that would fall under ITAR. > >> But second, if you're threatened with jail and large fines, and have >> to pay your lawyers lots of money to avoid being railroaded, >> that's enforcement even if it's not the full-scale due process type. > >Quite true. I was just refering to someone actually being tried and found >guilty of violating ITAR by exporting cryptography. I'd be very interested in >any references to companies or individuals being prosecuted for exporting >crypto. Irrelevant. Why should they have to if nobody has done it and fessed up? A law that is enforced because nobody is willing to violate it is just as good as the kind where they shoot you after one overtime parking offense. Better, because nobody gets shot. David From sameer at c2.net Sun Jul 21 21:08:52 1996 From: sameer at c2.net (sameer) Date: Mon, 22 Jul 1996 12:08:52 +0800 Subject: Borders *are* transparent In-Reply-To: <199607212242.PAA11398@toad.com> Message-ID: <199607220027.RAA12446@atropos.c2.org> > South Africa for a web-server called Sioux, which is some relative > of Apache and maybe Apache-SSL, and which makes a big point on It's based on Apache, not Apache-SSL. I guess Barksdale didn't talk about Apache-SSL, which is also available without export restrictions from the UK. Perhaps because he knows that Apache-SSL is an incredibly superior product to Netscape's servers.. -- Sameer Parekh Voice: 510-986-8770 Community ConneXion, Inc. FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From tomw at netscape.com Sun Jul 21 21:09:02 1996 From: tomw at netscape.com (Tom Weinstein) Date: Mon, 22 Jul 1996 12:09:02 +0800 Subject: Netscape In-Reply-To: <199607220009.RAA08680@dns2.noc.best.net> Message-ID: <31F2DBAE.41C6@netscape.com> James A. Donald wrote: > > At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: > > Why not consider what the consequences will be? Do you seriously > > believe that this will make the government stop enforcing ITAR? > > Yes: > > Widespread politically motivated disobedience forces > the state to either demonize the disobedient, (as with drug users) > or give up enforcement. This is a standard and effective method > of forcing the repeal of laws, a method which has had a long record > of success for several hundred years. A handful of cyperpunks hardly constitutes "widespread polititcally motivated disobedience". In any case, the demonization has already begun; they point their fingers at the four horsemen of the internet at every oportunity. What I object to is anonymous activists who perform acts at no risk to themselves which make it harder for those of us who are trying to bring strong crypto to everyone. > The states cohesion derives from its legitimacy, and threats to > legitimacy and cohesion are treated very seriously by government > officials. > > Threatening the states legitimacy is arguably more effective in > influencing government behavior than blowing up federal office > buildings. The first step is to create at least a strong minority. A handful of cypherpunks can be largely ignored. We have to get the general public using and educated about strong crypto before civil disobedience will mean anything. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From david at sternlight.com Sun Jul 21 21:17:37 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 12:17:37 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: At 1:05 PM -0700 7/21/96, Simon Spero wrote: >[sorry Perry] > >On Sun, 21 Jul 1996, David Sternlight wrote: > >> So is your comment. What was broken was not public key, but a particular >> key length (and by implication shorter ones). You can do that with just >> about any system, even a one-time pad, by brute force, but it won't buy you > >Really? The only way I know of forcing a one-time pad is to use a hardware >QM-based random number generator to generate every possible decrypt, thus >creating a number of universes equal to the number of possible keys. Since >you can't tell if you're universe is the right one, one should always >verify the information obtained against a second source. IANAL, so I can't >say if such a decrypt would count as probably cause. Theoretically Simon is right. Nevertheless one-time pads have been broken through trial and error when they have been reused either out of laziness or force majeure. It's not a "monkeys in the British Museum" problem, since when you hit the right key sequences both encrypted text streams will fall cleanly out--otherwise the chances are overwhelming (given a decently long run) that one of the two streams will contain garbles or more likely be complete gibberish. It's a pretty simple computer program--all you need is a decent test for plaintext so you don't have to examine most of the test decryptions. David From ante at nemesis.meaning.com Sun Jul 21 21:31:17 1996 From: ante at nemesis.meaning.com (ante) Date: Mon, 22 Jul 1996 12:31:17 +0800 Subject: evidence from the NIC - interpret and use as you will. Message-ID: <199607220153.SAA29047@black.colossus.net> See who is sleeping with who. These are the supporters of the sham "hearings". Voters Telecomm Watch (VTW-DOM) 115 Pacific St., #3 Brooklyn, NY 11201 Domain Name: VTW.ORG Administrative Contact: Safdar, Shabbir (SS155) shabbir at PANIX.COM (718) 596-7234 Technical Contact, Zone Contact: Panix Network Information Center (PANIX5) hostmaster at panix.com +1 212 741 4400 Record last updated on 27-Sep-95. Record created on 06-May-94. Domain servers in listed order: NS1.ACCESS.NET 198.7.0.1 NS2.ACCESS.NET 198.7.0.2 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. Blaze, Matt (CRYPTO-DOM) 101 Crawford Corners Rd Room 4G-634 Holmdel, NJ 07733 Domain Name: CRYPTO.COM Administrative Contact: Blaze, Matt (MB19) mab at CRYPTO.COM (908) 949-8069 Technical Contact, Zone Contact: Network Information and Support Center (PSI-NISC) hostinfo at psi.com (518) 283-8860 Record last updated on 06-May-93. Record created on 06-May-93. Domain servers in listed order: NS.PSI.NET 192.33.4.10 NS2.PSI.NET 38.8.50.2 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. Center for Democracy and Technology (CDT2-DOM) 1634 Eye Street, NW Suite 1100 Washington, DC 20006 USA Domain Name: CDT.ORG Administrative Contact: Weitzner, Daniel (DW151) djw at CDT.ORG (202) 637-9800 Technical Contact, Zone Contact: Palacios, Bob (BP282) bobpal at CDT.ORG (202) 637-9800 Billing Contact: Kolb, Danielle (DK1006) dkolb at CDT.ORG (202) 637-9800 Record last updated on 19-Apr-96. Record created on 20-Dec-94. Domain servers in listed order: NS.CAIS.COM 205.177.10.10 NS2.CAIS.COM 199.0.216.1 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. From vin at shore.net Sun Jul 21 21:33:30 1996 From: vin at shore.net (Vin McLellan) Date: Mon, 22 Jul 1996 12:33:30 +0800 Subject: Firewall Penetration Message-ID: Frank Willoughby wrote: >FWIW, of @70 firwalls on the market, only @5 are adequate to protect >a company from the hazards of the Internet. Ah, Frank, are you talking here about session hijacking and is end-to-end crypto the defining factor of the robust five? Suerte, _Vin Vin McLellan +The Privacy Guild+ 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548 <*><*><*><*><*><*><*><*><*> From snow at smoke.suba.com Sun Jul 21 21:54:16 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 12:54:16 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: On Fri, 19 Jul 1996, David Sternlight wrote: > At 1:49 AM -0700 7/20/96, Timothy C. May wrote: > >At 6:42 AM 7/19/96, snow wrote: > >>On Thu, 18 Jul 1996, Doug Hughes wrote: > >>> If people break into my house with the element of surprise wearing > >>> all black in the middle of the night, they have the element of surprise > >>> If you don't reach for a gun, at least you have the 'chance' for > >>> restitution on your side. If you're dead, you have no options. > >> If you are trained a certain way, you _are_ going to reach for > >Snow is absolutely right! Surprised in the night, with no clear > >identification of the entrants (and yelled "Police!!" claims are used by > >home invaders, so I would not trust this anyway), a trained person will > >instinctively reach for his weapon. > Probably something to do with flushing dope down the toilet, or destroying > evidence. Perhaps it's too much to expect them to disconnect the sewer line > and hit your interior with a water hose and an electricity cut-off before > raiding it. Of course escalating a war against your own citizens makes more sense than legalizie the crap and letting the idiots die. After all, big brudder has the right to control the substances I put into my boddy. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Jul 21 22:03:08 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 13:03:08 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: On Sat, 20 Jul 1996, Elliot Lee wrote: > > IOW, if a 'pre-dawn unannounced ninja raid' [sic] occurs on you, you are > pretty well beat, if only because the other side knows what they are doing > and you have no idea of their plans. > The only protection against lawlessness is not lawlessness, it is reason. I'm probably starting to sound a little bellish on this, but that is why I suggested (only half in jest) the hand gernade. A pyrrhic victory is still a victory. Of course I am a little nuts. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Jul 21 22:11:07 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 13:11:07 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.16.19960720081320.2427098c@postoffice.worldnet.att.net> Message-ID: Worldnet, We're _worse_ than AOL. On Sat, 20 Jul 1996, Llywarch Hen wrote: > Timothy C. May wrote: > >If a black-clad ninja enters my house without warning, I'll have to react > >the only way I know how, by reaching for my gun. I don't have the luxury of > >freezing, exposing my neck (wolf-style), and hoping that the ninjas are > >"just" the police. > Sir, you are not allowing for just how incredibly stupid the cops are. When > they show up at your house, it is all over. They've already decided that you > are scum. You'd have us believe that you lie awake stroking your gun. You You are showing your ignorance of training. > 'black-clad' indeed. The one 'black-clad' character that comes to mind is You never paid much attention to a swat team have you? Entry teams routinely wear black, it is more intimidating and doesn't show blood all that well. > the _Economist_ editor found dead last year on his kitchen table wearing a > tight-fitting latex number who expired having sex with him/itself. Of course > this says nothing about the _Economist's_ readership, except most likely in > your case. What a person does in the privacy of their kitchen is no concern of anyone else. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From ichudov at algebra.com Sun Jul 21 22:34:50 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 22 Jul 1996 13:34:50 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607220255.VAA19757@manifold.algebra.com> Sandy Sandfort wrote: > On Sun, 21 Jul 1996 ichudov at algebra.com wrote: > > Lots of kids impulsively do things that they later regret. Like, once > > one little boy hit me hard in the head with a heavy stick from behind > > my back...Now, if he or myself had access to a firearm, the life now > > would not be nearly as good as it is. > > > > I've seen these sudden destructive impulses in kids many times. > > So have I, but your assertion begs the question. In an unarmed > society, people don't have to curb their impulse to the extent > they do in an armed one. As a result they often don't. The > Swiss and the Israelis seem to avoid internecine fratricide, even > though guns are everywhere. I don't think it is any coincidence > that incivility and casual violence have increased in America in > direct proportion to the ongoing orgy of victim disarmament. > ... snip ... > Powerlessness is far more a cause of impulsive rages than the > trust, responsibility and empowerment engendered by gun ownership. > As I said, the kid who hit me in the head with a stick was 3-4 years younger than me. You skipped that part. Correspondently, I could beat him easily (I did, but his mother soon interrupted me), which was obvious to him. So he had plenty of information that would deter a rational person. He had all the reasons to "to curb his impulse", as you said, and he could have thought about his punishment. Still, he hit me. He was NOT a rational person, therefore. Just as simple as that, that particular kid who hit me should not be trusted with a firearm at his age. This is a simple logical conclusion. Your arguments apply to people who do not do impulsive things. To adults for example. Again, I expressed my opinion about raising my own kids. I do not have an opinion on whether parents in general should be allowed to give guns to their kids or not, but I would not keep a firearm in my home when I have kids. I may teach them gun safety or shooting, but would never leave them at home with access to guns. - Igor. From fotiii at crl.com Sun Jul 21 22:36:39 1996 From: fotiii at crl.com (Frank O. Trotter, III) Date: Mon, 22 Jul 1996 13:36:39 +0800 Subject: Credit Card to eCash Message-ID: <199607220309.AA24954@mail.crl.com> > |What would be the problems in setting up a web site to make a > | charge to a Credit Card/ATM card number and return Cash, like an ATM for > | the net? > > -- > "It is seldom that liberty of any kind is lost all at once." > -Hume > Obviously this would be tremendous! There are a variety of ways that one can construct a purse to allow use of a purchased amount of ecash(tm) without being a customer of a particular bank - a nifty idea if the credit card part works. The "credit card thing" has been much discussed but really hinges on a change in the MC or VISA rules that either doesn't allow someone to cancel the transaction at a later date leaving the acceptor holding the bag, or allowing the acceptor to charge a fee that covers the default risk of the former. Currently according to my reading both are precluded. Curiously, a little bird told me that the VISA _cash_ cards for Atlanta allow you to call up to order one paying with a credit card, and that it appears on one's statement as merchandise. I would be curious to hear what VISA rule changed to allow a non-face-to-face cash advance to occur and call it merchandise! Whatever. Best, FOT My own ideas, not my employer's. Frank O. Trotter, III - fotiii at crl.com www.marktwain.com - Fax: +1 314 569-4906 -------------------------------------------- From lcrouse at wesleyan.edu Sun Jul 21 22:38:53 1996 From: lcrouse at wesleyan.edu (Lora Crouse) Date: Mon, 22 Jul 1996 13:38:53 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <199607220104.VAA24550@mail.wesleyan.edu> At 03:21 AM 7/21/96 -0700, you wrote: >He will cite >Hudson, Heritage, RAND, ... AEI, and Cato whose shining lights best >understand who it is that is signing their paychecks. These are the folks >that bought us Vietnam, did not pay for it in lives or money, but profited >immensely. >-- Llywarch Hen I can assure you the Cato Institute would not have supported the Vietnam War (assuming they had be in existence around that time, which they weren't). They didn't even support the invasion of Iraq. Maybe you should do a little research before painting such a broad stroke against think tanks. Lora From snow at smoke.suba.com Sun Jul 21 22:45:01 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 13:45:01 +0800 Subject: [NOISE} Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.32.19960720183725.00e38e60@mail.teleport.com> Message-ID: On Sat, 20 Jul 1996, Alan Olsen wrote: > At 10:10 AM 7/20/96 -0800, Vinnie Moscaritolo wrote: > >Speaking of Bob Hettinga put it to words best, told me that standing on the > >Concord bridge he could see the colors of the American flag eminating > >outwards to the rest of the country. Yup this is where it all started.. > Should teach him not to drink so much in the combat zone in Boston. ]:> Doesn't sound like he was drinking. Or if it was liquid, he didn't drink more than a drop or two... (not to imply that a total stranger is into proscribe recreational pharmacuticles) Petro, Christopher C. petro at suba.com snow at smoke.suba.com From tcmay at got.net Sun Jul 21 22:45:49 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 22 Jul 1996 13:45:49 +0800 Subject: Boycotts and Etiquette Message-ID: At 1:19 AM 7/22/96, Igor Chudov @ home wrote: >Honestly, this boycott campaign looks out of place on Cypherpunks, at >least to me. I mean, we are for freedom of speech, aren't we? >Sternlight is talking about on-topic things. How come that renowned >defenders of freedom of speech resorted to name calling and attempts to >push their opponent out of the public forum? Note that I have not called for a boycott of Sternlight. The voices you here adding their name to a list are biasing the statistics. Those who don't want to respond to Sternlight, or me, or Vulis, Bell, or VZNuri/LD, should simply *not respond*! A novel idea, eh? I think I have been relatively polite to David, though I sure do wish he'd "pull his punches" with his gratuitous insults (e.g., by ending posts with dismissive remarks about the moral beliefs of his opponents, to name one example). I call these "ad hominem" remarks, in that they call into question the motivations or the basic competence of others to comment, though perhaps David believes that since they are "true," they cannot be ad hominem. {It ain't ad hominem, it's truth.) Perhaps a better word is "disrespectul," in the sense that I get the impression that David thinks nearly everyone who engages in argument with him is either childish (a term he characterized my views as :-}), or foolish, or disingenuous, or oafish, or deceiving, or... Some examples: "...so your contention is false on its face." "Some live in the conversation in their head and require that everything be spelled out. Very well, then:" "Isn't that nice. Some creep is proud enough of his skill at accessing the trivially available InterNIC finger data that he posts it to invoke harassment. And being a coward as well, he hides behind an anonymous remailer." "Another attempt to accuse, read minds, and impute motives." ..... Actually, I started to go back through the Sternlight CP posts I have saved (*), and found a curious thing: the intelligent comments vastly outweighed the "one line repartee" insults! I believe the majority of Net participants (here, in the crypto newsgroups, etc.) lose sight of the good comments because of the flamish ones. (* Indeed, I may have skewed my sample toward less-flamish posts, as I delete most of the simple insult posts.) I believe David would be better served by not yielding to the temptation to add throwaway lines, such as he used in replying to me: " Where I come from we call that "theft". Your ethics may vary in California." This is unneeded, and adds to a tone of ad hominem attack. It is roughly equivalent to making snide remarks about the motives of Kallstrom, Denning, Freeh, etc. Not very persuasive. In fact, in one analysis of the nature of flaming he noted: "And when on occasion (as happens) I rise to provocation, my take on it isn't that the other guy posted "flame bait" but that I allowed myself to be out of control. It's always possible to respond with the standard weapons against provocation when such is deliberate: rapier-like wit, reductio ad absurdum, literate sarcasm, or simple silence aka the filter file. Actual contumely in a response is seldom necessary, except perhaps by reference on rare occasion. We're not children here." Good advice. I agree with him here, and will not try to collect more examples of rudeness...Perhaps we react too strongly to the "Sternlightisms" and lose sight of the better points? Still, in my several years of seeing his posts in sci.crypt, talk.politics.crypto, talk.politics.org.eff (?), and elsewhere, I've seen that often his policy points get lost in the clutter of arguing with others on non-substantive points, of getting pulled into nonsensical crap about "SternFUD," "Bowdark," the "UnDoctor," and whom he has *Plonk*ed. Personally, as a neo-Calvinist who believes that those with whom I disagree on matters of politeness and basic morals are best punished by silence from me, I have often simply ignored threads that involve this kind of pettiness. (But, like David himself said, sometimes I, too, get pulled in...) There is a spectrum of rudeness and "disrepect." I certainly don't hold myself up as a standard of politeness. At one end are some truly rude folks, much ruder than Sternlight, me, or even Perry ("Llywarch Hen" and Vulis come to mind, recently). At the other end are some truly polite folks, such as Hal Finney and Bill Stewart, who make their points while avoiding personal characterizations or cleverly-worded insults. Rather than wasting list space with talk of "pledges" and boycotts, maybe a better approach is for us all to concentrate on better posts.... --Tim May (P.S. I don't intend to pull my punches on the "controversial" posts I like to write, such as about guns, or Ritalin, or "queer rights." While these posts apparently are "offensive" to some here, this kind of post is perfectly "fair game" as I see it.) Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Sun Jul 21 22:49:33 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 13:49:33 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607201438.KAA07420@jekyll.piermont.com> Message-ID: On Sat, 20 Jul 1996, Perry E. Metzger wrote: > Llywarch Hen writes: > > You have not had the opportunity to look closely at the business end > > of a gun. The hole looks enormous. > The opening in the barrel of just about every rifle or pistol I've > looked at seems to be about half an inch or less. Perhaps you have > been looking at the 18" guns on the battleship "New Jersey"? The towed 155's from the ANG unit I was in during college were pretty big, but it is awful hard to hit a single person at less than 300 yards. A 12 guage looks a lot bigger 3 inches from your nose than 3 feet away, but I'd rather have a hostile hold it 3 inches from my nose than 3 feet away. If you don't understand why, go talk to a _serious_ martial arts type. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From ses at tipper.oit.unc.edu Sun Jul 21 22:49:43 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Mon, 22 Jul 1996 13:49:43 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: On Sun, 21 Jul 1996, David Sternlight wrote: > > It's not a "monkeys in the British Museum" problem, since when you hit the > right key sequences both encrypted text streams will fall cleanly > out--otherwise the chances are overwhelming (given a decently long run) > that one of the two streams will contain garbles or more likely be complete > gibberish. Not with one-time-pads... the key is as long as the plaintext. Our Hamlet writing monkeys will produce, amongst others, numerous versions of the play where the prince's name is telmaH. As well as vastly more where the monkeys get all the way to the last sentence and then One-Time-Pads offer perfect security as long as they're only used once. If they're used more than once, they're not one-time-pads. --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From grafolog at netcom.com Sun Jul 21 22:58:22 1996 From: grafolog at netcom.com (Jonathon Blake) Date: Mon, 22 Jul 1996 13:58:22 +0800 Subject: Credit Card to eCash In-Reply-To: Message-ID: Myers: On Sun, 21 Jul 1996, Myers W. Carpenter wrote: > What would be the problems in setting up a web site to make a > charge to a Credit Card/ATM card number and return Cash, like an ATM for > the net? Eight to ten years, I think. It is called money laundering. AFAIK, that was the major legal hassle, when it was first done. << OK, so it was on a BBS, not the internet. >> Getting people to use it is the other major problem. xan jonathon grafolog at netcom.com AOL coasters are unique, and colourful. Collect the entire set. From tcmay at got.net Sun Jul 21 23:05:55 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 22 Jul 1996 14:05:55 +0800 Subject: A Snake-Oil FAQ Message-ID: At 3:48 PM 7/21/96, David Sternlight wrote: >So is your comment. What was broken was not public key, but a particular >key length (and by implication shorter ones). You can do that with just >about any system, even a one-time pad, by brute force, but it won't buy you ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >much more than sharpening your skills, for longer keys. This is not correct. The one-time pad is "information-theoretically secure," as proved early on by Shannon. This is much more than being "cryptographically secure," for which the term "brute force" is applicable (albeit essentially still impossible, for a large enough work factor). (I just looked at later posts and saw your response to Simon Spero's rebuttal: "Theoretically Simon is right. Nevertheless one-time pads have been broken through trial and error when they have been reused either out of laziness or force majeure." It is _very_ important that people understand that "reusing a pad" is not a valid use of a _one-time_ pad. Such misuse, while important in actual cryptanalytic history, is no more a "brute forcing" of the pad than is buying a key from an opponent, obtaining it through burglary, etc. All important methods of cracking codes, but not at all what is meant by "brute force.") --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Jul 21 23:13:11 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 22 Jul 1996 14:13:11 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: Steve Tonnesen is the winner of the 5 point prize, for his submission to me, the first I received with the correct answer: At 3:24 AM 7/22/96, Steve Tonnesen wrote: >>"I have a .45 and a shovel; I doubt you'll be missed." (5 points to >>whomever first identifies the movie this was in) > >"Clueless", I believe. > --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Sun Jul 21 23:29:28 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 14:29:28 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607202002.NAA17000@dfw-ix1.ix.netcom.com> Message-ID: On Sat, 20 Jul 1996 JonWienk at ix.netcom.com wrote: > On Fri, 19 Jul 1996, ichudov at algebra.com (Igor Chudov @ home) wrote: > >ninjas break in, everyone goes to hell. No need to wake up and be > >alert in sleep -- all will be done automatically. So before that > >ninja raid you will sleep better. > A claymore mine would be much better. It would send the "ninjas" to hell, > without necessarily forcing you to join them. You pop a claymore in a building with any substance up to the level of concrete re-enforced, and you _will_ be going with them. This is only to be used as a last resort, like calling in B-52 strikes on your own location. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Jul 21 23:33:16 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 14:33:16 +0800 Subject: Game Theory and its Relevance to Cypherpunks In-Reply-To: <199607211513.KAA14942@manifold.algebra.com> Message-ID: On Sun, 21 Jul 1996, Igor Chudov @ home wrote: > Similarly, I do not uderstand why futurists paint so rosy pictures of > the 21st century. I think that it will be at least just as full of shit > as this one. I thought roses grew best in shit? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Jul 21 23:37:09 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 14:37:09 +0800 Subject: Netscape In-Reply-To: Message-ID: On Sat, 20 Jul 1996, Rich Graves wrote: > -----BEGIN PGP SIGNED MESSAGE----- > On Sat, 20 Jul 1996, Mark M. wrote: > > On Sat, 20 Jul 1996, Tom Weinstein wrote: > > > Why not consider what the consequences will be? Do you seriously > > > believe that this will make the government stop enforcing ITAR? > > The government has yet to enforce ITAR. The only thing they have been doing > > is threatening companies who make products with strong crypto. If anyone was > > ever actually put on trial for a violation of ITAR, it would almost certainly > So do it. None of this anonymous bullshit, or trying to drag Netscape into > it. > I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only need > one volunteer with a lot of time on his/her hands. Put up enough money to defend me and tell me how I can get arrested. I'm not doing a lot at the moment, and I wouldn't mind getting my 15 minutes of fame at this point. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dsmith at prairienet.org Sun Jul 21 23:37:57 1996 From: dsmith at prairienet.org (David E. Smith) Date: Mon, 22 Jul 1996 14:37:57 +0800 Subject: Netscape Message-ID: <199607220317.WAA21177@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- To: llurch at networking.stanford.edu, cypherpunks at toad.com Date: Sun Jul 21 22:19:11 1996 > > The government has yet to enforce ITAR. The only thing they have been doing > > is threatening companies who make products with strong crypto. If anyone was > > ever actually put on trial for a violation of ITAR, it would almost > certainly > > be found to be unconstitutional. > > So do it. None of this anonymous bullshit, or trying to drag Netscape > into > it. > > I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only > need > one volunteer with a lot of time on his/her hands. > > -rich > Could be fun. I haven't been in a lawsuit in quite a while (i.e. never). I'd love to spend some time in court, as a thought exercise and a token claim to fame. I'll be uploading something to hacktic as soon as I can get into Netscape's server to download it myself :) dave - ---- David E. Smith POB 324 Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail of 'send pgp-key' subject for my PGP public key "If a train station is where a train stops ... ... then just what is a workstation?" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Automagically signed with Pronto Secure for Windows. iQEVAwUBMfLzOTVTwUKWHSsJAQGEfAf/Su1LVpvIzhwuFKtMbR3j38gB+HnRjfvs /yveJSWh5q+KooVHUvaKdkRwGFvs3Q/xpBaxnUTiZqsdpRcbAh6uKC/w8mYAe/Vt GuaZl/eIz7FGRk5IF/yY691/R2yknxdujDSuzw5B+r9YJBvRqO5sCWbBfJFkElR0 3hDEy6PXddG69ujN+OYiqTAbgatee0jIycAZg5lYl45JVaNer0GcrJtNWqzfyMnI 5c91JAg/raOclYZPHqqNjqUqi1oTY+ItSeVgZ3QpBIs1ggG5wADG1uLsQZh4W6jn e93PFYXJWC4AzNYxLIuI/eMj22yCn7d2EEniwH6gtmRK/k5oBiuOvA== =hz7e -----END PGP SIGNATURE----- From ichudov at algebra.com Sun Jul 21 23:44:24 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 22 Jul 1996 14:44:24 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: <199607220119.UAA19143@manifold.algebra.com> To all who do not like to read Sternlight and anything about him: the following procmail recipe will solve all problems easily. :0 B * ^TOcypherpunks * Sternlight /dev/null This is much easier than trying to organize boycotts, etc. Saves lots of bandwidth too. Honestly, this boycott campaign looks out of place on Cypherpunks, at least to me. I mean, we are for freedom of speech, aren't we? Sternlight is talking about on-topic things. How come that renowned defenders of freedom of speech resorted to name calling and attempts to push their opponent out of the public forum? - Igor. From jimbell at pacifier.com Sun Jul 21 23:47:24 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 22 Jul 1996 14:47:24 +0800 Subject: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing Message-ID: <199607220425.VAA28120@mail.pacifier.com> At 11:15 PM 7/21/96 -0400, Shabbir J. Safdar wrote: > >I would disagree with you here jim. Perhaps you have a selective memory, >but representatives from all the organizations attended the Clipper II >hearings at NIST in Maryland and gave the pro-GAK folks a good drubbing. >(with NIST's microphone too. They're such good sports...) > >Person after person got up at the first of those (and subsequent ones) and >grilled representatives from the FBI, NSA, NIST, and the White House. >The ACLU, EPIC, EFF, CDT, and VTW were all there and pitched in. Somehow Okay, I should remember "never say never." However, wasn't Clipper II about a year ago? They're a little gun shy if they haven't arranged something since then. I guess that's progress. In any case, a gentle reminder: I think you should withdraw the official position you originally publicized concerning the Leahy encryption bill. Fair enough? Jim Bell jimbell at pacifier.com From tomw at netscape.com Sun Jul 21 23:49:06 1996 From: tomw at netscape.com (Tom Weinstein) Date: Mon, 22 Jul 1996 14:49:06 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F2F40D.167E@netscape.com> Sandy Sandfort wrote: > > On Sun, 21 Jul 1996, Tom Weinstein wrote: > >> What I object to is anonymous activists who perform acts at no risk >> to themselves which make it harder for those of us who are trying to >> bring strong crypto to everyone. > > Personally, I think it was a good idea for the American Colonists > to shoot at the British from behind rocks and trees. As Tom > pointed out in his post, there are relatively few Cypherpunks. > We all do what we can, in whatever way best suits are temprament, > talents and acceptible risk level. There is no single tao; there > are many paths. For Netscape, dialog and negotiations may be the > best way to promote privacy, for Zimmermann, it was guerilla > programming, for others it might be high-tech monkey-wrenching. > To each his own. As far as I can see, they are all trying to > bring strong crypto to everyone. I agree with you 100%. Note that while the American Colonists were shooting at the British, they didn't take their friends and pin them to trees as decoys. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From shabbir at vtw.org Sun Jul 21 23:52:45 1996 From: shabbir at vtw.org (Shabbir J. Safdar) Date: Mon, 22 Jul 1996 14:52:45 +0800 Subject: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing Message-ID: <199607220314.XAA15879@panix4.panix.com> I would disagree with you here jim. Perhaps you have a selective memory, but representatives from all the organizations attended the Clipper II hearings at NIST in Maryland and gave the pro-GAK folks a good drubbing. (with NIST's microphone too. They're such good sports...) Person after person got up at the first of those (and subsequent ones) and grilled representatives from the FBI, NSA, NIST, and the White House. The ACLU, EPIC, EFF, CDT, and VTW were all there and pitched in. Somehow I don't think that getting grilled is what's missing. The thing that's holding us back here is that we're all pretty sold on our arguments. When the White House comes to their senses, or Congress overrules them, or the market makes them irrelevant, then we'll have some progress. -Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW) http://www.vtw.org/ * Defending Your Rights In Cyberspace jim bell writes: >At 02:12 PM 7/21/96 -0400, Bob Palacios wrote: >> The Center for Democracy and Technology /____/ Volume 2, Number 28 > POLICY POST Volume 2, Number 28 July 21, 1996 >> CONTENTS: (1) FBI Director to Testify at Senate Crypto Hearing; Netizens Can >> Participate in Hearing Live Online >>In an effort to ensure that concerned Internet users can participate in >>this important policy debate, > >If there is anything worth complaining about, it is that there simply hasn't >been a "debate" in this "important policy debate." The pro-GAK few have >consistently avoided appearing in a format in which a genuine debate can >occur. And I don't mean a question-and-answer scenario either, whether the >questions are asked by Congress or the news media. I'm talking about a REAL >debate, one where the pro-GAK's can be seen to _lose_ by being torn to pieces. > >Jim Bell >jimbell at pacifier.com From JonWienk at ix.netcom.com Sun Jul 21 23:52:50 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Mon, 22 Jul 1996 14:52:50 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.16.19960722004904.1a3fece0@postoffice.worldnet.att.net> Message-ID: <199607220407.VAA18687@dfw-ix10.ix.netcom.com> On Sun, 21 Jul 1996, Llywarch Hen wrote: [snip] >I'd certainly agree with that, but would like to add that an unloaded gun is >of no use and a gun in the nightstand or in the trunk of your car is also of >no use. For all cases other than home intrusion, the gun has to be worn -- I >recommend a shoulder holster. In the case of home intrusion, one can hope >that the intruder has no desire to be successful and permits you to get the >drop on him. Perhaps he'll slam the refrigerator door allowing you to fumble >around under your pillow for your weapon. I know of people who have walked >out of museums with paintings trailing alarm wires -- so let's hope our >intruder is an amateur and best of all is scared off by some phony security >signs, fake alarm wires, etc. If you lock your doors and windows, forced entry generally becomes a noisy, somewhat time-consuming process that allows anyone not in a recreational drug induced stupor or coma sufficient time to pull a pistol out of their shoulder holster (or nightstand drawer, etc.) and pull the hammer back. (2-3 seconds is all I need!) >In these parts most guns seemed to be used by the temporarily depressed >teenaged children of gun owners. In the majority of cases, (although the margin is on the decline) when an armed homeowner confronts a burglar, the burglar runs like projectile diarrhea for the nearest exit, and no shots are fired. However, these incidents are not counted as firearms "use", under current crime statistic collection methodology. Many of these incidents are not reported, especially in areas where gun ownership is not approved by the authorities. Furthermore, if your Cousin Vinnie the crack addict breaks into your house at 0300, attempts to rob you at knifepoint, and you force-feed him half a dozen jacketed hollow points for his trouble, the incident will usually be put in the same statistical category as the "crazed husband shoots wife, children, 11 neighbors, and 6 police officers" tragedies, even though you may never be charged with anything. Most "studies" of crime statistics come from gun control advocacy groups, and are suitable primarily for lining the bottoms of birdcages. >Now for street wear I strongly recommend a variety of loads. Probably my >favorite is a reversed semi-wadcutter. This puppy is extremely inaccurate >since it starts tumbling as it leaves the barrel. At extremely close ranges >it'll tear up some flesh and further out it'll walk nastily through outer >clothing completely wrecking it for formal wear and continue through enough >skin to be damaging. Low on kinetic energy, it will however transfer its >entire momentum where it counts. A semi-automatic will not properly feed >these, so you gotta be traditional if you are of the big clip persuasion. I have $10 US that says that this idiot has never fired a gun is his life. Furthermore, it is obvious he has no clue when it comes to bullet/target interaction. A "reversed semi-wadcutter" is going to stay in its original shape (for the most part), which will tend to make it over-penetrate, wasting kinetic energy and endangering people behind the target. Moreover, anyone who intentionally uses an inaccurate load is a fool--missed shots waste ammo, have no effect on the target, and run a significant risk of endangering innocent people. A hollow point or Glaser is a much better option. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB From sandfort at crl.com Mon Jul 22 00:18:49 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 22 Jul 1996 15:18:49 +0800 Subject: Netscape In-Reply-To: <31F2DBAE.41C6@netscape.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 21 Jul 1996, Tom Weinstein wrote: > What I object to is anonymous activists who perform acts at no risk to > themselves which make it harder for those of us who are trying to bring > strong crypto to everyone. Personally, I think it was a good idea for the American Colonists to shoot at the British from behind rocks and trees. As Tom pointed out in his post, there are relatively few Cypherpunks. We all do what we can, in whatever way best suits are temprament, talents and acceptible risk level. There is no single tao; there are many paths. For Netscape, dialog and negotiations may be the best way to promote privacy, for Zimmermann, it was guerilla programming, for others it might be high-tech monkey-wrenching. To each his own. As far as I can see, they are all trying to bring strong crypto to everyone. S a n d y P.S. I want to make it clear that I have the greatest respect for Tom and Netscape's contributions in support of strong crypto. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Mon Jul 22 00:21:43 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 22 Jul 1996 15:21:43 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607220111.UAA19079@manifold.algebra.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 21 Jul 1996 ichudov at algebra.com wrote: > Lots of kids impulsively do things that they later regret. Like, once > one little boy hit me hard in the head with a heavy stick from behind > my back...Now, if he or myself had access to a firearm, the life now > would not be nearly as good as it is. > > I've seen these sudden destructive impulses in kids many times. So have I, but your assertion begs the question. In an unarmed society, people don't have to curb their impulse to the extent they do in an armed one. As a result they often don't. The Swiss and the Israelis seem to avoid internecine fratricide, even though guns are everywhere. I don't think it is any coincidence that incivility and casual violence have increased in America in direct proportion to the ongoing orgy of victim disarmament. I've noticed that most civil and human interactions occur in gun stores and rifle ranges. I've been treated shabbily in health food stores, but never at a gun show. When was the last time you heard of someone being killed at the shooting range or in a gun store? It's statistically infinitesimal. Now ask yourself the same question about liquor and convenience stores... Powerlessness is far more a cause of impulsive rages than the trust, responsibility and empowerment engendered by gun ownership. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nobody at zifi.genetics.utah.edu Mon Jul 22 00:22:49 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Mon, 22 Jul 1996 15:22:49 +0800 Subject: the VTW---FBI Connection Message-ID: <199607220251.UAA02057@zifi.genetics.utah.edu> We have received information that VTW is run and supported by the FBI, which we have suspected for reasons listed here. I) They appear to have no financial support or funding source. They do not accept donations. They have no corporate funds. And yet they appear to be a thriving business. II) They are secretive about their location, and do not seem to have a headquarters. The address listed in the NIC is a vacant lot in of all places Brooklyn, NY. They do not have a listed telephone. III) On a tip from a "friend" we learned that the power leader behind VTW is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly a common name. Several people say they've met him. Our "friend" says that Mr. Safdar is in reality an agent of the FBI. IIII) We didn't believe this without external verification. So we called the Brooklyn office of the FBI and asked for Agent Safdar. No such person. I called the Washington office. No such person. Checked if there is any agent named Safdar. They don't give out this info. Then we tried to find ANY public records on a Safdar, with no luck. No driver's license in NY, DC, NJ, etc. No phone, etc. Odd that such a person does not exist and yet runs a "human rights" organization? Then Alice called the NY FBI office. Asked for Agent Safdar. Guess what? "He's not in. Can I take a message". No message, thanks. He'll get the message all right. Now the big question: What is the FBI trying to do getting all these names? What else has "VTW" been doing? And what other organizations like them are there? Who else is in on it? What does this say about EPIC, CDT, EFF? Are Blaze and Schneier dupes, or willing participants? What about their ISP? I think we are all owed an explanation. This is serious. Maybe FOIA or a lawsuit before they burn the files. What do you want to bet "VTW" quietly fades away after a few prefunctory denials, and gets replaced by another organization in due course? Faithfully, Net reporter team Alice and Bob From jimbell at pacifier.com Mon Jul 22 00:35:49 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 22 Jul 1996 15:35:49 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <199607220443.VAA29166@mail.pacifier.com> At 08:28 PM 7/21/96 -0500, snow wrote: >On Sat, 20 Jul 1996, Elliot Lee wrote: >> >> IOW, if a 'pre-dawn unannounced ninja raid' [sic] occurs on you, you are >> pretty well beat, if only because the other side knows what they are doing >> and you have no idea of their plans. >> The only protection against lawlessness is not lawlessness, it is reason. > > I'm probably starting to sound a little bellish on this, "Post-bellum"? B^) Jim Bell jimbell at pacifier.com From snow at smoke.suba.com Mon Jul 22 01:22:27 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 16:22:27 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: Sorry Perry, I tried. On Sun, 21 Jul 1996, David Sternlight wrote: > At 10:24 AM -0700 7/21/96, Robert A. Hayden wrote: > >The purpose of a librarian is to aid patrons in locating > >materials and to maintain the order of the library. The Library Bill of > >Rights (which, of course, legally means nothing) guarantees access to any > >materials by any patron. If little eight year old Johnny Doe comes and > >asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more > >that point Johnny to the "J" section. > Not in the cities I'm familiar with. And so to do would be wrong, in my > view. In fact, library children's programs do a LOT more than simply aiding > patrons in locating materials and maintaining the order of the library, so > your contention is false on its face. Ok bonehead, explain the difference between LIBRARIAN and LIBRARY CHILDREN'S PROGRAM. Then go back and re-read what Mr. Hayden wrote. Then think about it for a couple hours. Then look at what you wrote. Does what you wrote have more than a passing relationship with what Mr. Hayden wrote? No. You ignored his point, you missed his point, and you didn't bother to reply to his point, you just went blythly blathering along on your own self indulgent little course. Let us look at this line by line: > >The purpose of a librarian is to aid patrons in locating > view. In fact, library children's programs do a LOT more than simply aiding Librarian != library children's program. > >materials and to maintain the order of the library. The Library Bill of > >Rights (which, of course, legally means nothing) guarantees access to any > >materials by any patron. If little eight year old Johnny Doe comes and > >asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more > >that point Johnny to the "J" section. > Not in the cities I'm familiar with. And so to do would be wrong, in my > view. In fact, library children's programs do a LOT more than simply aiding > patrons in locating materials and maintaining the order of the library, so > your contention is false on its face. How so Mr AssTorch? He contends that the Library Bill of Rights says one thing and you argue that the library childrens programs do a LOT more than this bill of rights says they must. The US Bill of rights says a lot of things that our government ignores whenever possible, that doesn't mean that those words aren't written, nor does it mean that they aren't in effect anywhere. y Petro, Christopher C. petro at suba.com snow at smoke.suba.com From sandfort at crl.com Mon Jul 22 02:12:44 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 22 Jul 1996 17:12:44 +0800 Subject: Netscape In-Reply-To: <31F2F40D.167E@netscape.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 21 Jul 1996, Tom Weinstein wrote: > I agree with you 100%. Note that while the American Colonists were > shooting at the British, they didn't take their friends and pin them to > trees as decoys. I think the analogy breaks down here. No one is using anyone else as a decoy. Those of us who are activists for strong crypto, do so of our own free will. Nobody is forcing us to stand up and draw fire. Anyway, I don't think our cypher-snipers are going to stop, just because we ask them to. So it's a moot issue. If you can't take the heat... S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ses at tipper.oit.unc.edu Mon Jul 22 02:19:36 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Mon, 22 Jul 1996 17:19:36 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: On Sun, 21 Jul 1996, David Sternlight wrote: > > This is getting silly. And here I reach agreement with both you and Perry. --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From david at sternlight.com Mon Jul 22 02:21:19 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 17:21:19 +0800 Subject: A Snake-Oil FAQ In-Reply-To: Message-ID: At 8:16 PM -0700 7/21/96, Simon Spero wrote: >On Sun, 21 Jul 1996, David Sternlight wrote: >> >> It's not a "monkeys in the British Museum" problem, since when you hit the >> right key sequences both encrypted text streams will fall cleanly >> out--otherwise the chances are overwhelming (given a decently long run) >> that one of the two streams will contain garbles or more likely be complete >> gibberish. > >Not with one-time-pads... the key is as long as the plaintext. Our Hamlet >writing monkeys will produce, amongst others, numerous versions of the >play where the prince's name is telmaH. As well as vastly more where the >monkeys get all the way to the last sentence and then > >One-Time-Pads offer perfect security as long as they're only used once. If >they're used more than once, they're not one-time-pads. This is getting silly. I made a comment about brute force search, explained what I meant, and now some want to pick nits about semantics. My meaning was clear. Things called "one time pads" have been broken when they were reused. Breaking them is a matter of brute force search and checking both decrypt streams for plaintext. If they are used correctly and not reused, that approach isn't available. End of story. David From dan at vplus.com Mon Jul 22 02:24:09 1996 From: dan at vplus.com (Dan Weinstein) Date: Mon, 22 Jul 1996 17:24:09 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: <31f32504.18694594@mail.vplus.com> On 21 Jul 1996 12:05:34 -0700, Steven L Baur wrote: >>>>>> "Jeff" == Jeff Weinstein writes: > >Jeff> Well yes, the first time they do it. But the many times they >Jeff> download new versions, from now until the end of time, they can > ^^^^^^^^^^^^^^^ >Jeff> use 128-bit SSL. > >The world is ending September 17, 1996 I presume? ;-) > Traditionally you can use an expired beta to connect to Netscape and download a new version. I would test this, but it wouldn't work because the clock on the downloading machine has to be in sink with the server. Dan Weinstein djw at vplus.com http://www.vplus.com/~djw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche From tcmay at got.net Mon Jul 22 02:26:39 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 22 Jul 1996 17:26:39 +0800 Subject: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court Message-ID: At 5:32 AM 7/22/96, jim bell wrote: >At 02:25 AM 7/22/96 -0700, Timothy C. May wrote: > >>(Not all of them, presumably. Shipment of hardware ("arms") would likely >>not be affected. But the ITARs that stop the spread of knowledge, published >>papers, and speech (such as speaking where a foreigner can hear!) would >>likely be overturned.) >>--Tim May > >Which raises an interesting question: Why aren't they (still) restricting >PC-type computers for export? While it might not appear to make a great >deal of sense either, a PC is just as much a tool for encryption as the >software which runs on it. And it's obvious that given the two scenarios >below: But they _are_ (so far as I know, though I haven't checked recently). That is, there are export restrictions on computers and programs which can perform certain mathematical operations faster than some specfied limit. For example, FFTs faster than a certain rate. My copy of Mathematica, updated less than 18 months ago, says "Not for Export," and this was not because it contained any crypto code, but because of the performance on certain algorithms (on commonly available machines). COCOM-type restrictions were relaxed several years ago, of course. And a lot of the old COCOM restrictions were not on export per se, but on export to specific countries. Including by transshipment ("CPU-laundering"). --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jfricker at vertexgroup.com Mon Jul 22 02:55:05 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Mon, 22 Jul 1996 17:55:05 +0800 Subject: VTWW Message-ID: <2.2.32.19960722054745.00718700@vertexgroup.com> Any of you New Yorkers know the Society for Electronic Access (SEA)? Maybe you can comment on Mr. Safdar. --j From paul at mycroft.actrix.gen.nz Mon Jul 22 03:14:37 1996 From: paul at mycroft.actrix.gen.nz (Paul Foley) Date: Mon, 22 Jul 1996 18:14:37 +0800 Subject: Length of passphrase beneficial? In-Reply-To: Message-ID: <199607220428.QAA11049@mycroft.actrix.gen.nz> Rich Burroughs wrote: > Actual Question: > Does the length and randomness of a passphrase contribute at all > to the overall security of a cryptosystem? Actual short answer: yes :) Answer in his particular case, however: no -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- A bird in the bush usually has a friend in there with him. From david at sternlight.com Mon Jul 22 03:18:37 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 22 Jul 1996 18:18:37 +0800 Subject: Netscape In-Reply-To: <31F2DBAE.41C6@netscape.com> Message-ID: At 7:54 PM -0700 7/21/96, Sandy Sandfort wrote: >Personally, I think it was a good idea for the American Colonists >to shoot at the British from behind rocks and trees. As Tom >pointed out in his post, there are relatively few Cypherpunks. >We all do what we can, in whatever way best suits are temprament, >talents and acceptible risk level. There is no single tao; there >are many paths. For Netscape, dialog and negotiations may be the >best way to promote privacy, for Zimmermann, it was guerilla >programming, for others it might be high-tech monkey-wrenching. >To each his own. As far as I can see, they are all trying to >bring strong crypto to everyone. If monkeywrenchers allege that they are trying to "help" us, they are lying. Netscape is bringing strong crypto to most US people. Monkeywrenchers are saying 'if everyone can't have it, nobody can' if they monkey-wrench Netscape's net downloading permission from the government. Since it's pretty unlikely their monkeywrenching will result in the repeal of ITAR, they are little different from the spoiled brats who, when told they can't keep another child's candy, throw it in the dirt and stamp on it so nobody can have it. I read Tim May's suggestions, and while he is sincere and trying to be helpful, I use strong language above because it's time we called things for what they are instead of politely pussyfooting around them. Monkeywrenchers are no friends of Cypherpunks. They are the enemy, as surely as is mandatory key escrow in the US. David From frantz at netcom.com Mon Jul 22 03:21:53 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 22 Jul 1996 18:21:53 +0800 Subject: A Snake-Oil FAQ Message-ID: <199607220731.AAA11388@netcom7.netcom.com> At 4:37 PM 7/20/96 +0000, Deranged Mutant wrote: >The vendor may confuse random session keys or initialization vectors >with OTPs. "Random session keys" and "initialization vectors" probably need definition. Perhaps a very high level description of an existing "good" encryption system would do. Certainly a pointer to such a description would be valuable. Here is a start at some definitions: Random session keys - The practice of generating a new, random key for each message/communication session etc. This key needs to be communicated to the receivers of the message. This communication can be performed using public key cryptography or protocols such as Diffie Hellman. Initialization Vectors - The practice of including some random data at the start of an encrypted message to make it more secure against certain forms of cryptanalysis. A good idea and a good first pass - Bill ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From snow at smoke.suba.com Mon Jul 22 03:30:12 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 18:30:12 +0800 Subject: Re: Devil's Bargain In-Reply-To: <199607211209.MAA05035@pipe6.t2.usa.pipeline.com> Message-ID: On Sun, 21 Jul 1996, John Young wrote: > The New York Times, July 21, 1996, WIR, p. 5. > The Devil's Bargain of a Better World > By Tim Weiner > Washington. The arc of the burning plane falling into the > ocean, the fire glowing on the dark waters, shed light on > how vulnerable we are. When a jumbo jet falls from the sky, > technology has failed or terrorism has succeeded. > In the hours after Flight 800 went down off Fire Island, > everyone in officialdom said there was no reason to believe > it was a terrorist attack. Nearly everyone else > instinctively believed it was. Am I the only one in this country who, when hearing about TWA f800 shrugged his shoulders and thought (or said) "Time flies and aeroplanes crash" (Name the band and album and I'll be impressed)? Shit breaks. When shit breaks or gets broken on an airplane, people die. People do this (dying, but not on airplane) all the time, rich people poor people, bright people, stupid people. We all will die at some point, it is like taking a shit, everybody does it, and it has to happen. What is the big deal? I can understand feeling sad when a loved one dies, or happy when it happens to someone who you think diserves it, but, like I said it'll happen to all of us sooner or later. I won't even go into the amount of coverage this crash got compared to the inital reports of the value jet crash. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dan at vplus.com Mon Jul 22 03:33:55 1996 From: dan at vplus.com (Dan Weinstein) Date: Mon, 22 Jul 1996 18:33:55 +0800 Subject: Netscape In-Reply-To: <199607210113.SAA05824@mail.pacifier.com> Message-ID: <31f32fcb.2406362@mail.vplus.com> On Sat, 20 Jul 1996 18:13:45 -0800, jim bell wrote: >At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: > >>> Do you Seriously Believe that Netscape would prefer foreigners >>> to develop and use competing products? Of course not. They are >>> probably secretly applauding the brave exporters. >> >>You are wrong. We are worried that our permission to provide these >>products will be withdrawn. > >As far as I can tell, you need no "permission" to "provide these products", >at least domestically. The only restrictions that have been implied have >been over the delivery of encryption over the 'net, and even that is >questionable. > Then you need to read the license agreement: 1. Netscape Communications Corporation ("Netscape") grants to you a non-exclusive, non-sublicensable, license to use this Beta version of the Netscape network navigator (the "Software"), in binary executable form for evaluation and trial use purposes only. THIS SOFTWARE CONTAINS CODE THAT DISABLES MOST OF ITS FEATURES AFTER SEPTEMBER 17, 1996. 5. Title, ownership rights, and intellectual property rights in and to the Software shall remain in Netscape and/or its suppliers. You agree to abide by the copyright law and all other applicable laws of the United States including, but not limited to, export control laws. You acknowledge that the Software in source code form remains a confidential trade secret of Netscape and/or its suppliers and therefore you agree not to modify the Software or attempt to decipher, decompile, disassemble or reverse engineer the Software, except to the extent applicable laws specifically prohibit such restriction. 6. Netscape may terminate this License at any time by delivering notice to you and you may terminate this License at any time by destroying or erasing your copy of the Software. Upon termination of this License, or in any event within thirty (30) days following Netscape's release of a commercial version of the Software, you agree to destroy or erase the Software. In the event of termination, the following sections of this License will survive: 2, 3, 4, 5, 6, 7 and 8. This License is personal to you and you agree not to assign your rights herein. This License shall be governed by and construed in accordance with the laws of the State of California and, as to matters affecting copyrights, trademarks and patents, by U.S. federal law. This License sets forth the entire agreement between you and Netscape. 8. You may not download or otherwise export or reexport the Software or any underlying information or technology except in full compliance with all United States and other applicable laws and regulations. In particular, but without limitation, none of the Software or underlying information or technology may be downloaded or otherwise exported or reexported (i) into (or to a national or resident of) Cuba, Haiti, Iraq, Libya, Yugoslavia, North Korea, Iran, or Syria or (ii) to anyone on the US Treasury Department's list of Specially Designated Nationals or the US Commerce Department's Table of Deny Orders. By downloading the Software, you are agreeing to the foregoing and you are representing and warranting that you are not located in, under control of, or a national or resident of any such country or on any such list. Dan Weinstein djw at vplus.com http://www.vplus.com/~djw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche From rich at c2.org Mon Jul 22 03:41:33 1996 From: rich at c2.org (Rich Graves) Date: Mon, 22 Jul 1996 18:41:33 +0800 Subject: the VTW---FBI Connection In-Reply-To: <199607220251.UAA02057@zifi.genetics.utah.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 21 Jul 1996, Anonymous wrote: > III) On a tip from a "friend" we learned that the power leader behind VTW > is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly > a common name. Several people say they've met him. Our "friend" says > that Mr. Safdar is in reality an agent of the FBI. Damn, he's onto us. Special Agent Allbery, your cover is blown. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfMZNpNcNyVVy0jxAQHqhQH/Vz9uD9rdblqJxDAf77CIoSaS1VCaWulV vA15PoYuedXJdjEm/+LIxvoSRZbep30XmzDuf+ycFz4YAkW07oDs0Q== =cnt4 -----END PGP SIGNATURE----- From jimbell at pacifier.com Mon Jul 22 03:42:14 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 22 Jul 1996 18:42:14 +0800 Subject: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court Message-ID: <199607220431.VAA28441@mail.pacifier.com> At 02:25 AM 7/22/96 -0700, Timothy C. May wrote: >(Not all of them, presumably. Shipment of hardware ("arms") would likely >not be affected. But the ITARs that stop the spread of knowledge, published >papers, and speech (such as speaking where a foreigner can hear!) would >likely be overturned.) >--Tim May Which raises an interesting question: Why aren't they (still) restricting PC-type computers for export? While it might not appear to make a great deal of sense either, a PC is just as much a tool for encryption as the software which runs on it. And it's obvious that given the two scenarios below: 1. You have a $1000 computer and no (freebie) software yet. or 2. You have freebie software and no $1000 computer. You're closer ($) to being able to do encryption with the former set of equipment. And, of course, nobody's under the illusion that the government can keep the software bottled up, but they'd at least have a prayer keeping most 486 and Pentium-based computers from being exported. I don't mean to give the idiots any ideas, and it's too late anyway, but... Jim Bell jimbell at pacifier.com From snow at smoke.suba.com Mon Jul 22 04:27:44 1996 From: snow at smoke.suba.com (snow) Date: Mon, 22 Jul 1996 19:27:44 +0800 Subject: [Noise] Re: Re: Devil's Bargain In-Reply-To: Message-ID: On 22 Jul 1996, Roger Williams wrote: > >>>>> "CCP" == snow writes: > > Am I the only one in this country who, when hearing about TWA > > f800 shrugged his shoulders and thought (or said) "Time flies and > > aeroplanes crash" (Name the band and album and I'll be impressed)? > Umm, isn't that "Time flies *but* aeroplanes crash"? Don't think so. I'll check in the morning. The wife doesn't like British HardCore at 3a.m. Silly girl. > Subhumans (the Brits). 12" EP of the same name. Bluurg records. I have it on 29:29 Split Vision. Good stuff. > But, yes, my vague impression is that there is more press coverage > (I get all my news from Auntie Beeb, who hasn't been as vociferous > about it.) But to most insular American types, terrorism is still a > novelty. > BTW, I wouldn't say that officials discounted terrorism -- you can bet > Kallstrom is sure hoping that this isn't "just an accident"! Thing is, this crash was getting more attention than valuejet from the get go. Before there was any HINT of anything more that your typical gravity check plane crash it was all over the news. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From frantz at netcom.com Mon Jul 22 04:36:04 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 22 Jul 1996 19:36:04 +0800 Subject: Info War Message-ID: <199607220714.AAA10575@netcom7.netcom.com> At 7:15 PM 7/20/96 -0400, EVERHART at Arisia.GCE.Com wrote: >* I'd expect some comments on the automatic running of downloaded images >and how to secure them. Java? Reported at Princeton to be totally >unsecurable....no models exist. I think a more accurate assessment of what the Princeton people think is that the state of Java security is much like the state of Unix (pick your flavor) security when people first started attacking Unix. Since then it has been fix the holes as they are found. Neither has a coherent security model. Now the Princeton people can tell us all how I miss-interpreted their position. ------------------------------------------------------------------------- Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting (408)356-8506 | regarded as a never-ending | 16345 Englewood Ave. frantz at netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA From roger at coelacanth.com Mon Jul 22 05:23:05 1996 From: roger at coelacanth.com (Roger Williams) Date: Mon, 22 Jul 1996 20:23:05 +0800 Subject: [Noise] Re: Re: Devil's Bargain In-Reply-To: Message-ID: >>>>> "CCP" == snow writes: > Am I the only one in this country who, when hearing about TWA > f800 shrugged his shoulders and thought (or said) "Time flies and > aeroplanes crash" (Name the band and album and I'll be impressed)? Umm, isn't that "Time flies *but* aeroplanes crash"? Subhumans (the Brits). 12" EP of the same name. Bluurg records. But, yes, my vague impression is that there is more press coverage (I get all my news from Auntie Beeb, who hasn't been as vociferous about it.) But to most insular American types, terrorism is still a novelty. BTW, I wouldn't say that officials discounted terrorism -- you can bet Kallstrom is sure hoping that this isn't "just an accident"! -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From gary at systemics.com Mon Jul 22 06:20:56 1996 From: gary at systemics.com (Gary Howland) Date: Mon, 22 Jul 1996 21:20:56 +0800 Subject: Re: Devil's Bargain In-Reply-To: Message-ID: <31F35341.15FB7483@systemics.com> snow wrote: > > Am I the only one in this country who, when hearing about TWA f800 > shrugged his shoulders and thought (or said) "Time flies and aeroplanes > crash" (Name the band and album and I'll be impressed)? Subhumans of course. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From nobody at zifi.genetics.utah.edu Mon Jul 22 06:37:05 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Mon, 22 Jul 1996 21:37:05 +0800 Subject: Special Agent Safdar Message-ID: <199607220832.CAA03981@zifi.genetics.utah.edu> FBI Special Agent Safdar is upset enough by the revelation of his true identity to issue a quick denial (on a sunday night, to get more OT no doubt), but he doesn't even bother to try to refute the central truth that his cover has been blown by a careless operator at his home office who verified his employment and offered to take a message for him. We don't have to wonder a second longer about the motives behind Safdar\VTW\FBI's collection of names of crypto-dissidents, their support of the Leahy crypto control bill, their refusal to denounce it even today, their support of the digital telephone act, the disinformation to make us believe otherwise and all the other lies. And what about the money? We must call on the other organizations, like EPIC, EFF, CDT, and ACLU to denounce the VTW\FBI fraud. Their board of directories, Blaze and Schneier to face the truth in public that they they have been used. The net as a whole to demand its pound of cyberflesh. There are very big questions to be answered now and we must not forget to keep asking them until they have been. How high did this operation go? Agent Safdar is no Olly North! He didn't do this on his own. Who ordered this? This is exactly like the FBI in the 1960s and civil rights groups. In the hands of the right reporter, this could and should bring slick willie right on down. From perry at alpha.jpunix.com Mon Jul 22 06:44:07 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Mon, 22 Jul 1996 21:44:07 +0800 Subject: Does JPUNIX Remailer Have a Help File? In-Reply-To: <199607212155.RAA19549@io.org> Message-ID: On Sat, 20 Jul 1996, Mark Terka wrote: > Anybody know if the nym server at jpunix has a help file that can be > requested? Try help at nym.jpunix.com. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. From perry at alpha.jpunix.com Mon Jul 22 06:54:52 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Mon, 22 Jul 1996 21:54:52 +0800 Subject: Does JPUNIX Remailer Have a Help File? In-Reply-To: Message-ID: On Fri, 1 Sep 1989, Damien Lucifer wrote: > I beleive the jpunix nym server is running the alpha nym package, the > documentation of which should be all but identical to the docs for > alpha.c2.org. You can see that document at http://alpha.c2.org This will also work. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. From jya at pipeline.com Mon Jul 22 08:20:48 1996 From: jya at pipeline.com (John Young) Date: Mon, 22 Jul 1996 23:20:48 +0800 Subject: SHI_fty Message-ID: <199607221141.LAA27399@pipe4.t2.usa.pipeline.com> 7-22-96. NYP, Page One: "Microsoft Sees A Major Shift For Computers." John Markoff MS is preparing to release new software that would bring the most fundamental change to personal computers since the machines were invented in the 1970's. Demonstrated last week and to be distributed free to the public, the software is designed to blend the multimedia technology of the Web with Windows 95. PCs would treat each parcel of material as a document with all the stand-alone capabilities of a Web page. Each of these documents would have hyperlinks so that the creator of a document could make it available for reading, listening or viewing anywhere on the Web. "This is going to make enormous changes possible," said Jesse Berst, editor of Windows Watcher. "It's analogous to the advent of the automobile." "We're moving into a new world; we now have a new metaphor," said John Seely Brown, director of the Xerox Corporation's Palo Alto Research Center. A potentially troublesome aspect to Microsoft's new thrust is the extent to which it will further blur the distinctions between data that sit safely on a person's own computer and data flowing around the Internet. While certain measures of privacy and security control are built into Microsoft's current and planned software, it is still working to develop better security for Internet software. ----- http://jya.com/shifty.txt SHI_fty From dlv at bwalk.dm.com Mon Jul 22 08:47:06 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 22 Jul 1996 23:47:06 +0800 Subject: the VTW---FBI Connection In-Reply-To: Message-ID: Rich Graves writes: > On Sun, 21 Jul 1996, Anonymous wrote: > > > III) On a tip from a "friend" we learned that the power leader behind VTW > > is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly > > a common name. Several people say they've met him. Our "friend" says > > that Mr. Safdar is in reality an agent of the FBI. > > Damn, he's onto us. Special Agent Allbery, your cover is blown. So, Russ is a stool pigeon? That figures... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frankw at in.net Mon Jul 22 10:15:49 1996 From: frankw at in.net (Frank Willoughby) Date: Tue, 23 Jul 1996 01:15:49 +0800 Subject: Firewall Penetration Message-ID: <9607221207.AA14558@su1.in.net> At 10:09 PM 7/21/96 -0400, you wrote: >Frank Willoughby wrote: > >>FWIW, of @70 firwalls on the market, only @5 are adequate to protect >>a company from the hazards of the Internet. > > Ah, Frank, are you talking here about session hijacking and is >end-to-end crypto the defining factor of the robust five? Of course (Vin already knew the answer). 8^) To answer the other questions posed on this list, the vendors who are relatively immune to the above attacks AND are Application Gateway type firewalls are: (in alphabetical order): Digital's Firewall for Unix - *IF* the IP Encryption Tunnel is also used Raptor's Eagle Technologics' firewall (This is a stretch. They claim they have encryption, but I'm not wild about the implementation) 1/2 a point TIS Gauntlet V-One's SmartWall Interestingly enough, the reason the 5 are so robust is that they employ user->firewall encryption to help prevent session hijacking attacks. FWIW, session hijacking isn't a theoretical attack. It is a serious threat and (sadly) it's as simple as "point & click". Another plus for good crypto - it not only helps protect the privacy of data, it also helps prevent some types of hacking attacks. Anyone can do firewall->firewall encryption (and most serious vendors do). The hard part is getting the user->firewall encryption part to work well. Again, as stated in my previous mail, my company doesn't sell firewalls, so I can call things the way I see them. As the above list will probably draw the flames of firewall vendors who feel insulted that they aren't part of the list, I think it would be best to move this topic over to the firewalls mailing list (where it really belongs). See you there. > Suerte, > _Vin > > Vin McLellan +The Privacy Guild+ > 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548 > <*><*><*><*><*><*><*><*><*> Best Regards, Frank Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc. Fortified Networks Inc. - Information Security Consulting http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817 Home of the Free Internet Firewall Evaluation Checklist From dlv at bwalk.dm.com Mon Jul 22 10:40:00 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 23 Jul 1996 01:40:00 +0800 Subject: SHI_fty In-Reply-To: <199607221141.LAA27399@pipe4.t2.usa.pipeline.com> Message-ID: jya at pipeline.com (John Young) writes: > "Microsoft Sees A Major Shift For Computers." John Markoff > > MS is preparing to release new software that would bring > the most fundamental change to personal computers since > the machines were invented in the 1970's. You mean, Microsoft Bob? I saw MS Bob on clearance at the Wiz on 86th st... $15/copy, not moving. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From raph at CS.Berkeley.EDU Mon Jul 22 10:47:35 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 23 Jul 1996 01:47:35 +0800 Subject: List of reliable remailers Message-ID: <199607221350.GAA05921@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"treehole"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (c2 alpha) (flame replay) (alumni portal) Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Note: The remailer list now includes information for the alpha nymserver. Last update: Mon 22 Jul 96 6:49:22 PDT remailer email address history latency uptime ----------------------------------------------------------------------- jam remailer at cypherpunks.ca ***-**+***** 17:17 99.99% replay remailer at replay.com ***+****+*** 6:16 99.98% alumni hal at alumni.caltech.edu *##+*+#*#### 2:13 99.98% nymrod nymrod at nym.jpunix.com +##++#*##### 2:54 99.98% lead mix at zifi.genetics.utah.edu +++-++++++++ 39:07 99.90% portal hfinney at shell.portal.com +##+**###### 1:56 99.87% amnesia amnesia at chardos.connix.com ----------+ 2:57:13 99.84% alpha alias at alpha.c2.org +**-+ .-+*++ 5:10:18 99.75% c2 remail at c2.org +++-+ .-+++* 5:36:10 99.57% vegas remailer at vegas.gateway.com * * *-**#*#* 22:44 99.39% extropia remail at miron.vip.best.com ____.------ 18:58:11 99.29% mix mixmaster at remail.obscura.com ++--+-+---+ 1:53:12 99.26% treehole remailer at mockingbird.alias.net -.--+ --+-- 4:28:09 98.80% penet anon at anon.penet.fi ---+------- 11:01:15 98.58% haystack haystack at holy.cow.net # *# +##+# 9:28 97.42% ncognito ncognito at rigel.cyberpass.net --._--+-.- 13:38:58 97.03% lucifer lucifer at dhp.com -++-++++ ++ 47:19 89.37% nemesis remailer at meaning.com + ***** 34:32 86.49% flame remailer at flame.alias.net -.----- 4:18:14 52.45% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From dlv at bwalk.dm.com Mon Jul 22 11:09:34 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 23 Jul 1996 02:09:34 +0800 Subject: VTWW In-Reply-To: <2.2.32.19960722054745.00718700@vertexgroup.com> Message-ID: jfricker at vertexgroup.com (John F. Fricker) writes: > Any of you New Yorkers know the Society for Electronic Access (SEA)? Yes. Plug-pulling censorous lying motherfuckers. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From trei at process.com Mon Jul 22 11:13:56 1996 From: trei at process.com (Peter Trei) Date: Tue, 23 Jul 1996 02:13:56 +0800 Subject: Borders *are* transparent Message-ID: <199607221420.HAA00786@toad.com> Jeff wrote: > The retail version of Netscape Navigator sold in US stores > has been the US version for almost a year now. The first run > were the export version, because the marketing people thought > it would be easier. When I explained the issue, they made the > change to the stronger US version immediately. > --Jeff This, I think, is one place where the activities of members of this list have had a real effect. Last September, three or four semi-overlapping efforts succeeded in brute-forcing 40 bit RC4 (used in export-quality SSL). This had three main effects: 1. Raising the issue in the media, and thus in the public consciousness. 2. Within a month, the government was starting to talk about permitting the export of stronger (but GAK'd) encryption products. 3. It enabled people like Jeff to argue successfully that releasing only an export-strength product was no longer a viable option.In practical terms is probably the most important effect of the crack: I know of at least one other company where it led directly to the release of both domestic and export versions. Any one up for a distributed brute force attack on single DES? My back-of-the-envelope calculations and guesstimates put this on the hairy edge of doability (the critical factor is how many machines can be recruited - a non-trivial cash prize would help). Peter Trei trei at process.com "Exportable strong encryption" is an oxymoron. From frissell at panix.com Mon Jul 22 11:15:18 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 23 Jul 1996 02:15:18 +0800 Subject: Cookie Monster on a Diet Message-ID: <2.2.32.19960722143754.0084a5bc@panix.com> I love telling Netscape to inform me before it accepts cookies. It's fun seeing who asks and whether they'll let you in The WSJ site won't let you in if you don't accept 2 cookies from it. It looks like they are an encrypted version of your username and password. Maybe Netscape could add a protocol which would let your instance of Netscape tell the server that you are on a diet and the Doctor told you not to accept any cookies. DCF From frissell at panix.com Mon Jul 22 11:32:51 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 23 Jul 1996 02:32:51 +0800 Subject: Symantec's Your Eyes Only Message-ID: <2.2.32.19960722143749.00843078@panix.com> At 09:17 AM 7/18/96 -0400, Clay Olbon II wrote: >My point was not that govts want to escrow communication keys, it was that >this is appearing more and more in commercial products marketed to >businesses. I run the computer system for a small office and I would >rather not see employee email - maybe I am just naive. However, there >obviously is a demand for this type of product. It must come from either a >lack of understanding of crypto, or a freeh-style authoritarianism on the >part of corporate executives. I wouldn't rule either one out. If it is >the latter, I'm not sure there is anything we can do. A larger organization feels that it has to maintain control over its systems by bureaucratic methods. Smaller organizations can figure out by direct experience whether someone is trustworthy or not. This is not restricted to encryption software, however. Large organizations attempt to determine what their employees should be doing with their time as well. This method of social organization works fine when mass producing large quantities of identical physical products. It is, however, incompatible with small-run, custom production of goods and services in which individual imagination and knowledge play a big part. In the current environment, management can't predict in advance what is the optimal thing that the "workers" should be doing at any given time. What we call "forcing contracts" (you do this, I pay you) are replaced in the modern age with "incentive contracts" (you produce a desired outcome, I pay you). This means that as time goes on many businesses approach closer and closer to the one-man firm model in which everyone buys and sells everyone else's services on the spot market. This didn't work in the past because of the friction of the transaction costs involved but those costs have declined dramatically. In this environment, others don't care how much time you surf the web or what you encrypt as long as your output is of the desired quality and quantity. Indeed, the average firm size has been declining in the US for 15 years or so. Companies may attempt to resist this dissolution and they may attempt to maintain traditional controls on their workers but if it is true that the Nets make it possible for the greater efficiencies of the one-man firm (no downtime paid by the buyer) to come into play, new small firms will eat the dinosaurs. DCF From bille at metro.net Mon Jul 22 11:39:36 1996 From: bille at metro.net (William Ehrendreich) Date: Tue, 23 Jul 1996 02:39:36 +0800 Subject: Length of passphrase beneficial? Message-ID: <14414635309058@metro.net> > I disagreed with that assesment. Breaking into a home is easy. > > Adam > > > > -- > "It is seldom that liberty of any kind is lost all at once." Yes and ultimately more obvious. There are about 10 zillion ways that someone could hide a pass phrase. Bits are bits. Under the assumption that breaking into a home may be easy, you have to look at the possibility that this is what the person is looking for. You know, "Big brother broke into my house to subvert my freedoms", ploy. What a great way to get your self on Date Line. From alexf at iss.net Mon Jul 22 12:29:50 1996 From: alexf at iss.net (Alex F) Date: Tue, 23 Jul 1996 03:29:50 +0800 Subject: Digital Watermarks for copy protection in recent Billboard Message-ID: <199607221518.LAA23502@phoenix.iss.net> > Paged through a recent (June or July 13) edition of Billboard > magazine yesterday. There was an article about the music industry, > the internet, and copyright issues. Didn't have a chance to read in > thoroughly, but it mentioned using digital watermarks which contained > info on to who (CC number) and when the material was sold... the > watermarks allgedly could survive if a CD was taped, copied several times > and redigitized. > Easy enough. > The anti-piracy scheme is only useful for direct sale to a customer > though. If you buy music anonymously, how is it traced? This only > works for pirating on-demand purchases. This is probably yet another case of people not thinking ahead. As usual. People buying CDs at a garage sale & getting arrested for piracy. Wonderful. > > Other issues: what if an eavesdropper steals the music or video? It's If they steal it, well, who cares? If there is something worked out so that they could trace STOLEN (not traded or sold) CDs then fine, arrest them. Do you really think though that anyone would waste so much time over $8? > If it uses a credit-card number as (part of) an ID, that's pretty > bad. Someone can sniff for CC numbers if they know how it's stored. Probably not done that way. My guess is that the disk ID is assigned to the disk at the time of manufacturing. At the point of purchase the customer is forced to give name, address, ID, whatever. This is then stored in a database along with the disc ID (serial num) which is prolly printed in the ISBN number or cross referenced with that in a national database or something, or just printed right on the disc. Anyway, a number is given to you from the CD, and not vice versa, I would imagine. > > The system will have to rely on proprietary tech and security through > obscurity. Even know how watermarks are stored without understanding > the math, one must be able to somehow garble the sound without > distorting it, but which renders the watermark useless. Actually, this would be quite easy. The "watermark" would be a signal that plays inband, but out of our hearing range during the entire CD. The human ear can only hear in the 20-20,000 (Hz, KHZ?, whatever) range. It would be trivial to add a digital ID signal at, say 30,000 or 15 or something like that. This could then be decoded, if need be. This seems the easiest and most efficient way. This could also be defeated with a lot of $$ (and/or a LOT of HD space). If the frequecy is known (it can be found out) it can easily be run through recording studio eqipment that can very effectively isolate the frequency and cut it out. If you have a LOT of HDD space (digital audio at 2 stereo tracks, not sure of the sampling rate or bit resolution, takes about 20MB of HDD space per minute (2 tracks, good sampling and bit rate) ) you could probably find the freq. fairly easily by isolation and just edit it out, and write the new stuff to a CD-R. If the signal is purely digital, I would imagine that it might be even easier that if it were an analog signal (?). Someone w/ good equipment (Digital Labs' stuff, or SAW (Software Audio Workshop) would be able to do this w/o much problem. The question is is the price/effort worth it? In quantity maybe. On an individual basis, only if you already happen to have the erquipment. I have a suspiscion that this type of thing will not really come to any kind of fruition due to not only the ability to defeat this, but mainly due to things like buying at a garage sale, etc. If it did, only MASS market piraters would be investigated. (Another example of a law creating it's own violators. Don't make the law, there won't be mass piratingof "clean CDs" Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From geeman at best.com Mon Jul 22 12:32:56 1996 From: geeman at best.com (geeman at best.com) Date: Tue, 23 Jul 1996 03:32:56 +0800 Subject: INFO: Submit your testimony to Congress for hearings on July 25! Message-ID: <01BB77AE.C8574D00@geeman.vip.best.com> Simon Spero says: "paranoid rants have their place; however, if they keep bursting into cypherpunks without knocking first, there could be an accident. Lithium.... it's not just for watch batteries anymore." Seems to apply here, no? ---------- From: initialization[SMTP:initialization at nemesis.meaning.com] Sent: Sunday, July 21, 1996 6:23 PM To: cypherpunks at toad.com Subject: Re: INFO: Submit your testimony to Congress for hearings on July 25! vtw at vtw.org writes: > UPCOMING HEARING INFORMATION http://www.crypto.com/events/ after that. ... etc etc etc etc > This is an amazing time for Big Brother, who, in the person of VTW, is gathering the names and addresses of all who oppose it, one by one, under the Rube of "testimony" and "democracy"? What do you think will happen next? You think Big Brother is going to hear what you say and say "oh my god they are right!" and then turn around and mend its ways? NO! You will be marked as a trouble maker in your file, and rounded up or worse, when the time comes! They have duped many into participating, and others, prominent ones like Blaze, Diffie, Schneier, Zimmermann, have been blackmailed into working for them. Turn your back on this sham "democracy". Fuck their "hearings". And demand truth from "VTW". VTW=NSA+FBI front. From alanh at infi.net Mon Jul 22 12:39:38 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 23 Jul 1996 03:39:38 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607220111.UAA19079@manifold.algebra.com> Message-ID: I think it is a bad policy to say, "once I have kids in the house, I won't have guns there, period." Kids do need carefully controlled exposure to firearms and their hazards. I refer to the proverbial lesson a father or grandfather gies the young laddy - shooting a watermelon or whatnot, so that the kiddy can see that water-filled bags of protoplasm, when shot - get the shit blown out of them. No doubt, that guns need to be _positively_ secured in a household where kids are running around. Many states have laws to that effect. Now, if we could just get the unwashed masses to keep the sink-drain unclogger fluid, the radiator-antifreeze fluid, and these various other commobn household items - just as carefully secured....might reduce the workload on the nation's poison control centers. Without these parent-mediated exposures to firearms safety lessons, the only exposure today's kids have to the subject is what they see and hear in the public schools and on Hollywood TV/movies. The worst possible messengers. From hallam at Etna.ai.mit.edu Mon Jul 22 12:48:22 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 03:48:22 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <9607221613.AA00685@Etna.ai.mit.edu> > On 19 Jul 1996 19:51:39 Hallam-Baker wrote >>It is no coincidence that the Tree of Liberty needs to be watered with >>blood on occasion. Nope, that wasn't me who said that. I don't normally quote the words of slave owners on the subject of liberty. From perry at piermont.com Mon Jul 22 12:53:15 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 03:53:15 +0800 Subject: the VTW---FBI Connection In-Reply-To: <199607220251.UAA02057@zifi.genetics.utah.edu> Message-ID: <199607221607.MAA12381@jekyll.piermont.com> Anonymous writes: > We have received information that VTW is run and supported by the FBI, > which we have suspected for reasons listed here. You are out of your mind. > I) They appear to have no financial support or funding source. They > do not accept donations. They have no corporate funds. And yet they > appear to be a thriving business. They aren't a "thriving business". "They" are Shabbir and some volunteers. No one works on it full time. "They" don't need any money. Alexis Rosen at Panix donates their web space. > II) They are secretive about their location, and do not seem to have > a headquarters. The address listed in the NIC is a vacant lot in of > all places Brooklyn, NY. Vacant my ass. It should take you one guess to figure out what the address actually is. > III) On a tip from a "friend" we learned that the power leader behind VTW > is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly > a common name. Several people say they've met him. Our "friend" says > that Mr. Safdar is in reality an agent of the FBI. Mr. Safdar is a computer programmer in New York. > IIII) We didn't believe this without external verification. So we called > the Brooklyn office of the FBI and asked for Agent Safdar. No such person. > I called the Washington office. No such person. Checked if there is > any agent named Safdar. They don't give out this info. > No driver's license in NY, DC, NJ, etc. Shabbir doesn't drive. Most people who live in New York City don't. I've known of him for years before he did VTW. You're on drugs. Perry From tcmay at got.net Mon Jul 22 12:54:14 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 03:54:14 +0800 Subject: Boycotts and Etiquette Message-ID: At 4:04 PM 7/22/96, Alan Horowitz wrote: >My own decision to not interlocute with Sternlight is premised as >follows: His viewpoint is invariant and, by now, efficiently disseminated. >Briefly, he is a Statist and he never heard of any degree of Statism that >offends his sensibilities. I understand he's old enough to have been >around when Stalin was still running things in the USSR. David probably >was finding good things to say about Old Joe. And more importantly, >about J Edgar Hoover. Actually, David came out _against_ both Digital Telephony and mandatory key escrow, as I recall. For me, his process of conversion took entirely too long, as most of saw in the ostensibly voluntary Clipper program the seeds of a mandatory regimen. But he _did_ come out against these programs. I think this refutes the point that he's never heard of any degree of Statism that offends his sensibilities. >I pay by the minute for my internet access; many others do as well. If I >decide to ignore Sternlight, it is a business decision, not a moral one. Understandable. I find that _writing_ an article, even a short one like this, takes about as much time as adding 10 people to my filter file or hitting the "delete" key 50 times, so filtering out stuff I don't want to read has never been an issue. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From perry at piermont.com Mon Jul 22 12:57:10 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 03:57:10 +0800 Subject: Special Agent Safdar In-Reply-To: <199607220832.CAA03981@zifi.genetics.utah.edu> Message-ID: <199607221614.MAA12400@jekyll.piermont.com> Anonymous writes: > FBI Special Agent Safdar is upset enough by the revelation > of his true identity to issue a quick denial (on a sunday night, to get > more OT no doubt), but he doesn't even bother to try to refute the > central truth that his cover has been blown by a careless operator at > his home office who verified his employment and offered to take a message > for him. You really are on drugs. The question is, which ones? Perry From geeman at best.com Mon Jul 22 12:57:42 1996 From: geeman at best.com (geeman at best.com) Date: Tue, 23 Jul 1996 03:57:42 +0800 Subject: evidence from the NIC - interpret and use as you will. Message-ID: <01BB77AE.8D5826C0@geeman.vip.best.com> Damn ... if this isn't a smoking gun, I don't know what is! What's the phrase? "Now go away" ..... ---------- From: ante[SMTP:ante at nemesis.meaning.com] Sent: Sunday, July 21, 1996 6:53 PM To: cypherpunks at toad.com Subject: evidence from the NIC - interpret and use as you will. Damn ... if this isn't a smoking gun, I don't know what is! See who is sleeping with who. These are the supporters of the sham "hearings". Voters Telecomm Watch (VTW-DOM) 115 Pacific St., #3 Brooklyn, NY 11201 Domain Name: VTW.ORG Administrative Contact: Safdar, Shabbir (SS155) shabbir at PANIX.COM (718) 596-7234 Technical Contact, Zone Contact: Panix Network Information Center (PANIX5) hostmaster at panix.com +1 212 741 4400 Record last updated on 27-Sep-95. Record created on 06-May-94. Domain servers in listed order: NS1.ACCESS.NET 198.7.0.1 NS2.ACCESS.NET 198.7.0.2 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. Blaze, Matt (CRYPTO-DOM) 101 Crawford Corners Rd Room 4G-634 Holmdel, NJ 07733 Domain Name: CRYPTO.COM Administrative Contact: Blaze, Matt (MB19) mab at CRYPTO.COM (908) 949-8069 Technical Contact, Zone Contact: Network Information and Support Center (PSI-NISC) hostinfo at psi.com (518) 283-8860 Record last updated on 06-May-93. Record created on 06-May-93. Domain servers in listed order: NS.PSI.NET 192.33.4.10 NS2.PSI.NET 38.8.50.2 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. Center for Democracy and Technology (CDT2-DOM) 1634 Eye Street, NW Suite 1100 Washington, DC 20006 USA Domain Name: CDT.ORG Administrative Contact: Weitzner, Daniel (DW151) djw at CDT.ORG (202) 637-9800 Technical Contact, Zone Contact: Palacios, Bob (BP282) bobpal at CDT.ORG (202) 637-9800 Billing Contact: Kolb, Danielle (DK1006) dkolb at CDT.ORG (202) 637-9800 Record last updated on 19-Apr-96. Record created on 20-Dec-94. Domain servers in listed order: NS.CAIS.COM 205.177.10.10 NS2.CAIS.COM 199.0.216.1 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. From perry at piermont.com Mon Jul 22 13:03:17 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 04:03:17 +0800 Subject: evidence from the NIC - interpret and use as you will. In-Reply-To: <199607220153.SAA29047@black.colossus.net> Message-ID: <199607221558.LAA12338@jekyll.piermont.com> ante writes: > See who is sleeping with who. These are the supporters of the sham > "hearings". Oh, not again. Look, we know that you are on some stupid vendetta against Matt Blaze for no observable reason other than likely paranoid delusions. Could you quit bothering us with it? No one cares. Perry > Voters Telecomm Watch (VTW-DOM) > 115 Pacific St., #3 > Brooklyn, NY 11201 > > Domain Name: VTW.ORG > > Administrative Contact: > Safdar, Shabbir (SS155) shabbir at PANIX.COM > (718) 596-7234 > Technical Contact, Zone Contact: > Panix Network Information Center (PANIX5) hostmaster at panix.com > +1 212 741 4400 > > Record last updated on 27-Sep-95. > Record created on 06-May-94. > > Domain servers in listed order: > > NS1.ACCESS.NET 198.7.0.1 > NS2.ACCESS.NET 198.7.0.2 > > > The InterNIC Registration Services Host contains ONLY Internet Information > (Networks, ASN's, Domains, and POC's). > Please use the whois server at nic.ddn.mil for MILNET Information. > > Blaze, Matt (CRYPTO-DOM) > 101 Crawford Corners Rd > Room 4G-634 > Holmdel, NJ 07733 > > Domain Name: CRYPTO.COM > > Administrative Contact: > Blaze, Matt (MB19) mab at CRYPTO.COM > (908) 949-8069 > Technical Contact, Zone Contact: > Network Information and Support Center (PSI-NISC) hostinfo at psi.com > (518) 283-8860 > > Record last updated on 06-May-93. > Record created on 06-May-93. > > Domain servers in listed order: > > NS.PSI.NET 192.33.4.10 > NS2.PSI.NET 38.8.50.2 > > > The InterNIC Registration Services Host contains ONLY Internet Information > (Networks, ASN's, Domains, and POC's). > Please use the whois server at nic.ddn.mil for MILNET Information. > > Center for Democracy and Technology (CDT2-DOM) > 1634 Eye Street, NW Suite 1100 > Washington, DC 20006 > USA > > Domain Name: CDT.ORG > > Administrative Contact: > Weitzner, Daniel (DW151) djw at CDT.ORG > (202) 637-9800 > Technical Contact, Zone Contact: > Palacios, Bob (BP282) bobpal at CDT.ORG > (202) 637-9800 > Billing Contact: > Kolb, Danielle (DK1006) dkolb at CDT.ORG > (202) 637-9800 > > Record last updated on 19-Apr-96. > Record created on 20-Dec-94. > > Domain servers in listed order: > > NS.CAIS.COM 205.177.10.10 > NS2.CAIS.COM 199.0.216.1 > > > The InterNIC Registration Services Host contains ONLY Internet Information > (Networks, ASN's, Domains, and POC's). > Please use the whois server at nic.ddn.mil for MILNET Information. > > From jad at dsddhc.com Mon Jul 22 13:07:11 1996 From: jad at dsddhc.com (John Deters) Date: Tue, 23 Jul 1996 04:07:11 +0800 Subject: Home Made Telephone Voice Changer Message-ID: <2.2.32.19960722163544.00331a2c@labg30> On Wed, 17 Jul 1996, Jerome Tan wrote: > Does anyone know how to make a home-made telephone voice changer? Well, if you've got your sound card in your computer, if you download Speak Freely (from http://www.fourmilab.ch) and simultaneously turn on LPC-10 compression along with simple compression, I've found my voice comes out more like Robbie the Robot than John Deters. It's an interesting feature of the LPC-10 compression that as it removes redundancy from the transmission that it removes the "human identity" from it as well. There's got to be a moral to that story somewhere (especially since the NSA developed the LPC-10 algorithm). John -- J. Deters "Captain's log, stardate 25970-point-5. I am nailed to the hull." +-------------------------------------------------------+ | NET: jad at dsddhc.com (work) jad at pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'33"N by 93^16'42"W Elev. ~=290m (work) | | PGP Key ID: 768 / 15FFA875 | +-------------------------------------------------------+ From tcmay at got.net Mon Jul 22 13:11:27 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 04:11:27 +0800 Subject: Special Agent Safdar Message-ID: At 8:32 AM 7/22/96, Bilderberger Standard Time, Disinformation Officer Anonymous wrote: >FBI Special Agent Safdar is upset enough by the revelation >of his true identity to issue a quick denial (on a sunday night, to get >more OT no doubt), but he doesn't even bother to try to refute the >central truth that his cover has been blown by a careless operator at >his home office who verified his employment and offered to take a message >for him. > >We don't have to wonder a second longer about the motives behind >Safdar\VTW\FBI's collection of names of crypto-dissidents, their >support of the Leahy crypto control bill, their refusal to >denounce it even today, their support of the digital telephone >act, the disinformation to make us believe otherwise and all >the other lies. And what about the money? > >We must call on the other organizations, like EPIC, EFF, CDT, and ACLU >to denounce the VTW\FBI fraud. Their board of directories, Blaze and I contacted Field Agent Eric Hughes, of the Western Regional Office, and he denied that there are any connections between VTW (Vulis Tchurka Watch) and the FBI. The special functions of Operation Sun Tentacle, led by a former Sun employee named John Gilmore, are focussed almost totally on recruiting the "tentacles" of dissidents in the Western Regional Area, centered on the Bay Area. Ignore disinformation. --Special Agent Timothy C. May cc: James Kallstrom, Cypherpunks New York Office From alanh at infi.net Mon Jul 22 13:14:49 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 23 Jul 1996 04:14:49 +0800 Subject: Boycotts and Etiquette In-Reply-To: Message-ID: My own decision to not interlocute with Sternlight is premised as follows: His viewpoint is invariant and, by now, efficiently disseminated. Briefly, he is a Statist and he never heard of any degree of Statism that offends his sensibilities. I understand he's old enough to have been around when Stalin was still running things in the USSR. David probably was finding good things to say about Old Joe. And more importantly, about J Edgar Hoover. I pay by the minute for my internet access; many others do as well. If I decide to ignore Sternlight, it is a business decision, not a moral one. From hallam at Etna.ai.mit.edu Mon Jul 22 13:15:51 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 04:15:51 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <9607221607.AA00659@Etna.ai.mit.edu> >Limbaugh is giving up the show because it is run in syndication. >Syndication is not a profitable format with the ensuing satellite blitz >on the horizon. I find your argument only moderately less convincing than the average political campaign ad. Given Limbaugh's propensity for telling blatant fibs I don't credit anything he says as being likely to bear any relation to the truth, particularly when it would mean admitting failure and retreat. Syndication is highly profitable for many, if its profitable to syndicate drama with its astronomic production costs it is profitable to syndicate Rush with his astronomic weight. >Limbaugh is a buisnessman and a commentator. He earns a living. He will >do what is necessary to leverage his marketability to make the most money. >Since you've gone to college, I'll have to explain it to you: It's called >capitalism - look into it... Its called failure and spin control. Rush has not announced a new TV show, he has closed his only TV show. He has closed after his audience declined and his contracts expired. That is the business decision of the local stations who don;t see Rush as profitable business anymore and advertisers who don't want to see their products associated with appologists for the Oaklahoma bomb. >You fail to acknowledge the simple fact that a segment of society that >feels not only disenfranchised, but that the system is irrepairable will >stoop to whatever means they feel is necessary to make their point. They >don't care what other people think - just what they believe in. >Discrediting is a non issue. I know that facism has an appeal for many people but that does not mean that they are not a minority. And I am not using the words Facism as a casual insult but as an accurate description of a movement which is in large part a vehicle for racism and has already caused 200 plus murders at OKC. Every time an extreeme idological faction of the left or the right gains power there are splinter groups from that side claiming that the failure of the policies is due to them not being compromised and insufficiently ideal. Since right wing idealogues have been dominant in the US for some time it is the right wing extreemists who are to the fore. Phill From alanh at infi.net Mon Jul 22 13:30:51 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 23 Jul 1996 04:30:51 +0800 Subject: Re: Devil's Bargain In-Reply-To: Message-ID: > I won't even go into the amount of coverage this crash got compared to No surprise when we consider what the alternative is for the media to concentrate on. Can we say felonious misappropriation of FBI files? What a godsend these crashes and Olympics are for the Clintonistas and their fellow-travelors in the press. A plausible story to talk about , long enough so that there is not time left in the Cartoon News show, to ask, why is the White House running around saying that no one can recall who hired Craig Livingstone. Oh wait, the dead guy musta done it. Yeah, that's the ticket. From hayden at krypton.mankato.msus.edu Mon Jul 22 13:40:34 1996 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 23 Jul 1996 04:40:34 +0800 Subject: Filtering out Queers is OK In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 20 Jul 1996, David Sternlight wrote: > That is also false in its implications. Librarians are in loco parentis, > and most libraries are VERY careful about what materials young children are > exposed to and what is more, are responsive to community pressure in the > matter since most libraries are community-based. Again you have seized on > the details of an example to act as if it were the argument itself, and > nit-picked. My core point remains unrefuted. Uh, wait a second. Libraries and Librarians are not acting in loco parentis. The purpose of a librarian is to aid patrons in locating materials and to maintain the order of the library. The Library Bill of Rights (which, of course, legally means nothing) guarantees access to any materials by any patron. If little eight year old Johnny Doe comes and asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more that point Johnny to the "J" section. Now, I am generalizing as SOME librarian do refuse to check materials some might feel inappropriate, but that is not a librarian policy. The Library Establishment (ALA, basicly) believes in the idea that it is the parents that should be responsible for what Little Johnny reads, not the librarian. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMfJLmjokqlyVGmCFAQFGLwP/YCz5RNWunZnDlEXIUaiWyyKtQWkY1eFo H6ztprN9u8natpFQPn9beRq0QyV3g54gkGUvNKs2jh34caCRpaAbv4dajXSBE9Jy VzdryDZFhUsNATGJ+Vz8S8v/mFXBLr9Duni41llElzNj8RQDKWx2m4tbquaLiz/L Lo5hBJBXkcI= =G65B -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+** ------END GEEK CODE BLOCK------ From acd at artemis.arc.nasa.gov Mon Jul 22 13:42:35 1996 From: acd at artemis.arc.nasa.gov (Alex Derbes) Date: Tue, 23 Jul 1996 04:42:35 +0800 Subject: [Noise] Re: Re: Devil's Bargain In-Reply-To: Message-ID: On Mon, 22 Jul 1996, snow wrote: > On 22 Jul 1996, Roger Williams wrote: > > >>>>> "CCP" == snow writes: > > > Am I the only one in this country who, when hearing about TWA > > > f800 shrugged his shoulders and thought (or said) "Time flies and > > > aeroplanes crash" (Name the band and album and I'll be impressed)? > > Umm, isn't that "Time flies *but* aeroplanes crash"? > > Don't think so. I'll check in the morning. The wife doesn't like > British HardCore at 3a.m. Silly girl. > > > Subhumans (the Brits). 12" EP of the same name. Bluurg records. > > I have it on 29:29 Split Vision. Good stuff. > > > But, yes, my vague impression is that there is more press coverage > > (I get all my news from Auntie Beeb, who hasn't been as vociferous > > about it.) But to most insular American types, terrorism is still a > > novelty. > > BTW, I wouldn't say that officials discounted terrorism -- you can bet > > Kallstrom is sure hoping that this isn't "just an accident"! > > Thing is, this crash was getting more attention than valuejet from the > get go. Before there was any HINT of anything more that your typical > gravity check plane crash it was all over the news. Well, There were no signs of mecahnical faliure, the plane took off one hour late, that means if it was a timed bomb the plane would have gone down over oh lets say random VERY VERY deep place in the atlantic ocean. The plane was an easy shop for all sorts of shoulder launched SAM's. There is a hell of alot of terrorist activity right now, and the olympics, I think there is good circumstantial evidance to suggest terrorist activty just from motives and oppertunity. my half a cent... Alex Derbes > > Petro, Christopher C. > petro at suba.com > snow at smoke.suba.com > ---------- "It's not the Zen way, but it gets the job done." --Garrison Keiler ---------- Alex Derbes - 504-944-7484 - 504-525-4776 email://acd at artemis.arc.nasa.gov - acd at webnetmktg.com - acd at po.cwru.edu finger for PGP or MIT PGP serv - finger://acd at redwood.webnetmktg.com http://www.cwru.edu/cgi-bin/random.pl From shamrock at netcom.com Mon Jul 22 15:12:13 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 06:12:13 +0800 Subject: A Snake-Oil FAQ Message-ID: At 16:05 7/21/96, Simon Spero wrote: >Really? The only way I know of forcing a one-time pad is to use a hardware >QM-based random number generator to generate every possible decrypt, thus >creating a number of universes equal to the number of possible keys. Since >you can't tell if you're universe is the right one, one should always >verify the information obtained against a second source. IANAL, so I can't >say if such a decrypt would count as probably cause. Now here is a thought. Since there exists a key that allows you to decrypt any OTP encrypted message to an arbitrary text of the same length as the original message, an LEO could work backwards from a given text. "Yes, your honor. We decrypted the suspects communications and discovered the following confession." Scary thought. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From tbyfield at panix.com Mon Jul 22 15:20:35 1996 From: tbyfield at panix.com (t byfield) Date: Tue, 23 Jul 1996 06:20:35 +0800 Subject: the VTW---FBI Connection In-Reply-To: <199607220251.UAA02057@zifi.genetics.utah.edu> Message-ID: Net reporter team Alice and Bob wrote: > I) They appear to have no financial support or funding source. They > II) They are secretive about their location, and do not seem to have > III) On a tip from a "friend" we learned that the power leader behind VTW > IIII) We didn't believe this without external verification. So we called I think you're onto something, but no one will believe you until you come up with a few more damning "coincidences"--say, IIIII and IIIIII. Ted From snow at smoke.suba.com Mon Jul 22 15:23:18 1996 From: snow at smoke.suba.com (snow) Date: Tue, 23 Jul 1996 06:23:18 +0800 Subject: VTWW In-Reply-To: Message-ID: On Mon, 22 Jul 1996, Dr.Dimitri Vulis KOTM wrote: > jfricker at vertexgroup.com (John F. Fricker) writes: > > Any of you New Yorkers know the Society for Electronic Access (SEA)? > Yes. Plug-pulling censorous lying motherfuckers. Don't sugar coat it Dr, tell us how you really feel. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From perry at piermont.com Mon Jul 22 15:24:47 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 06:24:47 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607221613.AA00685@Etna.ai.mit.edu> Message-ID: <199607221822.OAA12499@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > > On 19 Jul 1996 19:51:39 Hallam-Baker wrote > > >>It is no coincidence that the Tree of Liberty needs to be watered with > >>blood on occasion. > > Nope, that wasn't me who said that. I don't normally quote the words of > slave owners on the subject of liberty. No one would ever accuse you of supporting freedom, Phill. I'm sure it was an accident. (BTW, Jefferson's slaves were inherited and an an entailment clause in the will prevented him from freeing them during his lifetime. Not, of course, that this matters -- the idea of confusing the messenger and the message is the ad hominem fallacy.) Perry From hua at xenon.chromatic.com Mon Jul 22 15:24:52 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 06:24:52 +0800 Subject: Responding to Pre-daw In-Reply-To: Message-ID: <199607221826.LAA28551@server1.chromatic.com> > > Worse yet, the bureaucrats, whose asses are on the line when a tragic > > mistake occurs > > which planet are you talking about, Ernest? > > Ernie, you figure any FBI folks are going to get disciplined for illegally > giving files to the White House? My mistake. I should have worded this so that you did not have to look forward in the article too much to understand that I violently agree with you. Please read the original. I'll dig it up for you (and any other interested party if you don't have it.) Ern From shamrock at netcom.com Mon Jul 22 17:02:36 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 08:02:36 +0800 Subject: Netscape Message-ID: At 15:27 7/20/96, Tom Weinstein wrote: [Site distributing Netscape US elided. Thanks Alex. There was no wait.] >Why not consider what the consequences will be? Do you seriously >believe that this will make the government stop enforcing ITAR? Do you >believe it will make them change the law? No. What it will do is make >them remove our permission to distribute this stuff. I doubt that. PGP has been distributed for years with less safeguards than Netscape. It is available on more free-world sites than Netscape US. This did not prompt the powers that be to force MIT to take down their site. The feds know that it is impossible to prevent software that is available on the net from being exported. Why would they harass Netscape once the inevitable happens? -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From amehta at giasdl01.vsnl.net.in Mon Jul 22 17:26:50 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Tue, 23 Jul 1996 08:26:50 +0800 Subject: NCs (network computers) Message-ID: <1.5.4.32.19960722180938.003111b4@giasdl01.vsnl.net.in> At 12:53 21/07/96 -0700, Vladimir Z. Nuri wrote: >From: JimBurd at aol.com >Date: Fri, 19 Jul 1996 07:59:03 -0400 >Subject: Re: NC > >When the idea of the NC was first floated, I thought to myself what an >absolutely terrible idea it was. So did I -- then it struck me that if they soup up the V-Chip a bit, and consider that the Telecom Deregulation Act specifically allowed the cable TV provider to also provide telephony, i.e. a 2-way connection, you could have near-universal Internet access. Check out (about 1600 words): http://www.cerfnet.com/~amehta/Vchip.htm It's a bit rough, but I'd love to have comments. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From snow at smoke.suba.com Mon Jul 22 17:28:40 1996 From: snow at smoke.suba.com (snow) Date: Tue, 23 Jul 1996 08:28:40 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: On Mon, 22 Jul 1996, Vinnie Moscaritolo wrote: > > You pop a claymore in a building with any substance up to the level of > >concrete re-enforced, and you _will_ be going with them. > > booby traping your home is a really stupid idea, I promise that your > dog/child/spouse will be theone to accidentally set it off. besides for > this you can get sued.. I wasn't condoning boobytrapping, I was arguing that a claymore is a bit on the explosive side for use in a house (the thing has about a pound of C-4 and a whole bunch of steel ball bearings in it, 95% mortality out to about 50 meters IIRC. > every hear the one about the case of a guy who constantly had his radar > detector stolen out his his car, he decides to set a trap and rigs his next > one with exposive. The perp steals the box, sells it. someclown powers it > up on his dash board and BANG!.. well you'd figure justice is served, but > the NYC judges awarded the mass of flesh damages and charged the guy with > manslaughter. There are other stories where the perp gets it _in_the_act_ and still gets awarded damages. Fucking country is going to the dogs and there ain't nowhere else to go. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From declan at well.com Mon Jul 22 17:34:25 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 23 Jul 1996 08:34:25 +0800 Subject: Canada investigating Net-regulations -- call CBC-Radio now! Message-ID: [David Jones is the head of EF-Canada. Call CBC Radio with your comments now! (I did, and left them on the voice mailbox that Morning Edition graciously provided.) --Declan] >Return-Path: >Date: Mon, 22 Jul 96 11:55:41 EDT >From: djones at insight.mcmaster.ca (David Jones) >To: efc-talk at insight.mcmaster.ca >Subject: call CBC with your thoughts on BC Attorney General's remarks >Sender: efc-talk-owner at insight.mcmaster.ca >Precedence: bulk >Reply-To: djones at insight.mcmaster.ca (David Jones) >X-Efc-Web-Site: http://www.efc.ca >X-Efc-Archive: gopher://insight.mcmaster.ca/11/org/efc > > Murmurings about Internet regulation in British Columbia > >I just finished a very brief interview on CBC-Radio in Vancouver. >They called asking for a comment on the BC Attorney General's >statement that he has instructed his ministry to investigate whether >the Internet can be regulated. The reason this is in the news >is because of the so-called "white power" and "hate" web pages that >are now available through a BC Internet Service Provider (Fairview Tech), >after being kicked off an Ontario ISP's computers (Pathyway Communications). > > >I hadn't had my morning coffee, so perhaps you can be more articulate >on this issue that I was. I encourage you to call the CBC-Radio's >"talk-back lines" at (604) 662-6976 -- they are inviting comments >on this issue. Seriously, if you don't want the BC Attorney General >to regulate the Internet, speak now or forever hold your peace. > > >Background (from Vancouver Sun) > > B.C. Internet provider is the largest Canadian site for racist material > gopher://insight.mcmaster.ca/00/org/efc/media/vancouver-sun.19jul96a > > Hate on Internet investigated > gopher://insight.mcmaster.ca/00/org/efc/media/vancouver-sun.19jul96b > > Don't expect easy solutions to cyberspace abuse > gopher://insight.mcmaster.ca/00/org/efc/media/times-colonist.14jul96 > > >See also: > > "Skin-Net" > http://www.ftcnet.com/~skinhds/main.htm > > "Freedom Site in Exile" > http://www.ftcnet.com/~freedom/ > > >- - - - - - - - - - - - - - - - - - - - - - - >David Jones -- Electronic Frontier Canada >djones at efc.ca -- http://www.efc.ca/ From paul at mycroft.actrix.gen.nz Mon Jul 22 17:49:31 1996 From: paul at mycroft.actrix.gen.nz (Paul Foley) Date: Tue, 23 Jul 1996 08:49:31 +0800 Subject: Borders *are* transparent In-Reply-To: <199607221420.HAA00786@toad.com> Message-ID: <199607221650.EAA01429@mycroft.actrix.gen.nz> "Peter Trei" wrote: Any one up for a distributed brute force attack on single DES? My back-of-the-envelope calculations and guesstimates put this on the hairy edge of doability (the critical factor is how many machines can be recruited - a non-trivial cash prize would help). Not quite sure what you mean by "doability" -- it's obviously doable, it just depends how long you want to wait. I'm in. -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Disclaimer: "These opinions are my own, though for a small fee they be yours too." -- Dave Haynie From djw at vplus.com Mon Jul 22 17:54:27 1996 From: djw at vplus.com (Dan Weinstein) Date: Tue, 23 Jul 1996 08:54:27 +0800 Subject: Netscape Message-ID: <199607221945.MAA19816@ns1.vplus.com> On 22 Jul 96 at 8:38, you wrote: > I don't know why you're quoting your own licensing agreement to me. > When I said, "you need no permission to provide these products," by > "you" I was referring to your company, Netscape. As in, you don't > need the NSA's permission to write and sell good crypto > domestically, even if (arguably) they can limit export. I missed what you meant, it was late and I was thinking you were refering to RE-distribution by those that downloaded it. You also have made an error, I am not associated with Netscape. Dan Weinstein djw at vplus.com http://www.vplus.com/~djw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche From remailer at yap.pactitle.com Mon Jul 22 18:26:52 1996 From: remailer at yap.pactitle.com (Yap Remailer) Date: Tue, 23 Jul 1996 09:26:52 +0800 Subject: ITAR's 40 bit limit In-Reply-To: <199607202345.TAA01019@darius.cris.com> Message-ID: <199607222235.PAA09111@yap.pactitle.com> > From: "David F. Ogren" > Date: Sat, 20 Jul 1996 19:45:29 -0400 (EDT) > > Another paradox of the US export regulations. > > The NSA is allowing 40 bit crypto exports. So as a hypothetical example > assume that I write a crypto program that uses 40 bit RC4 to encode data > (licensing from RSA). I then get an export license using the accelerated > process for 40 bit RC4. Sorry, RC4 only works in OFB mode. It is not a block cypher. From jfricker at vertexgroup.com Mon Jul 22 18:30:28 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Tue, 23 Jul 1996 09:30:28 +0800 Subject: SHI_fty Message-ID: <2.2.32.19960722165903.00bef0e8@vertexgroup.com> At 08:45 AM 7/22/96 EDT, you wrote: >jya at pipeline.com (John Young) writes: > >> "Microsoft Sees A Major Shift For Computers." John Markoff >> >> MS is preparing to release new software that would bring >> the most fundamental change to personal computers since >> the machines were invented in the 1970's. > >You mean, Microsoft Bob? I saw MS Bob on clearance at the Wiz on 86th st... >$15/copy, not moving. > hahaahahaha Actually they are referring to IE4 aka Detroit technology. That's all. "Major Shift" cause the browser is an ole container. Not exactly earth shattering but that's good PR for ya. --j From hallam at Etna.ai.mit.edu Mon Jul 22 18:35:04 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 09:35:04 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <9607222254.AA01221@Etna.ai.mit.edu> >> Notwithstanding entailment clauses, Jefferson was under no compunction to >> exploit his slaves by exploiting their labour. He could have paid them >> competative wages and allowed them to chose to work for others. In short >> he could in effect have freed them. Of course then he would not have had >> the financial means to live as a member of the privileged classes. >> >> Genuine philosophers have made such sacrifices. Russell gave away his >> inheritance after completing Principia because he objected to the idea >> of inherited wealth. >This is an entirely subjective and philosophical argument about whether the >means justify the ends. I won't debate any of the issues here. However, >consider the fact that if Jefferson didn't have as much money as he had, he >might have not had as much policial impact. No, the argument is over whether a person should live by the ideals he preaches. I have more respect fot the likes of Kant and Russell who made rather more of an effort than Jefferson. The observation that history is made by rich people and written by rich people is not a new one. Until this century there were few countries where politics were open to anyone but the very wealthy. In the USA that is still by and large the case. Rather than attempting to excuse Jefferson it would be better to accept that not everything he said was valid when he said it and to try to engage ones brain rather than using his words as slogans. >Also think about the fact that all libertarians who drive cars, are by your >definition, hypocrites because they drive on tax-funded roads. Since they are denied the "right" to live in Libertopia they have no choice but to live in the real world. That doesn't make them hypocrites. They are not directly contradicting their principles. On the other hand there are plenty of "free-market" economists who live entirely on grant money from the public purse and plenty of those "libertarians" will be accepting government assisted funding through college or would do so if it was available. >Sometimes it is necessary to violate one's principles in order to help the >greater good. Yes, but how can a Randite libertarian do so in good faith? For such people there is no greater good, it is all the self. Phill From a-billol at microsoft.com Mon Jul 22 18:36:02 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Tue, 23 Jul 1996 09:36:02 +0800 Subject: FW: SHI_fty Message-ID: > > >At 08:45 AM 7/22/96 EDT, you wrote: >>jya at pipeline.com (John Young) writes: >> >>> "Microsoft Sees A Major Shift For Computers." John Markoff >>> >>> MS is preparing to release new software that would bring >>> the most fundamental change to personal computers since >>> the machines were invented in the 1970's. >> >>You mean, Microsoft Bob? I saw MS Bob on clearance at the Wiz on 86th st... >>$15/copy, not moving. >> > >hahaahahaha > >Actually they are referring to IE4 aka Detroit technology. > >That's all. "Major Shift" cause the browser is an ole container. Not exactly >earth shattering but that's good PR for ya. > >--j > The technology is old hat, but the concept is moving. Keep in mind that this is a series of steps... >Yep, I work at MS. Isn't it neat? > From davros at pack.raf.com Mon Jul 22 18:41:32 1996 From: davros at pack.raf.com (Dave Ross) Date: Tue, 23 Jul 1996 09:41:32 +0800 Subject: No Subject Message-ID: RAF does not work in this area. If any of you are interested (I have no idea what this is about), please feel free to say I suggested you contact her. -dave ross davros at raf.com ---------- Forwarded message ---------- Date: Sun, 21 Jul 1996 14:20:06 -0700 (PDT) From: June Peoples To: davros at raf.com dave, someone called me with a request last week for people who have a good background in internet security, "firewalls" and encryption etc. I thought Jim Bennett and perhaps some of your other contacts would work. Could you e-mail Jim's phone and e-mail to Sandra Huie (Jonathon's wife) at shuie at masterteam.com Thanks, JP From alanh at infi.net Mon Jul 22 18:43:24 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 23 Jul 1996 09:43:24 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607221842.AA00771@Etna.ai.mit.edu> Message-ID: > Actually I have been very active in circles like Liberty (the UK version > of the ACLU). Its just that we have entirely different ideas of what liberty > is. Perry believes that libery is license and I believe in the utilitarian > formulation of Liberty as advanced by Mill, Russell et al. Well, you're in a country of _free citizens_ now, Limey, so if you don't like it, then go back to England - a whole nation of people who foam at the mouth with pride and pleasure over their status as feudal _subjects_. Dja ever notice that Charlie Mountbatten married a gorgeous young babe, but was irretrievably drawn to to an elderly woman of great ugliness? No, Phil, do NOT ask me to call him Prince. I'd sooner follow the example of Lady Liberty in the Seal of the Commonwealth of Virginia. From tcmay at got.net Mon Jul 22 18:44:33 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 09:44:33 +0800 Subject: Netscape Message-ID: At 6:23 PM 7/22/96, Vladimir Z. Nuri wrote: >David suggests that Netscape will be royally screwed if the gov't >cracks down on them because of "monkeywrenchers". but quite the >opposite is possible. as TCM fondly points out, sometimes you win >by losing and lose by winning (not necessarily in those words). > >by creating a very large, glaring, and visceral >public spectacle of the government cracking down on crypto, the >resulting outcry could be absolutely enormous and resonate throughout >the entire population. it would be a vivid portrayal of what the >government has been doing quietly and secretly for decades, and >perhaps the public might finally understand what is going on. By the way, I certainly don't want to be seen as a main promulagator of "monkeywrenching" Netscape's system! I made a few snide/droll/obvious points that the software will likely leak out fairly quickly, but I was not _advocating_ such a thing, nor was I suggesting that someone be pinned up on the wall as a decoy (;-}). I don't think Netscape is misbehaving. I do have some concerns about a method to control leakage that requires data bases of names and addresses of persons accessing a site. One can imagine this concept extended to requiring data bases of names and addresses to be accessed before Web sites may be connected to. (Especially when such "verifications" are so easily spoofed or the results subverted. For example, if the results reported here are valid, the Netscape downloads are not serialized, so any of the millions who download it could be the exporters...essentially nothing is gained, but the precedent is set for demanding identity before downloading...note that retail software purchases do not as yet require identification--you pay your money and that's that. Even if some dirty furriner could buy his software and take it home in his luggage.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hallam at Etna.ai.mit.edu Mon Jul 22 18:46:16 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 09:46:16 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <9607222307.AA01242@Etna.ai.mit.edu> > How do you feel about womanslaughterers and drunkards? I can send you >a list of your senior US Senator's quotations. I don't normally quote Ted Kennedy on anything. You can add "appologist for terrorism" to that list if you like. On the other hand did you see the alternative that was offered???? US politics frequently gives one a choice between two people who individually would be unacceptable but together are acceptable only because the other is even worse. When Weld beat Silbur a large number of Mass Liberals voted for the republican Weld as the more left wing of the pair. The Presidential race is hardly enthralling with a choice between a Democrat so right wing hes prepared to sign a Republican welfare bill and a septugenarian Republican who can barely string together enough words to make a sentence. Oh and to complete the picture, we have a collection of assorted fruitcakes which make Dan Quaylee look apealing. Phill From snow at smoke.suba.com Mon Jul 22 18:46:52 1996 From: snow at smoke.suba.com (snow) Date: Tue, 23 Jul 1996 09:46:52 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids) In-Reply-To: <199607221901.MAA28609@server1.chromatic.com> Message-ID: On Mon, 22 Jul 1996, Ernest Hua wrote: > > > Incidentally, if you are interested, I DO have a child (almost 2 yrs), > > > matter how well he can use it) until he can legal get one himself. I > > > will certainly invoke serious wrath (on him and anyone else involved) > > > if I ever found him with a gun. > > Yes, those guns are evil things. Evil I tell you, constantly shooting > > people for no reason, going off half-cocked and whooping it up all by > > their polished oiled ol selves. > Hmm. Sarcasm? Cannot definitively say, but I'll guess it is. Only a little bit. > > Isn't it funny how otherwise rational people can ascribe intentions > > and moral alignement (ie. good/evil) to an inert chunk of steel? > Assuming you are accusing me of such, you should probably point out > specifically where I said such a thing. (If I did, it would be bad > grammar or some such, and I would certainly retract it.) Not accusing you specifically, only really mentioning it in passing. If I was accusing you of it, I would have said so. > > He also taught me the basics of gun saftey, and made sure that > > I took those classes that were available to me in the areas of gun > > saftey and marksmanship. > You might be missing the mark too, but I thought the subject was > giving a gun to every child who enters school, not YOURs or SOME > EXPERT 6 YEAR OLD's special case. I was no expert, and I am (IMO) still a lousy marksman. I just don't have the money to practice _at all_ so I don't keep my guns here in Chicago. > Yes, if every child was truly an exemplary God-fearing Christian, > I would probably have fewer objections to giving every child a > gun. After all, they would NEVER use it in a fit of rage or > jealousy or any such sins ... Right? Hmmm... Sarcasm? I _really_ can't tell. > Death is permanent. A child is prone to accidents. Maybe those > of you who are just too "special" and "talented" don't need such > paternalistic frameworks, but I know my child cannot tell right > from wrong, good from bad. He will get better over time. But I Are you telling me that I give your kid more credit than you? There is a difference between knowing and caring. > don't want another child to pay for my son's less than full > maturity by getting shot. There is a difference between teaching a 6 year old proper gun saftey and letting the kid carry. If it was you, you said that you were going to let your kid have a gun until he was old enough te get it himself. How do you expect him/her to know how to use it if you don't teach them? Would you give a kid the keys to a car at 16 if they have never been taught how to drive? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From perry at piermont.com Mon Jul 22 18:51:09 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 09:51:09 +0800 Subject: Distributed DES crack In-Reply-To: Message-ID: <199607222314.TAA12858@jekyll.piermont.com> Ben Holiday writes: > I've a few machines around that could be dedicated almost full time to the > task. What are the bandwidth requirements? Probably near zero. People can get sections of the search space parceled out to them. Perry From shamrock at netcom.com Mon Jul 22 18:54:13 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 09:54:13 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: At 21:55 7/21/96, Igor Chudov @ home wrote: >As I said, the kid who hit me in the head with a stick was 3-4 years >younger than me. You skipped that part. Correspondently, I could beat >him easily (I did, but his mother soon interrupted me), which was >obvious to him. So he had plenty of information that would deter a >rational person. He had all the reasons to "to curb his impulse", as >you said, and he could have thought about his punishment. Yes, he hit you. But the question relevant to this discussion is: would he have hit you had you been carrying a firearm, risking not just being beat up, but death itself? I sincerely doubt it. In fact, one could say that you were hit *because* you didn't carry a firearm. The truth is, an armed society is a polite society. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From hua at xenon.chromatic.com Mon Jul 22 18:57:24 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 09:57:24 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: Message-ID: <199607221831.LAA28568@server1.chromatic.com> > > > Thanks, but if it is all the same to you, I'd rather live > > > in a country where everybody << including six year olds >> > > > carry, and can use Uzi's, etc, as a matter of course. > > > > Would you just hand out guns to all teenagers? > > My twelve-year-old daughter asked for and received a .22 for her birthday. > Her four and six year old siblings enjoy shooting it, under close > supervision. The question was not whether you might let your little girl operate a gun. The question was whether you might let her carry it as part of her standard equipment. Would you let her go to school with it loaded or with ammo within easy reach? I mean, what's the point of carrying a gun without bullets? Ern From bdolan at use.usit.net Mon Jul 22 19:02:55 1996 From: bdolan at use.usit.net (Brad Dolan) Date: Tue, 23 Jul 1996 10:02:55 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: <199607221831.LAA28568@server1.chromatic.com> Message-ID: On Mon, 22 Jul 1996, Ernest Hua wrote: > > > > > Thanks, but if it is all the same to you, I'd rather live > > > > in a country where everybody << including six year olds >> > > > > carry, and can use Uzi's, etc, as a matter of course. > > > > > > Would you just hand out guns to all teenagers? > > > > My twelve-year-old daughter asked for and received a .22 for her birthday. > > Her four and six year old siblings enjoy shooting it, under close > > supervision. > > The question was not whether you might let your little girl operate > a gun. The question was whether you might let her carry it as part > of her standard equipment. Would you let her go to school with it > loaded or with ammo within easy reach? I mean, what's the point of > carrying a gun without bullets? My daughter often carries her gun to school, complete with large quantities of high-velocity long-rifle cartridges. She's homeschooled and marksmanship is one of her extracurricular activities. bd p.s. In two years of homeschooling, she has advanced 6 grade levels on the state-mandated achievement tests. > > Ern > > > From perry at piermont.com Mon Jul 22 19:06:35 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 10:06:35 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607221842.AA00771@Etna.ai.mit.edu> Message-ID: <199607221905.PAA12591@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > >No one would ever accuse you of supporting freedom, Phill. I'm sure it > >was an accident. > > Actually I have been very active in circles like Liberty (the UK version > of the ACLU). Its just that we have entirely different ideas of what liberty > is. Perry believes that libery is license and I believe in the utilitarian > formulation of Liberty as advanced by Mill, Russell et al. You don't believe in Mill's formulation, Phill. If you did, you couldn't possibly support 90% of the garbage you talk about. Mill was a libertarian in the modern sense -- he opposed virtually everything government did. Yes, his opposition was utilitarian, but so what? You use utilitarianism to justify the indefensible. You say I think that my idea of freedom is license. Perhaps. However, I think my notion is closer to the common conception than yours, which owes more to Orwellian redefinition than to the normal use of the term. > Of course if Perry was interested in genuine liberty instead of a slave > owner's idea of liberty Again, that is ad hominem. You say that ad hominem's are fine when one is questioning a speaker's credentials, but the point is that Jefferson's credentials are immaterial. You call him a slave owner as in order to try to taint his ideas. However, ideas cannot be tainted. If Adolf Hitler felt that high speed autobahns were a good idea, that doesn't make highways a bad idea simply because of the person who conceived of them. Jefferson could have been a mass murderer for all I care. His words may be evaluated fully independently of his actions. They are not interdependent. Perry From perry at piermont.com Mon Jul 22 19:07:30 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 10:07:30 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <31F3D20C.167E@ai.mit.edu> Message-ID: <199607221917.PAA12611@jekyll.piermont.com> Hallam-Baker writes: > As a computer scientist I would have thought you would have been > up on the idea of adding memory to game theory interactions. In such > cases the optimal outcome can turn out very differently than in the > standard model. Memory is the only way that things like iterated prisoner's dilemmas become interesting. > The fact that the US and the USSR did manage to negotiate disarmament > despite the standard game theory predictions shows that the system > is somewhat more complex than Perry's ideological view. I'm afraid, Phill, that you didn't read what I said. Unilateral disarmament is stupid. Multilateral is not necessarily stupid. > >Oh, and don't give us stuff about how humans are above evolutionary > >pressures or nonsense like that, because we aren't any more above such > >pressures than we are above the laws of physics. > > The "laws" of social scienst are not the "laws of physics". Try creating a breed of Humans that don't want to have children and see how many generations you can get them to live for. Try creating a breed of Humans that like walking in front of cars and see how long they last. There is a reason humans do things like agressively defending their children with their lives if need be. There is a reason humans resort to violence when their place in the gene pool is threatened. Some of this stuff is plumb obvious to anyone with half a brain, Phill. Perry From vinnie at webstuff.apple.com Mon Jul 22 19:12:52 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Tue, 23 Jul 1996 10:12:52 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: > You pop a claymore in a building with any substance up to the level of >concrete re-enforced, and you _will_ be going with them. booby traping your home is a really stupid idea, I promise that your dog/child/spouse will be theone to accidentally set it off. besides for this you can get sued.. every hear the one about the case of a guy who constantly had his radar detector stolen out his his car, he decides to set a trap and rigs his next one with exposive. The perp steals the box, sells it. someclown powers it up on his dash board and BANG!.. well you'd figure justice is served, but the NYC judges awarded the mass of flesh damages and charged the guy with manslaughter. only in Amerika.. Vinnie Moscaritolo "Law - Samoan Style" http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From jimbell at pacifier.com Mon Jul 22 19:26:11 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 23 Jul 1996 10:26:11 +0800 Subject: Netscape Message-ID: <199607221538.IAA22007@mail.pacifier.com> At 07:41 AM 7/22/96 GMT, Dan Weinstein wrote: >On Sat, 20 Jul 1996 18:13:45 -0800, jim bell >wrote: > >>At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: >> >>>> Do you Seriously Believe that Netscape would prefer foreigners >>>> to develop and use competing products? Of course not. They are >>>> probably secretly applauding the brave exporters. >>> >>>You are wrong. We are worried that our permission to provide these >>>products will be withdrawn. >> >>As far as I can tell, you need no "permission" to "provide these products", >>at least domestically. The only restrictions that have been implied have >>been over the delivery of encryption over the 'net, and even that is >>questionable. >> > >Then you need to read the license agreement: > >1. Netscape Communications Corporation ("Netscape") grants to you a >non-exclusive, non-sublicensable, license to use this Beta version of >the Netscape network navigator (the "Software"), in binary executable >form for evaluation and trial use purposes only. THIS SOFTWARE >CONTAINS CODE THAT DISABLES MOST OF ITS FEATURES AFTER SEPTEMBER 17, >1996. I don't know why you're quoting your own licensing agreement to me. When I said, "you need no permission to provide these products," by "you" I was referring to your company, Netscape. As in, you don't need the NSA's permission to write and sell good crypto domestically, even if (arguably) they can limit export. Jim Bell jimbell at pacifier.com From frissell at panix.com Mon Jul 22 19:41:10 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 23 Jul 1996 10:41:10 +0800 Subject: Brute Force DES Message-ID: <2.2.32.19960722180543.0069c5a8@panix.com> At 10:32 AM 7/22/96 -6, Peter Trei wrote: >Any one up for a distributed brute force attack on single DES? My >back-of-the-envelope calculations and guesstimates put this on the >hairy edge of doability (the critical factor is how many machines can >be recruited - a non-trivial cash prize would help). I volunteer my 120 MHZ Pentium. A lot more Pentiums are out there now than a year ago. That makes it more feasible. A lot more people with full net connections. Like most Americans, I have a flat rate net connection and a flat rate local phone connection so could run a cracking session permanently (as long as no one tells my ISP). We need a full test of the Winsock cracking client in any case. It wasn't working very well last time. DCF From hallam at ai.mit.edu Mon Jul 22 19:47:35 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 23 Jul 1996 10:47:35 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <4srn51$pl8@life.ai.mit.edu> Message-ID: <31F3D20C.167E@ai.mit.edu> Perry E. Metzger wrote: > > There are surely alternatives to the extremes of unilateral > > disarmament and an arms race? For instance, slowing down the > > race? > > Don't ask the question as though it is theoretical. Don't try > answering it as though your personal values have any bearing, because > there is indeed an objective answer here. Try doing some game theory > simulations and see how well unilateral disarmament works. Perry, just out of curiosity which type of game theory system are you refering to, the standard, single shot game thoery or the communicative model of Alker, Hurwitz and Rothkin? As a computer scientist I would have thought you would have been up on the idea of adding memory to game theory interactions. In such cases the optimal outcome can turn out very differently than in the standard model. Claiming certainty from theoretical results is in general not a good idea. Unless you can explain the relevance of the theory to a situation and explain why the assumptions in the model are justified you are not saying very much. The fact that the US and the USSR did manage to negotiate disarmament despite the standard game theory predictions shows that the system is somewhat more complex than Perry's ideological view. Briefly stated in Alker-Hurwitz a "memory" component was added into the model. The prisoner's dilema was repeated on many occasisons in a variety of contexts, including computer simulation and in practice. In practice the prisoner's chose the joint optimal solution the majority of the time. >Oh, and don't give us stuff about how humans are above evolutionary >pressures or nonsense like that, because we aren't any more above such >pressures than we are above the laws of physics. The "laws" of social scienst are not the "laws of physics". The "laws of physics" aren't so constant either. Theoretical results should inform the intellect not serve as a substitute for it. If you apply genetic programming techniques to the system the strategy that evolves is typically a cooperative one. The facts is that the theory applied in an evolutionary context disproves Perry. Phill From ichudov at algebra.com Mon Jul 22 19:51:59 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 23 Jul 1996 10:51:59 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <199607221805.NAA26381@manifold.algebra.com> Lucky Green wrote: > > At 21:55 7/21/96, Igor Chudov @ home wrote: > > >As I said, the kid who hit me in the head with a stick was 3-4 years > >younger than me. You skipped that part. Correspondently, I could beat > >him easily (I did, but his mother soon interrupted me), which was > >obvious to him. So he had plenty of information that would deter a > >rational person. He had all the reasons to "to curb his impulse", as > >you said, and he could have thought about his punishment. > > Yes, he hit you. But the question relevant to this discussion is: would he > have hit you had you been carrying a firearm, risking not just being beat > up, but death itself? I sincerely doubt it. In fact, one could say that you > were hit *because* you didn't carry a firearm. The truth is, an armed > society is a polite society. The threat was sufficient for him to make a rational choice. He did NOT make a rational choice. I ran out of arguments, so I'll stop right here. - Igor. From hua at xenon.chromatic.com Mon Jul 22 19:54:03 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 10:54:03 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids) In-Reply-To: Message-ID: <199607221901.MAA28609@server1.chromatic.com> > > Incidentally, if you are interested, I DO have a child (almost 2 yrs), > > and I certainly would not even contemplate letting him have a gun (no > > matter how well he can use it) until he can legal get one himself. I > > will certainly invoke serious wrath (on him and anyone else involved) > > if I ever found him with a gun. > > Yes, those guns are evil things. Evil I tell you, constantly shooting > people for no reason, going off half-cocked and whooping it up all by > their polished oiled ol selves. Hmm. Sarcasm? Cannot definitively say, but I'll guess it is. > Isn't it funny how otherwise rational people can ascribe intentions > and moral alignement (ie. good/evil) to an inert chunk of steel? Assuming you are accusing me of such, you should probably point out specifically where I said such a thing. (If I did, it would be bad grammar or some such, and I would certainly retract it.) > He also taught me the basics of gun saftey, and made sure that > I took those classes that were available to me in the areas of gun > saftey and marksmanship. You might be missing the mark too, but I thought the subject was giving a gun to every child who enters school, not YOURs or SOME EXPERT 6 YEAR OLD's special case. Yes, if every child was truly an exemplary God-fearing Christian, I would probably have fewer objections to giving every child a gun. After all, they would NEVER use it in a fit of rage or jealousy or any such sins ... Right? Death is permanent. A child is prone to accidents. Maybe those of you who are just too "special" and "talented" don't need such paternalistic frameworks, but I know my child cannot tell right from wrong, good from bad. He will get better over time. But I don't want another child to pay for my son's less than full maturity by getting shot. Ern From perry at piermont.com Mon Jul 22 19:57:04 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 10:57:04 +0800 Subject: Borders *are* transparent In-Reply-To: <199607221650.EAA01429@mycroft.actrix.gen.nz> Message-ID: <199607221830.OAA12526@jekyll.piermont.com> Perhaps a Java page containing a DES cracker that one could run for the casual participant, and a set of links to download a real cracker for the non-casual participant... I think its really time that we did this. DES must be shown to be dead. When the media hear about it, they will, of course, get "experts" saying "but it took five thousand people millions of dollars in computer time". We should ask Matt Blaze to write a paper in advance explaining that although this test, on general hardware, took a lot of effort, that with specialized hardware it would be cheap as can be. Perry Paul Foley writes: > "Peter Trei" wrote: > > Any one up for a distributed brute force attack on single DES? My > back-of-the-envelope calculations and guesstimates put this on the > hairy edge of doability (the critical factor is how many machines can > be recruited - a non-trivial cash prize would help). > > Not quite sure what you mean by "doability" -- it's obviously doable, > it just depends how long you want to wait. > > I'm in. From ponder at mail.irm.state.fl.us Mon Jul 22 20:14:41 1996 From: ponder at mail.irm.state.fl.us (pj ponder) Date: Tue, 23 Jul 1996 11:14:41 +0800 Subject: 9107 U.S. Government Unveils New Encryption Policy Recommendations 07.19.96 (fwd) Message-ID: The High Performance Computing newsletter (HPCWire) just ran this article. Looks like Government Access to Export Keys (GAEK) or Government Access to Keys - Export (GAKE) or just plain GAK, for simplicity's sake. ObNetscape- I can run a web browser, like Netscape, over T1 link through firewall, but Netscape can't reverse DNS the address, so I can't get the more secure version; I can run Lynx from my account at the university, but Netscape doesn't like lynx, so I am back to dial-up PPP, at 14.4 .... Frustrating... any news on funet, or other 'export' sites? -- pj ---------- Forwarded message ---------- Date: Mon, 22 Jul 96 11:29:34 -0700 From: HPCwire To: ponder at mail.irm.state.fl.us Subject: 9107 U.S. Government Unveils New Encryption Policy Recommendations 07.19.96 U.S. Government Unveils New Encryption Policy Recommendations 07.19.96 NEWS BRIEFS HPCwire ============================================================================= Washington, DC -- U.S. Vice President Al Gore recently unveiled new recommendations to relax encryption export restrictions. The recommendations come with the caveat that restrictions will be eased only if the "keys" are escrowed to permit U.S. government access. Under the proposed key escrow, government officials could gain access to software keys with a court order, undergoing a process similar to that required to obtain wire taps. "These recommendations will protect individuals' transactions and communications on the Internet nationally and internationally while maintaining U.S. security," Gore said. Under the plan discussed by Gore, no restrictions of any kind would be imposed on encryption software for use within the United States. But software programs could only be exported with key escrow features allowing the U.S. government access to the keys. Private companies would be established to hold software keys and government could gain access with a court order. The administration abandoned earlier proposals that would have required the government hold copies of all keys. The new proposal would also give the Commerce Department authority currently held by the State Department over encryption export decisions. Software industry analysts estimate that current export restrictions will cost U.S. companies up to $60 billion in lost sales over the next few years. According to press reports from Reuters, Netscape has noted that it is already losing tens of millions of dollars in overseas sales because of encryption export limits. The limits also impact to some degree the growth of Internet commerce. Whitehouse officials are reluctant to recognize the claims of the software industry. "There are a lot of myths about the nature of the imminent commercial threat," Gore said, adding that officials at some companies, such as International Business Machines, are supportive of the administration's approach. According to press reports, another White House official said other countries would ban the import of U.S. software if controls on encryption were eased. "They will put up import barriers," the official said, adding the United States is trying to craft an international consensus on encryption policy, including use of key escrow, under the auspices of the Organization for Economic Cooperation and Development. The talks are "very far down the tracks," the White House official said. An administration cabinet committee is continuing to address details of the proposal, and expects to send its recommendations to President Clinton by early September. Administration officials continue to hold talks with industry executives, civil liberties groups and others. ******************************************************************************** HPCwire has released all copyright restrictions for this item. Please feel free to distribute this article to your friends and colleagues. For a free trial subscription, send e-mail to trial at hpcwire.tgc.com. From hallam at Etna.ai.mit.edu Mon Jul 22 20:15:13 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 11:15:13 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607221822.OAA12499@jekyll.piermont.com> Message-ID: <9607221842.AA00771@Etna.ai.mit.edu> >No one would ever accuse you of supporting freedom, Phill. I'm sure it >was an accident. Actually I have been very active in circles like Liberty (the UK version of the ACLU). Its just that we have entirely different ideas of what liberty is. Perry believes that libery is license and I believe in the utilitarian formulation of Liberty as advanced by Mill, Russell et al. >(BTW, Jefferson's slaves were inherited and an an entailment clause in >the will prevented him from freeing them during his lifetime. Not, of >course, that this matters -- the idea of confusing the messenger and >the message is the ad hominem fallacy.) Nope, ad-hominen is a perfectly acceptable form of attack when calling into question a speaker's credentials. The words are used because they were Jefferson's and because he is held up as a supporter of liberty. Pointing out that the words are the cant of a hypocrite is entirely justified. Notwithstanding entailment clauses, Jefferson was under no compunction to exploit his slaves by exploiting their labour. He could have paid them competative wages and allowed them to chose to work for others. In short he could in effect have freed them. Of course then he would not have had the financial means to live as a member of the privileged classes. Genuine philosophers have made such sacrifices. Russell gave away his inheritance after completing Principia because he objected to the idea of inherited wealth. Of course if Perry was interested in genuine liberty instead of a slave owner's idea of liberty - liberty to exploit others he would see the contradiciton in his rhetoric. Phill From tcmay at got.net Mon Jul 22 20:16:52 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 11:16:52 +0800 Subject: Digital Watermarks for copy protection in recent Billboard Message-ID: At 11:19 AM 7/22/96, Alex F wrote: >This is probably yet another case of people not thinking ahead. As >usual. People buying CDs at a garage sale & getting arrested for >piracy. Wonderful. Arrests like this are uncommon. Even buying "cheap bikes" and other "cheap" (= probably stolen and fenced) merchandise almost never subjects the purchaser to criminal sanctions. I think the legal types would call it "scienter" (direct knowledge of the act), with a dollop of "provenance" (the paper trail) thrown in. For example, finding a piece of paper with my name on it by the side of the road does not prove I littered, as the paper could've gotten there by blowing off a trash truck, by being thrown there with others who found it (perhaps at the trash site), and so on. Scienter, provenance, etc. ("Alice's Restaurant" not to the contrary; the confession to Officer Obie cinched his fate.) So, purchasers from garage sales need have no fear that the Copyright Police will arrest them. If anything, the garage sale folks might get a visit, assuming they were dealing in large enough volumes to indicate they were links in a chain of pirates. This is in fact what most of the "piracy" cases have involved. >Actually, this would be quite easy. The "watermark" would be a >signal that plays inband, but out of our hearing range during the >entire CD. The human ear can only hear in the 20-20,000 (Hz, KHZ?, >whatever) range. It would be trivial to add a digital ID signal at, >say 30,000 or 15 or something like that. This could then be decoded, Doubtful. The existing CD standard tops out at a Nyquist limit of about 20KHz, with the actual sampling at 44 KHz--but there is simply "nothing" at above 20-22KHz. Putting a signal in at "30 KHz" is simply not possible, given the Nyquist Theorem and the CD sampling rate. Placing a nominally "inaudible" signal in at, say, 15 KHz, was in fact the first proposal for the DAT market, circa 1986-88. The signal was in fact detectable by many, and was dropped in favor of SCMS (pronounced "Scums," but standing for Serial Copy Management System). SCMS does not involve actual changes to the audio stream. It is easily defeated--I have access to one for making DAT-to-DAT transfers. The larger issue of watermarks in digital data is an interesting one. Some of the proposals people talk about have actually been spoofs (esp. the Bart Nagel "announcement" in "Mondo 2000" a couple of years ago, which still gets cited as an actual technique, about the same way the "Infoworld" spoof about how the NSA got viruses planted in equipment bound for Iraq got picked up by some as an example of "infowar.") --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From harka at nycmetro.com Mon Jul 22 20:34:40 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Tue, 23 Jul 1996 11:34:40 +0800 Subject: Bare fibers Message-ID: * Carbons sent to: In: jimbell at pacifier.com -=> Quoting In:jimbell at pacifier.com to Harka <=- In> The fiber is usually coated with a very thin layer of clear plastic to In> protect against moisture and abrasion, and the diameter is around 0.5 In> to 1.0 millimeters in diameter. Doesn't that make it vulnerable (detectable) to Tempest attacks? Harka ___ Blue Wave/386 v2.30 [NR] From dlv at bwalk.dm.com Mon Jul 22 20:35:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 23 Jul 1996 11:35:35 +0800 Subject: Special Agent Safdar In-Reply-To: <199607221614.MAA12400@jekyll.piermont.com> Message-ID: "Perry E. Metzger" writes: > > Anonymous writes: > > FBI Special Agent Safdar is upset enough by the revelation > > of his true identity to issue a quick denial (on a sunday night, to get > > more OT no doubt), but he doesn't even bother to try to refute the > > central truth that his cover has been blown by a careless operator at > > his home office who verified his employment and offered to take a message > > for him. > > You really are on drugs. The question is, which ones? Ritalin? I boycott "Dr." David Sternlight. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tien at well.com Mon Jul 22 20:35:53 1996 From: tien at well.com (Lee Tien) Date: Tue, 23 Jul 1996 11:35:53 +0800 Subject: I@Week on crypto export loophole 6/24/96 Message-ID: <199607222041.NAA22392@mh1.well.com> I am fairly sure that at least one U.S. district court (the case name escapes me) held that the AECA has extraterritorial application. Lee Tien From tomw at netscape.com Mon Jul 22 20:39:05 1996 From: tomw at netscape.com (Tom Weinstein) Date: Tue, 23 Jul 1996 11:39:05 +0800 Subject: Netscape In-Reply-To: <199607221538.IAA22007@mail.pacifier.com> Message-ID: <31F3E077.41C6@netscape.com> jim bell wrote: > > At 07:41 AM 7/22/96 GMT, Dan Weinstein wrote: > >>Then you need to read the license agreement: >> >> 1. Netscape Communications Corporation ("Netscape") grants to you a >> non-exclusive, non-sublicensable, license to use this Beta version of >> the Netscape network navigator (the "Software"), in binary executable >> form for evaluation and trial use purposes only. THIS SOFTWARE >> CONTAINS CODE THAT DISABLES MOST OF ITS FEATURES AFTER SEPTEMBER 17, >> 1996. > > I don't know why you're quoting your own licensing agreement to me. > When I said, "you need no permission to provide these products," by > "you" I was referring to your company, Netscape. As in, you don't > need the NSA's permission to write and sell good crypto domestically, > even if (arguably) they can limit export. Note that, while Dan is my brother, he doesn't work for Netscape. You really need to check those email addresses before you jump to conclusions. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From deviant at pooh-corner.com Mon Jul 22 20:55:15 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 23 Jul 1996 11:55:15 +0800 Subject: Netscape In-Reply-To: <199607220009.RAA08680@dns2.noc.best.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 21 Jul 1996, James A. Donald wrote: > Date: Sun, 21 Jul 1996 08:23:22 -0700 > From: "James A. Donald" > To: Tom Weinstein , cypherpunks at toad.com > Subject: Re: Netscape > > At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: > > Why not consider what the consequences will be? Do you seriously > > believe that this will make the government stop enforcing ITAR? > > Yes: > > Widespread politically motivated disobedience forces > the state to either demonize the disobedient, (as with drug users) > or give up enforcement. This is a standard and effective method > of forcing the repeal of laws, a method which has had a long record > of success for several hundred years. > > The states cohesion derives from its legitimacy, and threats to > legitimacy and cohesion are treated very seriously by government > officials. > > Threatening the states legitimacy is arguably more effective in > influencing government behavior than blowing up federal office > buildings. Hrmm... I'm definatly on your side. _Civil_ Disobediance has been, and always will be, the most effective way. --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfPEwDAJap8fyDMVAQGA1Af7Bymmynm/ocJ+vFr4MQbIOVwfhLrxZw9K 3bG2WzmbdopMXSJ8rXW09ETMOYZOCoM73Kbv16M3MrhytgDIguFxxwqibQfSWzOy ZOWS8DJS4SL47Y8pE5jK1WAasK7QmWJXS4TsUX1ablIcNNK+LXMqxaWXN/0cLIKE IhZJ4jV+Sq4+G+4zACOqi0kiIPu+A3YYXlNHR0l6RTmSDFY97qzyGJwOCOPgApGe YekQz4uLuXDZ6JIq2k1Sgt6M71dQne8u/oBnV9qa1ONNx+q00yP0P4nLLhgKEfvZ gi3RSoRsFie7xBFrZdUGFP5XwQLtmd1gZc4rfEZ8GSxRxxO0Kq3iAw== =DfR4 -----END PGP SIGNATURE----- From alano at teleport.com Mon Jul 22 21:02:11 1996 From: alano at teleport.com (Alan Olsen) Date: Tue, 23 Jul 1996 12:02:11 +0800 Subject: E-Cash promotion idea Message-ID: <2.2.32.19960722205947.00d26f84@mail.teleport.com> This may or may not fly, but it is at least worth puting out for general comment... Have the people in the e-cash biz thought of getting with the various "Cyber Cafes" around the world to sell e-cash to the patrons. Done properly, this could inject e-cash into a community who would both use the cash, as well as providing privacy and an exchange for real currency. There is probibly some sort of financial regulation against it, but it is an idea to look into... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From harka at nycmetro.com Mon Jul 22 21:02:35 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Tue, 23 Jul 1996 12:02:35 +0800 Subject: pledge status Message-ID: * Carbons sent to: In: alanh at infi.net -=> Quoting In:alanh at infi.net to Harka <=- In> black-ninjas-pretending-that-they're-in-a-Hollywood-script thread After all these figure of speech comparisons of federal agents with 'ninja's' I think it's noteworthy, that the ninja's of old were a counterculture themselves. In fact, they were despised by the ruling class (government) of the samurai as low-lifes and scum of the earth, because the ninjas families would not subdue themselves to 'codes of honor' like the samurai and also practiced different religions (Buddhism) The samurai in turn tried to eliminate the ninja's by outlawing the use of weapons, repressing religious freedom and even invading the ninja's 'heartland' of the province of IGA. Nevertheless, the subsequent elimination of rights for ninja's led to the opposite effect, the ruling samurai had hoped for: instead of being turned into defenseless kids, the ninja's were now free from any boundaries in terms of existing norms and were thus much more innovative and efficient than the samurai and their 'code of honor'. That enabled the ninja's eventually to survive all onslaughts and dangers to their culture until today. OBCrypto: They also used various cryptographic methods and systems to transport messages. Harka ___ Blue Wave/386 v2.30 [NR] From sparks at bah.com Mon Jul 22 21:09:37 1996 From: sparks at bah.com (Charley Sparks) Date: Tue, 23 Jul 1996 12:09:37 +0800 Subject: A quick question please Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hi all, I'm somewhat new to this and was wondering if there is a nice re- mailer fornt end for the Mac ( Same as Private Idaho ) I have unix, mac and intel, I use the Mac on the road for good connectivity back to the office and the net in a small cheep package. Thanks Charley Sparks -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCXAwUBMfQnKOJ+JZd/Y4yVAQGEqgQNEhNp1/WfnIoMp3sTJtcuaZTAg7CsvCxc w3MRCfkkosf2jzRSOvmwJoFmag3I21eCCA7JKhUt+yvtOGyJDxN3fgBl669hZDWG YE05B8QMaQyHkVIJLe4o6UO+JBCvrEA6jylID/Z41BEJErO+kaN49sbZV0x2nBM9 q4s/ET67KhPt7g== =u9sO -----END PGP SIGNATURE----- Charles E. Sparks http://www.clark.net/pub/charley/index.htm In God we trust, All Others we encrypt Public Key at: http://www.clark.net/pub/charley/cp_1.htm From adamsc at io-online.com Mon Jul 22 21:09:56 1996 From: adamsc at io-online.com (Chris Adams) Date: Tue, 23 Jul 1996 12:09:56 +0800 Subject: Opiated file systems Message-ID: <199607221803.LAA03165@toad.com> On 20 Jul 96 14:46:12 -0800, ceridwyn at wolfenet.com wrote: >>BTW, I'd try a fiber-optic connector to the machine because 1) it's > >Do you know anything about where to find info. on connecting drives >(IDE or SCSI) with fiber? I'm very interested in this possibility, >but need to research further. I'd like to home-build a system, but >any info on current products would also be helpful. One, you could probably replace the wires with fiber/xmitter pairs. However, this would probably screw your timings to hell - SCSI probably wouldn't work. OTOH, it's possible that with a careful enough job and some decent components you could pull it off. It would be incredibly wasteful, though, as you would need 40+ fibers to do the job of one... I'd find some network cards that support fiber and breadboard a little system together. Possibly, you could find a hookup that would work off the shelf - look for sources for embedded systems. For instance, at least Novell's networks have embedded system support. I recall a DDJ that had someone wire up a coffemaker as a network controlled device, so I doubt you'd need a PC. As I recall, he had a single chip ethernet device. Now, this was for regular ethernet, but I'd assume you could connect a fiber based ethernet over with some sort of adapter. Search for the article at http://www.ddj.com - if you can't find it there, drop me a note. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From wb8foz at nrk.com Mon Jul 22 21:11:30 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 23 Jul 1996 12:11:30 +0800 Subject: the VTW---FBI Connection In-Reply-To: <199607221607.MAA12381@jekyll.piermont.com> Message-ID: <199607222035.QAA00928@nrk.com> > I) They appear to have no financial support or funding source. They > do not accept donations. They have no corporate funds. And yet they > appear to be a thriving business. They make millions of bits per month! And I bet they pay taxes on nary a one. Call the IRS! > IIII) We didn't believe this without external verification. So we called > the Brooklyn office of the FBI and asked for Agent Safdar. No such person. > I called the Washington office. No such person. Checked if there is > any agent named Safdar. They don't give out this info. Shibbir could never cut it as a Fed -- his suit is not bland enough & his hair is too long. > No driver's license in NY, DC, NJ, etc. A NYC native like Shibbir driving? THAT would be a threat to National Security. Why do you think we locked 'em all up on that island, anyhow? -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From alanh at infi.net Mon Jul 22 21:16:08 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 23 Jul 1996 12:16:08 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607221613.AA00685@Etna.ai.mit.edu> Message-ID: > Nope, that wasn't me who said that. I don't normally quote the words of > slave owners on the subject of liberty. How do you feel about womanslaughterers and drunkards? I can send you a list of your senior US Senator's quotations. From hua at chromatic.com Mon Jul 22 21:19:38 1996 From: hua at chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 12:19:38 +0800 Subject: No more stupid gun thread ... Message-ID: <199607230124.SAA01022@server1.chromatic.com> Ok. This thread has gone on long enough and covered just about every point except the one which I originally made in my first response, which is that I abhor the idea that kids should carry weapons (of any sort) to school as standard equipment. In fact, I abhor the idea that kids should carry weapons at school for any reason. Enough said. I do not care to discuss: 1. Should kids have any weapons at any time? 2. Should kids have guns (specifically guns)? 3. Should kids know how to operate weapons of any sort? If any of you really really have to discuss this issue, let's spare the rest of the list and send me E-Mail directly. Thanks! Ern From JeanPaul.Kroepfli at ns.fnet.fr Mon Jul 22 21:22:49 1996 From: JeanPaul.Kroepfli at ns.fnet.fr (Jean-Paul Kroepfli) Date: Tue, 23 Jul 1996 12:22:49 +0800 Subject: passphrase and Diceware [was Re: Length of passphrase beneficial?] Message-ID: <01BB7820.8FAA2640@JPKroepsli.S-IP.EUnet.fr> The author of the Diceware system is Arnold G. Reinhold and can be contacted to einhold at world.std.com He has three pages: The Diceware Passphrase home page (html), The Diceware WordList (ascii) and a text with the technical rationales behind the list (ascii) I don't remember the URL, sorry Greeting, Jean-Paul ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- Jean-Paul et Micheline Kroepfli (our son: Nicolas and daughter: Celine) eMail: JeanPaul.Kroepfli at utopia.fnet.fr Also Compuserve and MSNetwork Phone: +33 81 55 52 59 (F) PostMail: F-25640 Breconchaux (France) or: +41 21 843 27 36 (CH) or: CP 138, CH-1337 Vallorbe Fax: +33 81 55 52 62 (Switzerland) Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting PGP Fingerprint : 19 FB 67 EA 20 70 53 89 AF B2 5C 7F 02 1F CA 8F "The InterNet is the most open standard since air for breathing" From drose at AZStarNet.com Mon Jul 22 21:48:30 1996 From: drose at AZStarNet.com (David M. Rose) Date: Tue, 23 Jul 1996 12:48:30 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <199607222152.OAA28102@web.azstarnet.com> Perry E. Metzger writes: >hallam at Etna.ai.mit.edu writes: >> > On 19 Jul 1996 19:51:39 Hallam-Baker wrote >> >> >>It is no coincidence that the Tree of Liberty needs to be watered with >> >>blood on occasion. >> >> Nope, that wasn't me who said that. I don't normally quote the words of >> slave owners on the subject of liberty. > >No one would ever accuse you of supporting freedom, Phill. I'm sure it >was an accident. Perry, Can we add "Doc" Hallam-Baker to the pledge program? Seriously, c-punks is an incredibly valuable resource/forum. There are many hundreds of folks on the list (like me) who may not have the relevant technical expertise to contribute intelligently and/or frequently, but I think that we all _learn_ a great deal by reading the timely and thoughtful essays, debates, and points of view selflessly and sometimes thanklessly contributed by the likes of (in no particular order and by no means inclusively) Messrs. May, Sandfort, Unicorn, Green, Parekh, your goodself and many, many, many others. Of course, there are always those who will willfully waste thousands of man-hours per day for the list with their obviously unwelcome drivel (I do not here make reference to the clueless "suscrives" who stumble onto the list with questions about "kewl stuff"). In a physical setting, even the most obtuse person eventually realizes that he or she is being ostracized, but in the ether... (Sigh...) David M. Rose From hua at xenon.chromatic.com Mon Jul 22 21:52:18 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 12:52:18 +0800 Subject: Kellstrom Calls for DT Funding In-Reply-To: Message-ID: <199607221839.LAA28584@server1.chromatic.com> > > Too bad these people aren't required to show specific examples where the > > "bad guys" got away as a result of their failure to be able to do wiretaps. > > I don't think asking for this evidence is a good idea. After all, there > probably _are_ such examples. It stands to reason. > > But so what? The issue is not whether extensive wiretapping would catch > certain conspirators and head off certain crimes, the issue is one of how > liberal and free societies are to operate. Our system has frowned upon such > Orwellian schemes as mandating that video cameras be placed in all > residences and in all hotel rooms, regardless of whether certain crimes > would be detected or deterred. > > The proper argument is not to demand proof of how useful such measures as > the FBI would like to see are, but, rather, to focus on basic rights > issues. I must violently agree. Having escrowed video cameras in every room in every house will surely deter violence in the homes as most child and spousal abuse are (no big surprise) done by family. But even such horrors as child rape and beating cannot justify video cameras in every room; not because it is expensive, but because it is a gross violation of privacy. (But the FBI promises it would not use it without a court order, right? Sure.) People, in general, understand the severity of "video escrow". They just do not understand the severity of "key escrow" yet. Ern From vznuri at netcom.com Mon Jul 22 21:57:48 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 23 Jul 1996 12:57:48 +0800 Subject: Netscape In-Reply-To: Message-ID: <199607221823.LAA18768@netcom5.netcom.com> DS >I read Tim May's suggestions, and while he is sincere and trying to be >helpful, I use strong language above because it's time we called things for >what they are instead of politely pussyfooting around them. Monkeywrenchers >are no friends of Cypherpunks. They are the enemy, as surely as is >mandatory key escrow in the US. wow, after only about a week DS has suddenly grasped the Tao of Cypherpunk and discovered the mysterious and elusive distinction of Those That Are and Those That Are Not. I'm really impressed. truly only a great master could accomplish such a feat in such a short time. as long as I have been around here, even I do not have such confidence, so I bow down to my superior David suggests that Netscape will be royally screwed if the gov't cracks down on them because of "monkeywrenchers". but quite the opposite is possible. as TCM fondly points out, sometimes you win by losing and lose by winning (not necessarily in those words). by creating a very large, glaring, and visceral public spectacle of the government cracking down on crypto, the resulting outcry could be absolutely enormous and resonate throughout the entire population. it would be a vivid portrayal of what the government has been doing quietly and secretly for decades, and perhaps the public might finally understand what is going on. before on this list I have advocated that we try to bait the government into confiscating crypto at a border, or stopping a truck full of microsoft products with "military grade crypto" at the border or something-- filming the customs agents with guns raised and have a voiceover "what's in the truck? not submachine guns. not missles. but computer disks. and the government feels they are every bit as deadly". p.s. personally I think "monkeywrenching" does have its uses at times From shamrock at netcom.com Mon Jul 22 22:01:51 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 13:01:51 +0800 Subject: Borders *are* transparent Message-ID: At 4:50 7/23/96, Paul Foley wrote: >"Peter Trei" wrote: > > Any one up for a distributed brute force attack on single DES? My > back-of-the-envelope calculations and guesstimates put this on the > hairy edge of doability (the critical factor is how many machines can > be recruited - a non-trivial cash prize would help). > >Not quite sure what you mean by "doability" -- it's obviously doable, >it just depends how long you want to wait. > >I'm in. Same here. I think it is about time for another full scale hack. Breaking DES would help get our message more than breaking 40bit RC-4 ever did. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From harka at nycmetro.com Mon Jul 22 22:11:51 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Tue, 23 Jul 1996 13:11:51 +0800 Subject: Win 95 security Message-ID: Just found this in my Inbox. Maybe somebody wants to check it out... Harka == Forwarded Message Follows ========================================= >From : 75037.725 at CompuServe.com (Yonat Dascalu): I have uploaded to Simtel.Net: http://www.simtel.net/pub/simtelnet/win95/util/wsi95-20.zip ftp://ftp.simtel.net/pub/simtelnet/win95/util/wsi95-20.zip 1243345 bytes wsi95-20.zip The security solution for Windows 95 Win-Secure-It, v2.00, The Security Solution for Windows 95. Supply Single/Multi user protection against unwanted intruders from accessing items you choose to protect. Protection is done in four levels, completly hiding files and folders, blocking any access to the files, allowing just files read-only access, or just monitor file and data usage. Intruder's log is collected to keep track on unwanted attempts to violate the file security. Can be activated also in Stealth mode. A tool for anyone who tries to protect his files and work data. Special requirements: None. wsi95-20.zip has replaced wsi95-12.zip Shareware. Uploaded by the author. Yonat Dascalu 75037.725 at Compuserve.com ___ Blue Wave/386 v2.30 [NR] From tcmay at got.net Mon Jul 22 22:50:44 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 13:50:44 +0800 Subject: Special Agent Safdar Message-ID: I hadn't planned to comment, but I've seen messages like this one, and a message from Perry, which appear to take "Anonymous" seriously, or at least to take him as sending his message as a serious attack. I took it as a broad satire, though lacking in the craziness which usually signals to all that a satire or spoof (or facetiousness, depending on one's ideas about irony) is involved. At 7:33 PM 7/22/96, Alan Olsen wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >At 02:32 AM 7/22/96 -0600, Anonymous wrote: >>FBI Special Agent Safdar is upset enough by the revelation >>of his true identity to issue a quick denial (on a sunday night, to get >>more OT no doubt), but he doesn't even bother to try to refute the >>central truth that his cover has been blown by a careless operator at >>his home office who verified his employment and offered to take a message >>for him. > >Denial?? Sarcasm perhaps... No "denial" I could see. Alan, I'm somewhat surprised that you could mention "sarcasm" without thinking--as I did less than a fourth of the way through the "Anonymous" piece you are quoting--that the whole piece was a close relative of sarcasm. That is, a spoof, a satire, a joke. I think the first mention of VTW being an agent of the Gubment might have been serious, albeit clueless. But this later piece has all the hallmarks of an over-the-top satire on the first "Safdar is an agent" piece. Consider some "tells": >>We don't have to wonder a second longer about the motives behind "We don't have to wonder a second longer..." Pretty clearly over the top. >Why would they have to operate a dummy organization? All they have to do is >get the names of the subscribers on this list. Much more cost effective. Indeed. Which is why the first piece is so obviously satirical. >>We must call on the other organizations, like EPIC, EFF, CDT, and ACLU >>to denounce the VTW\FBI fraud. Their board of directories, Blaze and >>Schneier to face the truth in public that they they have been used. >>The net as a whole to demand its pound of cyberflesh. Further, we must insist that Diffie confess to his role in undermining the only truly secure cryptosystem, the virtual one-time pad! By propagating his filth about the strength of public key systems, aided by his VTW-Tchurka agent Schneier, he has polluted our precious bodily fluids. >And not to forget all the free code that Blaze and Schneier have handed out >over the years. Maybe that is a plot as well. Maybe the typos in Applied >Cryptography are a secret conspiracy to weaken the cryptography of the >nation. Next thing I expect you to say is that Queen Elisabeth is a drug >dealer and/or other LaRouche style rants. The House of Windsor is controlled by the psy-ops Tavistock Insitute, also known as the White Visitation. Freud, a cocaine and morphine user, advised Tavistock on psy-ops and the British opium trade. Esalen, a Tavistock-CIA think tank and training center, has hosted several international meetings of the Drug Cartel, including both the Cali Cartel and the notorious Langley Cartel. (Besides, doesn't the entire British Royal Family behave as if they're on drugs? 'Nuff said.) >>There are very big questions to be answered now and we must not >>forget to keep asking them until they have been. How high did >>this operation go? Agent Safdar is no Olly North! He didn't >>do this on his own. Who ordered this? > >The voices in your head? Actually, I have more interest in your motives >than his. Read up on the uses of this kind of humor. >Your accusations are not accomplishing anything constructive. I do not >believe that they were designed to either. I believe that they were >designed to sow mistrust in the individuals who are making real progress >against the Government held position that they have the right to spy on our >every move. But who would take the points seriously, besides you, Perry, and one or two others? I just read it, and thought: "Mildly funny, but not quite crazed enough." Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ses at tipper.oit.unc.edu Mon Jul 22 22:51:23 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 23 Jul 1996 13:51:23 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607221822.OAA12499@jekyll.piermont.com> Message-ID: On Mon, 22 Jul 1996, Perry E. Metzger wrote: > (BTW, Jefferson's slaves were inherited and an an entailment clause in > the will prevented him from freeing them during his lifetime. Not, of It would be hard to prove the case that this was the only thing preventing earlier manumission, but then the whole issue is one of the hardest things to understand about Jefferson; many of his closest friends were leaders in the abolitionist movement of the time, and it's almost impossible to believe that he didn't know slavery to be morally indefensible relatively early on in his political development. Guess it was just part of his programming he couldn't throw off. Still leaves him just ahead of FDR as best american president, but does drop him a way behind Paine for best political theorist of the revolution --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From eagle at cyclone.Stanford.EDU Mon Jul 22 22:57:42 1996 From: eagle at cyclone.Stanford.EDU (Russ Allbery) Date: Tue, 23 Jul 1996 13:57:42 +0800 Subject: [Noise] Re: the VTW---FBI Connection In-Reply-To: Message-ID: Dr. Dimitri Vulis KOTM writes: > Rich Graves writes: >> Damn, he's onto us. Special Agent Allbery, your cover is blown. > So, Russ is a stool pigeon? That figures... I have it on quite good authority that I am an undercover plant for Gharlane and all that I see and hear is being relayed to Higher Powers. Unfortunately, my cover is so deep that I can have no conscious knowledge of this, so I can neither confirm or deny the theory. I do, however, have a very impressive black suit in my closet that I have no memory of buying.... As for the VTW, I'm afraid you'll have to ask someone else. I have a strict rule against interfering with Illuminati operations. -- Russ Allbery (rra at cs.stanford.edu) From tcmay at got.net Mon Jul 22 23:04:02 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 14:04:02 +0800 Subject: Was Jefferson a Better Cryptographer or Slaveowner? Message-ID: At 10:03 PM 7/22/96, Simon Spero wrote: >On Mon, 22 Jul 1996, Perry E. Metzger wrote: >> (BTW, Jefferson's slaves were inherited and an an entailment clause in >> the will prevented him from freeing them during his lifetime. Not, of > >It would be hard to prove the case that this was the only thing >preventing earlier manumission, but then the whole issue is one of the >hardest things to understand about Jefferson; many of his closest friends >were leaders in the abolitionist movement of the time, and it's almost >impossible to believe that he didn't know slavery to be morally >indefensible relatively early on in his political development. Guess it >was just part of his programming he couldn't throw off. > >Still leaves him just ahead of FDR as best american president, but does >drop him a way behind Paine for best political theorist of the revolution I agree that Jefferson was the best President. Thinker, writer, inventor, cryptographer, teacher, farmer, founder of universities, and principal author of the Declaration of Independence of course. Yes, he owned slaves. Makes me rethink my position on slave-owning.... --Tim "Massa" May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Jul 22 23:04:49 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 14:04:49 +0800 Subject: Boobytraps and the American Legal System Message-ID: At 6:36 PM 7/22/96, Vinnie Moscaritolo wrote: >> You pop a claymore in a building with any substance up to the level of >>concrete re-enforced, and you _will_ be going with them. > >booby traping your home is a really stupid idea, I promise that your >dog/child/spouse will be theone to accidentally set it off. besides for >this you can get sued.. > >every hear the one about the case of a guy who constantly had his radar >detector stolen out his his car, he decides to set a trap and rigs his next >one with exposive. The perp steals the box, sells it. someclown powers it >up on his dash board and BANG!.. well you'd figure justice is served, but >the NYC judges awarded the mass of flesh damages and charged the guy with >manslaughter. Agree, very foolish to ever plant boobytraps in one's own home. Still, I remember vividly in college when the court case was decided involving a guy in Florida who was tired of being burglarized and the cops doing nothing about it: he rigged a shotgun to go off when someone broke a window and entered. A perp did, was shot, survived, and the case went to trial. The boobytrapper was found guilty of some serious crime--I don't recall the details (this was circa 1972). However, all of my dorm roommates at the time were chortling over the stupidity of imprisoning someone for the crime of trying to defend his property against repeated invasions by scum. This was a "touchstone" example for most of us, raised on Heinlein and Rand as we were. More than chortling, we were uniformly angry. (The world seems to be divided into two basic types over issues like this: those who are outraged that the burglar could collect damages from his victim, and those who are outraged that the owner was even able to buy a shotgun in the first place.) (Later examples were to be even worse. For example, the burglar who climbed on a roof and stepped through a skylight. He sued, and won. I guess the owner of the property was obligated to install night lights so burglars could see their way, and to generally make his property more "burglar-friendly." Or the woman who sued a hospital, claiming her psychic abilities were lost after a CAT scan. She won.) As Vinnie said, "only in Amerika." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From nobody at cypherpunks.ca Mon Jul 22 23:08:09 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 23 Jul 1996 14:08:09 +0800 Subject: alpha.c2.org down again? Message-ID: <199607230205.TAA01421@abraham.cs.berkeley.edu> I am receiving empty messages for my alpha.c2.org account. Again. Whats up? From rah at shipwright.com Mon Jul 22 23:10:55 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 23 Jul 1996 14:10:55 +0800 Subject: [Noise] Hettinga Sees Colors... In-Reply-To: <2.2.32.19960720183725.00e38e60@mail.teleport.com> Message-ID: At 10:00 PM -0400 7/21/96, snow wrote: > On Sat, 20 Jul 1996, Alan Olsen wrote: > > At 10:10 AM 7/20/96 -0800, Vinnie Moscaritolo wrote: > > >Speaking of Bob Hettinga put it to words best, told me that standing >on the > > >Concord bridge he could see the colors of the American flag eminating > > >outwards to the rest of the country. Yup this is where it all started.. > > Should teach him not to drink so much in the combat zone in Boston. ]:> > > Doesn't sound like he was drinking. Or if it was liquid, he didn't > drink more than a drop or two... Okay, Okay, Okay... Speaking as a Genuine (unconvicted ;-)) Felon and Certified-Insane Acid Casualty, that was probably a fair shot. However... About six weeks ago (as measured by the household clutter-depth since then...) my sister-in-law, her husband (a comptroller for a chip-company), their kids, my wife and I went to Concord to look at the "rude bridge" where the first shots of the American revolution were fired. Actually choked me up a bit. Never figured on that. Anyway, I was standing there at the monument to the British war dead ;-), and said to the kids (ages 15, 13, and 11), "Guys, right here, on this spot," (they looked down) " is were America [sic] started. If you could imagine the ground here painted red, white and blue, and then the colors radiating out from here in all directions", (they looked around) "from the Atlantic to the Pacific, to Alaska and Hawaii, and bunch of islands in both oceans. Oh, yeah. Even the Moon." Then they looked up. Then they caught themselves, and looked at *me*, with classic adolescent disdain, like I was from Mars. "Oh. *Right*, Uncle Bob..." ;-). Same kids gifted me this Christmas with a polartec jester's cap (complete with bells, handy when shovelling in a blizzard in, ahem, February?). When they got here, I got a pair of Lennon-looking sunglasses with holograms of Tex Avery eyeballs on them. Tokens of esteem for their Uncle Bob. Hmmm. Maybe I *did* see colors out there in Concord. Greaaat visuals. Just don't move your head too fast, man, or you'll miss 'em.... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From root at edmweb.com Mon Jul 22 23:12:56 1996 From: root at edmweb.com (Steve Reid) Date: Tue, 23 Jul 1996 14:12:56 +0800 Subject: Brute-forcing DES Message-ID: > Any one up for a distributed brute force attack on single DES? My > back-of-the-envelope calculations and guesstimates put this on the > hairy edge of doability (the critical factor is how many machines can > be recruited - a non-trivial cash prize would help). Count me in. I've got a couple of net-connected Pentiums that are mostly idle. Did you consider the possibility of DES chips in your back-of-the-envelope calculations? They are hundreds of times faster than PCs. I don't know where to get them or how much they cost, though. I would expect they wouldn't be too expensive. The cash might be better spent on DES chips than on a prize. Might be able to bring some money in by selling "I Helped Crack DES And All I Got Was This Lousy T-shirt" T-shirts. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From snow at smoke.suba.com Mon Jul 22 23:17:10 1996 From: snow at smoke.suba.com (snow) Date: Tue, 23 Jul 1996 14:17:10 +0800 Subject: [Noise] Re: Re: Devil's Bargain In-Reply-To: Message-ID: On Mon, 22 Jul 1996, Alex Derbes wrote: > There were no signs of mecahnical faliure, the plane took off one > hour late, that means if it was a timed bomb the plane would have gone > down over oh lets say random VERY VERY deep place in the atlantic ocean. > The plane was an easy shop for all sorts of shoulder launched SAM's. According to the information I have seen, there are no SAM's that can reach out and touch a plane at 13000 feet. The engagement ceiling on a most is 8000 to 9000 feet iirc. > There is a hell of alot of terrorist activity right now, and the > olympics, I think there is good circumstantial evidance to suggest > terrorist activty just from motives and oppertunity. What motives? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From alano at teleport.com Mon Jul 22 23:33:30 1996 From: alano at teleport.com (Alan Olsen) Date: Tue, 23 Jul 1996 14:33:30 +0800 Subject: Credit Card to eCash Message-ID: <2.2.32.19960722205945.00d1b3e8@mail.teleport.com> At 02:08 AM 7/22/96 +0000, Jonathon Blake wrote: > Myers: > >On Sun, 21 Jul 1996, Myers W. Carpenter wrote: > >> What would be the problems in setting up a web site to make a >> charge to a Credit Card/ATM card number and return Cash, like an ATM for >> the net? > > Eight to ten years, I think. It is called money laundering. I find that interesting, since I can do the same thing with a bank machine. (Or maybe it is only money laundering when you don't get your picture taken as part of the process.) The only problem I see is that charges to a credit card can be withdrawn by the customer within a certain time period after either the billing or transaction. (I do not remember which. It has been a year or two since I have been responsible for CC transactions.) The individual could always say "It was not me" and get away with the e-cash. Sounds like a BIG risk for anyone setting up such a site. > AFAIK, that was the major legal hassle, when it was first > done. << OK, so it was on a BBS, not the internet. >> > > Getting people to use it is the other major problem. That is the big problem with e-cash as it is... Not everyone has a major credit card. Not everyone is willing to go through the hastles and invasion of privacy involved to set up an account with an e-cash provider. When getting e-cash is as easy as getting a money order, then there might be more interest. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From hallam at Etna.ai.mit.edu Mon Jul 22 23:36:26 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 14:36:26 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607221917.PAA12611@jekyll.piermont.com> Message-ID: <9607221944.AA00931@Etna.ai.mit.edu> >Memory is the only way that things like iterated prisoner's dilemmas >become interesting. Having spent the weekend with Alker I'm hardly going to argue. >There is a reason humans do things like agressively defending their >children with their lives if need be. There is a reason humans resort >to violence when their place in the gene pool is threatened. That is one effect, but not the only effect. Depending upon what the conditions you set up arround the problem you can change the outcome. What are the risks of fighting for example? Evolution does not uniformly favour hawks, in terms of numbers the doves win. >Some of this stuff is plumb obvious to anyone with half a brain, >Phill. Ah yes, and since iterated prisoner's dilema games are as computationaly complex as the Mandelbrot set (the generator of the Mandelbrot is in fact simpler), presumably you can calculate the Mandelbrot set in half your brain Perry? If it was "plumb obvious" it wouldn't take MIT profs to work it out Perry. The world is far more complex than your simplistic notions make out. Just because you can identify ONE effect does not mean that you have identified ALL effects or even that you have identified the dominant one. Your analyses are almost always junk because you only analyse one side of the argument and deny that there is another side. You are great at preaching to the choir Perry, problem is that you don't convert anyone who isn't already converted. Phill From jimbell at pacifier.com Mon Jul 22 23:39:34 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 23 Jul 1996 14:39:34 +0800 Subject: Borders *are* transparent Message-ID: <199607230349.UAA03865@mail.pacifier.com> At 02:11 PM 7/22/96 -0700, Lucky Green wrote: >At 4:50 7/23/96, Paul Foley wrote: >>"Peter Trei" wrote: >> >> Any one up for a distributed brute force attack on single DES? My >> back-of-the-envelope calculations and guesstimates put this on the >> hairy edge of doability (the critical factor is how many machines can >> be recruited - a non-trivial cash prize would help). >> >>Not quite sure what you mean by "doability" -- it's obviously doable, >>it just depends how long you want to wait. >> >>I'm in. > >Same here. I think it is about time for another full scale hack. Breaking >DES would help get our message more than breaking 40bit RC-4 ever did. So how many keys can (for example) a 100 MHz Pentium try per second? I assume it's known-plaintext. Even at a million per second, that's still somewhere around 35 billion machine-seconds (average) to find the solution. 1000 systems operating, and it's around a year to a solution. Doable, but not all that practical. What about the possibility of using DSP's? Is there any brand of 28.8 K modem which uses a "standard" DSP and EPROM firmware? Such a beast might be the easiest way to get a large amount of CPU horsepower operating independently of the host computer. DSP's are optimized to execute a large number of instructions with little I/O needs. Jim Bell jimbell at pacifier.com From shamrock at netcom.com Mon Jul 22 23:40:09 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 14:40:09 +0800 Subject: Netscape Message-ID: At 13:27 7/22/96, Tom Weinstein wrote: >Well, for starters, the genius who put it out there put out a beta, >which has an expiration date, instead of waiting for the final release. >Secondly, millions of people don't use PGP. I am sure the final release will be exported the day you release it. The government will not go after you because some third party violated the law. Remember, even PRZ was only harassed, never charged. It is my opinion, and that of many of the legal folks on this list, that the ITAR are unconstitutional. Netscape is being intimidated by a bluff. And no, I do not fault Netscape for not forcing the issue. >Also, notice the simple verification system MIT was allowed to use, and >the complex one we're required to use. Sure. The feds are learning. They know that they can't prevent export. They even know that their regulations don't have a leg to stand on. But they also know that they can make the life difficult for anyone wanting to make strong crypto available domestically , thereby reducing the number of shrink wrap quality programs available for domestic users. Which, let there be no mistake, is the true reason for the ITAR including software crypto. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From frissell at panix.com Mon Jul 22 23:43:03 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 23 Jul 1996 14:43:03 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960723033257.008af3cc@panix.com> At 02:42 PM 7/22/96 -0400, hallam at Etna.ai.mit.edu wrote: >Genuine philosophers have made such sacrifices. Russell gave away his >inheritance after completing Principia because he objected to the idea >of inherited wealth. And spent his life arguing for a social system which executes those who do not work all their lives for the State or attempt to escape it. >Of course if Perry was interested in genuine liberty instead of a slave >owner's idea of liberty - liberty to exploit others he would see the >contradiciton in his rhetoric. Perry is self-employed and thus only exploits himself. He isn't a tax-eater as you no-doubt are either. DCF From deviant at pooh-corner.com Mon Jul 22 23:44:34 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 23 Jul 1996 14:44:34 +0800 Subject: Netscape In-Reply-To: <31F2DBAE.41C6@netscape.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 21 Jul 1996, Tom Weinstein wrote: > Date: Sun, 21 Jul 1996 18:38:54 -0700 > From: Tom Weinstein > To: "James A. Donald" > Cc: cypherpunks at toad.com > Subject: Re: Netscape > > James A. Donald wrote: > > > > At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote: > > > Why not consider what the consequences will be? Do you seriously > > > believe that this will make the government stop enforcing ITAR? > > > > Yes: > > > > Widespread politically motivated disobedience forces > > the state to either demonize the disobedient, (as with drug users) > > or give up enforcement. This is a standard and effective method > > of forcing the repeal of laws, a method which has had a long record > > of success for several hundred years. > > A handful of cyperpunks hardly constitutes "widespread polititcally > motivated disobedience". In any case, the demonization has already > begun; they point their fingers at the four horsemen of the internet > at every oportunity. > One might say the same thing about 10 or 20 people throwing shipments of tea off of boats in boston harbor. > > What I object to is anonymous activists who perform acts at no risk to > themselves which make it harder for those of us who are trying to bring > strong crypto to everyone. > Why? Because they can do it without risk? The way I see it, if you can do something that should be done, and you can do it at no risk to yourself, then its all the better. > > The states cohesion derives from its legitimacy, and threats to > > legitimacy and cohesion are treated very seriously by government > > officials. > > > > Threatening the states legitimacy is arguably more effective in > > influencing government behavior than blowing up federal office > > buildings. > > The first step is to create at least a strong minority. A handful of > cypherpunks can be largely ignored. We have to get the general > public using and educated about strong crypto before civil disobedience > will mean anything. Hrmm... I'll agree with that... We need to do something to get ourselves noticed (and no, I don't mean blowing up the NSA headquarters) --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfPPxTAJap8fyDMVAQF6Lwf9Fo3+79zO31nd+CQpLYh0Ptqa0s/T9Fkg T/sxZhB9qDK0E6qsvNq6MOn10YhBnHtJ2i7R5qyzgBlWLCsmcxT2SoYniRHV590s 6EXlvTyFMyCD1B5uFEdJrgOq9NTq18EEJ2+KxawPJ2OZKrN3XckCIfpZbl5m4GpW NoLaWtcKOKjGtdJj+em/xbRnczOEJh7BQ733sXQVsOryjjFdXu8EV4oZN8FU0Qat GNtw6VpzW2dLt2bcLEDXQSQdkIwXfs6+sXzjcGkB9SJoyAQMq20l1+h5YIHcfPiN alqHzN6YGOy4tILt1O/Xght67DLgRWhUmW3Apo5C2+IOfzqzHdAUMQ== =RATL -----END PGP SIGNATURE----- From shamrock at netcom.com Mon Jul 22 23:46:18 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 14:46:18 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) Message-ID: At 18:48 7/20/96, Jeff Weinstein wrote: [...] >> But assumedly if they're downloading the 128-bit netscape, then they're >> only using the 40-bit version to do it... :-) > > Well yes, the first time they do it. But the many times they download >new versions, from now until the end of time, they can use 128-bit SSL. Not so fast. Win 32 Netscape 3.0b5 freezes my machine :-) -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From hua at xenon.chromatic.com Mon Jul 22 23:46:40 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 14:46:40 +0800 Subject: Giving 6 year old kids Uzi's In-Reply-To: <199607200649.XAA25479@netcom7.netcom.com> Message-ID: <199607221825.LAA28544@server1.chromatic.com> > >You might have had a different childhood, but when I (and most of my > >friends) were 6 (or 12 or even 18), our primary concern was having fun, > > When I was in high school (age 14-18), I was on the high school rifle team. > That means I carried a rifle into school at the beginning of the season > and back home at the end of the season. I should not be necessary to > mention it, but I never shot anyone then, before, or since. Look. Let's be very clear about precisely what we're discussing. We are talking about distributing a gun to every *@#!! kid walking into school (ok, maybe we make them pay for it, but money ain't the issue). We are NOT talking about special training for every child, or giving them only limited access. The person to whom I originally responded to on this topic wanted to give EVERY SINGLE CHILD a gun! > > Incidentally, if you are interested, I DO have a child (almost 2 yrs), > > and I certainly would not even contemplate letting him have a gun (no > > recommend teaching children about proper use of guns at a similar age, > with tight supervision. My point exactly. YOU JUST DON'T HAND OUT A GUN AND SHOW HIM HOW TO USE IT AND LET HIM LOOSE! Now ... we're not talking about children having guns as exceptions; we're talking about children having guns AS THE RULE. And I severely object to the notion that children, as a rule, can be blindly trusted to have good judgement with deadly force. (Not just guns, but anything from switch blades to anti-tank missiles.) Ern From alano at teleport.com Mon Jul 22 23:51:53 1996 From: alano at teleport.com (Alan Olsen) Date: Tue, 23 Jul 1996 14:51:53 +0800 Subject: Special Agent Safdar Message-ID: <2.2.32.19960722193307.00b21088@mail.teleport.com> -----BEGIN PGP SIGNED MESSAGE----- At 02:32 AM 7/22/96 -0600, Anonymous wrote: >FBI Special Agent Safdar is upset enough by the revelation >of his true identity to issue a quick denial (on a sunday night, to get >more OT no doubt), but he doesn't even bother to try to refute the >central truth that his cover has been blown by a careless operator at >his home office who verified his employment and offered to take a message >for him. Denial?? Sarcasm perhaps... No "denial" I could see. As for your "evidence", it is pretty shaky. Such as the part about not having a drivers license. Since when is government regulation of driving proof of existence? >We don't have to wonder a second longer about the motives behind >Safdar\VTW\FBI's collection of names of crypto-dissidents, their >support of the Leahy crypto control bill, their refusal to >denounce it even today, their support of the digital telephone >act, the disinformation to make us believe otherwise and all >the other lies. And what about the money? Why would they have to operate a dummy organization? All they have to do is get the names of the subscribers on this list. Much more cost effective. >We must call on the other organizations, like EPIC, EFF, CDT, and ACLU >to denounce the VTW\FBI fraud. Their board of directories, Blaze and >Schneier to face the truth in public that they they have been used. >The net as a whole to demand its pound of cyberflesh. And not to forget all the free code that Blaze and Schneier have handed out over the years. Maybe that is a plot as well. Maybe the typos in Applied Cryptography are a secret conspiracy to weaken the cryptography of the nation. Next thing I expect you to say is that Queen Elisabeth is a drug dealer and/or other LaRouche style rants. I judge the above individuals by their deeds, not just by their words. They have accomplished much in the areas of preserving privacy and cryptography. What have you done lately? >There are very big questions to be answered now and we must not >forget to keep asking them until they have been. How high did >this operation go? Agent Safdar is no Olly North! He didn't >do this on his own. Who ordered this? The voices in your head? Actually, I have more interest in your motives than his. >This is exactly like the FBI in the 1960s and civil rights groups. >In the hands of the right reporter, this could and should >bring slick willie right on down. Interesting that you should bring up the FBI actions against dissenting groups... Actually, your screeds read like some of the stuff the FBI sent to the Black Panthers in the 60s and 70s. The screeds were written in the same manner, by an anonymous source, to discredit others in the organization. Your texts seem designed to cause mistrust amongst those who are willing to fight for their own freedom. (Especially amongst those who are not involved in the middle of the fray.) Your accusations are not accomplishing anything constructive. I do not believe that they were designed to either. I believe that they were designed to sow mistrust in the individuals who are making real progress against the Government held position that they have the right to spy on our every move. So far, you have not given any proof as to why we should believe you. Given the vitriolic nature of your screeds, I see no reason to do so. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfPVPeQCP3v30CeZAQHiWQf+LCxtk/q4DmbLjJBrkU0aBVa8sDtWkMOU O2UA8/S0HwnYRy+DW+Hh5CUWM213LOw4gSwTrfz/y8Wdo7ErloV4orM45gKkZxSS RMq25GtSjpqJUrfWUnMKYhtc97NGkg0tOQU+D7c+LY+8IP5CK6JQh7k639C2q9Ic oKVxTlNO3xQ6PJiXB0oW21xWTTOC+WgC0OnRUeFGAnsWEXMZg5MBLrIMkLcqehBE Cgs6lIQEz4NfHWBAD3rwyEnXbxtP5MRK842Gorol3D27aLu8DEUyHddAeWLAQLZv bQUFR0liOgKrdusLDET6+NGv5RzmgT7E0iZ/abCObXaGQvPjUMpFMQ== =vJY8 -----END PGP SIGNATURE----- --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From tcmay at got.net Mon Jul 22 23:52:33 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 14:52:33 +0800 Subject: Preaching to the Choir? Message-ID: At 7:44 PM 7/22/96, hallam at Etna.ai.mit.edu wrote: >Your analyses are almost always junk because you only analyse one >side of the argument and deny that there is another side. You are >great at preaching to the choir Perry, problem is that you don't >convert anyone who isn't already converted. I think there is very little "converting" of those with well-developed views, of whichever side. Thus, solid libertarians are not converted by liberal/left arguments on this list, solid liberals are not converted by libertarian arguments, and so forth. We've had Religious Right folks (though not vocally in a long time), Greens, and several other flavors. (We also have several professional lawyers, law professors, economists, and the like, and I doubt the beliefs they have settled on in 10 or 20 or more years of thought will be changed by our arguments.) What _does_ happen is that people who have not given a lot of thought to some issues get exposed to views and can decide for themselves. Many student types arrive on this list with various half-baked ideas about the role of government, the effectiveness of laws, etc. _These_ folks are often influenced by persuasive points made here--they usually recognize the "common sense" in the best arguments presented. (At least this is what folks have told me, that they came to the list having ideas that crypto-privacy was important, but not realizing the full ramifications of the libertarian outlook until exposed to many people discussing them here.) So, I don't expect to convert David Sternlight to my views, nor to convert Phill H.-B. Nor do they, I am sure, expect to convert me. But I _do_ hope that the arguments here will have an effect on the thinking of many. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From alano at teleport.com Mon Jul 22 23:53:45 1996 From: alano at teleport.com (Alan Olsen) Date: Tue, 23 Jul 1996 14:53:45 +0800 Subject: Borders *are* transparent Message-ID: <2.2.32.19960722211219.00d9ede0@mail.teleport.com> At 02:30 PM 7/22/96 -0400, Perry E. Metzger wrote: > >Perhaps a Java page containing a DES cracker that one could run for >the casual participant, and a set of links to download a real cracker >for the non-casual participant... And if it can be cracked using Java anytime in our lifetime, then it is truely insecure... ]:> >I think its really time that we did this. DES must be shown to be >dead. Personally I would like to see the cracking app written in assembly or optimized C. Something that will reduce the search time even farther. (Everyone talks about the hardware, but inefficient software will cost just as much time as slow hardware. Not to mention flaky hardware, as is seen sometimes with gold lead simms and tin lead sockets. [Personal gripe. I have been tracking down system problems for a couple of months involving just this issue. Damn agrivating!]) >When the media hear about it, they will, of course, get "experts" >saying "but it took five thousand people millions of dollars in >computer time". We should ask Matt Blaze to write a paper in advance >explaining that although this test, on general hardware, took a lot of >effort, that with specialized hardware it would be cheap as can be. No matter WHAT is done, they will get some "expert" claming that there is some flaw in the methodology. Given enogh attention, those people will look like hired spin doctors and be pretty much ignored and/or laughed at. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From aba at atlas.ex.ac.uk Mon Jul 22 23:55:10 1996 From: aba at atlas.ex.ac.uk (aba at atlas.ex.ac.uk) Date: Tue, 23 Jul 1996 14:55:10 +0800 Subject: DES brute force? (was: Re: Borders *are* transparent) Message-ID: <18527.9607222028@dart.dcs.exeter.ac.uk> Peter Trei writes: > [...] Last September, three or four semi-overlapping efforts > succeeded in brute-forcing 40 bit RC4 (used in export-quality SSL). > > This had three main effects: > > 1. Raising the issue in the media, and thus in the public consciousness. > > 2. Within a month, the government was starting to talk about permitting the > export of stronger (but GAK'd) encryption products. > > 3. It enabled people like Jeff to argue successfully that releasing > only an export-strength product was no longer a viable option.In > practical terms is probably the most important effect of the crack: > I know of at least one other company where it led directly to the > release of both domestic and export versions. > > Any one up for a distributed brute force attack on single DES? My > back-of-the-envelope calculations and guesstimates put this on the > hairy edge of doability (the critical factor is how many machines can > be recruited - a non-trivial cash prize would help). Hmm, 56 bits is a lot of bits... Here's some calcuations of my own for your criticism... using libdes-3.23 ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-3.23.tar.gz running the "speed" application, on a 100Mhz SGI R4000 Indy, I get ~600k key shedules / sec. (With the ~Mb/s throughput for encrypt, the bottle neck for simplistic brute force is going to be key scheduling). 56 bits = 72057594037927936 worst case = 3800 years ouch! So ideally for a break you would like the whole thing to be completed in say 2 weeks wall clock time, which gives rise to the need for ~100,000 machines of similar throughput, full-time for two weeks. Possible? As far as cash prizes go how much could cypherpunks and friends generate for such a purpose? I'd guess individuals could come up with a fair bit of money... 1000+ list members x 10$ = 10k (or whatever). Also perhaps there are some commercial backers with interests in seeing ITAR squished who might be persuaded to donate? Somebody would need to spend a fair bit of effort publicising it on USENET, to get a good response. There may be problems associated with offering prize money... what if some employees at DES hardware vendors `borrowed' some time on their top of the range DES cruncher? Perhaps this doesn't matter, as it would just make the point even more strongly :-) Also I can't help wondering if there isn't some lateral thinking we can do to reduce the cost... Are there cheap (<100$) PC DES cards which would help significantly? What DES modes are used in typical banking situations? (I am presuming a challenge involving a widely used banking funds transfer protocol would be a suitably juicy targets, based on a criteria of demonstrating the greatest financial risk). Are there any practical published attacks on DES which have space / time trade offs which improve on simplistic brute force whilst still having relatively low memory requirements for each node, and very low communication requirements? Adam -- #!/bin/perl -sp0777i Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996 hallam at Etna.ai.mit.edu wrote: > Nope, ad-hominen is a perfectly acceptable form of attack when calling > into question a speaker's credentials. The words are used because they > were Jefferson's and because he is held up as a supporter of liberty. > Pointing out that the words are the cant of a hypocrite is entirely > justified. You fail to mention that Jefferson tried to pass a law through Congress that would make slavery illegal by 1800. The bill failed to pass by one vote. Also, he deplored slavery and considered it evil. > > Notwithstanding entailment clauses, Jefferson was under no compunction to > exploit his slaves by exploiting their labour. He could have paid them > competative wages and allowed them to chose to work for others. In short > he could in effect have freed them. Of course then he would not have had > the financial means to live as a member of the privileged classes. > > Genuine philosophers have made such sacrifices. Russell gave away his > inheritance after completing Principia because he objected to the idea > of inherited wealth. This is an entirely subjective and philosophical argument about whether the means justify the ends. I won't debate any of the issues here. However, consider the fact that if Jefferson didn't have as much money as he had, he might have not had as much policial impact. Also think about the fact that all libertarians who drive cars, are by your definition, hypocrites because they drive on tax-funded roads. Sometimes it is necessary to violate one's principles in order to help the greater good. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfP6j7Zc+sv5siulAQF1TAP/XX2fPK7HpBnI7tykVoCFCl+CFZF/7Jj+ pttjhuraBCZ1qmW2QUzbbFNAATWB6toMhIAui75b3hZo1Bc+L6zerUYqkLeiACB1 0QVfVyztBnptNmLfUw9W6+EXEE0iLv9AoAHKPzbv4sQhjbr4ndraplVuDgItu25B wDfsxVbplYk= =bhCN -----END PGP SIGNATURE----- From usura at replay.com Tue Jul 23 00:37:10 1996 From: usura at replay.com (Alex de Joode) Date: Tue, 23 Jul 1996 15:37:10 +0800 Subject: Digital Watermarks for copy protection in recent Billboard Message-ID: <199607222127.XAA22946@basement.replay.com> [..] : > The system will have to rely on proprietary tech and security through : > obscurity. Even know how watermarks are stored without understanding : > the math, one must be able to somehow garble the sound without : > distorting it, but which renders the watermark useless. : Actually, this would be quite easy. The "watermark" would be a : signal that plays inband, but out of our hearing range during the : entire CD. The human ear can only hear in the 20-20,000 (Hz, KHZ?, : whatever) range. It would be trivial to add a digital ID signal at, : say 30,000 or 15 or something like that. This could then be decoded, : if need be. This seems the easiest and most efficient way. This : could also be defeated with a lot of $$ (and/or a LOT of HD space). : If the frequecy is known (it can be found out) it can easily be run : through recording studio eqipment that can very effectively isolate : the frequency and cut it out. If you have a LOT of HDD space : (digital audio at 2 stereo tracks, not sure of the sampling rate or : bit resolution, takes about 20MB of HDD space per minute (2 tracks, : good sampling and bit rate) ) you could probably find the freq. HDD space is -cheap- 2 gig drives sell voor 350 usd in Holland, most music cd's contain 70 minutes of recording thus -at your 20 Mb per minute rate- would require 1.4 gigs. So basicly 'CD-pirates' need to buy a PC with a 2 gig HDD and a CD-R, a 'one-off' investment of say 5000 usd; besides their normal cd maunfacturing, packaging and transportation, those additional 5000 usd are peanuts compared to the total investment for pirating CD's. : fairly easily by isolation and just edit it out, and write the new : stuff to a CD-R. If the signal is purely digital, I would imagine : that it might be even easier that if it were an analog signal (?). : Someone w/ good equipment (Digital Labs' stuff, or SAW (Software : Audio Workshop) would be able to do this w/o much problem. The : question is is the price/effort worth it? In quantity maybe. On an : individual basis, only if you already happen to have the erquipment. : I have a suspiscion that this type of thing will not really come to : any kind of fruition due to not only the ability to defeat this, but : mainly due to things like buying at a garage sale, etc. If it did, : only MASS market piraters would be investigated. (Another example of : a law creating it's own violators. Don't make the law, there won't : be mass piratingof "clean CDs" bEST Regards, -- -AJ- From mpd at netcom.com Tue Jul 23 00:39:03 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 23 Jul 1996 15:39:03 +0800 Subject: Slavery: An Idea Whose Time Has Come In-Reply-To: Message-ID: <199607230510.WAA05336@netcom23.netcom.com> tcmay at got.net (Timothy C. May) wrote: > Yes, he owned slaves. Makes me rethink my position on > slave-owning.... Many perfectly good social models have been trashed by the excesses of history. Eugenics will most certainly always be associated in the public mind with anti-Semitism, and slavery with racism against Blacks. Modern slavery, if there were such a thing, would probably be pretty benevolent. Anyone would be able to sell themselves into slavery, and anyone would be able to buy their way out of it. Slave owners would be responsible for a slave's health care, education, recreation, pocket money, retirement income, and would not be able to hit, verbally abuse, or work their slaves more than a certain number of hours a day. They would also not be able to break up families. Slaves would undoubtedly be able to vote, have their own powerful union, and a track record for suing owners who didn't toe the line. Slavery would be a popular with homeless people, and with young people forced to live in toxic home environments. No parent would want the public shame of having their child choose slavery over living at home. Many people might even prefer the lifestyle, with a guaranteed standard of living absent any worries about job security, money, or competition. Just get up and put in an honest day's work, and all your needs are taken care of. The expense of downtime is the owner's problem. There would be certain vocations, like Cobol programming, which would be especially suited to being performed by slaves. Microsoft would probably own thousands of contented slaves, who would sing happily as they wrote code. "Manufactured 100% by slave labor" would be a cherished label, and the people who bought such products would know that their money was going to help eliminate many social ills, like homelessness, unemployment, foster care, and revenues for the public school system. Kathie Lee Gifford would have to defend herself for not owning enough slaves to make her proper contribution to the community. But I digress... :) From trei at process.com Tue Jul 23 00:56:49 1996 From: trei at process.com (Peter Trei) Date: Tue, 23 Jul 1996 15:56:49 +0800 Subject: Brute Force DES Message-ID: <199607222043.NAA06313@toad.com> > Peter wrote: > >Any one up for a distributed brute force attack on single DES? My > >back-of-the-envelope calculations and guesstimates put this on the > >hairy edge of doability (the critical factor is how many machines can > >be recruited - a non-trivial cash prize would help). Duncan wrote: > I volunteer my 120 MHZ Pentium. A lot more Pentiums are out there now than > a year ago. That makes it more feasible. A lot more people with full net > connections. Like most Americans, I have a flat rate net connection and a > flat rate local phone connection so could run a cracking session permanently > (as long as no one tells my ISP). We need a full test of the Winsock > cracking client in any case. It wasn't working very well last time. > > DCF In my terminology, 'hairy edge of doability" means we have a shot at success, but I wouldn't bet the farm on it. I thought that I might bet a couple hundred bucks, though. Sadly, after further calculation, I'm not so sure if it's doable just yet. What I'm looking at is a known plaintext attack on single ECB DES, using a brute-force test to cycle through the key space. People would get chunks of keyspace to test from a central server or servers, and would be motivated to take part by a cash prize for the lucky person who finds the key. Lets do the numbers: Single DES has the security of 56 bits of key - there are 64 bits in the keys, but 8 of them are parity bits which add nothing to security. 2^56 = 7.205e16 keys (which is a whopping big number) Let's guess that we can recruit the equivalent of full-time on 1000 machines. 7.205e13 keys/machine. Let's guess that we have about a month before people start to lose interest - so we want to be more than 1/2 done by then. Lets say we want to sweep the whole space in 40 days. 1.8e12 keys/machine/day ~21,000,000 keys/machine/second The fastest general purpose, freely available des implementation I'm aware of is libdes. by Eric Young. With this, I can do a set_key in 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). I'm looking at ideas to speed up DES - if I'm willing to use honking great lookup tables, the permutation steps can be done more quickly than libdes. I'm also looking at implementing the algolrithm in hand-optimized P5 assembler. (It's been years since I've done a major assembler project - the P5 has some truely weird features to be considered, but also has (some) internal 64 bit registers to play with). Let's guess that I can speed up a key-test up by a factor of 10. (This is not a slur on Eric's code - it's extremely clever, but not optimized for any particular processor, or for key-testing. Note that the keytest described above takes about 10,000 cycles/test.) That gets my workstation up to about 90,000 keys a second, which is still almost a factor of 250 too slow. I'm going ahead with my work on a faster DES keytester, but unless optimizing gives an astounding win, I now think a distributed bruting effort is a bit pre-mature. What will make this brute doable, if not now, then in the near future? 1. Faster Processors - Moore's Law is still holding. A year ago, my 90 MHz Pentium was one of the faster machines taking part in the 40-bit RC4 crack. Now, it's passe. 2. More processors. The number of people on the internet continues to grow rapidly. 3. More interest - Crypto awareness has greatly increased in the last year, and a real cash prize (say, over $500) will generate both publicity and interest. These factors all multiply together. The number of cycles that could probably be recruited is increasing at a fast rate. A major part of the work will be a keyspace distribution mechanism which can handle the load (this was a major stumbling block last year). Peter Trei trei at process.com Disclaimer: This has nothing to do with my employer. From talon57 at well.com Tue Jul 23 01:06:47 1996 From: talon57 at well.com (talon57 at well.com) Date: Tue, 23 Jul 1996 16:06:47 +0800 Subject: ABC news on Internet Telephony Message-ID: <199607222103.OAA08425@well.com> -----BEGIN PGP SIGNED MESSAGE----- Since this thread has continued I would like to start my comments by making a public apology to David Sternlight for my bad manners the other day. He had done nothing to give me cause for my bad attitude. I was rude and expressed myself poorly. I apologize to him in particular and to the list in general. Brian D Williams - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy7eA7wAAAEEAJgUoJWlE/7ntxpdfFKJC0EIx1nPmOrfBkIz3N/qyqPsqY6A WJ9jx1oNow8sMjFPET6kbMw2cScfVOUisekK7xVQWuADUPscRXg8zI3x0ws9z2KV ITL+cO7zODIA1+wZS8v14RJpG4dXF1Q9YsydU8T5bodAcsF5TnsfmVh/uI7xAAUR tChCcmlhbiBEIFdpbGxpYW1zIDx0YWxvbjU3QHdlbGwuc2YuY2EudXM+iQCVAwUQ MWkT/XsfmVh/uI7xAQEZKgP+M15YYXXdVAufR2cIkg964EoBubvUj/3liKbRpkCC hPOm9ed/CJR73+IsgIRUot1LrmT9QRQIy7p9rjYSSOK7Wsf3EuU5Vx2iklUQiuy2 zLexnjxf1VWF+RMe1/NG7TO/J7HzqYVAgWb7EiWYNua2NDPSLNmYsJx+BkhPq4jf vGA= =sIcA - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfPYoXsfmVh/uI7xAQGmZgP/afFTovJ7HUfyyfpqnmjP07Gpx6uLSswy 5LFy1YGCQW1/PVpQvS+B+dJB/uj88s6r4OXx7F1GUQbCZfzx6lkD7Bv+EX6f4yvw 7VOBRMQhnHl+H+MD+n/blaR8P1gCx3Yau2uJuT1r8f7f7GccaD+dQJtpabACyz2T Nh5wo6v/MmA= =pC7P -----END PGP SIGNATURE----- Digitally signed apology ^^^^^^^ pretty neat eh! Remo Pini wrote: >--- all the following points are based on swiss circumstances, > >they may not apply to US --- A good point, my views are based/biased by being a Chicago based Ameritech (RBOC) employee. DISCLAIMER: all opinions are my own, I do not speak for Ameritech or it's alliance partners. >>point to point circuits are more efficiently handled by circuit >>switching rather than packet switching networks. Nicholas >>Negroponte wrote an interesting piece about asynchronous vs >>synchronous, I believe it is in his book "Being Digital." >Well, from a users point of view, sending packet data over a >packet mode bearer service is more efficient (and cheaper). An >interesting developement in this direction is the PMBS-A/B modes >of ISDN (packet switching to the public switch). The existance of >this service suggests its usability. I agree 100%, I expressed this poorly. I meant to say that asynchronous packet data was more efficent over a packet network, and synchronous data (like voice) was more efficient over a circuit switched network. I share your admiration of ISDN. >>ADSL is an interesting attempt at digital telephony but expensive >>and basically would mean replacing existing central office >>switches. (backbone bandwidth) >We have a well developed DQDB-MAN and ATM net around, and >bandwidth is available (and getting cheaper by the minute). >Currently, a onetime investment of around $2500 per client is >necessary to provide 5MBit/s transfer volume (via the cable TV >networks or the existing broadband networks) One of the problems with a conversion to ADSL here would be that most point to point copper has been replaced with "slick 96" muxes which use 4 framed T-1's (1.536 mbs) to provide 96 voice channels. It is difficult to run 6mbs over a 56kbs channel. ;) Of course this equipment could be replaced. (maybe just new line cards!) The good news is that it is fiber based. >>In a packet network you have to either dedicate a portion of the >>bandwidth for a synchronous circuit, or you have to have a very >>fast network and use very small packets (ATM), expensive either >>way. >Not if you have a dedicated packet switching network for >asynchronous packet transfer only. If you use it for both you >don't have to have a very fast network, you have to have a network >with predictable and constant packet delay. (that's not the same >as fast!) You are correct, actually fast is always the wrong term to use since we are always refering to a portion of the speed of light. Because of different technologies and bandwidth some devices have faster data throughput. >>A single central office has many times the bandwidth of the >>widest part of the internet, and the average state has hundreds >>of CO's. If even a small portion of the Internets current users >>tried placing a call things would grind to a halt. A huge >>increase in the number of backbones and their bandwidth would >>solve this, but who will pay the bill? >I guess Internet-telephony is one of the bandwidth killers. Yes, this is the point I was trying to express. >>Sometime ago the discussion was on the cost of laying new fiber, >>may I suggest the realworld heuristic of "a million dollars a >>mile." >There are of course a lot of alternatives: >- Existing wiring (5 MBit/s over 6 copper wires is possible) >- Usage of the cable networks >- Radio transmissions (RITL - radio in the loop) >- Satellite transmissions Yes, we should always check the alternatives, but lets face it if we have to redo the infrastructure, and redig 250 million trenches, I feel 100% fiber is the way to go. jim bell writes >>Sometime ago the discussion was on the cost of laying new fiber, >>may I suggest the realworld heuristic of "a million dollars a >>mile." >In most cases, "new fiber" isn't needed, and will probably only be >rarely needed on long-distance links. As I understand it, most >cableways are laid with extra tubes, into which new fiber cables >can be blown in (using compressed air) long after the trench is >filled. The specific example I saw, there were three 2" diameter >tubes in a larger tube, and according to the contractor (I >asked...) only one of the tubes would be filled at that time. In >addition, while he wasn't sure, he thought that at least some of >the 36-fiber cable in that one tube would remain "dark," or unused >until it was later needed. >I don't know how expensive it is to add that extra fiber cable >into an existing tube, but it would be VASTLY cheaper than the >original trenching operation. Further, much of the improved >transmission technology can be used on the older fibers to >increase their capacity: A fiber now used to transmit a single >2.4 gigabit signal can be upgraded, simply using new channelized >transmitters and receivers to increase the data rate to 8 or 16 >times the previous rate. Jim, the above quote was by me not Remo Pini. I was giving a rough figure for new underground fiber, and yes when we have to install new we always lay extra tubes. The information your contractor friend gave you was very accurate. There is still a great need for new fiber, we are still installing it at a rate of a billion dollars a year. Brian Sacred cows make the best hamburgers. From tcmay at got.net Tue Jul 23 01:08:33 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 16:08:33 +0800 Subject: Bare fibers Message-ID: At 9:21 PM 7/22/96, harka at nycmetro.com wrote: > * Carbons sent to: In: jimbell at pacifier.com (Nice pun, unless it was unintentional or automatic...but, then, we're Cypherpuns, and these "threads" inspire them.) > -=> Quoting In:jimbell at pacifier.com to Harka <=- > > In> The fiber is usually coated with a very thin layer of clear plastic to > In> protect against moisture and abrasion, and the diameter is around 0.5 > In> to 1.0 millimeters in diameter. > > >Doesn't that make it vulnerable (detectable) to Tempest attacks? > No, TEMPEST has nothing whatsover to do with this. You can learn what TEMPEST is by doing a Web search on the term, or by reading about it elsewhere. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frantz at netcom.com Tue Jul 23 01:20:06 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 23 Jul 1996 16:20:06 +0800 Subject: the VTW---FBI Connection Message-ID: <199607222339.QAA18325@netcom7.netcom.com> "Perry E. Metzger" responded to a nut case: > Anonymous writes: > > We have received information that VTW is run and supported by the FBI, > > which we have suspected for reasons listed here. > > You are out of your mind. What is more, in my case, it doesn't matter. My feelings on the subject of strong crypto are well known and almost always expressed over my .sig file (which gives my address and telephone number). In fact, I just asked to have my name added to a letter addressed to FBI Director Louis Freeh on the subject*. If they don't know where I stand, then they don't care (as seems likely). The United States of America has a very strong statement in the first amendment allowing people freedom of speech and "to petition the Government for a redress of grievances." While exercise of these rights has sometimes resulted in certain sanctions (the Hollywood witch hunts and loss of security clearances come to mind), if people don't stand up for what they believe, then they diminish the very foundations of the country. Sometimes freedom is only available to the brave. (But I don't really think this is one of those times.) * See safe at cdt.org or http://www.crypto.com/safe for information on this letter. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From ncognito at gate.net Tue Jul 23 01:29:20 1996 From: ncognito at gate.net (Ben Holiday) Date: Tue, 23 Jul 1996 16:29:20 +0800 Subject: Distributed DES crack In-Reply-To: <199607221830.OAA12526@jekyll.piermont.com> Message-ID: I've a few machines around that could be dedicated almost full time to the task. What are the bandwidth requirements? Specifically, could the keycracker be run over a 28.8 (with a 486 running linux)? If so, how many 486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy chained with ppp over direct serial connection)? --nc On Mon, 22 Jul 1996, Perry E. Metzger wrote: > > Perhaps a Java page containing a DES cracker that one could run for > the casual participant, and a set of links to download a real cracker > for the non-casual participant... > > I think its really time that we did this. DES must be shown to be > dead. > > When the media hear about it, they will, of course, get "experts" > saying "but it took five thousand people millions of dollars in > computer time". We should ask Matt Blaze to write a paper in advance > explaining that although this test, on general hardware, took a lot of > effort, that with specialized hardware it would be cheap as can be. > > Perry > > Paul Foley writes: > > "Peter Trei" wrote: > > > > Any one up for a distributed brute force attack on single DES? My > > back-of-the-envelope calculations and guesstimates put this on the > > hairy edge of doability (the critical factor is how many machines can > > be recruited - a non-trivial cash prize would help). > > > > Not quite sure what you mean by "doability" -- it's obviously doable, > > it just depends how long you want to wait. > > > > I'm in. > From declan at eff.org Tue Jul 23 01:29:27 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 23 Jul 1996 16:29:27 +0800 Subject: Global Net-Censorship Dispatches at EFF Message-ID: ---------- Forwarded message ---------- Date: Mon, 22 Jul 1996 16:28:32 -0700 (PDT) From: Declan McCullagh To: fight-censorship+ at andrew.cmu.edu Subject: Global Net-Censorship Dispatches at EFF Since the f-c archives are still moribund, I've put the last five weeks of global net-censorship threads from fight-censorship at: http://www.eff.org/pub/Global/Dispatches/ Also check out the Singapore mess at: http://www.eff.org/pub/Global/Singapore/ (If those URLs don't work, try www2.eff.org.) -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // From hallam at Etna.ai.mit.edu Tue Jul 23 01:32:17 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 16:32:17 +0800 Subject: NOISE: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <9607222349.AA01276@Etna.ai.mit.edu> > Well, you're in a country of _free citizens_ now, Limey, so if you >don't like it, then go back to England - a whole nation of people who foam at >the mouth with pride and pleasure over their status as feudal _subjects_. O.K. lets see if we brits were to offer you yankees the Windsors, plus an assortment of flunkies, corgies and stuff are you so sure that your people would reject it? After all someone sold you a bridge so it's not that implausible. Given the way your press goes nuts over big ears and his ex wife (aka familly brood unit) it is clear that you would jump at the chance if the price was sufficiently high (i.e. is the Brits asked for enough money). >Dja ever notice that Charlie Mountbatten married a gorgeous young babe, >but was irretrievably drawn to to an elderly woman of great ugliness? >No, Phil, do NOT ask me to call him Prince. I'd sooner follow the >example of Lady Liberty in the Seal of the Commonwealth of Virginia. Actually Lord Mountbatten was not a prince of the UK, he was a prince of the Greek royal family and his name was not Charles. The Prince of Wales is Charles Windsor an he comes from a distinguished line of Germans. If you wish to insult our royal familly please learn how to do it _right_. You could refer to Charlie's wish to be reincarnated as a tampon used by Camilla Parker-Bowles or his famous debate with a house plant. Which brings us to the point, the choice between the babe who happens to be neurotic or the woman with a face like a horse? People in those circles start riding horses at the age of four and so they probably don't look too bad to them. Besides, the favourite position of the house of Windsor is the bucking bronco. Phill From dfloyd at IO.COM Tue Jul 23 01:35:40 1996 From: dfloyd at IO.COM (Douglas R. Floyd) Date: Tue, 23 Jul 1996 16:35:40 +0800 Subject: Bare fibers In-Reply-To: Message-ID: <199607230530.AAA29271@pentagon.io.com> > > * Carbons sent to: In: jimbell at pacifier.com > > -=> Quoting In:jimbell at pacifier.com to Harka <=- > > In> The fiber is usually coated with a very thin layer of clear plastic to > In> protect against moisture and abrasion, and the diameter is around 0.5 > In> to 1.0 millimeters in diameter. > > > Doesn't that make it vulnerable (detectable) to Tempest attacks? Not really sure how. I have had heard of ways to tap a fibre optic link noninvasively, but its not related to Van Eck or anything like that. > > Harka > ___ Blue Wave/386 v2.30 [NR] > > From hua at chromatic.com Tue Jul 23 01:38:44 1996 From: hua at chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 16:38:44 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: Message-ID: <199607230014.RAA00859@server1.chromatic.com> > >Rural America has a very different culture than urban America and urban > >America's recent attempts to impose its values (like hoplophobia) on us > >really chafes. > > Though it is well known that I am in favor of gun control regulations, I > have to support Brad Dolan here. There is a huge and traditional gun > culture in rural American, particularly in the midwest. The way most Jewish Or the way many blacks were lynched (physically and socially) in the South. Or the way many asians were segregated. Or the way many ethnic groups fought each other in inner cities. These are cultural relics of the good ol' days I simply can do without. Ern From tomw at netscape.com Tue Jul 23 01:39:43 1996 From: tomw at netscape.com (Tom Weinstein) Date: Tue, 23 Jul 1996 16:39:43 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F3E441.446B@netscape.com> Lucky Green wrote: > At 15:27 7/20/96, Tom Weinstein wrote: > >> Why not consider what the consequences will be? Do you seriously >> believe that this will make the government stop enforcing ITAR? Do >> you believe it will make them change the law? No. What it will do >> is make them remove our permission to distribute this stuff. > > I doubt that. PGP has been distributed for years with less safeguards > than Netscape. It is available on more free-world sites than Netscape > US. This did not prompt the powers that be to force MIT to take down > their site. The feds know that it is impossible to prevent software > that is available on the net from being exported. Why would they > harass Netscape once the inevitable happens? Well, for starters, the genius who put it out there put out a beta, which has an expiration date, instead of waiting for the final release. Secondly, millions of people don't use PGP. Also, notice the simple verification system MIT was allowed to use, and the complex one we're required to use. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From tomw at netscape.com Tue Jul 23 01:39:53 1996 From: tomw at netscape.com (Tom Weinstein) Date: Tue, 23 Jul 1996 16:39:53 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F3E6D9.794B@netscape.com> The Deviant wrote: > On Sun, 21 Jul 1996, Tom Weinstein wrote: > >> A handful of cyperpunks hardly constitutes "widespread polititcally >> motivated disobedience". In any case, the demonization has already >> begun; they point their fingers at the four horsemen of the internet >> at every oportunity. > > One might say the same thing about 10 or 20 people throwing shipments > of tea off of boats in boston harbor. Good point. >> What I object to is anonymous activists who perform acts at no risk >> to themselves which make it harder for those of us who are trying to >> bring strong crypto to everyone. > > Why? Because they can do it without risk? The way I see it, if you > can do something that should be done, and you can do it at no risk to > yourself, then its all the better. Fine. Please do it with something you write yourself, not with our products. >> The first step is to create at least a strong minority. A handful of >> cypherpunks can be largely ignored. We have to get the general >> public using and educated about strong crypto before civil >> disobedience will mean anything. > > Hrmm... I'll agree with that... We need to do something to get > ourselves noticed (and no, I don't mean blowing up the NSA > headquarters) Yes, and that's what we're trying to do. Get strong crypto in the hands of as many people as we can. I can hardly wait until we get S/MIME in. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From jimbell at pacifier.com Tue Jul 23 01:42:25 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 23 Jul 1996 16:42:25 +0800 Subject: Intel, Microsoft doing Internet Phone Software Message-ID: <199607230542.WAA10169@mail.pacifier.com> If these people REALLY wanted to promote the use of Internet telephoning, what they'd do is implement a system where an Internet ISP could be "called" over the Internet by a person wanting to place an LD telephone call to that area, and (presumably using A/D and D/A techniques) rather than generating and receiving modem tones, woudl generate and transmit the audio over the telephone line. That way, the target of the call would simply need to pick up the telephone and talk, as he would ordinarily do: He wouldn't even need a computer. He might not even know the call was going over the Internet. The main problem with using Internet telephone is the coordination required between the receiver and the sender. It would be like requiring a fax recipient to be at the machine when the call came in. Perhaps larger companies will install hardware to attach their telephone systems to the Internet, so that an incoming call will automatically ring lines as usual. However, being able to bypass this process for everyone, not just large companies, would be a vast improvment. It would allow motivated people to use the Internet for almost all of their phone calls, not just the small percentage to the few people who happened to have Internet telephone. At 09:48 PM 7/22/96 EDT, E. ALLEN SMITH wrote: > I would be curious if the standards mentioned include any cryptographic >capabilities. The PGPhone people might want to look into producing a patch for >the Intel (and later Microsoft) programs allowing encryption. (In consideration >of fair use, I am both editing it down and putting on the same ad I see (I use >lynx).) > -Allen > >> [The New York Times] > >> _ Monday July 22 6:03 PM EDT _ > >>Intel Unveils Internet Phone Application > >> SAN FRANCISCO, Calif. (Reuter) - In its quest to make the personal >> computer an indispensable tool, Intel Corp. Monday unveiled software >> that will make it easy to place long-distance phone calls over the >> Internet. > >> The Intel Internet Phone software is the first to allow users of >> different types of computers and software to link up, solving a >> problem that has held back use of the global computer network for >> long-distance telephone calls, even though it would save long-distance >> toll charges. > Jim Bell jimbell at pacifier.com From tcmay at got.net Tue Jul 23 01:44:00 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 16:44:00 +0800 Subject: No more stupid gun thread ... Message-ID: At 1:24 AM 7/23/96, Ernest Hua wrote: >Ok. This thread has gone on long enough and covered just about every >point except the one which I originally made in my first response, >which is that I abhor the idea that kids should carry weapons (of any >sort) to school as standard equipment. In fact, I abhor the idea >that kids should carry weapons at school for any reason. > >Enough said. > >I do not care to discuss: > >1. Should kids have any weapons at any time? > >2. Should kids have guns (specifically guns)? > >3. Should kids know how to operate weapons of any sort? Fine, Ernest, then don't discuss these issues! I don't recall _anyone_ arguing the case for kids carrying guns to school. Several people commented on the training they received as children, the training they have given their own children, and their general views. Nothing about giving little 8-year-old Suzie an Uzi to carry to her 3rd-grade class. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hallam at Etna.ai.mit.edu Tue Jul 23 01:45:23 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Tue, 23 Jul 1996 16:45:23 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.32.19960723033257.008af3cc@panix.com> Message-ID: <9607230402.AA01393@Etna.ai.mit.edu> >>Genuine philosophers have made such sacrifices. Russell gave away his >>inheritance after completing Principia because he objected to the idea >>of inherited wealth. >And spent his life arguing for a social system which executes those who do >not work all their lives for the State or attempt to escape it. Russell was a very eloquent opponent of the death penalty and in any case it was never in particularly widespread use in the UK during his lifetime. It is somewhat pointless to argue that his later opposition to nuclear weapons was motivated by affinity for the Soviet Union Russell was a convinced Pacifist before the Soviet Union came into existence, going to jail because of his beliefs. I don't know quite why you seem to have picked up the idea that he was some kind of Stalin appologist, he wasn't even a Marxist. Russell was far too intelligent to be taken in by the communists, he didn't waste many words on them but those he did were generally uncomplimentary. He was very contemptuous of Wittgenstein's brief attempt to become a Soviet pessant. Its an odd kind of world view you have in which anyone who does not agree with your views must be a communist sympathiser. Its not even the case that the left were uniformly sympathetic to communism as the example of George Orwell makes very clear. The vocabulary of the cold war was established by a socialist propagandist on the basis of a speech by a socialist Prime Minister. Churchill made the original "iron curtain" remark, but it was after Atlee's speech to the UN which left the USSR unable to reply and thus established the basis of engagement. If you are going to make ad-hominem attacks you should at least try to get them on target. Phill From tcmay at got.net Tue Jul 23 01:49:45 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 16:49:45 +0800 Subject: Brute-forcing DES Message-ID: At 3:06 AM 7/23/96, Steve Reid wrote: >> Any one up for a distributed brute force attack on single DES? My >> back-of-the-envelope calculations and guesstimates put this on the >> hairy edge of doability (the critical factor is how many machines can >> be recruited - a non-trivial cash prize would help). > >Count me in. I've got a couple of net-connected Pentiums that are mostly >idle. > >Did you consider the possibility of DES chips in your back-of-the-envelope >calculations? They are hundreds of times faster than PCs. I don't know >where to get them or how much they cost, though. I would expect they >wouldn't be too expensive. The cash might be better spent on DES chips >than on a prize. Specialized DES-cracker chips have of course been considered. Diffie and Hellman's nearly 20-year-old paper on cracking DES considered this. Wiener's calculation of a few years ago did more that this: he also architected a basic system. And the "how many bits is enough?" (sorry I don't have the official name on the tip of my tongue) panel considered such designs last year. But actually building a DES cracker entails a level of commitment very difficult to achieve in an informal, volunteer effort. Not exactly something that 10 or 20 people can work on usefully. The advantage of the cracks done last year, the French and Australian cracks, and the MIT cracks, were that the "entry costs" for joining the project were low. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From a-billol at microsoft.com Tue Jul 23 01:50:11 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Tue, 23 Jul 1996 16:50:11 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's Message-ID: On Mon, 22 July 1996, Brad Dolan wrote: > >On Mon, 22 Jul 1996, Ernest Hua wrote: > >> >> > > > Thanks, but if it is all the same to you, I'd rather live >> > > > in a country where everybody << including six year olds >> >> > > > carry, and can use Uzi's, etc, as a matter of course. >> > > >> > > Would you just hand out guns to all teenagers? >> > >> > My twelve-year-old daughter asked for and received a .22 for her >>birthday. >> > Her four and six year old siblings enjoy shooting it, under close >> > supervision. >> >> The question was not whether you might let your little girl operate >> a gun. The question was whether you might let her carry it as part >> of her standard equipment. Would you let her go to school with it >> loaded or with ammo within easy reach? I mean, what's the point of >> carrying a gun without bullets? > >My daughter often carries her gun to school, complete with large >quantities of high-velocity long-rifle cartridges. > >She's homeschooled and marksmanship is one of her extracurricular activities. > >bd > >p.s. In two years of homeschooling, she has advanced 6 grade levels on >the state-mandated achievement tests. > I don't care if it takes my son 6 years to get through 2 grade levels, anyone who allows there kid to pack a gun (or a rifle?) should get their head examined (or join the Freemen--I hear they are short a few members). From shamrock at netcom.com Tue Jul 23 01:54:44 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 16:54:44 +0800 Subject: Curfews again Message-ID: At 21:14 7/20/96, Timothy C. May wrote: >At 6:37 PM 7/20/96, Alan Olsen wrote: > >>I bet the "National Curfew" crap that Clinton is trying to push is not going >>down well either. He seems to think that the problems of a small fraction >>of the country apply to the whole country... (But it makes for good sound >>bites.) What National Curfew? Haven't watched the news all week. Did I miss something? TIA, -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From snow at smoke.suba.com Tue Jul 23 01:55:08 1996 From: snow at smoke.suba.com (snow) Date: Tue, 23 Jul 1996 16:55:08 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607222254.AA01221@Etna.ai.mit.edu> Message-ID: On Mon, 22 Jul 1996 hallam at Etna.ai.mit.edu wrote: > Since they are denied the "right" to live in Libertopia they have > no choice but to live in the real world. That doesn't make them > hypocrites. They are not directly contradicting their principles. > On the other hand there are plenty of "free-market" economists > who live entirely on grant money from the public purse and plenty > of those "libertarians" will be accepting government assisted > funding through college or would do so if it was available. If the government money wasn't taken from us to begin with, we could better afford tuition. If there was no government aid, the schools would be cheaper. If there was no government aid, the schools would assit one more in getting private aid. > >Sometimes it is necessary to violate one's principles in order to help the > >greater good. > Yes, but how can a Randite libertarian do so in good faith? For such > people there is no greater good, it is all the self. Yeah, and to a fscking statist you give your all to the state. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From ravage at einstein.ssz.com Tue Jul 23 01:58:50 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 23 Jul 1996 16:58:50 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids (fwd) Message-ID: <199607230048.TAA00049@einstein.ssz.com> Forwarded message: > Date: Mon, 22 Jul 1996 15:10:04 -0400 > From: Hallam-Baker > Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids > > The "laws" of social scienst are not the "laws of physics". The "laws > of physics" aren't so constant either. Theoretical results should > inform the intellect not serve as a substitute for it. The laws of social science are the consequence of the laws of physics. One of the primary, if not the primary, assumption of Physics is that natural laws are isotropic and homogeneous. If they are not then we are all in deep deep trouble (Vinge not withstanding). The relationship between the laws of social science and physics is analgous to the relationship between the base pairs in DNA and the concept of a gene. There is a distinct difference in the nature but the latter can not exist without the former. > If you apply genetic programming techniques to the system the strategy > that evolves is typically a cooperative one. The facts is that the > theory applied in an evolutionary context disproves Perry. One of the primary observations about genetic programming is that the max you get is best considered local and 'good enough', not optimal. An argument based on genetic programming must admit prima facia that there is the potential for a better answer. Jim Choate From shamrock at netcom.com Tue Jul 23 02:00:57 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 17:00:57 +0800 Subject: Netscape Message-ID: At 13:38 7/22/96, Tom Weinstein wrote: >Yes, and that's what we're trying to do. Get strong crypto in the hands >of as many people as we can. I can hardly wait until we get S/MIME in. What will Netscape do to about the 40bit RC-2 default and the signatures on the outside of the encryption envelope design flaws in S/MIME? I can't imagine Netscape releasing software that has these two properties. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From nsyfrig at condor.depaul.edu Tue Jul 23 02:01:16 1996 From: nsyfrig at condor.depaul.edu (Nathan Syfrig) Date: Tue, 23 Jul 1996 17:01:16 +0800 Subject: Digital Watermarks for copy protection in recent Billboard (fwd) Message-ID: I got the following from the e$pam service. ---------- Forwarded message ---------- Date: Mon, 22 Jul 1996 14:56:43 -0400 (EDT) From: e$pam To: Multiple Recipients of e$pam Subject: Re: Digital Watermarks for copy protection in recent Billboard Forwarded by Robert Hettinga ----------------------------------------------------------------------- Comments: Authenticated sender is From: "Alex F" Organization: Internet Security Systems, Inc. To: cypherpunks at toad.com, "Deranged Mutant" Date: Mon, 22 Jul 1996 11:19:17 +0000 MIME-Version: 1.0 Subject: Re: Digital Watermarks for copy protection in recent Billboard Reply-to: alexf at iss.net Priority: normal Sender: owner-cypherpunks at toad.com Precedence: bulk > Paged through a recent (June or July 13) edition of Billboard > magazine yesterday. There was an article about the music industry, > the internet, and copyright issues. Didn't have a chance to read in > thoroughly, but it mentioned using digital watermarks which contained > info on to who (CC number) and when the material was sold... the > watermarks allgedly could survive if a CD was taped, copied several times > and redigitized. > Easy enough. - Unless somebody reversed-engineered it, filtered it, and re-stamped it. > The anti-piracy scheme is only useful for direct sale to a customer > though. If you buy music anonymously, how is it traced? This only > works for pirating on-demand purchases. This is probably yet another case of people not thinking ahead. As usual. People buying CDs at a garage sale & getting arrested for piracy. Wonderful. - The entertainment industry has a reputation of being paranoid, ever since individual cassette duplication became popular, albeit with reduced signal quality (a lot of people don't care as much about the signal quality and the industry knows that). Some of you may recall the flap over DAT, which significantly reduced the consumer market penetration (the industry itself uses them all over the place). The industry is also not known for forward-thinkers, even though they can and do hire them on occasion. While they aren't going to be worried about $8.00 at a garage sale, if they see mass single-copy distributions going on at enough garage sales, but they only sold 30 "master" copies, they might get concerned. Hey, judging by the announcements of how much piracy costs the industry, they probably don't rule this out (again, being all digital, under the current copyright scheme, there might even be a point). Yup, time to rethink the whole concept of copyright, intellectual property, et al, although I have no idea how to approach the issue. > > Other issues: what if an eavesdropper steals the music or video? It's If they steal it, well, who cares? If there is something worked out so that they could trace STOLEN (not traded or sold) CDs then fine, arrest them. Do you really think though that anyone would waste so much time over $8? - if it's too easy, then tools to do it will become so widespread that even the average user will engage in such practices. This time, being digital, the reduced-quality incentive doesn't hold (you still have the even-less-effective argument of the associated cover art not being included or being scanned and duplicated with reduced signal quality, unless the distribution is all on-line). Bottom line: There really is no way around this in the long run, but there's a l-o-t of money at stake. Therefore, delaying tactics are worth something to the big players in the industry, which is what we are seeing (some people might not 'get it' but there's enough money to where people who 'get it' can be and are hired to gum up progress). > If it uses a credit-card number as (part of) an ID, that's pretty > bad. Someone can sniff for CC numbers if they know how it's stored. Probably not done that way. My guess is that the disk ID is assigned to the disk at the time of manufacturing. At the point of purchase the customer is forced to give name, address, ID, whatever. This is then stored in a database along with the disc ID (serial num) which is prolly printed in the ISBN number or cross referenced with that in a national database or something, or just printed right on the disc. Anyway, a number is given to you from the CD, and not vice versa, I would imagine. - Would YOU want to be responsible for maintaining that database? It's like maintaining a hardware store trying to maintain an ID on every single screw and nail in inventory. > > The system will have to rely on proprietary tech and security through > obscurity. Even know how watermarks are stored without understanding > the math, one must be able to somehow garble the sound without > distorting it, but which renders the watermark useless. Actually, this would be quite easy. The "watermark" would be a signal that plays inband, but out of our hearing range during the entire CD. The human ear can only hear in the 20-20,000 (Hz, KHZ?, whatever) range. It would be trivial to add a digital ID signal at, say 30,000 or 15 or something like that. This could then be decoded, if need be. This seems the easiest and most efficient way. This could also be defeated with a lot of $$ (and/or a LOT of HD space). If the frequecy is known (it can be found out) it can easily be run through recording studio eqipment that can very effectively isolate the frequency and cut it out. If you have a LOT of HDD space (digital audio at 2 stereo tracks, not sure of the sampling rate or bit resolution, takes about 20MB of HDD space per minute (2 tracks, good sampling and bit rate) ) you could probably find the freq. fairly easily by isolation and just edit it out, and write the new stuff to a CD-R. If the signal is purely digital, I would imagine that it might be even easier that if it were an analog signal (?). Someone w/ good equipment (Digital Labs' stuff, or SAW (Software Audio Workshop) would be able to do this w/o much problem. The question is is the price/effort worth it? In quantity maybe. On an individual basis, only if you already happen to have the erquipment. - Nobody's going to try and do a higher-frequency encoding (I HOPE). While the human ear cannot hear those frequencies directly, we have found out that those higher-frequencies interact in such a way to influence the sound waves that influence what the user can hear. This is the reason there's still a debate between digital and analog recordings, and is still a big reason a lot of artists still record on analog equipment (in musical "fuzzy" terms, it's equated with the warmth of the sound, sort of like the tube-amp vs. solid-state amp debate among some guitar players, etc.) If somebody deliberately played with such frequencies, the journalistic media would probably have a field day. Yes, there are audio cancelling and other tricks that could be deployed, but no matter what, you're still deliberately introducing signal noise (I wonder this influenced the non-acceptance of "minidisks" from a few years back - aside from it's incompatibility with anything else around) If I remember correctly, there is plenty of room in the design of the audio CD protocal to embed such information, just like you can embed the timing and track number information. Some might remember the sort-of craze of embedding stupid "graphics" and words to audio CD's which special players could read and display on a monitor but didn't affect normal audio CD players (Lou Reed's "New York" was one of the few releases that I saw which advertised this "feature"). It turned out to be too hokey even for the consumers of the time. In other words, there are plenty of ways of achieving this. However, my guess would be to use up 650Meg of a hard drive, copy the CD byte-by-byte, and reverse-engineer away. Then you could easily stamp a "clean" master. (DVI could change the game - I don't know what the status of this battle is, other than it's shades of the DAT battle all over again) I have a suspiscion that this type of thing will not really come to any kind of fruition due to not only the ability to defeat this, but mainly due to things like buying at a garage sale, etc. If it did, only MASS market piraters would be investigated. (Another example of a law creating it's own violators. Don't make the law, there won't be mass piratingof "clean CDs" - Well, the MASS market piraters are exactly the point. Well, let's face it, if the industry controllers got their way, there would be no second-hand market like garage sales - there IS money involved here (witness the bizarre dealings with CD-rental stores that have shown up over the years). However, they are counting on the majority of their customers not having the equipment to easily defeat this, which up until now, has been the case. However, recordable CD's have come down dramatically, along with hard-disk prices, and all the tools required are much more available than most people outside this list would have predicted. And from an industry perspective, as this list already knows, it ain't gonna get any better. - Bottom line: I expect things are going to get pretty bone-headed. Wow, such insight! Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- Nathan F. Syfrig (views are my own standard disclaimer) From shamrock at netcom.com Tue Jul 23 02:06:40 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 17:06:40 +0800 Subject: Boobytraps and the American Legal System Message-ID: At 12:48 7/23/96, Timothy C. May wrote: >(Later examples were to be even worse. For example, the burglar who climbed >on a roof and stepped through a skylight. He sued, and won. I guess the >owner of the property was obligated to install night lights so burglars >could see their way, and to generally make his property more >"burglar-friendly." Or the woman who sued a hospital, claiming her psychic >abilities were lost after a CAT scan. She won.) And then there was the burglar who cut his hands on razor wire while attempting to scale a fence. He too recovered damages from the property owner. Some people say that the lesson to be learned form such harsh legal realities is to kill burglars on sight. After all, dead people don't sue... -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From hua at chromatic.com Tue Jul 23 02:17:52 1996 From: hua at chromatic.com (Ernest Hua) Date: Tue, 23 Jul 1996 17:17:52 +0800 Subject: Filtering out Queers is OK In-Reply-To: <199607200000.RAA10799@netcom11.netcom.com> Message-ID: <199607230003.RAA00839@server1.chromatic.com> > > clear that the government may force a child to accept > > secular ideas that may violate the child's religious > > background, even if the government has a compelling secular > > interest in doing so. > > This is the usual smokescreen the "parents rights" lobby brings > to the bargaining table. Rather than make the debate over the > rights of the child, and what resources the state should make > available to the child to protect those rights, they make it a > contest between the parent and the state to see who gets to > violate the child's rights the most. I am not anybody's lobby, so you can just cut the accusation crap. Secondly, I expect to have full control over the education and the upbringing of my child. I DO NOT have to let him go the library. I DO NOT have to let him read any literature. I DO NOT have to let him have an open mind. It is NOT in the Constitution. I will do so because I believe it is good for him. Anyone who wants to change what I decide is good for him will have to do so over my dead body. > So instead of arguing whether children should have access to > education, libraries, computers, and other resources in their own > right, we get the usual endless debate over whether the state or > > Been there. Done that. And as the Scottish would say, "It's > Crap." I really could care less what you feel about how I should raise my child. > Again, children have a right to go to libraries, get educated, > and use telecommunications resources without interference by > EITHER the state or their parents. This truly IS pure crap. Parents have a responsibility. Your arbitrary choice of "parental rights" is just rhetorical method for implying that parents are selfishly fighting for their own good at the detriment to the child. In fact, most parents are loving, caring, and try very hard to do what is "good" (in their mind) for their child. You, sir, do not have some God-given monopoly on knowing what is good for any child, let alone, mine. Therefore, nobody (not you, not the PTA, not the school, not the Congress) has any right to tell me what is good for my child. Call it what you want; you ain't brainwashing my child with your bull. Ern From tcmay at got.net Tue Jul 23 02:20:19 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 17:20:19 +0800 Subject: Boobytraps and the American Legal System Message-ID: At 6:05 AM 7/23/96, Lucky Green wrote: >At 12:48 7/23/96, Timothy C. May wrote: > >>(Later examples were to be even worse. For example, the burglar who climbed >>on a roof and stepped through a skylight. He sued, and won. I guess the >>owner of the property was obligated to install night lights so burglars >>could see their way, and to generally make his property more >>"burglar-friendly." Or the woman who sued a hospital, claiming her psychic >>abilities were lost after a CAT scan. She won.) > >And then there was the burglar who cut his hands on razor wire while >attempting to scale a fence. He too recovered damages from the property >owner. Some people say that the lesson to be learned form such harsh legal >realities is to kill burglars on sight. After all, dead people don't sue... A nice theory, but not true. Their estates can and do sue. Lost income, mental anguish, the usual stuff. And maybe their insurance companies, if any claims were paid, would also sue. No, a better solution it seems to me is to dispose of the body so there is only a "disappearance," with nothing to link the perp to one's self. (Unless the perp left records or told someone...) My place is pretty isolated, so I wonder if my proposed solution is enough: process with my 10 h.p Troy-Bilt chipper/shredder, treat output with 2 sacks of quicklime, hose resulting product into ravine dropping down to valley floor below. (Probably too much DNA-carrying crud left around, should a forensic pathologist ever start nosing around...the old tried-and-true method of a midnight planting in a remote location, far away from one's own home, is better.) BTW, one of the worst aspects of the recent crackdown on gun sales and transfers is that it's become much harder to get hold of a gun with no paper trail to one's self. Those of us who used to frequent "gun shows" have adequate supplies of guns with no traceability back to ourselves...useful for planting on perps who happened to be unarmed. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From shamrock at netcom.com Tue Jul 23 02:26:09 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 17:26:09 +0800 Subject: DES brute force? (was: Re: Borders *are* transparent) Message-ID: At 21:28 7/22/96, aba at atlas.ex.ac.uk wrote: >So ideally for a break you would like the whole thing to be completed >in say 2 weeks wall clock time, which gives rise to the need for >~100,000 machines of similar throughput, full-time for two weeks. > >Possible? Perhaps not 100k machines, and perhaps not in two weeks, but is it possible? You bet. That would >Somebody would need to spend a fair bit of effort publicising it on >USENET, to get a good response. Sure. There should be at least a two month long campaign on USENET. Plenty of time to debug the cracking software. >There may be problems associated with offering prize money... what if >some employees at DES hardware vendors `borrowed' some time on their >top of the range DES cruncher? Perhaps this doesn't matter, as it >would just make the point even more strongly :-) I agree. Let's hope some people will help the project with some custom DES crackers. >What DES modes are used in typical banking situations? (I am >presuming a challenge involving a widely used banking funds transfer >protocol would be a suitably juicy targets, based on a criteria of >demonstrating the greatest financial risk). When picking the target, think publicity. A widely used banking protocol sounds like a good target. What is being used for the global transactions that total in the trillions every day? Are at least some of them done in with single DES? -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From deviant at pooh-corner.com Tue Jul 23 02:27:43 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 23 Jul 1996 17:27:43 +0800 Subject: [Noise] Re: Re: Devil's Bargain In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996, Alex Derbes wrote: > Date: Mon, 22 Jul 1996 09:57:53 -0700 (PDT) > From: Alex Derbes > To: snow > Cc: Roger Williams , cypherpunks at toad.com > Subject: Re: [Noise] Re: Re: Devil's Bargain > > On Mon, 22 Jul 1996, snow wrote: > > > On 22 Jul 1996, Roger Williams wrote: > > > >>>>> "CCP" == snow writes: > > > > Am I the only one in this country who, when hearing about TWA > > > > f800 shrugged his shoulders and thought (or said) "Time flies and > > > > aeroplanes crash" (Name the band and album and I'll be impressed)? > > > Umm, isn't that "Time flies *but* aeroplanes crash"? > > > > Don't think so. I'll check in the morning. The wife doesn't like > > British HardCore at 3a.m. Silly girl. > > > > > Subhumans (the Brits). 12" EP of the same name. Bluurg records. > > > > I have it on 29:29 Split Vision. Good stuff. > > > > > But, yes, my vague impression is that there is more press coverage > > > (I get all my news from Auntie Beeb, who hasn't been as vociferous > > > about it.) But to most insular American types, terrorism is still a > > > novelty. > > > BTW, I wouldn't say that officials discounted terrorism -- you can bet > > > Kallstrom is sure hoping that this isn't "just an accident"! > > > > Thing is, this crash was getting more attention than valuejet from the > > get go. Before there was any HINT of anything more that your typical > > gravity check plane crash it was all over the news. > > Well, > > There were no signs of mecahnical faliure, the plane took off one > hour late, that means if it was a timed bomb the plane would have gone > down over oh lets say random VERY VERY deep place in the atlantic ocean. > The plane was an easy shop for all sorts of shoulder launched SAM's. > There is a hell of alot of terrorist activity right now, and the > olympics, I think there is good circumstantial evidance to suggest > terrorist activty just from motives and oppertunity. > > > my half a cent... > Don't forget a reoccuring blip on the radar and 100+ witnesses that say they saw a light go through the sky... --Deviant We have art that we do not die of the truth. -- Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfRkrDAJap8fyDMVAQFEyAf+O7Ao5a+hE1UShvtaYAMVsYlqkEk11f28 MPo42U3miUzJH8PIgtQNbTC90NfAsCOL3fvAMaR3ihj0uaMbYG3v1sP16XoGnAh2 WMDZrQr0TgHqBOzq1JReVo6+Rz+Lna29Qpdm+yUEmJOk4g6KInxkNVUnhZiinK2l u8+K+IEfaRGRcEyfMGYtuufy3BpMkBPGlJCTYZyLxvLXu179+OzB9y0iXSD02mdX WTFxU/UQZ1fZ0dSOSbDmwxTUf+fHyQsqAN+/O5CiQ51dgk+xTe8U0ESvEO5AEbIB NzvJ1BxnP7RNvDOVUrEily6YOlD16g2Hsz0m6rYGswzM6qYDPalGQA== =dr2K -----END PGP SIGNATURE----- From ota+ at transarc.com Tue Jul 23 02:27:46 1996 From: ota+ at transarc.com (Ted Anderson) Date: Tue, 23 Jul 1996 17:27:46 +0800 Subject: Netscape In-Reply-To: Message-ID: shamrock at netcom.com (Lucky Green) writes: > At 15:27 7/20/96, Tom Weinstein wrote: > >Why not consider what the consequences will be? Do you seriously > >believe that this will make the government stop enforcing ITAR? Do you > >believe it will make them change the law? No. What it will do is make > >them remove our permission to distribute this stuff. > > I doubt that. PGP has been distributed for years with less safeguards > than Netscape. It is available on more free-world sites than Netscape > US. This did not prompt the powers that be to force MIT to take down > their site. > ... I must agree with Lucky. I am quite sure that even if Netscape was not begin distributed over the net, copies would still be uploaded to international sites by folks practicing Civil disobedience. Only they'd have to wait to get the release from a store or some other source. If you think the net distribution channel is in danger, consider these suggestions. The basic idea is to provide plausible denyability that the net site was the source of the "leak". Offer to send the latest version on floppy to US addresses of the first 100 people who request them. I only suggest 100 to keep your costs down. But any decent sized number would do. I got my copy bundled with my ISP software. So make sure your ISP and other redistributers have their copies a few days before you make it available on the net. Then new ISP accounts will start getting copies before the net copies become available. This may not work as well for beta's, but I'm sure other approaches along these lines would work too. Of course, it make sense to make sure the binaries used in each of these channels are indistinguishable. Ted Anderson From mpd at netcom.com Tue Jul 23 02:33:55 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 23 Jul 1996 17:33:55 +0800 Subject: Brute-forcing DES In-Reply-To: Message-ID: <199607230633.XAA19801@netcom20.netcom.com> "Peter Trei" writes: > Sadly, after further calculation, I'm not so sure if it's > doable just yet. ... > The fastest general purpose, freely available des > implementation I'm aware of is libdes. by Eric Young. With > this, I can do a set_key in 15.8 us, and an ecb_encrypt in > 95 us/block. That adds up to about 9,000 keytests/sec (this > is on a 90 MHz P5, running NT). What you really want to do to sweep the DES keyspace is to "schedule" the input and output block you are testing, performing any static operations, and do only enough computation to see that a given key fails. Special purpose assembler to do this particular function would probably run faster than any algorithm which could also be employed to encrypt data. > What will make this brute doable, if not now, then in the > near future? > 1. Faster Processors > 2. More processors. > 3. More interest 4. Better code. This is actually a problem I plan to analyze someday. Looking at single DES as a function of the key bits with the input and output fixed. This can be viewed as a boolean function, whose result depends upon whether the given key works to map the input onto the output. Viewing this function as a composition of single bit operations and optimizing it would perhaps lead to insights on how best to compute it on a typical 32 bit CPU with the usual collection of operations. A messy little project, but probably one worth doing if I get some free time. Single DES is certainly ripe for a spectacular public failure. A little analytic work could bring breaking it within range of available computing power. If you are going to use regular encryption code to brute force the keyspace, then it probably is just a tad beyond reach at this point. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From nobody at mockingbird.alias.net Tue Jul 23 02:35:37 1996 From: nobody at mockingbird.alias.net (Anonymous) Date: Tue, 23 Jul 1996 17:35:37 +0800 Subject: E-Cash promotion idea In-Reply-To: <2.2.32.19960722205947.00d26f84@mail.teleport.com> Message-ID: <199607230619.XAA17763@myriad> alano at teleport.com (Alan Olsen) wrote: > This may or may not fly, but it is at least worth puting out for general > comment... > > Have the people in the e-cash biz thought of getting with the various > "Cyber Cafes" around the world to sell e-cash to the patrons. Done > properly, this could inject e-cash into a community who would both use > the cash, as well as providing privacy and an exchange for real currency. How about getting the CyberCafes to accept ecash? Just pull out your Newton/HP48/PDA and point the IR beam at the cash register. Now that's an ecash application I'd like to see!! From deviant at pooh-corner.com Tue Jul 23 02:44:17 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 23 Jul 1996 17:44:17 +0800 Subject: [Noise] Re: Re: Devil's Bargain In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996, snow wrote: > Date: Mon, 22 Jul 1996 11:50:39 -0500 (CDT) > From: snow > To: Alex Derbes > Cc: Roger Williams , cypherpunks at toad.com > Subject: Re: [Noise] Re: Re: Devil's Bargain > > On Mon, 22 Jul 1996, Alex Derbes wrote: > > There were no signs of mecahnical faliure, the plane took off one > > hour late, that means if it was a timed bomb the plane would have gone > > down over oh lets say random VERY VERY deep place in the atlantic ocean. > > The plane was an easy shop for all sorts of shoulder launched SAM's. > > According to the information I have seen, there are no SAM's that can > reach out and touch a plane at 13000 feet. The engagement ceiling on a > most is 8000 to 9000 feet iirc. > Ummm... Stinger missles go ~5 miles. 13000 is about 2.7 miles. > > There is a hell of alot of terrorist activity right now, and the > > olympics, I think there is good circumstantial evidance to suggest > > terrorist activty just from motives and oppertunity. > > What motives? > There was a threat the day beforehand and all... --Deviant We have art that we do not die of the truth. -- Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfRwtzAJap8fyDMVAQHZSwf+MCsESHno8VTvqwTTULh7yhwyiRbaoxcp hi/lVaAcX472fbt+128tpcCmm4rz9wTWhl/0/PJKjno9y20r7mcXMgJrQNsQ3c7K W2p3UPXpOBuZvtEVrSl3nC9rM7pYnuKYXPgWOnOn4zRf33GBBtoJGezBNg2i0pVH HSp/+L0VC1/cmw9IbGIkv3y+TDwyTdzj727zEmArC3DkBlcG1ZL33FciY9XYhMH0 BuhiHo/uC6S/qAIGVoh/xcf9QLpV+z2Q3FfVxl1mlAmgWPup7rxqbD614NjjWJ6I lnGoJUyIiTQCKXdlBewApepq7HylpI3OGJ8ThrV4Mj7Wzjvt8vr1ZQ== =4nla -----END PGP SIGNATURE----- From rich at c2.org Tue Jul 23 02:54:44 1996 From: rich at c2.org (Rich Graves) Date: Tue, 23 Jul 1996 17:54:44 +0800 Subject: Special Agent Safdar In-Reply-To: <199607220832.CAA03981@zifi.genetics.utah.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- No, he's not a special agent, silly; just a regular old agent. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfPVXpNcNyVVy0jxAQHBKAIAjDJP17uJ6klS5vepS1c46i3JnSBoBAYz M48l8Qgemx6ZnQlEob8cnH1WHcWRfdnM01lc2+WYfOnndn9VsIfGOw== =oOY8 -----END PGP SIGNATURE----- From adamsc at io-online.com Tue Jul 23 03:05:43 1996 From: adamsc at io-online.com (Chris Adams) Date: Tue, 23 Jul 1996 18:05:43 +0800 Subject: Opiated file systems Message-ID: <199607230640.XAA08658@toad.com> On 22 Jul 96 21:39:44 -0800, ceridwyn at wolfenet.com wrote: > > >thanks for the help... it'll definately give me something to start >with anyway... =) //cerridwyn// > >>I'd find some network cards that support fiber and breadboard a little >>system together. Possibly, you could find a hookup that would work off >>the shelf - look for sources for embedded systems. For instance, at least >>Novell's networks have embedded system support. I recall a DDJ that had >>someone wire up a coffemaker as a network controlled device, so I doubt >>you'd need a PC. As I recall, he had a single chip ethernet device. Now, >>this was for regular ethernet, but I'd assume you could connect a fiber >>based ethernet over with some sort of adapter. Search for the article at >>http://www.ddj.com - if you can't find it there, drop me a note. > Search their site for NEST (The acronym for the novell protocal used). The article was in the Feb 96 issue. There was some single chip network adapter that needed only an EPROM and a power supply, I believe, to work. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From jad at dsddhc.com Tue Jul 23 03:11:50 1996 From: jad at dsddhc.com (John Deters) Date: Tue, 23 Jul 1996 18:11:50 +0800 Subject: Opiated file systems Message-ID: <2.2.32.19960722220926.00623064@labg30> At 03:29 PM 7/21/96 -0700, Bill Frantz wrote: >At 9:26 PM 7/19/96 -0800, Chris Adams wrote: >>BTW, I'd try a fiber-optic connector to the machine because 1) it's >>waterproof and you wouldn't have to be quite as paranoid about leaks, 2) >>it's far more secure, 3) it's faster and 4) it's probably impossible to >>trace like a metal wire (i.e. run current through and trace magnetic >>fields...)... > >Just some random advice: My high-speed networking expert friend says that >plastic fiber is good to about 4-5 miles, and is a lot easier to work with >than glass fiber. What about a machine setup that has its own intrusion detection? An internal battery-backup system that also powers case-tampering detection hardware could be set to trigger "Alternate Stego File System Plan A". Replace drivers, etc., with software that does not contain the real system's drivers at all, which you have wisely placed only in a very offsite backup location. Tamper-detecting cases of this sort already exist: look at a U.L. listed Burglar Alarm external cabinet. Double-walled, and the internal wall is electrically insulated from the external wall such that any short between the two walls, (i.e. a bad guy with a drill bit), will fire the trigger. Certain shielding schemes used by some manufacturers today might already provide a good design. You could also go overboard and fill the interior with various environmental detectors. Photosensitive transisitors. Tilt/tremble sensors. Temperature sensors. Smoke detectors. Accelerometers (see Scientific American a few months ago for a circuit). Microswitches that are held open by virtue of having the case screws in place. Build a double-walled case (as mentioned above) and keep it pressurized with nitrogen, and have a pressure sensor to detect leakage. Lead-line the interior, and place an X-ray detector where any attempt to X-ray the machine will result in Plan A. And if they want to try using MRI to see inside; well, I guess I probably wouldn't be too surprised! :-) If you had absolute faith in your machine's inability to crash (i.e. not running a Wintel operating system), the drivers could be written to copy themselves into memory at bootup and securely wipe themselves from your hard disk; and write themselves back to hard disk at a shutdown request. Your machine is then vulnerable only when properly shut down, a state in which I would not recommend leaving it. Leave it only in a "password required" state, and *this* would be the place to implement the duress password. As for seed data to encrypt to give them something to find, may I suggest that would be an excellent choice to keep both your Netscrape cache as well as your Winders swap files? Lots and lots of sectors worth of data, kept as fresh as often as you use your browser. And as long as you don't browse "illegal" sites (whatever that might mean in your country), you win. And, of course, protect all external connectors so your opposition wouldn't be able to shove a wire in your RS-232 port and short your internal battery. The low/no battery level alarm would be used to ignite the magnesium wrapped around the hard disk's case (also known as Alternate Stego File System Plan B :) , or it would trigger the capacitively powered EMP coil mounted above the platters; neither of which you would want triggered unless the software-stego routines hadn't completed by the time the case was breached. My point is it should be possible to build a virtually tamperproof case; and especially if your attacker doesn't know it exists, you would stand a good chance of being able to eliminate self-incriminating data (sometimes the 5th amendment needs some mechanical assistance) before the bad guys would have the ability to save an "untampered" copy. John. -- J. Deters "Captain's log, stardate 25970-point-5. I am nailed to the hull." +-------------------------------------------------------+ | NET: jad at dsddhc.com (work) jad at pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'33"N by 93^16'42"W Elev. ~=290m (work) | | PGP Key ID: 768 / 15FFA875 | +-------------------------------------------------------+ From shamrock at netcom.com Tue Jul 23 03:31:59 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 18:31:59 +0800 Subject: evidence from the NIC - interpret and use as you will. Message-ID: At 18:53 7/21/96, ante wrote: >See who is sleeping with who. These are the supporters of the sham >"hearings". [list of freedom of speech supporters elided] There is help. Really. Today's psychiatric drugs can help make the difference. Please see a qualified psychiatrist. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From deviant at pooh-corner.com Tue Jul 23 03:35:51 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 23 Jul 1996 18:35:51 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996, Vinnie Moscaritolo wrote: > Date: Mon, 22 Jul 1996 10:36:14 -0800 > From: Vinnie Moscaritolo > To: cypherpunks at toad.com > Cc: snow at smoke.suba.com > Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids > > > You pop a claymore in a building with any substance up to the level of > >concrete re-enforced, and you _will_ be going with them. > > booby traping your home is a really stupid idea, I promise that your > dog/child/spouse will be theone to accidentally set it off. besides for > this you can get sued.. > > every hear the one about the case of a guy who constantly had his radar > detector stolen out his his car, he decides to set a trap and rigs his next > one with exposive. The perp steals the box, sells it. someclown powers it > up on his dash board and BANG!.. well you'd figure justice is served, but > the NYC judges awarded the mass of flesh damages and charged the guy with > manslaughter. > > only in Amerika.. > Hrmmm... for the "pre-dawn raid" thing though, I've got a better one. Where I live (Wake County, North Carolina), if someone's breaking into your home, until they identify themselves as law inforcement, its legal to shoot, and even kill, them, _As long as they're facing you_... funny, eh? So, if someone breaks through my window at 6:00 AM, and they don't say "Police" or "Secret Services", they aren't gonna be saying anything. --Deviant We have art that we do not die of the truth. -- Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfR0YjAJap8fyDMVAQH8TQf8CsdZB48EQTsqBF9ZnMGLrYWEYKIg8HYu YGYtcNs5SxVfUqu5GAWyO6UO+uJgOV+f5149/UeCYa8l5NAcU+JRCoH/37ZoNLDv c+Tg1W0Wli/paqXU0CdE7grTzXMJ1z+QSZiZPufUycPA+diqUQhvHeIKq9lwxR5c eppagNCVKVTkKCRRacZRkkDlF0G3KUhoFk65wYo/cJpAIpulUtPiclqR7jYXyOqc 28Zw9lMHMZ6CQFVaM7eTcRf61wf2I8vCIw28hRqABO+fjF6luRyuc0YFtwjDw1t0 pZHe5nIy8tsuxQ8n2mNf5OGHKWErwKcvEvW8kowsB+Jgw3wvi7uu7A== =GLmi -----END PGP SIGNATURE----- From tcmay at got.net Tue Jul 23 03:42:41 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 18:42:41 +0800 Subject: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) Message-ID: At 10:54 PM 7/22/96, hallam at Etna.ai.mit.edu wrote: >No, the argument is over whether a person should live by the ideals he >preaches. I have more respect fot the likes of Kant and Russell who made >rather more of an effort than Jefferson. > >The observation that history is made by rich people and written by rich >people is not a new one. Until this century there were few countries >where politics were open to anyone but the very wealthy. In the USA >that is still by and large the case. > >Rather than attempting to excuse Jefferson it would be better to >accept that not everything he said was valid when he said it and >to try to engage ones brain rather than using his words as slogans. I agree with much of what Phill says here. His original "throwaway line" about Jefferson's slave-owning did not fully make this point. (As I see it, this is a common danger with throwaway lines, which often look like dismissive insults.) The flaws of leaders and thinkers are well-known. From from what I've read, Voltaire was a real cad. And my favorite aphorist/philosopher, Nietzsche, had his share of bigoted views. And he was apparently not at all a "superman" specimen. But who cares? The ideas of a person are somewhat separable from their quirks as persons. If we demand perfection from all thinkers--assuming perfection could ever be defined and agreed upon--we'd likely have far fewer thinkers to study. (Phill also mentions Rand. She was about as deeply flawed an individual, especially in terms of treatment of her supporters, as one can imagine. She, for example, insisted that her followers smoke, as smoking is (she claimed) proof of Man's dominance over nature. However, many of her ideas were very influential.) I rather suspect the U.S. would have had a more consistent moral stance if a condition for a state joining the Union had been the freeing of all slaves. Of course, giving womyn the vote would have been too much to ask for. (And there were many violations of the rights of Indians, including land-use rights and treaties, which did little to polish the reputation of the U.S. for adhering to its own stated principles.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mpd at netcom.com Tue Jul 23 03:53:35 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 23 Jul 1996 18:53:35 +0800 Subject: Filtering out Queers is OK In-Reply-To: <199607230003.RAA00839@server1.chromatic.com> Message-ID: <199607230053.RAA09949@netcom8.netcom.com> Ernest Hua writes: > Secondly, I expect to have full control over the education > and the upbringing of my child. I DO NOT have to let him go > the library. I DO NOT have to let him read any literature. I > DO NOT have to let him have an open mind. It is NOT in the > Constitution. Since the courts have said that humans under 18 are not "persons" under the law, you have every right to not let your child read anything, to not let him think for himself, and to not let him out of the house until he reaches his 18th birthday. Your child would presently have no recourse against you should you choose to treat him in such a fashion, and believe it or not, there are some of us who would like to change that. > I will do so because I believe it is good for him. Good for you, at least. > Anyone who wants to change what I decide is good for him > will have to do so over my dead body. Works for me. I needn't point out that if I were ever on a jury charged with determining whether your child, treated in the aforementioned fashion, was guilty of a crime for splattering your brains all over the living room wall like tapioca pudding, I would find it almost impossible to vote for conviction. > I really could care less what you feel about how I should > raise my child. You know, when children whine "I don't care what anyone else thinks - No one has a right to tell me what to do", alarm bells go off all over the place. When parents say the exact same thing, they think they deserve some sort of medal. > In fact, most parents are loving, caring, and try very hard > to do what is "good" (in their mind) for their child. You, > sir, do not have some God-given monopoly on knowing what is > good for any child, let alone, mine. The obvious fact is, neither do you. Anyone with an IQ over 10 and genitals that are in working order can produce offspring. You seem to think that the act of reproduction instantly transforms the scum of the earth into child-rearing experts who must never be contradicted by any outside agency as they lord their wishes over their chattel. > Therefore, nobody (not you, not the PTA, not the school, > not the Congress) has any right to tell me what is good for > my child. I think you have your child confused with your car. The sad fact is that you are probably at the top of any list one would prepare of groups and persons who think they know what is good for children and don't. > Call it what you want; you ain't brainwashing my child with > your bull. I think you've already done an excellent job of that yourself. ObCrypto: Kids who have parents like this should know how to use strong encryption on their PCs. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From alano at teleport.com Tue Jul 23 04:09:04 1996 From: alano at teleport.com (Alan Olsen) Date: Tue, 23 Jul 1996 19:09:04 +0800 Subject: [Noise] Re: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960723060437.00d2b8b0@mail.teleport.com> At 10:16 PM 7/22/96 -0500, snow wrote: > Yeah, and to a fscking statist you give your all to the state. ^^^^^^^ This is assuming that the state is corrupted and needs to be remounted. (Or is not considered clean opon boot.) Which might not be a bad assumption... Assuming that it can fix the errors it finds in the state in the first place. Sorry. Too much time spent fixing corrupted disks today. (I hate cheap hardware.) --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From rich at c2.org Tue Jul 23 04:10:20 1996 From: rich at c2.org (Rich Graves) Date: Tue, 23 Jul 1996 19:10:20 +0800 Subject: Canada investigating Net-regulations -- call CBC-Radio now! In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- [Cypherpunk relevance: Lemire's CD includes both US/Canadian and international versions of PGP. I say ship the CD to third-world countries with repressive racist regimes.] I told the CBC what I thought of the Wiesenthal Center's misguided campaign, and Lemire, yesterday. If you want to know more about Marc Lemire's controversial opinions, the CD I bought from him recently arrived. The man's got quite an enemies' list, with closeup GIFs of some big names. If you want a peek, remail me an encrypted note and we'll work something out. Connoisseurs of the genre will especially enjoy the commies, pictures\jews, pictures\leftists, and pictures\traitors directories. I'd prefer to upload the files to your server, since I don't currently have a spare box with 500MB disk that I can use for this. People in the SF Bay Area are welcome to borrow the CD, all 528 MB of which seems to be in the public domain. I've already copied all the files to local disk. Anyone know a place in the South Bay where I could reproduce CDs, cheap? I know I can beat his $30, but I'm not sure by how much. Like hell I want to censor this stuff. There's a lot of money to be made in racism if the price is right. Just ask Lyle Stuart. Btw, Lemire's the guy who uploaded the Zundelsite files to the mirror sites. I include my original correspondence with him, and others -- I hadn't even heard of any of these five people until I received email from them -- below. I have a lot of respect for Hilary and Thomas, who aren't liars. Pholks interested in phreaking might be interested in Lemire's story at http://www.webcom.com/ezundel/english/sirc/affidavit_of_marc_lemire.html You can listen to an interview with Lemire that I copied from his CD-ROM to http://www.c2.org/~rich/Press/intervw.wav - -rich [blue-ribbon disclaimer: it's called sarcasm, son, SARCASM] censor the internet! http://www.stanford.edu/~llurch/potw2/ boycott fadetoblack! http://www.fadetoblack.com/prquest.htm Date: Sun, 28 Jan 96 11:10 PST X-Sender: ezundel at mail.cts.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: llurch at networking.stanford.edu From: ezundel at cts.com (E. Zundel) Status: RO X-Status: Hi, Rich - I just talked to Ernst, and he is very interested in your offer to mirror his site unedited. What is involved, technically? Can you do it on your own, without my involvement? I am really, really a novice at the technical side of it, and so is Ernst. He said to "absolutely go ahead" if you could do it and if you give him your word that the material would be unedited and exactly as we are putting it up - and if you had a question, to please call him at 416 - 922-9850. It is his private line, and the man _never_ sleeps! Please let me know since we don't know from day to day and even from hour to hour what will happen, what with those massive censorship guns. Are you a student at Stanford? All best, Ingrid ***** Revisionism is the great intellectual adventure at the end of the Twentieth Century. ***** Revisionismus ist das grosse intellektuelle Abenteuer am Ende des Zwanzigsten Jahrhunderts. http://www.webcom.com/ezundel/english Date: Sun, 28 Jan 1996 14:34:49 -0800 From: Hilary Ostrov Organization: myssiwyg* X-Mailer: Mozilla 2.0b6a (Win95; I) MIME-Version: 1.0 To: rich at c2.org CC: Ken McVay , Jamie McCarthy Subject: Your Comments in the Nizkor Guest Book X-URL: http://www.almanac.bc.ca/guest-book.html Content-Type: multipart/mixed; boundary="------------29DD340FADE" This is a multi-part message in MIME format. - --------------29DD340FADE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello Rich, Thanks for your comments and encouragement in the Nizkor Guest Book. Indeed you are quite correct: we most definitely agree with your position that the best response is "meticulous documentation and refutation, not censorship". And I certainly hope that others will follow your example of indicating a preference that people visit Nizkor - in fact, I find it quite sad that the media will show the way to the denial/racist sites, but neglect to point the way to Nizkor! This letter is cc'd to Nizkor Project Director, Ken McVay and Co-Webmaster, Jamie McCarthy. ____________________________ Your tireless work is greatly appreciated. I was wondering if you had any comment on Deutsche Telekom's decision to block access to webcom.com because of our "friend" Zuendel, though. From a quick look around this site, it appears that you'd be likely to agree with me that the best response is meticulous documentation and refutation, not censorship. To that end, I plan to mirror the "banned" site publicly, on as many sites as I can muster, until Deutsche Telekom gives up. I will of course point out that I'd much rather they visited your site. Rich Graves rich at c2.org http://www-leland.stanford.edu/~llurch/ January 28, 1996 ____________________________ ======================= Hilary Ostrov e-mail: hostrov at uniserve.com http://haven.uniserve.com/~hostrov/myssiwyg.html Co-Webmaster - The Nizkor Project http://www.almanac.bc.ca/ [Nutscape-enclosed HTML file skipped -- rich] Message-Id: <199601292012.PAA04388 at freeside.echo-on.net> X-Sender: cpn at echo-on.net (Unverified) X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 29 Jan 1996 15:14:00 -0500 To: llurch at networking.stanford.edu From: freedom at pathcom.com (Marc Lemire) Subject: Ernst Zundel Hello my name is Marc and I am writing you on behalf of Ernst Zundel. I am wondering if this is the address (llurch at networking.stanford.edu) where I can send the commpressed Web site documents to as a 'save attached' message to? And if you had an FTP site where I could instead of sending them to you, could put them. FTP is much easier and faster. ... PS.. The entire site is about ... 30-40 megabytes. I can strip out all the Sound files which would leave the site at only maybe 3 megs. Talk to you soon. Thanks Marc Lemire From: Thomas Roessler Message-Id: <199601291710.SAA13359 at sobolev.rhein.de> Subject: [FACTS] Germany, or "Oh no not again" To: cypherpunks at toad.com Date: Mon, 29 Jan 1996 18:10:09 +0100 (MET) Cc: Thomas.Roessler at sobolev.rhein.de (Thomas Roessler) Organization: Qnf eurva.qr-Xbzcybgg. Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cypherpunks at toad.com Precedence: bulk I had the prosecutor's spokesman on phone today. The result is that someone gave a hint to the prosecutors which explicitly mentioned Zundel, T-Online and Compuserve. Consequently, the prosecutors *had* to start investigations against Zundel, T-Online and Compuserve. In particular, they are right now *checking* whether providing internet access is a criminal offence due to the possibility to gain access to `inciting material' (the German word is `Volksverhetzung') via the Net. This means that it is not even clear whether the investigations against internet providers will be dropped or not; in fact many people believe that these investigatinos *will* be dropped. My personal guess about all this is that some net.citizens are trying to have the prosecutors engaged in absolutely absurd investigations (or, even better, achieve a court room clash on this subject) to get some clarification of the legal situation of the Net in Germany. Quite similar to the RSA T-Shirt story in the States. ,-) tlr Message-Id: <9601292205.AA10683 at pathcom.com> X-Sender: freedom at pathway1.pathcom.com (Unverified) X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 29 Jan 1996 16:58:11 -0500 To: Rich Graves From: freedom at pathcom.com (Marc Lemire) Subject: Re: Ernst Zundel >I'm firing up an FTP drop box on rosinante.stanford.edu right now... only >takes a minute. OK where do I FTP to (exact address). I tried to ftp to the address above and it said connection failed. Do I try to go to Stanford.edu first then to somewhere?? Hope to hear from you soon. Thanks Marc ******************************************************* ** DIGITAL FREEDOM BBS ** ** Canada's most controversial BBS, access on ** ** FIRST call, 100% FREE, NOW 2.1 GIGABYTES ONLINE!! ** ** ^^^^^^^^^^^^^^^^^^^^^^^^^^ ** ** Node 1 (416) 462-3327 28.8 V.34 ** ** Node 2 (416) 465-4767 14.4 V.42 ** ******************************************************* >>>Or try these other Internet sites<<< [WWW] [WORLD WIDE WEB] THE WORLD WIDE LIBRARY OF FREEDOM ERNST ZUNDEL'S VOICE OF FREEDOM SITE http://trend1.com/~phoenix http://www.webcom.com/~ezundel/english FRIENDS OF FREEDOM http://www.kaiwan.com/~ihrgreg/zundel http://alpha.ftcnet.com:80/ STORMFRONT - WHITE NATIONALIST PAGE ~cfsl/fof0795.htm http://stormfront.wat.com/stormfront [E-MAIL] RESISTANCE RECORDS MARC LEMIRE: marc.lemire at df.org http://www.resistance.com GREG RAVEN: ihrgreg at kaiwan.com ARYAN CRUSADER'S LIBRARY DON BLACK: dblack at jbx.com http://www.io.com/~rlogsdon HERITAGE FRONT: hf at df.org SCRIPTURES FOR AMERICA ERNST ZUNDEL ezundel at cts.com http://www.nilenet.com/~tmw/ [MAILING LISTS] Canadian Patriots Network/Digital Freedom: cpn at echo-on.net Resistance Records: resist-list at resistance.com Aryan News Agency (ANA): bf221 at freenet.carleton.ca Stormfront L: stormfront-l at stormfront.org From: "Declan B. McCullagh" To: Rich Graves Subject: Re: [NOISY] Deutsche Telekom <--> webcom.com "routing troubles" Message-ID: <0l3NAX200bkp0gQ7w0 at andrew.cmu.edu> Excerpts from internet.cypherpunks: 29-Jan-96 [NOISY] Deutsche Telekom <-.. by Just Rich at c2.org > Someone please inform Deutsche Telekom and the relevant prosecutors that > by the time they read this (i.e., within an hour), selected files from > Zundel's holocaust-denial archives (which make me sick, but that's beside > the point) will be available at the AFS path: > > /afs/ir.stanford.edu/users/l/llurch/WWW/Not_By_Me_Not_My_Views/ Rich, I'm going to mirror your site at: file:/afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/ I've just copied everything over, and now I'm creating an index page. Almost everything, that is. I only have a few megs to spare on this project; I'm already hosting the damn banned French book. - -Declan -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfRPxJNcNyVVy0jxAQFw2wIAmhXjIfeme3tSd+DV5G6FFeytUgnv5nou MtaO8SDTm8yQhTAsrhjqR/nZ42+q9bslzrt7fUjpY8Xdp6F3HedZ9Q== =vaUP -----END PGP SIGNATURE----- From david at sternlight.com Tue Jul 23 04:16:30 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 23 Jul 1996 19:16:30 +0800 Subject: Another fascist In-Reply-To: <199607221350.GAA05921@kiwi.cs.berkeley.edu> Message-ID: One of the great friends of free speech on this list sent a forged cancel message to the listbot to try to cancel my subscription. The listbot, being reasonably well designed, ignored him and told me about it, though I have no doubt less of a dunce could bring it off. What a piece of slime! What do others think of this practice? David From mclow at owl.csusm.edu Tue Jul 23 04:43:09 1996 From: mclow at owl.csusm.edu (Marshall Clow) Date: Tue, 23 Jul 1996 19:43:09 +0800 Subject: Borders *are* transparent In-Reply-To: <199607221420.HAA00786@toad.com> Message-ID: >"Peter Trei" wrote: > > Any one up for a distributed brute force attack on single DES? My > back-of-the-envelope calculations and guesstimates put this on the > hairy edge of doability (the critical factor is how many machines can > be recruited - a non-trivial cash prize would help). > I'll be there. I have a pair of PowerPC machines that I can donate for a week or so. -- Marshall Marshall Clow Aladdin Systems "We're not gonna take it/Never did and never will We're not gonna take it/Gonna break it, gonna shake it, let's forget it better still" -- The Who, "Tommy" From frantz at netcom.com Tue Jul 23 04:46:38 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 23 Jul 1996 19:46:38 +0800 Subject: Borders *are* transparent Message-ID: <199607230220.TAA01766@netcom7.netcom.com> At 10:32 AM 7/22/96 -0006, Peter Trei wrote: >Any one up for a distributed brute force attack on single DES? My >back-of-the-envelope calculations and guesstimates put this on the >hairy edge of doability (the critical factor is how many machines can >be recruited - a non-trivial cash prize would help). My Mac 9500/132 is chomping at the bit. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From jimbell at pacifier.com Tue Jul 23 04:52:14 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 23 Jul 1996 19:52:14 +0800 Subject: Boobytraps and the American Legal System Message-ID: <199607230808.BAA16026@mail.pacifier.com> At 04:13 PM 7/23/96 -0700, Timothy C. May wrote: >No, a better solution it seems to me is to dispose of the body so there is >only a "disappearance," with nothing to link the perp to one's self. >(Unless the perp left records or told someone...) > >My place is pretty isolated, so I wonder if my proposed solution is enough: >process with my 10 h.p Troy-Bilt chipper/shredder, treat output with 2 >sacks of quicklime, hose resulting product into ravine dropping down to >valley floor below. (Probably too much DNA-carrying crud left around, Contrary to all the old stories, quicklime (calcium hydroxide) actually PRESERVES bodies, it doesn't assist their decomposition. (It probably inhibits bacteria growth by raising pH, yet its alkalinity doesn't attack the organic material.) What you want is a few gallons of concentrated sulfuric acid, which will hydrolyze the fats, the proteins, dissolve the calcium in the bones, as well as erase any traces of DNA left in the mixture. Jim Bell jimbell at pacifier.com From adamsc at io-online.com Tue Jul 23 05:02:04 1996 From: adamsc at io-online.com (Chris Adams) Date: Tue, 23 Jul 1996 20:02:04 +0800 Subject: NSA Lawyers Believe ITARs Would be Overturned Message-ID: <199607230459.VAA23783@cygnus.com> On 22 Jul 96 05:06:06 -0800, tcmay at got.net wrote: >>Which raises an interesting question: Why aren't they (still) restricting >>PC-type computers for export? While it might not appear to make a great >>deal of sense either, a PC is just as much a tool for encryption as the >>software which runs on it. And it's obvious that given the two scenarios >>below: > >But they _are_ (so far as I know, though I haven't checked recently). > >That is, there are export restrictions on computers and programs which can >perform certain mathematical operations faster than some specfied limit. >For example, FFTs faster than a certain rate. > >My copy of Mathematica, updated less than 18 months ago, says "Not for >Export," and this was not because it contained any crypto code, but because >of the performance on certain algorithms (on commonly available machines). I was wondering why Mathcad had that sticker. It's only 2-3 months old, BTW. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From mpd at netcom.com Tue Jul 23 05:02:28 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 23 Jul 1996 20:02:28 +0800 Subject: Boobytraps and the American Legal System In-Reply-To: Message-ID: <199607230435.VAA24145@netcom3.netcom.com> tcmay at got.net (Timothy C. May) writes: > Agree, very foolish to ever plant boobytraps in one's own > home. The problem that I would have with boobytrapping my home is that there are numerous people (police, firepersons, maintainance workers, etc...) who might have a legitimate reason to try and gain entry. An automatic device cannot anticipate some complicated scenario which might play itself out while I was away, such as someone with a medical emergency trying to get to a phone, or public service personnel needing to gain entrance to fight a fire or to search for people to evacuate in case of a biological or chemical accident. The other reason I wouldn't do such a thing is that I do not own anything that I consider worth death or serious injury to another human being. I recognize that this is a personal view, and others opinions on the value of their possessions may differ from mine. Regarding the topic of children with guns, I recall a classmate of mine whose father gave him a loaded rifle to keep in his room for "protection" when he reached the advanced age of 12. That very night, he got scared when he thought he heard an intruder sneaking up the stairs, and emptied the gun into his dog. He really loved the dog, and the whole experience was very traumatizing for him. Statistically, guns in the home are far more likely to be used to shoot someone in a domestic dispute, or to be taken away by a criminal and used against the homeowner, than they are to be used to defend the homeowner against injury. I can see very little purpose for guns in densely populated urban settings, where people tend to be paranoid, and stray bullets can hit almost anyone. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From perry at piermont.com Tue Jul 23 05:03:46 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 23 Jul 1996 20:03:46 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: Message-ID: <199607230044.UAA13038@jekyll.piermont.com> "Bill Olson (EDP)" writes: > I don't care if it takes my son 6 years to get through 2 grade levels, > anyone who allows there kid to pack a gun (or a rifle?) should get their > head examined Why? What, objectively, is wrong with allowing, say, a twelve year old to go plinking with a .22? Lets not hear vitriol -- lets just hear cold hard reasons not to allow it. Myself, I'd say that it appears that there is no good objective reason. Perry From jsw at netscape.com Tue Jul 23 05:04:16 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Tue, 23 Jul 1996 20:04:16 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F48946.5E8E@netscape.com> Vladimir Z. Nuri wrote: > by creating a very large, glaring, and visceral > public spectacle of the government cracking down on crypto, the > resulting outcry could be absolutely enormous and resonate throughout > the entire population. it would be a vivid portrayal of what the > government has been doing quietly and secretly for decades, and > perhaps the public might finally understand what is going on. I think that it would be more effective to get the US version of netscape into the hands of as many US citizens as possible. Taking away our permission to download in the near future after a few tens of thousands of downloads won't mean near as much as telling several million people running the US version that they can't upgrade to the next release and maintain their strong crypto capabilities. Once a few million voters have it, it will be very hard to take it away again. What i'm hoping for is the wide distribution of strong crypto in a user friendly package. Isn't that the heart of cypherpunk ideals? I certainly have sympathy for those who want to make a point by uploading our US software to hacktic and other foreign servers, but I think that my company will probably have to ask hacktic and others to remove these copies. I'm also curious why these anonymous crusaders did not act sooner? The US version has been available for sale in retail outlets for about a year now. Was it not worth $50 to make your point? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at netscape.com Tue Jul 23 05:09:23 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Tue, 23 Jul 1996 20:09:23 +0800 Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape) In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu> Message-ID: <31F48DAA.355@netscape.com> Steven L Baur wrote: > > >>>>> "Jeff" == Jeff Weinstein writes: > > Jeff> Well yes, the first time they do it. But the many times they > Jeff> download new versions, from now until the end of time, they can > ^^^^^^^^^^^^^^^ > Jeff> use 128-bit SSL. > > The world is ending September 17, 1996 I presume? ;-) The final version of 3.0 will be available for download well before Sept 17. That version will not have a timebomb. Even the timebombed versions will let you connect to our site to download new versions. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at netscape.com Tue Jul 23 05:09:51 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Tue, 23 Jul 1996 20:09:51 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F48BF4.4F2E@netscape.com> Lucky Green wrote: > > At 13:38 7/22/96, Tom Weinstein wrote: > > >Yes, and that's what we're trying to do. Get strong crypto in the hands > >of as many people as we can. I can hardly wait until we get S/MIME in. > > What will Netscape do to about the 40bit RC-2 default and the signatures on > the outside of the encryption envelope design flaws in S/MIME? I can't > imagine Netscape releasing software that has these two properties. If you know that the recipient can read a message encrypted with 3DES, IDEA, or RC2-128, then you can send the message using one of these strong algorithms. Given that you need someones public key to send them a message, there are several obvious ways to transmit information about what algorithms they accept along with it. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From dlv at bwalk.dm.com Tue Jul 23 05:14:09 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 23 Jul 1996 20:14:09 +0800 Subject: Boobytraps and the American Legal System In-Reply-To: Message-ID: <2sBiRD1w165w@bwalk.dm.com> I think Tim May is growing senile... tcmay at got.net (Timothy C. May) writes: > (Later examples were to be even worse. For example, the burglar who climbed > on a roof and stepped through a skylight. He sued, and won. I guess the > owner of the property was obligated to install night lights so burglars > could see their way, and to generally make his property more > "burglar-friendly." Actually, he fell through the roof of a school he was trying to burgalize. In a similar incident a burglar broke into a house that was being treated for pests (i.e., was full of toxic fumes). He died; his family sued the owners and won. Maybe someone can post a reference to these two cases. I recall that both happened in New York, but I could be wrong. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From shamrock at netcom.com Tue Jul 23 05:14:33 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 23 Jul 1996 20:14:33 +0800 Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced NinjaRaids) Message-ID: At 12:01 7/22/96, Ernest Hua wrote: >You might be missing the mark too, but I thought the subject was >giving a gun to every child who enters school, not YOURs or SOME >EXPERT 6 YEAR OLD's special case. There is *nothing* that should be given to every child or every adult for that matter. I very much oppose the use of my tax dollars to issue guns or school books to children. Let the parents buy the items required for the children's safety or education. [We are straying away from crypto...] -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From frantz at netcom.com Tue Jul 23 05:22:34 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 23 Jul 1996 20:22:34 +0800 Subject: Filtering out Queers is OK Message-ID: <199607230213.TAA01220@netcom7.netcom.com> At 5:03 PM 7/22/96 -0700, Ernest Hua wrote: >Therefore, nobody (not you, not the PTA, not the school, not the >Congress) has any right to tell me what is good for my child. Ern - This is a serious question. When does your child have the right to say that what you think is good for her/him is crap and then proceed to ignore you? IMHO, this question is the major question for the parental rights at all costs people. It is best if your children and you can reach broad enough mutual respect so you can work this issue out informally. However, I personally know a lot of cases where the best didn't happen. The teen-parent wars were quite spectacular. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From dlv at bwalk.dm.com Tue Jul 23 05:22:42 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 23 Jul 1996 20:22:42 +0800 Subject: Home Made Telephone Voice Changer In-Reply-To: <2.2.32.19960722163544.00331a2c@labg30> Message-ID: <9yVHRD9w165w@bwalk.dm.com> John Deters writes: > On Wed, 17 Jul 1996, Jerome Tan wrote: > > > Does anyone know how to make a home-made telephone voice changer? > > Well, if you've got your sound card in your computer, if you download Speak > Freely (from http://www.fourmilab.ch) and simultaneously turn on LPC-10 > compression along with simple compression, I've found my voice comes out > more like Robbie the Robot than John Deters. It's an interesting feature of > the LPC-10 compression that as it removes redundancy from the transmission > that it removes the "human identity" from it as well. There's got to be a > moral to that story somewhere (especially since the NSA developed the LPC-10 > algorithm). You can find voicw changers and a lot of other fun toys in the Edge Company catalog (+1 800 732 9976). They have other electronics, guns, knives, swords, cross-bows, what have you. No homicidal maniac should be without their catalog. It would be an interesting EE project to implement a voice changer in software using a PC with a sound / phone board. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From EALLENSMITH at ocelot.Rutgers.EDU Tue Jul 23 05:26:52 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 23 Jul 1996 20:26:52 +0800 Subject: Intel, Microsoft doing Internet Phone Software Message-ID: <01I7DZYQD30W9EDD2U@mbcl.rutgers.edu> I would be curious if the standards mentioned include any cryptographic capabilities. The PGPhone people might want to look into producing a patch for the Intel (and later Microsoft) programs allowing encryption. (In consideration of fair use, I am both editing it down and putting on the same ad I see (I use lynx).) -Allen > [The New York Times] > _ Monday July 22 6:03 PM EDT _ >Intel Unveils Internet Phone Application > SAN FRANCISCO, Calif. (Reuter) - In its quest to make the personal > computer an indispensable tool, Intel Corp. Monday unveiled software > that will make it easy to place long-distance phone calls over the > Internet. > The Intel Internet Phone software is the first to allow users of > different types of computers and software to link up, solving a > problem that has held back use of the global computer network for > long-distance telephone calls, even though it would save long-distance > toll charges. > Intel's software uses a telcommunications standard that allows users > of different computers and telephone software to talk to each other. > Until now, people using the Internet for phone calls had to have > identical software and hardware. > The software works on PCs running Microsoft Corp.'s Windows 95 > operating system. Intel also has signed up 120 companies who have > agreed to use the standard in new products. [...] > Jeff Pulver, author of the soon-to-be-publisehd Internet Telephone > Toolkit and chairman of the Voice on Internet Coalition, said Intel's > breakthrough was that the software is based on open standards, not > proprietary software, and so could spur growing use of the Internet > for telephone calls. > ``It's not that Intel is coming forward with a new product, but that > Intel and Microsoft recognized the need for standards and have done > something about it. Intel is the first company to actually deliver on > a standard,'' Pulver said. > To insure its success, Intel is offering the software free starting > Wednesday on its Web site -- http://www.intel.com/iaweb/cpc. [...] > The most viable competitor is Netscape Communications Corp., which is > incorporating a voice telephone feature in its Navigator 3 Internet > browser. [...] > ``We believe voice telephony on the Internet represents a major > opportunity for AT&T,'' AT&T spokesman Mike Miller said, adding that > AT&T is exploring the area as a business itself. [...] > Microsoft plans to introduce its version of Internet phone software, > called NetMeeting, in September. > _Reuters Limited_ From mab at crypto.com Tue Jul 23 05:31:20 1996 From: mab at crypto.com (Matt Blaze) Date: Tue, 23 Jul 1996 20:31:20 +0800 Subject: Distributed DES crack In-Reply-To: Message-ID: <199607230422.AAA09435@crypto.com> I don't want to throw water over what I think would be a very useful thing to have done, but I'm really skeptical that current "net" computing power with general purpose processors is up to this. My back of the envelope calculation, making some generous assumptions about the implementation, suggests that such an effort would require somewhere in the range of 10,000 and 50,000 CPU years on general (100MHz or so Pentium) processors. This is well beyond any distributed computation I'm aware of ever having been done, even adjusting for "Moore inflation". While feasible in a "complexity theory" sense, it's really not realistic yet. Even if it were feasible, what would we use as a challenge key? Personally, I'd rather someone finish up the Wiener ASIC to the point where it could go out to fab, get some prototype chips made, design a board around it, and publish the design, from board layout on down. This would be a great Master's project, and some of us (maybe me, but I'll have to check) might even be able to scrape up enough funds to buy enough chips/boards/etc to build a modest size machine (say, that could exhaust a DES key in 1-6 months). Initial engineering costs aside, the marginal cost of each such machine could be well within the budgets of, say, a medium size crypto research lab, and would make a scary enough demo to convince even the most trusting management types of the risks of 56 bit keys. -matt (Please cc me on replies, as I'm not reading the list except when someone alerts me to an interesting topic. Thanks.) > > I've a few machines around that could be dedicated almost full time to the > task. What are the bandwidth requirements? Specifically, could the > keycracker be run over a 28.8 (with a 486 running linux)? If so, how many > 486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy > chained with ppp over direct serial connection)? > > --nc > > On Mon, 22 Jul 1996, Perry E. Metzger wrote: > > > > > Perhaps a Java page containing a DES cracker that one could run for > > the casual participant, and a set of links to download a real cracker > > for the non-casual participant... > > > > I think its really time that we did this. DES must be shown to be > > dead. > > > > When the media hear about it, they will, of course, get "experts" > > saying "but it took five thousand people millions of dollars in > > computer time". We should ask Matt Blaze to write a paper in advance > > explaining that although this test, on general hardware, took a lot of > > effort, that with specialized hardware it would be cheap as can be. > > > > Perry > > > > Paul Foley writes: > > > "Peter Trei" wrote: > > > > > > Any one up for a distributed brute force attack on single DES? My > > > back-of-the-envelope calculations and guesstimates put this on the > > > hairy edge of doability (the critical factor is how many machines can > > > be recruited - a non-trivial cash prize would help). > > > > > > Not quite sure what you mean by "doability" -- it's obviously doable, > > > it just depends how long you want to wait. > > > > > > I'm in. > > > From jimbell at pacifier.com Tue Jul 23 05:32:01 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 23 Jul 1996 20:32:01 +0800 Subject: Brute Force DES Message-ID: <199607230741.AAA15203@mail.pacifier.com> At 04:55 PM 7/22/96 -6, Peter Trei wrote: >Single DES has the security of 56 bits of key - there are 64 bits in the >keys, but 8 of them are parity bits which add nothing to security. >2^56 = 7.205e16 keys (which is a whopping big number) >Let's guess that we can recruit the equivalent of full-time on 1000 >machines. >7.205e13 keys/machine. >Let's guess that we have about a month before people start to lose >interest - so we want to be more than 1/2 done by then. Lets say >we want to sweep the whole space in 40 days. > >1.8e12 keys/machine/day > >~21,000,000 keys/machine/second > >The fastest general purpose, freely available des implementation I'm >aware of is libdes. by Eric Young. With this, I can do a set_key in >15.8 us, and an ecb_encrypt in 95 us/block. That adds up to >about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). For grins, I decided to look at some old Intel data books; I had recalled that they build a DES encrypt/decrypt chip. It was the 8294A, which could do 400,000 bytes per second, or 50,000 blocks per second. That's fairly good for 1983 technology. Since the clock rate of the typical microprocessor of the day was a 6-MHz 80286, and today's rate pushes 200 MHz, I think it's fair to conclude that a similarly state-of-the-art DES chip should be similarly improved, about a factor of 30, or about 1.5 million blocks per second. That's somewhat less than 2000 system-years of operation. (In practice, a cracker might be even more improved: The 8294A used an 8-bit I/O bus, which probably limited the rate at which encrypts could be done: 400,000 bytes per second means 400,000 writes, and 400,000 reads per second, or 1.25 microseconds per I/O byte throughput. This is sufficiently close to state-of-the-art for 1983 that I speculate the internal encryption rate might be substantially faster. And remember that a dedicated cracker doesn't need to I/O very much: Comparing with a previously-stored template requires no I/O, unless the compare is good, and that will rarely happen.) Not that I think that such a dedicated chip necessarily exists; chances are good that there isn't all that much demand for a 12-megabyte/second encryptor. However, appropriately-fast DSP chips tend to be at the cutting edge for wide-word operations, so I'll guess that the best way to implement DES today (absent a dedicated chip) would be on a DSP. It would also be the cheapest, because DSP's are built in huge numbers for other applications. What this shows you is that there is a vast difference between doing a task on a fairly optized platform, and a general-purpose computer. This _also_ shows you why the government is being highly dishonest by quoting the difficulty in cracking ciphers on scalar machines, rather than more-dedicated vector units. Jim Bell jimbell at pacifier.com From mpd at netcom.com Tue Jul 23 05:39:01 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 23 Jul 1996 20:39:01 +0800 Subject: Boobytraps and the American Legal System In-Reply-To: Message-ID: <199607230644.XAA20497@netcom20.netcom.com> Lucky Green wrote: > Some people say that the lesson to be learned form such harsh > legal realities is to kill burglars on sight. After all, dead > people don't sue... I remember some bus drivers in Mexico getting in trouble a number of years ago for their unwritten policy of running the bus back over anyone they accidently hit. Similar legal reasoning was, I believe, involved in this case as well. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From david at sternlight.com Tue Jul 23 07:38:58 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 23 Jul 1996 22:38:58 +0800 Subject: Boycotts and Etiquette In-Reply-To: Message-ID: At 9:04 AM -0700 7/22/96, Alan Horowitz wrote: >My own decision to not interlocute with Sternlight is premised as >follows: His viewpoint is invariant and, by now, efficiently disseminated. >Briefly, he is a Statist and he never heard of any degree of Statism that >offends his sensibilities. You, sir, are an ignoramus. I mean by that that you have not read any significant volume of my posts, in many of which I vigorously oppose such things as the Digital Telephony Bill, and yet you pronounce freely on something about which you know little. Although I sometimes agree with sentiments here for logical and policy reasons, and sometimes disagree for the same reasons, you apparently think that unless someone agrees lock-step with you they are rubber stamps for the "other side". You have a lot to learn. And by the way "statist" is an empty taunt. But then, perhaps you think the Founding Fathers were statists, and the Constitution a tool of the devil. > I understand he's old enough to have been >around when Stalin was still running things in the USSR. David probably >was finding good things to say about Old Joe. Actually, though fairly young at the time, I was horror-stricken. That's one man I never had a good word for. I was amazed that most fellow-travelers didn't see it until his pact with Hitler. > And more importantly, >about J Edgar Hoover. Though your black and white mentality can't accomodate it, Hoover did at least one major positive thing for civil liberties, amid the morass of his high-handed offenses. That was to refuse to go along with the Nixon White House's "Houston Plan". He said flat out it was unconstitutional and he wouldn't do it. They tried every way they could to get around him, but failed. It's all been documented in Senate hearings and with the source documents. Now some say Hoover did this for his own reasons but be that as it may, on that occasion he saved the Constitution, and despite his sins I think he died shriven. > >I pay by the minute for my internet access; many others do as well. If I >decide to ignore Sternlight, it is a business decision, not a moral one. You are free to ignore anyone you like for any reason, or no reason. I urge you to kill file me if you don't want to read my stuff. If you have a mail reader I'm familiar with, I'd even be happy to give you instructions on how to do it. David From mikev at is.co.za Tue Jul 23 07:53:17 1996 From: mikev at is.co.za (Mike van der Merwe) Date: Tue, 23 Jul 1996 22:53:17 +0800 Subject: Another fascist In-Reply-To: Message-ID: On Mon, 22 Jul 1996, David Sternlight wrote: > One of the great friends of free speech on this list sent a forged cancel > message to the listbot to try to cancel my subscription. Surprise, surprise. > What a piece of slime! What do others think of this practice? I think it had to happen sometime :-) Later Mike ----- I'm sure we will find out in a few years that Microsoft invented the Net. Or brought it to the masses. Or saved it from a certain and early demise. Or all of the above. James Seymour From tcmay at got.net Tue Jul 23 08:00:55 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 23 Jul 1996 23:00:55 +0800 Subject: DES-Busting Screen Savers? Message-ID: At 8:28 PM 7/22/96, aba at atlas.ex.ac.uk wrote: >Hmm, 56 bits is a lot of bits... > >Here's some calcuations of my own for your criticism... >So ideally for a break you would like the whole thing to be completed >in say 2 weeks wall clock time, which gives rise to the need for >~100,000 machines of similar throughput, full-time for two weeks. Or several times that number of machines or time for machines with less crunch. Say, 100K Pentium-type machines for a month or two. How might this be gotten? A while back I proposed one approach: a brute force "screen saver" for Windows machines. Other platforms, maybe, but the most cost-effective thing to do is to go after the Windows market only. Instead of bouncing balls around the screen, or whatever screen savers like "After Dark" are doing these days, it could flash messages about "Working on a crack of ...." and perhaps show bar graphs, etc. Maybe some flashy graphics, some Cypherpunkish slogans, etc. That is, an attractive enough screen saver module in its own right that people would be perhaps inclined to leave it running. (I know that "After Dark" publishes the specs on its program and encourages third-party drop-in modules...some have been successful enough to be marketed by the vendor. I presume this is still the case, and with Windows, too.) Acquiring chunks of keyspace remains an issue, but I think we resolved a while back that a probabalistic method works OK: people just pick chunks at random, and the decreased efficiency as compared to perfect scheduling is something like a factor of a couple (I have the numbers I calculated somewhere, and I recall Hal Finney made the same estimate). Some means of communicating results--especially wins!--is still needed. This is where Perry's idea of a Java program is a good one. >As far as cash prizes go how much could cypherpunks and friends >generate for such a purpose? I'd guess individuals could come up with >a fair bit of money... 1000+ list members x 10$ = 10k (or whatever). More realistically, 1000+ list members x 10% who make plans to contribute x half of these who actually follow through x $10 = $500. (If that....) Prizes have their place, but are hard to set up properly. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jti at i-manila.com.ph Tue Jul 23 08:11:02 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 23 Jul 1996 23:11:02 +0800 Subject: Decrypt Unix Password File Message-ID: <01BB78C7.358738E0@ip73.i-manila.com.ph> How can I decrypt Unix password file? From JeanPaul.Kroepfli at ns.fnet.fr Tue Jul 23 08:35:01 1996 From: JeanPaul.Kroepfli at ns.fnet.fr (Jean-Paul Kroepfli) Date: Tue, 23 Jul 1996 23:35:01 +0800 Subject: Boobytraps and the American Legal System [France Legal System] Message-ID: <01BB7893.31CF1080@JPKroepsli.S-IP.EUnet.fr> TCM wrote: (...) >Still, I remember vividly in college when the court case was decided >involving a guy in Florida who was tired of being burglarized and the cops >doing nothing about it: he rigged a shotgun to go off when someone broke a >window and entered. A perp did, was shot, survived, and the case went to >trial. > >The boobytrapper was found guilty of some serious crime--I don't recall the >details (this was circa 1972). > (...) > >As Vinnie said, "only in Amerika." Not only, in France too. Circa twenty years ago a man booby-trapped his secondary house (a radio set with explosive) and was successfully sued by the burglar for damages. I think it is also the point of view of the central european society. Jean-Paul ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- Jean-Paul et Micheline Kroepfli (our son: Nicolas and daughter: Celine) eMail: JeanPaul.Kroepfli at utopia.fnet.fr Also Compuserve and MSNetwork Phone: +33 81 55 52 59 (F) PostMail: F-25640 Breconchaux (France) or: +41 21 843 27 36 (CH) or: CP 138, CH-1337 Vallorbe Fax: +33 81 55 52 62 (Switzerland) Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting PGP Fingerprint : 19 FB 67 EA 20 70 53 89 AF B2 5C 7F 02 1F CA 8F "The InterNet is the most open standard since air for breathing" From jti at i-manila.com.ph Tue Jul 23 09:00:05 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Wed, 24 Jul 1996 00:00:05 +0800 Subject: Code of Password File Message-ID: <01BB78C3.B04FDB80@ip73.i-manila.com.ph> What is the code of password file of Unix? I have them but don't know how read them. Any file converter or viewer for that? From pjn at nworks.com Tue Jul 23 09:19:46 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Wed, 24 Jul 1996 00:19:46 +0800 Subject: Netscape download req Message-ID: -=> Quoting Int:dlv at bwalk.dm.com to pjn at nworks.com <=- In> of Archimedes Plutonium, Dr. Jozeph Goebbels, and Janet Reno combined. Ewwww... (Two is fine, but Reno pushed it over the edge :) P.J. pjn at nworks.com ... Hey Bill Clinton: I'll give you something to censor.... ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Tue Jul 23 09:22:57 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Wed, 24 Jul 1996 00:22:57 +0800 Subject: Responding to Pre-daw Message-ID: >> ichudov at algebra.com (Igor Chudov @ home) writes: >> David Sternlight wrote: >> > >> It is not surprising that after the society decided to label >> natural economic activities (drug dealing) as crimes, it has >> to resort to unnatural methods of enforcing the unnatural >> legislation. >> ... > Please do not respond to anything "Dr." David Sternlight posts to this > mailing list, no matter what nonsense he says. The asshole is starved > for attension. He's just trolling for flames. Please ignore him. Thank > you. > -!- Get real... I dont like him or his posts, but he has the right to do so, and you have no right to censor him or anyone else. If you dont want to read his posts, then dont...Its that simple... For a mailing list that has so many people complaining about the government censoring people... P.J. pjn at nworks.com ... (A)bort (R)etry (S)mack the friggin' thing ___ Blue Wave/QWK v2.20 [NR] From hfinney at shell.portal.com Tue Jul 23 09:26:27 1996 From: hfinney at shell.portal.com (Hal) Date: Wed, 24 Jul 1996 00:26:27 +0800 Subject: Anonymous web servers Message-ID: <199607230317.UAA18923@jobe.shell.portal.com> [This is somewhat of a follow-up to Black Unicorn's idea about private web pages a few weeks ago, also motivated by thinking about Ross Anderson's Eternity service, about which I just posted.] Right now you can get anonymous web pages at various places. But these are basically just regular web pages where you haven't told the service provider what your name is. If somebody doesn't like what you have posted there they may be able to get your pages shut down just as easily as if you were non-anonymous. I was thinking about ways to allow more truly anonymous web pages. The goal would be to allow them to operate even if someone powerful didn't like them. I'm not sure the idea I have really works but I thought I'd lay out some possibilities. The web is basically a client-server environment. The server sits there all the time ready to accept connections from users running clients (browsers). The client connects briefly to a web page and downloads the data for the page. It disconnects and displays the data. Some of the newer technologies have extended this model but it is the original concept. The idea I have is to provide a meeting place for anonymous servers and clients. There would be a sort of "meta-server" which runs software which just pairs up interested parties. The idea is that both servers and clients would be relatively transient. Two people would arrange in advance to interact via web protocols, and agree on a transient URL which they would share. The client and server both connect to the "meeting place" host, specifying the magic name they have agreed on. The meeting place software would then pair up connections which shared the same name and allow them to interact via conventional protocols. URL's for the meeting place server would be interpreted in this context rather than simply as file names. In some ways the role of the "meeting place" software is similar to an IRC server. In fact, this concept could be thought of as HTTP over IRC. The big question mark is whether the meeting place would be blamed for the possibly illicit transactions it facilitates. It can argue that it didn't know what people are doing (it might require people to use SSL for their transactions so it doesn't see them). But in practice it may be easy for attackers to prove that illegal transactions are going on (they just arrange to connect to an illicit server and download incriminating evidence). It does seem though that IRC, despite having a reputation as a place where a lot of illegal transactions occur, manages to keep running, without the servers taking the blame. Maybe it is just a matter of having a low enough profile? You'd also have a problem if a server, protected by anonymity, decided that being transient was stupid and arranged to always be ready to respond to one of the anonymous URL's. Then there seems effectively no difference between the "meeting place" with an anonymous server URL, and an ordinary host with an objectionable file available via URL. In each case clients connect and get the same illegal data. One thing we haven't seen (AFAIK) is anonymous posters offering to supply illegal data to anyone who asks for it. Something like "just post your email address and I'll mail you (anonymously) some Holocaust revisionism" (or Christian literature, or whatever else may be banned in your particular jurisdiction). This is the kind of application where it would seem that the anonymous web pages would be effective. Maybe there is not much demand for it, after all. Hal From a.brown at nexor.co.uk Tue Jul 23 09:28:16 1996 From: a.brown at nexor.co.uk (Andy Brown) Date: Wed, 24 Jul 1996 00:28:16 +0800 Subject: Distributed DES crack Message-ID: <01BB787C.91653EF0@mirage.nexor.co.uk> On 22 July 1996 22:48, Ben Holiday[SMTP:ncognito at gate.net] wrote: > I've a few machines around that could be dedicated almost full time to the > task. What are the bandwidth requirements? Specifically, could the > keycracker be run over a 28.8 (with a 486 running linux)? If so, how many > 486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy > chained with ppp over direct serial connection)? It's not a factor of the bandwidth, you search offline and send in your results to a central server. But first, a little reality check is in order. According to libdes, the 200Mhz Pentium Pro on my desk will do 1,827,997 ECB bytes/sec, or 228,499 ECB blocks. A DES crack would have to try, on average, 2^55 blocks. That would take my machine 43,798,875 hours, or 1,824,953 days. OK, so let's be reasonable and say that a week would be a good time to come up with a DES key. We would need 260,707 200Mhz Pentium Pro's to achieve this. Looking at that, 30 days seems not such an unreasonable target. We would need 60,831 200Mhz Pentium Pro's to achieve this. It seems obvious to me that DES is still *way* out of reach of anything other than special purpose hardware. Regards, - Andy (hoping he got his sums right) PS. For those more acquainted with Sun hardware, an Ultra-1 will do 1,683,647 ECB bytes/sec (gcc 2.7.2). From s_levien at research.att.com Tue Jul 23 09:35:22 1996 From: s_levien at research.att.com (Raph Levien) Date: Wed, 24 Jul 1996 00:35:22 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F4C095.2886@research.att.com> Jeff Weinstein wrote: > > Lucky Green wrote: > > > > At 13:38 7/22/96, Tom Weinstein wrote: > > > > >Yes, and that's what we're trying to do. Get strong crypto in the hands > > >of as many people as we can. I can hardly wait until we get S/MIME in. > > > > What will Netscape do to about the 40bit RC-2 default and the signatures on > > the outside of the encryption envelope design flaws in S/MIME? I can't > > imagine Netscape releasing software that has these two properties. > > If you know that the recipient can read a message encrypted with > 3DES, IDEA, or RC2-128, then you can send the message using one of > these strong algorithms. Given that you need someones public key > to send them a message, there are several obvious ways to transmit > information about what algorithms they accept along with it. Yes, we all know that. But which one will Netscape actually _do_? If there's one thing we've learned from PGP, it's that configuration and per-user key management are killers. The reason why I'm so excited about Netscape is that you guys have the _possibility_ to really get strong crypto to the masses. Whether you really do that or not is in your hands. I've made a proposal for solving the 40-bit protocol failure in S/MIME. There are other proposals out there too, with various strengths and weaknesses. The main advantage of mine is that it requires no additional infrastructure - i.e. VeriSign does not have to start including algorithm preferences in the DigitalID's they distribute. Will Netscape come through? Raph From rp at rpini.com Tue Jul 23 09:44:33 1996 From: rp at rpini.com (Remo Pini) Date: Wed, 24 Jul 1996 00:44:33 +0800 Subject: Returned mail.No such addressee Message-ID: <9607231156.AA21031@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Jul 23 13:53:56 1996 To: cypherpunks Date: Tue Jul 23 13:53:09 1996 Check out Pronto Secure (I think there's a mac version around!?) http://www.commtouch.com/ - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfS9VRFhy5sz+bTpAQHYFQgA1BzJQY9dM29KYpuzdhW9GRG/Ng0M9x5o d2obC6MWa3th3vCjr3qSb1yC4IKLXLACFvTa4/jHky8P3//3UOUVNZ0IffPSlY9/ a3dKSKFyMUaKtyzi7rzCV24NlBFT1eJVVNZjYsH8pbCGbxteH5+dRAvvbkmSPukX GGa1oY6u/XK7Ti8IaOifWFDvYi76W37UlLs9aSGAfpTWKlM88bnkUL3iPxHf8qs6 DE0PQZOE8M4JyQTc/H7E5oNkEhE9RxIOgJNpZGPSOazwh3MVjTBLIZZOpmsV3srv EH6aNobS5shKOs8t/t7aCXIzhvNRDEqB652bfPP79Q13ICOT7BBYyA== =4iqW -----END PGP SIGNATURE----- From adam at homeport.org Tue Jul 23 09:46:02 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 24 Jul 1996 00:46:02 +0800 Subject: DES-Busting Screen Savers? In-Reply-To: Message-ID: <199607231346.IAA26649@homeport.org> Timothy C. May wrote: | >As far as cash prizes go how much could cypherpunks and friends | >generate for such a purpose? I'd guess individuals could come up with | >a fair bit of money... 1000+ list members x 10$ = 10k (or whatever). | | More realistically, 1000+ list members x 10% who make plans to contribute x | half of these who actually follow through x $10 = $500. (If that....) | | Prizes have their place, but are hard to set up properly. A better way to set up a prize is to find a few big companies willing to sponsor such a demonstration. AT&T, Nortel, RSA, Netscape, Microsoft, Qualcomm, and many other companies have an interest in seeing stronger than DES crypto exportable. Perhaps one of them could set up a prize, similar to netscape's Bugs Bounty, or the RSA-129 challenge. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From bkennedy at nb.net Tue Jul 23 09:48:11 1996 From: bkennedy at nb.net (William "Bud" Kennedy) Date: Wed, 24 Jul 1996 00:48:11 +0800 Subject: DNA printing at birth Message-ID: [IMAGE] UK News Electronic Telegraph Monday July 22 1996 [IMAGE] Issue 432 See text menu at bottom of page [IMAGE] Labour plans DNA tests for everyone from birth By Rachel Sylvester, Political Staff _________________________________________________________________ External Links [IMAGE] Identity cards - A solution looking for a problem [IMAGE] Conservative Way Forward - Danger of compulsory ID cards [IMAGE] Centre for Computing and Social Responsibility - response to Green Paper on ID cards _________________________________________________________________ RADICAL plans to take the genetic fingerprints of everyone in Britain and put them on a compulsory ID card are being considered by Labour. A database of DNA identities would be used to solve crimes and cut benefit fraud. Frank Field, tipped as a possible Social Security Secretary in a Labour government, has drafted proposals to produce a genetic database of the nation. Blood samples would taken from babies and from people applying to live in Britain. The samples would be used to extract DNA. Only identical twins have the same DNA, making it a more accurate fingerprint. Chris Smith, shadow social security secretary, confirmed that the party was examining the plans. "We are not ruling them out. We are determined to cleanse the national insurance system of fraud." John Wadham, director of the pressure group Liberty, said it was incredible that a senior Labour politician could suggest such a "draconian" measure which breaches European law. "There is no evidence that such a massive invasion of our privacy would do anything very much towards stopping crime." Mr Field, chairman of the Commons Social Security Select Committee, also advocates taking compulsory fingerprints from every citizen as a fall back to confirming a person's identity. The combination of genetic and physical fingerprints would be used to "rebuild the national insurance system", Mr Field said yesterday. Each person would be given a number at birth, combining national insurance and health numbers, which would tally with their genetic code. The information would go on a computerised identity card. It would also contain an individual's address, medical history or criminal record. It would be impossible to claim benefit without the card. Mr Field believes that Mr Blair is "sympathetic" to the proposals and that any opponents would be "Old Labour". Mr Blair will express his determination to reduce fraud in a speech tomorrow. Mr Field, MP for Birkenhead and described as one of Blair's "gurus", believes that the scheme would eradicate the use of multiple identities by benefit fraudsters and wipe off a large part of the annual �2.5 billion cost of social security fraud. There are millions of bogus national insurance numbers in circulation. It would also allow police to solve more crimes because traces of semen, hair or skin found at a burglary or rape would lead to the culprit. Ann Widdecombe, the Home Office Minister, said: "There are huge practical and resource implications. Think what it would cost to test every person in the country." Mr Wadham said there was no guarantee that the benefits would follow. "Not all fraud is to do with bogus national insurance numbers. I do not understand why, even if you have an identity card, you would need a genetic database." Mr Field advocates setting up a commission to regulate the use of the information. It is unlikely that any policy would be announced before the general election. Mr Blair, who is known to be looking for radical ideas on social security, has told shadow ministers to "think the unthinkable" and remind the public that "with rights come responsibilities". From rp at rpini.com Tue Jul 23 10:02:59 1996 From: rp at rpini.com (Remo Pini) Date: Wed, 24 Jul 1996 01:02:59 +0800 Subject: Borders *are* transparent Message-ID: <9607231155.AA21003@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Jul 23 13:52:55 1996 > What about the possibility of using DSP's? Is there any brand of 28.8 K > modem which uses a "standard" DSP and EPROM firmware? Such a beast > might be > the easiest way to get a large amount of CPU horsepower operating > independently of the host computer. DSP's are optimized to execute a > large > number of instructions with little I/O needs. > > Jim Bell Zyxel modems (ISDN and V34) have a Motorola 56000 DSP and a Motorola 68000. - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfS9GBFhy5sz+bTpAQFQbggAp7H0bJyZYUzD87QQorzRQ8PTaTkkB1r3 tsEj6JWmq4PlppRd0lvjP2mN4LmfR700A8O7qdr6d9IfKrNmQzItDEPjq2zv+Lbf P9e2mi7Jz1xl1faZv3YiBAbdhv/jlnI0m4o3x6AwZNkAy1pe3xkj61H9n8tQ3cqf eAwDqZlOCCsjuN/hdJAiIHuiuqC2W0i59bZR59u6ek8iXE+8LnXXxeMxuUOZVIgI 2efgoJk6ev5/7IOoDaMlgffkHcWTTnjEClBI3JnGcIOnauacYG8t8UuPa5R8Td0t ZL/O8/gEDKGpos8j92DSyDgjb6XrRWq3CWZbfoXDhfRbnTKU/ZqXUg== =2afe -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Tue Jul 23 10:31:03 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 24 Jul 1996 01:31:03 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607230327.XAA16059@unix.asb.com> On 22 Jul 96 at 11:19, Alex F wrote: [..] > > Other issues: what if an eavesdropper steals the music or video? It's > > If they steal it, well, who cares? If there is something worked out > so that they could trace STOLEN (not traded or sold) CDs then fine, > arrest them. Do you really think though that anyone would waste so > much time over $8? Sniffers aren't much effort, and if I sniff your tagged purchases and put them out over the net anonymously, they are traced to you. > > If it uses a credit-card number as (part of) an ID, that's pretty > > bad. Someone can sniff for CC numbers if they know how it's stored. > > Probably not done that way. My guess is that the disk ID is assigned [..] Probably, but the Billboard article discussed using CC numbers as an ID in the online watermarked transactions. Doesn't mean they were correct, of course. > > The system will have to rely on proprietary tech and security through > > obscurity. Even know how watermarks are stored without understanding > > the math, one must be able to somehow garble the sound without > > distorting it, but which renders the watermark useless. > > Actually, this would be quite easy. The "watermark" would be a > signal that plays inband, but out of our hearing range during the > entire CD. The human ear can only hear in the 20-20,000 (Hz, KHZ?, > whatever) range. It would be trivial to add a digital ID signal at, > say 30,000 or 15 or something like that. This could then be decoded, > if need be. This seems the easiest and most efficient way. This > could also be defeated with a lot of $$ (and/or a LOT of HD space). > If the frequecy is known (it can be found out) it can easily be run > through recording studio eqipment that can very effectively isolate > the frequency and cut it out. If you have a LOT of HDD space > (digital audio at 2 stereo tracks, not sure of the sampling rate or > bit resolution, takes about 20MB of HDD space per minute (2 tracks, > good sampling and bit rate) ) you could probably find the freq. > fairly easily by isolation and just edit it out, and write the new > stuff to a CD-R. If the signal is purely digital, I would imagine > that it might be even easier that if it were an analog signal (?). > Someone w/ good equipment (Digital Labs' stuff, or SAW (Software > Audio Workshop) would be able to do this w/o much problem. The > question is is the price/effort worth it? In quantity maybe. On an > individual basis, only if you already happen to have the erquipment. For someone in the misuc counterfit business, the equipment is probably not that expensive. It's innocuous enough (recording and editing equipment) that it wouldn't draw suspicion. AFAIK, most "bootlegging" is of unreleased concerts or out-takes. Digital watermarks would be of little use. > I have a suspiscion that this type of thing will not really come to > any kind of fruition due to not only the ability to defeat this, but > mainly due to things like buying at a garage sale, etc. If it did, I think it's intended for tagging online transactions. You connect to a company's site and download the latest album or single by some band, presumably with the rights to transfer that to a tape for personal use. If this becomes a predominant way of buying music or movies in an eventual future (when most people on the planet are wired) and anonymous purchases disappear (I doubt it) as well as radio broadcasts (another loophole) die out (quite doubtful as well). Of course you have to be foolish to pirate under such a system using your own name. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From rp at rpini.com Tue Jul 23 10:31:38 1996 From: rp at rpini.com (Remo Pini) Date: Wed, 24 Jul 1996 01:31:38 +0800 Subject: Borders *are* transparent Message-ID: <9607231155.AA21000@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Jul 23 13:52:47 1996 At 10:32 AM 7/22/96 -0006, Peter Trei wrote: >Any one up for a distributed brute force attack on single DES? My >back-of-the-envelope calculations and guesstimates put this on the >hairy edge of doability (the critical factor is how many machines can >be recruited - a non-trivial cash prize would help). I'm in with: 2x Pentium75 1x 486DX50 (all machines Win NT 4.0, it would have to be an Intel runnable algorithm) - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfS9FBFhy5sz+bTpAQFV6gf/ZkarvomYeMqyHSGz5yAtLPey6ucFx1AJ 1PfqZV/UJp92d9tX9DmfESHTqZcyCRDHq9+ziDh5vRr5PHovVVOkg9TClssYYk3l M75EZ20bNohI3ISTH28yUN9H/JdxvlPrDQp7Gwa0LU9QFhBsmpzaLbyL+aas1DA7 sUD6Yc8wBTg95OswYkOqc49DzyEdH6obfL0NhN2QuaSvJDIV/8vfdr08ZhW2ZGfF TmbGf8z3lWpuZpzhIDRypb74xrg0PJHuvL0OMsEe3HV0euUCpvCwK18YlAaJLoW9 R9Pep6Cq5u+13MDlYM20OZ+RVpUPvKrCY0t0//W8OArgiVCiaC7tVw== =tUpt -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Jul 23 10:31:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 24 Jul 1996 01:31:41 +0800 Subject: Decrypt Unix Password File In-Reply-To: <01BB78C7.358738E0@ip73.i-manila.com.ph> Message-ID: <9HRiRD9w165w@bwalk.dm.com> Jerome Tan writes: > How can I decrypt Unix password file? If the /etc/passwd file does not use shadow passwords, then the second field of each line contains the 'salt' and a value dependent on both the salt and the secret password. One can try to compute the function of all reasonable dictionary words with the salts in the /etc/passwd file, and hope that some of them match the values listed in the file. There are many programs that do this, e.g., look for 'crack'. This attack can be made more difficult if you force your users not to use easy-to-guess passwords, and if you use something like NIS and shadowing to make the public part of the passwords harder to get. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jk at stallion.ee Tue Jul 23 10:32:13 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Wed, 24 Jul 1996 01:32:13 +0800 Subject: Distributed DES crack In-Reply-To: <199607230422.AAA09435@crypto.com> Message-ID: A little bit off topic, but some years ago some guys at our university were working on a project called "Cryptographic module for digital communications". I don't know if they ever finished it though, but it might be of some use to someone out there. The project aim was: Create integrated circuit (further CryptoChip or CC) capable of key exchange and generation using modular exponent based cryptosystem and block encryption using IDEA cipher. The ideology behind CC is based on having the minimal amount of information inside the chip and guaranteed block cipher encryption rate above 10 Mbit/sec. They have an old web page at: http://www.pld.ttu.ee/cchip/cchip.html J�ri Kaljundi jk at stallion.ee From jbugden at smtplink.alis.ca Tue Jul 23 10:46:11 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Wed, 24 Jul 1996 01:46:11 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <9606238381.AA838140676@smtplink.alis.ca> perry at piermont.com writes: >Jefferson could have been a mass murderer for all I care. His words >may be evaluated fully independently of his actions. They are not >interdependent. Many of our current politicians would be heartened by your sentiment: Do as I say, not as I do. Personally, I incline more towards the other cliche: Actions speak louder than words. It is possible to evaluate a persons words independent of their actions, but, given that environment has some effect on behaviour, it is not at all clear that you can treat them as independent. Nor, more importantly, would you want to. It could prove to be a good breeding ground for cynicism. Or is it sarcasm... ;-) James From usura at replay.com Tue Jul 23 10:53:21 1996 From: usura at replay.com (Alex de Joode) Date: Wed, 24 Jul 1996 01:53:21 +0800 Subject: Another fascist Message-ID: <199607231331.PAA12009@basement.replay.com> In article you wrote: : One of the great friends of free speech on this list sent a forged cancel : message to the listbot to try to cancel my subscription. : The listbot, being reasonably well designed, ignored him and told me about : it, though I have no doubt less of a dunce could bring it off. : What a piece of slime! What do others think of this practice? : David Why, David, did you decide to subscribe to cypherpunks ? bEST Regards, -- -AJ- From perry at piermont.com Tue Jul 23 11:00:29 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 24 Jul 1996 02:00:29 +0800 Subject: Brute Force DES In-Reply-To: <199607222043.NAA06313@toad.com> Message-ID: <199607231338.JAA15819@jekyll.piermont.com> "Peter Trei" writes: > The fastest general purpose, freely available des implementation I'm > aware of is libdes. by Eric Young. With this, I can do a set_key in > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). I'll point out that like most DES implementations, Eric's tries to spend a lot of time in key setup to save time later on in encryption/decryption. This tradeoff would probably be very different if you didn't plan on trying more than one or two blocks of decryption after getting a key. Perry From dlv at bwalk.dm.com Tue Jul 23 11:03:58 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 24 Jul 1996 02:03:58 +0800 Subject: Boobytraps and the American Legal System [France Legal System] In-Reply-To: <01BB7893.31CF1080@JPKroepsli.S-IP.EUnet.fr> Message-ID: Jean-Paul Kroepfli writes: > > Not only, in France too. Circa twenty years ago a man booby-trapped his = > secondary house (a radio set with explosive) and was successfully sued = > by the burglar for damages. > I think it is also the point of view of the central european society. mantraps are perfectly legal under english common law (a person's home is his or her castle) but not under the fascist american common law. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From joelm at eskimo.com Tue Jul 23 11:23:19 1996 From: joelm at eskimo.com (Joel McNamara) Date: Wed, 24 Jul 1996 02:23:19 +0800 Subject: Distributed DES crack Message-ID: <199607231413.HAA14171@mail.eskimo.com> I'd like to see a very general hardware processing power equivalence table. For example, 1 MasPar equals how many Pentiums. This would be extremely useful in figuring out a range of the types of boxes required to do this. Joel At 09:51 AM 7/23/96 +0100, Andy Brown wrote: >But first, a little reality check is in order. According to libdes, >the 200Mhz Pentium Pro on my desk will do 1,827,997 ECB bytes/sec, or >228,499 ECB blocks. A DES crack would have to try, on average, 2^55 >blocks. That would take my machine 43,798,875 hours, or 1,824,953 days. > >OK, so let's be reasonable and say that a week would be a good time to >come up with a DES key. We would need 260,707 200Mhz Pentium Pro's to >achieve this. From s_levien at research.att.com Tue Jul 23 11:41:25 1996 From: s_levien at research.att.com (Raph Levien) Date: Wed, 24 Jul 1996 02:41:25 +0800 Subject: Netscape In-Reply-To: <31F4C7AB.18C6@netscape.com> Message-ID: On Tue, 23 Jul 1996, Jeff Weinstein wrote: > I don't like the fact that your proposal ties the size of the > bulk encryption key to the size of the public modulus. There > are legitimate reasons why someone might choose to have a 512 > bit modulus even though they prefer longer bulk encryption keys. > Your heuristic would be a good fallback in the absence of more > reliable information. I agree. My proposal certainly has its limitations. In addition to the one you cite, it will make it very difficult to change away from Triple-DES when the time comes. Of course, your hypothetical user who wants to use a 512-bit key and 128-bit RC2 is still completely screwed by all currently shipping S/MIME products, as well as the S/MIME spec. > There is another method that does not require verisign or other > CAs to add key size extensions to their certs. We can define > a new authenticated attribute that gets included in Signed-Data > and Signed-And-Enveloped-Data messages that indicates the > user's key size and algorithm preference. This has the advantage > that the preference is selected and signed by the user. This > method was discussed at the S/MIME meeting in January at the > RSA Crypto conference. I'm a bit surprised that it never > got into the Implementation Guide. I'll make sure that > we bring it up on the smime list again. I don't like the fact that your proposal leaves clients with absolutely no information about symmetric cipher choice until the first round of signed messages has been exchanged. In this initial round, the protocol is still dependent on the global default. I'm not surprised that it didn't make it to the implementation guide. Most of the people involved in S/MIME do not have a strong background in security and do not understand the importance of this issue. In addition, I suspect that there is a lot of resistance based simply on the added implementation costs. I have no evidence that the protocol weaknesses in S/MIME are being deliberately encouraged by the NSA, but on the other hand, I have no evidence that they're not. It would certainly be consistent with tactics that the organization has been known to use. But on the other hand, "never ascribe to malice..." > What we finally implement will probably be a combination of > the three methods, with the user's selection taking precedence > over the CAs selection, which takes precedence over the > heuristic based on modulus size. This approach is fine. If that's what you implement, you have my blessing. Raph P.S. Can we agree not to describe 128-bit RC2 as "strong crypto" until it's been subject to more serious scrutiny? It's probably a great cypher, but most cautious crypto-people would far rather place their trust in Triple-DES. From wln at evolution.com Tue Jul 23 12:00:09 1996 From: wln at evolution.com (W Lee Nussbaum) Date: Wed, 24 Jul 1996 03:00:09 +0800 Subject: Intel, Microsoft doing Internet Phone Software In-Reply-To: <199607230542.WAA10169@mail.pacifier.com> Message-ID: On Mon, 22 Jul 1996, jim bell wrote: > If these people REALLY wanted to promote the use of Internet telephoning, > what they'd do is implement a system where an Internet ISP could be "called" > over the Internet by a person wanting to place an LD telephone call to that > area, and (presumably using A/D and D/A techniques) rather than generating > and receiving modem tones, woudl generate and transmit the audio over the > telephone line. That way, the target of the call would simply need to pick > up the telephone and talk, as he would ordinarily do: He wouldn't even need > a computer. He might not even know the call was going over the Internet. ...see IDT's Net2Phone product, at http://www.net2phone.com/; it does what you describe. Two notes: (1) I haven't used it yet; (2: disclosure) I'm now employed by IDT, though in a different area. - Lee From dbell at maths.tcd.ie Tue Jul 23 12:01:21 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Wed, 24 Jul 1996 03:01:21 +0800 Subject: [Noise] Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.32.19960723060437.00d2b8b0@mail.teleport.com> Message-ID: <9607231629.aa13855@salmon.maths.tcd.ie> In message <2.2.32.19960723060437.00d2b8b0 at mail.teleport.com>, Alan Olsen write s: >At 10:16 PM 7/22/96 -0500, snow wrote: >> Yeah, and to a fscking statist you give your all to the state. > ^^^^^^^ >This is assuming that the state is corrupted and needs to be remounted. (Or >is not considered clean opon boot.) Which might not be a bad assumption... >Assuming that it can fix the errors it finds in the state in the first place. ROTFL!!!! >Sorry. Too much time spent fixing corrupted disks today. (I hate cheap >hardware.) A little light relief is welcome. Derek From ichudov at algebra.com Tue Jul 23 12:01:55 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 24 Jul 1996 03:01:55 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607221944.AA00931@Etna.ai.mit.edu> Message-ID: <199607230210.VAA29324@manifold.algebra.com> hallam at Etna.ai.mit.edu wrote: > Ah yes, and since iterated prisoner's dilema games are as > computationaly complex as the Mandelbrot set (the generator of the > Mandelbrot is in fact simpler), presumably you can calculate the > Mandelbrot set in half your brain Perry? AFAIK, no one can "calculate" the Mandelbrot set precisely. There are many points about which you can't say for sure whether they belong to the set or not. - Igor. From owner-visualprog at scribe.cerf.net Tue Jul 23 12:05:24 1996 From: owner-visualprog at scribe.cerf.net (owner-visualprog at scribe.cerf.net) Date: Wed, 24 Jul 1996 03:05:24 +0800 Subject: No Subject Message-ID: <199607222332.QAA16327@smtp2.cerf.net> VISUAL PROGRAMMING++ The biweekly newsletter featuring reviews for Windows development products and Internet/Intranet tools. VP++ is free to Visual Basic Programmer's Journal subscribers and premier club members of FTP's Development Exchange web site: http://www.windx.com. Vol. 1 No. 1 July 12, 1996 Welcome to the premiere issue of Visual Programming++, an e-mail newsletter providing timely reviews of Windows components, utilities, add-on products and Internet/Intranet development tools. This premiere issue is being sent to every registered member of The Development Exchange Web site (DevX). All future issues will be sent as a service only to paid subscribers of either Visual Basic Programmer's Journal or DevX's new Premier Club. To subscribe or unsubscribe, follow the instructions at the end of this document. Every issue will be posted under "Reviews" on DevX. VP++ is a part of the totally re-designed DevX Web site. Explore DevX and you'll see complete archives of articles and code from Visual Basic Programmer's Journal and Microsoft Interactive Development, plus a database of more than 5,000 Windows development tools updated daily. You'll also see an event calendar that covers all major trade shows for developers, including details on our VBITS:Interactive, coming to San Francisco in October. The VP++ charter includes reviewing products for VB, VB Script, Access/Jet, VC++, Delphi, PowerBuilder, the Microsoft Internet Explorer, Netscape's Navigator and other tools. Every two weeks subscribers receive detailed reviews automatically delivered by e-mail. Utilities form a theme for this issue. All products are shipping--no beta software was reviewed. We'll maintain a product review archive on our web site as we add new editions of VP++. You can search for product information using key words. For Premiere Club members, we have a bulletin board in the Reviews section of the Developer's Exchange. You can discuss these reviews or products there. Not only are venders offering demos on web sites, but some reviewers have posted sample code on web sites as well. I hope you find these reviews useful. Send questions or comments to editor Frank_Moncrief at MSN.com or 70443.1434 at CompuServe.com. 8 PRODUCTS REVIEWED CONTENTS * VBNet 2.01: Automatically converts VB code and forms to VB Script. * CodeBank: VB routines you can plug into your own code or share across teams. * PowerDoc: Automated documentation generator. * IDSMail: OLE server for building email into applications. * Total Access Agent: Repair, backup and compacting utility for Access and VB/Jet databases. * DynamiCube 1.31: 32-bit data-bound ActiveX custom control for On-Line Analytical Processing. * VB Compress Pro 4.03: Automatically deletes unused or un-referenced code. * Visual SQL 4.0: Code generator and class library that turns Microsoft Visual C++ into a client/server development environment. *Subscribe/Unsubscribe ------------------------------------------------------------------------ VBNet 2.01 TVObjects Corporation Tel: 609 514-1444 Fax: 609 514-1004 http://www.tvobjects.com Price: $197 Runtime: not applicable Quick Facts: VBNet 2.01 is a VB4 add-in that uses a wizard to convert VB4 forms into HTML pages with embedded VB Script code. By John Clark Craig VBNet is a Visual Basic 4.0 add-in that turns VB4 into an environment for developing HTML pages with embedded VB Script code. The add-in provides a wizard that walks you through the automatic steps of converting each of the Visual Basic forms in your VB 4.0 project into a set of equivalent HTML pages containing embedded VB Script code that is executed directly by Microsoft's Internet Explorer 3.0. You can even convert ODBC-compliant client/server database applications this way. VB Script code is developed right in HTML pages-there isn't any Integrated Development Environment (IDE) for VBS. Hence, you can create your app using VB's rich IDE during development (where you can use the debugger, for example), then you just do the conversion to VB Script using VBNet. You can do this tedious conversion chore by hand, but believe me, VBNet simplifies this task quite a bit. While reviewing VBNet, I created a few simple VB 4.0 applications using the new, restricted VB Script syntax and let VBNet do its thing to them. I learned a lot about the way VB Script works by studying the resulting HTML pages created by VBNet, and I realized that even though VB Script follows a simplified Visual Basic 4.0 syntax, the details of reworking applications into embedded VB Script code for web pages is more complicated and exacting than I expected. VBNet handles these details with ease. Here's how it works. You start by developing a working Visual Basic 4.0 application that runs successfully in the Visual Basic development environment, purposely using the restricted syntax of VB Script. As just one example of this new syntax, the only variable type allowed in VB Script is the Variant, so you'll need to edit out the dollar signs from the end of string variable names, and you'll need to be more explicit in the use of type conversion functions. To convert existing VB programs, you need to edit variables to conform to VB Script conventions. (Some helpful documents that cover all the new VB Script syntax exist on Microsoft's web pages-http://www.microsoft.com/VBScript is the main VB Script page. There are links to complete documentation, an online tutorial, FAQ documents, sample VB Script pages, and more). MAKING THE CONVERSION When you're ready to convert your application to HTML pages, you start the VBNet wizard from VB's Add-In menu. VBNet automatically creates a folder hierarchy based on your application's name, and populates these folders with the all the files required for rebuilding the application in the user's browser. VBNet converts standard buttons, check boxes, text boxes, and many other controls. To test VBNet for converting third-party controls, I added a Sheridan Software Tabbed Dialog and it worked. Any controls should be registered on the user's system. Microsoft provides a set of free downloadable ActiveX controls that are designed specifically for use with VB Script within IE3. These controls duplicate the command button, text box, check box, and a few other standard VB4 controls. The set also includes IE Stock Ticker, IE Chart, IE Animated Button and others. As the conversion proceeds, VBNet generates a report you can view or print. This report describes any parts of your Visual Basic application that fail to translate to VB Script, and provides other useful information about the conversion process. I created an example VB Script application using VBNet that you can browse at http://home.sprynet.com/sprynet/jccraig using IE3. Be sure to right-click and select View Source so you can study the actual lines of code that VBNet created as it converted this simple random-password-generation application from VB 4.0 to VB Script. Also, TVObjects offers example VB Script enhanced pages, product information and the latest downloadable updates at its home pages: http://www.tvobjects.com. You can build powerful ODBC-compliant client/server database applications for use over the Internet using VBNet and the RemoteData control, available in the Enterprise edition of VB 4.0. Hence, users can interact with data on your company's Intranet, for example. You simply add controls to your form that can be bound to your RemoteData control, get them working in the Visual Basic 4.0 environment, and convert it all using VBNet to enable deployment over the net. Also, VBNet can generate JavaScript code for database compliant access with Netscape 2.0. For security reasons, VB Script doesn't allow normal file I/O, but the remote data capability more than makes up for this limitation. VBNet is a great product. I just wish VBNet had a little tighter integration with the Visual Basic 4.0 development environment. The syntax checking for proper VB Script syntax works great, but only during the wizard's conversion processing. What I'd like to see is immediate feedback as I enter each line to let me know right away if I'm using a feature of Visual Basic 4.0 that's not allowed in VB Script. John Clark Craig is the author of more than a dozen books on computer programming, including The Microsoft Visual Basic 4.0 Developer's Workshop (Microsoft Press, 1996). Craig lives with his family in Castle Rock, Colorado. Email: jccraig at sprynet.com; Web: http://home.sprynet.com/sprynet/jccraig ------------------------------------------------------------------------ CodeBank Visual Components, Inc. Tel: 913 599-6500 Fax: 913 599-6597 http://www.visualcomp.com/ Sales at visualcomp.com Price: $99.00 Runtime: not applicable Quick Facts: CodeBank makes it easy to store, update and manage Visual Basic 4.0 procedures for individual or multi-programmer development teams. By David McCarter CodeBank is a system for storing re-usable code or for sharing routines with other developers in your group. Sure, you can create massive, generic modules that can be attached to every project, but this would waste space in your EXE and bloat memory requirements. Using CodeBank, you can choose only the subs and functions your project needs and add them to specific modules. While I think there are a few kinks that need to be ironed out in this first version, it's off to a great start. CodeBank includes 163 subs and functions (procedures) ready for use in your projects. The program displays a list of available procedures organized in categories in an expandable tree box. Categories include graphic effects, text effects, status bar control and others. Some of the 163 procedures include rotate text, gradient background and elastic forms. Simply click on a category and browse the procedures in it. You can also view procedures by procedure name, type (sub or function) or author. Clicking on a procedure will show a sample of how the procedure works in a different window. Double clicking on a routine will bring up the editing window. By default, you can't edit the canned routines in order to protect the archive. However, you can make copies of routines (maintaining all dependencies), then edit them and save them with a different names. A tabbed form contains all the information for the procedures, including category name, whether it's a sub or function, description, instructions, code, sample calls, revision history, and links to API calls or other procedures and forms need for the procedure. I must warn you that the majority of the stock 163 procedures are graphically oriented. While this is great for those of you looking for ways of doing really cool graphic tricks in VB without using a VBX or OCX, I would like more general-use procedures in CodeBank. However, you can purchase CodeBank to share code among your development team instead of for the canned procedures. As you find procedures needed in your program, click on an Include button to add them to a new or existing module file created with CodeBank. These procedures are listed in a window under the module file name. Of course, you can also remove these procedures. Consider this window your shopping basket. When you are done selecting procedures, all you have to do is click on the Make Module button and the module is created in just a few seconds. Impressively, CodeBank automatically adds any required API calls and procedures. This beats the copy and paste method hands down! Also, a message box informs you of any forms you need to add to your project. CodeBank offers an Update All Basic Modules feature for efficient updating. CodeBank keeps a record of all procedures and API calls added to a module. So if these procedures are modified at a later date, simply use this feature to update your modules. It's a snap! IRONING OUT THE KINKS In my experience, CodeBank has a few kinks that need to be ironed out to make it a more productive, useful tool. I tested 15 of the procedures that came with the program, including graphic, form, toolbar and file dialog procedures. I found one routine that didn't work correctly: UnloadAllForms. It crashed VB because it did not take into account that it can't be called from a form that is already being unloaded. Also, most of the procedures are poorly documented. The beginning of the procedures need better commenting on how to use them and which parameters to choose. And commenting is displayed on one long line, so I had to scroll to read the entire comment. This is not a standard commenting practice. The code itself could use better commenting. There were a few other things that bothered me. I could not maximize the main program window to view more categories and procedures simultaneously. Also, code is stored in an Access database. I'm not sure of the reason for this because it's used as a flat database. Access has a reputation for high memory overhead (the database of 163 procedures is 622K), and for corrupting in my experience. I think it'd be better to store routines in a flat ASCII file system. Also, there seems to be no compression, backup or error checking features in CodeBank for the Access database. CodeBank comes in both 16- and 32-bit versions. It only creates VB4 modules (though you could translate some of the code to VB 3.0). It can also import other CodeBank files or a specially tagged ASCII file (I did not have any samples to test this feature). The program comes with sample projects that show off a majority of the included routines. David McCarter is editor and publisher of the electronic newsletter Visual Basic Tips & Tricks. He works at an interactive television and wagering company, and has his own software publishing/consulting firm. Contact him at 74777.447 at compuserve.com. ------------------------------------------------------------------------ PowerDOC for Visual Basic Catapult Systems Tel: 800 581-7354 Tel: 512 328-8181 Fax: 512 328-0854 (fax) http://www.launch.com PowerDoc at Launch.COM Price $79.00 Runtime: not applicable Quick Facts: Powerdoc automatically creates VB documentation using Microsoft Word. A demo version is available on the web site, which can be upgraded to full version via registration. By Craig M. Bobchin If you are a typical developer you probably dread the thought of writing documentation. And if you have to work on a system written by anyone else, you may be cursing the lack of documentation. If these scenarios sound familiar, you may want to check out PowerDOC. PowerDOC works with Microsoft Word 6.0c or 7 to automatically create technical documentation for VB3 or VB4 apps. It handles third-party custom controls by default. I tested PowerDOC with Sheridan, Crescent, and Apex and Farpoint custom controls with no problems. You can set options to document a few types of controls, such as text boxes and labels, or you can document all properties of every control in your app. Also, PowerDOC creates screen captures of forms in black and white, 16- or 256-colors. PowerDoc offers an easy installation with plenty of user control as to where the program installs, including drive, directory, and program group. However, you must have VB3 or VB4 on your system before PowerDOC will install. The utility is easy to use. Select the project you want to document, determine the level of detail by selecting which controls, properties, events, and modules you want to document, set a few other options, such as where you want the resulting file to be stored and if you want a table of contents and index, and PowerDOC does the rest. SELECTING OPTIONS PowerDOC offers a 3-tabbed interface that leads you through the steps for documenting your application. The first tab, Select Application, lets you select the VB project you want to document. After selecting the project in the normal Open File dialog, PowerDOC presents a list of forms and modules to be documented. You can select as many or as few as you want to document. You can then sort the items by name or type, or keep them in the order they are in the project. The next tab, Select Output, lets you choose projects, forms, classes, and modules. Each selection gives you several check boxes showing which portions of the objects you can document. Pressing the Advanced button on this tab lets you select which control types and properties you want to document, as well as how you want any screen captures stored. I documented an entire application with 14 forms and 3 modules. The app had approximately 100 controls and about 5,000 lines of code. I documented all controls and objects, and the resulting Word document was 374 pages. You can customize the scope and size of your documentation by either not documenting the entire system, or by selecting which pages you want to print. The last tab, Customize Word, lets you customize Word options and settings, such as generating a table of contents and index, and determining their style. MINOR ANNOYANCES When you press the Document button, PowerDOC launches VB with your application loaded. Documenting a VB4 app works fine. However if you try to document a VB3 project using VB4, a message states that you must first save the project in VB4 format before you can run PowerDOC. If you have both VB3 and VB4, you can specify which version of VB you want to use. The second minor glitch shows up if you already have Word open. In this case you get a message asking you to close Word and try documenting again. Performance is adequate: it took about 20 minutes on my P90 with 24 MB of RAM to document my test application. Your time will vary based on the size of your application, the level of detail you want and the power of your machine. PowerDOC comes with a 30 page manual that assumes you have the knowledge to install the product. The manual does a good job of explaining the program and how to use it. The manual covers topics ranging from a step-by-step tutorial to a trouble shooting guide of frequently asked questions (FAQ). The help file is similar to the manual in scope and content. Overall, I like PowerDOC. It does what it is supposed to with a minimum amount of fuss. I expect that most developers can live with the minor annoyances I described. I say get this program if you need to document your Visual Basic applications. Craig Bobchin is president and founder of CMB Systems Design, a microcomputer consulting firm specializing in application development and training. He has written more than 150 articles and Powerpoint 4.0 for Windows QuickStart (Que). Cbobchin at aol.com or 102142,3336 at CompuServe.com. ------------------------------------------------------------------------ IDSMail 2.1 Intuitive Data Solutions Tel: 408 778-1376 Fax: 408 776-1267 http://www.kudonet.com/~ids ids at kudonet.com Price: Standard Edition: $295 (send mail only), Professional Edition: $495 (send and receive mail) Size: 460K (total for all DLLs for all mail systems) Runtime: licensing required only when distributing more than 100 copies external to your company. Quick Facts: An OLE Server that supports major E-mail protocols and provides e-mail services under any version of Windows for any tool that supports OLE automation. Download sample code: http://www.kudonet.com/~ids/idsmprog.htm. By Peter Vogel Electronic mail is becoming a necessity rather than an option. IDSMail lets your apps send and receive mail using any version of Windows across four mail systems: MAPI, VIM, MHS, and Vines. You can even download a VB program from the company's website showing how IDSMail makes your mail system accessible from the Internet (though the package does not support the Internet mail protocols: POP3 and SMTP). If VB's MAPI control satisfies your email requirements, you don't need IDSMail. However, if you must support multiple types of systems (MAPI, VIM, MHS and Vines), or you want to extend the mail capabilities of Excel and Access under Windows 3.1, then I recommend IDSMAIL. IDSMail comes as a 16-bit OLE server, hence it works with any tool that supports OLE Automation under Windows 3.1 or Windows 95. I had no problems installing IDSMail on either version of Windows. Ten minutes after starting up VB4 and copying some code from the help file, I had a mail application running. The brief Windows help file is the only documentation provided; it seems complete and I found only a few minor inaccuracies (some VB3 code labeled as VB4, for instance). The help file and additional sample code can be downloaded from the IDS website. IDSMail used only 2% to 3% of my system's resources when running, but while the documentation doesn't indicate it, I found I didn't get all of those resources back unless I set my program's reference for IDSMail to Nothing after use. Performance was acceptable even on a 33mz 486 with 16MB of RAM with Excel 5.0 using the server and Access 2.0 or Word 6.0 loaded. WEIGHING THE PROS & CONS The product has some neat extensions to MAPI: you can specify how many messages you want to retrieve, prevent attachments from being copied to your disk, build an array of message headers or text for search purposes, and read messages without flagging them as having been read. On the other hand, compared to VB's MAPI controls, you give up some things. These include single methods for forwarding, copying, and replying to messages, the ability to customize the address book dialog, and message types. While I found some activities (notably logging in) simpler, some activities (like reviewing the recipients list) were more awkward. Obviously, in providing a universal mail server, IDS had to decide which features they were willing to support across all protocols. Even so, not all of IDSMail's functionality is available for all mail systems. There are dozens of properties and methods supported by IDS across different systems, and sorting through which functions are supported on which systems is beyond the scope and length of this review. If portability matters to you, you'll want to review the help file's Implementing Truly Universal Email topic. Most of the recommendations are made to ensure consistency as you move from one mail system to another. For instance, IDS suggests that you always use IDSMail's Mail Send dialog, though this means losing the functionality of the native dialogs provided with VIM and MAPI. IDS also recommends not using folders because they are not supported under MAPI, and using PeekOnly is discouraged because it isn't supported by MHS. While these are all useful tips, their recommendation to not use the NameResolution property is not a good idea if you might be working with a MAPI compliant system. If you follow the advice to leave NameResolution set to false, you'll encounter a problem with users whose display names are similar under MAPI. MAPI considers Jane Smith to be an ambiguous name compared to Jane Smith-Jones, and it won't send mail to the display name Jane Smith. You can use the ResolveName action to retrieve Jane Smith's unique mail address to solve this problem with the MAPI VBX. Unfortunately, IDSMail's ResolveName method just returns the still ambiguous display name. Setting IDSMail's NameResolution property to True, however, solves the problem. Because theNameResolution property is ignored under the other systems IDSMail supports, there seems to be no reason not to leave it set to True, contrary to IDS's recommendation. Another solution would be to use each user's unique mail address, but there isn't any way to get those with IDSMail. I called the company's technical department with a question just before 5:00PM IDS time and left a message. I also sent in a request for support using the IDSMail server on the company's website. I got a response to my mail request in a few hours and heard back about my phone request the next business day. Each IDSMail server has a unique license file that provides the objectkey your program must pass to the server before use. You'll want to make sure that you have only one license file in circulation no matter how many development licenses you buy. There's definitely a niche for ISDMail, even if you are only using a MAPI compliant mail system. If you want to receive mail from within Access 2.0 or Excel 5.0, or if you want to send a non-Access attachment from within Access 2.0, you should consider IDSMail-the alternative is having to code the MAPI calls yourself. If you don't use a MAPI compliant system and you want any mail functions at all, IDSMail will let you mail-enable your applications. Finally, if you may be changing mail systems, IDSMail will save you from rewriting your code as part of the changeover. While not everyone will need IDSMail, those who do will be glad to have it. Peter Vogel is the applications supervisor at Champion Road Machinery and a Microsoft Certified Solution Developer. Reach him at peter.vogel at odyssey.on.ca ------------------------------------------------------------------------ Total Access Agent 1.02 FMS, Inc. Tel: 703 356-4700 Fax: 703 448-3861 http://www.fmsinc.com Price: single copy: $199; five-pack: $599 Size: 1.7MB Runtime: not applicable QuickFacts: Total Access Agent is a maintenance scheduling utility for Microsoft Access/Jet databases. It performs routine tasks such as compacting and repairing databases, gathering statistics, and archiving tables or whole databases in both 16- and 32-bit versions. By Don Kiely Total Access Agent automates the drudgery of maintaining and archiving Jet databases. It works with all versions of Jet .MDB database files, so you can use it with VB and all Access releases. The product is a program scheduler tailored for easy maintenance of Access databases. It includes several standard, pre-configured actions: archive a database, archive table data, compact and/or repair a database, gather statistics about database objects and execute named macros. It also includes a custom command option that lets you run any command line. Archiving table data is a nice touch, because macros, forms, reports, and code can take up a lot of disk space but rarely change, so why back them up hourly? Total Access Agent consist of three components: the Manager, Monitor, and Engine. You use the Manager to maintain actions, such as to add and remove databases, schedule events, and specify network passwords. The Monitor runs continuously and launches the action at the scheduled time. Finally, the Engine is the backend that runs everything-it has an OLE interface so you can launch events programmatically. Total Access Agent can schedule hourly, daily, weekly, and monthly events. The hourly and daily intervals had all the flexibility I needed, but I would like to see more options for the weekly and monthly intervals. For example, you can select the particular days of the week to run an event, but you can only run monthly events on a particular day of the month, such as the 15th. It would be useful to run something on the third Thursday of the month or every other week without creating multiple, duplicate actions. The utility has some slick scheduling features. I was impressed with how it manages database files. Once you add a particular file to an event, it is added to a master database list, no matter how many actions use it. That means that if you change a single database file that is used in 15 Total Access Agent actions, you only have to change one setting in one place. This is just one benefit of a well-defined and consistent user interface that belies the work that went into planning the product. DOING THE TESTING I set up the program on Windows NT 3.51 and 95 machines connected on an NT Server network to put Total Access Agent through its paces. I used two large Access databases for testing and performed just about every available event as frequently as possible. Once I got everything set up properly, the program performed flawlessly, repeatedly backing up the databases and gathering statistics. Some impressive features include automatically emailing a message when an error occurs, copying whole groups of events so you don't have to recreate them by hand, and suspending an event so that you don't have to delete and then recreate it. It even includes a Test button so you can immediately test any scheduled action to make sure that you've set it up correctly. FMS did a nice job with these extra touches. The 73-page manual is well-written, concise, clear, and indexed. It has almost too much detail, but this is a testimony to the quality of product design rather than a flaw in the manual. The Windows help file contains the same material as the manual--another nice touch. The documentation is careful to point out the program's limitations, such as to caution you that Total Access Agent uses the Jet engine's database repair capabilities, so don't expect miracles if Access itself can't fix a file. Total Access Agent includes both 16- and 32-bit versions, so it runs under Windows 3.x, 95, and NT using all Jet database versions. WINDOWS NT GOTCHA I did encounter a minor problem with Total Access Agent on my Windows NT 3.51 SP4 development machine. Total Access Agent Manager ran fine, as did Monitor, but I got an OLE error any time the Engine tried to perform an action. Technical Support via email and phone was helpful and responsive, and we ultimately solved the problem: the server wasn't registering properly--a typical NT problem. The product worked great on Windows 95. Besides this small problem with the Windows NT installation, there are a few minor improvements I'd like to see. There isn't always a list presented to the user when it would make sense, such as when you enter the name of an existing macro in the database you want to schedule. It would be easy enough to get a list of macros; the utility does present a list of tables to archive. If you change the scheduled events in Manager, you have to remember to either restart Monitor or click the Refresh Event Schedule button for the changes to take effect. I'd prefer having an option for the schedule to refresh itself at a specified interval, because this could easily be overlooked. My first impression on learning about Total Access Agent was, why bother? Access itself can do all the maintenance chores that Total Access Agent handles, and a simple program scheduler will run them. But it would take you a long time to match Total Access Agent's ease of use and elegance. So if you have Access databases to maintain, I'd definitely suggest you consider Total Access Agent. Don Kiely is Development Manager for the Arctic Development Council on the North Slope of Alaska. He programs in VB and writes about it when he isn't chasing polar bears. He's written several books about VB and VC++, including Visual Basic 4 Database How-To (co-author) from Waite Group Press and the Ultimate VB 4 Controls Sourcebook from Coriolis Group Books. Reach him at donkiely at polarnet.com or 72657.475 at CompuServe.com. ------------------------------------------------------------------------ DynamiCube 1.31 Data Dynamics, Ltd. Tel: 614 895-3142 Fax: 614 899-2943 72672.550 at compuserve.com http://www.datadynamics.com ferhat at coil.com Size: 1.2 MB Runtime: not applicable Price: $499 Quick Facts: DynamiCube is a 32-bit data-bound ActiveX custom control for On-Line Analytical Processing (OLAP). Supports VB4 32-bit Professional and Enterprise Editions, or other 32-bit ActiveX compatible development tools. Downloadable demo. Requires Windows 95 or Windows NT compatible PC, 3 MB HD, 8 MB RAM (16 recommended). By Jeff Borgoff With corporate America embracing On-Line Analytical Processing (OLAP), Data Dynamics, Ltd. has thrown its hat in the ring with DynamiCube, an ActiveX custom control that allows VB4 developers to build OLAP capability into executive information systems (EIS) and decision support systems (DSS). DynamiCube delivers custom n!-multidimensional data analysis capability, where the dimensions are limited only by system resources. To give you a better idea of the concept of dimensions, consider this: you want to see your company's total sales by product, category, country, region, quarter and year. The quarter, category and product constitute your columns, the region, country and year make up the rows, and the sum of sales is presented as your data. The result is six dimensions of data--or 6! A market saturation of first tier OLAP tools with OLE Automation support may make it difficult for Data Dynamics to position DynamiCube as a enterprise solution for OLAP. I'm familiar with other OLAP tools, but they're all larger and more expensive than DynamiCube. I see DynamiCube best suited for small-business, departmentalized or small commercial-product development where the fat competitive products aren't suitable due to size and cost. DynamiCube's claim to fame is its small foot-print (less than a megabyte for distribution), fast processing (assisted by Win32), impressive built-in print engine with print preview, OLE Automation support and slick presentation of data with drill-down capability. The product does its number-crunching on the client-side using the Microsoft Jet engine (DAO and RDO) and ODBC data sources. This works well enough if your clients have powerful machines, but this could be a problem with the client-side processing of massive amounts of data that would be processed faster on a server. DynamiCube also binds to the Visual Basic Data Control, Remote Data Control or directly to a data source without the Data Control. As long as clients have adequate resources, DynamiCube retrieves, crunches and displays huge amounts of data. The vendor recommends a Pentium 100+ MHz processor with 24 to 32 MB RAM for the power user of heavy DynamiCube applications. Data Dynamics provided me with a formula for virtual memory consumption of a Cube in action: ((Number of Dimensions * 4 bytes) + ( Number of Data Items * 8 bytes)) * (The Summarized Number of Records) For example: ((6 * 4) + ( 2 * 8)) * (10,000) = 3,840,000 bytes consumed. TESTING PROPERTIES DynamiCube's interface is developer friendly. The grid-layout properties page is robust, with an ample amount of customization ability comparable to capabilities offered by third-party grid controls. The properties page uses drag-and-drop to setup the data views. Notable property features include the dcConnect, dcConnectType, dcDatabaseName, dcOptions, dcQueryTimeout and dcRecordSource. These built-in DynamiCube replacement properties for the VB Data Control allow direct support for DAO, RDO and ODBC. I tested DynamiCube's connection to a Visual Basic Data Control compared with a direct connection using DynamiCube's built-in connection properties, and found performance about the same for each approach. However, there are a couple of benefits for using the built-in connection properties for DAO, RDO and ODBC. First, you don't have to deliver the Visual Basic Data Control with your application; secondly, you don't have to write any code using DynamiCube's built-in connection properties. DynamiCube's obvious weaknesses are its lack of support for Windows 3.1 (no 16-bit ActiveX version) and no integrated charting. Data Dynamics obviously chose to go with a 32-bit version because of the added power for processing large amounts of data, but if your users are running 16-bit systems, you're out of luck. The single sample project that comes with DynamiCube demonstrates a charting method using Visual Basic's anemic charting control--not exactly EIS presentation quality. However, you can export data to Excel using OLE Automation. The good news is DynamiCube has a few runtime properties that make it fairly simple to populate any chart control on the market. The sample application demonstrates all of DynamiCube's features (if you work through everything). I couldn't find some features in the manual or help file (e.g. the "PerformanceDlg" method), however PerformanceDlg was demonstrated in the sample app. I would prefer to have Data Dynamics spell out everything in the documentation. I encountered some problems using DynamiCube's on-line help file, such as properties missing from the properties list, and keywords not found during a context-sensitive search. I had to reference the 90 page manual more than I usually do for a custom control. Also, the manual has a two-page guided tour with some documentation errors that prompted me to call the vendor. They noted the errors and will hopefully make corrections for subsequent releases. If you want to see a cool example of how Data Dynamics' ActiveX DynamiCube works on the web, download Microsoft Internet Explorer 3 (beta as of early July) and go to http://www.datadynamics.com. You'll find an excellent demo. In spite of the documentation shortcomings, if you're looking to add OLAP capability to departmental or small-business EIS or DSS applications using client-side processing, DynamiCube is worth a look. Jeff Borghoff is the founder and President of Avalon Logic, Inc. He is a Microsoft Certified Professional and Visual Basic Product Specialist. His New Jersey based firm specializes in the design and development of Microsoft Windows based client/server systems. Reach him at AVALON_LOGIC at msn.com. ------------------------------------------------------------------------ VB Compress Pro 4.03 WhippleWare Tel: 617 242-2511 Fax: 617 241-8496 BBS: 617 241-9284 Price: $100 Runtime: not applicable Quick Facts: VB Compress Pro 4.03 automatically deletes unused or un-referenced code. It generates reports, regenerated code, or both. Supports VB2, VB3, VB4-16 and VB4-32. By Bill Shadish Many VB projects accumulate unused code over time. For example, code is orphaned when you delete a control on a form and forget to delete any corresponding event code for that control. VB Compress ferrets out any un-referenced code and deletes it. I must admit, VB Compress is one of the tools I hoped would make the treacherous journey from VB3 to VB4 with me. And it has, with release 4.03 offering significant improvements. VB CompressPro 4.03 (VBC4) searches your projects' source files for un-referenced API calls (declarations), unused variables and constants, unused subs, functions or property procedures and un-referenced controls or other external references. Selecting appropriate options configures the utility to automatically delete unwanted code. This latest release offers improvements over version 3, including: * Server mode checks that allow you to compress automation server code. * Intelligent checking of public references so that dynamically loaded routines are preserved. * Long file name support for use on Win95. * The ability to place C++-like assertions in your VB code to perform actions in case of unexpected errors. * Speed improvement of 30-40%. This new release requires less puttering around with options than VBC3 demanded. You can rewrite project code after reviewing a brief informational screen. Moving between options and reports lets you control the level of detail to code changes. Also, many options are provided to control which of these unwanted impurities are actually removed from the final rewritten code. GENERATING REPORTS I ran VBC4 against a 5070 line, 12 file, OLE Server project. VBC4 quickly produced an informational analysis, showing referenced and un-referenced controls, and references to outside DLLs and EXEs. Also included were missing external references that show up as unresolved. The utility also produced a list of file facts, including the oldest file, largest file, file sizes, byte counts and other types of files. I received a file-by-file analysis featuring the number of comments, blanks, executable code, variable declarations, form definitions and in-line counts that make up each file. I analyzed the code, generated a report and produced source code. Analyzing the 5070 line server took 1 minute, 39 seconds on a 486-33 with 16MB of RAM (the slowest machine that I could find). The Analysis Report step told me which constants, variables, and routines (sub, function and property) are un-referenced (that means unused) in my program. I also received an analysis of external objects I had left un-referenced. The analysis even included unused labels, such as unused error handlers. Armed with this information, I analyzed my code manually to see why variables or routines were un-referenced. This is a great tool for double-checking your code to see if something was forgotten or unfinished. I let VBC4 automatically produce an updated version of my code, dropping the un-referenced items. The VBC4 report also shows any unused API declarations so they can be deleted as well. API calls take up a fair amount of space within VB, because the string itself must be allocated, along with enough space to hold and resolve the parameters passed through the API call. Removing unused declarations can save quite a bit of memory if you have a large number of un-referenced API calls--possibly duplicated across several modules. The report is generated as a text file. VBC4 provides a viewer (VBC Viewer) that formats this file for viewing. You can drill down into further detail in some areas marked "click-here" to see more information about the items marked. And you can change report options to produce more or less of a breakdown. For example, you can select options to show all control events that have had code written behind them--a rather handy reference guide. You can print the report from the VBC Viewer, but WhippleWare left out the ability to copy, cut and paste the information directly from the on-screen report. Hence, you can't easily export the statistics into other tools, such as Excel. CODE GENERATION VBC4 offers quite a bit of control for handling code generation. For example, you can change options to have unused files deleted when the code is regenerated. You can also remove unused control objects from your project (which means I don't have to remember to remove control objects prior to creating install disks!). You have the ability to comment out, remove, ignore, mark or interactively decide how to handle the un-referenced local, private or public items. These items include constants, variables, type declarations, declarations or procedures. Lastly, VBC4 loads VB.EXE under its control and runs the VB design environment. You are able to interrupt the code generation process using a VBC4 toolbar that appears within VB. Using this same toolbar, you can generate a new .EXE and decide whether to update the VB source files or not. The one glitch I found working with VBC4 was running out of memory while producing updated code (for code procedures or declaration sections approaching 64K). This type of problem is often due to limitations within VB's editor itself. In case you couldn't tell by now, I like this product. Bill Shadish is a principal of Fundamental Objects, Inc., where he works with ActiveX controls and OLE server technology. He teaches VB programming, and writes regularly for VBTech and Visual Basic Developer. He co-authored the book Using OLE In Visual Basic 4, (Pinnacle Publishing, Inc.). Reach him at bills at fo.com or at http://www.fo.com. ------------------------------------------------------------------------ Visual SQL 4.0 Blue Sky Software Corporation Tel: 619 459-6365 Fax: 619 551-2486 http://www.blue-sky.com/ Price: $1899 QuickFacts: Visual SQL 4.0 is a code generator and class library that turns Microsoft Visual C++ into a client/server development environment. Supports 32-bit VC++ 4.0, Windows 95 and Windows NT. By Steve Jackson Visual SQL is a code generator and class library that creates 32-bit client/server database applications using Visual C++ 4.0 and the Microsoft Foundation Classes. It requires Windows 95 or Windows NT, and comes bundled with Sybase SQL Anywhere. The main benefit of Visual SQL is that it saves the time otherwise necessary coding screens and creating code to move data to and from the edit controls. The developer starts up the Visual SQL application generator wizard, selects the ODBC data source, tables, and columns needed for the application, and Visual SQL generates all the Visual C++ code needed for a fully functioning MFC database application. You can use any database with a 32-bit ODBC database driver. Visual SQL and the code it creates are fully integrated into the Visual C++ Developer Studio IDE. No runtime DLL is needed other than the standard ODBC DLLs. The product includes some useful utility programs and a repository that can be used optionally to store queries. The repository can be used in a team environment to share queries among multiple developers. I put the Visual SQL application wizard to the test by creating a customer order-entry database update program. Creating update screens was easy--I chose the table and columns, and they appeared on the form. The wizard created the update screens automatically, with edit controls for each field and the field name placed as a label above each edit control. I was then able to visually modify the form by dragging fields around and clicking on labels to change text. The wizard gives you some choices for how to do database retrieval and how the screens appear. Database retrieval can be done for an entire table, for SQL statements you create, or using a query stored in the Visual SQL Repository. Screens can appear as a data sheet with multiple records per screen like a spreadsheet, or as a data screen with one record showing at a time. Menu choices and toolbar buttons are automatically generated with navigation commands (first, next, and last record) and update commands. The code generated by the wizard compiled and ran cleanly the first time without any errors or warnings. SEAMLESS INTEGRATION I found the code generated with Visual SQL to be well written and well integrated with the MFC document/view architecture. I have seen other code generators that require the programmer to stay within the code generator IDE for all compiles, with limited ability to modify the program code. I was quite pleased to discover that Visual SQL creates an entire MFC project that can be compiled and modified with the Visual C++ IDE. I easily set debug breakpoints and ran the code from the Visual C++ debugger, and was able to modify the code using Visual C++ class wizards. Using the MFC Class Wizard, I added code to the undo menu items to cancel database changes made to a record. Oddly, the Visual SQL wizard generated menu selections for this, but failed to generate any code behind the menu choices. Looking under the hood, I found that the database operations were carried out in a Visual SQL class library. This library consists of classes that are wrappers around standard MFC data access objects (DAO) using dynasets and snapshots. Because the MFC DAO classes are built on top of the ODBC API, a developer can add calls directly to the ODBC API if needed. The product comes with a suite of useful utility programs. The Database Explorer allows the developer to view database table structures, analyze ODBC connections, and view repository entries. The ODBC Data Source tester and Configuration tester can be distributed with applications generated by Visual SQL. These testers verify that ODBC data sources are installed correctly, and that a user has the right versions of all the required DLLs; this information is highly useful for debugging an application, and for remote telephone support. The Visual Query builder presents a graphical interface for creating database queries and SQL statements, saving the developer time spent looking up column names and SQL syntax. Installation went smoothly, and the setup program automatically configured an ODBC data source for the tutorial programs. The documentation is well written and complete. For example, the documentation includes a detailed description of all the generated code modules, what each routine does, and how the modules are named. A few potential improvements I'd like to see in future releases include: the ability to automatically generate undo code to allow a user to cancel updates on a data screen, transaction commit point processing, a report generator and the ability to store labels in the repository instead of using field names when creating data screens. Blue Sky maintains a web site at http://www.blue-sky.com. Be sure to include the dash in blue-sky in the web address--if you leave it out you will find the web site for another company also called Blue Sky! Steve Jackson develops network-based applications using VB, C, SQL Server, Oracle and other tools at Loral Aeronutronic in Southern California. Steve is a Visual Basic Programmer's Journal author and CompuServe section leader: 72040.1640 at compuserve.com. ------------------------------------------------------------------------ To subscribe to Visual Programming++, send an e-mail to visualprog-request at scribe.cerf.net. Include the word "subscribe", space, your e-mail address in the body of the message. For example, subscribe yourname at youraddress.com. To cancel your subscription, include the word "unsubscribe", space, yourmailaddress and send the same request. VP++ is separate from Hot Links, a brief e-mail sent to registered users of DevX alerting them to interesting new items on the site, and industry news. ABOUT FAWCETTE TECHNICAL PUBLICATIONS Visual Programming++ is Published by Fawcette Technical Publications. Copyright (c) 1996 Visual Programming++. All rights reserved. FTP also publishes or produces: Visual Basic Programmer's Journal, Avatar: http://www.avatarmag.com, Microsoft Interactive Developer, VBITS conferences, The VBCD, The VBPJ Guide to VB4, VBPJ CompuServe forum (GO VBPJ). Fawcette Technical Publications Publisher/President: Jim Fawcette 209 Hamilton Avenue Palo Alto, CA 94301-2500 USA Editorial Offices. Tel: 415-833-7100 Editorial Offices. Fax: 415-853-0230 Customer service and subscriptions: 303-541-0610 Orders: 800-848-5523 or 415-833-7100 From jya at pipeline.com Tue Jul 23 12:06:11 1996 From: jya at pipeline.com (John Young) Date: Wed, 24 Jul 1996 03:06:11 +0800 Subject: DAM_lin Message-ID: <199607231410.OAA19016@pipe4.ny2.usa.pipeline.com> 7-23-96, WaPo: "The Cryptography Wars." Op-Ed By Kenneth W. Dam and Herbert S. Lin In a June 10 editorial The Post disagreed with the NRC report, suggesting that law enforcement and national security interests require that current restrictions on cryptography be maintained. The Post asserted that it is "too soon" to accept that encryption can help law enforcement and national security. But arguing that it is premature to believe some uses of encryption do benefit law enforcement and national security simply denies reality. We emphatically reject The Post's implication that we "sacrificed" law enforcement and national security considerations in favor of economic interests. Indeed, only a fully open and inclusive public discussion can lead to the national consensus upon which any successful cryptography policy will depend. ----- http://jya.com/damlin.txt (6 kb) DAM_lin From winn at Infowar.Com Tue Jul 23 12:15:33 1996 From: winn at Infowar.Com (winn at Infowar.Com) Date: Wed, 24 Jul 1996 03:15:33 +0800 Subject: Latest Schwartau Banned From Export Message-ID: <199607231457.KAA27997@mailhost.IntNet.net> For Immediate Release: Contact: Robert Newman (508) 478-0900 Jacqueline Jeng (212) 780-6133 (New York, NY): The Internet had been called the world's largest Enterprise Zone -- a place where small business people and entrepreneurs can compete with corporate giants. But to make it work, a business must master the ways of the Net -- how to target on-line customers, how to present products and services with style, and how to keep sites and transactions secure. That's why Winn Schwartau and Chris Goggans, internet experts with first hand knowledge of both the potential and dangers of the Internet, have created The Complete Internet Business Toolkit ($34.95, Van Nostrand Reinhold, ISBN 0-42-02222-0) -- the first comprehensive manual for setting up, operating and defending a business in Cyberspace. In The Complete Internet Business Toolkit, two of the digital age's savviest cybernauts offer all the information and tools needed to establish, maintain, expand and protect Net enterprises. This complete resources includes information on common pitfalls, security measures, and payment methods needed to open up shop on the Internet. >From the basics of how to get on line to the mechanisms needed to protect credit card transactions and use Cybercash, Schwartau and Goggans provide businesses with a step by step approach to creating a secure, functional and user-friendly on-line business. The Complete Internet Toolkit will: * Outline how a business can easily expand by taking advantage of the Internet and its myriad resources. * Demonstrate how to design a web page that will capture the attention of cyber-customers. * Review all of the current major security software for conducting financial transactions on the Internet. The Complete Internet Toolkit also includes a bonus CD-ROM with more than 5,000 files. In a matter of minutes, it can download Web browsers, SLIP/PPP drivers, digital cash and encryption programs, graphics and animation viewers, compression utilities, and other key programs for navigating the Internet. THE BOOK CONTAINS CRYPTOGRAPHY TOOLS BANNED OUTSIDE THE U.S. Far from another dry, reference book, The Complete Internet BusinessToolkit is written in clear and entertaining style and is designed for the small business owner or the individual poised to overcome any challenge in order to stake out their claim in Cyberspace. See reverse side for Table of Contents and About the Authors ABOUT THE AUTHORS One of the world's leading experts on information security and electronic privacy, Winn Schwartau is President of Interpact, Inc., an international security consulting firm for industry and government and is the author of Information Warfare: Chaos on the Electronic Superhighway and Terminal Compromise, as well as more than 500 articles. Chris Goggans owns Computer Security Technologies, a consulting firm based in Austin, TX. A founding member of the legendary hacking group, the "Legion of Doom," Goggans has helped Federal authorities crack some of their most notorious computer and telecommunications frauds such as the "Masters of Deception" case. Goggans is the editor of the on-line publication, Phrack Magazine. TABLE OF CONTENTS � A Brief History of Cyberspace � Getting Wired � Electronic Mail � Usenet NewsGroups � Telnet and FTP � The World Wide Web � HTML � So You Want to Get Paid � Other Useful Applications � Defending Yourself on the Internet � Your Future on the Internet � Appendix A - What's on the CD-ROM If you are interested in scheduling an interview or in receiving more information about the book, please call Bob Newman at (508) 478-0900. The Complete Internet Business Toolkit is available in better bookstores or by calling 1-800-842-3636. Peace Winn Winn Schwartau - Interpact, Inc. Information Warfare and InfoSec V: 813.393.6600 / F: 813.393.6361 Winn at InfoWar.Com From junger at pdj2-ra.F-REMOTE.CWRU.Edu Tue Jul 23 13:03:05 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Wed, 24 Jul 1996 04:03:05 +0800 Subject: Borders *are* transparent In-Reply-To: Message-ID: <199607231437.KAA20409@pdj2-ra.F-REMOTE.CWRU.Edu> Marshall Clow writes: : >"Peter Trei" wrote: : > : > Any one up for a distributed brute force attack on single DES? My : > back-of-the-envelope calculations and guesstimates put this on the : > hairy edge of doability (the critical factor is how many machines can : > be recruited - a non-trivial cash prize would help). : > : I'll be there. : I have a pair of PowerPC machines that I can donate for a week or so. I am afraid that the number of machines needed would trivialize even the most non-trivial cash prize. But for what its worth, I can give you a lot of spare cycles on a couple of 486 Linux boxes. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From Kevin.L.Prigge-2 at tc.umn.edu Tue Jul 23 13:20:15 1996 From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge) Date: Wed, 24 Jul 1996 04:20:15 +0800 Subject: Brute Force DES In-Reply-To: <199607231338.JAA15819@jekyll.piermont.com> Message-ID: <31f4f77f1947002@noc.tc.umn.edu> Perry E. Metzger said: > > "Peter Trei" writes: > > The fastest general purpose, freely available des implementation I'm > > aware of is libdes. by Eric Young. With this, I can do a set_key in > > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to > > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). > > I'll point out that like most DES implementations, Eric's tries to > spend a lot of time in key setup to save time later on in > encryption/decryption. This tradeoff would probably be very different > if you didn't plan on trying more than one or two blocks of decryption > after getting a key. > For instance if you had a DES encrypted gzipped file. The first 2 bytes plaintext will be Ox1f8b. You'd only have to try to fully decrypt 1 out of 65535 keys. -- Kevin L. Prigge | "I rarely saw people sitting at Systems Software Programmer | computers producing real code Internet Enterprise - OIT | wearing ties." - Philippe Kahn University of Minnesota | (speech at Software Development '90) From perry at piermont.com Tue Jul 23 13:23:36 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 24 Jul 1996 04:23:36 +0800 Subject: Distributed DES crack In-Reply-To: <199607231412.KAA14573@crypto.com> Message-ID: <199607231419.KAA15900@jekyll.piermont.com> Matt Blaze writes: > Here are my back-of-the-calculator numbers: [...] > MAYBE, somehow, you could do 100000 ECB/sec on "average" workstation > (average = 100mhz Pentium). > > That's 11000 Pentium-100 years for half the DES keyspace. Hmmm... Lets assume 20,000 P100 Years to give a bit more breathing room. 100,000 machines would be needed to get the thing into striking distance. I think that is potentially doable. Hard, but doable. Managing to avoid search failure (that is, having someone find the key but somehow fail to report back) is the biggest problem, I think. > Well, I'm working on getting the funds to build (or support someone > to build) some kind of parallel DES engine. I can probably scrape > together an FPGA-based machine that can do a key in less than 6 months. > I'm very serious about this project, but I can't say for sure when or if > I'll be ready to start. If you can manage to do that, then I'd say that the software only approach could be abandoned. Meanwhile, I think its time to try to build those DES cracking screensavers for Windows... Perry From mattt at microsoft.com Tue Jul 23 13:24:35 1996 From: mattt at microsoft.com (Matt Thomlinson) Date: Wed, 24 Jul 1996 04:24:35 +0800 Subject: Brute Force DES Message-ID: why not put together (a LOT of) disk space and we can build a table (read: "a cryptanalytic time-memory tradeoff") for cracking DES? Using the table, we could brute-search the DES keyspace in less time than it would take to do an exhaustive search of a 38 bit keyspace, according to the paper. 4 gigs is what, a couple of hundred nowadays? Making DES equivalent to a 40-bit crack would take approx. 500Gig, but publishing the table would push DES out usefulness. Certainly we could scale back (make DES equivalent to a 45-bit crack?) if we don't have enough disk... mattt >---------- >From: Peter Trei[SMTP:trei at process.com] >Sent: Monday, July 22, 1996 9:55 AM >To: frissell at panix.com; cypherpunks at toad.com; trei at process.com >Subject: Re: Brute Force DES > >> Peter wrote: >> >Any one up for a distributed brute force attack on single DES? My >> >back-of-the-envelope calculations and guesstimates put this on the >> >hairy edge of doability (the critical factor is how many machines can >> >be recruited - a non-trivial cash prize would help). > >Duncan wrote: >> I volunteer my 120 MHZ Pentium. A lot more Pentiums are out there now than >> a year ago. That makes it more feasible. A lot more people with full net >> connections. Like most Americans, I have a flat rate net connection and a >> flat rate local phone connection so could run a cracking session >>permanently >> (as long as no one tells my ISP). We need a full test of the Winsock >> cracking client in any case. It wasn't working very well last time. >> >> DCF > > > >In my terminology, 'hairy edge of doability" means we have a shot >at success, but I wouldn't bet the farm on it. > >I thought that I might bet a couple hundred bucks, though. > >Sadly, after further calculation, I'm not so sure if it's doable just yet. > >What I'm looking at is a known plaintext attack on single ECB DES, >using a brute-force test to cycle through the key space. People >would get chunks of keyspace to test from a central server or >servers, and would be motivated to take part by a cash prize for >the lucky person who finds the key. > >Lets do the numbers: > >Single DES has the security of 56 bits of key - there are 64 bits in the >keys, but 8 of them are parity bits which add nothing to security. > >2^56 = 7.205e16 keys (which is a whopping big number) > >Let's guess that we can recruit the equivalent of full-time on 1000 >machines. > >7.205e13 keys/machine. > >Let's guess that we have about a month before people start to lose >interest - so we want to be more than 1/2 done by then. Lets say >we want to sweep the whole space in 40 days. > >1.8e12 keys/machine/day > >~21,000,000 keys/machine/second > >The fastest general purpose, freely available des implementation I'm >aware of is libdes. by Eric Young. With this, I can do a set_key in >15.8 us, and an ecb_encrypt in 95 us/block. That adds up to >about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). > >I'm looking at ideas to speed up DES - if I'm willing to use >honking great lookup tables, the permutation steps can be done >more quickly than libdes. I'm also looking at implementing the >algolrithm in hand-optimized P5 assembler. (It's been years since >I've done a major assembler project - the P5 has some truely weird >features to be considered, but also has (some) internal 64 bit >registers to play with). > >Let's guess that I can speed up a key-test up by a factor of 10. (This is >not a slur on Eric's code - it's extremely clever, but not optimized >for any particular processor, or for key-testing. Note that the keytest >described above takes about 10,000 cycles/test.) > >That gets my workstation up to about 90,000 keys a second, which is >still almost a factor of 250 too slow. > >I'm going ahead with my work on a faster DES keytester, but unless >optimizing gives an astounding win, I now think a distributed bruting >effort is a bit pre-mature. > >What will make this brute doable, if not now, then in the near future? > >1. Faster Processors - Moore's Law is still holding. A year ago, my >90 MHz Pentium was one of the faster machines taking part in the >40-bit RC4 crack. Now, it's passe. > >2. More processors. The number of people on the internet continues >to grow rapidly. > >3. More interest - Crypto awareness has greatly increased in the >last year, and a real cash prize (say, over $500) will generate both >publicity and interest. > >These factors all multiply together. The number of cycles that could >probably be recruited is increasing at a fast rate. A major part of the >work will be a keyspace distribution mechanism which can handle >the load (this was a major stumbling block last year). > > > >Peter Trei >trei at process.com > >Disclaimer: This has nothing to do with my employer. > From david at sternlight.com Tue Jul 23 13:35:34 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 24 Jul 1996 04:35:34 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: Message-ID: At 5:14 PM -0700 7/22/96, Ernest Hua wrote: >> >Rural America has a very different culture than urban America and urban >> >America's recent attempts to impose its values (like hoplophobia) on us >> >really chafes. >> >> Though it is well known that I am in favor of gun control regulations, I >> have to support Brad Dolan here. There is a huge and traditional gun >> culture in rural American, particularly in the midwest. The way most Jewish > >Or the way many blacks were lynched (physically and socially) in the South. >Or the way many asians were segregated. Or the way many ethnic groups >fought each other in inner cities. > >These are cultural relics of the good ol' days I simply can do without. > >Ern I find myself in the very peculiar and unfamiliar position of defending the gun crowd--I fail to see how (speaking generally) a midwestern rural teen's having a hunting rifle affects someone in urban America. Any integrity with respect to civil liberties extends to the rights of those with whom you disagree. Otherwise it's self-indulgence wrapped in fancy-looking clothes. David From shamrock at netcom.com Tue Jul 23 13:54:35 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 24 Jul 1996 04:54:35 +0800 Subject: DES-Busting Screen Savers? Message-ID: At 15:53 7/23/96, Timothy C. May wrote: >Or several times that number of machines or time for machines with less >crunch. Say, 100K Pentium-type machines for a month or two. How might this >be gotten? > >A while back I proposed one approach: a brute force "screen saver" for >Windows machines. Other platforms, maybe, but the most cost-effective thing >to do is to go after the Windows market only. A friend of mine actually wrote an RC4-40 cracking screen saver during the initial RC4 crack. We finished the brute force so quickly that he never released the software. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From shamrock at netcom.com Tue Jul 23 13:55:12 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 24 Jul 1996 04:55:12 +0800 Subject: E-Cash promotion idea Message-ID: At 23:19 7/22/96, Anonymous wrote: >How about getting the CyberCafes to accept ecash? Just pull out your >Newton/HP48/PDA and point the IR beam at the cash register. Now that's >an ecash application I'd like to see!! So would I. And one day we will. Though not not on the HP48. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From david at sternlight.com Tue Jul 23 14:02:57 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 24 Jul 1996 05:02:57 +0800 Subject: Netscape In-Reply-To: Message-ID: At 5:09 PM -0700 7/22/96, Ted Anderson wrote: >shamrock at netcom.com (Lucky Green) writes: >> At 15:27 7/20/96, Tom Weinstein wrote: >> >Why not consider what the consequences will be? Do you seriously >> >believe that this will make the government stop enforcing ITAR? Do you >> >believe it will make them change the law? No. What it will do is make >> >them remove our permission to distribute this stuff. >> >> I doubt that. PGP has been distributed for years with less safeguards >> than Netscape. It is available on more free-world sites than Netscape >> US. This did not prompt the powers that be to force MIT to take down >> their site. >> ... > >I must agree with Lucky. I am quite sure that even if Netscape was not >begin distributed over the net, copies would still be uploaded to >international sites by folks practicing Civil disobedience. To call simple lawbreaking by cowards working in secret "civil disobedience" is to defame the name of Gandhi, King, and all the legitimate protesters of modern history. Civil disobedience must be seen publicly, and must be done by observable individuals. Masked men throwing stink bombs is not civil disobedience--it's hooliganism. David From bryce at digicash.com Tue Jul 23 14:28:43 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Wed, 24 Jul 1996 05:28:43 +0800 Subject: NOISE: Ayn Rand and smoking (no flame, I promise!) Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) In-Reply-To: Message-ID: <199607231140.NAA09926@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- An entity calling itself tcmay at got.net (Timothy C. May) probably wrote something like: > > (Phill also mentions Rand. She was about as deeply flawed an individual, > especially in terms of treatment of her supporters, as one can imagine. > She, for example, insisted that her followers smoke, as smoking is (she > claimed) proof of Man's dominance over nature. However, many of her ideas > were very influential.) I know a lot about Rand, and about her deep flaws as an individual, especially in terms of treatment of her supporters, but this is the first I've heard of this one. Perhaps Tim is thinking of a play by Murray Rothbard called "Mozart Was a Red" in which the Ayn Rand caricature insists that her followers smoke. As for smoking being "proof" of man's dominance over nature, Rand _did_ believe that in the sense of "demonstration" or "symbol" but she did not believe that in the rigorous sense of "proof". Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMfS6EkjbHy8sKZitAQGubgMAzVtEscUNh6B5t2CwrYSw0F+3RMFxpnOG suVRakUdAUfNAgIzjoCGjqH3s76knprz2Qs1mImLNSECbFrBwuyBSJkHGXfBv22M 2E2e/5B4ytrKeEXbC2bBDlYiobYg90cZ =ZcTW -----END PGP SIGNATURE----- From tcmay at got.net Tue Jul 23 14:51:57 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 24 Jul 1996 05:51:57 +0800 Subject: DES-Busting Screen Savers? Message-ID: At 5:02 PM 7/23/96, Lucky Green wrote: >At 15:53 7/23/96, Timothy C. May wrote: > >>Or several times that number of machines or time for machines with less >>crunch. Say, 100K Pentium-type machines for a month or two. How might this >>be gotten? >> >>A while back I proposed one approach: a brute force "screen saver" for >>Windows machines. Other platforms, maybe, but the most cost-effective thing >>to do is to go after the Windows market only. > >A friend of mine actually wrote an RC4-40 cracking screen saver during the >initial RC4 crack. We finished the brute force so quickly that he never >released the software. > Too bad. Properly modularized software, i.e., with a place to drop in the specific system/algorithm being attacked, could be adapted quickly to DES-busting, or whatever. If your friend still has this, and it's not just spaghetti code, maybe he can adapt it to a truly large-scale attack. BTW, sitting in my hot tub last night I quickly reconstructed the math for the "random" keyspace inefficiency: -- Imagine that N users are "randomly" picking chunks of keyspace to search. That is, they are not coordinating with others to avoid duplication. -- By the time the total amount of computons expended has equalled the amount that would have been expended in a "no duplications" allocated search, the Poisson probability distribution says that 1/e = 36.8% of the keyspace will not have been searched; the rest of the probabilty lies in keyspace searched once, twice, three times, etc. -- Thus, the calculation will have to go 2-4 times longer to give a high (>95%) chance that the answer is found. For example, at 3 times the "efficient" search time, there is only a 1/e^3 = 5% chance that nobody has found the answer The probabalistic assignment is less efficient, obviously, but has the advantage of not requiring a registry of keyspace allocations. Further, "denial of service" attacks (lying about having searched a chunk, or incorrectly searching or reporting) are not a problem. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Tue Jul 23 14:53:01 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 24 Jul 1996 05:53:01 +0800 Subject: Bare fibers Message-ID: <199607231824.LAA11873@mail.pacifier.com> At 05:19 PM 7/23/96 -0400, Rabid Wombat wrote: >> It occurs to me that a bare fiber could actually be (randomly) hung across >> treetops, roofs, power lines, and various other structures, over a >> many-block distance in suburban areas. Such a fiber wouldn't be protected >> very well, but it would probably last a few months. It would also be >> exceedingly hard to find its terminations, and tracing it would be a real >> pain. (It probably wouldn't be visible against a bright sky more than a >> meter or two away.) > >It also would have little structural integrity - if you attached it to >trees, which sway in the wind, you'd have a broken fiber in a short time. >(The fiber doesn't even need to break, per se; microscopic cracking, >usually at the cladding, will ruin your fiber) (bird strikes would also be >a big problem, mostly for the bird) But how long? I don't doubt that the effects you describe will occur, but I'm only talking about a _semi_-permanent installation. My guesstimate (months) was based on the idea that the fiber would be short (say, less than a kilometer)enough so that even accelerated loss (microcracking) wouldn't appreciably degrade the transmission. Also, I'm assuming that the fiber would be hung with enough slack so that swaying/growing trees wouldn't stretch the fiber appreciably. >ob crypto/privacy: Anybody have a good idea for detecting a tap on >exterior fiber? I'd expect an attacker to have to interupt connectivity, >terminate both ends of a break, and insert an active device. Thoughts? They can tap a fiber by bending it over a small radius, which causes leakage around the OD without appreciably interrupting the signal. Changes are pretty good that this would b e the technology used. Jim Bell jimbell at pacifier.com From wombat at mcfeely.bsfs.org Tue Jul 23 14:58:16 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 24 Jul 1996 05:58:16 +0800 Subject: Bare fibers In-Reply-To: Message-ID: > > Doesn't that make it vulnerable (detectable) to Tempest attacks? > > Harka > ___ Blue Wave/386 v2.30 [NR] > No. Transmitting light via fiber doesn't emit EM. Anyway, the original post, as I recall, was about keeping sensitive data on a second hard drive, connected via (very thin, therefore harder to notice) fiber. Tempest monitoring was not a factor. -r.w. From jimbell at pacifier.com Tue Jul 23 15:01:11 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 24 Jul 1996 06:01:11 +0800 Subject: DAM_lin Message-ID: <199607231824.LAA11869@mail.pacifier.com> At 02:10 PM 7/23/96 GMT, John Young wrote: > 7-23-96, WaPo: > > "The Cryptography Wars." Op-Ed By Kenneth W. Dam and > Herbert S. Lin > Indeed, only a fully open > and inclusive public discussion can lead to the national > consensus upon which any successful cryptography policy > will depend. > http://jya.com/damlin.txt (6 kb) I've pointed out (primarily to Sternlight) that the whole concept of referring to it as a "cryptography _policy_" biases the discussion. "Policies," in this usage, are the functions of governments. Countries don't necessarily have any need to have a "policy" on cryptography. In fact, one could argue that in a country where freedom of speech is in effect, no sort of restrictive "policy" has any place. Jim Bell jimbell at pacifier.com From vinnie at webstuff.apple.com Tue Jul 23 15:05:06 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Wed, 24 Jul 1996 06:05:06 +0800 Subject: SHI_fty In-Reply-To: <199607230147.VAA25244@lists.gateway.com> Message-ID: >jya at pipeline.com (John Young) writes: > >> "Microsoft Sees A Major Shift For Computers." John Markoff >> >> MS is preparing to release new software that would bring >> the most fundamental change to personal computers since >> the machines were invented in the 1970's. > Uh I think apple had that for a while, it's called cyberdog http://cyberdog.apple.com screw this ole fud. Vinnie Moscaritolo Developer Tech Support http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From hfinney at shell.portal.com Tue Jul 23 15:14:46 1996 From: hfinney at shell.portal.com (Hal) Date: Wed, 24 Jul 1996 06:14:46 +0800 Subject: Ross Anderson's Eternity service Message-ID: <199607230313.UAA18607@jobe.shell.portal.com> Sherry Mayo posted here a while back a reference to Ross Anderson's Eternity service paper, . He is also giving an invited talk on the subject this fall at a crypto conference in Prague. The goal of the Eternity service is to make published information permanently and ineradicably available, despite efforts on the part of powerful attackers to destroy it. The attack model explicitly includes governments. This has obvious relevance to current controversies involving copyright, trade secrets, etc. It's difficult to evaluate the proposal because many of the issues seem more legal than technical. Can a service like this, which would seemingly exist largely to circumvent legal restrictions on publishing, possibly be legal? Anderson's basic concept is of a network of storage servers in widely scattered jurisdictions. He uses cryptography so that although the servers store data, no single computer knows exactly what is stored in the encrypted files it holds. Keys to the data are spread across the network using secret sharing techniques, with mutual cooperation among the servers being necessary to decrypt files. (I believe the files themselves are redundantly stored on individual servers, but they are encrypted with keys which are split.) Anonymous communications are used among the network of computers to reply to requests, so that attackers can't tell which computer produced a requested document. The overall goal is apparently to arrange things so that each individual server has a level of deniability if they are accused of having provided information which is illegal in some jurisdictions. It can deny having produced any particular document in question, and if everything is designed properly it is not possible to prove otherwise (other than by subverting a bunch of the other servers). I won't try to go into much detail here (actually I found some of the crypto details kind of hard to follow in the paper, but I will write up my understanding if there is interest) but some of the other ideas are that the service would charge money enough to cover its costs and add new equipment as storage requirements increase (to prevent flooding attacks), and that requests would be submitted by broadcast to the network of servers, and information returned via a remailer network. The documents would be identified by some global names, and one of the documents would be an index file which identifies the others, with descriptions. A few questions for discussion: - Would it be possible in practice to run a network like this? - Would there be much interest in it among users? - Would it be a net benefit to society for such a service to exist? Hal From ota+ at transarc.com Tue Jul 23 15:24:55 1996 From: ota+ at transarc.com (Ted Anderson) Date: Wed, 24 Jul 1996 06:24:55 +0800 Subject: Netscape In-Reply-To: Message-ID: David Sternlight writes: > >I must agree with Lucky. I am quite sure that even if Netscape was not > >begin distributed over the net, copies would still be uploaded to > >international sites by folks practicing Civil disobedience. > > To call simple lawbreaking by cowards working in secret "civil > disobedience" is to defame the name of Gandhi, King, and all the legitimate > protesters of modern history. Civil disobedience must be seen publicly, and > must be done by observable individuals. Masked men throwing stink bombs is > not civil disobedience--it's hooliganism. As you can clearly see I did *not* suggest that the software needed to be uploaded anonymously. I agree that public disobedience has a much large impact than private disobedience, but I think the value of private disobedience is still positive. Uploading critical software which computer users can access accross the globe, important as it is, is not an ideal method of practicing (or mispracticing if you prefer) Civil Disobedience. The problem is that only a single copy only needs to be uploaded and only one person really gets "credit" for the upload. Better is something like Vince Cate's "Arms Trafficker" page: http://online.offshore.com.ai/arms-trafficker/ I am there at #172 striking a tiny but not invisible blow for freedom. 172 Mon May 6 7:56:39 1996 Ted Anderson user-168-121-79-76.dialup.mindspring.com 168.121.79.76 Ted Anderson From edgar at garg.campbell.ca.us Tue Jul 23 15:38:31 1996 From: edgar at garg.campbell.ca.us (Edgar Swank) Date: Wed, 24 Jul 1996 06:38:31 +0800 Subject: Announcing SecureDrive 1.4b Message-ID: <31f4f574.1842657@news.earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- This is to announce the availability of Version 1.4b of SecureDrive. SecureDrive Version 1.4b replaces version 1.4a, 1.4, 1.3d, and previous versions. Release 1.4b is a maintenance release of 1.4/a. No new function is added. Only modules SDCOMMON.C, SETENV.ASM and CRYPTDSK.C have non-cosmetic changes, which affect executables LOGIN.EXE and CRYPTDSK.EXE. For that reason, all other executables still self-identify as release 1.4. They are in fact the exact same EXE & COM files as release 1.4. 1.4b fixes problems setting PGPPASS from Windows 95, either inside Win95 from a DOS window, or from the DOS 7.0 environment outside Windows. Unfortunately, LOGIN still cannot activate SecureDrive decryption from inside a Win95 DOS window. This same fix also, for the first time, enables LOGIN to set PGPPASS (as well as activate SecureDrive) from inside a Windows 3.x DOS window. CRYPTDSK also contains added warning msgs for 1) attempting to encrypt drive C: and 2) interrupting en/decryption with Ctrl-Break. There are also some minor changes in SECDRV.DOC. In the USA, SecureDrive 1.4b is now available at Colorado Catacombs BBS - 303-772-1062 (up to 28,800 bps, 8n1) - log in with your own name or alias. Download SECDR14B.ZIP from the [F]ile menu. ftp://ftp.csn.net/mpj/USA/?????/disk/secdr14b.zip where the ????? is given in ftp://ftp.csn.net/mpj/README These are all controlled-access sites available to USA citizens and residents only. Thanks to the cooperation of Steve Crompton of the U.K., who worked with me closely, I am able to also announce availability on an offshore site, ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdr14b.zip In case anyone in the U.S. Justice Dept. is reading this, Steve and I were very careful to do this release without violating US export restrictions. The only things I "exported" to Steve were "diffs" for source changes from 1.4a to 1.4b, which themselves don't contain any code capable of encryption or decryption. Steve combined those with source for 1.4a, already available overseas. Steve compiled the new source code, and sent the new EXE files to me. I compared the new executables to ones I compiled myself and verified they match, bit for bit. I then sent back to Steve detached signature files for the executables. Steve then put together secdr14b.zip and sent that to me for final inspection. I then compared all files against my "master" files here and verified that they matched. I then shipped the secdr14b.zip that Steve sent me to the USA sites. So the USA release matches bit for bit the offshore release. Here are the contents of secdr14b.zip Length Method Size Ratio Date Time CRC-32 Attr Name ------ ------ ----- ----- ---- ---- -------- ---- ---- 54081 DeflatX 19452 65% 07-20-96 19:45 8f807f09 --w- SECDRV.DOC 43718 DeflatX 20532 54% 07-20-96 20:12 21b5a5cb --w- LOGIN.EXE 42564 DeflatX 20333 53% 07-20-96 20:12 bdda692b --w- CRYPTDSK.EXE 32595 DeflatX 8786 74% 08-06-95 00:00 1c7d2225 --w- SECTSR.ASM 20623 DeflatX 4896 77% 07-20-96 19:34 f4c9ffda --w- CRYPTDSK.C 19664 DeflatX 4184 79% 11-19-93 21:42 22c2502c --w- CRYPT2.ASM 18598 DeflatX 4560 76% 07-20-96 19:41 7b2def07 --w- LOGIN.C 18321 DeflatX 6917 63% 06-14-93 22:27 0767480b --w- COPYING 15466 DeflatX 9750 37% 07-20-96 20:12 a90b90ff --w- FPART.EXE 14998 DeflatX 4111 73% 06-12-96 18:06 858fc2cb --w- SDCOMMON.C 13011 DeflatX 3073 77% 07-20-96 19:48 4fbda9fb --w- SETENV.ASM 12606 DeflatX 7634 40% 07-20-96 20:12 5b3023ad --w- COPYSECT.EXE 11557 DeflatX 3274 72% 05-09-93 19:38 e71f3eea --w- MD5.C 5278 DeflatX 3467 35% 11-14-95 20:52 af2f141c --w- KEY.ASC 4353 DeflatX 1721 61% 08-06-95 00:00 b4e99e6a --w- FPART.C 3656 DeflatX 1101 70% 08-06-95 00:00 6ed75bcc --w- SECDRV.H 3407 DeflatX 1105 68% 05-11-93 12:49 f1f58517 --w- MD5.H 2022 DeflatX 789 61% 08-06-95 00:00 dd3e9e64 --w- COPYSECT.C 2000 DeflatX 1324 34% 07-20-96 20:12 ba1568d1 --w- SECTSR.COM 1554 DeflatX 569 64% 08-06-95 00:00 3589f489 --w- MAKEFILE 1355 DeflatX 629 54% 01-21-94 08:44 db63ade4 --w- RLDBIOS.ASM 1254 DeflatX 543 57% 05-09-93 19:39 182978aa --w- USUALS.H 278 DeflatX 213 24% 12-06-95 20:33 6c13428c --w- FILE_ID.DIZ 152 Stored 152 0% 08-06-95 00:00 17b02bc2 --w- COPYSECT.SIG 152 Stored 152 0% 06-01-96 01:10 c195c865 --w- CRYPTDSK.SIG 152 Stored 152 0% 08-06-95 00:00 0b345a16 --w- FPART.SIG 152 Stored 152 0% 06-01-96 01:09 4cebe45a --w- LOGIN.SIG 152 Stored 152 0% 08-06-95 00:00 3817512c --w- SECTSR.SIG ------ ------ --- ------- 343719 129723 63% 28 Also note that the ZIP file contains PGP detached signatures (*.SIG) for the executable files. Finally here is my public key, also available on many public keyservers and on my home page (below); note who has signed it. Also please note my present Email addresses. Edgar W. Swank Edgar W. Swank Home Page: http://members.tripod.com/~EdgarS/index.html (Note: only Garg and ilanet addresses are currently valid. Garg is preferred.) Type bits/keyID Date User ID pub 1024/DA87C0C7 1992/10/17 Edgar Swank sig E8E044BD Peter Herngaard sig DA87C0C7 Edgar Swank sig 4AAF00E5 Dave Del Torto sig 32DD98D9 Vesselin V. Bontchev sig 0F59323D Albert Yee Edgar W. Swank sig DA87C0C7 Edgar Swank Edgar W. Swank sig 91E71221 Cruz sig DA87C0C7 Edgar Swank sig C0595F91 Ian H. Chan sig 61130A1B Arnold L. Cornez, J.D. sig 18239E91 Robert C.Casas <73763.20 at compuserve.com> sig 4AAF00E5 Dave Del Torto sig 08B707C5 Anton Sherwood sig 32DD98D9 Vesselin V. Bontchev sig 34D74DC1 Peter Simons Edgar W. Swank sig 877AA661 Peter Simons *OLD KEY* sig 4AAF00E5 Dave Del Torto sig 3245BF5D Jeremy S. Anderson sig 08B707C5 Anton Sherwood sig 32DD98D9 Vesselin V. Bontchev sig FF67F70B Philip R. Zimmermann - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf 9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2 hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR tClFZGdhciBTd2FuayAgIDxlZGdhckBHYXJnLkNhbXBiZWxsLkNBLlVTPokAlQIF EDDoDMtzeIyX6OBEvQEBwiED/3qOECeAY1szZQVpOaSKQNSyPqnB8xwOJAryCNUE Pix2kjA0MG+dpJeLABUc17NX7FD8ZP5pfeYtXyIaV27Ls7/dSmpHYKCb/dV2o8QX CftwBteuetXy8OcE63hE6s1P1/tvo3iYPXvG4+MADfh1C4680Skx/RAzBHRNBEHA aDBaiQCVAwUQMNMNwd4nNf3ah8DHAQEs2wP8D7n1GMjYUvSA8aAWzdl37TEVnefX Qo5Y5Ns5dBNympYMcUseNC11hKiP/Po4w+Uso3saUfHasO+dtzOlkJVvUQkBlDlv HQDn4rbim1O1h0apM0uscsqBf5M4sx7fOq3NdH1FxKMbJkzoQX3SS8NEw0kfxq8M olFM1B5cklSgnjyJAJUDBRAwzGO6ocE4X0qvAOUBAUwKA/4pJAFciiDobMXRvVBr K00mSjGPNfrpxLBrEtKFFvnXmyWX//3qKBo7knJK1jWhsi2CHrnD1eYuhalk5QMH KAbRB45IALZ96VU6HFE9eG8kLdNCMqL1Z9zuWJIHSoTA8BJMGp9oJUQRVCR4EX4l Or2bC1zGBNYNiMshtCnbSX4Va4kAlQMFEDBmZEE2VpfGMt2Y2QEBEsID/0vobHvt D65LmaHQZzPd1fuZzxsKFXG5/dCwx60Qk624Yc7P1m1q+LY8KFuLtvSe1Ltn1dOp Q+eKOqdqh7z6BpywheHSwUPkA80QS9JIPFwj4FBBw5imvPihTG56TRfpDQn1kN2S laurx3SADtbohOZXuzT+uagk9OWl0/NQS/ubiQCVAwUQL5YBoVPK4mAPWTI9AQHF AQQAtjRStFaaWND/0ju+ciwcCvvHyQg8/EEXYekopHkDhHcnD7oSqQhvk/4P4CEa DMKC2U/BQVdmhoXjTH9LpdlxqLuxIkDD05NBAKJDiWaDcZDOXstHDsQB4X0R0SYn +l4fe0/Dhp+b7tLr0RTYr0A7X8bpi/w/X68V3EjBph556Me0LEVkZ2FyIFcuIFN3 YW5rICAgPEVkZ2FyX1cuX1N3YW5rQGlsYW5ldC5vcmc+iQCVAwUQMcEkft4nNf3a h8DHAQEQjQQAgQSNNO81LkGalLyQHZSdsUIitrDONnK4jg0y2xd3AyjmObbJvDCr UGGlC8CTh0OC9xqTGHVWrDDFPWsyUpzCPP6L5OqiJXllNNwExp8hkW7Xc8Qe5I9P 0foL2Xvc85B0s0ml6bBvdJi8VNVvdZRWgmoGLn+N2RAgboSFcpklcHe0J0VkZ2Fy IFcuIFN3YW5rIDxlZGdhckBzcGVjdHJ4LnNiYXkub3JnPokAlQMFEDCA7Ag0lND0 kecSIQEBogYD/AjSmPjE1aC41IWsRfxYUCRyXuTAdgt1KDbhhkTTM2S4KPCSraHu HNnI11oPRihyhW6CHomyrhHZ37gVxcKjPGJUIc5SkWX+BXmzuCx4PMtq3drON4qy Jb+qH0PVXU3YGDrphRkgjW90lotRItSe0453jc4/d7KvnnH9kW5Xw1gviQCVAgUQ LZj0qd4nNf3ah8DHAQFrQwP+OeVHrxlNzhC+SxfttzIUC3g+VALuM6gv8b+cyxl0 tlkwi6H9G8qmPh9nr2ppQZR5jHUhubfsek/QGi88UwOfuRPdh+ZDl/rU4kMcXvdY GT9clOLjzXmcLM7y9v8F4mFLsNtvFN2qWLsqne6hUI7EFn2ea/8ujdm7eoNlq7t8 CyuJAJUDBRAvTcc16RnkL8BZX5EBAc3hA/sH117w/Wk0k4dJf0QiaBpg1s1aoipl 1Qg8bmOEuKuv7jfsxHIU1b5Lge2nA1tYgWuLOe8riNwJ5fFOgiBOx8ZfZWMpsZzz dEsp3XZ+6zjIe0Yx+vHcwDNrLANHrhO50tL9vnU3Vn3iszpwGEWH/F4Jccv/JuD9 pHIplRGrTOHkDokAlQMFEC7KUw2GKKqoYRMKGwEBG7kEANXdWUGwnnEtW7mLd02n YozA759qDHaVx3QtM5YYB8bDV7iZh7F+/XYnoPj9hzF4Ha0nLcISPXDHBHhtq7Cs cYJn8DetJ71CMAe8Zd/+W/vOqCmUqORaMU/L1tqnvpOWUNnswOkzROzOmNpw+Kq4 L+oqBFuqJPDXQYYEFKOsvB9LiQCVAgUQLiSVP18k3sEYI56RAQG5TgQAnw9Wtc+G dGScZ48hvMWZABnUiAXThw+Tq79HdPu+IySNi7aRfkSeppn9QD6v2OS8ELatgkTS uGt4CpME6hLHB46fTiTdoXMdw+z092mOuqVF2qVKtswnFar5Fy4j0XK/4lEx2d2/ 1IpaTQ+sbicGH9CqCoWOKAy1j2Ly9Jf7ZgeJAJUCBRAt1dNBocE4X0qvAOUBAQdh A/kB2vTXCIjZGtOw/bC6gOTHnMPBVTQeXHIZ3BZ4xYRdMfdKsxN3gTezOI8QixQo HzhvNGB02fB5EdB8+Ulw9kn08AR2b+mTwkgeNtlytvNZ52E7UpWEVtznxlGeiwRM bOFIaGKJFsGXFSRw3F89ZqoUnoeRvRgL0kJIQOZCLF62ZYkAlAIFEC2o/S8YM6Fl CLcHxQEBHcsD9i0o2d7Q2rsG/iRRwapxGKQbHPxgQXCB6MLVNDEa3c/png8r2PA9 cOeRcwx2xY/XxNuZo7lHXNp/j5xwYhooq+yTBJIL8DZqW99QT8+c05vw7M1UCEpy 7NT1exkMzoVR/Y3jKbIa4X1tX1ZrdmoozxW0T3DwCcCZ7dR26eZXlx2JAJUCBRAt mw+uNlaXxjLdmNkBAULKA/4wqdMn2GCApAq+5kJT+iJmLvVeNZj0JVjWspGDcd+1 cjCK9XWVTATVtRAfWbDukoJ2wNzNuz7gbqVHHcrV7nvcQt3KUsxWRyahREklc75P tXBm0PKpr5TNTM2J/Kql28GXQQyL+PHawTDQVE8ybCPj+WUgK5qd1o/2QPxnb4EA mYkAlQIFEC2bGrAPRy9bNNdNwQEBhLAD/3vWoDu4msz4YA8BcnfuovI0ApDL5ekS u447ByXgIcqNRe4oDtGdvrqXvJhpyuj5t7vVDGtzgQE0jU8H6u+Ocpj1nBlOXL36 DASSaJuLErByNCzqTaGVya5WGxmK2m+pKS6UVIXitF2tGxrKu+Pdp3rkv3oPHTWV gFT5eGRvfJIKtClFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYWlnb24u Y29tPokAVQIFECu5dYOzvL/Jh3qmYQEBYDICAI5KdaTiPr2Y1OtRCTi6xMG6hnRN alvK9C5d/bxrKnUYqsfSpKayX+Ts9psmq6a6doOrX3AAtgcZuTCYUfQkd22JAJUC BRArlzITocE4X0qvAOUBAahdA/4rRoSVp3G+Ki0wvkcAvpnwt7vSEYpHXSkyoC8L dAqs9bft5NDTOykgw5H1qFG1Doqk6oR0yxY0k91eVoBVclLWDb94sNO3JjHJKO/Q dODik5DpmXEnQhBfLlujuYkCtJjoBv1+QdImnnv9aNidGuLAneNvZ+UNNqfE3IRS hzNw3IkAlQIFECwAALo04ip/MkW/XQEBmNQD/0jUVqT0LMoVvw7Zz2FXyWrdBn6b RlyGxeqQWhigDXRipZ824/fHbA2vkbAczEayw8ZpwRVmhWNsxxWhjYFIi92KYJbA P/XIbr+rEuTIhPKKKKhuuGLUWhfXhCFluHjs3CA6ZQwnT4jnu1NlCkcnWLbL4ktq ub2zLwrHCPUe31L1iQCUAgUQK9Y50xgzoWUItwfFAQHPrAPzBbf6lQyzwbUwdxay zLDoh3HygnunLooi+yzziEVQchOgSt3sLe2I108DLxTgp+26lJYTAZB+Gg8HGyB+ Nz6263D0XlVUXQi9/7CSRyd8bhYFeuFPwFzHPWZlyLDAIsuaEfBsmp2DBLgffvhU CqiiWYmP9oa+rOA+5IHS+xN8tIkAlQIFECtj5iw2VpfGMt2Y2QEBDEYD/2iMMml6 5eFaNWrNP7abYh8QW3+Mnjyl5CNpAjGkxejmIm4nZKqUHN5DuGzpJDnstRwbz6da XK15XcoM1m8guhu6UzIwHs9+hbKE6inTCz4C0mE55PSmvF/ejjexnGzsiFpuFnjN /sRrSHc57flOIUWBCZD8Hizz3aYBxmvwJ863iQCVAgUQKxEXHOJ13g7/Z/cLAQGy YgP/apcv9V2MbHFgU0hl0D4MLqGjBReUfDroxQCsgsTb/0nr1W9yltBMqYPgD7Th LAf2rxIPNbGyD7VUA27LTwQTS6n2mbtkHOvGQVw7J2GwTA6319Gf0Qne0M1h7VJW jFX0Vzjuh/nk6btxM2uTLSF2nUsDXe5/9N5XeesFhrbXNrM= =N7az - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfT1Bt4nNf3ah8DHAQEFdwP/QYiBhqlP0K5YMqY6LIb4EQWy/ddZd4ji R5dwYRBxfErnb7h+3K4mtH/gFf/rznSDt5TONLIfaw2nGXx0nSpa9ANFbRhYaZTX GSaesh1wDQ0Z3/OZaKYpaKXbiZuprbBm0OEzTqb4IoTP4VpyYRrRly01lAtOClT/ IUX3I+irPoY= =24Ih -----END PGP SIGNATURE----- Edgar W. Swank Edgar W. Swank Home Page: http://members.tripod.com/~EdgarS/index.html From wombat at mcfeely.bsfs.org Tue Jul 23 15:42:14 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 24 Jul 1996 06:42:14 +0800 Subject: Boobytraps and the American Legal System In-Reply-To: Message-ID: On Tue, 23 Jul 1996, Timothy C. May wrote: > > Agree, very foolish to ever plant boobytraps in one's own home. > > Still, I remember vividly in college when the court case was decided > involving a guy in Florida who was tired of being burglarized and the cops > doing nothing about it: he rigged a shotgun to go off when someone broke a > window and entered. A perp did, was shot, survived, and the case went to > trial. > > The boobytrapper was found guilty of some serious crime--I don't recall the > details (this was circa 1972). > Set-guns are illegal in most, if not all jurisdictions (IANAL), as it is generally illegal to use deadly force to defend property. I would expect that any "booby-trap" would fall under the same legal category. From ceridwyn at wolfenet.com Tue Jul 23 15:43:21 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Wed, 24 Jul 1996 06:43:21 +0800 Subject: Distributed DES crack Message-ID: <2.2.32.19960723183652.006a6520@gonzo.wolfenet.com> >I've a few machines around that could be dedicated almost full time to the >task. What are the bandwidth requirements? Specifically, could the >keycracker be run over a 28.8 (with a 486 running linux)? If so, how many >486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy >chained with ppp over direct serial connection)? I imagine it would only need to report in every now and then with reports on the work it's accomplished, thus requiring very minimal bandwidth (unless you're the server, which would probably also do fine over 28.8). For that reason, you can have as many 486's as you can possibly own networked and cracking at the same time... For the record, I'm in, and have access to several mostly idle pentiums and a few sparc 10's ... =) //cerridwyn// From hua at chromatic.com Tue Jul 23 15:47:18 1996 From: hua at chromatic.com (Ernest Hua) Date: Wed, 24 Jul 1996 06:47:18 +0800 Subject: take the pledge In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com> Message-ID: <199607231834.LAA11518@server1.chromatic.com> > Look, folks, we all know that 99% of what David Sternlight posts is > garbage. Why don't we all pledge not to answer any of his posts, and > then he'll go away. If necessary, someone can be appointed to post a > weekly "the views expressed by David are junk and we are deliberately > not replying to them directly" message. > > David has plenty of places to argue with the wind. We don't need to > add this one. > > I'd like to ask people to publically pledge that they will not reply > to David's messages. This is such a pledge. One of the desirable results of free speech is that people get to listen to ideas rather than credentials. Some poor Joe from the ghetos has just as much freedom to speak because he may have good ideas. Given that, ignoring someone is much worse than to listening with reservations. Ern From rpowell at algorithmics.com Tue Jul 23 15:54:22 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Wed, 24 Jul 1996 06:54:22 +0800 Subject: take the pledge In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com> Message-ID: <96Jul23.134038edt.20483@janus.algorithmics.com> >>>>> In article , David Sternlight writes: >>> Look, folks, we all know that 99% of what David Sternlight posts is >>> garbage. > Perry is notorious for posting garbage and the above mote in his own eye is > a prime example. 99%? Let's see some data and specifics. I'm always willing > to discuss substantive disagreements, presented civilly. > It's pathetic that Perry, can't even make a rational counter-argument but > has to resort to unsupported defamation. >> Why don't we all pledge not to answer any of his posts, and >> then he'll go away. > Nobody compels you to answer any of my posts. Calling for a "pledge" and an > organized boycott suggests you are afraid people won't agree with you > without trying to make it "politically correct" to do what YOU want. Some > freedom-lover you are. > The truth is none of my points have been refuted by you, and being unable > to deal with rational critical comment, you resort to this. > Go for it. I won't mind, and the noise level will go way down, especially > among the defamers, who don't respond with much substance anyway. Sheesh. Count me in on the pledge. Note that he _still_ hasn't responded to the call for him to actually _START_ a thread. -Robin PS: He is the first _person_ ever to make my kill file for anything. _Subjects_, yes, _people_ no. However, there were 600 new cypherpunks messages over the last three days, and he seems to be way too much of it. I DON'T LIKE SPAM! From frissell at panix.com Tue Jul 23 16:07:00 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 24 Jul 1996 07:07:00 +0800 Subject: Intel, Microsoft doing Internet Phone Software Message-ID: <2.2.32.19960723184716.0084a5ac@panix.com> At 10:47 AM 7/23/96 -0400, W Lee Nussbaum wrote: > >...see IDT's Net2Phone product, at http://www.net2phone.com/; it does >what you describe. Two notes: (1) I haven't used it yet; (2: disclosure) >I'm now employed by IDT, though in a different area. > > - Lee Subject of an Economist article: http://www.economist.com/issue/20-07-96/wb2.html DCF From snow at smoke.suba.com Tue Jul 23 16:15:01 1996 From: snow at smoke.suba.com (snow) Date: Wed, 24 Jul 1996 07:15:01 +0800 Subject: Ross Anderson's Eternity service In-Reply-To: <199607230313.UAA18607@jobe.shell.portal.com> Message-ID: On Mon, 22 Jul 1996, Hal wrote: > A few questions for discussion: > - Would there be much interest in it among users? I would be. > - Would it be a net benefit to society for such a service to exist? It would benefit people. It may harm society by doing so. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Tue Jul 23 16:30:29 1996 From: snow at smoke.suba.com (snow) Date: Wed, 24 Jul 1996 07:30:29 +0800 Subject: Decrypt Unix Password File In-Reply-To: <9HRiRD9w165w@bwalk.dm.com> Message-ID: On Tue, 23 Jul 1996, Dr.Dimitri Vulis KOTM wrote: > Jerome Tan writes: > > How can I decrypt Unix password file? > There are many programs that do this, e.g., look for 'crack'. > This attack can be made more difficult if you force your users not to use > easy-to-guess passwords, and if you use something like NIS and shadowing to > make the public part of the passwords harder to get. From my conversations with Mr. Tan, he seems to be a high school bent of mischeif. He is the one who asked about penetating firewalls, and now wants to know how to hack a unix passwd file. Now, I am not philosophically opposed to hacking, unless you are doing it to a machine that I am responsible for, (in which case you'd better hope the FBI finds you before I do) but I don't think that it would be a good idea to just give him the information. He would wind up getting caught all too easily, and might point to this list as a source of information on cracking techniques. I don't know if this should go to the whole list, so you can bounce it there if you think it proper. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From wombat at mcfeely.bsfs.org Tue Jul 23 16:41:59 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 24 Jul 1996 07:41:59 +0800 Subject: NOISE: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607222349.AA01276@Etna.ai.mit.edu> Message-ID: On Mon, 22 Jul 1996 hallam at Etna.ai.mit.edu wrote: > > > Well, you're in a country of _free citizens_ now, Limey, so if you > >don't like it, then go back to England - a whole nation of people who foam at > >the mouth with pride and pleasure over their status as feudal _subjects_. > > O.K. lets see if we brits were to offer you yankees the Windsors, > plus an assortment of flunkies, corgies and stuff are you so sure that > your people would reject it? After all someone sold you a bridge so > it's not that implausible. > America didn't by the bridge; an American bought the bridge. It was purchased as a theme park attraction. I think the Windsors would make an excellent theme park attraction. We'll put them down the road from Graceland. You can go see the Queen after you've visted the King ... How much are you asking? (O.K. - how much minus the corgies?) - r.w. From frantz at netcom.com Tue Jul 23 17:00:05 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 24 Jul 1996 08:00:05 +0800 Subject: Brute Force DES Message-ID: <199607231854.LAA28036@netcom7.netcom.com> At 12:41 AM 7/23/96 -0800, jim bell wrote: >Not that I think that such a dedicated chip necessarily exists; chances are >good that there isn't all that much demand for a 12-megabyte/second >encryptor. If you are running a 600 megabit/sec ATM/SONET link and want to encrypt it, you are in the market for a 75 megabyte/sec encryptor. As for dedicated crackers, according to my notes from the SAFE forum at Stanford, Eric Thompson said his company made FPGAs for cracking DES. A seven day crack for $1 million. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From tcmay at got.net Tue Jul 23 17:04:58 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 24 Jul 1996 08:04:58 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: At 2:42 PM 7/23/96, Alex F wrote: >> > People buying CDs at a garage sale & getting arrested for >> >piracy. Wonderful. >> >> Arrests like this are uncommon. Even buying "cheap bikes" and other "cheap" >> (= probably stolen and fenced) merchandise almost never subjects the >> purchaser to criminal sanctions. > >Yes, but concievably if (whoever would be incharge, FBI?) *could*, >under law do this, even if they are wrong. It is a lot harder to >prove that they intentionally harrassed *you* than it is for them to >say that they were following leads and show evidence. Yes, this may To go to trial, an indictment would be needed. How likely is this? Not very. Discussion of "in theory they could arrest you" points often neglects the realities of the legal system. A large fraction of pawnshop items have questionable provenance, the items having been stolen at some time in the past. Could J. Random Buyer who walks in, sees an item he likes, buys it, and walks out with it be handcuffed and taken down the lockup for the crime of buying stolen property? Doubtful, in the real world. And defense would be ridicuously easy. >Cds are often sampled at 48 these days. Mine was, and we had to >reduce it to 44.1 for mass producing (much to our surprise, since >many CD manufacturers love getting stuff at 48 over 44.1) A trivial increase in frequency, and still not allowing the hypothesized 30 KHz signal to be added. DATs often sample at 44 and 48 KHz, switchably. The CD standard is of course still what it is. >Not familiar with the Nyquist limit w/ regards to sampling rate vs >frequency :( Check any textbook, or even a good dictionary. Basically, it says that one must sample at more than twice the frequency of the highest frequency to be reconstructed. Thus, a 20 KHz top frequency needs at least 40 K samples per second. The exact number is, I think, about 2.2x the freqency, which is why CDs were standardized at 44 K samples per second per channel. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mab at crypto.com Tue Jul 23 17:06:06 1996 From: mab at crypto.com (Matt Blaze) Date: Wed, 24 Jul 1996 08:06:06 +0800 Subject: Distributed DES crack In-Reply-To: <199607231331.JAA15803@jekyll.piermont.com> Message-ID: <199607231412.KAA14573@crypto.com> Perry writes: > > I'm not entirely sure. It is certainly bigger than the factorings that > have been done, but on the other hand it is fairly easy to put > together the experiment, and there are an awful lot of idle machines > out there in the world. I have on several occassions been in > possession of four or five hundred idle CPUs at night, and I am pretty > sure that other people are in that position. The net has also grown > quite dramatically in recent years, and reaching 100,000 reasonably > high speed machines might not be so hard these days. At that point, it > becomes a question of how fast one can get the DES cracker. A constant > factor of two or three then makes a considerable difference in the > outcome, as does the user friendlyness of the overall system. > Here are my back-of-the-calculator numbers: 2^55 = 3.6 * 10^16 trial ecb operations (+key setup). Best P-100 DES software implementation I can find can do 110000 ECBs/sec. Key setup takes about twice as long as a single ECB. Assuming amazingly fast key setup and careful ECB optimization (precompute IP and FP, gray coded key enumeration with cached round results, etc), MAYBE, somehow, you could do 100000 ECB/sec on "average" workstation (average = 100mhz Pentium). That's 11000 Pentium-100 years for half the DES keyspace. > > Personally, I'd rather someone finish up the Wiener ASIC to the point where > > it could go out to fab, get some prototype chips made, design a board around > > it, and publish the design, from board layout on down. This would be a > > great Master's project, and some of us (maybe me, but I'll have to check) > > might even be able to scrape up enough funds to buy enough chips/boards/etc > > to build a modest size machine (say, that could exhaust a DES key in 1-6 > > months). Initial engineering costs aside, the marginal cost of each > > such machine could be well within the budgets of, say, a medium size crypto > > research lab, and would make a scary enough demo to convince even the > > most trusting management types of the risks of 56 bit keys. > > Well, that would certainly be cool, but this does require real > money. If you are willing to spend it, go for it, but I'm not sure we > can count on people doing that sort of thing. What do you suppose the > odds are that someone is going to build such a thing any time soon? > Well, I'm working on getting the funds to build (or support someone to build) some kind of parallel DES engine. I can probably scrape together an FPGA-based machine that can do a key in less than 6 months. I'm very serious about this project, but I can't say for sure when or if I'll be ready to start. -matt From alexf at iss.net Tue Jul 23 17:27:28 1996 From: alexf at iss.net (Alex F) Date: Wed, 24 Jul 1996 08:27:28 +0800 Subject: Digital Watermarks (slightly off-topic?) Message-ID: <199607231559.LAA04919@phoenix.iss.net> > In list.cypherpunks you write: > > Tough to do. A CD samples at 44,100 Hz. Nyquist says you can only > resolve the original frequencies up to 1/2 the sampling rate. So a CD > cuts off, of necessity, at 22,050 Hz. Many people can hear beyond 22 > KHz, and can notice the CD cutoff effect. (analog recordings taper off > as the analog response diminishes) Not a lot of room inband. Actually (speaking from personal experience) many many recordings are now done at a sampling rate of 48 instead of 44.1 (actually it may be around 50/50 or so, from my experience). Many CD replicators these days are thrilled to get recordings done at 48 instead of 44.1, which gives even more room. Another possibility, if you want to get even more into detail is to encode the ID in digital format on the CD. This will give an audible sound (ever put a CD-Rom in a regular CD player by mistake?), but a mirror of that sound played at the same time will effectively set that sound to nothing (cancelling it out). You can't hear it, but a machine can still decode the digital info. This way you can set it at a higher frequency where if it happens to cancell out a brief second of music, the listener won't notice (unless you are "Jamie Summers" :) ). Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From ses at tipper.oit.unc.edu Tue Jul 23 17:28:23 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 24 Jul 1996 08:28:23 +0800 Subject: Borders *are* transparent In-Reply-To: <199607231437.KAA20409@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: On Tue, 23 Jul 1996, Peter D. Junger wrote: > > I am afraid that the number of machines needed would trivialize even > the most non-trivial cash prize. But for what its worth, I can give > you a lot of spare cycles on a couple of 486 Linux boxes. Not really - you just give the prize to the first person to return the correct key (just like a real lottery). BTW, if you use a central site to allocate ranges to search, this site should not know the correct key, as otherwise it could decide who gets the chocolate bar with the golden ticket. If this project is run, I can't see it getting a hit for at least six months unless its _really_ well promoted. The java approach would be a cool hook - a slowish applet for your web page with something along the lines of "You may already have won 20c; whilst you're reading this page, your computer is playing the cypherpunks challenge. For a better chance of winning, download this free high performance screen saver and game piece." Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From crypto at nas.edu Tue Jul 23 18:02:13 1996 From: crypto at nas.edu (CRYPTO) Date: Wed, 24 Jul 1996 09:02:13 +0800 Subject: Public briefing on the NRC cryptography policy report in... Message-ID: <9606238381.AA838169687@nas.edu> Subject: Public briefing on the NRC cryptography policy report in Boston, August 7 Cryptography's Role in Securing the Information Society A Public Briefing in Boston, Massachusetts Wednesday, August 7, 1996, 10:00 am to noon There will be a public briefing Boston, Massachusetts by the National Research Council on the report. The briefing will be held at the Gardener Auditorium in the State House in Boston on Wednesday, August 7, from 10:00 AM to 12:00 noon. Check http://www.tiac.net/biz/bcslegal for current information. Authoring committee member Elliot M. Stone will be among the presenters at the Boston briefing. Dr. Herbert Lin, study director and senior staff officer of CSTB, will be present. The Boston Computer Society Legal Group, the Boston Bar Association and the Information Technology Division of the Commonwealth of Massachusetts are co-hosts for this event. Questions from the audience will be entertained, and a limited number of pre-publication copies of the report will be available at that time. For further information, please contact Dan Greenwood at (617) 973-0071 or DGreenwood @ state.ma.us. The event is open to the press and the public. If you have suggestions about other places that the committee should offer a public briefing, please send e-mail to crypto at nas.edu. From bryce at digicash.com Tue Jul 23 18:15:41 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Wed, 24 Jul 1996 09:15:41 +0800 Subject: NOISE NOISE NOISE: Ayn Rand's sexual pecadillos and the value of her ideas In-Reply-To: Message-ID: <199607232156.XAA06781@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- An entity calling itself something like Alan Horowitz might have been overheard muttering something along the lines of: > > Did Ayn Rand have any good sexual peccedillos? Some of her female characters like to have rape fantasies enacted on the very border of consent. She had an affair with her chief student with the knowledge and presumably consent of both of their respective spouses. She thought that a woman who wanted to be President of the U.S. and rule over men would become a sexless, embittered spinster because she couldn't enjoy being dominated. :-) I would call those "good ones", but YMMV. :-) This is making me feel kind of sleazy. For what it is worth I think that Rand has some of the best ideas in philosophy, and furthermore presented them in a (more or less) integrated system which has profoundly useful applications to both theoretical philosophy and everyday life, not to mention dramatically publicizing and popularizing philosophical ideas in a social and political context. Rand's ideas are wildly under-rated by most serious thinkers and wildly over-rated by most of her followers. It is a shame that her acid polemics, kooky tangents, and personality cult have distracted most people from her valuable insights. Which brings us back to the original subject of this thread, although nowhere close to the original topic of this forum. Regards, Bryce #include /* speaking for myself, not for Digicash at this time. */ -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMfVKjEjbHy8sKZitAQHZ0AL/dk3UCs/SBX7LEtaH1oInnXtZoswKm9J7 RxXx80HMw95Ym1ihjRoNJqwp1uxieuN+1p9JQpzyxc6/WJWzPF8SmE/vkith7eiL JSLY9CR0O3J1sTCzJaSlGk9Yfs39EzAG =V+jp -----END PGP SIGNATURE----- From Ryan.Russell at sybase.com Tue Jul 23 18:17:07 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Wed, 24 Jul 1996 09:17:07 +0800 Subject: Brute Force DES Message-ID: <9607231746.AA26532@notesgw2.sybase.com> How about harder logistical problem? I had considered the possibility of cracking DES once and for all (I was specifically thinking of crypt(3), but it applies just as well for DES in general..) and instead of trying up a bunch of computers for however many months it took to crack a single key... Let's tie up everyone's extra storage and store the results as each key is generated.. Yes, I realize that it's a rather large amount of storage... Then key lookups could be done at will, reverse DNS style.. Ryan ---------- Previous Message ---------- To: frissell, cypherpunks, trei cc: From: trei @ process.com ("Peter Trei") @ smtp Date: 07/22/96 04:55:17 PM Subject: Re: Brute Force DES > Peter wrote: > >Any one up for a distributed brute force attack on single DES? My > >back-of-the-envelope calculations and guesstimates put this on the > >hairy edge of doability (the critical factor is how many machines can > >be recruited - a non-trivial cash prize would help). Duncan wrote: > I volunteer my 120 MHZ Pentium. A lot more Pentiums are out there now than > a year ago. That makes it more feasible. A lot more people with full net > connections. Like most Americans, I have a flat rate net connection and a > flat rate local phone connection so could run a cracking session permanently > (as long as no one tells my ISP). We need a full test of the Winsock > cracking client in any case. It wasn't working very well last time. > > DCF In my terminology, 'hairy edge of doability" means we have a shot at success, but I wouldn't bet the farm on it. I thought that I might bet a couple hundred bucks, though. Sadly, after further calculation, I'm not so sure if it's doable just yet. What I'm looking at is a known plaintext attack on single ECB DES, using a brute-force test to cycle through the key space. People would get chunks of keyspace to test from a central server or servers, and would be motivated to take part by a cash prize for the lucky person who finds the key. Lets do the numbers: Single DES has the security of 56 bits of key - there are 64 bits in the keys, but 8 of them are parity bits which add nothing to security. 2^56 = 7.205e16 keys (which is a whopping big number) Let's guess that we can recruit the equivalent of full-time on 1000 machines. 7.205e13 keys/machine. Let's guess that we have about a month before people start to lose interest - so we want to be more than 1/2 done by then. Lets say we want to sweep the whole space in 40 days. 1.8e12 keys/machine/day ~21,000,000 keys/machine/second The fastest general purpose, freely available des implementation I'm aware of is libdes. by Eric Young. With this, I can do a set_key in 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). I'm looking at ideas to speed up DES - if I'm willing to use honking great lookup tables, the permutation steps can be done more quickly than libdes. I'm also looking at implementing the algolrithm in hand-optimized P5 assembler. (It's been years since I've done a major assembler project - the P5 has some truely weird features to be considered, but also has (some) internal 64 bit registers to play with). Let's guess that I can speed up a key-test up by a factor of 10. (This is not a slur on Eric's code - it's extremely clever, but not optimized for any particular processor, or for key-testing. Note that the keytest described above takes about 10,000 cycles/test.) That gets my workstation up to about 90,000 keys a second, which is still almost a factor of 250 too slow. I'm going ahead with my work on a faster DES keytester, but unless optimizing gives an astounding win, I now think a distributed bruting effort is a bit pre-mature. What will make this brute doable, if not now, then in the near future? 1. Faster Processors - Moore's Law is still holding. A year ago, my 90 MHz Pentium was one of the faster machines taking part in the 40-bit RC4 crack. Now, it's passe. 2. More processors. The number of people on the internet continues to grow rapidly. 3. More interest - Crypto awareness has greatly increased in the last year, and a real cash prize (say, over $500) will generate both publicity and interest. These factors all multiply together. The number of cycles that could probably be recruited is increasing at a fast rate. A major part of the work will be a keyspace distribution mechanism which can handle the load (this was a major stumbling block last year). Peter Trei trei at process.com Disclaimer: This has nothing to do with my employer. From alanh at infi.net Tue Jul 23 18:29:50 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 24 Jul 1996 09:29:50 +0800 Subject: No more stupid gun thread ... In-Reply-To: Message-ID: How _can_ anyone say that "stupid guns" is ready for the trash-heap of history? No one has called anyone a Nazi yet! From david at sternlight.com Tue Jul 23 18:29:52 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 24 Jul 1996 09:29:52 +0800 Subject: Netscape In-Reply-To: Message-ID: At 9:15 PM -0700 7/22/96, Lucky Green wrote: >Remember, even PRZ was only harassed, never charged. Phil Z was not harassed, he was investigated. When the government harasses you, believe me you will know it. Can you say "IRS"? David From mab at crypto.com Tue Jul 23 18:41:05 1996 From: mab at crypto.com (Matt Blaze) Date: Wed, 24 Jul 1996 09:41:05 +0800 Subject: Distributed DES crack In-Reply-To: Message-ID: <199607231430.KAA14775@crypto.com> > On Tue, 23 Jul 1996, Matt Blaze wrote: > > > > > > Personally, I'd rather someone finish up the Wiener ASIC to the point where > > it could go out to fab, get some prototype chips made, design a board around > > it, and publish the design, from board layout on down. This would be a > > great Master's project, and some of us (maybe me, but I'll have to check) > > might even be able to scrape up enough funds to buy enough chips/boards/etc > > to build a modest size machine (say, that could exhaust a DES key in 1-6 > > months). Initial engineering costs aside, the marginal cost of each > > such machine could be well within the budgets of, say, a medium size crypto > > research lab, and would make a scary enough demo to convince even the > > most trusting management types of the risks of 56 bit keys. > > alerts me to an interesting topic. Thanks.) > > Matt, can you give us an idea of the cost of a "modest size machine" might > be? Is this something we can do with a C'punks bake sale or our we going > to need corporate/academic support? Also, if we do use the bake sale > approach, is there some way the money can be collected and routed into an > R&D sort of facility without causing a lot of stink with whomever actually > runs the place, like a university? My estimate is that an FPGA-based machine that can do a single DES key every four months (eight months to exhaust the whole keyspace) could be built with off-the-shelf stuff for comfortably under $50k (plus labor, plus software development costs). A prototype board should cost under $1000 and will help prove the concept and get a more accurate cost estimate. I expect to build such a prototype machine myself, and, if it works as I expect, maybe the whole thing. -matt From hua at chromatic.com Tue Jul 23 18:51:40 1996 From: hua at chromatic.com (Ernest Hua) Date: Wed, 24 Jul 1996 09:51:40 +0800 Subject: Brute Force DES In-Reply-To: <2.2.32.19960722180543.0069c5a8@panix.com> Message-ID: <199607231821.LAA11416@server1.chromatic.com> I volunteer any unloaded P133 & P166 we have here. We literally have hundreds. Unfortunately, they mostly run Winblows 95. If you can get me source ... I can help. Ern From WlkngOwl at unix.asb.com Tue Jul 23 18:51:43 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 24 Jul 1996 09:51:43 +0800 Subject: Lawsuit over publishing how-to-murder book Message-ID: <199607231812.OAA18874@unix.asb.com> >From LI Newsday today, p. 18: Suit Follows Muder by the Book Publisher of how-to 'Hit Man' manual is blamed in 3 killings The Associated Press (Greebvelt, Md.) - James E. Perry committed muder by the book. Now the book's publisher is accused of aiding and abetting his crimes. In a case that legal scholars say could set a precedent in First Amendment law if allowed to proceed, a federal judge yesterday said he would rule in 30 days on a motion against the publisher of "Hit Man: A Technical Manual for Independent Contractors". [..] The $10, 130-page book has sold 13,000 copies since it was published in 1983 by Paladin Press of Boulder, Colo., a small company that sells mostly through mail orders from its catalog. [..] No mention of the Internet or four-horseman in the article. From gary at systemics.com Tue Jul 23 19:10:32 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 24 Jul 1996 10:10:32 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9606238381.AA838140676@smtplink.alis.ca> Message-ID: <31F512FE.61133CF4@systemics.com> jbugden at smtplink.alis.ca wrote: > > perry at piermont.com writes: > >Jefferson could have been a mass murderer for all I care. His words > >may be evaluated fully independently of his actions. They are not > >interdependent. > > Many of our current politicians would be heartened by your sentiment: > Do as I say, not as I do. > > Personally, I incline more towards the other cliche: > Actions speak louder than words. > There's a lot to be said for "do as I say, not as I do". In the words of, forgive me, J.R. "Bob" Dobbs, "I don't practice what I preach, 'cause I'm not the kind of man I'm preaching to." :-) Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From frantz at netcom.com Tue Jul 23 19:29:14 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 24 Jul 1996 10:29:14 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <199607231854.LAA28030@netcom7.netcom.com> At 3:10 PM 7/22/96 -0400, Hallam-Baker wrote: >If you apply genetic programming techniques to the system the strategy >that evolves is typically a cooperative one. The facts is that the >theory applied in an evolutionary context disproves Perry. I don't understand this conclusion. One book people aside, it is generally believed that humans evolved in an evolutionary context and they certainly frequently use cooperative strategies. Cooperation usually also involves the ability to sanction misbehavior. Unilateral disarmament is throwing away your sanction. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From frissell at panix.com Tue Jul 23 19:32:13 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 24 Jul 1996 10:32:13 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's Message-ID: <2.2.32.19960723180827.0085a950@panix.com> >At 5:14 PM -0700 7/22/96, Ernest Hua wrote: >>Or the way many blacks were lynched (physically and socially) in the South. >>Or the way many asians were segregated. Or the way many ethnic groups >>fought each other in inner cities. >> >>These are cultural relics of the good ol' days I simply can do without. Few armed blacks were lynched. Like--none. In any case, posession of machined metal is in no way comparable to lynching. Massed armed attacks on people simply because they are alleged to have possessed machined pieces of metal the size and shape of fifty-cent pieces (the reason for the BATF attack on the religious community outside of Waco) *is* comparable to lynching. DCF From maldrich at grci.com Tue Jul 23 19:50:17 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Wed, 24 Jul 1996 10:50:17 +0800 Subject: Distributed DES crack In-Reply-To: <199607230422.AAA09435@crypto.com> Message-ID: On Tue, 23 Jul 1996, Matt Blaze wrote: > > Personally, I'd rather someone finish up the Wiener ASIC to the point where > it could go out to fab, get some prototype chips made, design a board around > it, and publish the design, from board layout on down. This would be a > great Master's project, and some of us (maybe me, but I'll have to check) > might even be able to scrape up enough funds to buy enough chips/boards/etc > to build a modest size machine (say, that could exhaust a DES key in 1-6 > months). Initial engineering costs aside, the marginal cost of each > such machine could be well within the budgets of, say, a medium size crypto > research lab, and would make a scary enough demo to convince even the > most trusting management types of the risks of 56 bit keys. > alerts me to an interesting topic. Thanks.) Matt, can you give us an idea of the cost of a "modest size machine" might be? Is this something we can do with a C'punks bake sale or our we going to need corporate/academic support? Also, if we do use the bake sale approach, is there some way the money can be collected and routed into an R&D sort of facility without causing a lot of stink with whomever actually runs the place, like a university? ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From vince at offshore.com.ai Tue Jul 23 19:50:50 1996 From: vince at offshore.com.ai (Vincent Cate) Date: Wed, 24 Jul 1996 10:50:50 +0800 Subject: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court (fwd) In-Reply-To: Message-ID: My arms trafficker page has been up since April 26th. We have 838 arms traffickers and a public file with a list of 360 "known arms traffickers". It was mentioned on CNN. So far, nobody from the NSA or anywhere else has complained. I am sure if this went to court they would loose. They have to claim that clicking a mouse button on a web form so that 3 lines of text go back to where they just came from, makes someone a criminal. "May it please the court, the charge against these 838 criminal clickers is international arms-trafficking." In a country where a double murderer can walk? I am sure they realize this, which is why I feel it is safe for me to do this (also I believe that EFF etc would so love to have my case as a test case that they would pay my legal bills). -- Vince Cate http://online.offshore.com.ai/arms-trafficker/ http://online.offshore.com.ai/publicity/cnn.html From markm at voicenet.com Tue Jul 23 19:54:40 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 24 Jul 1996 10:54:40 +0800 Subject: Decrypt Unix Password File In-Reply-To: <01BB78C7.358738E0@ip73.i-manila.com.ph> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 23 Jul 1996, Jerome Tan wrote: > How can I decrypt Unix password file? You can't decrypt a password file. The password is hashed by using the password as a DES key, and encrypting a string of 8 NULs 25 times. The E-tables of the DES algorithm are permutated according to the twelve-bit salt which is encoded in the first two characters of the hashed password field. The E-tables are permutated by swapping the entries N and N+24 if the Nth bit of the salt value is 1. A salt value of 0 will result in straight DES being used 25 times. This is the only salt value that can't be used in the UNIX password file. A program like Crack will use a dictionary attack to crack a password file. It's available at ftp://ftp.funet.fi/pub/security. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfT77bZc+sv5siulAQGPpwP/R93/3Z4o14CYeYNZOBa0kK7tArcDAP12 bWG1pw0pW0FZDbWg12LOz8xZbvAiSe88sNQhuzs8b8GwS71yzhGDwCMRFGjIealE xiUch7b6qnE9w9H7gV80nxcVTS/sRzEqYxjhT8JRU9YalS5CvzVo1ciTSj28xDs7 e62HYbBpTKI= =E0Wh -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Jul 23 20:07:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 24 Jul 1996 11:07:43 +0800 Subject: Responding to Pre-daw In-Reply-To: Message-ID: <24ZiRD1w165w@bwalk.dm.com> pjn at nworks.com writes: > > Please do not respond to anything "Dr." David Sternlight posts to this > > mailing list, no matter what nonsense he says. The asshole is starved > > for attension. He's just trolling for flames. Please ignore him. Thank > > you. > > Get real... I dont like him or his posts, but he has the right to do > so, and you have no right to censor him or anyone else. If you dont > want to read his posts, then dont...Its that simple... > > For a mailing list that has so many people complaining about the > government censoring people... The asshole has the right to spam this mailing listand to troll for flames; others have the right to reply to him; I have the right to ask them not to. That's freedom. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Tue Jul 23 20:24:54 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 24 Jul 1996 11:24:54 +0800 Subject: Distributed DES crack In-Reply-To: <199607222314.TAA12858@jekyll.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996, Perry E. Metzger wrote: > Date: Mon, 22 Jul 1996 19:14:23 -0400 > From: "Perry E. Metzger" > To: Ben Holiday > Cc: cypherpunks at toad.com > Subject: Re: Distributed DES crack > > > Ben Holiday writes: > > I've a few machines around that could be dedicated almost full time to the > > task. What are the bandwidth requirements? > > Probably near zero. People can get sections of the search space > parceled out to them. > > Perry > Well... as long as someone else is writing the code... I'm up for a small section of search space. --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfUQHjAJap8fyDMVAQFFQwf7BxBxEOxHPMNOcWDeZCiThi4+iev8GjwO iQeW1diio1KdjyWyO1j/VHMkmiE3fLxOwTA+eRUJNh80+vInE4Waz8O5LlqyBvOY CylckQQl6q0ilPjJFcQSBLdChhmObqHVm60gPRaACXNyI394HIHudm1p84uyG1II hGpU5o6q7GiQmf7B9ThlwCQAW/sGYGpKmJ150WYE7lHoZutJ96TfFrOYLPoR8h3b z5qMoYLigdphOSFLDz8ewtRQO0c0oZepAJSclnFNj8nyIkHroviZ+/92kEnfRk0V 5B8SO9gwtfziletdTk7LrGAJwOIqvqi06+tXhQ/FtJohHEHC8MDo+Q== =5Ep7 -----END PGP SIGNATURE----- From frantz at netcom.com Tue Jul 23 20:28:34 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 24 Jul 1996 11:28:34 +0800 Subject: Bare fibers Message-ID: <199607231854.LAA28025@netcom7.netcom.com> At 12:30 AM 7/23/96 -0500, Douglas R. Floyd wrote: >> >> * Carbons sent to: In: jimbell at pacifier.com >> >> -=> Quoting In:jimbell at pacifier.com to Harka <=- >> >> In> The fiber is usually coated with a very thin layer of clear plastic to >> In> protect against moisture and abrasion, and the diameter is around 0.5 >> In> to 1.0 millimeters in diameter. >> >> >> Doesn't that make it vulnerable (detectable) to Tempest attacks? > >Not really sure how. I have had heard of ways to tap a fibre optic link >noninvasively, but its not related to Van Eck or anything like that. You could break the fiber and add a repeater (if you know enough about the light protocol). Plastic fiber can be cut with a pocket knife, glass requires a machine which will make a square cut and polish the end. Those machines are not yet cheap. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From alexf at iss.net Tue Jul 23 20:37:14 1996 From: alexf at iss.net (Alex F) Date: Wed, 24 Jul 1996 11:37:14 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607231826.OAA07345@phoenix.iss.net> > Sniffers aren't much effort, and if I sniff your tagged purchases and > put them out over the net anonymously, they are traced to you. Actually I was thinking more along the lines of physically stealing, but if someone sniffed an electronic transfer of a record then the laws would become even more useless as far as enforcement goes. > Probably, but the Billboard article discussed using CC numbers as an > ID in the online watermarked transactions. Doesn't mean they were > correct, of course. Considering that their sources are probably more reliable (even though less knowledgable), and considering the idiocy of such an idea, I would risk saying that they are right :) > AFAIK, most "bootlegging" is of unreleased concerts or out-takes. > Digital watermarks would be of little use. There are solutions to this that work. 1) The Greatful Dead approach - let everyone bootleg live shows. Who cares? 2) The Frank Zappa Approach - take the bootlegged copies, use better equipment, and possibly your own soundboard recordings of the same show, and put them out yourself. Since you are capable of putting out a better product sonically, then beat them at their own game ("Beat the Boots") Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From shamrock at netcom.com Tue Jul 23 21:16:43 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 24 Jul 1996 12:16:43 +0800 Subject: Netscape Message-ID: At 16:07 7/23/96, Tom Weinstein wrote: >The Deviant wrote: >> >>> You should only break rules of style if you can | Tom Weinstein >>> coherently explain what you gain by so doing. | tomw at netscape.com >> >> Style is standing up for what you beleive in. Netscape obviously has >> none, or they would be activly fighting the ITAR. > >Anyone who believes that Netscape is not actively fighting ITAR is a >fool. Amen. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From hallam at Etna.ai.mit.edu Tue Jul 23 21:23:05 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Wed, 24 Jul 1996 12:23:05 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <199607231854.LAA28030@netcom7.netcom.com> Message-ID: <9607231938.AA01857@Etna.ai.mit.edu> >I don't understand this conclusion. One book people aside, it is generally >believed that humans evolved in an evolutionary context and they certainly >frequently use cooperative strategies. Cooperation usually also involves >the ability to sanction misbehavior. Unilateral disarmament is throwing >away your sanction. That depends on the circumstances. If you are arguing the case for unilateral disarmament or unilateral reduction. In many cases there was a deliberated attempt to confuse one with the other. Unilateral reduction can be the right move to make. In the case of a minor nuclear power such as the UK unilateral disarmament may be the right move if the force is insignificant and the cost of maintaining it is more than the ecconomy can afford or if it requires compromise of foreign policy in general to keep the supplier happy. Somehow I think it should be obvious that issues such as disarmament are rather more complex than a theoretical game theory model can capture. Theory should inform understanding, uncovering cause/effect relationships. That does not mean that all such relationships can be captured. The attempt to move from game theory to nuclear disarmament policy is a tenuous enough move which works primarily because both sides are rational actors who are employing the same ideological and analytical framework to achieve a common goal (avoiding mutual anihilation). It is an even more tenuous connection to apply it to the home burglar situation. Burglars are not rational actors, and are more likely to have their behaviour determined by drugs or alcohol than analytical game theory. The facts are very clear, if you have a handgun in the house it is far more likely to kill a member of the familly than stop an intruder. The NRA know this which is why they have lobbied for the CDC to stop research in this area - they do not like the facts. As someone who qualifies to be issued with a handgun under the UK regulations I have been informed that the protection offered is marginal at best. An intruder is certain to be more prepared than the intended victim, it is extreemly unlikely that the intruder will not get the first shot in. Phill From ichudov at algebra.com Tue Jul 23 21:24:50 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 24 Jul 1996 12:24:50 +0800 Subject: Cracking DES or building a DES cracking machine? Message-ID: <199607240124.UAA12269@manifold.algebra.com> Hm, If we are talking about convincing 100,000 people to donate a lot of their CPU time, would not it be possible to convince the same 100,000 people to donate $10 each and build a $1,000,000 DES cracking machine? Then we can crack DES keys for a certain sum per key, without asking any unnecessary questions. Profits can be donated to purchasing AK-47's for poor preschool children or some similar charitable project. - Igor. From wombat at mcfeely.bsfs.org Tue Jul 23 21:30:29 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 24 Jul 1996 12:30:29 +0800 Subject: Bare fibers In-Reply-To: <199607231622.JAA04074@mail.pacifier.com> Message-ID: On Tue, 23 Jul 1996, jim bell wrote: > At 03:20 AM 7/23/96 -0400, Rabid Wombat wrote: > > > >> > >> Doesn't that make it vulnerable (detectable) to Tempest attacks? > > >No. > >Transmitting light via fiber doesn't emit EM. > >Anyway, the original post, as I recall, was about keeping sensitive data > >on a second hard drive, connected via (very thin, therefore harder to > >notice) fiber. Tempest monitoring was not a factor. > > > It occurs to me that a bare fiber could actually be (randomly) hung across > treetops, roofs, power lines, and various other structures, over a > many-block distance in suburban areas. Such a fiber wouldn't be protected > very well, but it would probably last a few months. It would also be > exceedingly hard to find its terminations, and tracing it would be a real > pain. (It probably wouldn't be visible against a bright sky more than a > meter or two away.) It also would have little structural integrity - if you attached it to trees, which sway in the wind, you'd have a broken fiber in a short time. (The fiber doesn't even need to break, per se; microscopic cracking, usually at the cladding, will ruin your fiber) (bird strikes would also be a big problem, mostly for the bird) Fiber optic cable usually has a kevlar sheath, and exterior aerial grade fiber generally has a fiberglass rod inserted between the inner sheaths and the exterior jacket. Water is also a factor - fiber buried in areas where moisture is likely to be present (almost all applications) is usually installed with a silicon gel between the interior jackets and the exterior; water otherwise adheres to the exterior of the cladding, and expands due to freezing. This causes fine fractures in the cladding, which makes it more refractive - increasing chromatic dispersion, and therefore a higher db loss on the cable. :) ob crypto/privacy: Anybody have a good idea for detecting a tap on exterior fiber? I'd expect an attacker to have to interupt connectivity, terminate both ends of a break, and insert an active device. Thoughts? > > Jim Bell > jimbell at pacifier.com > From alanh at infi.net Tue Jul 23 21:31:21 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 24 Jul 1996 12:31:21 +0800 Subject: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) In-Reply-To: Message-ID: Did Ayn Rand have any good sexual peccedillos? From aba at dcs.ex.ac.uk Tue Jul 23 21:32:28 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Wed, 24 Jul 1996 12:32:28 +0800 Subject: Ross Anderson's Eternity service In-Reply-To: <199607230313.UAA18607@jobe.shell.portal.com> Message-ID: <199607240030.BAA00531@server.test.net> Hal Finney writes: > Sherry Mayo posted here a while back a reference to Ross Anderson's > Eternity service paper, . > He is also giving an invited talk on the subject this fall at a crypto > conference in Prague. > > The goal of the Eternity service is to make published information > permanently and ineradicably available, despite efforts on the part of > powerful attackers to destroy it. The attack model explicitly > includes governments. This has obvious relevance to current > controversies involving copyright, trade secrets, etc. I too read this paper a while ago (probably after reading Sherry's post also). > It's difficult to evaluate the proposal because many of the issues > seem more legal than technical. Can a service like this, which > would seemingly exist largely to circumvent legal restrictions on > publishing, possibly be legal? Probably not. Perhaps it could be operated illegally. If it were possible to operate it illegally without getting individuals martyred. > A few questions for discussion: > > - Would it be possible in practice to run a network like this? Technically, I don't see why not. Legally and politically much more tricky. Continuing with the theme above of operating the system illegally, another approach might be to use disposable accounts as nodes, with anonymously opened accounts. If legal pressure got to the stage that countries outlawed anonymous accounts, perhaps cracked accounts bought from crackers could be used to run transient nodes in the Eternity service. A useful ethical role for system crackers even. Or alternatively perhaps there are enough countries around that Anderson's suggested use of many jurisdictions (particularly those with low regard for copyright would be good candidates) would be possible. These countries could lead the role in supplying the service for the unenlightened powers in other countries. I have a vague memory of hearing that there is at least one country which has no copyrights on software for individuals, but does for commercial use. Perhaps the service could survive on this model for a while before the US/NATO/OECD felt obligated to act as world police man and offer to nuke the countries, or cut off all trade or something. > - Would there be much interest in it among users? You bet! It would be a most excellent source for a number of groups: - cypherpunks, users of crypto software for ITAR restricted material - Scientologist detractors could publish their views anonymously without fear of reprisals, remove problems of censorship in general - People who use copyright software without buying it: copyright software could be distributed with impunity, for free - Anyone with an interest in obtaining a permanent URL for themselves could purchase 50 years worth of exposure for 1Mb (Anderson proposes selling space with ecash per Mb year). > - Would it be a net benefit to society for such a service to exist? Depends on your views of the benefits to society as a whole of copyright, patents and so on. Granted many have commercial interests in seeing these systems continue. Some people on this list seem to be of the opinion that patents, and product copyright are becoming an obsolete system with near free copying. (These people make analogies with the advent of the printing presses, the loss of power of guilds, and so on). I'm not sure it need destroy civilization as we know it if some of these changes did take place... many people would benefit from access to a wider range of software and ideas. There is the argument that perhaps people won't bother to write software if they can't sell it. I think that vendors would -cope- if software copyright were hypothetically to be disabled in one swoop as a fait-acompli, they would structure their charges differently: charge less perhaps, include printed manuals (photocopying often costs more than the book), include tech support contracts, and so on. I'm sure it's widely acknowledged that only a modest percentage of software is actually bought anyway (if we were to take a brief survey (anonymous of course) of the percentage of non-paid for software on their hard-drives, a fair amount of non-copyright compliance by individuals would be demonstrated). Adam -- #!/bin/perl -sp0777i Part I I thought I'd write a brief piece on a very interesting angle on "rights," especially given the discussion recently about rights of privacy, children's rights, parent's rights, the role of schools, gun rights, and so on. This also shows the role of game theory, imperfect as it is. (I mention "imperfect" because some have mentioned that game theory does not explain things perfectly...of course not.) Here's a simple example of what a Schelling point is: Alice and Bob decide to meet on Friday in the Washington, D.C. area. They forget to say when and where. Is it hopeless? Can they find each other? Given the millions of places they could be, and the hundreds or more of time-slices to consider, e.g. "10:23 a.m., 345 Crestwood Drive, Arlington," how could they ever meet? Well, there are certain "mutually more probable" times and locations. Absent any time specification, "noon" is what each will expect the other to also think of. (Followed perhaps by 6 p.m., and other on-the-hour times.) And absent any location specification, there's a short list of likely places: NSA headquarters (after all, Alice and Bob are well-known there), in front of the White House, at the base of the Washington Monument, at the entrance to the Air and Space Museum, on the steps of the Supreme Court, etc. I'd say they have about a 10% chance of finding each other, absent any prearrangement. (In smaller cities, the probabilities are even higher, as the central plaza is a major Schelling point for such encounters.) The game theorist Richard Schelling developed this notion, circa about 1960. There are analyses based on "algorithmic information theory," a la Chaitin and Kolmogorov, which I find appealing, to wit: a Schelling point has a shorter "description" in terms of mutually-known building blocks than non-Schelling points. Thus, "noon in front of the White House" has a shorter description, or is more "compressible," than is "10:23 a.m., 345 Crestwood Drive, Arlington." (Don't think in terms of just ASCII characters, but in terms of readily recallable building blocks.) How does this relate to rights? This is more controversial, and less-developed. David Friedman gave me a paper he's done on this..."Schelling points" are a Schelling point between us, as it were. Part II will get into this briefly. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pjn at nworks.com Tue Jul 23 22:09:26 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Wed, 24 Jul 1996 13:09:26 +0800 Subject: Brute-forcing DES Message-ID: > Any one up for a distributed brute force attack on single DES? My > back-of-the-envelope calculations and guesstimates put this on the > hairy edge of doability (the critical factor is how many machines can > be recruited - a non-trivial cash prize would help). >> Count me in. I've got a couple of net-connected Pentiums that are >> mostly idle. Although I dont have a pentium, I would be glad to put forth some computer power to help. >> Might be able to bring some money in by selling "I Helped Crack DES >> And All I Got Was This Lousy T-shirt" T-shirts. Id buy one! :) P.J. pjn at nworks.com ... I helped crack DES and all I got was this lousy Tagline. ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Tue Jul 23 22:14:53 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Wed, 24 Jul 1996 13:14:53 +0800 Subject: Question Message-ID: OK...A question for you all: If it is illegal (by our governments standards...) to export programs like PGP, etc., and you can send the whole source code in a message because that is also considered illegal, then could you send the code, broken up into many pieces, and send THAT in Email, would that be illegal? (Wow...All in one sentence... :) P.J. pjn at nworks.com ... I am Jesus of Borg. Blessed are they who are assimilated. ___ Blue Wave/QWK v2.20 [NR] From roger at coelacanth.com Tue Jul 23 22:22:36 1996 From: roger at coelacanth.com (Roger Williams) Date: Wed, 24 Jul 1996 13:22:36 +0800 Subject: Distributed DES crack In-Reply-To: <199607231430.KAA14775@crypto.com> Message-ID: >>>>> Matt Blaze writes: > [FPGA-based machine that can do a single DES key every four months] > ... I expect to build such a prototype > machine myself, and, if it works as I expect, maybe the whole > thing. Matt, I don't know exactly what resources you've got at your disposal these days, but we'd be interested in volunteering some time and effort on this. We can help out with things like interface design, device simulation, board layout, fab, and assembly. (Unless you want to make the whole thing a one-man thesis project, of course ;-) -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From roy at sendai.scytale.com Tue Jul 23 22:29:48 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Wed, 24 Jul 1996 13:29:48 +0800 Subject: Anonymous web servers In-Reply-To: <199607230317.UAA18923@jobe.shell.portal.com> Message-ID: <960723.182444.5Y6.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, hfinney at shell.portal.com writes about anonymous web pages: > In some ways the role of the "meeting place" software is similar to an > IRC server. In fact, this concept could be thought of as HTTP over > IRC. > > The big question mark is whether the meeting place would be blamed for > the possibly illicit transactions it facilitates. I see a big parallel to the remailers. Both are simply conduits. Remailers have already been attacked for the content they've passed. HTTP meeting places will surely catch the same kind of heat. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfVgIhvikii9febJAQGH+AP9E9XPMr2XMCYk9wDoYo/4gF4roJ15RyDO UHQupCaI2+OopQd2utKw4s71DbmRYXkuhQflFjQdZoSaFOaG1xDfI2mwCJjb7TpV xwJ9OFdAkOD3glgwnNX+xeUjTSzzViDefXR/ykm2eXxXCSfvcbhWZdncemQlDLv+ pKO2aEoOFpw= =kwZV -----END PGP SIGNATURE----- From rich at c2.org Tue Jul 23 22:30:50 1996 From: rich at c2.org (Rich Graves) Date: Wed, 24 Jul 1996 13:30:50 +0800 Subject: M$NBC covers "Fear of a Hack Planet" and "Hate Goes Online" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At the risk of giving M$NBC more attention than it deserves... BillG's latest misadventure editorializes on free/hate speech tonight at 7 and 10pm. Current and past fluffage at http://www.thesite.com/cgi/worl.cgi There's also a blank message area for "Would you bank through your computer? Do you think the technology is secure enough?" but no story. Maybe that's tomorrow. - -rich http://www.c2.org/~rich/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfUvjpNcNyVVy0jxAQF9pgH/cYKc2FlkNt9xD1MFXHnMg9tshZsVqKjW O7ZYEyDOxutgBTgNoDkW2VA1FqkKioqxDGjurvUJmuvRGBu3E2GOfA== =bFqb -----END PGP SIGNATURE----- From nobody at vegas.gateway.com Tue Jul 23 23:19:58 1996 From: nobody at vegas.gateway.com (Anonymous Remail Service) Date: Wed, 24 Jul 1996 14:19:58 +0800 Subject: Netscape Message-ID: <199607240213.WAA01656@black-ice.gateway.com> david at sternlight.com wrote: >At 5:09 PM -0700 7/22/96, Ted Anderson wrote: >>shamrock at netcom.com (Lucky Green) writes: >>> At 15:27 7/20/96, Tom Weinstein wrote: >>> >Why not consider what the consequences will be? Do you seriously >>> >believe that this will make the government stop enforcing ITAR? Do you >>> >believe it will make them change the law? No. What it will do is make >>> >them remove our permission to distribute this stuff. >>> >>> I doubt that. PGP has been distributed for years with less safeguards >>> than Netscape. It is available on more free-world sites than Netscape >>> US. This did not prompt the powers that be to force MIT to take down >>> their site. >>> ... >> >>I must agree with Lucky. I am quite sure that even if Netscape was not >>begin distributed over the net, copies would still be uploaded to >>international sites by folks practicing Civil disobedience. > >To call simple lawbreaking by cowards working in secret "civil >disobedience" is to defame the name of Gandhi, King, and all the legitimate >protesters of modern history. Civil disobedience must be seen publicly, and >must be done by observable individuals. Masked men throwing stink bombs is >not civil disobedience--it's hooliganism. As I have said before, European & other foreign users, who get the strong- crypto version should pay Netscape what they owe Netscape, to keep the ITAR as the issue, and not piracy. These are two separate issues, and if necessary the foreign users can mail anonymous cash [the paper kind] to assuage their consciences. Not all will do this, of course, but that's another example of ITAR losing US companies $ again. Lucky is, as usual right. There is a double standard for PGPdistribution vs other strong crypto distribution, and Tim is also right that this GAK-loving info-disclosure requirement sets a *really* lousy precedent for later software distributions. Pelease deal with issues separately. me From stewarts at ix.netcom.com Tue Jul 23 23:24:37 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 24 Jul 1996 14:24:37 +0800 Subject: No Subject Message-ID: <199607240318.UAA08747@toad.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks From: Bill Stewart Date: 7/23/96 Tim wrote: >| More realistically, 1000+ list members x 10% who make plans to >| contribute x half of these who actually follow through x $10 = $500. >| (If that....) >| Prizes have their place, but are hard to set up properly. All right, $100 to the winner, by the end of 1996, for a reasonably-convincingly-non-rigged public crack of DES, whether it's from a net-run or screen-saver effort, a DES cracker using fancy special equipment, supercomputers, microcomputers, DES chips, or Gate Array chips. $100 extra bonus if the winner is from the NSA or FBI (Black-bag jobs, rubber-hose cryptanalysis, and subpoenas all count as rigged - sorry :-) At 08:46 AM 7/23/96 -0500, Adam Shostack wrote: > A better way to set up a prize is to find a few big companies >willing to sponsor such a demonstration. AT&T, Nortel, RSA, Netscape, >Microsoft, Qualcomm, and many other companies have an interest in >seeing stronger than DES crypto exportable. Perhaps one of them could >set up a prize, similar to netscape's Bugs Bounty, or the RSA-129 >challenge. Perhaps cracking 56-bit DES would count as a new bug for Netscape's existing Bugs Bounty? Bill Stewart -----BEGIN PGP SIGNATURE----- Version: 2.7.1 Comment: PGP available outside U.S.A. at ftp.ox.ac.uk iQBVAwUBMfWVOPthU5e7emAFAQG99QIAlKIBWs8ynr00uincnNBCymdz2E8CrlL3 MhCndNxOgpFIkjvJSdHNT+4alt2hsgU3fMlK8xWOK56R8WxdkTZvMw== =GesG -----END PGP SIGNATURE----- From a-billol at microsoft.com Tue Jul 23 23:25:16 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Wed, 24 Jul 1996 14:25:16 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's Message-ID: Perry E. Metzger writes: > > >"Bill Olson (EDP)" writes: >> I don't care if it takes my son 6 years to get through 2 grade levels, >> anyone who allows there kid to pack a gun (or a rifle?) should get their >> head examined > >Why? What, objectively, is wrong with allowing, say, a twelve year old >to go plinking with a .22? Lets not hear vitriol -- lets just hear >cold hard reasons not to allow it. > >Myself, I'd say that it appears that there is no good objective >reason. > >Perry I find nothing wrong with plinking. Hell, I'm from Montana--we used to go shooting all the time. But when the shooting was done, the guns were put away. What I find disturbing is that a child is taking it to school, or just carrying it around. I say that any parent who thinks their child is mature enough to carry a gun for non-recreational reasons is less mature than the child. In fact, I'd go so far as to say they are a danger to their own children. I guess I don't really have to worry too much, though. It is illegal for children to possess such items publicly, and any parent who condones it is simply breaking the law. I don't blame the child, I blame the moronic parent who let's it happen. From markm at voicenet.com Tue Jul 23 23:27:00 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 24 Jul 1996 14:27:00 +0800 Subject: DES-Busting Screen Savers? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 24 Jul 1996, Timothy C. May wrote: > BTW, sitting in my hot tub last night I quickly reconstructed the math for > the "random" keyspace inefficiency: > > -- Imagine that N users are "randomly" picking chunks of keyspace to > search. That is, they are not coordinating with others to avoid > duplication. > > -- By the time the total amount of computons expended has equalled the > amount that would have been expended in a "no duplications" allocated > search, the Poisson probability distribution says that 1/e = 36.8% of the > keyspace will not have been searched; the rest of the probabilty lies in > keyspace searched once, twice, three times, etc. > > -- Thus, the calculation will have to go 2-4 times longer to give a high > (>95%) chance that the answer is found. For example, at 3 times the > "efficient" search time, there is only a 1/e^3 = 5% chance that nobody has > found the answer > > The probabalistic assignment is less efficient, obviously, but has the > advantage of not requiring a registry of keyspace allocations. Further, > "denial of service" attacks (lying about having searched a chunk, or > incorrectly searching or reporting) are not a problem. Interesting. I think the most efficient way to search the keyspace would be combine both methods of distributed cracking. Each person would choose a chunk of keyspace and brute-force all the keys within that space. Then, the user would send a PGP-signed message to some centralized database that says what keyspace was brute-forced. The UserID and fingerprint of each user would be made available along with the keyspace each user claims to have searched. This way, reputations could be used to establish which keyspaces should be double-checked and which ones shouldn't. This would allow for more "weighted" probabalistic assignment. The number of computons that would be used to crack the keyspace would be somewhere in between centralized and probabalistic assignment. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfWN6rZc+sv5siulAQHTfgQAkiopcwtuufvNOnit7peOj4PS33M+T68W VQcaeW2drqlTHXBlfLEn3uAw4syWA/XkPUQhA1l46KiCnPzXa2xIFub+Uk/dRVDO j5YRvRmrJ2Ly+BZQOvHug3pMtCtoY3QhJKIWSqGFoZj6SYL8Bgc0STBmzeKdC77O sdyDZvh5Znk= =Kx49 -----END PGP SIGNATURE----- From tcmay at got.net Tue Jul 23 23:38:45 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 24 Jul 1996 14:38:45 +0800 Subject: Bare fibers Message-ID: At 6:56 PM 7/23/96, Bill Frantz wrote: >At 12:30 AM 7/23/96 -0500, Douglas R. Floyd wrote: >>Not really sure how. I have had heard of ways to tap a fibre optic link >>noninvasively, but its not related to Van Eck or anything like that. > >You could break the fiber and add a repeater (if you know enough about the >light protocol). Plastic fiber can be cut with a pocket knife, glass >requires a machine which will make a square cut and polish the end. Those >machines are not yet cheap. Fibers can be tapped noninvasively, and without cutting them, by placing detectors in direct proximity to the fiber. That is, touching the glass or plastic. For fibers relying on total internal reflection at the fiber boundary, the waves actually partly exist beyond the boundary (with an imaginary component). Another fiber or a detector placed near this boundary can make this imaginary component become "real," and hence detect the wave. This is "tunneling," of course. (A simple demonstration is done with a glass prism reflector, a reflector relying on total internal reflection. If a symmetrical prism is placed up against the first prism, the "total reflector" ceases to be.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Tue Jul 23 23:44:26 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 24 Jul 1996 14:44:26 +0800 Subject: DES-busting Javanese pagers and TVs Message-ID: <199607240039.UAA27954@unix.asb.com> On 23 Jul 96 at 15:53, Timothy C. May wrote: [..] > A while back I proposed one approach: a brute force "screen saver" for > Windows machines. Other platforms, maybe, but the most cost-effective thing > to do is to go after the Windows market only. How about applets for java-aware pagers or tv-sets that will supposedly show up in the near future? When a crack is found, you can call a toll-free number, give them the code, and win a prize (ala Chinese-lottery). Would it be better to have them all try random keys rather than use assigned keyspaces? Can't keysearches be shorted by half (not that it's that significant, 2^55 rather than 2^56) using complement keys? First thing one should check are the weak and semi-weak keys (a good implementation will avoid them, but that doesn't mean one shouldn't check for them). [..] > Acquiring chunks of keyspace remains an issue, but I think we resolved a > while back that a probabalistic method works OK: people just pick chunks at > random, and the decreased efficiency as compared to perfect scheduling is > something like a factor of a couple (I have the numbers I calculated > somewhere, and I recall Hal Finney made the same estimate). > > Some means of communicating results--especially wins!--is still needed. > This is where Perry's idea of a Java program is a good one. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From somser at besos.hnet.es Tue Jul 23 23:48:02 1996 From: somser at besos.hnet.es (SOMSER BBS) Date: Wed, 24 Jul 1996 14:48:02 +0800 Subject: new bbs Message-ID: <1.5.4.32.19960723143827.0070838c@hnet.es> You are going to receive a week to all our areas for free. You will have access to all the files of our BBS (Except Adult) for one hour each day. Your week will expire on 30-7-96 ID 25324 PASSWORD 19062 Le hemos obsequiado con una semana gratuita a nuestro bbs Podra acceder a todas las areas excepto a las de adultos La semana gratis termina el 30-7-96 NOMBRE 25324 CLAVE 19062 WEB (SOMSER BBS) This BBS is being operated in Spain and its address is http://www.somser.hnet.es (194.177.1.171) We are now in a test period and operational every day from 20:00 to 05:00 GMT and from 10:00 to 13:00 GMT. 20.000 files. 10 GB on disk. No CDROM 50 news files per day plus 200 areas. Welcome! Be our guest! ====================== We would be thankful if you send your opinion and your comments to the sysop in order so the BBS can be improved. If you desire a utility or program that you don't find leave a message to the sysop and we will attempt to get it. Hundreds of stages for DOOM, HERETIC, DESCENT, SIMCITY, SIMTOWER, WARCARFT, etc. WEB (SOMSER BBS) Nuevo BBS que es un BBS, el primero que existe en Espa�a La direcci�n es: http://www.somser.hnet.es (194.177.1.171) Estamos en periodo de pruebas y est� en funcionamiento desde las 22:00 a las 8:00 y desde las 12:00 a las 15.00 GMT Tenemos m�s de 20.000 en disco. 10GB sin CDROM 50 ficheros nuevos cada d�a. M�s de 200 areas diferentes. Estais invitados, esperamos vuestra conexion. Agradeceria que dejaran su opinion y sus comentarios al sysop para poderlo mejorar. Si desea una utilidad o programa que no encuentra deje un mensaje al sysop e intentaremos conseguirla Cientos de escenarios para los juegos del DOOM, HERETIC, DESCENT, WARCARFT, SIMCITY, ETC. HERETIC, DESCENT, WARCARFT, SIMCITY, ETC. From reinhold at world.std.com Wed Jul 24 00:36:50 1996 From: reinhold at world.std.com (Arnold G. Reinhold) Date: Wed, 24 Jul 1996 15:36:50 +0800 Subject: passphrase and Diceware [was Re: Length of passphrase beneficial?] Message-ID: >The author of the Diceware system is Arnold G. Reinhold and can be contacted to reinhold at world.std.com >He has three pages: The Diceware Passphrase home page (html), The Diceware >WordList (ascii) and a text with the technical rationales behind the list >(ascii) >I don't remember the URL, sorry >Greeting, >Jean-Paul > >~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- >Jean-Paul et Micheline Kroepfli >eMail: JeanPaul.Kroepfli at utopia.fnet.fr The Diceware Passphrase home page: http://world.std.com/~reinhold/diceware.page.html The Diceware WordList: http://world.std.com/~reinhold/diceware.wordlist.asc Technical rationales behind the list: http://world.std.com/~reinhold/diceware.txt Other stuff that may be of interest, including a survey on PGP passphrase usage and a rant on why p=?np has nothing to do with crypto: http://world.std.com/~reinhold/papers.html Regards, Arnold G. Reinhold reinhold at world.std.com From dlv at bwalk.dm.com Wed Jul 24 00:39:48 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 24 Jul 1996 15:39:48 +0800 Subject: Cracking DES or building a DES cracking machine? In-Reply-To: <199607240124.UAA12269@manifold.algebra.com> Message-ID: <2PyJRD13w165w@bwalk.dm.com> > If we are talking about convincing 100,000 people to donate a lot > of their CPU time, would not it be possible to convince the same > 100,000 people to donate $10 each and build a $1,000,000 DES cracking > machine? Or enough magnetic tape or CD-R to pre-compute a lookup table, accessible via the Internet? Hmm, taking one byte and running it through 2^40 keys will produce exactly 1024GB values. Mag tape is dollars / megabyte: it seems possible to take a known clear text (like "cypherpunks") and compute a lookup table that would take a look at the encryption and list the key(s) that match. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Wed Jul 24 00:43:16 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 24 Jul 1996 15:43:16 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's Message-ID: At 7:54 PM 7/23/96, Bill Olson (EDP) wrote: >I find nothing wrong with plinking. Hell, I'm from Montana--we used to >go shooting all the time. But when the shooting was done, the guns were >put away. What I find disturbing is that a child is taking it to school, >or just carrying it around. I say that any parent who thinks their child >is mature enough to carry a gun for non-recreational reasons is less >mature than the child. In fact, I'd go so far as to say they are a >danger to their own children. > >I guess I don't really have to worry too much, though. It is illegal for >children to possess such items publicly, and any parent who condones it >is simply breaking the law. I don't blame the child, I blame the moronic >parent who let's it happen. I'm _still_ missing the reference here? Just who *seriously* is proposing that 6-year-old children carry guns to school? (I emphasize "seriously* because there is a big difference between seriously proposing this and obviously making a joke, a la "I say we issue them guns after a basic safety class in Kindergarten." And I think someone's (maybe Brad Dolan's, if I remember correctly) point that his daughter carries a gun at school was followed immediately by mention that she is home-schooled, i.e., at his home.) I can imagine certain circumstances in which children could be armed--attacking terrorists on a ranch, Indians, etc.--but no public school in the United States, and probably not any private schools (K-12), allow loaded guns to be carried to schools. I'd love to see this "stupid gun thread" (to use Ernest Hua's term) die, but it keeps living on because some here are mischaracterizing the claims of others. Look, handing out guns to kids playing cops and robbers at age 6 or 8 or even 10 is probably a bad idea, but training kids at even a very young age to respect guns and to understand their dangers and limitations--and their advantages--is proably a good idea. In any case, the hoplophobia of some parents is not adequate reason to stop other parents from training their children under carefully controlled conditions. Getting a carry permit is not easy in any state in the U.S., so the fears that 6-year-olds are openly carrying guns to public schools is unfounded. (Young kids carrying guns to schools _secretly_ is of course a problem. Many of them carry crude guns out of fear that other kids are carrying guns. The proper solution for a kid committing a serious crime with a gun is to severely punish the child--I see no reason why a 14-year-old who murders someone should not get the brand of justice I favor, namely, a fair trial, no appeal except on substantive grounds, and a quick execution if determined to be guilty of first degree murder.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mpd at netcom.com Wed Jul 24 00:47:41 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 24 Jul 1996 15:47:41 +0800 Subject: DES-Busting Screen Savers? In-Reply-To: Message-ID: <199607232002.NAA21336@netcom14.netcom.com> tcmay at got.net (Timothy C. May) writes: > -- Thus, the calculation will have to go 2-4 times longer > to give a high (>95%) chance that the answer is found. For > example, at 3 times the "efficient" search time, there is > only a 1/e^3 = 5% chance that nobody has found the answer > The probabalistic assignment is less efficient, obviously, > but has the advantage of not requiring a registry of > keyspace allocations. Further, "denial of service" attacks > (lying about having searched a chunk, or incorrectly > searching or reporting) are not a problem. This is definitely the way to go when trying to break a block cipher on the Net. Partitioning out sieving works well for distributed factoring only because verfying the submitted relations requires a trivial amount of computer time compared that expended in locating them. There is no way for a central server to verify a claim that a chunk of DES keyspace has been thoroughly searched without a key being found, and it only takes one bozo or saboteur to spoil the effort. At triple the non-overlapping search time, we get about a 5% chance of failure. At quadruple, this falls to slightly less than 2%. Close enough for government work. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From alanh at infi.net Wed Jul 24 00:57:07 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 24 Jul 1996 15:57:07 +0800 Subject: Digital Watermarks for copy protection in recent Billbo In-Reply-To: <199607232200.PAA25339@mail.pacifier.com> Message-ID: > However, what is somewhat less > well-known is the fact that in order to keep higher frequencies from being > "aliased" (reflected to lower frequencies by heterodyne processes) it is > necessary to remove (by filtering) any frequency content above that maximum, > before sampling is done. Well, fudge sticks. That sounds like this thing called an "image" in heterodyne analog RF receivers. I know how those work. What is the physical basis for "aliasing" as you describe, in the sampling theater of operations? From jimbell at pacifier.com Wed Jul 24 01:02:05 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 24 Jul 1996 16:02:05 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607240531.WAA21163@mail.pacifier.com> At 08:08 PM 7/23/96 -0400, Alan Horowitz wrote: >> However, what is somewhat less >> well-known is the fact that in order to keep higher frequencies from being >> "aliased" (reflected to lower frequencies by heterodyne processes) it is >> necessary to remove (by filtering) any frequency content above that maximum, >> before sampling is done. > > Well, fudge sticks. That sounds like this thing called an "image" in >heterodyne analog RF receivers. I know how those work. Sampling produces essentially the same effect. >What is the physical basis for "aliasing" as you describe, in the >sampling theater of operations? Sampling a signal of frequency f1 at a rate of f2 produces two mixes, f1+f2 and f1-f2. The sum is sufficiently high that it isn't a concern, the difference could be. If you have an input containing frequencies up to 25 Khz, and you sample it at a rate of 40 kilosamples per second, the input frequency of 25 kilohertz gets mirrored down to 15 kilohertz, which is far lower than its original frequency. This is a problem! Some of the early voice-scramblers used this effect, heterodyning the audio band with a higher-frequency signal and reversing it, changing higher frequencies to lower and vice versa. Not particularly "secure" by today's standards, but it probably kept a few people from understanding what's going on. I've heard, however, that with practice you could learn to understand such frequency-inverted speech, as odd as it sounds. Jim Bell jimbell at pacifier.com From stewarts at ix.netcom.com Wed Jul 24 01:12:03 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 24 Jul 1996 16:12:03 +0800 Subject: Decrypt Unix Password File Message-ID: <199607240324.UAA08871@toad.com> At 06:46 PM 7/23/96 +0800, Jerome wrote: >How can I decrypt Unix password file? Get the source for a a Unix-compatible password encryptor, reverse it to make it a decryption program, take the line for a user from the password file, decode it from printable-ASCII format to the binary value, and enter the user's password. If you've written your programs correctly, you'll get the original secret value*. If this secret value is less than exciting to you (:-), try lots of things that might be the user's password, and one of them will work. Exercises for the reader: 0) What's a "shadow password file"? Does it affect the methods described above? 1) Since you know the secret value, you could try using your existing Unix password software and seeing if you get the correct encrypted value when you put in the correct password. 1A) Does this suggest some more useable algorithms? 1B) What does the Unix manual page for crypt(3) say about it? 1C) Can you implement a program that does this successfully? 1D) How many tries do you think it will take? 1E) Does anybody on your system use wimpy passwords? 2) Are there any books or papers describing how the Unix Password System works that would help you understand? 2A) Where would you look for them? 2B) Are they on the Web? How would you find out? 2C) Which of the following famous authors of Unix wrote important papers about the topic: Dennis Ritchie? Ken Thompson? Brian Kernighan? Rob Pike? Fred Grampp? Bob Morris Sr.? Jr.? The Brahms Gang? Bill Joy? Matt Crawford? How would you find out? Did they write anything else interesting? 3) Has anyone else implemented any Unix password cracking programs? What countries with very cold weather would have them on popular ftp sites? Are they more effective than your implementation in 1C)? Why? 4) If you're trying to crack passwords on a System V Unix system, why should you always try to crack root's password? [* hex 0000000000000000, I think. ] In a later message, Jerome Tan also wrote: > What is the code of password file of Unix? I have them but don't > know how read them. Any file converter or viewer for that? A) The code is "RTFM" B) The code is "Ask the user" # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From bal at freeside.cs.colorado.edu Wed Jul 24 01:22:50 1996 From: bal at freeside.cs.colorado.edu (Brian A. LaMacchia) Date: Wed, 24 Jul 1996 16:22:50 +0800 Subject: Digital Watermarks (long, getting off-topic) In-Reply-To: <199607231818.OAA07217@phoenix.iss.net> Message-ID: <199607240547.XAA27144@freeside.cs.colorado.edu> From: "Alex F" Organization: Internet Security Systems, Inc. Date: Tue, 23 Jul 1996 14:19:08 +0000 Precedence: bulk > - The entertainment industry has a reputation of being paranoid The forgers of the copyright laws (at least as they relate to music) had incredible foresight. Basically, from the laws that were originally drafted (30's maybe? Then revised in the early '70's at least as far as public domain goes) both videos and CDs are protected. These were written when there were no CDs or videos. Uh, this isn't true. The Copyright Act of 1909, the immediate predecessor to the Copyright Act of 1976/1978 (*), did not explicitly cover sound recordings. *Sheet music* was protected by copyright, but it was an open question whether sound recordings were protected. In fact, the recording industry was sufficiently unsure of the outcome of a copyright challenge that they never let the issue go to court. It wasn't until the '76 Act that sound recordings were explicitly added to the set of copyrightable works of authorship. As for video and other digital media, it also wasn't until the '76 Act that the "perceivable to the naked eye" test was modified to allow aid via machine. The '76 Act was a complete rewrite of copyright law; it did a lot more than change things with respect to "public domain," although writing into law the "fair use" test developed by the courts since the '09 Act was certainly part of it. --bal (*) It's call the Copyright Act of "1976" because (IIRC) it passed Congress in '76. But it didn't go into effect until Jan. 1, 1978. Copyright law did not change between the '09 and '76 Acts. (Work on the '76 Act actually began in the 50s; it took Congress over 20 years to figure out what it wanted to do. Contrast that with today, where we've had more changes in copyright law since 1976 than in the prior 200 years.) From a-billol at microsoft.com Wed Jul 24 01:23:32 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Wed, 24 Jul 1996 16:23:32 +0800 Subject: SHI_fty Message-ID: Vinnie Moscaritolo writes: >>>Uh I think apple had that for a while, it's called cyberdog >>>http://cyberdog.apple.com screw this ole fud. >> >>Very true. But once again, it is not the technology that molds the >>world, but the exploitation thereof. Welcome to capitalism. >>> > >so shit floats...whats your point? Let me spell it out for you: M-O-N-E-Y. Shit floats. Apple doesn't... don't kill the messenger. From ichudov at algebra.com Wed Jul 24 01:33:27 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 24 Jul 1996 16:33:27 +0800 Subject: Netscape In-Reply-To: <199607240213.WAA01656@black-ice.gateway.com> Message-ID: <199607240451.XAA14580@manifold.algebra.com> Anonymous Remail Service wrote: > david at sternlight.com wrote: > >To call simple lawbreaking by cowards working in secret "civil ... snip ... > As I have said before, ... snip ... > me > Ha, ha, ha! A typical cypherpunk: takes the pledge not to followup to St*rnl*ght, and then follows up anonymously. - Igor. From realtime at slack.net Wed Jul 24 02:09:48 1996 From: realtime at slack.net (Mark Evenson) Date: Wed, 24 Jul 1996 17:09:48 +0800 Subject: DES-Busting Screen Savers? In-Reply-To: Message-ID: <31F5637D.5E8BEEEC@slack.net> I have often thought that in spite of the raw numbers of commercial Windows platform, the freely redistributable distributed computation harnesses often end up doing much "more" of the computation. If this is the case, it would seem that some sort of Java VM system--such as that which exists in all Netscape 3.0 with JRI--would be the more natural "target" for development efforts. The recent licensing agreements from JavaSoft for JDK source make me nervous about the use of Java though. Can anybody point to a source which details Hardware/Software combinations used in distributed cracks? Maybe I can put some numbers together. -- "A screaming comes across the sky. It has happened before, but there is nothing to compare it to now." From grafolog at netcom.com Wed Jul 24 02:16:33 1996 From: grafolog at netcom.com (Jonathon Blake) Date: Wed, 24 Jul 1996 17:16:33 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: Message-ID: Tim: On Wed, 24 Jul 1996, Timothy C. May wrote: > I'm _still_ missing the reference here? Just who *seriously* is proposing > that 6-year-old children carry guns to school? It was a misquote of mine. I said "I'd feel safer in a society where 6 year olds carried Uzi's." xan jonathon grafolog at netcom.com From crypto at nas.edu Wed Jul 24 02:17:20 1996 From: crypto at nas.edu (CRYPTO) Date: Wed, 24 Jul 1996 17:17:20 +0800 Subject: Public briefing on NRC Cryptography Policy Report in... Message-ID: <9606238381.AA838173319@nas.edu> Subject: Public briefing on NRC Cryptography Policy Report in Boston, August 7 Please post widely.... Cryptography's Role in Securing the Information Society A Public Briefing in Boston, Massachusetts Wednesday, August 7, 1996, 10:00 am to noon There will be a public briefing Boston, Massachusetts by the National Research Council on the report. The briefing will be held at the Gardener Auditorium in the State House in Boston on Wednesday, August 7, from 10:00 AM to 12:00 noon. Check http://www.tiac.net/biz/bcslegal for current information. Authoring committee member Elliot M. Stone will be among the presenters at the Boston briefing. Dr. Herbert Lin, study director and senior staff officer of CSTB, will be present. The Boston Computer Society Legal Group, the Boston Bar Association and the Information Technology Division of the Commonwealth of Massachusetts are co-hosts for this event. Questions from the audience will be entertained, and a limited number of pre-publication copies of the report will be available at that time. For further information, please contact Dan Greenwood at (617) 973-0071 or DGreenwood @ state.ma.us. The event is open to the press and the public. If you have suggestions about other places that the committee should offer a public briefing, please send e-mail to crypto at nas.edu. From a-billol at microsoft.com Wed Jul 24 02:30:19 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Wed, 24 Jul 1996 17:30:19 +0800 Subject: No more stupid gun thread ... Message-ID: Ernest Hua writes: > >Ok. This thread has gone on long enough and covered just about every >point except the one which I originally made in my first response, >which is that I abhor the idea that kids should carry weapons (of any >sort) to school as standard equipment. In fact, I abhor the idea >that kids should carry weapons at school for any reason. > >Enough said. > >I do not care to discuss: > >1. Should kids have any weapons at any time? > >2. Should kids have guns (specifically guns)? > >3. Should kids know how to operate weapons of any sort? > >If any of you really really have to discuss this issue, let's spare >the rest of the list and send me E-Mail directly. > >Thanks! > >Ern Who died and left you in charge? From deviant at pooh-corner.com Wed Jul 24 02:30:40 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 24 Jul 1996 17:30:40 +0800 Subject: Netscape In-Reply-To: <31F3E441.446B@netscape.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996, Tom Weinstein wrote: > Date: Mon, 22 Jul 1996 13:27:45 -0700 > From: Tom Weinstein > To: Lucky Green > Cc: cypherpunks at toad.com > Subject: Re: Netscape > > Lucky Green wrote: > > At 15:27 7/20/96, Tom Weinstein wrote: > > > >> Why not consider what the consequences will be? Do you seriously > >> believe that this will make the government stop enforcing ITAR? Do > >> you believe it will make them change the law? No. What it will do > >> is make them remove our permission to distribute this stuff. > > > > I doubt that. PGP has been distributed for years with less safeguards > > than Netscape. It is available on more free-world sites than Netscape > > US. This did not prompt the powers that be to force MIT to take down > > their site. The feds know that it is impossible to prevent software > > that is available on the net from being exported. Why would they > > harass Netscape once the inevitable happens? > > Well, for starters, the genius who put it out there put out a beta, > which has an expiration date, instead of waiting for the final release. > Secondly, millions of people don't use PGP. Hrmm.. a few glimpses at a hex->machine code chart and a simple hex editor should get past _that_ now shouldn't it? > > Also, notice the simple verification system MIT was allowed to use, and > the complex one we're required to use. > I'm curious, exactly whop is it that _required_ you to use that system.? > -- > You should only break rules of style if you can | Tom Weinstein > coherently explain what you gain by so doing. | tomw at netscape.com > Style is standing up for what you beleive in. Netscape obviously has none, or they would be activly fighting the ITAR. --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfUhSDAJap8fyDMVAQFZmAf+JaD4Z5wmt6qkyvJK1nhg8xjZF4z0LoGi AyhFZ8sAZCgcu65YVcH9NnwXgJCGdq/OK2eLZlydM8w/tnIZJtsgxnX5rf8gb7a2 zgC8G4lr8OPKZPDP/85z8au/sM5wkUZ/sR9w+yTBn+UOmLH9sl+1r07rzMku39Zj LTrCp6B9I0TjaTQjiZyUaiClp67nJxobGWPDByTMMqJeN34V79ikRPBTI/FzcxD9 mk+TwyIVrHqFC117o2X4GuJbDPPqIWRBNDM1MpWmdECOOGEpkPydnJxmub+IaeBu WN2wPNzE2m9FVHQ0YVIScIt4jw2t4rr46BxfeDT+UJPIkvvhq6+0Ww== =NKO0 -----END PGP SIGNATURE----- From jimbell at pacifier.com Wed Jul 24 02:32:23 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 24 Jul 1996 17:32:23 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607232200.PAA25339@mail.pacifier.com> At 05:03 AM 7/24/96 -0700, Timothy C. May wrote: >>Not familiar with the Nyquist limit w/ regards to sampling rate vs >>frequency :( > >Check any textbook, or even a good dictionary. Basically, it says that one >must sample at more than twice the frequency of the highest frequency to be >reconstructed. Thus, a 20 KHz top frequency needs at least 40 K samples per >second. The exact number is, I think, about 2.2x the freqency, which is why >CDs were standardized at 44 K samples per second per channel. No, Tim, the minimum Nyquist sample frequency _is_ precisely 2.000 times the highest frequency to be recovered. However, what is somewhat less well-known is the fact that in order to keep higher frequencies from being "aliased" (reflected to lower frequencies by heterodyne processes) it is necessary to remove (by filtering) any frequency content above that maximum, before sampling is done. Real-world filters (at least, _economical_ ones) do not have instantaneous cutoffs, so it is necessary to provide a little margin, in this case about 10%. Fortunately, a play-only CD only needs output filters, and the input data (the CD disk itself) has already been limited to about 20 kilohertz, so its requirements are not so stringent. The reason so-called "oversampling" started to be done on CD players is that interpolating digitally between samples results in a far higher aliased noise frequencies, allowing either better performance with the same-quality of filters, or equal quality with lower-cost filters, or a combination of them both. Jim Bell jimbell at pacifier.com From david at sternlight.com Wed Jul 24 02:34:10 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 24 Jul 1996 17:34:10 +0800 Subject: Netscape In-Reply-To: <199607240213.WAA01656@black-ice.gateway.com> Message-ID: At 7:13 PM -0700 7/23/96, Anonymous Remail Service wrote: >As I have said before, European & other foreign users, who get the strong- >crypto version should pay Netscape what they owe Netscape, to keep the ITAR >as the issue, and not piracy. These are two separate issues, and if necessary >the foreign users can mail anonymous cash [the paper kind] to assuage their >consciences. Not all will do this, of course, but that's another example of >ITAR losing US companies $ again. Lucky is, as usual right. There is a double >standard for PGPdistribution vs other strong crypto distribution, and Tim is >also right that this GAK-loving info-disclosure requirement sets a *really* >lousy precedent for later software distributions. Pelease deal with issues >separately. This is hilarious. About two or three years ago, when I first began discussing crypto, I made a similar suggestion with respect to RSA. I was excoriated, pilloried, and in general called a very educational selection of bad names. David From perry at piermont.com Wed Jul 24 02:34:35 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 24 Jul 1996 17:34:35 +0800 Subject: Distributed DES crack In-Reply-To: <199607230422.AAA09435@crypto.com> Message-ID: <199607231331.JAA15803@jekyll.piermont.com> Matt Blaze writes: > I don't want to throw water over what I think would be a very useful > thing to have done, but I'm really skeptical that current "net" > computing power with general purpose processors is up to this. I think it is a stretch, admittedly, but that it can be done, and most importantly, it can be done nearly for "free". > My back of the envelope calculation, making some generous assumptions > about the implementation, suggests that such an effort would require > somewhere in the range of 10,000 and 50,000 CPU years on general (100MHz > or so Pentium) processors. This is well beyond any distributed computation > I'm aware of ever having been done, even adjusting for "Moore inflation". > While feasible in a "complexity theory" sense, it's really not realistic > yet. I'm not entirely sure. It is certainly bigger than the factorings that have been done, but on the other hand it is fairly easy to put together the experiment, and there are an awful lot of idle machines out there in the world. I have on several occassions been in possession of four or five hundred idle CPUs at night, and I am pretty sure that other people are in that position. The net has also grown quite dramatically in recent years, and reaching 100,000 reasonably high speed machines might not be so hard these days. At that point, it becomes a question of how fast one can get the DES cracker. A constant factor of two or three then makes a considerable difference in the outcome, as does the user friendlyness of the overall system. > Personally, I'd rather someone finish up the Wiener ASIC to the point where > it could go out to fab, get some prototype chips made, design a board around > it, and publish the design, from board layout on down. This would be a > great Master's project, and some of us (maybe me, but I'll have to check) > might even be able to scrape up enough funds to buy enough chips/boards/etc > to build a modest size machine (say, that could exhaust a DES key in 1-6 > months). Initial engineering costs aside, the marginal cost of each > such machine could be well within the budgets of, say, a medium size crypto > research lab, and would make a scary enough demo to convince even the > most trusting management types of the risks of 56 bit keys. Well, that would certainly be cool, but this does require real money. If you are willing to spend it, go for it, but I'm not sure we can count on people doing that sort of thing. What do you suppose the odds are that someone is going to build such a thing any time soon? Perry From deviant at pooh-corner.com Wed Jul 24 02:54:19 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 24 Jul 1996 17:54:19 +0800 Subject: Brute Force DES In-Reply-To: <31f4f77f1947002@noc.tc.umn.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 23 Jul 1996, Kevin L Prigge wrote: > Date: Tue, 23 Jul 1996 11:02:06 -0500 (CDT) > From: Kevin L Prigge > To: perry at piermont.com > Cc: trei at process.com, cypherpunks at toad.com > Subject: Re: Brute Force DES > > Perry E. Metzger said: > > > > "Peter Trei" writes: > > > The fastest general purpose, freely available des implementation I'm > > > aware of is libdes. by Eric Young. With this, I can do a set_key in > > > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to > > > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). > > > > I'll point out that like most DES implementations, Eric's tries to > > spend a lot of time in key setup to save time later on in > > encryption/decryption. This tradeoff would probably be very different > > if you didn't plan on trying more than one or two blocks of decryption > > after getting a key. > > > > For instance if you had a DES encrypted gzipped file. The first 2 bytes > plaintext will be Ox1f8b. You'd only have to try to fully decrypt > 1 out of 65535 keys. > Buy the point is to prove that DES shouldn't be used, not that it CAN be brute forced. A known-plaintext attack doesn't show that. We hafta attack something we've never seen. (i.e. talk Netscape, or some other company, into generating a DES'd message, and keeping the keys safe) --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfXEpjAJap8fyDMVAQGKQQf/VSnWcM4CwKnAuOjASUIkXLPw6CIjhjh5 pg1MQ9+H8phzJexzMj5PyQgC5onSdjXn8CVfSHGK/iFXmUW1ZddkkSJT7g5IAto8 IiN9UY6XitFQMfP6MLgKc8ynd91qE57+NGrknrMopFiBwbh5B7j1zJ6gVWQvrlox BkyJhveuC821Y1ziWXUBtxc+UWhZUHaUtOyUhliXKAGpHv7nOVbYhPeH3r7UzAoR LGs/7uP/9hLGexbpS3WAFcV7yWQAkyaPg3xoGhLGrTO6XLF3dOgp9CW75lZBtuGQ rG3Wj+G/BPIUuls2DvGCsv++SObemtj+Xvw+DLwYF806WMajWQEbpw== =b2PJ -----END PGP SIGNATURE----- From jsw at netscape.com Wed Jul 24 03:00:00 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 24 Jul 1996 18:00:00 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F55A79.3174@netscape.com> Lucky Green wrote: > > At 1:23 7/23/96, Jeff Weinstein wrote: > > > If you know that the recipient can read a message encrypted with > >3DES, IDEA, or RC2-128, then you can send the message using one of > >these strong algorithms. Given that you need someones public key > >to send them a message, there are several obvious ways to transmit > >information about what algorithms they accept along with it. > > Granted. What about the signature bug? Will Netscape encrypt the outside > signature? I think that this bug in s/mime should have been fixed long ago. We will try to get this fixed in the spec before our products goes out. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rpowell at algorithmics.com Wed Jul 24 03:01:26 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Wed, 24 Jul 1996 18:01:26 +0800 Subject: Internet Through Radio [joke reply] In-Reply-To: <01BB752B.81D53DE0@ip65.i-manila.com.ph> Message-ID: <96Jul23.172200edt.20481@janus.algorithmics.com> >>>>> In article <01BB752B.81D53DE0 at ip65.i-manila.com.ph>, Jerome Tan writes: > Does anyone know how to Internet through radio using packet modems? By = > next year, our telephone company will be implementing metered phones, = > this will be unfair to modem users since they do that to prevent people = > from talking to the phone for long hours. Sorry, but I couldn't resist: You talk to your phone??? I've always found non-sentient peices of metal and plastic (and assorted semiconductors) to be awfully boring conversation partners, but maybe it's just me... -Robin From roy at sendai.scytale.com Wed Jul 24 03:03:43 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Wed, 24 Jul 1996 18:03:43 +0800 Subject: Ross Anderson's Eternity service In-Reply-To: Message-ID: <960723.232310.4a7.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, snow at smoke.suba.com writes: > > On Mon, 22 Jul 1996, Hal wrote: >> A few questions for discussion: >> - Would there be much interest in it among users? > > I would be. Me, too. I think it's a frighteningly good idea. >> - Would it be a net benefit to society for such a service to exist? > > It would benefit people. It may harm society by doing so. It may harm some particular instantiations of "society", but I think there's a net benefit. Remember that evolution always takes more than one generation. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfWl2hvikii9febJAQFm0QP+JmIGuzCGCpqbdTIfViL9G9Jry7Ryh6pr 5d80uiyTiHbKCYvp+hSoVnnet4TDHhjUSu3eXbAlcl8Id1hci7i1aVOIdIi0rxZ8 SFwNDhrhaUL9940SZiaeUQjlTCYX17Ve0ipn7C15OFiR94I7dwJ5uCjrVyqXyRcs 9OEaSACUj+k= =htdw -----END PGP SIGNATURE----- From tomw at netscape.com Wed Jul 24 03:07:19 1996 From: tomw at netscape.com (Tom Weinstein) Date: Wed, 24 Jul 1996 18:07:19 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F55B33.446B@netscape.com> The Deviant wrote: > >> You should only break rules of style if you can | Tom Weinstein >> coherently explain what you gain by so doing. | tomw at netscape.com > > Style is standing up for what you beleive in. Netscape obviously has > none, or they would be activly fighting the ITAR. Anyone who believes that Netscape is not actively fighting ITAR is a fool. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From iang at cs.berkeley.edu Wed Jul 24 03:13:12 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Wed, 24 Jul 1996 18:13:12 +0800 Subject: E-Cash promotion idea In-Reply-To: Message-ID: <4t3ges$afu@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article , Lucky Green wrote: >At 23:19 7/22/96, Anonymous wrote: > >>How about getting the CyberCafes to accept ecash? Just pull out your >>Newton/HP48/PDA and point the IR beam at the cash register. Now that's >>an ecash application I'd like to see!! > >So would I. And one day we will. Though not not on the HP48. > Hey! I've got one of those HP48's, and I'd love to use it for ecash. Why do you reject it out of hand? (and what if I'm _willing_ to wait however many hours to create a payment... :-) (note that if you know what you're going to buy, payments can be created offline, and the HP becomes simply a transport mechanism)) - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfVFE0ZRiTErSPb1AQHxcQP+J0iyGhoEQAQEWaZyAj6piGubVnNOaGIV MIkfAeUrr117DY6WPYafgTP+zKJrD6KzmKuHfurPYWXwcLCskCmUTeJGKt73tBFf Obici9Cs/eT8m8Kz/33ae1qA2CJdJ2gT3nc3sVFENkotkxm8Xx5R6Nc125dm6i/S m+e5A+2GA5A= =OS3v -----END PGP SIGNATURE----- From frissell at panix.com Wed Jul 24 03:14:55 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 24 Jul 1996 18:14:55 +0800 Subject: [Noise] Hettinga Sees Colors... Message-ID: <2.2.32.19960723184711.0085912c@panix.com> At 01:20 PM 7/22/96 -0400, Robert Hettinga wrote: >Anyway, I was standing there at the monument to the British war dead ;-), >and said to the kids (ages 15, 13, and 11), "Guys, right here, on this >spot," (they looked down) " is were America [sic] started. If you could >imagine the ground here painted red, white and blue, and then the colors >radiating out from here in all directions", (they looked around) "from the >Atlantic to the Pacific, to Alaska and Hawaii, and bunch of islands in both >oceans. Oh, yeah. Even the Moon." Then they looked up. By the rude bridge that arched the flood, Their flag to April's breeze unfurled, Here once the embattled farmer's stood, And fired the shot heard round the world. See also: http://www.inc.net/~fhs/littour/bridge.html Relevant to cypherpunks because to steal from Nelson Thall of some Marshall McLuhan Institute in the latest Wired: "Ultimately, the power of the Internet is that it makes you think like a North American. It allows the entire world to think and write like North Americans. This is the agenda of the Internet. It goes along with NAFTA." An *why* is it vital that the world become like 'North Americans' (or, as we non-Canadians would say 'Americans')? See my follow-up message. DCF From deviant at pooh-corner.com Wed Jul 24 03:28:12 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 24 Jul 1996 18:28:12 +0800 Subject: Brute-forcing DES In-Reply-To: <199607230633.XAA19801@netcom20.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996, Mike Duvos wrote: > Date: Mon, 22 Jul 1996 23:33:58 -0700 (PDT) > From: Mike Duvos > To: cypherpunks at toad.com > Subject: Re: Brute-forcing DES > > "Peter Trei" writes: > > > Sadly, after further calculation, I'm not so sure if it's > > doable just yet. > > .... > > > The fastest general purpose, freely available des > > implementation I'm aware of is libdes. by Eric Young. With > > this, I can do a set_key in 15.8 us, and an ecb_encrypt in > > 95 us/block. That adds up to about 9,000 keytests/sec (this > > is on a 90 MHz P5, running NT). > > What you really want to do to sweep the DES keyspace is to > "schedule" the input and output block you are testing, performing > any static operations, and do only enough computation to see that > a given key fails. Special purpose assembler to do this > particular function would probably run faster than any algorithm > which could also be employed to encrypt data. > > > What will make this brute doable, if not now, then in the > > near future? > > > 1. Faster Processors > > > 2. More processors. > > > 3. More interest > > 4. Better code. > We also need to address the question of the code itself. Just crypting it won't work. We need a good way to test _to see if we have an answer_, for a non-known plaintext attack. --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfW4+DAJap8fyDMVAQECmAf+Le7kpXqvGDOSMhRdUG6qluP/RkBE9oeR 1O0pmeHPHtMU1qAgL1c9YJ3fHAdb+naLIhff1x8K2Nt4LsVYiNHY1va3ogg3P6mx G/1N+4iOtsL49XXhO+YnJfHxd8fYAdQKftWwcQc9DOpUbvHoD/yWIS94YHHnH6Zn Uly5cQqKtpNh20uq5gCC6GcJWj+Dm6BjaKrYuUgSwBNrnYBSQ6nui7W26zawA4vh GHtxKWIJQ9onBYWM025YuYhzTpRy852aLZifw1xPtAXXe1TypjcRojXcTtBL0iK0 oWVbtRWwxqKlzhmOiktec75jWjduREBoMve4OCE/3G0obILS84qxhA== =f9OL -----END PGP SIGNATURE----- From mixmaster at remail.obscura.com Wed Jul 24 03:46:34 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Wed, 24 Jul 1996 18:46:34 +0800 Subject: DES brute force? (was: Re: Borders *are* transparent) Message-ID: <199607240410.VAA04257@sirius.infonex.com> >What DES modes are used in typical banking situations? (I am >presuming a challenge involving a widely used banking funds transfer >protocol would be a suitably juicy targets, based on a criteria of >demonstrating the greatest financial risk). The problem with banking applications is that cracking a real key causes lots of real damage. I don't think it is illegal (as long as you don't withdraw somebody else's money), but publishing e.g. one of the DES keys used for the "EC Card" PIN verification would bring the European ATM system close to collapse. Finding a self- generated key, on the other hand, is not very impressive. From jsw at netscape.com Wed Jul 24 03:53:43 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 24 Jul 1996 18:53:43 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F55981.3009@netscape.com> Raph Levien wrote: > > On Tue, 23 Jul 1996, Jeff Weinstein wrote: > > > I don't like the fact that your proposal ties the size of the > > bulk encryption key to the size of the public modulus. There > > are legitimate reasons why someone might choose to have a 512 > > bit modulus even though they prefer longer bulk encryption keys. > > Your heuristic would be a good fallback in the absence of more > > reliable information. > > I agree. My proposal certainly has its limitations. In addition to the > one you cite, it will make it very difficult to change away from > Triple-DES when the time comes. > > Of course, your hypothetical user who wants to use a 512-bit key and > 128-bit RC2 is still completely screwed by all currently shipping S/MIME > products, as well as the S/MIME spec. I can't find anything in the S/MIME spec that makes the combination of 512-bit RSA key and 128-bit RC2 (or 3DES) illegal. The spec says that you must support RSA key sizes from 512 to 1024. Am I missing something? > > There is another method that does not require verisign or other > > CAs to add key size extensions to their certs. We can define > > a new authenticated attribute that gets included in Signed-Data > > and Signed-And-Enveloped-Data messages that indicates the > > user's key size and algorithm preference. This has the advantage > > that the preference is selected and signed by the user. This > > method was discussed at the S/MIME meeting in January at the > > RSA Crypto conference. I'm a bit surprised that it never > > got into the Implementation Guide. I'll make sure that > > we bring it up on the smime list again. > > I don't like the fact that your proposal leaves clients with absolutely > no information about symmetric cipher choice until the first round of > signed messages has been exchanged. In this initial round, the protocol is > still dependent on the global default. How did you get the certificate of the recipient? I assume that you got it from a degenerate PKCS#7 Signed-Data message as recommended by the s/mime spec. That degenerate message could contain the attribute I describe. If you got the certificate by some other means, we would fall back to your heuristic. > P.S. Can we agree not to describe 128-bit RC2 as "strong crypto" until > it's been subject to more serious scrutiny? It's probably a great cypher, > but most cautious crypto-people would far rather place their trust in > Triple-DES. Certainly. We will definitely offer 3DES as well as RC2 in our product. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From deviant at pooh-corner.com Wed Jul 24 03:56:25 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 24 Jul 1996 18:56:25 +0800 Subject: Borders *are* transparent In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 23 Jul 1996, Simon Spero wrote: > Date: Tue, 23 Jul 1996 13:38:59 -0400 (EDT) > From: Simon Spero > To: "Peter D. Junger" > Cc: Cypherpunks > Subject: Re: Borders *are* transparent > > On Tue, 23 Jul 1996, Peter D. Junger wrote: > > > > I am afraid that the number of machines needed would trivialize even > > the most non-trivial cash prize. But for what its worth, I can give > > you a lot of spare cycles on a couple of 486 Linux boxes. > > Not really - you just give the prize to the first person to return the > correct key (just like a real lottery). > But who's money? > > BTW, if you use a central site to allocate ranges to search, this site > should not know the correct key, as otherwise it could decide who gets > the chocolate bar with the golden ticket. > Definatly. > > If this project is run, I can't see it getting a hit for at least six > months unless its _really_ well promoted. The java approach would be a cool > hook - a slowish applet for your web page with something along the lines of > > "You may already have won 20c; whilst you're reading this page, your > computer is playing the cypherpunks challenge. For a better chance of > winning, download this free high performance screen saver and game piece." > Or better yet... use an applet and a cookie... you pass it a cookie, the applet figures the processor type and runs a certain number of cracks, (within a specified range, listed in the cookie) changes the cookie, and returns it (that may or may not have been sarcasm ;) --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfXQWDAJap8fyDMVAQHudwf9HRjkXkToQcUb4dnmfLYl4LO3PFa0RCrF ADOZmOpdOGlHhSFmzXRM/mdd/hnPnbltVpAULC8Pkb+ztGOyAUbSyYyZaBszNKNE dF0ri0e+NXs6UNDFQonGriM3Qi+3Pvb4fVXYvJ5Of1NIvDlO+rSOzrymo6j1wb6A 1HA7/jj3xtpy0vV/175QNgnqmIcGFEn89biR/nVQpGuFBEXw+JGajjibohAbcvbv xeaxuKvNg3rMk0ynqUDL2/5sYGUf9q4VzLzmjt9c12OIt83lUWH4YAj7gDCrpCyx Lxsxln3Y9b6DoeBmtMY1RT9rUiNHziBOD7r1ePeGcrdAAVjFuR5QNg== =lltr -----END PGP SIGNATURE----- From deviant at pooh-corner.com Wed Jul 24 03:59:33 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 24 Jul 1996 18:59:33 +0800 Subject: Brute-forcing DES In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 23 Jul 1996 pjn at nworks.com wrote: > Date: Tue, 23 Jul 1996 16:25:44 -0500 > From: pjn at nworks.com > To: cypherpunks at toad.com > Subject: Brute-forcing DES > > > Any one up for a distributed brute force attack on single DES? My > > back-of-the-envelope calculations and guesstimates put this on the > > hairy edge of doability (the critical factor is how many machines can > > be recruited - a non-trivial cash prize would help). > > >> Count me in. I've got a couple of net-connected Pentiums that are > >> mostly idle. > > Although I dont have a pentium, I would be glad to put forth > some computer power to help. > > >> Might be able to bring some money in by selling "I Helped Crack DES > >> And All I Got Was This Lousy T-shirt" T-shirts. > > Id buy one! :) > Actually... we might as well print up the t-shirts, and sell them for $15 apeice, then buy a DES cracker with the profit ;) Seriously though, I'd by the t-shirt, and I'll donate processor time. I can definatly give an 8086 (BALK) to the process, some time on a 80386, and a limited amount of time on some p75's... --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfXXDzAJap8fyDMVAQHoFgf9EpXRvhXBLjQViyA2PQt7xGWpXqRlIYfz MCkTWabmUYAOdGcRNBGhbwSejH6xTAdr7t+KRRb2ZgVsSsJlCnnhX14CR8w17q7D k/eO2FoIl7dv3V5Kj7iQqSbRrhccqVa10jHWAbK6O8j+yCjfejWk2Le/r7Bdg+t/ 5b3WjISljPbhTKf2K4gojXmXyIQYnlirV6EKuQGQJRbWL9zkAqMYdH4I0S9C6SNP GFukn1tp65g/H8Ww93TZovmffKGwsZwYbPCxoMQlRJF5taeb0AUAKwbEyoNgBWY1 FTsgCEzs8cO19wtlqmGdFfGg/7OHQ/eloIvGGDpcQL3u4elWCu+oiA== =W/GZ -----END PGP SIGNATURE----- From molecul1 at molecule1.com Wed Jul 24 04:02:15 1996 From: molecul1 at molecule1.com (Molecule One Scientific Research Institute) Date: Wed, 24 Jul 1996 19:02:15 +0800 Subject: A Global Village; an open letter to Bill & Hill and also Mr. & Mrs. Dole, from Asim at Molecule One. Cypherpunks, please excuse this note. Message-ID: Honourable wishes, I write about Mrs. Clinton's concept of Global Village and wholeheartedly, pledge my support to such an important concept. The world is everchanging and Mrs. Clinton is correct in that the industrialized countries have lost, most, of their extended families. This makes children vulnerable to danger. If in need of help, such children are commonly abused due to their vulnerability. I want to take this moment to express some understandings. Firstly, it was never in my plan to locate where I have been over the last while. Probably, if it hadn't been for many malicious encounters, I probably would of gone to a remote island, as I hold so dear to my heart. A close friend was severly violated and I had to witness a war being fought against civillians. When an insurance policy becomes more valuable than the human life, something must be wrong with social ethics. To live through many of the experiences I had to, while living here, made me realize high technology is dangerous in many peoples lives. To manipulate peoples decisions using brute force seemed terribly wrong to me. Many of the people controlling the situations are also stressed out. Abuse results from stress. Concerning the old man. I knew of this man since childhood. I always considered him one of the greatest neuroscientists on the planet earth. Even his friends hold him with a greatest respect. What he accomplished, very few could match his accomplishments. I send much thanks to Point Communications for allowing me a long interview about my social concerns. I wanted to personally thank all the K12 students that partook in my interview. I was never able to attend the requests of some of those students, that asked me to review some of their essays, as my time was occupied with endless other obstacles. I want those students to understand that I just couldn't. I want to thank all those cool students that let me participate at their, private, dance parties. They know I attended endless dance parties, researching technological requirements, so they are happy and socially satisfied. I also got to know what kind of social threats they are faced with, both, underground and official. Stress does tend to corrupt some people. I want you to understand that I came up with Molecule One as a means to address the needs of a culture. Even though many plots were directed at me for proposing this project, I always knew I spoke the truth and my intentions were pure. Neurosciences has always been a lifelong inspiration to me. Standards, to improve the quality of life in society, seemed a noble goal. I want the students to know that Molecule One was created for their benefit first. They are the future. When a child remains innocent, that innocence should be protected. Far too often, children loose their innocence to hardend people, who's primary motive is malicious intent. Naivete and innocence is purity and lack of ethical standard is rampent. I knew that acceptance of truth is difficult for some people, especially those ignorant and those conditioned to believe otherwise. I always chose positive as an outcome for motive. I want to thank all of you, Republican, Democrat, and families, friends and which other political inspiration. I respect all life and those standards that can increase the health standard of all people. There are many important factors that must be considered to insure a safe and healthy society, of the future. To work together, to attain this standard, is important for all people, irregardless of color. Care and courtesy, toward our fellow people, is another social characteristic that is becoming lost, with the loss of the extended family. I also want to thank all those cool computer folk that let me play upon the info highway, as it was being developed. I want to thank all those cyberfolk that recognised the import of all topics covered. Understand well, visions of tropical islands have floated through my mind, probably, everyday I've been here. It was my concern for the youth and for the elderly that made me stay and attempt to create a project that could bring happiness and harmony, to the society, for a long time to come. It is a challenge. Thanks for the cyber inspiration, acknowledgement and being allowed the opportunity to create a work of art that can benefit so many. To the 1'st family & 2 Mr.& Mrs. Dole, all friends and families. Peace and best wishes, Sincerely, Asim molecul1 at molecule1.com From alanh at infi.net Wed Jul 24 04:03:33 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 24 Jul 1996 19:03:33 +0800 Subject: Boycotts and Etiquette In-Reply-To: Message-ID: I never said thta I don't intend to _read and consider_ anyon'e posts. I said that I don't intend to dispute them. From rp at rpini.com Wed Jul 24 04:14:28 1996 From: rp at rpini.com (Remo Pini) Date: Wed, 24 Jul 1996 19:14:28 +0800 Subject: Another fascist Message-ID: <9607231216.AA21784@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Jul 23 14:13:43 1996 It's kind of childish... (And clumsily done, or else David would never have known) - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfTB+BFhy5sz+bTpAQGCGAgAvbFSYoLn1aogjB4fIu8RRrCiSVo8zAl+ 9ilpfYQ7jaKnzO8kJsz40NWu4jPTYbgqw7wYbw4e37XYGCLdBAqUT/0SSwCF/id2 nyVLU09vGiAtjZUsLTQRjTd2qF89CwcxcEWtEu3LjTKI8z5QD5L+O8yeh444dXbH Jhu42Cho0gGfAqK8SvzZzX7LDh4N0tQox2s9lc4XqisioBRRI0f4MOEqrOfGz+2/ MWOxaySADXJJ2Xp+yRLhFuH2n92VIenH4lzU2r8dmnGD4/PYoZsE+GSeO5dyohdl cn4gmB57S5aBsu235eCatqMEtk3auqAJfDCaIInX2rlaZS/47TpTQg== =iyK1 -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Wed Jul 24 04:19:02 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 24 Jul 1996 19:19:02 +0800 Subject: Another fascist Message-ID: <199607240421.VAA10317@toad.com> At 09:26 PM 7/22/96 -0700, David Sternlight wrote: >One of the great friends of free speech on this list sent a forged cancel >message to the listbot to try to cancel my subscription. >The listbot, being reasonably well designed, ignored him and told me about >it, though I have no doubt less of a dunce could bring it off. >What a piece of slime! What do others think of this practice? Yeah, it's slimy. If somebody wanted to be rude to you personally, they could have sent you flames telling you to go away; if they wanted to be rude to you publicly, they could have imitated many others (:-), and if they simply wanted you to not exist they could have installed procmail or used a killfile-capable mailer like Pegasus or Commercial Eudora and defined you out of existence. If the listbot sends you their name, you could always, umm, escrow them or something..... (In a killfile, no one can hear you flame...) (I have tried to remove people from the list, if they've sent it mail asking to "Unsuscrive" or whatever, but at least for the last long while that's failed; you at least need a half-way attempt at forgery.) # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From tcmay at got.net Wed Jul 24 04:29:30 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 24 Jul 1996 19:29:30 +0800 Subject: Question Message-ID: At 9:25 PM 7/23/96, pjn at nworks.com wrote: >OK...A question for you all: > > If it is illegal (by our governments standards...) to export programs >like PGP, etc., and you can send the whole source code in a message >because that is also considered illegal, then could you send the code, >broken up into many pieces, and send THAT in Email, would that be >illegal? I don't think this has been spelled-out clearly in the ITARs, much less tested in court, but the intent is clearly to subvert the ITARS. Isomorphic to shipping out a piece of military hardware in pieces, wouldn't you say? And don't forget the "structuring" laws regarding the reporting of cash transactions over $10K. I don't think this has much promise. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From koontz at netapp.com Wed Jul 24 04:30:43 1996 From: koontz at netapp.com (Dave Koontz) Date: Wed, 24 Jul 1996 19:30:43 +0800 Subject: Brute-forcing DES Message-ID: <9607232216.AA22925@supernova.netapp.com> >>At 3:06 AM 7/23/96, Steve Reid wrote: >>Did you consider the possibility of DES chips in your back-of-the-envelope >>calculations? They are hundreds of times faster than PCs. I don't know >>where to get them or how much they cost, though. I would expect they >>wouldn't be too expensive. The cash might be better spent on DES chips >>than on a prize. >Specialized DES-cracker chips have of course been considered. Actually hardware DES can be thousands of times faster than PCs. The problem with using commercially available DES chips is that you need to load keys, do encrypts and XOR the output with the ciphertext looking for all 0's or all 1's, in a serial fashion. Commercial DES chips don't have the facilities for doing comparisons or loading a new key while encrypting with the previous, not to mention the ability to increment the key value. >The advantage of the cracks done last year, the French and Australian >cracks, and the MIT cracks, were that the "entry costs" for joining the >project were low. >--Tim May The lowest cost entry for hardware crackers would probably be FPGA based (lower NRE). I could design one that would do say 2 - 4 million DES ops per second and cost less than 60 dollars (a PCI interface and cheap card). Anyway, hardware cracking can be done on a smaller scale than Wieners 30 Million DES ops/second, and it could still prove valuable. The good news is that software and hardware efforts are no more incompatible than using different performing machines. If someone steps forward with 1728 Giga DES ops machine, they can have as much of the key space as they can handle. I could probably manage a 100 M DES ops hardware machine before my wife wondered what I was spending the money for the new driveway on (and I would use reprogrammable FPGAs). I would also be inclined to run software on a couple of workstations at home, and an incidental PC or Alpha at work. From deviant at pooh-corner.com Wed Jul 24 04:32:57 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 24 Jul 1996 19:32:57 +0800 Subject: No more stupid gun thread ... In-Reply-To: <199607230124.SAA01022@server1.chromatic.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 22 Jul 1996, Ernest Hua wrote: > Date: Mon, 22 Jul 1996 18:24:23 -0700 (PDT) > From: Ernest Hua > To: cypherpunks at toad.com > Cc: hua at chromatic.com > Subject: No more stupid gun thread ... > > Ok. This thread has gone on long enough and covered just about every > point except the one which I originally made in my first response, > which is that I abhor the idea that kids should carry weapons (of any > sort) to school as standard equipment. In fact, I abhor the idea > that kids should carry weapons at school for any reason. > > Enough said. > > I do not care to discuss: > > 1. Should kids have any weapons at any time? > > 2. Should kids have guns (specifically guns)? > > 3. Should kids know how to operate weapons of any sort? > Would this be weapons as in "guns and knives" or weapons as in the NSA's current "enforcement" of ITAR? --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfUdMzAJap8fyDMVAQFq6gf+Kp6eLa33HEUl2yVDDdh2EELfRRPhIRbY GTn6iJtYBva/yJcPv4qIAqLvict4ZsEE2qtETRMLPDfL7dYDymgofURubXJGxMEL vfu9IlpusKShp98o33gf6RnrpmAB01NmDaykxsCwuCMVMFIGHXw6RmmfLTVYHPOL w6gS+Qkmzhv51+YUtzSGq5h4hUu7uPcx7c6fD/qKnChBcmRgMS+w9P5RywlRAZ2B KSrIShkYxqhVyUL9HDca2qKqT8OXP4KdWMDCNAzMiRVEZn2A0N7TpJpVVN5r0hqT IpGiENX2E/fOxTfqwD4dh5Wq1wIncaH//voEHEoMbG2k1KxuTPJFZA== =qMLk -----END PGP SIGNATURE----- From furballs at netcom.com Wed Jul 24 04:33:37 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Wed, 24 Jul 1996 19:33:37 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607221607.AA00659@Etna.ai.mit.edu> Message-ID: On Mon, 22 Jul 1996 hallam at Etna.ai.mit.edu wrote: > >Limbaugh is giving up the show because it is run in syndication. > >Syndication is not a profitable format with the ensuing satellite blitz > >on the horizon. > > > I find your argument only moderately less convincing than the average > political campaign ad. Your opinion. It's not an argument; it's the way it is. > > Given Limbaugh's propensity for telling blatant fibs I don't credit anything > he says as being likely to bear any relation to the truth, particularly > when it would mean admitting failure and retreat. > Again your opinion. > Syndication is highly profitable for many, if its profitable to syndicate > drama with its astronomic production costs it is profitable to syndicate > Rush with his astronomic weight. > Good straw man defense: Apples == Oranges. Syndication is only profitable for those shows that can make the time slots garnered with the biggest advertisers. Drama wins because it's chewing gum for the mind - just like Clinton's saturday morning broadcast and the subsequent denials issued afterwards. Zero thought television appeals to the masses, ie: Bay Watch != Script. Talk shows that attempt to stimulate active thought on reasonable premise generally do not survive long in syndication. With Limbaugh's show, it took a double hit as the markets it played to were for the most part late night. BTW, this comes from actually looking it up in past TV Guides - not mindlessly drooling over the radio - so put away the "he's lying" crap. In addition, Limbaugh, like other TV hosts, has zero control over when the show airs and which episodes get aired. To screw someone in the Nielsons, you place the show in the low rate time bracket to guarantee bottom ratings, and do re-runs. It's doesn't matter how good the show is - it won't fly. Following the shallow logic of your argument, Limbaugh is not a success because he does not broadcast on TV. That parallels the generally accepted myth (especially in academia) that one is not an expert in the field unless published. > >Limbaugh is a buisnessman and a commentator. He earns a living. He will > >do what is necessary to leverage his marketability to make the most money. > > >Since you've gone to college, I'll have to explain it to you: It's called > >capitalism - look into it... > > Its called failure and spin control. Rush has not announced a new TV show, > he has closed his only TV show. He has closed after his audience declined > and his contracts expired. That is the business decision of the local > stations who don;t see Rush as profitable business anymore and advertisers > who don't want to see their products associated with appologists for > the Oaklahoma bomb. > Again, your opinion of the situation. Adverstisers are whores. That's what they get paid to do. IF they think going PC will sell more product, that's what happens. Watch and see the score of all the Clinton's business backing when Hillary is finally indicted. > > >You fail to acknowledge the simple fact that a segment of society that > >feels not only disenfranchised, but that the system is irrepairable will > >stoop to whatever means they feel is necessary to make their point. They > >don't care what other people think - just what they believe in. > >Discrediting is a non issue. > > I know that facism has an appeal for many people but that does not mean > that they are not a minority. And I am not using the words Facism as a > casual insult but as an accurate description of a movement which is in > large part a vehicle for racism and has already caused 200 plus murders > at OKC. > > Every time an extreeme idological faction of the left or the right gains > power there are splinter groups from that side claiming that the failure > of the policies is due to them not being compromised and insufficiently > ideal. Since right wing idealogues have been dominant in the US for some > time it is the right wing extreemists who are to the fore. > > Right wing, left wing. It's all the same. Pigeon holes for unpopular ideas. The issue I take with this, is the constant spouting of King Bill's pronouncement of why OKC occured in the first place. We don't know WHY it took place - that's what a trial is for (if you actually believe that justice is blind and lawyers tell the truth always). We will NEVER really know - but it's damn fine political fodder to take an unconstitutional swipe at the populous with the anti-terrorist legislation. If you firmly believe the premise that Fascism was the root cause behind OKC, then you have no choice but to look to the White House and Capital Hill. ...Paul From jimbell at pacifier.com Wed Jul 24 04:42:09 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 24 Jul 1996 19:42:09 +0800 Subject: Netscape Message-ID: <199607232310.QAA29698@mail.pacifier.com> At 09:52 AM 7/23/96 -0700, David Sternlight wrote: >At 5:09 PM -0700 7/22/96, Ted Anderson wrote: >> >>I must agree with Lucky. I am quite sure that even if Netscape was not >>begin distributed over the net, copies would still be uploaded to >>international sites by folks practicing Civil disobedience. > >To call simple lawbreaking by cowards working in secret "civil >disobedience" is to defame the name of Gandhi, King, and all the legitimate >protesters of modern history. Civil disobedience must be seen publicly, and >must be done by observable individuals. Masked men throwing stink bombs is >not civil disobedience--it's hooliganism. As usual, while you have at least the hint of a truth there, you manage to warp it just enough to be difficult to recognize. Historically, the the government has had nominal control of the media. The only civil disobedience that was _seen_ to be successful were the examples that made the news. And the "only" examples which made the news were the ones the government wanted to publicize. And the "only" examples the government wanted to publicize were the ones in which government "successfully" made examples of those doing it. And the "only" examples where the government achieved this were the ones where the perpetrator allowed himself to be caught. (my usages of the word, "only," are somewhat hyperbolic, of course. In practice, they are strong probabilities.) Your usage of the word, "legitimate" is quite slick (in the worst sense of the word, "slick"): The only ones you're going to want to acknowledge were "legitimate" are the ones that either are already successful, or the few you approve of and are still waiting to be successful. So, in a certain odd sense, it has been correct to say that the only "successful" (and thus, by your standards, "legitimate") civil disobedience has been that in which the perpetrator did it openly. And not surprisingly, anyone who does anything in such a way that he's not caught (and therefore, is also not subject to government-sponsored publicity) is a "coward" by your standards. How convenient! A rather sophisticated self-fulfilling prophecy. No wonder you've got some people fooled into believing you're a good debator. Fast-forward to 1996. Today, the traditional news media is beginning to be seriously bypassed by the computer networks, and this process is accelerating. No longer can the government keep enough control of the news media in order to help ensure that civil disobedience stays covered up unless they catch the protestor. Since everything else seems to be changing, it's no surprise that civil disobedience is, too. Today, civil disobedience still needs publicity, but to achieve that it now DOESN'T need the cooperation of the mainstream media, or implicitly the government. So a person doesn't need to be "caught" in order to win. The _results_ must be publicized, the person or people who did it doesn't. This represents a rather enormous change in the whole issue of civil disobedience, a change which is extraordinarily unwelcome among governments and statists alike. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Wed Jul 24 04:42:57 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 24 Jul 1996 19:42:57 +0800 Subject: Intel, Microsoft doing Internet Phone Software Message-ID: <199607231622.JAA04071@mail.pacifier.com> At 10:47 AM 7/23/96 -0400, W Lee Nussbaum wrote: > > >On Mon, 22 Jul 1996, jim bell wrote: > >> If these people REALLY wanted to promote the use of Internet telephoning, >> what they'd do is implement a system where an Internet ISP could be "called" >> over the Internet by a person wanting to place an LD telephone call to that >> area, and (presumably using A/D and D/A techniques) rather than generating >> and receiving modem tones, woudl generate and transmit the audio over the >> telephone line. That way, the target of the call would simply need to pick >> up the telephone and talk, as he would ordinarily do: He wouldn't even need >> a computer. He might not even know the call was going over the Internet. > >...see IDT's Net2Phone product, at http://www.net2phone.com/; it does >what you describe. Two notes: (1) I haven't used it yet; (2: disclosure) >I'm now employed by IDT, though in a different area. Excellent! It seems that the one remaining piece in the puzzle is financial motivation. Many ISP's might hesitate to install a "feature" on their systems which has the prospect of tying up some of their lines, with no payback. As much as it pains me to face it, at this point what is needed is some system to pay the ISP's for maintaining and even upgrading their systems to make this whole thing practical. Currently, Sprint is proud to announce that they charge 10 cents a minute for off-peak calls. Could an ISP make money charging, say, 2 cents a minute for a similar service? The main marginal cost is that of an extra phone line, which is probably about $30 per month or $1 per day. Assuming the line is occupied 8 hours per day, that's 480 minutes, which means that the phone line costs 0.2 cents per minute. Even if other costs increase this by a factor of 5 or so, there should be nothing to prevent an ISP from making money off a 2 cent per minute charge or even less. Jim Bell jimbell at pacifier.com From tcmay at got.net Wed Jul 24 04:43:27 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 24 Jul 1996 19:43:27 +0800 Subject: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) Message-ID: At 11:40 AM 7/23/96, bryce at digicash.com wrote: >I know a lot about Rand, and about her deep flaws as an >individual, especially in terms of treatment of her supporters, >but this is the first I've heard of this one. Perhaps Tim is >thinking of a play by Murray Rothbard called "Mozart Was a Red" >in which the Ayn Rand caricature insists that her followers >smoke. > >As for smoking being "proof" of man's dominance over nature, >Rand _did_ believe that in the sense of "demonstration" or >"symbol" but she did not believe that in the rigorous sense of >"proof". This was well-known to a bunch of us in the early 70s who were interested in Rand (and her extreme followers, known widely as "Randroids"). I think some of her essays in her Objectivist Newsletter had explained why smoking was essentially de rigeur. (By the way, at the time Rand was writing this stuff, doctors were recommending smoking as a digestive and health aid, and nearly everyone smoked. I don't condemn Rand for smoking, or for falling into the all-too-common practice of using "logic" to justify one's beliefs and practices.) Rothbard was a source for the smoking example, but not in a play (although he may have also used his knowledge in a play...I wouldn't know). Rothbard wrote an article for "Liberty," circa 1986-8, which is where I read the details. Also, I believe Barbara Branden's biography of Rand dealth with this, but I haven't read it in many a year. And there is this comment, from an admittedly off-beat source (http://www.zonpower.com/zonpower/book/chapters/chapter29.html): "Whatever the root of his irrationality, Dr. Peikoff's persona shrinks with his advocating force-backed intolerance as he expressed during his 1995 Ford Hall Forum lecture. Recall how Ayn Rand's life wastragically diminished by her irrational, deadly, "dot-of-light" glamorization of smoking. Her emotional, irrational denials of the narcotically addictive, physically destructive nature of tobacco smoking led her and some of her "caped" followers to the grave." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From alexf at iss.net Wed Jul 24 04:52:28 1996 From: alexf at iss.net (Alex F) Date: Wed, 24 Jul 1996 19:52:28 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: <199607231818.OAA07217@phoenix.iss.net> > Easy enough. > > - Unless somebody reversed-engineered it, filtered it, and re-stamped it. Never said that it would be fool proof :) > - The entertainment industry has a reputation of being paranoid Sometimes with good reason, just like software producers are paraniod about piracy. Though, the Ent. Ind. does tend to overreact. IMO the copyright laws that are currently in place are enough to protect against the forms of piracy that they are trying to protect themselves against. I really don't think that there is need for new legislation or potentially privacy invading practices at this point. The forgers of the copyright laws (at least as they relate to music) had incredible foresight. Basically, from the laws that were originally drafted (30's maybe? Then revised in the early '70's at least as far as public domain goes) both videos and CDs are protected. These were written when there were no CDs or videos. > Some of you may recall > the flap over DAT, which significantly reduced the consumer market > penetration (the industry itself uses them all over the place). The Ent. Ind. got what they wanted though. There are taxes, etc. (some sort of import restrictions anyway) that keep DAT player/recorder devices at around $700 per unit. By this time normally the prices *should* be down to like $200 (using the CD industry as a guide) DATs are used all over the industry because they are cheap (see below), and because going from analog tape to DAT for CD mastering is a million times easier then sending off reels of analog tape, even if the tape is a properly mixed down duplicate of the master. There are still track times, numbers, etc., etc. A HUGE pain in the ass for CD manufacturers, but easy to do on a one-off basis in the studio where the producer & artist can sit there and help mix, fix tracks, select times, indexes, etc., etc. It can all be done to a single DAT )(which would then be copied for safety) and set along with a time code sheet. > (you still > have the even-less-effective argument of the associated cover art not > being included or being scanned and duplicated with reduced signal > quality, unless the distribution is all on-line). Cover art is pretty easy to duplicate if you have access to a color laser printer. Just scan the original in at 300dpi, and print it out at the same resolution/size and you have it. Just don't scan it in as a .GIF :) (too few colors) > Probably not done that way. My guess is that the disk ID is assigned > to the disk at the time of manufacturing. At the point of purchase > the customer is forced to give name, address, ID, whatever. This is > then stored in a database > > - Would YOU want to be responsible for maintaining that database? It's > like maintaining a hardware store trying to maintain an ID on every > single screw and nail in inventory. You would run into the same problems if it were done by CC. Hopefully the industry will do some sort of a cost-analysis (an accurate one) and realize that they would spend more on this than they lose (esp. since they still wouldn't eliminate piracy, just make it a little more difficult). > - Nobody's going to try and do a higher-frequency encoding (I HOPE). While > the human ear cannot hear those frequencies directly, we have found out > that those higher-frequencies interact in such a way to influence the > sound waves that influence what the user can hear. Yes, that's true. Anyone ever hear of HAARP? :) Certain frequencies can affect the brain in certain ways (a guy by the name of Robert A Monroe, while maybe a little eccentric, has been using this method since the 50's to do things like keep people awake when they are sleepy, vice versa, etc.). Also the body. Your body parts resonate a certain frequencies. For example, there is a very low note (I believe that it is a B) that vibrates at the same frequency as your bowels. Play that note, and you loose control... :) (If anyone knows this frequency, PLEASE let me know. I'm serious :) ). This is the reason > there's still a debate between digital and analog recordings, and is > still a big reason a lot of artists still record on analog equipment > (in musical "fuzzy" terms, it's equated with the warmth of the sound, > sort of like the tube-amp vs. solid-state amp debate among some guitar > players, etc.) If somebody deliberately played with such frequencies, > the journalistic media would probably have a field day. Yes, there are > audio cancelling and other tricks that could be deployed, but no matter > what, you're still deliberately introducing signal noise I touched on that in my other posting. The real difference between analog vs. digital is actually 2 things; static and musical "overtones" (used to produce various distortion effects and feedback, for example. ANyone who has listened to Robin Trower, Hendrix, Van Halen, etc. knows). People *are* playing with these frequencies. It's known as COSM or Composite Object Sound Modeling, and apparently is fuzzier (as in fuzzy logic, not fuzzy sound) than cold sampling is. Companies like Roland and Line6 are playing with such things. Roland is really doing some amazing things with this technology. > If I remember correctly, there is plenty of room in the design of the > audio CD protocal to embed such information, just like you can embed > the timing and track number information. Yeah, that's something else too. I'm not sure exactly how that works, but I *think* it's like a 1Khz or 1 hz signal that signals this. At least it is for the start of the first track on a cd. In the manufacturing process, at least > - Well, the MASS market piraters are exactly the point. Well, let's face > it, if the industry controllers got their way, there would be no > second-hand market like garage sales - there IS money involved here > (witness the bizarre dealings with CD-rental stores that have shown up The thing is, there is no money lost, really. Think about it. In order for one CD to be bought at a garage sale, someone else had to buy it at a retail store. If the record companies were in the used CD business then there may be money lost, but otherwise. The place where real money is lost is sale of promo CDs (many say "Promotional copy. Not for sale" on them). Here the record company loses nothing. The artist loses big time. With the exception of Sony records, most record companies will only pay artists royalties on 85% of records sold. The other 15% is said to be "promotional material" which is a huge scam run by the recording industry to take advantage of the artists. These 15% are still paid for (manufacturing, etc.) by the artist, and are given away to radio stations, etc. There is where the real money is lost. The rest is lieing with numbers. Getting off topic, Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From trei at process.com Wed Jul 24 04:54:34 1996 From: trei at process.com (Peter Trei) Date: Wed, 24 Jul 1996 19:54:34 +0800 Subject: DES Optimization (Brute Force DES) Message-ID: <199607231617.JAA19247@toad.com> > "Peter Trei" writes: > > The fastest general purpose, freely available des implementation I'm > > aware of is libdes. by Eric Young. With this, I can do a set_key in > > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to > > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). > > I'll point out that like most DES implementations, Eric's tries to > spend a lot of time in key setup to save time later on in > encryption/decryption. This tradeoff would probably be very different > if you didn't plan on trying more than one or two blocks of decryption > after getting a key. > > Perry Yep - with good optimization, the keygen and the des rounds get very close to each other in processing cost. Let's look at the steps involved (I'm refering to the DES description in Schneier, 2nd ed, p 270-278). I've not yet coded these optimizations, so this may be subject to revision. I'm assuming a known plaintext attack on a single 64 bit block, ECB mode. What we want to obtain is the key (which was presumably also used to encode interesting data which we can't read) First of all, we can move the initial and final permutes (tables 12.1 and 12.8) completely out of the testing loop. These have to done only once per run, and thus are effectively zero cost. Similarly, we can eliminate the key permutation (table 12.2), and iterate the permuted 56 bit key. If we get at hit, we invert the key permutation and add back the parity bits to get the original key. In the DES round The S-box and P-box steps can be combined into a single 48->32 bit permutation. So, per round (there are 16), we now have: 1. copy 32 bit sub-block to use as 'other' half in next round. 2. expansion permutation (32 -> 48) 3. xor with appropriate subkey. 4. perform the s-p permutation. (48->32) 5. xor with 'other' half from previous round. The key scheduling can be done in parallel with the rounds, since we're only planning on using each key once. However, on the Pentium it may be more efficient to do it before the des rounds, due to register starvation. Generating the subkeys is actually quite painful. You have to rotate the 56 bit key as two 28 bit halves, by one or two bits depending on the round, and then do a 56-> 48 bit permutation to generate the subkey. This step needs to be done 16 times. In a regular DES implementation, you generate the key schedules once at the start, and reuse them for each block, so there is little to be gained by optimzing this step. In a keysearch situation it's a different matter. Optimizing the permutations: DES was originally designed for hardware implementation, where permutation is a simple matter of braiding the wires between the input and output. It's a lot harder in software. I'm aware of two basic approaches: 1. Algorithmic: Analyse the permutation table to find bits which get shifted in the same direction, by the same number of bits, and arrange a series of SHIFTs, ANDs, and ORs to generate the desired permutation. This is essentially a geometry problem. 2. Lookup: Create tables for the permutation. While a permutation with n bits of input requires 2^n entries (each the size of the output data) if done as a single table, it's possible to break the permutation into several smaller tables, at increased processing time. This is a classic speed vs space tradeoff, with a big step if your tables are too large to fit into cache (and even bigger if they go to virtual memory) Example: A straight 32 -> 32 bit permutation: If done as one table, it would have 2^32 entries, and take about 16 Gbytes. If broken up into 4 tables, each of which dealt with 8 bits of the input, it would take 4096 bytes total. However, the calculation would require extracting the four eight bit subkeys from the input, doing four lookups, and ORing the four results together to get the final output. A 32 bit perm could also be done with two tables, but they would occupy half a Mb. The S-P step and the compression step of the key schedule are probably faster by lookup than by algorithm. I'm not sure about the expansion permutation, which is very regular. The size and number of tables used is going to depend a lot on cache size and available memory - for example, the rotates in the key scheduling can be eliminated if I'm willing to maintain 16 key compression tables (one for each round). I strongly expect that the whole key testing loop can fit into the 8k L1 code cache. The lookup tables *may* fit into the L2 cache. If anyone has any other optimizations, I'd like to hear about them. Peter Trei trei at process.ocm Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From schryver at radiks.net Wed Jul 24 04:56:22 1996 From: schryver at radiks.net (Scott Schryvers) Date: Wed, 24 Jul 1996 19:56:22 +0800 Subject: Kids and Computer Privacy Was Re: No more stupid gun thread ... Message-ID: <199607240845.DAA09636@sr.radiks.net> At 06:24 PM 7/22/96 -0700, you wrote: >Ok. This thread has gone on long enough and covered just about every >point except the one which I originally made in my first response, >which is that I abhor the idea that kids should carry weapons (of any >sort) to school as standard equipment. In fact, I abhor the idea >that kids should carry weapons at school for any reason. > >Enough said. > >I do not care to discuss: > >1. Should kids have any weapons at any time? > >2. Should kids have guns (specifically guns)? > >3. Should kids know how to operate weapons of any sort? > >If any of you really really have to discuss this issue, let's spare >the rest of the list and send me E-Mail directly. > >Thanks! > >Ern > Should kids have crypto? [weapons] Should parents teach their kids crypto at an early age? Should kids have a right to privacy? If yes, should there be a limit to the privacy they hold? Under Itar crypto is a weapon. If a kid were to bring a disk containing pgp to school could they be expelled for carrying a weapon? Should children's legal rights be taught at school at an early age? From mcarpent at Dusk.obscure.net Wed Jul 24 04:57:28 1996 From: mcarpent at Dusk.obscure.net (Matt Carpenter) Date: Wed, 24 Jul 1996 19:57:28 +0800 Subject: emscrypt 0.01 ALPHA Message-ID: <199607240857.DAA06070@Dusk.obscure.net> -----BEGIN PGP SIGNED MESSAGE----- I finally managed to find some time to do a little testing of emscrypt and make some of the changes that were suggested here earlier. It is still rather ugly and I haven't added many of the features/capabilities I hope to eventually implement. But I'm making it available so that people can play with it if they want. It looks like I'm going to be very busy for at least the next month trying to finish up the work for my master's degree, so I probably won't be making any major changes for a while. emscrypt's purpose is to automatically run PGP signed scripts received by e-mail and return the results to the submitter. emscrypt is a heavily mutated version of morepgp, originally by Jason Steiner and modified by Greg Spencer. Please realize that this program has NOT undergone extensive testing, so you may encounter strange behaviour. Make sure you read the documentation that exists. Using this program may make your system insecure, especially if you don't follow the installation procedure carefully. Use at your own risk. You should be able to find emscrypt and some documentation at: http://www.bmen.tulane.edu/~carpente Look under the "Other random projects or possibly useful stuff" heading. In order to try out emscrypt you need the following: * Perl -- emscrypt is written in Perl. * PGP 2.6.2 -- Other versions may work, but I haven't tested them and emscrypt relies strongly on knowing the format of the PGP output messages. * Procmail -- For passing incoming mail to emscrypt. This can be accomplished in other ways, but at this point I haven't tried any of them. If you don't have procmail you can still play with emscrypt by piping messages to it manually. I strongly suggest you do this anyway, to make sure you trust emscrypt to answer incoming mail. Here are the major things that have changed with emscrypt since I described it here a while ago: There are now two required headers which must be included in the body of the signed message: 'Reply-To:' and 'PGP-Key-Fingerprint:'. Both must appear before the beginning of the script. The beginning of the script is considered to be anything other than the above headers, blank lines, or lines that begin with '::' but that are otherwise empty. Duplicate headers will generate an error and prevent the script from executing. Case within the headers is not important. (You are free to use eLiTE d00dz capitalization techniques, just don't try to use kRe8yv sP3lliNg5.) 'Reply-To:' must be followed by a valid e-mail address, otherwise you won't get your results. (emscrypt will also recognize a 'Request-Remailing-To:' header in place of 'Reply-To:'. I added this so that emscrypt could be treated as a "remailer". The idea is that you could use software such as premail to automate the generation of messages going to emscrypt, so that you don't have to do the signing/encrypting manually. Then you could just send a script to yourself, "chaining" it through your emscrypt "remailer". But I don't think this will work without slight modifications to the remailer message generating programs, since emscrypt requires the 'Request-Remailing-To:' header within the signed body of a message (it would also be nice if the 'PGP-Key-Fingerprint' header could be automagically included)). The 'PGP-Key-Fingerprint:' header gives the fingerprint of the key used to sign the message and which will also be used to encrypt the results. It must also be included within the signed body of the message. Most of the other changes involved minor debugging and general clean-up (not that I consider it clean now). I also improved the error handling a little, but it needs more work, too. Right now emscrypt generally tries to generate, encrypt, and mail an error report if things go wrong. If that doesn't work, then it saves an error message to a log file. If you find any problems, please let me know. Comments, suggestions, etc. are also welcome. Thanks, - --Matt - -- mcarpent at mailhost.tcs.tulane.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfXlaijtJAMyBnp9AQHAdAf+MQ/ZroKoLeYyQDYabVrIq1eLSQB6vpr+ 2tXu63wDbcUeFoeSFNx6Sar7DNtAJyJUlwVcVKlb5SOuYR/8aFDvAnIYuQLPfdXd xXjC4iv+Hh3hNx4ibeyAB4xbFmDYAMB19zEf6nhmJdxR03oFXP+Qfx2m/aN/LDKZ zVSjtOs/ujTa6ltP6r/9x1vdiqmSNuSCNLvL/f4YulfdzR8frF0uLyLmiDH6mUpm etKxSpIg4ZI+iy1YvvSd+FtA0F3XSziaLEepx4X8gYjZKP0YXPTEMGhTeWj1o6bP yl06KUIRTL5k56P0xnW2MezGN5c0Cz2W9TEa9NBbHxY1DgSTDWa3sg== =DTpY -----END PGP SIGNATURE----- From ses at tipper.oit.unc.edu Wed Jul 24 05:01:08 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 24 Jul 1996 20:01:08 +0800 Subject: Distributed DES crack In-Reply-To: <199607222314.TAA12858@jekyll.piermont.com> Message-ID: On Mon, 22 Jul 1996, Perry E. Metzger wrote: > Ben Holiday writes: > > I've a few machines around that could be dedicated almost full time to the > > task. What are the bandwidth requirements? > > Probably near zero. People can get sections of the search space > parceled out to them. I've always wondered whether chinese lotterys could be made more reliable by having each player check random keys rather than searching within a block. That way it becomes a lot harder to spoof by volunteering for a block and reporting incorrect results. --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From sandfort at crl.com Wed Jul 24 05:03:11 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 24 Jul 1996 20:03:11 +0800 Subject: [Noise] was Re: Giving 6 year old kids Uzi's In-Reply-To: <2.2.32.19960723180827.0085a950@panix.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, At 5:14 PM -0700 7/22/96, Ernest Hua wrote: > > >>Or the way many blacks were lynched (physically and socially) in the South. > >>Or the way many asians were segregated. Or the way many ethnic groups > >>fought each other in inner cities. > >> > >>These are cultural relics of the good ol' days I simply can do without. To which Duncan Frissell responded: > Few armed blacks were lynched. Like--none. And let's not forget the Chinese. Unarmed Chinese laborers where often robbed in 1849 California. The existance and vitality of San Francisco's Chinatown has been attributed to the fact that--unlike their rural cousins--the SF Chinese community armed itself with guns in response to racially motivated violence against them. The lived and prospered; other, unarmed, California Chinese communities did not. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dan at milliways.org Wed Jul 24 05:03:16 1996 From: dan at milliways.org (Dan Bailey) Date: Wed, 24 Jul 1996 20:03:16 +0800 Subject: DES brute force? (was: Re: Borders *are* transparent) Message-ID: <199607240036.UAA22733@perseus.ultra.net> If we choose a plaintext/ciphertext pair carefully, we can easily save ourselves some work (50%) while still making the attack a credible demonstration. The idea is to use each trial encryption twice. In _Differential Cryptanalysis of the Data Encryption Standard_, Biham and Shamir note the following, known as the complementation property of DES: if T = DES(P, K) where T is ciphertext, P plaintext, and k key, then: T' = DES(P', K') where T', P', and K' are the bitwise complement of the above. Now the interesting part. If two pairs (P1,T1) and (P2,T2) are available with P1 = P2' or T1 = T2', then an attacker can restrict his search to only the keys with LSB = 0. The attacker runs through the remaining 2^55 keys (with LSB = 0) and tests the results against both T1 and T2'. Since testing for equality is much faster than performing the actual encryption, time savings is on the order of 50%. Just a thought on how to save some cycles. Dan From root at edmweb.com Wed Jul 24 05:12:23 1996 From: root at edmweb.com (Steve Reid) Date: Wed, 24 Jul 1996 20:12:23 +0800 Subject: DES-Busting Screen Savers? In-Reply-To: Message-ID: A few seconds ago, I wrote: > One potential problem is actually choosing the random keys. Have to be > able to get entropy at a fast rate, and/or use a good PRNG. Both of these > things would take time away from the actuall cracking (more time than just > incrementing the key). It's probably best to just choose a random starting point, and increment from there. I don't think that will affect the odds any. Problem solved. I thought of this less than a second after I sent the message out. :-/ ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From tcmay at got.net Wed Jul 24 05:12:29 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 24 Jul 1996 20:12:29 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: (My comments are really minor quibbles, based on my longtime use of DAT machines, which I now have three of.) At 2:19 PM 7/23/96, Alex F wrote: >The Ent. Ind. got what they wanted though. There are taxes, etc. >(some sort of import restrictions anyway) that keep DAT player/recorder >devices at around $700 per unit. By this time normally the prices >*should* be down to like $200 (using the CD industry as a guide) As I said, I have three DAT machines. They are complicated machines, having lots of moving parts and precise tolerances. (And they are prone to break!) CD players are vastly simpler. I'm not at all surprised that prices have remained at about the $400 level for DAT decks, and about the same for DAT portables. After all, camcorders, which use much the same technology, have also remained at about the same price. And I don't think the SCMS code had too much to do with mass-acceptance. Most comsumers, according to available figures, *buy* C-90 cassette tapes, and do not make their own. (That _you_, the CP list reader, may use your cassette deck to make tapes has little to do with the vast numbers of cassette users out there do...most don't know how to record with their cassette decks.) Pre-recorded DAT tapes were available for a while...they did not sell. I believe this was because DAT machine purchasers were sophisticated and new how to make CD-to-DAT copies, with or without SCMS. Thus, the failure of DAT as a consumer medium (not to mention the much-hyped MD and DCC formats) probably is due to other reasons, including the mechanical issues, the lack of a real need for consumer DAT, and the confusion over new emerging formats. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dsmith at prairienet.org Wed Jul 24 05:12:58 1996 From: dsmith at prairienet.org (David E. Smith) Date: Wed, 24 Jul 1996 20:12:58 +0800 Subject: A Snake-Oil FAQ Message-ID: <199607240509.AAA24465@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Wed Jul 24 00:10:54 1996 > Honestly, this boycott campaign looks out of place on Cypherpunks, at > least to me. I mean, we are for freedom of speech, aren't we? > Sternlight is talking about on-topic things. How come that renowned > defenders of freedom of speech resorted to name calling and attempts to > push their opponent out of the public forum? > (cheer) I don't agree with David Sternlight; frankly, I doubt very many of us agree with David Sternlight. But if we're going to start plonking just on the basis of a periodic rant, after he goes Perry goes, and Tim goes, and before long there's no list. Now to keep things interesting, somebody wanna subscribe Dorothy Denning to the list? Might be fun :) dave - ---- David E. Smith POB 324 Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail of 'send pgp-key' subject for my PGP public key "I'm only a social smoker, just a few packs a day really" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Automagically signed with Pronto Secure for Windows. iQEVAwUBMfWwaTVTwUKWHSsJAQHmAwf/XkwZZtAbymiSni4L8N6D6qW75W2B/Hgv yuPX0uCoXnBmvUXzq6RS7zNN0A1vtgXhCgzgyYY+1/1PRAAoQAd8q7evX1K+rTVe 1MmlOfJWFHJG9q0tHc45LONagW1m0eAp9Z9fkO4NRhGpybfWDCZKwtClbaLiAdoA 86lJnNRacjEHf1dAAHc/1dibJz+6617nfgLkea0OVbLICIsSpkc3PJLkFE9jjK2a g+5CXJ8oXg4bKlEw7QoefagXYsM9o6PF+MHIDVT/pZnfoVmGoI9+3BYHkByXh/vQ 8M+w6hZu4X50zzxCx/6lDvzfd1zccmHvJAsx6GXf4VGUp6lIw+lfCg== =KXCp -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Wed Jul 24 05:14:10 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 24 Jul 1996 20:14:10 +0800 Subject: Bare fibers Message-ID: <199607240324.UAA08876@toad.com> h > > Doesn't that make it vulnerable (detectable) to Tempest attacks? h > > Harka rw> No. rw> Transmitting light via fiber doesn't emit EM. Light is electromagnetic :-) rw> Anyway, the original post, as I recall, was about keeping sensitive data rw> on a second hard drive, connected via (very thin, therefore harder to rw> notice) fiber. Tempest monitoring was not a factor. rw> -r.w. I assume that if you've got a fiber hanging from your PC, and thugs come in to steal/confiscate/forfeitize your PC, that they're bright enough to notice it and maybe to follow it. Thugs who want your information will follow it to find information; thugs who just want to resell your hardware will follow it to find more hardware. I had initially assumed that the mention of fiber optics was in the context of "Infrared transmitter on the PC, fiber optic sticking out of the wall to receive the IR and transmit it to a hidden detector." or something silly like that. If you want to hide a small PC in your attic/wall/etc and use the newer faster IR stuff for clandestine backups, and have a Real Operating System so you can run it in the background (since your disk drive is presumably much faster than IR), I suppose you could do that. The main use of TEMPEST here is to detect backup systems hidden in the attic that they hadn't noticed. Hiding it in your stereo system doesn't protect it from honest thieves, who might also want to resell your stereo, and info thieves have been known to seize anything even resembling computer equipment, such as Mozart CDs. You could also hide the computer in your kitchen cabinets like one Famous Cypherpunk, but you'd have to use a thinner bundle of cables than he does to connect the monitors and keyboards :-) # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From dfloyd at IO.COM Wed Jul 24 05:14:53 1996 From: dfloyd at IO.COM (Douglas R. Floyd) Date: Wed, 24 Jul 1996 20:14:53 +0800 Subject: Decrypt Unix Password File In-Reply-To: Message-ID: <199607240114.UAA03230@pentagon.io.com> > > On Tue, 23 Jul 1996, Dr.Dimitri Vulis KOTM wrote: > > Jerome Tan writes: > > > How can I decrypt Unix password file? > > There are many programs that do this, e.g., look for 'crack'. > > This attack can be made more difficult if you force your users not to use > > easy-to-guess passwords, and if you use something like NIS and shadowing to > > make the public part of the passwords harder to get. > > From my conversations with Mr. Tan, he seems to be a high school > bent of mischeif. He is the one who asked about penetating firewalls, > and now wants to know how to hack a unix passwd file. > > Now, I am not philosophically opposed to hacking, unless you are doing > it to a machine that I am responsible for, (in which case you'd better hope > the FBI finds you before I do) but I don't think that it would be a good > idea to just give him the information. He would wind up getting caught all > too easily, and might point to this list as a source of information on > cracking techniques. Just what they want, anyway -- make cypherpunks look like villins. > > I don't know if this should go to the whole list, so you can > bounce it there if you think it proper. I think you used your judgement well in this case. There are many places to start learning about firewalls and UNIX security. I recommend the _Building Internet Firewalls_ O'reilly book, as well as _Practical UNIX & Internet Security_ as well. I don't feel right about spoon feeding cracking info to someone like this. (PS: The animal on the _Building Internet Firewalls_ book is hidden behind the gates. It is a Trojan Horse. I heard this secondhand.) > > Petro, Christopher C. > petro at suba.com > snow at smoke.suba.com > From dlv at bwalk.dm.com Wed Jul 24 05:18:51 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 24 Jul 1996 20:18:51 +0800 Subject: Another fascist In-Reply-To: <199607231331.PAA12009@basement.replay.com> Message-ID: Alex de Joode writes: > In article you wrote: > : One of the great friends of free speech on this list sent a forged cancel > : message to the listbot to try to cancel my subscription. > > : The listbot, being reasonably well designed, ignored him and told me about > : it, though I have no doubt less of a dunce could bring it off. > > : What a piece of slime! What do others think of this practice? > > : David > > > Why, David, did you decide to subscribe to cypherpunks ? SternFUD calling someone a fascist is a prime example of a (crack)pot calling the cattle black. The corresponding Russian idiom is Whose cow should moo (Ch'ya by korova mychala) Please don't follow up on SternFUD's articles. Thank you. Down with the Usenet Cabal! All power to the GruborBots! --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From koontz at netapp.com Wed Jul 24 05:19:08 1996 From: koontz at netapp.com (Dave Koontz) Date: Wed, 24 Jul 1996 20:19:08 +0800 Subject: Distributed DES crack Message-ID: <9607232240.AA24989@supernova.netapp.com> >I'd like to see a very general hardware processing power equivalence table. >For example, 1 MasPar equals how many Pentiums. One MasPar MP2 (4K processors) could run 300,000 crypt(3) crack attempts per second (a password checker). That should give you 6 or 7 million brute force key attempts per second. Unfortunately the only way to show an equivalance for a particular problem is to have both machines work on the same problem. (Perhaps we could manage to break a DES key in the course of executing a new benchmark?) From sharma at aa.net Wed Jul 24 05:19:15 1996 From: sharma at aa.net (Sharma) Date: Wed, 24 Jul 1996 20:19:15 +0800 Subject: the VTW---FBI Connection (fwd) Message-ID: I am asking for some verification that you (cypherpunks) have something to do with this before I forward it anywhere. I looked at the vertexgroup and so-oregon webpages, and there is no investigative journalism there that I was able to find. Please get back to me soon. Thanks, sharma sharma at aa.net >X-URL: >X-URL: >X-URL: > >>Date: Sun, 21 Jul 1996 20:51:23 -0600 >>To: cypherpunks at toad.com >>From: nobody at zifi.genetics.utah.edu (Anonymous) >> >>We have received information that VTW is run and supported by the FBI, >>which we have suspected for reasons listed here. >> >>I) They appear to have no financial support or funding source. They >>do not accept donations. They have no corporate funds. And yet they >>appear to be a thriving business. >> >>II) They are secretive about their location, and do not seem to have >>a headquarters. The address listed in the NIC is a vacant lot in of >>all places Brooklyn, NY. They do not have a listed telephone. >> >>III) On a tip from a "friend" we learned that the power leader behind VTW >>is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly >>a common name. Several people say they've met him. Our "friend" says >>that Mr. Safdar is in reality an agent of the FBI. >> >>IIII) We didn't believe this without external verification. So we called >>the Brooklyn office of the FBI and asked for Agent Safdar. No such person. >>I called the Washington office. No such person. Checked if there is >>any agent named Safdar. They don't give out this info. Then we tried to find >>ANY public records on a Safdar, with no luck. No driver's license in NY, >DC, NJ, >>etc. No phone, etc. Odd that such a person does not exist and yet runs a >>"human rights" organization? Then Alice called the NY FBI office. Asked for >>Agent Safdar. Guess what? "He's not in. Can I take a message". No message, >>thanks. He'll get the message all right. >> >>Now the big question: What is the FBI trying to do getting all these >>names? What else has "VTW" been doing? And what other organizations like >>them are there? Who else is in on it? What does this say about EPIC, CDT, EFF? >>Are Blaze and Schneier dupes, or willing participants? What about their >>ISP? I think we are all owed an explanation. This is serious. Maybe FOIA or >>a lawsuit before they burn the files. >> >>What do you want to bet "VTW" quietly fades away after a few prefunctory >>denials, and gets replaced by another organization in due course? >> >>Faithfully, >> >>Net reporter team Alice and Bob >> From stewarts at ix.netcom.com Wed Jul 24 05:25:00 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 24 Jul 1996 20:25:00 +0800 Subject: Distributed DES crack Message-ID: <199607240927.CAA18805@toad.com> At 03:40 PM 7/23/96 PDT, koontz at netapp.com (Dave Koontz) wrote: > > I'd like to see a very general hardware processing power equivalence table. > > For example, 1 MasPar equals how many Pentiums. > >One MasPar MP2 (4K processors) could run 300,000 crypt(3) crack attempts >per second (a password checker). That should give you 6 or 7 million >brute force key attempts per second. Interesting - thanks for the result. Do you know how tightly tuned the crack implementation was (e.g. straight C with MasPar optimizer, hand-tuned assembler, etc.)? Since the MasPar has a large number of very small processors, I'd expect it to be better at bit-twiddling than conventional processors. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From root at edmweb.com Wed Jul 24 05:29:52 1996 From: root at edmweb.com (Steve Reid) Date: Wed, 24 Jul 1996 20:29:52 +0800 Subject: DES-Busting Screen Savers? Message-ID: On the subject of choosing keys randomly, rather than dividing up the keyspace... This seems like a very good idea to me. One potential problem is actually choosing the random keys. Have to be able to get entropy at a fast rate, and/or use a good PRNG. Both of these things would take time away from the actuall cracking (more time than just incrementing the key). And if a weak PRNG is used in order to save time, it's possible that it might favour certain keys and thus interfere with the attempt. Any ideas for a fast and good PRNG? ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From stewarts at ix.netcom.com Wed Jul 24 05:30:32 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 24 Jul 1996 20:30:32 +0800 Subject: Exporting cryptosystems in pieces: Re: Question [NOISE, mostly] Message-ID: <199607240942.CAA19145@toad.com> Cc: vice.president at whitehouse.gov, The cypherpunks list has been discussing ITAR again. :-) >> If it is illegal (by our governments standards...) to export programs >>like PGP, etc., and you can send the whole source code in a message >>because that is also considered illegal, then could you send the code, >>broken up into many pieces, and send THAT in Email, would that be >>illegal? Exporting components of military hardware, including cryptosystems, is also specifically banned by ITAR. How big a piece is enough to get you prosecuted is a question for the nastiest of the N prosecutors out there, and whether you can be convicted is a question for the best of the 12 jurors you'll have.... Vince Cate's arms exporter page lets you export a highly-useful fully working cryptosystem in three lines with one mouse click (developed by Adam Back and an international cast of dozens.) Adam Back's export-three-lines-of-PGP-at-once is a more blatant test of this; go see his web pages. Here's my two bits worth - the following bits are components of PGP, Netscape 3.0b5, and also of RSAREF. 0 1 # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From david at sternlight.com Wed Jul 24 05:32:33 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 24 Jul 1996 20:32:33 +0800 Subject: Netscape In-Reply-To: Message-ID: At 11:23 AM -0700 7/22/96, Vladimir Z. Nuri wrote: >by creating a very large, glaring, and visceral >public spectacle of the government cracking down on crypto, the >resulting outcry could be absolutely enormous and resonate throughout >the entire population. it would be a vivid portrayal of what the >government has been doing quietly and secretly for decades, and >perhaps the public might finally understand what is going on. You're living in a dream world, Vladimir. There's no more going to be a revolution about this than there was under Stalin, and for similar reasons--when the government says the security of the State is at risk, and the public sees explosions and deaths, they are going to go along. All this will accomplish is ruin it for most everyone else. It reveals the "monkeywrenchers" for the fascists they are. "Comrades, comes the revolution you'll all eat strawberries and cream." "But I don't like strawberries and cream." "Comrades, comes the revolution, you'll ALL eat strawberries and cream." David From alexf at iss.net Wed Jul 24 05:36:55 1996 From: alexf at iss.net (Alex F) Date: Wed, 24 Jul 1996 20:36:55 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607231840.OAA07655@phoenix.iss.net> > > People buying CDs at a garage sale & getting arrested for > >piracy. Wonderful. > > Arrests like this are uncommon. Even buying "cheap bikes" and other "cheap" > (= probably stolen and fenced) merchandise almost never subjects the > purchaser to criminal sanctions. Yes, but concievably if (whoever would be incharge, FBI?) *could*, under law do this, even if they are wrong. It is a lot harder to prove that they intentionally harrassed *you* than it is for them to say that they were following leads and show evidence. Yes, this may never happen, but the mere fact that it *could* is uncomforting. Kinda like the CDA an Clinton saying "we will not enforce this...." Fine, but there is still a law on the books that allows them to if they decide to change their mind. Even if you can't be found guilty, you could still be ruined by legal fees, job loss, etc. > ("Alice's Restaurant" not to the contrary; the confession to Officer Obie > cinched his fate.) Don't wanna end up on that "Group-W" bench! :) > > It would be trivial to add a digital ID signal at, > >say 30,000 or 15 or something like that. This could then be decoded, > > Doubtful. The existing CD standard tops out at a Nyquist limit of about > 20KHz, with the actual sampling at 44 KHz--but there is simply "nothing" at > above 20-22KHz. Putting a signal in at "30 KHz" is simply not possible, > given the Nyquist Theorem and the CD sampling rate. Cds are often sampled at 48 these days. Mine was, and we had to reduce it to 44.1 for mass producing (much to our surprise, since many CD manufacturers love getting stuff at 48 over 44.1) Not familiar with the Nyquist limit w/ regards to sampling rate vs frequency :( Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From rich at c2.org Wed Jul 24 05:40:49 1996 From: rich at c2.org (Rich Graves) Date: Wed, 24 Jul 1996 20:40:49 +0800 Subject: Wiesenthal Center (Canada) and the Ostrich Syndrome (fwd) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- For Skippy. - ---------- Forwarded message ---------- Date: 23 Jul 1996 08:26:15 -0700 From: Ken McVay OBC Newsgroups: alt.revisionism, can.general, alt.censorship, comp.org.eff.talk, misc.legal, ont.general, bc.general, talk.politics.misc Subject: Wiesenthal Center (Canada) and the Ostrich Syndrome The July 19 article in the Vancouver Sun, "B.C. Internet provider is the largest Canadian site for racist material" is alarming. (See URL http://ftp.nizkor.org/ftp.cgi?orgs/american/wiesenthal.center/press for a copy of the article.) It is not the material found on the websites mentioned, nor the fact that the host server is Canadian - nor indeed that the server is physically located in BC - which give cause for alarm. It is alarming because - either by deliberate design or by abject ignorance - - Sol Littman (and the Simon Wiesenthal Center [SWC] whom he represents in Canada) is fostering and promoting the spread of the "Ostrich Syndrome." Their actions represent a counter-productive denial of reality - akin to the Ostrich burying its head in the sand. Littman is quoted as saying: "We found the longer you leave these groups unexposed, the longer they fester and the more they infect others and the only way to deal with them honestly and forcefully is to expose them to the light of truth." Yet the article concludes, "Littman said he wants to see if Klatt will remove the groups from Fairview voluntarily before the centre takes any other action." The only truth that seems to emerge from such a veiled threat is that Littman has no understanding of the Internet. One is at a loss to determine how removal of the "groups" from one Internet Provider's server would in any way "expose them to the light of truth." If Littman had any knowledge of the Internet, he would know that the Nizkor Project [http://www.nizkor.org/] is an award winning website that is accessed daily by hundreds. In addition to being a source for those who seek information about the facts of the Holocaust, it is used as an electronic resource for those who wish to "deal with [these groups] honestly and forcefully" thereby exposing Lemire and many others - of whom Littman may not even be aware. Nizkor is arguably the "host" to more hate literature than any other website. Since we also include a link to the Zundelsite amongst others, will Littman next be targetting Nizkor and demanding that we remove such links? Or that we hide from public view the mountains of archived material which meticulously documents and uses the "arguments" put forward by these groups as instruments of their refutation and exposure? If Littman and the SWC prefer to bury their heads in the sand while engaging in this futile exercise in darkness, let them do so. But the martyrdom they hand on a platter to Lemire and others whom they find offensive stands in marked contrast to their failure to use the Internet on their own website. Conspicuously absent on the SWC website are links to the increasingly growing number of useful resources for those who truly do wish to participate in the battle to expose racist and anti-semitic groups on the Internet. The Ostrich syndrome is far more dangerous to society than any white supremacist group on the Internet. Such groups will fester in darkness, but wither in light. Kenneth McVay, OBC The Nizkor Project - -- Nizkor Canada | http://www.nizkor.org - -----------------------| Prince Myshkin's Troll Bait Sold Here |-------------------------------------- http://www.nizkor.org/hweb/people/g/giwer-matt/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfVcLJNcNyVVy0jxAQENJQIAwGhMdP82l3S0Ac3uSaYaUcj1TowW6J9F K+l+wRmWwpQBuxq+INEPghNcY54thnc6iQIqGfR5KVoUsFNLAk9lcg== =12JK -----END PGP SIGNATURE----- From shamrock at netcom.com Wed Jul 24 05:47:37 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 24 Jul 1996 20:47:37 +0800 Subject: Netscape Message-ID: At 1:23 7/23/96, Jeff Weinstein wrote: > If you know that the recipient can read a message encrypted with >3DES, IDEA, or RC2-128, then you can send the message using one of >these strong algorithms. Given that you need someones public key >to send them a message, there are several obvious ways to transmit >information about what algorithms they accept along with it. Granted. What about the signature bug? Will Netscape encrypt the outside signature? -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From jimbell at pacifier.com Wed Jul 24 05:51:25 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 24 Jul 1996 20:51:25 +0800 Subject: Bare fibers Message-ID: <199607231622.JAA04074@mail.pacifier.com> At 03:20 AM 7/23/96 -0400, Rabid Wombat wrote: > >> >> Doesn't that make it vulnerable (detectable) to Tempest attacks? >No. >Transmitting light via fiber doesn't emit EM. >Anyway, the original post, as I recall, was about keeping sensitive data >on a second hard drive, connected via (very thin, therefore harder to >notice) fiber. Tempest monitoring was not a factor. It occurs to me that a bare fiber could actually be (randomly) hung across treetops, roofs, power lines, and various other structures, over a many-block distance in suburban areas. Such a fiber wouldn't be protected very well, but it would probably last a few months. It would also be exceedingly hard to find its terminations, and tracing it would be a real pain. (It probably wouldn't be visible against a bright sky more than a meter or two away.) Jim Bell jimbell at pacifier.com From david at sternlight.com Wed Jul 24 05:54:37 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 24 Jul 1996 20:54:37 +0800 Subject: Preaching to the Choir? In-Reply-To: Message-ID: At 1:42 PM -0700 7/23/96, Timothy C. May wrote: >What _does_ happen is that people who have not given a lot of thought to >some issues get exposed to views and can decide for themselves. Many >student types arrive on this list with various half-baked ideas about the >role of government, the effectiveness of laws, etc. > >_These_ folks are often influenced by persuasive points made here--they >usually recognize the "common sense" in the best arguments presented. (At >least this is what folks have told me, that they came to the list having >ideas that crypto-privacy was important, but not realizing the full >ramifications of the libertarian outlook until exposed to many people >discussing them here.) > >So, I don't expect to convert David Sternlight to my views, nor to convert >Phill H.-B. Nor do they, I am sure, expect to convert me. But I _do_ hope >that the arguments here will have an effect on the thinking of many. Tim has it exactly right. And those who call names or try to suppress views different than their own are simply acknowledging publicly that their views are pretty weak, if not simple prejudice. David From proff at suburbia.net Wed Jul 24 05:57:56 1996 From: proff at suburbia.net (Julian Assange) Date: Wed, 24 Jul 1996 20:57:56 +0800 Subject: Brute Force DES In-Reply-To: <199607231338.JAA15819@jekyll.piermont.com> Message-ID: <199607231619.CAA18593@suburbia.net> > > > "Peter Trei" writes: > > The fastest general purpose, freely available des implementation I'm > > aware of is libdes. by Eric Young. With this, I can do a set_key in > > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to > > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT). > > I'll point out that like most DES implementations, Eric's tries to > spend a lot of time in key setup to save time later on in > encryption/decryption. This tradeoff would probably be very different > if you didn't plan on trying more than one or two blocks of decryption > after getting a key. > > Perry 90 us is several times longer than 15. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From david at sternlight.com Wed Jul 24 06:00:41 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 24 Jul 1996 21:00:41 +0800 Subject: NOISE: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: At 4:49 PM -0700 7/22/96, hallam at Etna.ai.mit.edu wrote: > >> Well, you're in a country of _free citizens_ now, Limey, so if you >>don't like it, then go back to England - a whole nation of people who foam at >>the mouth with pride and pleasure over their status as feudal _subjects_. > >O.K. lets see if we brits were to offer you yankees the Windsors, >plus an assortment of flunkies, corgies and stuff are you so sure that >your people would reject it? After all someone sold you a bridge so >it's not that implausible. Some of us love the occasional rabbit's foot but we don't carry the live rabbit around with us. Maybe if you offered us Charles' Rolls Royce, or the odd Crown Jewel... > >Given the way your press goes nuts over big ears and his ex wife >(aka familly brood unit) it is clear that you would jump at the >chance if the price was sufficiently high (i.e. is the Brits asked >for enough money). > >>Dja ever notice that Charlie Mountbatten married a gorgeous young babe, >>but was irretrievably drawn to to an elderly woman of great ugliness? > >>No, Phil, do NOT ask me to call him Prince. I'd sooner follow the >>example of Lady Liberty in the Seal of the Commonwealth of Virginia. If you won't call him "Prince", how about "Rover"? (pun intended) > >Actually Lord Mountbatten was not a prince of the UK, he was a prince >of the Greek royal family and his name was not Charles. The Prince >of Wales is Charles Windsor an he comes from a distinguished line of >Germans. And judging from recent exposes, Wallis Simpson's Duke of Windsor was trying very hard to get back to the mother country and his kindly old Uncle Adolph. How's THIS thread for off-topic? The first reader who fails to be amused is given one free pass to tell both Phill and I to take it to e-mail. David From mattt at microsoft.com Wed Jul 24 06:01:29 1996 From: mattt at microsoft.com (Matt Thomlinson) Date: Wed, 24 Jul 1996 21:01:29 +0800 Subject: Brute Force DES Message-ID: well, first of all, I wasn't computing 2^40, I was computing something like 2^(56*0.667) * 8bytes/each or somesuch, I don't recall exactly as I don't have the paper in front of me. In any case, it was the tradeoff between time and space -- 2^40 in time was something like 2^38th in space. But don't trust my numbers, get the paper and rattle them off yourself. It just seems like if we're going to browse all of the way through the DES keyspace, we _ought_ to take notes along the way -- that means building a table. I don't care how big the table is; if it is only 2^30 entries (about 1G entries, each 8 bytes = 8Gig) we reduce our next DES crack by a factor of 8. If we keep 2^31 entries (16Gig) we can cut it down to 2^50, or a factor of 16. If we have 4 - 9 Gig drives (or perhaps three drives and some wiggling, described below) we can save about 2^32 entries and the search becomes a measly 2^48. :) To whittle this down to a 40-bit workload, we'd have to save 2^36 entries* 2^8 bytes/entry = 2^39 Bytes = 512 Gig. Yes, admittedly large. What's the cheapest form of storage, magtape? How much can you store on magtape? The entries can be sorted so that lookup doesn't take long even when you have to mount tapes. Wiggling: We may be able to save less than 2^8 bytes/entry because we know the quality that made the point interesting enough to save (say we only keep points where the top 32 bits were zeros -- no need to save these zero prefixes) but I suppose we'd only be able to cut this storage factor down by a factor of two at most. If you don't have Hellman's paper handy, the apropos formulas are: Total time=T, memory=M, search space=N Time/space tradeoff: M=mt , T=t^2, m*t^2=N In our case, N=2^56; M, T variable. mattt >---------- >From: Ray Arachelian[SMTP:sunder at dorsai.dorsai.org] >Sent: Tuesday, July 23, 1996 3:16 PM >To: Matt Thomlinson >Cc: 'trei at process.com'; 'cypherpunks at toad.com' >Subject: RE: Brute Force DES > >On Tue, 23 Jul 1996, Matt Thomlinson wrote: > >> why not put together (a LOT of) disk space and we can build a table >> (read: "a cryptanalytic time-memory tradeoff") for cracking DES? Using >> the table, we could brute-search the DES keyspace in less time than it >> would take to do an exhaustive search of a 38 bit keyspace, according to >> the paper. 4 gigs is what, a couple of hundred nowadays? >> >> Making DES equivalent to a 40-bit crack would take approx. 500Gig, but >> publishing the table would push DES out usefulness. Certainly we could >> scale back (make DES equivalent to a 45-bit crack?) if we don't have >> enough disk... > >IMHO it's more expensive to go this route than to build a machine with >dedicate DES cracking chips. 2^40 = 1,099,511,627,776 or about 1 terabyte >worth of space, not 500G. 2^39 would be 500Gb. A 4Gb drive these days is >$800, hardly a couple of hundred dollars. :) > >Even so, that's a ton of hard drives. Further you need machines to hook >these drives up to. Infact, you need a farm of machines. Why? You can >only put 7 on a chain, and maybe if you're lucky four chains in a machine >using four controllers. > >A better idea might be to make small cheap computers, say based on 8086's >or 68000's that replace the drive's controller card, or if that drive >controller card is intelligent enough to be a CPU or contain one, burn >EEPROMs. Have the EEPROMs be able to generate DES (or any other >cypher's) keyspace given a range, and then have them able to search the >whole drive for a match. > >Even so, if you build these drive boxes, all you've accomplished is to >create a nice huge big searchable array. You still will need some sort >of logic to figgure out when it finds the right key, and you still can't >do 3DES or recusively encrypted files, nor know when you've found the key >for data you can't recognize - or rather have these drives recognize. > >However: Reading a 4Gb drive end to end takes less than 2 hours. I know >this because I have a RAID array of them, and it takes 2 hours to >rebuild, so since rebuilding an array requires reading from two drives >and writing to one drive, reading a whole 4Gb drive at full speed would >be something like maybe 1 to 1.5 hours(???) > >You might be better off with 9.0Gb drives if you can afford them because >you then have less controller logic cards to build. > >The drives alone will cost $204,800. $800*(2^40/(4*1024*1024*1024)). >You could get a nice big discount if you buy that many, but this will >also mean however much it will cost you to build the cpu cards for >multiplied by 256 drives, plust the R&D cost, plus the network connection >between all the CPU boards. > >At that point you also run into the MTBF of the drives which means that >your drives will fail quite often. > >If you want to go dirt cheap on the CPU's while using this huge space >method, you could just buy something like 37 Mac IIsi's, hook each up to 7 >of the drives (you'll have to partition the drives as they won't support >volumes that huge.) and network the machines using localtalk. You won't >need a faster connection because all you need for networking is keyspace >distribution and success reporting. But then IIsi's are sloooow machines >and your searches will suffer a hit from the lack of the machine's speed, >plus all the overhead of having an operating system and using the SCSI >chain to talk to the drives. > >IIsi's go for $350-$500 nicely loaded... $14800 for 37 at $400 a pop, >add the drives to that, plus the cost of writing the program and hooking >all of this crap together and that'll be $219,600. Ya got that kinda >dough to spare? > >========================================================================== > + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== > \|/ |sunder at dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= ><--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/= > /|\ | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/== > + v + | Janet Reno & GAK|AK| do you not understand? |======= >===================http://www.dorsai.org/~sunder/========================= > Key Escrow Laws are the mating calls of those who'd abuse your privacy! > From snow at smoke.suba.com Wed Jul 24 06:02:18 1996 From: snow at smoke.suba.com (snow) Date: Wed, 24 Jul 1996 21:02:18 +0800 Subject: [Noise] Re: Re: Devil's Bargain In-Reply-To: Message-ID: On Tue, 23 Jul 1996, The Deviant wrote: > -----BEGIN PGP SIGNED MESSAGE----- > On Mon, 22 Jul 1996, snow wrote: > > Date: Mon, 22 Jul 1996 11:50:39 -0500 (CDT) > > From: snow > > To: Alex Derbes > > Cc: Roger Williams , cypherpunks at toad.com > > Subject: Re: [Noise] Re: Re: Devil's Bargain > > On Mon, 22 Jul 1996, Alex Derbes wrote: > > > There were no signs of mecahnical faliure, the plane took off one > > > hour late, that means if it was a timed bomb the plane would have gone > > > down over oh lets say random VERY VERY deep place in the atlantic ocean. > > > The plane was an easy shop for all sorts of shoulder launched SAM's. > > According to the information I have seen, there are no SAM's that can > > reach out and touch a plane at 13000 feet. The engagement ceiling on a > > most is 8000 to 9000 feet iirc. > > Ummm... Stinger missles go ~5 miles. 13000 is about 2.7 miles. They have a 5 mile horizontal reach, their vertical engagement ceiling is about 8000 to 9000 feet. > > > There is a hell of alot of terrorist activity right now, and the > > > olympics, I think there is good circumstantial evidance to suggest > > > terrorist activty just from motives and oppertunity. > > What motives? > There was a threat the day beforehand and all... I don't know if it was terrorist activity, I was just annoyed at the extensive every 15 minutes even tho' there is nothing new to say I gotta get my mug and my voice on the ether coverage. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From stewarts at ix.netcom.com Wed Jul 24 06:04:28 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 24 Jul 1996 21:04:28 +0800 Subject: DES-Busting Screen Savers? Message-ID: <199607240927.CAA18810@toad.com> Tim and others have discussed the effectiveness of random search vs. centralized servers, problems of cheating, scaling, etc. My take is that, if you can ignore scaling, the best approach is probably to have a central server that doles out keyspace and wraps around when it reaches 100%, and doesn't worry too much about collecting results - even if there are cheaters, machine failures, etc., and people don't finish their keyspace, it'll be more likely to cover the whole space than randoms. (Make it a web page, and use cut&paste to transfer to the search programs so they don't need to be network-equipped.) To support scaling, make it easy for people to run subset servers; grab a chunk of keyspace from the main server and dole it out to people who ask you for it. If you want to get fancy, hack a DNS server to allow people to register their machines as NNN.descrack.org, 0<=NNN<1000, so that people can find subsets without having to ask the main server. >>> a brute force "screen saver" for >-- By the time the total amount of computons expended has equalled the >amount that would have been expended in a "no duplications" allocated >search, the Poisson probability distribution says that 1/e = 36.8% of the >keyspace will not have been searched; the rest of the probabilty lies in >keyspace searched once, twice, three times, etc. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From alano at teleport.com Wed Jul 24 06:05:37 1996 From: alano at teleport.com (Alan Olsen) Date: Wed, 24 Jul 1996 21:05:37 +0800 Subject: SHI_fty Message-ID: <2.2.32.19960723085749.00d81a34@mail.teleport.com> At 08:13 PM 7/22/96 -0800, Vinnie Moscaritolo wrote: >Uh I think apple had that for a while, it's called cyberdog >http://cyberdog.apple.com screw this ole fud. Unfortunatly, this is only available for Macs at this time. Hopefully we will see Windows and/or Unix versions sometime soon. (Of course if you expect Microsoft PR to resemble *ANYTHING* vaguely like reality...) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From sunder at dorsai.dorsai.org Wed Jul 24 06:13:51 1996 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Wed, 24 Jul 1996 21:13:51 +0800 Subject: Brute Force DES In-Reply-To: Message-ID: On Tue, 23 Jul 1996, Matt Thomlinson wrote: > why not put together (a LOT of) disk space and we can build a table > (read: "a cryptanalytic time-memory tradeoff") for cracking DES? Using > the table, we could brute-search the DES keyspace in less time than it > would take to do an exhaustive search of a 38 bit keyspace, according to > the paper. 4 gigs is what, a couple of hundred nowadays? > > Making DES equivalent to a 40-bit crack would take approx. 500Gig, but > publishing the table would push DES out usefulness. Certainly we could > scale back (make DES equivalent to a 45-bit crack?) if we don't have > enough disk... IMHO it's more expensive to go this route than to build a machine with dedicate DES cracking chips. 2^40 = 1,099,511,627,776 or about 1 terabyte worth of space, not 500G. 2^39 would be 500Gb. A 4Gb drive these days is $800, hardly a couple of hundred dollars. :) Even so, that's a ton of hard drives. Further you need machines to hook these drives up to. Infact, you need a farm of machines. Why? You can only put 7 on a chain, and maybe if you're lucky four chains in a machine using four controllers. A better idea might be to make small cheap computers, say based on 8086's or 68000's that replace the drive's controller card, or if that drive controller card is intelligent enough to be a CPU or contain one, burn EEPROMs. Have the EEPROMs be able to generate DES (or any other cypher's) keyspace given a range, and then have them able to search the whole drive for a match. Even so, if you build these drive boxes, all you've accomplished is to create a nice huge big searchable array. You still will need some sort of logic to figgure out when it finds the right key, and you still can't do 3DES or recusively encrypted files, nor know when you've found the key for data you can't recognize - or rather have these drives recognize. However: Reading a 4Gb drive end to end takes less than 2 hours. I know this because I have a RAID array of them, and it takes 2 hours to rebuild, so since rebuilding an array requires reading from two drives and writing to one drive, reading a whole 4Gb drive at full speed would be something like maybe 1 to 1.5 hours(???) You might be better off with 9.0Gb drives if you can afford them because you then have less controller logic cards to build. The drives alone will cost $204,800. $800*(2^40/(4*1024*1024*1024)). You could get a nice big discount if you buy that many, but this will also mean however much it will cost you to build the cpu cards for multiplied by 256 drives, plust the R&D cost, plus the network connection between all the CPU boards. At that point you also run into the MTBF of the drives which means that your drives will fail quite often. If you want to go dirt cheap on the CPU's while using this huge space method, you could just buy something like 37 Mac IIsi's, hook each up to 7 of the drives (you'll have to partition the drives as they won't support volumes that huge.) and network the machines using localtalk. You won't need a faster connection because all you need for networking is keyspace distribution and success reporting. But then IIsi's are sloooow machines and your searches will suffer a hit from the lack of the machine's speed, plus all the overhead of having an operating system and using the SCSI chain to talk to the drives. IIsi's go for $350-$500 nicely loaded... $14800 for 37 at $400 a pop, add the drives to that, plus the cost of writing the program and hooking all of this crap together and that'll be $219,600. Ya got that kinda dough to spare? ========================================================================== + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK|AK| do you not understand? |======= ===================http://www.dorsai.org/~sunder/========================= Key Escrow Laws are the mating calls of those who'd abuse your privacy! From pjn at nworks.com Wed Jul 24 06:31:31 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Wed, 24 Jul 1996 21:31:31 +0800 Subject: Distributed DES crack Message-ID: > I've a few machines around that could be dedicated almost full time to the > task. What are the bandwidth requirements? Specifically, could the > keycracker be run over a 28.8 (with a 486 running linux)? If so, how many > 486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy > chained with ppp over direct serial connection)? > It's not a factor of the bandwidth, you search offline and send in > your results to a central server. > But first, a little reality check is in order. According to libdes, > the 200Mhz Pentium Pro on my desk will do 1,827,997 ECB bytes/sec, or > 228,499 ECB blocks. A DES crack would have to try, on average, 2^55 > blocks. That would take my machine 43,798,875 hours, or 1,824,953 > days. > OK, so let's be reasonable and say that a week would be a good time to > come up with a DES key. We would need 260,707 200Mhz Pentium Pro's to > achieve this. > Looking at that, 30 days seems not such an unreasonable target. We > would need 60,831 200Mhz Pentium Pro's to achieve this. > It seems obvious to me that DES is still *way* out of reach of > anything other than special purpose hardware. In> - Andy (hoping he got his sums right) (I think you did :) One small thing... You are assuming that we will not get the right equasion/code/whatever untill the very end. There is a good chance that it will only take half that time...and a slim chance that we will get it with the first try... P.J. pjn at nworks.com (BTW, I have a 486 DX/4 100MhZ That I will put to the effort...) ... As easy as 3.14159265358979323846264338327950288419716 ___ Blue Wave/QWK v2.20 [NR] From frantz at netcom.com Wed Jul 24 06:41:46 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 24 Jul 1996 21:41:46 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <199607232114.OAA12350@netcom7.netcom.com> At 3:38 PM 7/23/96 -0400, hallam at Etna.ai.mit.edu wrote: >>I don't understand this conclusion. One book people aside, it is generally >>believed that humans evolved in an evolutionary context and they certainly >>frequently use cooperative strategies. Cooperation usually also involves >>the ability to sanction misbehavior. Unilateral disarmament is throwing >>away your sanction. > >That depends on the circumstances. If you are arguing the case for >unilateral disarmament or unilateral reduction. In many cases there was a >deliberated attempt to confuse one with the other. Unilateral >reduction can be the right move to make. No argument. I said disarmament. >In the case of a minor nuclear power such as the UK unilateral >disarmament may be the right move... But still, the UK has available other sanctions. That's why they are still called the Falklands. >... Burglars are not rational actors, and >are more likely to have their behavior determined by drugs or >alcohol than analytical game theory. Burglars are among the most rational of thieves. They try to maximize gain and minimize risk by acting when no one can oppose them. Even muggers, a much less rational activity, try to pick on people smaller than them. >The facts are very clear, if you have a handgun in the house it is >far more likely to kill a member of the familly than stop an >intruder. The NRA know this which is why they have lobbied for the >CDC to stop research in this area - they do not like the facts. Christmas trees make your house far more likely to catch fire. However many people have them because they provide other, hard to quantify, values. (BTW, my mother's retirement home does not allow them in individual units.) Guns have value besides home defense. Just one off-the-wall example: I learned to hold a camera steady by competitive target shooting. Home defense is not the only reason to have a gun. (Besides, I would rather have a shotgun with a short barrel for close-up defense than a handgun. As the California police forces discovered when they (briefly) changed from pump shotguns to "automatics", the sound of chambering a round with a pump shotgun makes people focus very clearly on their situation. Frequently it avoids violence.) IMHO handguns are much more useful when you need a portable defense. Examples: 1. The USGS will allow field geologists to carry handguns in bear country after a rigorous training program. 2. I have a friend who defended himself from a pack of feral dogs after they attacked him and forced him to retreat to the roof of his car. (He killed three of the four. The local rancher treated him to dinner for ridding the neighborhood of a dangerous nuisance.) ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From mcarpent at Dusk.obscure.net Wed Jul 24 06:43:32 1996 From: mcarpent at Dusk.obscure.net (Matt Carpenter) Date: Wed, 24 Jul 1996 21:43:32 +0800 Subject: E-Cash promotion idea Message-ID: <199607241015.FAA06111@Dusk.obscure.net> -----BEGIN PGP SIGNED MESSAGE----- Lucky Green wrote: >At 23:19 7/22/96, Anonymous wrote: > >>How about getting the CyberCafes to accept ecash? Just pull out your >>Newton/HP48/PDA and point the IR beam at the cash register. Now that's >>an ecash application I'd like to see!! > >So would I. And one day we will. Though not not on the HP48. Actually I've been doing some more thinking about this recently, and it may be possible even on an HP48, if you're willing to limit your spending flexibility a little in order to gain the advantages provided by ecash. A couple months ago there was a similar thread on using ecash with Newtons, PDA's, palmtops, and so on. I mentioned an idea of having an "ecash ATM" on an online machine, which would allow you to download ecash coins to your portable device. You could then carry the ecash around with you. This way you wouldn't need a full blown ecash client on the portable, just a simple program that would ask you for the payment amount and send off the appropriate coins. The main problem with the idea seemed to be that I suggested getting change from the merchant. Ian Goldberg pointed out that with the current ecash protocol, accepting change not only eliminates your anonymity, but that you also have to go online to make sure you aren't being cheated. Anonymous's post got me to thinking about this again. Since I know many of you are more knowledgeable about ecash than I, let me know if you can add more detailed information or see any problems with the approach below (other than a certain lack of convenience, which may be the major issue with this approach). What if we just forget about change? One of the neat things about ecash is that it allows for coins of (fairly) arbitrary values. We can use this to our advantage, since we can guarantee that we can make a single payment of any value with a small number of coins. (People familiar with ecash know all this already I'm sure, but I'll describe it in some detail for others who may not have thought about it as much). Here's the basic formula: Number of required coins = ceiling( log2( P/L ) ) where P is the maximum payment amount available to spend on a single transaction, and L is the "loss limit", or the upper limit of money we are willing to lose on a single transaction. For example, if we want to be able to make a $50 payment to the nearest cent ($.01), we need: ceiling(log2( 50/.01)) = 13 coins So with only 13 coins, we are guaranteed to be able to make any single payment from $.01 - $50 to the nearest cent. Since we are dealing with base 2 logarithms, if we increase the maximum amount to $100, we only need a single additional coin. The algorithm to generate the coin values is simple. Basically you start at P and just keep dividing by two until you reach L. For the above example, we could use 13 coin values of: $25, $12.50, $6.25, $3.13, $1.57, $0.79, $0.40, $0.20, $0.10, $0.05, $0.03, $0.02, and $0.01. This actually gives us a total of $50.05 due to rounding, but we are guaranteed of being able to pay to the nearest cent any amount between $0.01 to $50.00, with multiple possible combinations for certain values. Now, I'm not sure what the average size of an ecash coin is (anybody?), but the few I've seen floating around the net in "ASCII armor" have been around 500-600 bytes (of ASCII text), I think. So guessing (hopefully conservatively) that the average coin size is about 1k or less, then we need about 13k worth of storage space to make any single payment of $50 or under. We can do a little better if we are willing to lose a little money in the transaction. For instance, if L=$0.10, then we only need 9 coins (and we will lose less than $0.10 in the transaction). For L=$0.40, 7 coins. Of course this probably isn't cost effective in most cases, but might potentially be useful, if you are tight on storage space or something. So, with a storage space of approximately 64k (close to 5 x 13k), we are guaranteed of being able to make any 5 payments of $50 dollars of less, to the nearest cent. Of course, we also need some software, but it should be fairly simple and small. Just a little database to keep track of which coins we have, and a simple user interface to prompt for payment amount, select the appropriate coins, and beam them off to the payee (probably also a transaction log, and encryption capabilities). A few points: * This should be doable with current technology. All we need is a fairly small storage space, say 128K or less (more gives us more flexibility), and something like IR, wireless, or even a serial port connection via cable to send the coins to the payee. This seems to allow things like Newtons, HP Palmtops (and perhaps higher end calculators), USR Pilots, etc. to be used as unconnected ecash "wallets". This assumes the payee is online, since they will want to clear the coins to make sure they are good. * This is less expensive than requiring both parties to be online. The payee doesn't need to provide a net connection to the payer; the payer doesn't need to utilize memory space (and possibly additional hardware) for more complicated software to carry out the online transactions and payment generation. All the payee needs (besides the standard ecash software and a net connection) is a method of receiving coins, like IR, and some fairly simple software. * Although one may be carrying around $250 with the above example, it is much safer than carrying cash. Ecash maintains the advantage of cash-like anonymity, but we can keep a back-up of the money on our home machine, and we can encrypt the coins we carry to avoid having them spent by someone else, in case our portable device is lost or stolen. (Of course we do lose a possibly expensive portable device.) * With the proper software and connections to the "ecash ATM" we can have our portable device automatically recharged when we get home (and also update the records of which coins were spent). The ATM also gives us complete control over our spending configurations. There could even be several default set-ups for frequently used cases, each assigned to a single button. Just connect your portable device, click a button, and you're ready to go. For example, if you are going to work, you might generally want to have the capability of several smaller payments for snacks, lunch, and such. For grocery shopping you may want a few larger payments, etc. Also the software could automatically keep track of your purchases (like a credit card statement, or checking account log, but you'd be the only one who has access to it). Plus you don't need to run off to find an ATM; you can get cash from "the comfort and privacy of your own home". * The main problem seems to be the loss of flexibility. After you make your maximum number of guaranteed payments you may have money left over, but it may not be useful for buying what you want. You may only have a $25 coin left to purchase that $1.00 item. Personally, as a possibly paranoid technophilic cypherpunk, I don't see this as a major problem. It means you have to plan ahead a bit, but it gives you the same anonymity as cash, with less chance of having you're money lost or stolen. Those with PDD (Paranoia Deficit Disorder (cypherpunks, are there drugs to treat this? :-)) may not have the same view, and be more likely to use less private, more "convenient" methods of payment. But with the proper software setup and user interface, this approach could probably be made acceptable to many. * I'm not sure how easy this would be with the existing ecash software. Browsing over the ecash API (http://www.digicash.com/api/Home.html), I see there is a EC_pocket_begin_withdrawal() function which looks like it may automatically do something similar to the guaranteed payment thing I described above (I've been salivating over the ecash API for a while, but haven't actually had to time to play with it yet). Things may get tricky if you pick funky values of L, the "loss limit". In any case, it seems like this would be possible, even on an HP48. Probably not all that useful/usable though until you move up to something a little more powerful (how much memory does the HP48 have? I have an old HP28S with 32k, so I'm guessing the '48 has more than that). Once I finish up my thesis, find a job, and find some free time (hopefully all within the next month and a half :-) I plan to play with this idea. Unless someone else beats me to it, or there is something important I'm missing. Comments? - --Matt - -- mcarpent at mailhost.tcs.tulane.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfX32ijtJAMyBnp9AQGD+gf/TOe/ouunmhRz7jL+y65iqU57OaZAK1g0 gLIRDFQDTYMX7387FMBKlQ66RMJx4K80lW59oCAaa3/GyBDZR6Kn9bj2m7aZbYkL 4UDV7HoSJrV8qJv08HXnPibi7kmv+bAztHOAx7M7qo5qUayYCFrMeib65ksrrQYY nnlnCPfLWAPMHeFYUSA3fv9XwQB9NZVSCgr8Z2vhnfCAERqLLukaXHJq9InSPmWw XFIdU1x/cPzOUJx7rxth6qBonz5DD9AMof9Qqk8VY/AzohqHylKirog/IJRTefNl p1xEdI/iBhH3m3azvNhtkEIl0MAzBGU26hBIjB2P9P+08shtMfznow== =vR9P -----END PGP SIGNATURE----- From sparks at bah.com Wed Jul 24 06:55:49 1996 From: sparks at bah.com (Charley Sparks) Date: Wed, 24 Jul 1996 21:55:49 +0800 Subject: When books are outlawed Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Only outlaws will have books... Just watching the news here in Fl. and they are trying to hold a publisher responsible for a murder because they published a fictional account of a hitman and a guy says he used the book to kill some people. Would you give your 6 year old a book ? This is really getting out of hand.. Anyone have any property for sale in Idaho ? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCXAwUBMfTGneJ+JZd/Y4yVAQHLuQQMDQglhj5/SWlstlnGTnky47xkqIrm5gUK umCeV7tdlKlYjy/KprUx/UChy2GQ/fHd6rh14CIrnqIzV8I1WUOIbcLWYsOZxTmU sOa2vwISXuLvV7wDy50GgLq3kjGUh+BvhvAfxD/vrbyjOWYMCJB9KNRqE2TMpSn5 O6J/Pb0OYkQB6A== =A8SX -----END PGP SIGNATURE----- Charles E. Sparks http://www.clark.net/pub/charley/index.htm In God we trust, All Others we encrypt Public Key at: http://www.clark.net/pub/charley/cp_1.htm From frissell at panix.com Wed Jul 24 07:15:27 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 24 Jul 1996 22:15:27 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: <2.2.32.19960724111141.008bb63c@panix.com> At 03:38 PM 7/23/96 -0400, hallam at Etna.ai.mit.edu wrote: >The facts are very clear, if you have a handgun in the house it is >far more likely to kill a member of the familly than stop an >intruder. The NRA know this which is why they have lobbied for the >CDC to stop research in this area - they do not like the facts. And most people who die after jumping out of airplanes have (defective) parachutes. Therefore it is safer to jump out of airplanes without parachutes. The CDC sucked suicides into the mix to cook the books and suicide by firearms is a *legitimate* use of same. Surely you believe in the "right to die," don't you? DCF From a-billol at microsoft.com Wed Jul 24 07:22:21 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Wed, 24 Jul 1996 22:22:21 +0800 Subject: No more stupid gun thread ... Message-ID: Alan Horowitz writes: > >How _can_ anyone say that "stupid guns" is ready for the trash-heap of >history? No one has called anyone a Nazi yet! I agree. > From jgrasty at gate.net Wed Jul 24 07:37:48 1996 From: jgrasty at gate.net (Joey Grasty) Date: Wed, 24 Jul 1996 22:37:48 +0800 Subject: WinSock Remailer Going On-Line Tonight Message-ID: <199607232320.TAA64204@osceola.gate.net> Y'all: I'm pleased to announce that the WinSock Remailer is going into operation tonight at 11:00 PM. Please feel free to test it. You can get the key by sending a message to winsock at c2.org with the "Subject: remailer-key". After about a week of further testing, I will be releasing the executables to everyone who sent me a note asking to participate in the alpha test. If you want to be included, please send me a note. Here's the info for the remailer-list: $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; I'll be adding "post" to this list after I get a more thorough testing of the NNTP code that I added for authentication. "latent" is also pending. The remailer will run every 60 seconds from 12:00 AM to 8:00 AM every day and whenever I am online. c2.org automatically spools the messages when I am not connected. Note: alt.religion.scientology and alt.clearing.technology are blocked. I'm not interested in run-ins with either supporters or detractors of the Church of Scientology. Binary and picture groups are also blocked, but only because I don't have the bandwidth to support them. Anyone who has blocking lists that they want to share, please send them to me. Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From EALLENSMITH at ocelot.Rutgers.EDU Wed Jul 24 07:48:19 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Wed, 24 Jul 1996 22:48:19 +0800 Subject: Another fascist Message-ID: <01I7FYYCX5VK9EDE4M@mbcl.rutgers.edu> From: IN%"david at sternlight.com" "David Sternlight" 23-JUL-1996 08:30:51.02 >One of the great friends of free speech on this list sent a forged cancel >message to the listbot to try to cancel my subscription. >The listbot, being reasonably well designed, ignored him and told me about >it, though I have no doubt less of a dunce could bring it off. >What a piece of slime! What do others think of this practice? You have my sympathies. Either I got logged off the list accidentally a bit back, or someone did this successfully to me. I didn't notice due to being gone for a bit, but I finally did and got back onto the list. I'd meant to email the list maintainer (Eric Hughes, as I recall), but haven't gotten around to it - lack of time. Any signs of who did it from the message? I would guess not. -Allen From jsw at netscape.com Wed Jul 24 07:48:29 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 24 Jul 1996 22:48:29 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F4C7AB.18C6@netscape.com> Raph Levien wrote: > > Jeff Weinstein wrote: > > > > Lucky Green wrote: > > > > > > At 13:38 7/22/96, Tom Weinstein wrote: > > > > > > >Yes, and that's what we're trying to do. Get strong crypto in the hands > > > >of as many people as we can. I can hardly wait until we get S/MIME in. > > > > > > What will Netscape do to about the 40bit RC-2 default and the signatures on > > > the outside of the encryption envelope design flaws in S/MIME? I can't > > > imagine Netscape releasing software that has these two properties. > > > > If you know that the recipient can read a message encrypted with > > 3DES, IDEA, or RC2-128, then you can send the message using one of > > these strong algorithms. Given that you need someones public key > > to send them a message, there are several obvious ways to transmit > > information about what algorithms they accept along with it. > > Yes, we all know that. But which one will Netscape actually _do_? > > If there's one thing we've learned from PGP, it's that configuration > and per-user key management are killers. The reason why I'm so excited > about Netscape is that you guys have the _possibility_ to really get > strong crypto to the masses. Whether you really do that or not is in > your hands. > > I've made a proposal for solving the 40-bit protocol failure in > S/MIME. There are other proposals out there too, with various strengths > and weaknesses. The main advantage of mine is that it requires no > additional infrastructure - i.e. VeriSign does not have to start > including algorithm preferences in the DigitalID's they distribute. I don't like the fact that your proposal ties the size of the bulk encryption key to the size of the public modulus. There are legitimate reasons why someone might choose to have a 512 bit modulus even though they prefer longer bulk encryption keys. Your heuristic would be a good fallback in the absence of more reliable information. There is another method that does not require verisign or other CAs to add key size extensions to their certs. We can define a new authenticated attribute that gets included in Signed-Data and Signed-And-Enveloped-Data messages that indicates the user's key size and algorithm preference. This has the advantage that the preference is selected and signed by the user. This method was discussed at the S/MIME meeting in January at the RSA Crypto conference. I'm a bit surprised that it never got into the Implementation Guide. I'll make sure that we bring it up on the smime list again. What we finally implement will probably be a combination of the three methods, with the user's selection taking precedence over the CAs selection, which takes precedence over the heuristic based on modulus size. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From root at edmweb.com Wed Jul 24 07:54:05 1996 From: root at edmweb.com (Steve Reid) Date: Wed, 24 Jul 1996 22:54:05 +0800 Subject: Brute-forcing DES Message-ID: > Specialized DES-cracker chips have of course been considered. Diffie and > Hellman's nearly 20-year-old paper on cracking DES considered this. > Wiener's calculation of a few years ago did more that this: he also > architected a basic system. And the "how many bits is enough?" (sorry I > don't have the official name on the tip of my tongue) panel considered such > designs last year. Yep, I'm familiar with the issue. Bottom line is, it'll take thousands of times the CPU power of the RC4-40 crack. Probably not 2^16 times more; I think RC4 has a longer initialization. > But actually building a DES cracker entails a level of commitment very > difficult to achieve in an informal, volunteer effort. Not exactly > something that 10 or 20 people can work on usefully. > The advantage of the cracks done last year, the French and Australian > cracks, and the MIT cracks, were that the "entry costs" for joining the > project were low. I'm not talking about one individual or organization building one big DES cracker. I'm thinking that DES chips _could_ be used to supliment the PCs in a distributed crack. People with PCs would feed keyspace through their PCs and people with DES chips could feed keyspace through their DES chips. DES chips just happen to have a _lot_ more cracking power than PCs, so they could make a big difference. Adding one DES chip would be like adding hundreds of PCs to the effort. PCs will probably still be the main factor simply because they're ubiquitous. Even with a bunch of DES chips and a massive legion of PCs, this is going to take a long time. Perhaps we should be looking at the thousands of computers and many months, more like the RSA-129 crack than the RC4-40 crack. >From "The Magic Words Are Squeamish Ossifrage": > We believe that we could acquire 100 thousand machines without > superhuman or unethical efforts. If Lenstra et al know what they're talking about, then WE CAN DO THIS!!! ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From adam at homeport.org Wed Jul 24 08:11:15 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 24 Jul 1996 23:11:15 +0800 Subject: Brute Force DES In-Reply-To: Message-ID: <199607241301.IAA00906@homeport.org> Most protocols give you stereotyped headers, which are perfectly valid for known plaintext attacks. The rc4 cracks were done on the Netscape rc4(md5(key+salt) used in ssl. They were based on known plaintext in the HTTP headers. (Incidentally, we might want to test the key distribution & reporting mechanisms on a crack of vanilla rc4-40, or another SSL crack. Cracking des will not be cheap, and we should do some test runs first.) Adam The Deviant wrote: | > For instance if you had a DES encrypted gzipped file. The first 2 bytes | > plaintext will be Ox1f8b. You'd only have to try to fully decrypt | Buy the point is to prove that DES shouldn't be used, not that it CAN | be brute forced. A known-plaintext attack doesn't show that. We hafta | attack something we've never seen. (i.e. talk Netscape, or some other | company, into generating a DES'd message, and keeping the keys safe) -- "It is seldom that liberty of any kind is lost all at once." -Hume From gary at systemics.com Wed Jul 24 08:13:02 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 24 Jul 1996 23:13:02 +0800 Subject: Digital Watermarks (long, getting off-topic) In-Reply-To: Message-ID: <31F613B0.446B9B3D@systemics.com> Timothy C. May wrote: > Pre-recorded DAT tapes were available for a while...they did not sell. I > believe this was because DAT machine purchasers were sophisticated and new > how to make CD-to-DAT copies, with or without SCMS. Don't forget that pre-recorded DAT tapes are at least an order of magnitude more expensive to manufacture than CDs. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From EALLENSMITH at ocelot.Rutgers.EDU Wed Jul 24 08:25:46 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Wed, 24 Jul 1996 23:25:46 +0800 Subject: Distributed DES crack Message-ID: <01I7FZ3IBTAU9EDE4M@mbcl.rutgers.edu> From: IN%"mab at crypto.com" "Matt Blaze" 23-JUL-1996 09:38:21.11 >Personally, I'd rather someone finish up the Wiener ASIC to the point where >it could go out to fab, get some prototype chips made, design a board around >it, and publish the design, from board layout on down. This would be a >great Master's project, and some of us (maybe me, but I'll have to check) >might even be able to scrape up enough funds to buy enough chips/boards/etc >to build a modest size machine (say, that could exhaust a DES key in 1-6 >months). Initial engineering costs aside, the marginal cost of each >such machine could be well within the budgets of, say, a medium size crypto >research lab, and would make a scary enough demo to convince even the >most trusting management types of the risks of 56 bit keys. How about generalized FPGA boards? Some applications in computational biology (searching for similar genes or proteins using FASTA, etcetera) use those quite a bit - and they're available for only about 20,000 or so for quite a few high-level FPGA chips on a board. We've been looking into getting one such and renting its use out on the Web, but the initial investment costs are beyond what available grants will cover; maybe later. Given that at Rutgers is one of the people doing whole bunches of stuff on Web security - namely Simon Cooper - it should't be too difficult. But that will be at least a year or so. -Allen > - matt >(Please cc me on replies, as I'm not reading the list except when someone >alerts me to an interesting topic. Thanks.) From anonymous-remailer at shell.portal.com Wed Jul 24 09:56:40 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Thu, 25 Jul 1996 00:56:40 +0800 Subject: Special Agent Safdar Message-ID: <199607241244.FAA06695@jobe.shell.portal.com> Perry Metzger writes: > Anonymous writes: > > FBI Special Agent Safdar is upset enough by the revelation > > of his true identity to issue a quick denial (on a sunday night, to get > > more OT no doubt), but he doesn't even bother to try to refute the > > central truth that his cover has been blown by a careless operator at > > his home office who verified his employment and offered to take a message > > for him. > > You really are on drugs. The question is, which ones? It could only be Ritalin, the Official Non-Stimulant of the Cypherpunks list. From amehta at giasdl01.vsnl.net.in Wed Jul 24 10:02:48 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 25 Jul 1996 01:02:48 +0800 Subject: Netscape (foreign downloads) Message-ID: <1.5.4.32.19960724124517.002e1fcc@giasdl01.vsnl.net.in> At 01:11 23/07/96 -0700, Jeff Weinstein wrote: > I certainly have sympathy for those who want to make a point >by uploading our US software to hacktic and other foreign servers, >but I think that my company will probably have to ask hacktic >and others to remove these copies. > And what are your plans for those outside the US who have downloaded from hacktic? While I'm sure your copyright allows you to do so, don't suppose you have any plans of going after them? Suppose I, as a foreigner, were to obtain a copy Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From jeffb at issl.atl.hp.com Wed Jul 24 10:28:18 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Thu, 25 Jul 1996 01:28:18 +0800 Subject: [forwarded message]: IAB/IESG statement on cryptography (fwd) Message-ID: <199607241232.IAA07860@jafar.issl.atl.hp.com> Subject: IAB/IESG statement on cryptography To: ietf at ietf.org Date: Wed, 24 Jul 1996 08:21:59 +0200 (MET DST) From: Brian Carpenter CERN-CN IETF, FYI, the IAB and IESG have just requested the Internet Society to release the attached statement to the press on our behalf. (The copyright tag at the end is purely to protect the text against misuse.) We intend to publish this as an informational RFC for the record. Brian Carpenter - --- IAB and IESG statement on cryptographic technology and the Internet - ------------------------------------------------------------------- July 24, 1996 The Internet Architecture Board (IAB) and the Internet Engineering Steering Group (IESG), the bodies which oversee architecture and standards for the Internet, are concerned by the need for increased protection of international commercial transactions on the Internet, and by the need to offer all Internet users an adequate degree of privacy. Security mechanisms being developed in the Internet Engineering Task Force to meet these needs require and depend on the international use of adequate cryptographic technology. Ready access to such technology is therefore a key factor in the future growth of the Internet as a motor for international commerce and communication. The IAB and IESG are therefore disturbed to note that various governments have actual or proposed policies on access to cryptographic technology that either: (a) impose restrictions by implementing export controls; and/or (b) restrict commercial and private users to weak and inadequate mechanisms such as short cryptographic keys; and/or (c) mandate that private decryption keys should be in the hands of the government or of some other third party; and/or (d) prohibit the use of cryptology entirely, or permit it only to specially authorized organizations. We believe that such policies are against the interests of consumers and the business community, are largely irrelevant to issues of military security, and provide only a marginal or illusory benefit to law enforcement agencies, as discussed below. The IAB and IESG would like to encourage policies that allow ready access to uniform strong cryptographic technology for all Internet users in all countries. The IAB and IESG claim: The Internet is becoming the predominant vehicle for electronic commerce and information exchange. It is essential that the support structure for these activities can be trusted. Encryption is not a secret technology monopolized by any one country, such that export controls can hope to contain its deployment. Any hobbyist can program a PC to do powerful encryption. Many algorithms are well documented, some with source code available in textbooks. Export controls on encryption place companies in that country at a competitive disadvantage. Their competitors from countries without export restrictions can sell systems whose only design constraint is being secure, and easy to use. Usage controls on encryption will also place companies in that country at a competitive disadvantage because these companies cannot securely and easily engage in electronic commerce. Escrow mechanisms inevitably weaken the security of the overall cryptographic system, by creating new points of vulnerability that can and will be attacked. Export controls and usage controls are slowing the deployment of security at the same time as the Internet is exponentially increasing in size and attackers are increasing in sophistication. This puts users in a dangerous position as they are forced to rely on insecure electronic communication. TECHNICAL ANALYSIS - -------------------------- KEY SIZE It is not acceptable to restrict the use or export of cryptosystems based on their key size. Systems that are breakable by one country will be breakable by others, possibly unfriendly ones. Large corporations and even criminal enterprises have the resources to break many cryptosystems. Furthermore, conversations often need to be protected for years to come; as computers increase in speed, key sizes that were once out of reach of cryptanalysis will become insecure. PUBLIC KEY INFRASTRUCTURE Use of public key cryptography often requires the existence of a "certification authority". That is, some third party must sign a string containing the user's identity and public key. In turn, the third party's key is often signed by a higher-level certification authority. Such a structure is legitimate and necessary. Indeed, many governments will and should run their own CAs, if only to protect citizens' transactions with their governments. But certification authorities should not be confused with escrow centers. Escrow centers are repositories for private keys, while certification authorities deal with public keys. Indeed, sound cryptographic practice dictates that users never reveal their private keys to anyone, even the certification authority. KEYS SHOULD NOT BE REVEALABLE The security of a modern cryptosystem rests entirely on the secrecy of the keys. Accordingly, it is a major principle of system design that to the extent possible, secret keys should never leave their user's secure environment. Key escrow implies that keys must be disclosed in some fashion, a flat-out contradiction of this principle. Any such disclosure weakens the total security of the system. DATA RECOVERY Sometimes escrow systems are touted as being good for the customer because they allow data recovery in the case of lost keys. However, it should be up to the customer to decide whether they would prefer the more secure system in which lost keys mean lost data, or one in which keys are escrowed to be recovered when necessary. Similarly, keys used only for conversations (as opposed to file storage) need never be escrowed. And a system in which the secret key is stored by a government and not by the data owner is certainly not practical for data recovery. SIGNATURE KEYS Keys used for signatures and authentication must never be escrowed. Any third party with access to such keys could impersonate the legitimate owner, creating new opportunities for fraud and deceit. Indeed, a user who wished to repudiate a transaction could claim that his or her escrowed key was used, putting the onus on that party. If a government escrowed the keys, a defendant could claim that the evidence had been forged by the government, thereby making prosecution much more difficult. For electronic commerce, non-repudiation is one of the most important uses for cryptography; and non-repudiation depends on the assumption that only the user has access to the private key. PROTECTION OF THE EXISTING INFRASTRUCTURE In some cases, it is technically feasible to use cryptographic operations that do not involve secrecy. While this may suffice in some cases, much of the existing technical and commercial infrastructure cannot be protected in this way. For example, conventional passwords, credit card numbers, and the like must be protected by strong encryption, even though some day more sophisticated techniques may replace them. Encryption can be added on quite easily; wholesale changes to diverse systems cannot. CONFLICTING INTERNATIONAL POLICIES Conflicting restrictions on encryption often force an international company to use a weak encryption system, in order to satisfy legal requirements in two or more different countries. Ironically, in such cases either nation might consider the other an adversary against whom commercial enterprises should use strong cryptography. Clearly, key escrow is not a suitable compromise, since neither country would want to disclose keys to the other. MULTIPLE ENCRYPTION Even if escrowed encryption schemes are used, there is nothing to prevent someone from using another encryption scheme first. Certainly, any serious malefactors would do this; the outer encryption layer, which would use an escrowed scheme, would be used to divert suspicion. ESCROW OF PRIVATE KEYS WON'T NECESSARILY ALLOW DATA DECRYPTION A major threat to users of cryptographic systems is the theft of long-term keys (perhaps by a hacker), either before or after a sensitive conversation. To counter this threat, schemes with "perfect forward secrecy" are often employed. If PFS is used, the attacker must be in control of the machine during the actual conversation. But PFS is generally incompatible with schemes involving escrow of private keys. (This is an oversimplification, but a full analysis would be too lengthy for this document.) CONCLUSIONS - -------------------------- As more and more companies connect to the Internet, and as more and more commerce takes place there, security is becoming more and more critical. Cryptography is the most powerful single tool that users can use to secure the Internet. Knowingly making that tool weaker threatens their ability to do so, and has no proven benefit. - ---- The Internet Architecture Board is described at http://www.iab.org/iab The Internet Engineering Task Force and the Internet Engineering Steering Group are described at http://www.ietf.org - ---- (C) Internet Society 1996. Reproduction or translation of the complete document, but not of extracts, including this notice, is freely permitted. (ends) From nobody at REPLAY.COM Wed Jul 24 10:51:35 1996 From: nobody at REPLAY.COM (Anonymous) Date: Thu, 25 Jul 1996 01:51:35 +0800 Subject: Netscape Message-ID: <199607241431.QAA05718@basement.replay.com> Jeff Weinstein wrote: > I'm also curious why these anonymous crusaders did not act > sooner? The US version has been available for sale in retail > outlets for about a year now. Was it not worth $50 to make > your point? If you look real carefully at ftp://utopia.hacktic.nl/pub/replay /pub/incoming you'll notice that the "commercial" 2.01 for Win32 has actually been uploaded. The reason that is was not done sooner is probably that it felt more like stealing to upload software that Netscape expected you to pay for. Now that Netscape is finally giving away strong crypto versions to anybody who asks for it (and claims to be an American) it isn't really stealing in the same sense anymore. It's just ITAR we're ignoring, not Netscape's commercial interests. From alexf at iss.net Wed Jul 24 10:54:36 1996 From: alexf at iss.net (Alex F) Date: Thu, 25 Jul 1996 01:54:36 +0800 Subject: A Global Village; an open letter to Bill & Hill [rant] Message-ID: <199607241359.JAA19454@phoenix.iss.net> > The world is everchanging and Mrs. Clinton is correct in that the > industrialized > countries have lost, most, of their extended families. This makes children > vulnerable to danger. This is such crap, and I'll tell you why. It is a classic example of political double speak. Here Hillary says that children are in danger because of lost family values. Absolutely true. Let me ask you then why is it that Bill(ary) signed an unconstitutional law? I am referring to the CDA and the telephony bill. What about the terrorism bill? They apparently support censorship on the Internet. They don't want "bigtitties.gif" on the net and accessable to little Johnny. They say that it is WRONG for little Johhny to have access to "bigtitties.gif," and that the GOVERNMENT should DO SOMETHING about this. What happened to family values? Just HOW the hell can you support and promote family values when you are telling the parents (who you want to pay more attention to their children, get more involved, and be kinder) "WE know what is best for little Johnny, and WE will make the decisions, NOT YOU" To me this sends a message of "The government knows best because most parents are stupid and uncaring." It is much more likely that little Johnny will go over to Sammy's house and look at the Playboys that Sammy's dad has hidden under the bed than collect nudie .gifs off of the net, but they wouldn't dare censor that. The Internet is another story, however. I got news for them, we had pornography LONG before the net ever existed, and there is NO solid psychological link to viewing porn and becoming a sex offender. Anyone who thinks so needs to realize that they are talking about something about which they have no clue. Anyway, getting off-topic again. I'll be quiet now :) Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From rp at rpini.com Wed Jul 24 11:01:36 1996 From: rp at rpini.com (Remo Pini) Date: Thu, 25 Jul 1996 02:01:36 +0800 Subject: Distributed DES crack Message-ID: <9607241434.AA25033@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Wed Jul 24 16:31:44 1996 Has anyone thought about TI or Motorolas DSP-Eval-Boards (at 99$ a piece at 40 MHz with optimized assembler they might easily outrun a PPro200) Don't look at me that way, I know only little about DSP-Programming. By the way, using FPGA's (as suggested earlier) at around 100 MHz should be extremely fast (after all, on one 100000 Gate FPGA, one should be able to do lot of parallel things at one clock cycle -> test several keys at once...). I estimate, that at reasonable cost (lets say, <$500) you should be able to put enough FPGAs on a board to do enough keys in parallel to equal 1 key per cycle, i.e. 1e8 keys/sec. That would amount to: 7.2e8 secs ->8340 days If you build 100 such machines you win in 3 months (without any of the mentioned optimisations (2e55 instead of 2e56, etc.) - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfYz0RFhy5sz+bTpAQGj0Af/Xto3KiZMxb4zybeRcGK3mOINTmgiBo3i Ewbzk5V0DRmNU0j6a1GFh0hmPnHwAZoopLr0VjdiBYRKCj73AEp2FHNuWxhRdp33 KKa4qfWATJM3ESGRpNTfTQr/ruCzxbkGTtDki/j0HC4UbRi/fdjy6MinstjaIJ3t eIcX18+SKOxmV+hzZ8qrJeHlEI3e2RPl0YscXSnHVGlHZNOFUiJB/jPz/Gs8ph9i aZR6bv+T8UVC36CzFF/B9Syxr6QFXVM5xcZ9tAui6VyAk7GOd/O5AKG8Z51jO+OK Nf77HxT3g3wovPz/9pC+6yr9haaokBYPDs4YrBNKA8Wtln2HgdTr3w== =OjX2 -----END PGP SIGNATURE----- From a.brown at nexor.co.uk Wed Jul 24 11:31:25 1996 From: a.brown at nexor.co.uk (Andy Brown) Date: Thu, 25 Jul 1996 02:31:25 +0800 Subject: Distributed DES crack Message-ID: <01BB797B.3828D900@mirage.nexor.co.uk> On 24 July 1996 12:11, pjn at nworks.com wrote: > You are assuming that we will not get the right equasion/code/whatever > untill the very end. There is a good chance that it will only take > half that time...and a slim chance that we will get it with the first > try... My figures were based on 2^55 tries, which is exactly half of 2^56. - Andy From moulton at netcom.com Wed Jul 24 11:54:05 1996 From: moulton at netcom.com (Fred C. Moulton) Date: Thu, 25 Jul 1996 02:54:05 +0800 Subject: Pachinko Cards in WSJ Message-ID: <199607241541.IAA23381@netcom21.netcom.com> The July 24 1996 edition of the Wall Street Journal has a front page article about the "cashless Pachinko cards" in Japan which resulted in losses for several businesses. This was discussed in cypherpunks when the story originally broke months ago. The article in the WSJ relates how the cards were the results of fears that the money laundered from the pachinko halls was being sent to North Korea to fund the nuclear program there. The CIA provided intelligence about this to the Japanese authorities according to the article. Far too many details to summarize here, I suggest those who are interested read it. Fred From perry at piermont.com Wed Jul 24 11:56:30 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 25 Jul 1996 02:56:30 +0800 Subject: Digital Watermarks for copy protection in recent Billbo In-Reply-To: Message-ID: <199607241517.LAA18088@jekyll.piermont.com> Timothy C. May writes: > >Not familiar with the Nyquist limit w/ regards to sampling rate vs > >frequency :( > > Check any textbook, or even a good dictionary. Basically, it says that one > must sample at more than twice the frequency of the highest frequency to be > reconstructed. Thus, a 20 KHz top frequency needs at least 40 K samples per > second. The exact number is, I think, about 2.2x the freqency, which is why > CDs were standardized at 44 K samples per second per channel. The Nyquist Theorem states you need exactly twice the samples, not over twice. The magic number isn't something like 2.2, its exactly 2. Now, the reality is that low pass filters in the recording studio aren't going to be perfect and such, being analog devices, and higher frequencies making it in will cause aliasing artifacts, so you probably want to sample at above twice your putative cutoff because it won't be your real cutoff, but in principle you need exactly twice the highest frequency. Perry From paul at ljl.COM Wed Jul 24 12:01:18 1996 From: paul at ljl.COM (Paul Robichaux) Date: Thu, 25 Jul 1996 03:01:18 +0800 Subject: E-Cash promotion idea In-Reply-To: <199607241015.FAA06111@Dusk.obscure.net> Message-ID: Matt Carpenter said: >What if we just forget about change? One of the neat things about ecash is >that it allows for coins of (fairly) arbitrary values. We can use this to >our advantage, since we can guarantee that we can make a single payment of >any value with a small number of coins. The Visa stored-value cards now in Atlanta don't do this, but as a simplifying measure most vendors in the Olympic Village (and many within the downtown venue ring) have rounded prices to the nearest US$. The precedent's been set. -Paul -- Paul Robichaux LJL Enterprises, Inc. paul at ljl.com Be a cryptography user. Ask me how. From dlv at bwalk.dm.com Wed Jul 24 12:09:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 25 Jul 1996 03:09:20 +0800 Subject: No more stupid gun thread ... In-Reply-To: Message-ID: "Bill Olson (EDP)" writes: > Alan Horowitz writes: > > > >How _can_ anyone say that "stupid guns" is ready for the trash-heap of > >history? No one has called anyone a Nazi yet! > > I agree. > > OK - "Dr." David Sternlight is a Nazi. Down with the Usenet Cabal! All power to the GruborBots! --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tc at phantom.com Wed Jul 24 12:21:37 1996 From: tc at phantom.com (dave banisar) Date: Thu, 25 Jul 1996 03:21:37 +0800 Subject: the VTW---FBI Connection (fwd) In-Reply-To: Message-ID: Damm. Flushed out. I thought we swould be able to hide this. -d >>>Now the big question: What is the FBI trying to do getting all these >>>names? What else has "VTW" been doing? And what other organizations like >>>them are there? Who else is in on it? What does this say about EPIC, >>>CDT, EFF? >>>Are Blaze and Schneier dupes, or willing participants? What about their >>>ISP? I think we are all owed an explanation. This is serious. Maybe FOIA or >>>a lawsuit before they burn the files. >>> >>>What do you want to bet "VTW" quietly fades away after a few prefunctory >>>denials, and gets replaced by another organization in due course? >>> >>>Faithfully, >>> >>>Net reporter team Alice and Bob >>> From jya at pipeline.com Wed Jul 24 12:25:00 1996 From: jya at pipeline.com (John Young) Date: Thu, 25 Jul 1996 03:25:00 +0800 Subject: OPS_nuk Message-ID: <199607241530.PAA25861@pipe2.t2.usa.pipeline.com> The WSJ Page Ones a loser's game about the CIA's role in promoting Japanese pachinko cards to halt the surreptitious funneling of betting cash to the construction of a North Korean nuclear plant. And the op's nuking by the Kobe quake looting of card-reading mechanisms, cracking encryption codes, and counterfeiting not-so-smart cards for counter- tipping the house fix. Mondex, watcher bleedin arse. ----- http://jya.com/opsnuk.txt OPS_nuk From ichudov at galaxy.galstar.com Wed Jul 24 12:27:37 1996 From: ichudov at galaxy.galstar.com (Igor Chudov) Date: Thu, 25 Jul 1996 03:27:37 +0800 Subject: Brute Force attack Question Message-ID: <199607241550.KAA00886@galaxy.galstar.com> Hello, I've been thinking about brute force attacks, and there is something that I do not understand. Maybe someone could explain me where I am wrong. Suppose Alice sends letters to BoB, and they always exchange plain text ASCII data. Suppose also that they use DES for encryption. They are afraid that Perry intercepts their messages and tries to brute force their DES key. Perry has 100,000 computers (and 20,000 couriers alone:) and his brute force attacks are as follows: he tries all keys in succession, looks at the decrypted texts, and *if* the decrypted text looks like a potential message (has only ASCII characters for example) he looks at that key closer as it is likely that he has found the right key. What is Alice and Bob decide to obscure their letters and add random NON-ASCII characters at random places? They may agree to just ignore all non-ASCII characters, so these characters would never change the meaning of their letters. If they do that, Perry does not have any easy way to tell whether he really recovered the right plaintext or not, because even correct key would still produce a lot of non-ASCII characters. If percentage of ASCII characters in all 256 byte space is 40%, Alice and Bob may agree to put in junk characters to make up exactly 60% of the message. This way messages will look like random character data. Is there any good method for attackers to circumvent this obscurity? What is the general method to make a judgment whether the recovered text really is a plain text if Alice and Bob noisify their letters? I can think of this: we sift through all recovered plaintexts and remove all non-ASCII bytes, and then do some simple testing to see whether the remaining ASCII data resembles normal English texts. This kind of testing seems to be quite expensive though, compared to just testing for ASCII vs. non-ascii bytes. Anything else I am missig? Thanks. - Igor. From geeman at best.com Wed Jul 24 13:17:05 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 25 Jul 1996 04:17:05 +0800 Subject: Brute-forcing DES Message-ID: <01BB7946.4C886760@geeman.vip.best.com> Count me in: Good reason to get the XT (!!!!!!) and the 12Mhz Vendex286 out of the garage ... We can throw in the Mac too if the code's portable. And the 486-100. And you can have McArthur, the P-133, after bedtime. And the 486-20 portable, why not? I'm also available for assembler coding/optimizing on a limited basis. Excellent project! On Tue, 23 Jul 1996 pjn at nworks.com wrote: > Date: Tue, 23 Jul 1996 16:25:44 -0500 > From: pjn at nworks.com > To: cypherpunks at toad.com > Subject: Brute-forcing DES > > > Any one up for a distributed brute force attack on single DES? My > > back-of-the-envelope calculations and guesstimates put this on the > > hairy edge of doability (the critical factor is how many machines can > > be recruited - a non-trivial cash prize would help). > From perry at piermont.com Wed Jul 24 13:22:06 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 25 Jul 1996 04:22:06 +0800 Subject: Brute Force DES In-Reply-To: Message-ID: <199607241617.MAA18214@jekyll.piermont.com> The Deviant writes: > Buy the point is to prove that DES shouldn't be used, not that it CAN > be brute forced. A known-plaintext attack doesn't show that. We hafta > attack something we've never seen. (i.e. talk Netscape, or some other > company, into generating a DES'd message, and keeping the keys safe) Known plaintext isn't needed. You just need a plaintext with some decent statistical properties. Dave Wagner has some information on this. Perry From tcmay at got.net Wed Jul 24 13:34:03 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 25 Jul 1996 04:34:03 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: At 12:14 PM 7/24/96, Gary Howland wrote: >Timothy C. May wrote: > >> Pre-recorded DAT tapes were available for a while...they did not sell. I >> believe this was because DAT machine purchasers were sophisticated and new >> how to make CD-to-DAT copies, with or without SCMS. > >Don't forget that pre-recorded DAT tapes are at least an order of >magnitude more expensive to manufacture than CDs. The _selling_ price of DATs was only slightly higher than CDs, around $15 in the U.S. Some DATs were priced identically to CDs, and still didn't sell. (Not surprisingly to me, given the chicken-and-egg effect.) Manufacturing costs of CDs are very low--I've seen estimates as low as 10 cents or less--and the final selling price is dominated by royalties, overhead staff costs, distribution cost, and, of course, "what the market will bear." DAT manufacturing costs could be $1-2, but the above factors would still dominate. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From drosoff at ARC.unm.EDU Wed Jul 24 13:38:03 1996 From: drosoff at ARC.unm.EDU (David Rosoff) Date: Thu, 25 Jul 1996 04:38:03 +0800 Subject: Kids and Computer Privacy Was Re: No more stupid gun thread ... Message-ID: <1.5.4.16.19960724164258.0b775f04@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 03.48 AM 7/24/96 -0500, Scott Schryvers wrote: >Should kids have crypto? [weapons] Your analogy fails when I consider the simple point that crypto is not a weapon in and of itself, no matter what the misguided ITAR says. "... two plus two make five ..." >Under Itar crypto is a weapon. If a kid were to bring a disk >containing pgp to school could they be expelled for carrying a weapon? No, because crypto, *by itself* does NOT present a threat to any other kid or to any teacher or to the kid carrying the code. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfZR5hguzHDTdpL5AQHqsgP5AcEWBP0SeGCWwgOKGgDVuzz4yJRXk218 lSepjhxa+OnK6Aw5Gxk/+ykJAZM++VPH4LKR3ztRP5X3CJMC8zJ+f4qatmqzRptU yKagSL8yF2/xN9ltwJcl6T3F4f88LJKD0vDpp4M+FeIX90zDosxPl0TYYv3niG2u v2ePUFTwWKI= =IlGz -----END PGP SIGNATURE----- From hallam at Etna.ai.mit.edu Wed Jul 24 13:41:04 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Thu, 25 Jul 1996 04:41:04 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: <9607241624.AA06524@Etna.ai.mit.edu> >Talk shows that attempt to stimulate active thought on reasonable premise >generally do not survive long in syndication. With Limbaugh's show, it >took a double hit as the markets it played to were for the most part late night. >BTW, this comes from actually looking it up in past TV Guides - not >mindlessly drooling over the radio - so put away the "he's lying" crap. And why did the networks put Rush on so late? Could it be that he did not pull in the viewers? >Following the shallow logic of your argument, Limbaugh is not a success >because he does not broadcast on TV. It is shallow logic, but it is Rush's own logic. He promotes the idea that success is measured in ecconomic terms. The failure of his TV show demonstrates the failure of his ideas under the criteria which he himself espouses. >The issue I take with this, is the constant spouting of King Bill's >pronouncement of why OKC occured in the first place. We don't know WHY it >took place - that's what a trial is for (if you actually believe that >justice is blind and lawyers tell the truth always). We will NEVER really >know - but it's damn fine political fodder to take an unconstitutional >swipe at the populous with the anti-terrorist legislation. That is not what the trial will decide. The question is who and what, why is irrelevant given the nature of the offense. >If you firmly believe the premise that Fascism was the root cause behind >OKC, then you have no choice but to look to the White House and Capital >Hill. Nope, I look to the millitas, Chritian Identity, the Klu Klux Klan and their appologists including Liddy and Limbaugh. If you read the propaganda that the NAZIs used you will find it if anything less direct than Liddy or Buchannan. The NAZIs did not advertise their intention to commit mass murder, they used code words. When Buchannan refers to "Hose" he is using a codeword he knows will be understood. Phill From alexf at iss.net Wed Jul 24 13:57:38 1996 From: alexf at iss.net (Alex F) Date: Thu, 25 Jul 1996 04:57:38 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607241653.MAA22114@phoenix.iss.net> > >Yes, but concievably if (whoever would be incharge, FBI?) *could*, > >under law do this, even if they are wrong. It is a lot harder to > >prove that they intentionally harrassed *you* than it is for them to > >say that they were following leads and show evidence. Yes, this may > > To go to trial, an indictment would be needed. How likely is this? The likelyness is irrelevant to the point. Possibility is relevant. Probability is not. > Discussion of "in theory they could arrest you" points often neglects the > realities of the legal system. Does that really matter? . In REALITY, it will never be enforced. So what? The potential is still there, and in essence, that is ALL that matters! The discussion of "in theory...." doesn't neglect the realities of the legal system, rather it highlights the POTENTIAL for abuse. Even if the law is never enforced, could it not be used as an example to justify other laws that *may* be introduced? Does it not set a dangerous precedent? We are talking about dangerous empowerment here. Hmm. The arguement "well, we would never REALLY enforce it" just doesn't hold water with me, and makes me uncomfortable. > A large fraction of pawnshop items have questionable provenance, the items > having been stolen at some time in the past. Could J. Random Buyer who > walks in, sees an item he likes, buys it, and walks out with it be > handcuffed and taken down the lockup for the crime of buying stolen > property? Doubtful, in the real world. And defense would be ridicuously > easy. A defense would be easy, fine. But it would still cost $$$. Do you see what I am getting at? This is done ALL THE TIME (no, not at pawn brokers. I'm talking about taking advantage of either cost or time to get what you want). > A trivial increase in frequency, and still not allowing the hypothesized 30 > KHz signal to be added. DATs often sample at 44 and 48 KHz, switchably. The > CD standard is of course still what it is. That's not the point. What we are talking about here is a covert channel. Whether it is at 30KHZ, 22KHz or right in the middle of the audible range. Mine was ONE proposal, a theory of sorts, thought up off of the top of my head as a possible way of doing this. You can also add a digital serial number right in the audible range, if you like. Static that is recorded along with analog sound is at certain frequency ranges, typically. When you have a disk that holds 640Mb or so the serial number's size is trivial in comparison. Sending the whole number at once will barely be audible even if in a good frequency range simply because of speed. If you send it in bits and pieces during the song, and furthermore record this data in the middle of the frequency range where static is located, you won't hear it anyway. However certain devices will be able to read the data w/o problem. Similarly, you have a CD, let's say Beethoven's 9th symphony. You have ~640 MB on the CD. If you want to sneak someone an encrypted message, say a top secret document and it is compressed down to 1K, then putting this into the audio signal as described above is fairly trivial. The other end doesn't even need to know bit counts. The document can be spreadout, reversed, whatever and just signaled w/ a flag (much like PPP and other protocols). All the other end needs to decode is a flag at a set frequency range, both of which can be constantly changed. interestingly, Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From reagle at rpcp.mit.edu Wed Jul 24 14:15:39 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Thu, 25 Jul 1996 05:15:39 +0800 Subject: FTP Software Licenses Pretty Good Privacy 07/23/96 Message-ID: <9607241721.AA01343@rpcp.mit.edu> HAMBURG, GERMANY, 1996 JUL 23 (NB) -- By Sylvia Dennis. FTP Software, the Internet/connectivity software company, has licensed Pretty Good Privacy's encryption technology of the same name (PGP). Plans now call for FTP to integrate PGP within its range of TCP/IP (Transmission Control Protocol/Internet Protocol) software. Under the terms of the agreement, PGP has licensed its encryption software to FTP for use in OnNet32 2.0 for Windows 95 and Windows NT, both versions of which will ship in the third quarter of this year on both sides of the Atlantic. Tom Steding, PGP's chief executive officer, said that a critical piece of the company's business strategy is to proliferate the "seamless integration of encryption technology" within e-mail applications programs. "We see this partnership as a powerful combination of two leaders who, together, will use their considerable market weight and technical expertise to promote and enhance the PGP towards becoming a universally accepted industry standard," he said. According to Rebecca Buisan, product marketing manager with FTP, the company has made several enhancements to OnNet32 to integrate PGP into its basic functions. There is now a two icon system which allows users to access a tool bar, designating options to encrypt or decrypt a message, and make a digital signature. Mail messages can also be left on a server or computer in an encrypted format, to be decrypted and read at will. "Experience has proven that cryptography only works if implemented effectively, so that it is simple for the user," she explained. According to Buisan, FTP has conducted extensive human factors testing to fine-tune PGP's cryptographic software into a "flexible and intuitive application that people will be encouraged to use." According to FTP, its implementation of the PGP encryption software is interoperable with current freeware versions available for free download from the Massachusetts Institute of Technology (MIT) or one of the many other FTP (File Transfer Protocol) sites that distribute the package. The MIT site is at http://web.mit.edu/pgp . PGP was originally developed in 1991 by Phil Zimmerman. The package allowed PC users, for the first time, to send information in a secure encrypted format without fear of intervention. FTP's Web site is at http://www.ftp.com . (19960722/Press & Reader Contact: Manuela Dorken, FTP Software, +49-89-614130, Internet e-mail manuela at ftp.com; PGP, 415-631-1747, Internet e-mail info at viacrypt.com) From jimbell at pacifier.com Wed Jul 24 14:16:53 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 25 Jul 1996 05:16:53 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: <199607241726.KAA00302@mail.pacifier.com> At 02:14 PM 7/24/96 +0200, Gary Howland wrote: >Timothy C. May wrote: > >> Pre-recorded DAT tapes were available for a while...they did not sell. I >> believe this was because DAT machine purchasers were sophisticated and new >> how to make CD-to-DAT copies, with or without SCMS. > >Don't forget that pre-recorded DAT tapes are at least an order of >magnitude more expensive to manufacture than CDs. Isn't it odd that when music is sold, CD's are MORE expensive than cassette tapes, even though you _know_ that the manufacturing cost of CD's is less? Another oddity: The price for a blank, standard-quality videocassette is about the same as that of a blank, standard-quality audio cassette tape, despite the fact that the volume of tape included in the former is probably about a factor of 10 higher. Jim Bell jimbell at pacifier.com From tcmay at got.net Wed Jul 24 14:30:47 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 25 Jul 1996 05:30:47 +0800 Subject: When books are outlawed Message-ID: At 12:36 PM 7/23/96, Charley Sparks wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Only outlaws will have books... > >Just watching the news here in Fl. and they are trying to hold a publisher >responsible for a murder because they published a fictional account of a >hitman and a guy says he used the book to kill some people. > >Would you give your 6 year old a book ? > >This is really getting out of hand.. Anyone have any property for sale in >Idaho ? Deranged Mutant posted a summary of this on the list. (News item copied below for reference.) You have to be careful to separate out the issue of "lawsuits" from the issues of "prior restraint" and "censorship." There is no talk of prior restraint of Paladin Press, and no Office of the People's Censor to which books must be submitted for approval. Personally, I think holding authors responsible for other people's actions is wrong-headed. It opens the door to such things as holding "Hustler" responsible for rapes, "On Our Backs" responsible for scissor attacks, "Guns and Ammo" responsible for accidental shootings, and, of course, publishers of "The Bible" responsible for various acts of sodomy, bestiality, patricide, and genocide. "They made me do it!" should not be allowed to be a defense in criminal cases, nor should publishers, writers, and speakers be held liable for actions of others. (With the _possible_ of direct and immediate exhortations to commit some serious crime, e.g., a speaker yelling at his supporters to go burn down a building. And I am dubious even here; certainly holding a leading American Neo-Nazi speaker and writer responsible for the actions of someone influenced by him, actions committed far away, was wrong. In my view.) Here's the item supplied by Deranged Mutant: >From LI Newsday today, p. 18: Suit Follows Muder by the Book Publisher of how-to 'Hit Man' manual is blamed in 3 killings The Associated Press (Greebvelt, Md.) - James E. Perry committed muder by the book. Now the book's publisher is accused of aiding and abetting his crimes. In a case that legal scholars say could set a precedent in First Amendment law if allowed to proceed, a federal judge yesterday said he would rule in 30 days on a motion against the publisher of "Hit Man: A Technical Manual for Independent Contractors". [..] The $10, 130-page book has sold 13,000 copies since it was published in 1983 by Paladin Press of Boulder, Colo., a small company that sells mostly through mail orders from its catalog. [..] --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From JMKELSEY at delphi.com Wed Jul 24 14:36:31 1996 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Thu, 25 Jul 1996 05:36:31 +0800 Subject: No Subject Message-ID: <01I7GBFL287694F9CD@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- [ To: cypherpunks ## Date: 07/19/96 08:13 pm ## Subject: Message pools ] >Date: Wed, 17 Jul 1996 23:19:59 -0700 >From: Bill Stewart >Subject: Re: Message pools _are_ in use today! >>2. The authorities already have identified a suspect, call him "Bob," and >>wish to know if he reading (and perhaps decrypting) messages to "Alice." >>As several of us have noted, #1 is tough--real tough. The authorities would >>have to contact 10,000 or more ISPs who have local newsfeeds and subpoena >>their logs of who read which newsgroups...assuming such logs are even kept >Getting everybody is tough. Getting a lot of the potential suspects, >however, isn't as tough as it looks - the vast majority of home Internet >users are on AOL, Compuserve, Prodigy, UUNet, Netcom, or (RSN) AT&T. >Anonymous Message Pool users are a bit more likely to use niche-market ISPs, >especially under pseudonyms, but if the number of users increases >significantly there'll still be a reasonable proportion on the big carriers, >which are probably more cooperative and probably keep more complete logs. There are two other factors. 1. If you're trying to figure out who anonymously posted the ``All faggots must die'' message on alt.sex.motss, you have a very large number of potential suspects. However, if you're trying to figure out who anonymously posted the ``how to manufacture nerve gas'' post, your suspect list is quite a bit smaller. The condition for technical information about cryptography or computer security is similar. 2. It may be that the way you test your suspects is parallelizable enough that you can do a ``dictionary attack,'' in which you go down a list of people who you might suspect of posting something for one reason or another, and test the hypothesis that each of them actually did post it. Suppose I have such a test which can rule out 75% of my suspect list. This becomes a useful tool--especially if I can track multiple posts by the same user and rule out more and more of my suspect list as more and more messages are posted. I wouldn't count on even heavily-chained anonymous remailer messages to protect my identity from moderately wealthy and determined attackers, if I did many anonymous posts. Writing style and topic alone may narrow the suspect list down to a manageable number. ># Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com ># http://www.idiom.com/~wcs --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfZezUHx57Ag8goBAQGe+AP/fYWAfHmFwVdYvoQjAtcIAH5csUb2pWQi GYfsluIY1Wn2sPTxf+2GoVvfmwRlhAgwGtOTav83tsP8KN6uB6MJTe3NO67gL7Cx W1U7yNgC0Ebuyoxr4Hi4p3d0s57wroscy15O7/XgZ3Fcu+yi0lSoJOML86hipCUc plb/XsYBLLE= =sEbh -----END PGP SIGNATURE----- From jya at pipeline.com Wed Jul 24 14:38:41 1996 From: jya at pipeline.com (John Young) Date: Thu, 25 Jul 1996 05:38:41 +0800 Subject: STI_ngy Message-ID: <199607241725.RAA14380@pipe2.t1.usa.pipeline.com> Three techno-terrorism Stingers: 7-24-96. WaPo: "Army Shows Missile Hit Is Unlikely. SAMS Not Ruled Out; Downing Jet Is Hard." The Army has run computer simulations to determine whether a U.S.-made Stinger or equivalent weapon could have hit TWA 800 and has concluded it was possible but not likely, defense officials said yesterday. (But read Kalliste's latest.) 7-24-96. NYP: "What Made Flight 800 Explode?" Dr. Oxley said that even the best laboratory technique might miss ANFO. Ammonium nitrate is readily soluble in water and would dissipate rapidly from a submerged wreck. The remaining fuel oil component of the bomb would be hard to distinguish from aviation fuel or other petroleum products. However, an ANFO bomb would have to be detonated by one of the high explosives that do not dissolve in water, which would be easier to detect. And: "Computer Expert Testifies in Terror Trial." David Swartzendruber, an investigator for Microsoft, who said the F.B.I. asked him to examine the computer's hard drive and reconstitute its files, gave the jury of the Yousef terrorism trial a technical tutorial on how he managed to retrieve files that had been deleted. ----- http://jya.com/stingy.txt (for 3, 15 kb) STI_ngy From jimbell at pacifier.com Wed Jul 24 14:40:57 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 25 Jul 1996 05:40:57 +0800 Subject: Netscape Message-ID: <199607241752.KAA02103@mail.pacifier.com> At 07:00 PM 7/23/96 +0000, The Deviant wrote: >On Mon, 22 Jul 1996, Tom Weinstein wrote: >> Also, notice the simple verification system MIT was allowed to use, and >> the complex one we're required to use. >> > >I'm curious, exactly whop is it that _required_ you to use that system.? Excellent point. There's a difference (or, at least, there had BETTER BE a difference!) between following the laws and "doing everything the government wants, exactly the way it wants." It would be interesting to see the specific explanation which was given Netscape as to why they were required (if, indeed, they were required...) to use a specific system. It seems to me that a far more productive stance by Netscape would have been to say to the State Department, "We're going to put this software on the 'net. We're happy to put in any precautions which are SPECIFICALLY required under law and/or ITAR. However, we insist that you document the fact that they are required, with full and complete legal explanations for your assertions. Moreover, we insist that you explain why this position is consistent with MIT's posting of PGP." At the very least, this would have set the government's position WRT ITAR in stone, Part of the reason the governemnt has gotten so much 'mileage' out of ITAR is the fact that they morph it to do whatever they want, whenever they want. The best way to fight this is to tie down their position. Jim Bell jimbell at pacifier.com From perry at piermont.com Wed Jul 24 14:45:56 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 25 Jul 1996 05:45:56 +0800 Subject: Brute Force attack Question In-Reply-To: <199607241550.KAA00886@galaxy.galstar.com> Message-ID: <199607241758.NAA18324@jekyll.piermont.com> Igor Chudov writes: > What is Alice and Bob decide to obscure their letters and add random > NON-ASCII characters at random places? Assuming I'm using a statistics based technique, that won't help. Superencipherment might, but then again, thats sort of what 3DES is, right? > If percentage of ASCII characters in all 256 byte space is 40%, Alice > and Bob may agree to put in junk characters to make up exactly 60% of > the message. This way messages will look like random character data. Nope, it wouldn't. The statistics would be off. Perry From samantha at gamespot.com Wed Jul 24 15:09:58 1996 From: samantha at gamespot.com (samantha at gamespot.com) Date: Thu, 25 Jul 1996 06:09:58 +0800 Subject: GameSpot's $20,000 Games Contest Message-ID: <199607241110.LAA14940@gamespot.com> Fellow gamer: You're receiving this e-mail because we thought you might be interested in checking out the newest, hottest games site on the Web - GameSpot. Located at http://www.gamespot.com, GameSpot offers more up-to- date reviews of PC games, online games, PC gaming hardware, and VR gear than any other information source. As an incentive to visit GameSpot, we're hosting a $20,000 games giveaway from June 10 - August 3. Every day, we're giving away up to $700.00 worth of games and VR gear, and, at the end of the contest, we're giving away a colossal package of $5,000 in games loot to one lucky winner. The more times you enter the daily contest, the more chances you have to win the big prize! Last month, over 300 people won prizes... make sure your name is on the list! What makes GameSpot different, though, is the quality and quantity of information: You can read reviews of over 140 games on the market, check out previews of what's coming, download the best demos, get hints on your favorite games, and link to thousands of other sites related to gaming. If you don't like what we say about a game or hardware product, you can submit your own review and get published in front of an international audience. Best of all, GameSpot is completely free! Think of the money you can save on magazines. We hope you'll take a moment to visit GameSpot, and we appreciate your taking a look at our site. Samantha Lassiter GameSpot http://www.gamespot.com P.S. This is a one-time mailing, so you will not receive further mail from us unless you are on other mailing lists or sign up for the GameSpot newsletter. My sincere apologies if I have intruded... From snow at smoke.suba.com Wed Jul 24 15:12:30 1996 From: snow at smoke.suba.com (snow) Date: Thu, 25 Jul 1996 06:12:30 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607231938.AA01857@Etna.ai.mit.edu> Message-ID: On Tue, 23 Jul 1996 hallam at Etna.ai.mit.edu wrote: > The facts are very clear, if you have a handgun in the house it is > far more likely to kill a member of the familly than stop an > intruder. The NRA know this which is why they have lobbied for the > CDC to stop research in this area - they do not like the facts. That family member is usually not killed in an accident. You are also more likely to be stabbed by a family member, beaten by a family member, raped by a family member, and stolen from by a family member. Maybe we should outlaw families. > As someone who qualifies to be issued with a handgun under the UK > regulations I have been informed that the protection offered is > marginal at best. An intruder is certain to be more prepared than > the intended victim, it is extreemly unlikely that the intruder will > not get the first shot in. This sir is pure crap. In fact it is far more likely that an armed and prepared occupant will take out a thug. There have been 2 cases here in Chicago where elderly citizens (one 86 years old, and in a wheelchair) got the drop on teenage hooligans that were in the process of burglarizing their homes (in the case of the 86 year old, sexual assault was also occuring) In both cases at least on of the perps died. As they deserved too. These people (burglars) are not worth the bullet it takes to get rid of them. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Wed Jul 24 15:27:17 1996 From: snow at smoke.suba.com (snow) Date: Thu, 25 Jul 1996 06:27:17 +0800 Subject: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <2.2.32.19960724111141.008bb63c@panix.com> Message-ID: On Wed, 24 Jul 1996, Duncan Frissell wrote: > At 03:38 PM 7/23/96 -0400, hallam at Etna.ai.mit.edu wrote: > >The facts are very clear, if you have a handgun in the house it is > >far more likely to kill a member of the familly than stop an > >intruder. The NRA know this which is why they have lobbied for the > >CDC to stop research in this area - they do not like the facts. > And most people who die after jumping out of airplanes have (defective) > parachutes. Therefore it is safer to jump out of airplanes without parachutes. > The CDC sucked suicides into the mix to cook the books and suicide by > firearms is a *legitimate* use of same. Surely you believe in the "right to > die," don't you? Why is the CDC getting involved in gun death? Is lead a virus? Can you catch Colt .357itis? Is there a vaccine that doesn't leave you brainless and statist? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From amehta at giasdl01.vsnl.net.in Wed Jul 24 15:30:58 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 25 Jul 1996 06:30:58 +0800 Subject: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court Message-ID: <1.5.4.32.19960724181417.002d9ab4@giasdl01.vsnl.net.in> At 21:32 21/07/96 -0800, jim bell wrote: > Why aren't they (still) restricting >PC-type computers for export? Because, I imagine, it did not stop the clones from Taiwan, but severely hurt US computer manufacturers. Ultimately, this is the argument that will bring the US government kicking and screaming to its senses on the cryptography issue. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From Chris.Claborne at SanDiegoCA.ncr.com Wed Jul 24 15:36:24 1996 From: Chris.Claborne at SanDiegoCA.ncr.com (Chris Claborne) Date: Thu, 25 Jul 1996 06:36:24 +0800 Subject: San Diego Cypherpunks Physical Meeting Message-ID: <2.2.32.19960724154407.0070e940@opus> San Diego Area CPUNKS symposium Thursday, August 1st, 1996 Invitation to all Cypherpunks to join the San Diego crowd at "The Mission Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's anonymous e-mail server, "mixmaster", exchange keys, and discuss other topical CP stuff. There's always the semi-topical discussions; Internet Service Provider in San Diego (providing, anonymous remailers and other privacy services), stelth communications, latest Cypherpunk goings-on, Internet happenings (like recent Federal court decision). Don't forget to bring your public key fingerprint. If you can figure out how to get it on the back of a business card, that would be cool. Place: The Mission Cafe & Coffee Shop 3795 Mission Bl in Mission Beach. 488-9060 Time:1800 Their Directions: 8 west to Mission Beach Ingram Exit Take west mission bay drive Go right on Mission Blvd. On the corner of San Jose and mission blvd. It is located between roller coaster and garnett. It's kind of 40s looking building... funky looking (their description, not mine) They serve stuff to eat, coffee stuff, and beer. See you there! New guy, bring your key fingerprint. Drop me a note if you plan to attend. 2 -- C -- ... __o .. -\<, Chris.Claborne at SanDiegoCA.NCR .Com ...(*)/(*). CI$: 76340.2422 http://bordeaux.sandiegoca.ncr.com/ PGP Pub Key fingerprint = 7E BF 38 3F 24 A7 D1 B0 54 44 96 AA 10 D0 5D 51 Avail on Pub Key server. Dreams. They're just screen savers for the brain. From tcmay at got.net Wed Jul 24 15:40:29 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 25 Jul 1996 06:40:29 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: As promised in Part I, here is more on the application of Schelling points to the discussion of "rights" (property rights, rights of parents to tell their children what to do, etc.). We saw that Schelling points, as developed by Richard Schelling and others, are essentially "lower entropy" points. (In fact, I suspect there are formulations which involve so-called "maxiumum entropy" methods which would reproduce the theory of Schelling points; Cover and Thomas hint at this in their "Information Theory" book.) How does this apply to rights? Let us take as an example the contentious issue of "parent's rights," "children's rights," and societal issues involving schooling, child abuse, indoctrination into the body politic, citizenship, etc. * Viewpoint #1: Parents have absolute control of what their minor (under some age, usually 18 and/or resident in their homes) children read, watch on t.v., listen to on the radio, etc. They can control the comings and goings of their minor children, whom they may associate with, etc. * Viewpoint #2: Children, even minor children, have certain basic rights to access to information, access to t.v., radio, music, and books. Even access to crypto! * Viewpoint #3: The State and/or Community has an interest in the upbringing of a child and may take steps to direct the education and exposure to information of children, even in contravention of the wishes of parents. There are of course various shadings of these viewpoints. And examples can be found to defend each of these viewpoints, and also to attack them. (For example, what of the Christian Scientist who lets his 5-year-old die of an easily-curable disease because he believes injections are unGodly? What of the 10-year-old who is taught in public schools how to use condoms (or how to clean dirty needles), in contravention of the wishes of the parent?) Cutting to the chase, I submit that nearly all societies have "evolved" an approach that says: -- "While I may think you are raising your child in a way different from how I would raise him, I cannot take over the raising of your child, and I cannot be in your house/tent/cave/yurt at all times, or even at _any_times, so I will basically not interfere unless something really egregious happens." This is a "Schelling point" in the same way that territorial boundaries develop and are mutually adhered to, for the most part. The _costs_ of extending beyond the Schelling point boundaries is deemed to be too high, and the boundary persists. (Boundaries may jump around, as conditions change. And wars still exist to try to imbalance or move the boundaries. Nothing says the Schelling points are fixed in stone, only that the points are not completely random, and that there is a kind of order out of the chaos.) This is summarized in the most important of all Schelling points: "Live and let live." In the absence of a direct threat to one's self or family, and in the absence of other compelling evidence of a need to intervene, much energy and grief is saved by not trying to intervene in the lives of others. (I believe many of the themes we talk about, here and in libertarian circles, come together in this way. The view of John Rawls, that "justice" is that which an ensemble of people of people would pick, even if they did not what station in life they would be born into, closely fits with this Schelling point model.) ObCrypto Sidebar: The "fair" method for dividing a pie between two people is well-known: "You cut, I choose." This *game theory* result is central to many cryptographic protocols (though it may not always be apparent at first). And the protocol can be extended to 3 parties, and proabably to N. Research is ongoing on this, including Cypherpunk Robin Hanson's work at Caltech. My essay here is not a formal, footnoted proof of my claims, naturally. But I believe my claims to be basically correct, and to offer insights into the debate about "rights"...certainly a Schelling point or evolutionary game theory interpretation of what we call "rights" is superior to an appeal-to-God or "natural rights" interpretation. To get back to the issue of children's rights: I will not expend my energies and risk my life to forcibly gain entry to my neighbor's "castle" to make sure his 7-year-old son is able to view "Power Rangers" when his "rights" to do so are denied by his father. Nor will I pay for cops, Child Protective Services, and a powerful bureaucracy to enforce these "rights." Nor will I demand that this parent send his child to the church I deem most appropriate, nor the school I deem most appropriate, etc. That is, "practical and economic" issues lead me to the conclusion that parents basically can tell their minor children what to do, and that only truly egregious cases, such as clear cases of severe beatings, warrant the interference by the State. The same applies to cryptography. While there are dangers with any technology, including cryptographers, most societies have eventually evolved a system in which one is secure in one's home and papers. Orwell's vision of video cameras in all homes (actually, only of the elites, as the "proles" were unmonitored) has not come to pass, and even in nominally totalitarian states like the U.S.S.R. and P.R.C. there was considerable privacy in the home, at least after the worst of the terrors in the 1930-70 period. (I am not endorsing these states, naturally, just noting that even these states had to recognize the Schelling points of (mostly) not trying to send cops into private residences to enforce marginally-important rules.) Forceful advocates of children's rights, such as Mike Duvos, will no doubt find many points to use to argue for intervention on behalf of children. And in some case, I would even agree. But the basic principle, the "right" of a man to control his own castle, and the "right" not to have people nosing around inside his home, and the very real economic point that a parent pays for services and good consumed in his house, means that the balance of rights _must_ be in the direction of Viewpoint #1 above. Parents are free to raise their children as they see fit. They feed and clothe them, they talk to them about ideas and beliefs, they control the television set and the radio channel tuned to, and so forth. This is basic reality. To change this basic reality would require intervention from outside. And this is too high a price to pay for illusory gains. (I say "illusory" because I don't think intervention from outside would produce better-educated children, though it might produce more controllable citizen-units.) This essay has concentrated perhaps too much on "parent's vs. children's rights," but this is what sparked my desire to write an essay on Schelling points and why certain so-called rights appear to have evolved. I believe the game-theoretic and evolutionary approaches, mixed in with economics, offer the most solid grounding for the discussion of rights. Comments, as always, are welcome. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From maldrich at grci.com Wed Jul 24 15:54:57 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Thu, 25 Jul 1996 06:54:57 +0800 Subject: Question In-Reply-To: Message-ID: On Mon, 4 Sep 1989, Damien Lucifer wrote: > > On Tue, 23 Jul 1996 pjn at nworks.com wrote: > > > OK...A question for you all: > > Man, this is strange. I think C'punks just got time warped by Agents of the Evil Empire or somethin'. pjn wrote on 23 July 96, but Damien Lucifer replied to it on 4 Sep, 1989! Wow! Somebody better call Special Agent Mulder. ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From tcmay at got.net Wed Jul 24 16:03:15 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 25 Jul 1996 07:03:15 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: At 12:54 PM 7/24/96, Alex F wrote: >> >Yes, but concievably if (whoever would be incharge, FBI?) *could*, >> >under law do this, even if they are wrong. It is a lot harder to >> >prove that they intentionally harrassed *you* than it is for them to >> >say that they were following leads and show evidence. Yes, this may >> >> To go to trial, an indictment would be needed. How likely is this? > >The likelyness is irrelevant to the point. Possibility is relevant. >Probability is not. "Likeliness" is _always_ relevent when discussing law. I am not a lawyer, but I've virtually certain that "receiving stolen property" laws involve terms like "knowingly" and/or "conspiracy." That is, "scienter." While "ignorance of the law is no excuse" is certainly true in many cases, the law comprehends the reality that certain actions are not crimes if no knowledge of a criminal act was involved. (Sorry if this is not phrased more clearly.) Thus, the guy who buys a bicycle that later turns out to have been stolen, will usually lose the bicycle, but is not knowingly receiving stolen property and hence is guilty of no crime. And no DA will charge him; the courts and jails are already clogged up enough. Of course, if he _knew_ the bicycle was stolen (e.g., he "placed an order" to have one stolen, a market which actually exists in some places, usually for cars), then "scienter" has been met, and perhaps "conspiracy," and so prosecution is more likely. I maintain that this "wiggle factor" in the law is not something to get worried about ("But they _could_ arrest me for buying a book stolen 10 years ago! We've got to do something!) and is, in fact, essential in any justice system. There just is no "automated" or "formal" system, and probably/hopefully never will be. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From amehta at giasdl01.vsnl.net.in Wed Jul 24 16:03:21 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 25 Jul 1996 07:03:21 +0800 Subject: Would Netscape take money for 'exported' copies? Message-ID: <1.5.4.32.19960724181410.002de7b4@giasdl01.vsnl.net.in> At 22:13 23/07/96 -0400, Anonymous Remail Service wrote: >As I have said before, European & other foreign users, who get the strong- >crypto version should pay Netscape what they owe Netscape, to keep the ITAR >as the issue, and not piracy. Yes, but could/would Netscape even take our money? Wouldn't that be complicity (IA obviously NAL)? I'd imagine they'd just return the money, and tell us to please destroy our copies of the software. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From jya at pipeline.com Wed Jul 24 16:06:07 1996 From: jya at pipeline.com (John Young) Date: Thu, 25 Jul 1996 07:06:07 +0800 Subject: Parsing John Youn (Re: OPS_nuk) Message-ID: <199607241920.TAA22026@pipe2.t1.usa.pipeline.com> On Jul 25, 1996 03:46:19, 'tcmay at got.net (Timothy C. May)' wrote: >P.S. John Young does an invaluable service in forwarding items and making them >available at his site, but I find parsing his text into something >understandable a real chore. Too bad when style gets in the way of substance, >unless, of course, ones aspires to Joycehood. Tim, pity the moot transcriber a-choring (spit). It's a grind (pus) forwarding other's fishwrap (buggers), hardly able to contain one's gibbering idiocy (pee) counterreaction to the new's gratuitous fatuity (dookie). Usually, though, one's bowel-rumblings (Bic lits) pass unnosed in the c'punk parfumerie. From amehta at giasdl01.vsnl.net.in Wed Jul 24 16:19:26 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 25 Jul 1996 07:19:26 +0800 Subject: Ross Anderson's Eternity service Message-ID: <1.5.4.32.19960724194115.002ec630@giasdl01.vsnl.net.in> At 20:13 22/07/96 -0700, Hal wrote: >Sherry Mayo posted here a while back a reference to Ross Anderson's >Eternity service paper, . Got that far, but could not download the Eternity service paper itself. Something about only accepting connections from certain sites. Would someone kind-hearted enough mail me a copy? Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From deviant at pooh-corner.com Wed Jul 24 16:19:37 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 25 Jul 1996 07:19:37 +0800 Subject: Netscape In-Reply-To: <199607241752.KAA02103@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 24 Jul 1996, jim bell wrote: > Date: Wed, 24 Jul 1996 10:52:01 -0800 > From: jim bell > To: The Deviant , > Tom Weinstein > Cc: cypherpunks at toad.com > Subject: Re: Netscape > > At 07:00 PM 7/23/96 +0000, The Deviant wrote: > > >On Mon, 22 Jul 1996, Tom Weinstein wrote: > > >> Also, notice the simple verification system MIT was allowed to use, and > >> the complex one we're required to use. > >> > > > >I'm curious, exactly whop is it that _required_ you to use that system.? > Damn I can't type at that hour. > > Excellent point. There's a difference (or, at least, there had BETTER BE a > difference!) between following the laws and "doing everything the government > wants, exactly the way it wants." It would be interesting to see the > specific explanation which was given Netscape as to why they were required > (if, indeed, they were required...) to use a specific system. > Something which we are still waiting for... > > It seems to me that a far more productive stance by Netscape would have been > to say to the State Department, "We're going to put this software on the > 'net. We're happy to put in any precautions which are SPECIFICALLY required > under law and/or ITAR. However, we insist that you document the fact that > they are required, with full and complete legal explanations for your > assertions. Moreover, we insist that you explain why this position is > consistent with MIT's posting of PGP." > I would have suggested even being as nice as "We'll do the same as MIT does with PGP's distrobution, or RSA does with RSAREF (just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different. > > At the very least, this would have set the government's position WRT ITAR in > stone, Part of the reason the governemnt has gotten so much 'mileage' out > of ITAR is the fact that they morph it to do whatever they want, whenever > they want. The best way to fight this is to tie down their position. > Something which has to be done sometime, sooner preferably. --Deviant Talking much about oneself can also be a means to conceal oneself. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfZthDAJap8fyDMVAQFAnwf9EM7i0HecB4+m7E0Rlz0tbogkVhcdqCoe to1tiW7hz0kyBCeONoAnvJaT0fCGc/R8d7M4G6ZeCsGdb+VY21NbgmKIzhhsCqW5 rnEb0KXQkKGvXiQzZXfBS0kHylO+4to+hSYCQTLyIZZPKLifZvQerZHfGvU3Auos dLk+k1l0kZnoxrzyJDD0hcaAp8Td90J2pbrTr8bgNhqNGozLTuV0QWEnqY5ygWd7 IkTrQppoSJ6zLDMvw52ckDMJCeDsik/Vuh24cqCN9/ztgiol5m1Dq+YYk+48XP3D En+xhgWz0ujttkcY1N5I5HK7QWK17g+LWL/eNfVsxXRTIQkrkKZPuA== =IlTW -----END PGP SIGNATURE----- From markm at voicenet.com Wed Jul 24 16:32:11 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 25 Jul 1996 07:32:11 +0800 Subject: Brute Force attack Question In-Reply-To: <199607241550.KAA00886@galaxy.galstar.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 24 Jul 1996, Igor Chudov wrote: > Suppose Alice sends letters to BoB, and they always exchange plain > text ASCII data. Suppose also that they use DES for encryption. > They are afraid that Perry intercepts their messages and tries to brute > force their DES key. > > Perry has 100,000 computers (and 20,000 couriers alone:) and his brute > force attacks are as follows: he tries all keys in succession, looks at > the decrypted texts, and *if* the decrypted text looks like a potential > message (has only ASCII characters for example) he looks at that key closer > as it is likely that he has found the right key. > > What is Alice and Bob decide to obscure their letters and add random > NON-ASCII characters at random places? They may agree to just ignore > all non-ASCII characters, so these characters would never change the > meaning of their letters. If they do that, Perry does not have any easy > way to tell whether he really recovered the right plaintext or not, because > even correct key would still produce a lot of non-ASCII characters. > > If percentage of ASCII characters in all 256 byte space is 40%, Alice > and Bob may agree to put in junk characters to make up exactly 60% of > the message. This way messages will look like random character data. > > Is there any good method for attackers to circumvent this obscurity? > What is the general method to make a judgment whether the recovered > text really is a plain text if Alice and Bob noisify their letters? > > I can think of this: we sift through all recovered plaintexts and remove > all non-ASCII bytes, and then do some simple testing to see whether > the remaining ASCII data resembles normal English texts. This kind > of testing seems to be quite expensive though, compared to just testing > for ASCII vs. non-ascii bytes. Anything else I am missig? If the attacker uses a known-plaintext attack, then all this is a non-issue. However, if the attacker is using a ciphertext-only attack, looking for the MSB to be 0 is a good way to find a correct decryption. Also, randomness tests could be run on recovered plaintexts. This is why compression before encryption is a good idea. If the plaintext is completely random, then there is no way to crack the ciphertext. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfZzibZc+sv5siulAQEjOAQAsbTWucrq0yI8W1j0C1mQHiciFsRNyabH PatrW7m67qEy4Xgw+D7dDMURjjdkQFOAm1L4t0QCIuUNIa31H74x6e/qnNQn8WAs VBx95B1yQ8RF86rPEMkHO78FVDeQM+/oP2Dqe2/I6dO+pj5YLJ8E1IsBJz+JrUZl eXSDvmYNLp0= =QfTu -----END PGP SIGNATURE----- From s_levien at research.att.com Wed Jul 24 16:44:48 1996 From: s_levien at research.att.com (Raph Levien) Date: Thu, 25 Jul 1996 07:44:48 +0800 Subject: Netscape In-Reply-To: <31F55981.3009@netscape.com> Message-ID: On Tue, 23 Jul 1996, Jeff Weinstein wrote: > Raph Levien wrote: > > > Of course, your hypothetical user who wants to use a 512-bit key and > > 128-bit RC2 is still completely screwed by all currently shipping S/MIME > > products, as well as the S/MIME spec. > > I can't find anything in the S/MIME spec that makes the combination > of 512-bit RSA key and 128-bit RC2 (or 3DES) illegal. The spec says > that you must support RSA key sizes from 512 to 1024. Am I missing > something? By "screwed," I mean that, because of the default settings, a user who wants to receive mail encrypted with ciphers stronger than 40-bit will still receive a majority of messages encrypted at 40 bits. Since S/MIME has not been widely deployed yet, this claim is speculation. However, there is a lot of reason to believe it. The problem is not that the combination is illegal, it's that nobody will actually configure their clients to use it. > > > There is another method that does not require verisign or other > > > CAs to add key size extensions to their certs. We can define > > > a new authenticated attribute that gets included in Signed-Data > > > and Signed-And-Enveloped-Data messages that indicates the > > > user's key size and algorithm preference. This has the advantage > > > that the preference is selected and signed by the user. This > > > method was discussed at the S/MIME meeting in January at the > > > RSA Crypto conference. I'm a bit surprised that it never > > > got into the Implementation Guide. I'll make sure that > > > we bring it up on the smime list again. > > > > I don't like the fact that your proposal leaves clients with absolutely > > no information about symmetric cipher choice until the first round of > > signed messages has been exchanged. In this initial round, the protocol is > > still dependent on the global default. > > How did you get the certificate of the recipient? I assume that you > got it from a degenerate PKCS#7 Signed-Data message as recommended by > the s/mime spec. That degenerate message could contain the attribute > I describe. If you got the certificate by some other means, we would > fall back to your heuristic. Perhaps I'm missing something here. In the model I'm assuming, if I wanted to send you mail, the first thing I'd do is get your certificate. Today, I'd do that by going to the VeriSign Web site, but in the near future I would expect this lookup to be automatic. Either way, it would be up to VeriSign to ship the algorithm preference information along with the X.509 cert (whether by degenerate PKCS#7 or some other means). This means that VeriSign needs to agree to ship the information in response to queries, and also that users keep the VeriSign database up to date with respect to algorithm preferences. This is the infrastructure requirement I referred to, one that isn't present in my proposal. After the first exchange of e-mail, the problem goes away. However, I consider the protection of the inital round to be important. > > P.S. Can we agree not to describe 128-bit RC2 as "strong crypto" until > > it's been subject to more serious scrutiny? It's probably a great cypher, > > but most cautious crypto-people would far rather place their trust in > > Triple-DES. > > Certainly. We will definitely offer 3DES as well as RC2 in our > product. Good. The point I'm making has more to do with representing 128-bit RC2 as being of comparable trustworthiness as 3DES, though, not simply of offering the option. Since RC2 is slower than 3DES, it's not at all clear to me why anyone would choose it. Just to be clear, I'm not arguing with you because I think Netscape will ship a bad product. However, I do see a real danger that, in the field, S/MIME will have severe security problems, mostly because people don't understand how to use it correctly. Carefully explaining the exact strengths and limitations of S/MIME is our best hope of it being deployed as a strong crypto protocol. Since most of the force behind S/MIME now is from marketing, rather than security, people, I don't see much of that going on (as a case in point, from a technical perspective, the recent interoperability testing has been fairly sloppy). It is my hope that Netscape will do better. Raph From sandfort at crl.com Wed Jul 24 16:50:00 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 25 Jul 1996 07:50:00 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 24 Jul 1996 hallam at Etna.ai.mit.edu wrote: > It is shallow logic, but it is Rush's own logic. He promotes the > idea that success is measured in ecconomic terms. The failure of his > TV show demonstrates the failure of his ideas under the criteria > which he himself espouses. Or maybe he is uping the ante. Tell you what Phil, I'll bet you US$50 aganist your L25 (in other words, I giving you odds at the current rate of exchange) that Limbaugh have a nationally TV show on or before 1 October 1996. If you are willing to put your money where your mouth is, just say you agree to these terms in a post to the list. After that, we can agree to appoint someone to declare a winner and hold the money in the meantime. Any volunteers for the honor? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From trollins at interactive.visa.com Wed Jul 24 16:50:18 1996 From: trollins at interactive.visa.com (Tom Rollins) Date: Thu, 25 Jul 1996 07:50:18 +0800 Subject: Brute-forcing DES Message-ID: <199607242034.QAA29999@rootboy.interactive.visa.com> Hi, Anyone have a FPGA chip PCI board layout that they would like to share. Having seen the paper "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security", the FPGA chip seems like a perfect addition to my pc. Count me in... Thanks, -tom > Any one up for a distributed brute force attack on single DES? My > back-of-the-envelope calculations and guesstimates put this on the > hairy edge of doability (the critical factor is how many machines can > be recruited - a non-trivial cash prize would help). -- Tom Rollins From rodger at interramp.com Wed Jul 24 16:54:18 1996 From: rodger at interramp.com (Will Rodger) Date: Thu, 25 Jul 1996 07:54:18 +0800 Subject: Shell buys key escrow system from Trusted Info. Systems Message-ID: <1.5.4.32.19960724205204.006741a0@pop3.interramp.com> -----BEGIN PGP SIGNED MESSAGE----- Administration officials didn't return calls for comment, but it's clear that the Clinton-Gore team have their first "testbed" for trying out key recovery, or key escrow, proposals. Steven Walker, president of Glenwood, Md.'s Trusted Information Systems Inc., told Inter at ctive Week late last week that TIS will supply his company�s Gauntlet Firewall technology, complete with commercial key escrow capabilities, to an a large multinational with headquarters outside the United States. The multinational company will self-escrow, that is handle all encryption keys itself, in cooperation with the British government, sources close to the deal said. Walker declined to name the company, but several Washington-based sources confirmed the buyer is Royal Dutch Shell. The deal represent the first time that a foreign buyer has purchased a US key escrow product without escrowing keys in the US. Indeed, TIS has sold only one other system for export abroad, one which involved communications between the US and the UK with US key escrow. Walker, widely credited with devising the controversial commerical key escrow system now being promoted by the current administration, claimed "there really is an important issue here in finding a balance between the interest of government and those of industry. A policy that says anyone who wants to export strong encryption as long as there is key recovery is an important development." The success of the deal and others like it could figure heavily in the Clinton administration's ability to sell it its latest proposals on commercial key escrow; a recent report from the National Research Council recently warned that such efforts were unproven and required serious examiniation before they could be deployed. Long-time critics of the proposal have, in turn, leveled the same criticisms. Jim Bidzos, President of RSA Data Security Inc. and a long-time foe of administration policy said he doubted the market would rush to purchase products like Trusted Information Systems,� but said he was slightly more hopeful for a resolution to the controversy than he had been previously. "I�ve said all along that user key escrow is the only thing that makes sense," Bidzos said. Users who hold their own keys "can comply with any regulation in the world - if you want to give your keys to France or whoever you can � that�s your business. If it's good enough for the CIO, it's good enough for the CIA." Royal Dutch Shell officials said security considerations forbade confirming a sale had been made, but freely admitted to having had talks with TIS. The company�s interest key escrow, computer security head Nick Mansfield said, lay principally in getting access to records after keys had been lost, stolen or otherwise disabled. The Gauntlet firewall, nonetheless, encrypts and decrypts messages as they arrive; it does not store messages in encrypted form. "To us it�s not a matter of �going along� with key escrow, it�s a matter of doing business," Mansfield said. ********* A shorter, slightly less jargon-laden version of this story appeared in the 7/22 issue o fInter at ctive Week. An archived copy should be on our site (http://www.zdnet.com/intweek) by week's end. Will Rodger Washington Bureau Chief Inter at ctive Week -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfa2sUcByjT5n+LZAQE4nAf7BA5X2f3LX1KQXXygkYtaGWc6qMgDEFWA cYlQNtVw+KS+h8hNRmpZ4KWaUJS1iwHPfwaS0XqI40gVGyZE2mYBmF6RybAkLKKV zGXEyIlAVxKOz2FsRQ35Tg1VV5Y8NaL+YxK3uUcutLHBK/Vxq7iLcnaqRn2klfYM 6ImSKecHMU2NzaB8JGIIJbAuG7NpGmLj/O4BEP3ccoNeA3NQ1fIAujMyL12gbdPF TUZVUOLsj5eHG1dwqRmSUdsNHcwYoQ6WFX2waIdot0Ia/nph/ERpliVjkccIsKsz q+qDeH0fz3ZoENS/zqUy9ilHwLcAdMoiyQzlm06dZBRf+O9rqpDjKA== =RJjm -----END PGP SIGNATURE----- From tcmay at got.net Wed Jul 24 16:54:25 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 25 Jul 1996 07:54:25 +0800 Subject: Parsing John Youn (Re: OPS_nuk) Message-ID: At 3:30 PM 7/24/96, John Young wrote: > The WSJ Page Ones a loser's game about the CIA's role in > promoting Japanese pachinko cards to halt the surreptitious > funneling of betting cash to the construction of a North > Korean nuclear plant. And the op's nuking by the Kobe quake > looting of card-reading mechanisms, cracking encryption > codes, and counterfeiting not-so-smart cards for counter- > tipping the house fix. Mondex, watcher bleedin arse. Huh? (If anyone has a decryption key for this, please send it to me.) --Tim P.S. John Young does an invaluable service in forwarding items and making them available at his site, but I find parsing his text into something understandable a real chore. Too bad when style gets in the way of substance, unless, of course, ones aspires to Joycehood. Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From talon57 at well.com Wed Jul 24 17:08:31 1996 From: talon57 at well.com (talon57 at well.com) Date: Thu, 25 Jul 1996 08:08:31 +0800 Subject: Distributed DES crack Message-ID: <199607242028.NAA20103@well.com> Matt Blaze scribes: >My estimate is that an FPGA-based machine that can do a single DES >key every four months (eight months to exhaust the whole keyspace) >could be built with off-the-shelf stuff for comfortably under $50k >(plus labor, plus software development costs). A prototype board >should cost under $1000 and will help prove the concept and get a >more accurate cost estimate. I expect to build such a prototype >machine myself, and, if it works as I expect, maybe the whole >thing. >-matt If the price is reasonable, I for one would be willing to donate the bucks for a FPGA chip or two to see this get built: -------------------- | Chip donated by | | talon57 at well.com | -------------------- The very existance of this device in the real world would make our point better than anything I've yet heard. Imagine being at a hearing and having the physical device sitting there before the judges...... Brian From reagle at rpcp.mit.edu Wed Jul 24 17:13:46 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Thu, 25 Jul 1996 08:13:46 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <199607242129.RAA00154@mccannerick-bh.mccann.com> At 09:57 PM 7/20/96 -0700, you wrote: > >Game theory is terribly important to Cypherpunks. Just to make a plug for my thesis, people can find some of this discussed at: http://far.mit.edu/~reagle/commerce/thesis/thesis.html . The SanteFe Inst. references might be of particular interest with respect to decentalized economies and such. _______________________ Regards, There is no greater sorrow than to recall a time of happiness in misery. -Dante Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From LKWendel at aol.com Wed Jul 24 18:33:00 1996 From: LKWendel at aol.com (LKWendel at aol.com) Date: Thu, 25 Jul 1996 09:33:00 +0800 Subject: E-Cash promotion idea Message-ID: <960724185337_369434219@emout09.mail.aol.com> In a message dated 96-07-24 11:30:07 EDT, paul at ljl.com (Paul Robichaux) writes: << The Visa stored-value cards now in Atlanta don't do this, but as a simplifying measure most vendors in the Olympic Village (and many within the downtown venue ring) have rounded prices to the nearest US$. The precedent's been set. >> I'm confused. Why can't the Visa Stroed Value program accept exact amount on the card? And if the card runs out of value and is not reloadable, why not just supplement the difference with cash? Regards, Lisa Kops-Wendel From morgan at keilin.helsinki.fi Wed Jul 24 18:33:20 1996 From: morgan at keilin.helsinki.fi (Joel Morgan) Date: Thu, 25 Jul 1996 09:33:20 +0800 Subject: Brute Force attack Question (basic) In-Reply-To: <199607241758.NAA18324@jekyll.piermont.com> Message-ID: <199607242226.BAA10149@keilin.helsinki.fi> Perry E. Metzger writes: > > Igor Chudov writes: > > What is Alice and Bob decide to obscure their letters and add random > > NON-ASCII characters at random places? > > Assuming I'm using a statistics based technique, that won't help. > Some fairly basic questions: 1) Is a statistical test like this done on the net composition of the whole message or locally, point by point throughout the text (for example, using a window)? 2) If what's tested is the net composition of the message, could you choose padding to normalize a message back to an apparently random distribution? 3) What kind of computation overhead does this statistical testing impose (compared to what would be needed for a known-plaintext search)? Thanks, Joel/ -- ===================================================================== Joel.Morgan at Helsinki.FI http://blues.helsinki.fi/~morgan "Over the mountains there are mountains." -- Chang-rae Lee ===================================================================== From olmur at dwarf.bb.bawue.de Wed Jul 24 18:33:23 1996 From: olmur at dwarf.bb.bawue.de (Olmur) Date: Thu, 25 Jul 1996 09:33:23 +0800 Subject: Brute Force DES In-Reply-To: <199607222043.NAA06313@toad.com> Message-ID: I have to offer an RS/6000 (PowerPC) and a P150 working full-time and another RS/6000 and 10-15 Pentiums working nights and weekends. Michael From aba at dcs.ex.ac.uk Wed Jul 24 18:36:21 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Thu, 25 Jul 1996 09:36:21 +0800 Subject: Exporting cryptosystems in pieces: Re: Question [NOISE, mostly] In-Reply-To: <199607240942.CAA19145@toad.com> Message-ID: <199607241835.TAA00366@server.test.net> Bill Stewart writes: > Vince Cate's arms exporter page lets you export a highly-useful > fully working cryptosystem in three lines with one mouse click > (developed by Adam Back and an international cast of dozens.) Vince Cate: http://online.offshore.com.ai/arms-trafficker/ export RSA: http://www.dcs.ex.ac.uk/~aba/rsa/ > Adam Back's export-three-lines-of-PGP-at-once is a more blatant test > of this; go see his web pages. export PGP: http://www.dcs.ex.ac.uk/~aba/export/ Adam From jya at pipeline.com Wed Jul 24 18:39:03 1996 From: jya at pipeline.com (John Young) Date: Thu, 25 Jul 1996 09:39:03 +0800 Subject: Pro-Crypto Fireworks Message-ID: <199607242219.WAA05628@pipe5.t1.usa.pipeline.com> Fireworks expected at Thursday encryption hearing Washington, July 24 (Reuter) -- After sailing through two quiet subcommittee hearings, a bill to relax restrictions on computer encoding faces a much choppier ride before the full Senate Commerce Committee on Thursday. The committee will hear from some of the Clinton administration's big guns on crime and national security, including FBI Director Louis Freeh and William Crowell, deputy director of the National Security Agency. [Snip] Netscape's James Barksdale, who entranced senators at a June 12 subcommittee hearing, will return Thursday to again make the case for relaxing export restrictions. [Snip] Others expected to testify Thursday include William Reinsch, undersecretary for the Bureau of Export Administration at the Commerce Department; Tandem Computers Inc. President Roel Pieper; and Grover Norquist, president of Americans for Tax Reform. The hearing will be broadcast live over the Internet, starting at about 9:15 a.m. EDT using Progressive Network's Real Audio software. The technique was first used at a June 26 subcommittee hearing on the encryption bill. Computer users anywhere in the world with sound capability can tune in at http://www.hotwired.com/wiredside. ----- From alanh at infi.net Wed Jul 24 18:43:33 1996 From: alanh at infi.net (Alan Horowitz) Date: Thu, 25 Jul 1996 09:43:33 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu> Message-ID: Phil, are you saying that you're a better businessman than Rush Limbaugh? Can we see some 1040's, please? From jgrasty at gate.net Wed Jul 24 18:46:07 1996 From: jgrasty at gate.net (Joey Grasty) Date: Thu, 25 Jul 1996 09:46:07 +0800 Subject: My Cypherpunk Patriotism Message-ID: <199607242218.SAA25988@osceola.gate.net> Y'all: I received the following fan mail today, in regards to my announcement of the WinSock Remailer. In my announcement, I noted that I have blocked the Church of Scientology discussion groups alt.religion.scientology and alt.clearing.technology. The author shall remain anonymous: > Please make your blocking configurable in a text file that > the remailer reads at startup time. Other people who install > your remailer may not feel the need to surrender to > the Church of Scientology's legal terrorism the way you have. Anyone who has checked my webpage (http://www.c2.net/~winsock/) knows that the blocking lists are entirely up to the user. Let me state clearly that I'm just not interested in the Church of Scientology, its supporters or detractors. My interest is in writing remailers and seeing that the remailers are widely distributed. If I involve myself in this COS mess, then I'm distracting myself from my mission, which is writing remailers. Fighting "wars" is for the young and strong. Think of me as a weapons designer. I build the weapons, someone else fights the wars. Freedom needs weapons designers and warriors. That is my version of "Cypherpunk Patriotism". I offered my detractor a copy of the remailer so that he can run his own remailer and fight his war with COS. Let's see if he puts up or shuts up. My guess is the latter. Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From aba at dcs.ex.ac.uk Wed Jul 24 18:56:14 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Thu, 25 Jul 1996 09:56:14 +0800 Subject: violating ITAR In-Reply-To: <1.5.4.32.19960724124527.002ef944@giasdl01.vsnl.net.in> Message-ID: <199607241854.TAA00377@server.test.net> Arun Mehta writes: > At 21:43 21/07/96 -0500, snow wrote: > > > > Put up enough money to defend me and tell me how I can get arrested. You could try exporting this, and turning yourself in to the feds: #!/bin/perl -sp0777i > I'm not doing a lot at the moment, and I wouldn't mind getting my 15 > >minutes of fame at this point. > > I could spare the time too. Maybe you (and whoever else > volunteers) Would there be safety in numbers perhaps? I wonder how many people would be interested in exporting a share of PGP, say a 50th part or however many exports you can interest. It'd probably be a good idea for someone outside the US to organise so that there'd be no discernable `ring-leader' they could pin it on in the US. > [IRC] Just post it here, and Cc it president at whitehouse.com, and some fed informants email if there is one! Adam -- http://www.dcs.ex.ac.uk/~aba/rsa/ From perry at alpha.jpunix.com Wed Jul 24 18:57:37 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Thu, 25 Jul 1996 09:57:37 +0800 Subject: Keyserver at jpunix.com is retiring Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The PGP public keyserver at jpunix.com has developed a stability problem over the past week or two that I can't seem to account for. The keyserver stops in the middle of a run and leaves the lock file so all incoming key requests get backed up until I notice it and manually fix it. Having to continually monitor the keyserver has become burdensome and is not doing anyone any good. I've always been happy to provide the keyserver as a public service to the PGP users community but, the keyserver is not getting any better no matter what I do to try and fix it. There are no errors generated and no log entries to point me to what the problem is. With this in mind, I have decided to retire the keyserver at jpunix.com effective 07/27/96 sometime in the AM Central Standard Time. If you have any applications that point to this server, I would ask that you point your application to one of the other servers or make some arrangement to use a different server. It's been an honor and a pleasure to provide this service and I apologize in advance for any inconvenience this may cause. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfacNFOTpEThrthvAQGl0AQAjcBWAe4beWMCZ6yyeoxkgPqjm3hyVmgb 7DeX8/MQ8tpOG+pMzalslBfWRtOaOk9mU/q2N82gEIq6/QcEvY8yUF105+87k6h3 U7mjBnbSjIAGOHBBARo2kzzmfxqVDCoo9SW+idm94HBNeRsIeFFGndII2YHivyP7 milYetDY0b8= =OkkS -----END PGP SIGNATURE----- From llurch at networking.stanford.edu Wed Jul 24 19:02:20 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 25 Jul 1996 10:02:20 +0800 Subject: FTP Software Licenses Pretty Good Privacy 07/23/96 In-Reply-To: <9607241721.AA01343@rpcp.mit.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Yes, this was in InfoWorld a couple weeks ago. But... > Under the terms of the agreement, PGP has licensed its encryption > software to FTP for use in OnNet32 2.0 for Windows 95 and Windows NT, > both versions of which will ship in the third quarter of this year on > both sides of the Atlantic. ^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^ This is news. I'd asked for clarification of this point, but I guess everybody killfiled me. Oh well. - -rich [blue-ribbon disclaimer: it's called sarcasm, son, SARCASM] censor the internet! http://www.stanford.edu/~llurch/potw2/ boycott fadetoblack! http://www.fadetoblack.com/prquest.htm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfacQJNcNyVVy0jxAQF8dgIArltZs6Hpa8ij9XdqVPf/5+AEogZsAh5u Jxz7JtYoiajhpAsak8iftJpv3h/5nQ8SEpT3L4k8ZPcqCH4Y6gCQiQ== =o3cQ -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Wed Jul 24 19:06:16 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 25 Jul 1996 10:06:16 +0800 Subject: Brute Force DES In-Reply-To: <199607241617.MAA18214@jekyll.piermont.com> Message-ID: "Perry E. Metzger" writes: > > The Deviant writes: > > Buy the point is to prove that DES shouldn't be used, not that it CAN > > be brute forced. A known-plaintext attack doesn't show that. We hafta > > attack something we've never seen. (i.e. talk Netscape, or some other > > company, into generating a DES'd message, and keeping the keys safe) > > Known plaintext isn't needed. You just need a plaintext with some > decent statistical properties. May I suggest that a better demonstration for the public would be to allow any person take a pre-determined text (such as "cypherpunks"), encrypt it wtih a key of their choice (40-bir or 56-bit, depending on what we're trying to prove), (i.e. demonstrating that some 40-bit key scheme is unsafe may be sufficient ) send the cyphertext to a GruborBot via e-mail or Web page, and get back within reasonable time the key(s) that were used. I think this is feasible; whether it's all lookup table or some lookup and some computation is details. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From alanh at infi.net Wed Jul 24 19:06:41 1996 From: alanh at infi.net (Alan Horowitz) Date: Thu, 25 Jul 1996 10:06:41 +0800 Subject: When books are outlawed In-Reply-To: Message-ID: << On Our Backs magazine>> That's "Off Our Backs". Very much at the forefront of the PC-gestapo-thought-police trend. Also has a _fabulous_ running comic strip about the reality of lesbian relationships. "Dykes to watch out For", if my memory serves me well. From perry at alpha.jpunix.com Wed Jul 24 19:09:59 1996 From: perry at alpha.jpunix.com (John Perry) Date: Thu, 25 Jul 1996 10:09:59 +0800 Subject: Keyserver at jpunix.com is retiring Message-ID: <199607242157.QAA27543@alpha.jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- The PGP public keyserver at jpunix.com has developed a stability problem over the past week or two that I can't seem to account for. The keyserver stops in the middle of a run and leaves the lock file so all incoming key requests get backed up until I notice it and manually fix it. Having to continually monitor the keyserver has become burdensome and is not doing anyone any good. I've always been happy to provide the keyserver as a public service to the PGP users community but, the keyserver is not getting any better no matter what I do to try and fix it. There are no errors generated and no log entries to point me to what the problem is. With this in mind, I have decided to retire the keyserver at jpunix.com effective 07/27/96 sometime in the AM Central Standard Time. If you have any applications that point to this server, I would ask that you point your application to one of the other servers or make some arrangement to use a different server. It's been an honor and a pleasure to provide this service and I apologize in advance for any inconvenience this may cause. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfacNFOTpEThrthvAQGl0AQAjcBWAe4beWMCZ6yyeoxkgPqjm3hyVmgb 7DeX8/MQ8tpOG+pMzalslBfWRtOaOk9mU/q2N82gEIq6/QcEvY8yUF105+87k6h3 U7mjBnbSjIAGOHBBARo2kzzmfxqVDCoo9SW+idm94HBNeRsIeFFGndII2YHivyP7 milYetDY0b8= =OkkS -----END PGP SIGNATURE----- From a-billol at microsoft.com Wed Jul 24 19:12:05 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Thu, 25 Jul 1996 10:12:05 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: Alan Horowitz writes: > >Phil, > >are you saying that you're a better businessman than Rush Limbaugh? > >Can we see some 1040's, please? Rush Limbagh is a big fat *RICH* idiot. > From mpd at netcom.com Wed Jul 24 19:21:07 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 25 Jul 1996 10:21:07 +0800 Subject: Data Sources for DES Breaking Message-ID: <199607242051.NAA13352@netcom5.netcom.com> Given that we might embark upon this public demonstration of the fragility of single DES, what should we use for test data? If a lone Cypherpunk simply encrypts a file with DES-ECB, hides the key in a drawer, and publishes the cyphertext and plaintext for use in a distributed cracking effort, there will of course be the suggestion that the exercise was rigged, and any public policy implications will be lost in the endless "Was So/Was Not" quibbling which will undoubtedly take place after the crack is complete. Given that most of the people currently singing the praises of single DES live in the banking industry, which has so far resisted all reasonable suggestions that it is time for them to move to something stronger, it would seem almost obvious that this crack should be done on some form of live financial data, such as might be obtained if one were to capture bits passing over publicly accessible phone lines between various financial institutions, ATM machines, and centralized computer facilities. The ideal data would be replete with prepended fixed headers which could be used as a wedge for a known plaintext attack, and should be sufficiently sensitive that breaking it will result in scandalous tabloid headlines and numerous opportunities for Cypherpunks to promote their policy agenda in the media. DES is, after all, a prime example of the type of encryption one gets when the government, rather than the brightest minds in the private sector, are in charge of determining National Crypto Policy and mandating the use of "approved" techniques. I would suggest we obtain the test data for this exercise as soon as possible, and widely disseminate it on the Net. There is no need to wait until we have distributed cracking software ready to go before doing this, and having the actual data to play with while munging the code together may lead to some new insights as to efficient ways to attack the problem. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From adamsc at io-online.com Wed Jul 24 19:51:13 1996 From: adamsc at io-online.com (Chris Adams) Date: Thu, 25 Jul 1996 10:51:13 +0800 Subject: Boobytraps and the American Legal System Message-ID: <199607242154.OAA16374@cygnus.com> On 24 Jul 96 01:21:34 -0800, dlv at bwalk.dm.com wrote: >I think Tim May is growing senile... This is new? >> (Later examples were to be even worse. For example, the burglar who climbed >> on a roof and stepped through a skylight. He sued, and won. I guess the >> owner of the property was obligated to install night lights so burglars >> could see their way, and to generally make his property more >> "burglar-friendly." > >Actually, he fell through the roof of a school he was trying to burgalize. > >In a similar incident a burglar broke into a house that was being treated >for pests (i.e., was full of toxic fumes). He died; his family sued the >owners and won. > >Maybe someone can post a reference to these two cases. I recall that both >happened in New York, but I could be wrong. I remember hearing about a case on this end of the continent (west coast) that involved a store that had been robbed many times. The owner noticed that most burglars came through the skylight, so he electrified it. Not much of a charge, just something like 12 volts - enough to keep someones hands off of it... However, a klutzy burglar managed to fall into the skylight and get stuck. His partner deserted him. Over the course of several hours, he died... *ouch* Needless to say, his next-of-kin sued and won. The guy lost his store. Another one I liked: in (I believe) Pennsylvania, a drunk peed on an electrified third rail. His next of kin sued the trolley company and won... A man tried to commit suicide in Chicago by jumping onto an El track. He was only crippled, so he sued and won! // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From david at sternlight.com Wed Jul 24 20:06:42 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 25 Jul 1996 11:06:42 +0800 Subject: Kids and Computer Privacy Was Re: No more stupid gun thread ... In-Reply-To: <1.5.4.16.19960724164258.0b775f04@arc.unm.edu> Message-ID: >At 03.48 AM 7/24/96 -0500, Scott Schryvers wrote: >>Under Itar crypto is a weapon. False. It is "ancillary military equipment" or some such. David From david at sternlight.com Wed Jul 24 20:10:12 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 25 Jul 1996 11:10:12 +0800 Subject: Netscape In-Reply-To: <199607241431.QAA05718@basement.replay.com> Message-ID: At 7:31 AM -0700 7/24/96, Anonymous wrote: >Jeff Weinstein wrote: >> I'm also curious why these anonymous crusaders did not act >> sooner? The US version has been available for sale in retail >> outlets for about a year now. Was it not worth $50 to make >> your point? > >If you look real carefully at ftp://utopia.hacktic.nl/pub/replay >/pub/incoming you'll notice that the "commercial" 2.01 for Win32 >has actually been uploaded. > >The reason that is was not done sooner is probably that it felt >more like stealing to upload software that Netscape expected you >to pay for. Now that Netscape is finally giving away strong crypto >versions to anybody who asks for it (and claims to be an American) >it isn't really stealing in the same sense anymore. It's just ITAR >we're ignoring, not Netscape's commercial interests. The above statement is false. You have to agree to the license for the beta, and the release will likely have the same terms as before--you have to buy it unless you're a US student or some such. Netscape is NOT "giving it away". Even the no-charge users are licensed under carefully crafted terms. And as the copyright owner, they, not you decide on redistribution policy even for cases where it is a no-charge copy. So it IS stealing to redistribute without permission--it is THEIR intellectual property and only they may decide on what terms others may have a copy. And yes, I'm a licensed user and paid for mine. David From david at sternlight.com Wed Jul 24 20:12:18 1996 From: david at sternlight.com (David Sternlight) Date: Thu, 25 Jul 1996 11:12:18 +0800 Subject: Netscape In-Reply-To: <199607241752.KAA02103@mail.pacifier.com> Message-ID: At 11:37 AM -0700 7/24/96, The Deviant wrote: >(just so you'll >know, RSA's FTP basicly has a readme file that says "the files in subdir >of a dir thats -r+x to you, so if you're a citizen go to >dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why >Netscape should be any different. I don't KNOW, but a reasonable speculation is because Netscape is a complete operating package and RSAREF is a set of subroutines or (in the case of MIT PGP, a pre/post processor). If, as I have often speculated, the objective is to keep mass market software with strong crypto out of foreign hands (and Netscape certainly qualifies given the number of copies out there), then one would expect more stringent rules for it, the Microsoft browser (when IT gets strong crypto), Lotus Notes, etc. David From frissell at panix.com Wed Jul 24 20:16:58 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 25 Jul 1996 11:16:58 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: <2.2.32.19960725002302.008aeae0@panix.com> At 10:26 AM 7/24/96 -0800, jim bell wrote: >Isn't it odd that when music is sold, CD's are MORE expensive than cassette >tapes, even though you _know_ that the manufacturing cost of CD's is less? CDs sell for more because buyers decided that they wanted a wider range of titles with shallower sales (hence higher unit costs) rather than a narrower range of titles with lower sales prices. The number of CD titles available is far greater (in general distribution) than the number of vinyl titles that were available during vinyl's peak year. This greater availability of short run pressings raises average unit sales costs justifying the higher prices. Had the market decided (when physical production costs fell) that it was satisfied with a Top-40 CD stock, average CD prices would have fallen to vinyl levels. >Another oddity: The price for a blank, standard-quality videocassette is >about the same as that of a blank, standard-quality audio cassette tape, >despite the fact that the volume of tape included in the former is probably >about a factor of 10 higher. Materials cost is a minor part of total cost. In both cases, the cost of production is a small part of the cost of goods sold. Almost all of that cost is the cost of marketing (as with all mass-market products in a modern capitalist economy. DCF "The only adequate description of the Universe is the Universe itself. The only fair price of an item is the market price. Neither the Universe nor the Market can be adequately duplicated in the head of a Congresscritter." From adam at homeport.org Wed Jul 24 20:23:59 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 25 Jul 1996 11:23:59 +0800 Subject: Brute Force DES In-Reply-To: Message-ID: <199607250209.VAA03377@homeport.org> "I can contribute an 286 full time and a powerPC on evenings." Thats just great. Really. Thanks so much. With 15 machines working nights and weekends, it should take only another 100,000 messages like that one to get us to the point where we can crack DES in a year. I don't want to slam people offering machines. But there will be a time & place to pony up for keyspace to start searching. Now is not that time. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at homeport.org Wed Jul 24 20:25:35 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 25 Jul 1996 11:25:35 +0800 Subject: Data Sources for DES Breaking In-Reply-To: <199607242051.NAA13352@netcom5.netcom.com> Message-ID: <199607250219.VAA03426@homeport.org> This did not happen when cypherpunk Hal Finney posted a message and challenge; everyone saw that resources were assembled, and the key was cracked. What I see as more likely than 'did/did not' is the Netscape-style assertion that the computer time used cost N million dollars (Ok, NS claimed the compute cycles were worth $10,000.) As such, the analysis needs to be presented in light of the fact that 3des would take 3 times as long to encrypt, and take 2**56 times as many dollars worth of compute power to decrypt. To put that to scale, if the computer power to break des is one cent, the federal debt (5 trillion) wouldn't get you close to breaking 3des. Or IDEA takes roughly as long to encrypt, and is even stronger. And available to forigners, since it was invented, and patented, in the free world. Adam Mike Duvos wrote: | If a lone Cypherpunk simply encrypts a file with DES-ECB, hides | the key in a drawer, and publishes the cyphertext and plaintext | for use in a distributed cracking effort, there will of course | be the suggestion that the exercise was rigged, and any public | policy implications will be lost in the endless "Was So/Was Not" | quibbling which will undoubtedly take place after the crack is | complete. -- "It is seldom that liberty of any kind is lost all at once." -Hume From hua at chromatic.com Wed Jul 24 20:49:32 1996 From: hua at chromatic.com (Ernest Hua) Date: Thu, 25 Jul 1996 11:49:32 +0800 Subject: Cheap tapes vs expensive CD's (Way off topic) In-Reply-To: <199607241726.KAA00302@mail.pacifier.com> Message-ID: <199607242332.QAA26547@server1.chromatic.com> [ No longer Cc: cypherpunks at toad.com ] > Isn't it odd that when music is sold, CD's are MORE expensive than cassette > tapes, even though you _know_ that the manufacturing cost of CD's is less? Perceived value-add of digital recordings (more faithful reproduction, longer life, etc.). It is assumed that, over time, such discrepancies will diminish as more competition show up. Meanwhile, you get effects like the Chinese "stealing" American intellectual property for a song. Ern From adam at homeport.org Wed Jul 24 20:54:02 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 25 Jul 1996 11:54:02 +0800 Subject: My Cypherpunk Patriotism In-Reply-To: <199607242218.SAA25988@osceola.gate.net> Message-ID: <199607250229.VAA03459@homeport.org> I'd like to publicly commend Joey for releasing a winsock remailer. Having a remailer that will run on 50 million desktops is a very powerful and important fact, and one that will make it much harder to destroy the remailer network. I'd also expect to see a lot more remailers a year or so from now. (Technology takes time to catch on.) Adam Joey Grasty wrote: | I received the following fan mail today, in regards to my | announcement of the WinSock Remailer. In my announcement, I | noted that I have blocked the Church of Scientology discussion | groups alt.religion.scientology and alt.clearing.technology. | The author shall remain anonymous: | | > Please make your blocking configurable in a text file that | > the remailer reads at startup time. Other people who install | > your remailer may not feel the need to surrender to | > the Church of Scientology's legal terrorism the way you have. | Fighting "wars" is for the young and strong. Think of me as | a weapons designer. I build the weapons, someone else fights | the wars. Freedom needs weapons designers and warriors. | | That is my version of "Cypherpunk Patriotism". -- "It is seldom that liberty of any kind is lost all at once." -Hume From snow at smoke.suba.com Wed Jul 24 20:54:44 1996 From: snow at smoke.suba.com (snow) Date: Thu, 25 Jul 1996 11:54:44 +0800 Subject: LIMBAUGH ON TV In-Reply-To: Message-ID: On Wed, 24 Jul 1996, Sandy Sandfort wrote: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > On Wed, 24 Jul 1996 hallam at Etna.ai.mit.edu wrote: > > It is shallow logic, but it is Rush's own logic. He promotes the > > idea that success is measured in ecconomic terms. The failure of his > > TV show demonstrates the failure of his ideas under the criteria > > which he himself espouses. > Or maybe he is uping the ante. Tell you what Phil, I'll bet you > US$50 aganist your L25 (in other words, I giving you odds at the > current rate of exchange) that Limbaugh have a nationally TV show > on or before 1 October 1996. > If you are willing to put your money where your mouth is, just > say you agree to these terms in a post to the list. After that, > we can agree to appoint someone to declare a winner and hold the > money in the meantime. Any volunteers for the honor? If you trust me, I'll hold the cash under the following stipulations: 1) The exact terms of the bet are spelled out in writing and digitally signed by both parties. 2) That an agreement on the term "nationally TV show" is reached. 3) That the payment is in the form of a cashiers check made out to the me, and that each person send a SASE with their cashiers check so that I can send the winner their check, without having to deal with it. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From blancw at microsoft.com Wed Jul 24 20:55:58 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 25 Jul 1996 11:55:58 +0800 Subject: FW: Schelling Points, Rights, and Game Theory--Part II Message-ID: From: tcmay at got.net >...certainly a Schelling point or evolutionary game >theory interpretation of what we call "rights" is superior to an appeal-to-God or "natural rights" interpretation. ........................................................................ ................. So there is the "game theory" interpretation of "rights" as would be understood by an individual within a group of 2 or more, or a "society" of many individuals, and then there is the interpretation of how anyone might interpret the concept even if they were not a member of any society but lived totally alone in the wilderness? I don't know why these would be categorized as being part of a "game" - evolutionary or otherwise. A game is something that is evaluated somewhat outside the context of our regular life - a diversion, an accessory, even if it also can be taken seriously or if it can become a career for some people. It is not given the same significance as other practical pursuits like medicine or engineering, which are intended to have definite, practical, beneficial results. Any person normally posseses some ability to determine the propriety to themselves of certain things in existence: they have some measure of ability to make judgements over what is "right" or "wrong" for humankind similar to themselves. Most people develop some sensitivity to the difference between that which is destructive to the goals & values of living things versus that which is supportive of them; most everyone is expected to improve the ability to think about these things as they grow up, even if they don't hold formal arguments with anyone else about it. But people's minds work on overtime and just because they can make judgements, they therefore do make judgements, and furthermore they intend that everyone else should accept these same conclusions - they go into "global mode", expecting that their perspective will be incontestably valid over all. But I wouldn't think that they imagine themselves to be playing a game. I think they're quite serious about it, and "rightly" so, as the consequences of these decisions have major effects upon the quality of their life and happiness. I think that to think of these concepts in terms of game theory is to miss the place of significance which these decisions have in the life of conscious, self-determining beings like ourselves; that it doesn't do justice to the need to achieve correspondence with the facts of life & molecular physics. Or, what's the Prize for these Olympics (and who cares)? .. Blanc ~ Blanc From snow at smoke.suba.com Wed Jul 24 20:56:53 1996 From: snow at smoke.suba.com (snow) Date: Thu, 25 Jul 1996 11:56:53 +0800 Subject: Digital Watermarks for copy protection in recent Billbo In-Reply-To: Message-ID: On Thu, 25 Jul 1996, Timothy C. May wrote: > I am not a lawyer, but I've virtually certain that "receiving stolen > property" laws involve terms like "knowingly" and/or "conspiracy." That is, > "scienter." > > While "ignorance of the law is no excuse" is certainly true in many cases, > the law comprehends the reality that certain actions are not crimes if no > knowledge of a criminal act was involved. (Sorry if this is not phrased > more clearly.) > > Thus, the guy who buys a bicycle that later turns out to have been stolen, > will usually lose the bicycle, but is not knowingly receiving stolen > property and hence is guilty of no crime. And no DA will charge him; the > courts and jails are already clogged up enough. Of course, if he _knew_ the > bicycle was stolen (e.g., he "placed an order" to have one stolen, a market > which actually exists in some places, usually for cars), then "scienter" > has been met, and perhaps "conspiracy," and so prosecution is more likely. Unless the point is not to prosecute, but to harass. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From tomw at netscape.com Wed Jul 24 21:46:24 1996 From: tomw at netscape.com (Tom Weinstein) Date: Thu, 25 Jul 1996 12:46:24 +0800 Subject: Netscape In-Reply-To: Message-ID: <31F6D034.237C@netscape.com> The Deviant wrote: > > I would have suggested even being as nice as "We'll do the same as MIT > does with PGP's distrobution, or RSA does with RSAREF (just so you'll > know, RSA's FTP basicly has a readme file that says "the files in > subdir of a dir thats -r+x to you, so if you're a citizen go to > dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why > Netscape should be any different. MIT reportedly has a letter stating that their systems is okay. The state department wouldn't give us such a letter because they were "currently reevaluating their guidelines", or some such thing. We convinced them to give us temporary permission for this system until they had finalized their new policy. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From amehta at giasdl01.vsnl.net.in Wed Jul 24 21:49:15 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 25 Jul 1996 12:49:15 +0800 Subject: violating ITAR Message-ID: <1.5.4.32.19960724124527.002ef944@giasdl01.vsnl.net.in> At 21:43 21/07/96 -0500, snow wrote: > > Put up enough money to defend me and tell me how I can get arrested. > > I'm not doing a lot at the moment, and I wouldn't mind getting my 15 >minutes of fame at this point. I could spare the time too. Maybe you (and whoever else volunteers) could DCC me some software that violates ITAR via mIRC: We announce that this is going to happen, which channel and when, have a virtual party for the condemned person(s), during which we first openly discuss what we are going to do... I doubt they'll want to take me to court in India, but if they do, I know lawyers who would defend me for free. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From sandfort at crl.com Wed Jul 24 22:02:33 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 25 Jul 1996 13:02:33 +0800 Subject: LIMBAUGH ON TV In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 24 Jul 1996, snow wrote: > If you trust me, I'll hold the cash under the following stipulations: > > 1) The exact terms of the bet are spelled out in writing and digitally > signed by both parties. > > 2) That an agreement on the term "nationally TV show" is reached. > > 3) That the payment is in the form of a cashiers check made out to the > me, and that each person send a SASE with their cashiers check so > that I can send the winner their check, without having to deal with > it. Works for me. Phil? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jimbell at pacifier.com Wed Jul 24 22:03:17 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 25 Jul 1996 13:03:17 +0800 Subject: Distributed DES crack Message-ID: <199607242110.OAA13373@mail.pacifier.com> At 04:34 PM 7/24/96 +0200, Remo Pini wrote: >By the way, using FPGA's (as suggested earlier) at around 100 MHz should be >extremely fast (after all, on one 100000 Gate FPGA, one should be able to >do lot of parallel things at one clock cycle -> test several keys at >once...). >I estimate, that at reasonable cost (lets say, <$500) you should be able to >put enough FPGAs on a board to do enough keys in parallel to equal 1 key >per cycle, i.e. 1e8 keys/sec. I'm skeptical of any attempt to use general-purpose computers to crack DES. For example, if you could get a Pentium-class system to try 100,000 keys per second, that's about 200 million machine hours for a total keyspace search. Even if the power consumption of the hardware was the only cost, and assuming you could get the consumption of an individual machine down to 100 watts, that's 20 million kilowatt-hours of electricity, or somewhere around $1.5 million at 7.5 cents per kwh. That's not particularly promising. However, assuming DES can be implemented by a number of 64-bit wide pipelined stages within a single chip, it should be possible to have that chip do a single key per clock cycle, perhaps at about 50 megahertz. (This would probably be trivial on a full-custom chip. Whether it could be done straightforwardly on a hard-wired gate array, or a FPGA, I don't know.) Tiled on a pc board perhaps 10 by 10, it would check 5 billion keys per second. This works out to 167 days to search the entire keyspace. Electricity consumption is almost ignorable: Even if that 100-processor board consumed 1 kilowatt, that's still only 4000 kilowatt-hours, or $280 at 7.5 c/Kwh. The reason for this enormous difference (about 5000 to one) is mostly due to the fact that general-purpose computers are very inefficient at solving this problem, but also partly because a typcal Pentium-class computer keeps a large amount of circuitry powered up all the time, and not just the portion needed to solve a CPU-bound task. Obviously, costs other than electricity are the dominant factor with a specialized-hardware approach. But the only attraction of the farmed-out (borrowed) general-purpose CPU approach is the fact that the computers are already paid for, and the elctricity will be paid for by somebody else. Once the average participant realizes how wasteful this solution is, he will likely balk. It would be far more economical to take 10% of that electricity cost (possibly in the form of donations), maybe around $150,000, and build the custom hardware that could be used again and again. Jim Bell jimbell at pacifier.com From sandfort at crl.com Wed Jul 24 22:12:02 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 25 Jul 1996 13:12:02 +0800 Subject: When books are outlawed In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 24 Jul 1996, Alan Horowitz wrote: > << On Our Backs magazine>> > > That's "Off Our Backs". Very much at the forefront of the > PC-gestapo-thought-police trend. Actually, there is a magazine called "On Our Backs." The editor is (was?) Suzie Bright and it was name in concious satire of "Off Our Backs." It's a sex-positive, politically incorrect lesbian erotica mag. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From mpd at netcom.com Wed Jul 24 22:19:12 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 25 Jul 1996 13:19:12 +0800 Subject: Data Sources for DES Breaking In-Reply-To: <199607250219.VAA03426@homeport.org> Message-ID: <199607250244.TAA23196@netcom21.netcom.com> Adam Shostack writes: > This did not happen when cypherpunk Hal Finney posted a > message and challenge; everyone saw that resources were > assembled, and the key was cracked. I think an effort to crack DES differs somewhat from factoring RSA moduli or breaking 40 bit SSL in that tempting test data is not everywhere for the taking. It may therefore be somewhat more difficult for the typical reader to abstract a "what this means for my data" scenario from the results of such an effort, and we should expect at least a small amount of FUD from the American Banking Association, which will recoil in horror at any suggestion that what they are currently doing is not secure. If we were preparing to attack something with a very visible common application, like Unix Crypt(3), I would agree with you that everyone would understand and see what was happening, just as people were easily able to understand the notion of capturing data during an SSL handshake, and pounding on it with large numbers of CPU cycles. > What I see as more likely than 'did/did not' is the > Netscape-style assertion that the computer time used cost N > million dollars (Ok, NS claimed the compute cycles were > worth $10,000.) Netscape's attempts at damage control were sorely limited by the fact that the data used for the crack was captured during the normal operation of their software. Had Hal done some sort of known plaintext attack on 40 bit RC4 outside the context of a specific widely-used application, it is possible that a lot of time would have been wasted countering the inevitable "this doesn't apply to us" arguments from various software vendors, with the general public understanding none of the terminology used in the debate. This would definitely have softened the media impact of the accomplishment. > As such, the analysis needs to be presented in light of the > fact that 3des would take 3 times as long to encrypt, and > take 2**56 times as many dollars worth of compute power to > decrypt. To put that to scale, if the computer power to > break des is one cent, the federal debt (5 trillion) > wouldn't get you close to breaking 3des. Correct. But breaking a real-life example of single DES would be a nice rejoinder to those who continue to insist, in the face of strong grumbling by the cryptographic community, that single DES is a cipher with many more years of useful life left in it. If this speeds the adoption of second generation ciphers by major players in the national infrastructure, then it will have been a useful exercise. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From amehta at giasdl01.vsnl.net.in Wed Jul 24 22:19:13 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Thu, 25 Jul 1996 13:19:13 +0800 Subject: A Global Village, or the future of porn on the net Message-ID: <1.5.4.32.19960725020424.002eb03c@giasdl01.vsnl.net.in> At 10:00 24/07/96 +0000, Alex F wrote: > >why is it that Bill(ary) signed an unconstitutional law? I >am referring to the CDA and the telephony bill. ... arguments that I wholeheartedly support deleted.. >Anyway, getting off-topic again. I'll be quiet now :) Let me see if I can bring this back on track. We have some interesting developments that could converge: 1) Legally, the Internet is more or less in the clear as far as indecency is concerned. The moralists will rally again and put through a bill that doesn't so blatantly violate the constitution, but for the time being we're OK. 2) Porn is very, very popular. As a consultant, I often use Netscape from the offices of my clients, and invariably take a peek at the bookmarks. Guess what is pointed to more than anything else. By making a hullaballoo about porn on the net, its enemies may have shot themselves in the foot: it will attract people rather than repel. 3) Porn on the net by and large isn't all that great, so if there is a risk, it is that people might be bored. What you mostly have are stills of nudes on the web and Usenet postings of indifferent quality. 4) the web is changing from static to dynamic through Java and the like. VRML in fact adds a 3-D element. Stir, add some spicy curry, and see if you get: Java classes for males and females corresponding to VRML objects. The class methods might include kissing, hugging, spanking, restraining... A female object might be initialized with Hillary Clinton's face, Evangelista's body... Anyone could now write a script which you could view enacted on your screen, or interact with one another as in MUDs. Why, someone might write a translator that takes a story off alt.sex.whatever and produces an appropriate script. People would only need to download the software and appropriate objects once, then receive emscripts which could be run in total privacy. People should we willing to pay small amounts for use of the classes and objects, as well as for the scripts. Of course, it would only work in our prudish societies if the transactions were totally anonymous. If Digicash payment systems were built-in, that might be a reason for people to start adopting eCash. Of course, this opens up a whole can of worms. For instance, given the violence of many pornographic stories on Usenet, it won't be long before famous personalities routinely get violated in cyberspace. Talk about copyright: do you have the right to prevent someone from doing this to you? I unfortunately lack the bandwidth to find out the extent to which porn on the net is already moving in this direction. However, if you have pointers, I'll go *find* the bandwidth! Where on the net do people discuss such matters? Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From jimbell at pacifier.com Wed Jul 24 22:31:10 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 25 Jul 1996 13:31:10 +0800 Subject: Netscape Message-ID: <199607250317.UAA03425@mail.pacifier.com> At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote: >The Deviant wrote: >> >> I would have suggested even being as nice as "We'll do the same as MIT >> does with PGP's distrobution, or RSA does with RSAREF (just so you'll >> know, RSA's FTP basicly has a readme file that says "the files in >> subdir of a dir thats -r+x to you, so if you're a citizen go to >> dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why >> Netscape should be any different. > >MIT reportedly has a letter stating that their systems is okay. The >state department wouldn't give us such a letter because they were >"currently reevaluating their guidelines", or some such thing. We >convinced them to give us temporary permission for this system until >they had finalized their new policy. That still doesn't make since. First, there were laws. And we had to obey them. Then, they added ITAR. And they want us to obey it. Finally, it seems, they're giving us "guidelines." Not law, Not ITAR. Next it's gonna be their their fondest desires, their preferences,and finally their whims. What's wrong with this picture? Do I detect an ass-kissing contest? You should have told them that if they're "evaluating their guidelines" that means that NO future modifications to those guidelines is binding on you, since it is not part of ITAR and is CERTAINLY not part of the law. You should have memorialized the contact with a lawyer's letter, and promptly posted the new version of your software with whatever version of the precautions (MIT, RSA, or?) you felt most happy with. Jim Bell jimbell at pacifier.com From alano at teleport.com Wed Jul 24 22:32:44 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 25 Jul 1996 13:32:44 +0800 Subject: When books are outlawed Message-ID: <2.2.32.19960725031831.00da51a4@mail.teleport.com> At 06:07 PM 7/24/96 -0400, you wrote: > ><< On Our Backs magazine>> > >That's "Off Our Backs". Very much at the forefront of the >PC-gestapo-thought-police trend. > >Also has a _fabulous_ running comic strip about the reality of lesbian >relationships. "Dykes to watch out For", if my memory serves me well. Off Our Backs is a PC lesbian magazine. "On Our Backs" is an S&M Lesbian magazine edited by Suzie Bright. It is not anything resembling PC. (Ms. Bright does not have a nice oppinion of Dwarkin and her fellow travelers, to put it mildly.) ObOff-Topic: If you ever get the chance to hear Suzie Bright speak on one of her tours, by all means go. It is well worth the time! --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From rah at shipwright.com Wed Jul 24 22:44:45 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 25 Jul 1996 13:44:45 +0800 Subject: Parsing John Youn (Re: OPS_nuk) In-Reply-To: <199607241920.TAA22026@pipe2.t1.usa.pipeline.com> Message-ID: At 3:20 PM -0400 7/24/96, John Young wrote: > Tim, pity the moot transcriber a-choring (spit). It's a grind (pus) > forwarding other's fishwrap (buggers), hardly able to contain one's > gibbering idiocy (pee) counterreaction to the new's gratuitous fatuity > (dookie). > > > Usually, though, one's bowel-rumblings (Bic lits) pass unnosed in the > c'punk parfumerie. Yeah. What *he* said... ;-) Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From adamsc at io-online.com Wed Jul 24 22:59:33 1996 From: adamsc at io-online.com (Chris Adams) Date: Thu, 25 Jul 1996 13:59:33 +0800 Subject: Brute Force DES Message-ID: <199607250338.UAA13937@toad.com> On 24 Jul 96 06:19:10 -0800, mattt at microsoft.com wrote: >To whittle this down to a 40-bit workload, we'd have to save 2^36 >entries* 2^8 bytes/entry = 2^39 Bytes = 512 Gig. Yes, admittedly large. Can you say RAID? I've had an idea for something similar to this, where you have a VERY large database btreed using the file system and subdirectories. This type of thing would REALLY lend itself to Unix, as we could just mount separate drives as branches of the tree. Now, enable NFS and things get interesting... >What's the cheapest form of storage, magtape? How much can you store on >magtape? The entries can be sorted so that lookup doesn't take long even >when you have to mount tapes. Hmmmm... Don't they have some of those 8mm tapes that go to 4-8GM per tape? Anyone have access to one? // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From Conrad_Burns at burns.senate.gov Wed Jul 24 23:02:18 1996 From: Conrad_Burns at burns.senate.gov (Conrad_Burns at burns.senate.gov) Date: Thu, 25 Jul 1996 14:02:18 +0800 Subject: Open Letter to the Net from Sens. Burns, Pressler & Ashcroft Message-ID: <9606248382.AA838269149@smtpgwys.senate.gov> AN OPEN INVITATION TO THE INTERNET COMMUNITY FROM MEMBERS OF THE SENATE COMMERCE COMMITTEE July 23, 1996 This week, the Senate Commerce Committee will take a historic step forward toward enhancing citizens participation in the democratic process via the Internet. On Thursday July 25 the Committee's hearing on S. 1726, the "Pro-CODE" Act of 1996 will be cybercast live on the Internet. As many of you are well aware, the debate over US encryption policy is of vital importance to the future development of the Internet and the privacy of all Americans. We are writing to invite you to join us in this unique event. And to help the Committee better understand your concerns about privacy and security on the Internet, we are inviting you to submit your thoughts for the hearing record via the World Wide Web and to discuss the issues with us and members of our staff live online during the hearing. Information on how you can join the cybercast, submit your thoughts for the record, and participate in an online discussion with encryption experts, members of the committee, and other concerned individuals are available at: http://www.crypto.com/hearing-cybercast/ Witnesses scheduled to testify at Thursday's hearing include: * Louis Freeh, FBI Director * William Reinsch, Undersecretary, Bureau of Export Administration, Dept. of Commerce * William P. Crowell, Deputy Director, NSA * James Barksdale, CEO Netscape Communications Corporation * Grover Norquist, Director, Americans for Tax Reform * Roel Pieper, Pres/CEO Tandem Computer * Ambassador Michael Skol The Cybercast, which is being coordinated by the Center for Democracy and Technology, Voters Telecommunications Watch, HotWired, DIGEX, and Mike Rawson of Senator Burns' office, has four components. These are: 1. LIVE AUDIO CYBERCAST: The audio portion of the hearing will be cybercast live online in real-time. Anyone with RealAudio installed on their computers (available free at http://www.realaudio.com/) will be able to listen in on the hearing. Audio transcripts will also be archived online at http://www.crypto.com/events/072596/ after the hearing. 2. REAL-TIME PICTURES: Pictures from the hearing will also be uploaded to the World Wide Web in real time throughout the hearing. 3. SIMULTANEOUS ONLINE DISCUSSION FORUM: Netizens can also join a live discussion forum where encryption experts and Commerce Committee staff while they listen to the audio portion of the hearing. This provides an opportunity to discuss the issues raised by the testimony in real time with knowledgeable experts and Congressional staff. Several members of the Commerce Committee may also join the discussion periodically (TBA). 4. TESTIMONY FOR THE RECORD: Netizens can also submit their thoughts on the legislation for the record via the World Wide Web. Details are posted at the http://www.crypto.com/events/072596/. Finally, detailed background information on the encryption debate can be found at the following World Wide Web sites: Senator Conrad Burns (R-MT) - http://www.senate.gov/~burns/ Senator Larry Pressler (R-SD) -http://www.senate.gov/~pressler/ Senator John Ashcroft (R-MO) -http://www.senate.gov/~ashcroft/ Senator Patrick Leahy (D-VT) - http://www.senate.gov/~leahy/ The Encryption Policy Resource Page - http://www.crypto.com/ The Internet Privacy Coalition - http://www.privacy.org/ipc Your thoughts and comments on this issue are extremely helpful to us as we continue to push for passage of legislation to enhance privacy and security on the Internet. We hope you will join us on Thursday for this important experiment in the future of democracy. Sincerely, Sen. Conrad Burns Sen. Larry Pressler Sen. John Ashcroft From WlkngOwl at unix.asb.com Wed Jul 24 23:10:01 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 25 Jul 1996 14:10:01 +0800 Subject: Exportable Netscape with strong crypto... Message-ID: <199607250353.XAA19243@unix.asb.com> An alternative to exporting a strong Netscape might be to build a browser outside the USA with a strong SSL. Mosaic source can be licensed, correct? What's to stop a non-US company from licensing it and modifying it to have strong crypto, then making that version freely available as shareware, or perhaps with non-crypto goodies locked out in the free version? Or even selling it commercially with strong crypto? Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From mpd at netcom.com Wed Jul 24 23:42:07 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 25 Jul 1996 14:42:07 +0800 Subject: Digital Watermarks for copy protection in recent Billbo In-Reply-To: <199607241517.LAA18088@jekyll.piermont.com> Message-ID: <199607250438.VAA02125@netcom6.netcom.com> "Perry E. Metzger" writes: > The Nyquist Theorem states you need exactly twice the > samples, not over twice. The magic number isn't something > like 2.2, its exactly 2. The Sampling Theorem states that equally spaced instantaneous samples must be taken at a rate GREATER THAN twice the highest frequency present in the analog signal being sampled. If this is done, the samples contain all the information in the signal, and faithful reconstruction is possible. Exactly twice the highest frequency won't do, and it should be obvious that sampling a sine wave at twice its frequency yields samples of constant magnitude and alternating sign which convey nothing about its phase and little useful about its amplitude either. (Drawing a little picture might be helpful here.) Although anything over twice the highest frequency will work in a theoretical sense, a small fudge factor does wonders for digital signal processing, if only to reduce to a reasonable value the width of the window into the sample stream needed for various signal manipulations. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From geeman at best.com Wed Jul 24 23:42:41 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 25 Jul 1996 14:42:41 +0800 Subject: FW: Distributed DES crack Message-ID: <01BB79AB.20FDE7E0@geeman.vip.best.com> ---------- From: Remo Pini[SMTP:rp at rpini.com] Sent: Wednesday, July 24, 1996 7:34 AM To: cypherpunks at toad.com Subject: Re: Distributed DES crack -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Wed Jul 24 16:31:44 1996 Has anyone thought about TI or Motorolas DSP-Eval-Boards (at 99$ a piece at 40 MHz with optimized assembler they might easily outrun a PPro200) Don't look at me that way, I know only little about DSP-Programming. >>> DSP's are optimized for add/multiply ... and you get their memory-access pipelining; but I am not too sure how they'd do on a DES algo. I wouldn't get too excited. From jimbell at pacifier.com Wed Jul 24 23:46:39 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 25 Jul 1996 14:46:39 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: <199607250418.VAA06574@mail.pacifier.com> At 08:23 PM 7/24/96 -0400, Duncan Frissell wrote: >At 10:26 AM 7/24/96 -0800, jim bell wrote: > >>Isn't it odd that when music is sold, CD's are MORE expensive than cassette >>tapes, even though you _know_ that the manufacturing cost of CD's is less? > >CDs sell for more because buyers decided that they wanted a wider range of >titles with shallower sales (hence higher unit costs) rather than a narrower >range of titles with lower sales prices. The number of CD titles available >is far greater (in general distribution) than the number of vinyl titles >that were available during vinyl's peak year. This greater availability of >short run pressings raises average unit sales costs justifying the higher >prices. Had the market decided (when physical production costs fell) that >it was satisfied with a Top-40 CD stock, average CD prices would have fallen >to vinyl levels. I'm afraid that quantitatively, this is utter nonsense. A relevant data point is the fact that for about $1000, anybody can have 1000 copies of a custom CDROM manufactured. That, by music industry standards, is an EXCEEDINGLY low production run. The difference in cost between such a CD, and one made in quantities of 100K to 1 million can't possibly exceed 90 cents or so. While the early days of CD's were marked by lack of capacity, it is obvious that if the pressing plants are now accepting orders for pressing runs of 1K or less, there is plenty of capacity left in the industry. The extra manufacturing cost for those extra titles certainly can't be found in the cost of production. So how about record stores? Are you suggesting that the fact that there are "too many titles" are somehow increasing costs so much that $8 vinyl turned into $13.95 CD's? But how can this be? CD's are physically smaller than vinyl records. Cheaper to transport and store, and cheaper to display. And they are certainly not more expensive to advertise! No, the number of titles available has essentially NOTHING to do with the price. I'm truly astonished that you would think this to be true. >>Another oddity: The price for a blank, standard-quality videocassette is >>about the same as that of a blank, standard-quality audio cassette tape, >>despite the fact that the volume of tape included in the former is probably >>about a factor of 10 higher. > >Materials cost is a minor part of total cost. > >In both cases, the cost of production is a small part of the cost of goods >sold. Almost all of that cost is the cost of marketing (as with all >mass-market products in a modern capitalist economy. Then why is it more expensive to market a cassette audio tape, over a videocassette?!? Jim Bell jimbell at pacifier.com From gbroiles at netbox.com Thu Jul 25 00:27:52 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Thu, 25 Jul 1996 15:27:52 +0800 Subject: When books are outlawed Message-ID: <2.2.16.19960725045950.0877adc2@mail.io.com> At 06:07 PM 7/24/96 -0400, Alan Horowitz wrote: > ><< On Our Backs magazine>> > >That's "Off Our Backs". Very much at the forefront of the >PC-gestapo-thought-police trend. Both are (or were) magazines, "On Our Backs" appearing some years after "Off" and appealing to a different (but still lesbian) market segment. -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From deviant at pooh-corner.com Thu Jul 25 00:33:52 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 25 Jul 1996 15:33:52 +0800 Subject: DES-Busting Screen Savers? In-Reply-To: <199607240927.CAA18810@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 24 Jul 1996, Bill Stewart wrote: > Date: Wed, 24 Jul 1996 02:24:58 -0700 > From: Bill Stewart > To: cypherpunks at toad.com > Subject: Re: DES-Busting Screen Savers? > > Tim and others have discussed the effectiveness of random search > vs. centralized servers, problems of cheating, scaling, etc. > My take is that, if you can ignore scaling, the best approach > is probably to have a central server that doles out keyspace > and wraps around when it reaches 100%, and doesn't worry too much > about collecting results - even if there are cheaters, machine > failures, etc., and people don't finish their keyspace, > it'll be more likely to cover the whole space than randoms. > (Make it a web page, and use cut&paste to transfer to the > search programs so they don't need to be network-equipped.) > Agreed. Also, we might want to keep the plaintext on, say, a floppy disk, as to discourage the recovery technique (which, admitidly, is easier than actually cracking the key). I might suggest, also, to put the disks in the hands of someone who has little or no reason to help. Sadly, the best person for the job that _I_ can think of would have to be "Dr." Dave. > > To support scaling, make it easy for people to run subset servers; > grab a chunk of keyspace from the main server and dole it out > to people who ask you for it. If you want to get fancy, > hack a DNS server to allow people to register their machines > as NNN.descrack.org, 0<=NNN<1000, so that people can find > subsets without having to ask the main server. > Or hack it to use a 56 bit IP netmask-ish thing, and keep track of keys that way (i'm not endorsing this idea, just pointing it out) --Deviant "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfb/oTAJap8fyDMVAQFBAQf8DV1YEpKvyVp6zrotThJ7YMjcFIsJnq+g /myED4a4KgB6TmArFnPocQlCQXMyKo6KNKupYzyHppINWgkftrKBFgh1Uu3zVL3e r0K9lsf55XVyEVLUdu1lKOJX4Thh+9NePXjF7SrMXAMR/3czvUs+NqDs8wMzkiPX lLYV+9WVJFR7J+rLtonL2V4MyPkYFH1oV+2ajO44fWMvll6d64TmQMSZZmlFw2b5 H86AHFsPhOicBfQGYcn9m1tw8HVauQdWN1k7GR0yOLRZ+YP635K2PClcJ2uS0mF/ Tw0kqWo2rUYJpanznvBJbSeSe1HRVf4KNmq0G20ZI9k6TG5X7v1Rug== =igpG -----END PGP SIGNATURE----- From perry at piermont.com Thu Jul 25 00:44:17 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 25 Jul 1996 15:44:17 +0800 Subject: Digital Watermarks for copy protection in recent Billbo In-Reply-To: <199607250438.VAA02125@netcom6.netcom.com> Message-ID: <199607250525.BAA19198@jekyll.piermont.com> Mike Duvos writes: > "Perry E. Metzger" writes: > > The Nyquist Theorem states you need exactly twice the > > samples, not over twice. The magic number isn't something > > like 2.2, its exactly 2. > > The Sampling Theorem states that equally spaced instantaneous > samples must be taken at a rate GREATER THAN twice the highest > frequency present in the analog signal being sampled. That is just about what I said. The point is that the magic number isn't 2.2 or anything similar -- the breakpoint is exactly twice the frequency. > Although anything over twice the highest frequency will work in a > theoretical sense, a small fudge factor does wonders for digital > signal processing, I believe I mentioned the need for that, too. Perry From stewarts at ix.netcom.com Thu Jul 25 01:10:20 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 25 Jul 1996 16:10:20 +0800 Subject: [Noise] Re: Re: Devil's Bargain Message-ID: <199607250554.WAA18236@toad.com> > I don't know if it was terrorist activity, I was just annoyed at >the extensive every 15 minutes even tho' there is nothing new to say I >gotta get my mug and my voice on the ether coverage. It's also yet another excuse for the government to say "Be Afraid! Be Very Afraid! We're Here To Help You" - Clinton's first speech after the event had him bringing up terrorism and making sure everyone knew that even though there was as yet no evidence that it wasn't an accident, he was tough on terrorism and he'd be making sure we have more controls on the population to protect us from terrorists. I'm surprised I haven't heard Kallstrom calling for radically increased wiretapping yet or Freeh calling for bans on encryption like he did after OKCity. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From deviant at pooh-corner.com Thu Jul 25 01:11:43 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 25 Jul 1996 16:11:43 +0800 Subject: Brute-forcing DES In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > > Even with a bunch of DES chips and a massive legion of PCs, this is going > to take a long time. Perhaps we should be looking at the thousands of > computers and many months, more like the RSA-129 crack than the RC4-40 > crack. > Yes, this thought has crossed my mind also, and should be seriously considered. Rather than trying the 1-month method, we'll certainly have a better shot trying for 1-year. --Deviant "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfcH0TAJap8fyDMVAQHzewf/RJBebwn2eDKRiUf5fvdlprxiPQ/sLoZz q7Is1dCmI09azBWN/ljqoyZBMvoqVtx12gMqcBIoW/rXJtERm9yRWDwtBVaExxQc LU+v7JpeAVe0SckY+D2WJga8ydTlaXwr6HvGV/P+AJcRZHtljn5jOn3YB1v36yWW SqqU2iPJptOkudu5LGQAmS6H7yVz1s9Z/b8jKVJAHKwUdJ1146TpVreHYqnH53D8 csuwL3nSWnodDvTNc3fFgX8hfRe1ZxGzaObmrwmSfRkeBf9bT5yHyj8cCH1obLxC 4bHq7fHK8Q4DY22Bl0s/jEoJhSItpAcJnvrU26WzFkW7HDP2+oIHqQ== =6Mb8 -----END PGP SIGNATURE----- From jamesd at echeque.com Thu Jul 25 01:58:43 1996 From: jamesd at echeque.com (James A. Donald) Date: Thu, 25 Jul 1996 16:58:43 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <199607250636.XAA06174@dns2.noc.best.net> At 03:21 AM 7/21/96 -0700, Llywarch Hen wrote: > What Timothy May espouses is not the appearance of craziness but actual > insanity itself. The best way to convince others you are crazy is to actually be crazy. More practically, if you organize your nuclear forces so that any serious war is likely to escalate uncontrollably into the battle of armageddon, regardless of your intentions and desires, which is how the American government organized its nuclear forces in Europe, then you can pretty much guarantee you will not have to face a serious war. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From alano at teleport.com Thu Jul 25 02:43:17 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 25 Jul 1996 17:43:17 +0800 Subject: [Noise] Re: Re: Devil's Bargain Message-ID: <2.2.32.19960725070143.00d3a1b8@mail.teleport.com> At 10:51 PM 7/24/96 -0700, Bill Stewart wrote: >I'm surprised I haven't heard Kallstrom >calling for radically increased wiretapping yet or Freeh calling for >bans on encryption like he did after OKCity. As if it would have done any good. One of the news reports pointed out that if it was a bomb, it had probibly been placed on the plane in Greece. (But then, since when did logic and rationality have *ANYTHING* to do with the Freeh and Kalstrom wiretap jihad. I am waiting for one of them to get arrested as a peeping tom. Something deepseeted about these people's fetish about watching others...) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From alano at teleport.com Thu Jul 25 02:52:11 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 25 Jul 1996 17:52:11 +0800 Subject: [Noise] [Smut] [Off-topic] Re: A Global Village, or the future of porn on the net Message-ID: <2.2.32.19960725070145.00d77a58@mail.teleport.com> At 08:04 AM 7/25/96 +0600, Arun Mehta wrote: >At 10:00 24/07/96 +0000, Alex F wrote: >> >>why is it that Bill(ary) signed an unconstitutional law? I >>am referring to the CDA and the telephony bill. > >... arguments that I wholeheartedly support deleted.. > >>Anyway, getting off-topic again. I'll be quiet now :) > >Let me see if I can bring this back on track. We have some interesting >developments that could converge: > >1) Legally, the Internet is more or less in the clear as far as indecency >is concerned. The moralists will rally again and put through a bill that >doesn't so blatantly violate the constitution, but for the time being >we're OK. Unless they start using prosecutions similar to what they pulled back during the Meese years with video distributors. I am waiting for them to start using RICO laws on sites carrying Usenet groups deemed "obscene". RICO has already been used in some juristictions for shutting down video stores (and maybe even bookstores). It is not over yet... The control freaks will not be happy until everything you view and see has previously been approved by some board or ministry. (Or they at least have some way of hurting you if you step out of line.) Whether that control freak behaviour is driven by religion, morality, "your own good", greed, power or lust does not matter. the results are pretty much that same. >2) Porn is very, very popular. As a consultant, I often use Netscape from >the offices of my clients, and invariably take a peek at the bookmarks. >Guess what is pointed to more than anything else. By making a hullaballoo >about porn on the net, its enemies may have shot themselves in the foot: >it will attract people rather than repel. But there is a social stigma surrounding porn. Most people who look at porn are not willing to admit it in front of friends and family. many of the more vocal opponnents to porn are the ones most attracted to it. Look at jimmy Swagart. He crusaded against it for years. Never stopped "Lonesome Cowboy Jim" (5 point if you can name that album and artist) from wanking off to it... >3) Porn on the net by and large isn't all that great, so if there is a risk, >it is that people might be bored. What you mostly have are stills of nudes >on the web and Usenet postings of indifferent quality. Depends where you go. Most of the Usenet stuff is crap, but that is true of any medium. (It is called a medium becuase it is rarely well done. (Stolen line... Forget the original author.)) There are exceptions. Usenet will give you smut that may (or is) illegal in your area. Some of this sort of stuff can be mail ordered, but there is more risk. (Like postal service stings/entrapment and the like.) There is much better quality available on the pay sites, but since you usually have to pay to view any of it, you never know what is available until you have forked out a bit of cash. (I am surprised I have not seen more sites using e-cash for this purpose... Porn drove the VCR industry for many years. I expect the same for the web and e-cash.) >4) the web is changing from static to dynamic through Java and the like. >VRML in fact adds a 3-D element. Most pay-for-porn sites are going for interactive video instead of java and/or vrml. (Yes, you can pay $$$ to duplicate the experience of a stroke booth via the net. All you lack is the resolution, the interaction, and the requisite sleeze of the experience. Dancers the size of postage stamps! Wow!) >Stir, add some spicy curry, and see if you get: > >Java classes for males and females corresponding to VRML >objects. The class methods might include kissing, hugging, >spanking, restraining... Might be interesting... This is more evident in CD-ROMs though. >A female object might be initialized with Hillary Clinton's face, Evangelista's >body... I think that was the cover of Spy magazine... >Anyone could now write a script which you could view enacted on >your screen, or interact with one another as in MUDs. Why, >someone might write a translator >that takes a story off alt.sex.whatever and produces >an appropriate script. People would only need to download the software and >appropriate objects once, then receive emscripts which could be >run in total privacy. "Be a Great porn Actor at Home!" Reenact bad plots, cheezy dialog, and bad writing in the privacy of your living room! >People should we willing to pay small amounts for use of the >classes and objects, >as well as for the scripts. Of course, it would only work in our >prudish societies if >the transactions were totally anonymous. If Digicash payment >systems were built-in, >that might be a reason for people to start adopting eCash. Well, if it is something that will cause arousal in male humans (or computer geeks), I am sure you can sell it. >Of course, this opens up a whole can of worms. For instance, >given the violence of >many pornographic stories on Usenet, it won't be long before >famous personalities >routinely get violated in cyberspace. Talk about copyright: do >you have the right >to prevent someone from doing this to you? Porn stories and/or hacked pictures of celebrities already occurs. Has since I have been on usenet... (Many years now.) One of my favorites involves the Brady Bunch... In fact there are celebrities who have hired people to track down phoney pictures and get them pulled from web sites. (I always expected something like this to show up on Star Trek:TNG. Having Beverly Crusher catching Weasly with the holodeck porn programs involving all sorts of convelutions of the bridge crew. He would probibly blame it on Riker...) >I unfortunately lack the bandwidth to find out the extent to >which porn on the net >is already moving in this direction. However, if you have >pointers, I'll go *find* >the bandwidth! Where on the net do people discuss such matters? Bandwidth is the only thing preventing the smut from getting farther than it already has. The easiest way to kill a web server is put porn on it and advertise. All of the schemes coming out for "cool gee-whiz web extensions" take more bandwidth than most people have... Just wait and see what happens when cable modems become available. Check out the alt.sex heirarchy. Something there I am sure... --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From alano at teleport.com Thu Jul 25 03:05:16 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 25 Jul 1996 18:05:16 +0800 Subject: DES-Busting Screen Savers? Message-ID: <2.2.32.19960725070623.00d40f54@mail.teleport.com> At 05:01 AM 7/25/96 +0000, The Deviant wrote: >> To support scaling, make it easy for people to run subset servers; >> grab a chunk of keyspace from the main server and dole it out >> to people who ask you for it. If you want to get fancy, >> hack a DNS server to allow people to register their machines >> as NNN.descrack.org, 0<=NNN<1000, so that people can find >> subsets without having to ask the main server. >> > >Or hack it to use a 56 bit IP netmask-ish thing, and keep track of keys >that way (i'm not endorsing this idea, just pointing it out) I can see some problems doing this sort of allocation for those of us on dial up providers. When the IP address changes from log in to log in recording the IP address is not much help. You could always hand them a digital signature with the key space signed by the server... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From ravage at einstein.ssz.com Thu Jul 25 03:17:15 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 25 Jul 1996 18:17:15 +0800 Subject: Digital Watermarks for copy protection in recent Billbo (fwd) Message-ID: <199607250621.BAA07021@einstein.ssz.com> Hi all, The Sampling Theorem in operation is a little more complicated than the model that is being discussed. Forwarded message: > From: mpd at netcom.com (Mike Duvos) > Subject: Re: Digital Watermarks for copy protection in recent Billbo > Date: Wed, 24 Jul 1996 21:38:36 -0700 (PDT) > "Perry E. Metzger" writes: > > > The Nyquist Theorem states you need exactly twice the > > samples, not over twice. The magic number isn't something > > like 2.2, its exactly 2. > > The Sampling Theorem states that equally spaced instantaneous > samples must be taken at a rate GREATER THAN twice the highest > frequency present in the analog signal being sampled. If this is > done, the samples contain all the information in the signal, and > faithful reconstruction is possible. Actualy the sampling theorem states that if you want to reproduce a signal reliably it must be sampled at a frequency AT LEAST TWICE that of the highest frequency of interest in the FFT of the signal. This means the signal must be deformable into sine waves, not all signals qualify for this particular limitation and in general are not good signals for sampling. An example is a step change from v1 to v2. since there is no change in voltage except for a brief moment the output of the FFT is pretty much flat. What comes out the other end looks like a spike (similar to what happens when you feed a square wave to a transformer and look at the output). If you reconstruct this via the sampling theorem you get a sign wave of extremely low amplitude and frequency. If you think of a FFT as taking a signal and breaking it down into componant frequencies. Then think of a hair comb where the lowest frequencies are the bigger teeth (put them to the L. when looking at it). Because sign waves have zero crossings a single sample per cycle is not enough. By taking at least two samples a cycle you are guaranteed not to miss the presence or absence of a componant frequency. So this guarantees that we get a accurate count of componants and their phase relations to each other (where the arbitrary time reference comes in - really a fixed frequency clock). Back to the comb. Where a given signal has a componant leave the teeth. Where there is no componant break them off. You are left with a ratty looking comb. Now to each of the remaining teeth assign an amplitude for that specific frequency that is consistent with the FFT you calculated. The way this FFT is implimented in practice is called a 'Comb Filter' where it samples the signal (wide bandwidth) over a set of very small bandwidth filters in parallel. Scanning the output of the filters at a fixed rate you get a phase relation as well. Digitize the signals in a particular pattern and you are ready to cut your CD or whatever. It does NOT guarantee faithful representation of the original signal but rather a signal with the same energy spectrum and phase characteristics. One of the basic ideas of Algebra is that any given curve can be explained by a arbitrary set of equations. The Sampling Theorem just gives you a rationale for picking from that set. > Exactly twice the highest frequency won't do, and it should be > obvious that sampling a sine wave at twice its frequency yields > samples of constant magnitude and alternating sign which convey > nothing about its phase and little useful about its amplitude > either. (Drawing a little picture might be helpful here.) Exactly what the theorem is supposed to produce. You take your original signal and run it through a FFT. You look at the bandwidth you desire. The highest frequency of interest is 1/2 or less your sampling frequency. With this information you can build a set of sine waves whose amplitude is given by the FFT along with phase relations. Since you are breaking the signal into sine waves (which happen to be well defined) all you realy need is to know the maximum and minimum amplitudes as well as their phase to some arbitrary but constant time reference. Sum them back together on the other side and what you got? A reasonable useable copy of your original signal. This is why DSP's are optimized for multiplication (multiply the amplitude of that componant by its presence in the FFT) and summing (add them together to get the target signal). Generaly because of noise and similar phenomena it is commen to multiply and add windows of samples (ie averaging). > Although anything over twice the highest frequency will work in a > theoretical sense, a small fudge factor does wonders for digital > signal processing, if only to reduce to a reasonable value the > width of the window into the sample stream needed for various > signal manipulations. Actualy I believe the decision was made by Philips (the inventor of the CD) to settle on the 44kHz sample rate because of some design option it simplified. I unfortunately don't remember anything more specific than that. Anyone got the CD Rom bible? Jim Choate From jsw at netscape.com Thu Jul 25 03:34:55 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 25 Jul 1996 18:34:55 +0800 Subject: Netscape (foreign downloads) In-Reply-To: <1.5.4.32.19960724124517.002e1fcc@giasdl01.vsnl.net.in> Message-ID: <31F726D3.764B@netscape.com> Arun Mehta wrote: > > At 01:11 23/07/96 -0700, Jeff Weinstein wrote: > > > I certainly have sympathy for those who want to make a point > >by uploading our US software to hacktic and other foreign servers, > >but I think that my company will probably have to ask hacktic > >and others to remove these copies. > > > > And what are your plans for those outside the US who have downloaded > from hacktic? While I'm sure your copyright allows you to do so, > don't suppose you have any plans of going after them? No, I don't think we have any plans to go after individuals who get ahold of the US version. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From nobody at c2.org Thu Jul 25 03:56:17 1996 From: nobody at c2.org (Anonymous User) Date: Thu, 25 Jul 1996 18:56:17 +0800 Subject: Netscape 3.0B US version MD5 Message-ID: <199607250805.BAA27161> Jeff Weinstein wrote: > The final version of 3.0 will be available for download well > before Sept 17. That version will not have a timebomb. Even > the timebombed versions will let you connect to our site to > download new versions. Is there a possibility that the US version of Netscape 2.02 for Windows 3.1 will be made available via this mechanism? I run OS/2 in a WinOS/2 session under OS/2 Warp, and the 16 bit version of 2.02 is the latest one that us OS/2 Warp users of Netscape have been able to get working. None of the 3.0 betas will work, for some reason. (If you have a "wish list" there, a native OS/2 version of Netscape would be nice, too! ) From ceridwyn at wolfenet.com Thu Jul 25 04:34:11 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Thu, 25 Jul 1996 19:34:11 +0800 Subject: [Noise] Re: Re: Devil's Bargain Message-ID: <2.2.32.19960725084722.006e79f8@gonzo.wolfenet.com> >protect us from terrorists. I'm surprised I haven't heard Kallstrom >calling for radically increased wiretapping yet or Freeh calling for >bans on encryption like he did after OKCity. He's saving that for later this morning... //cerridwyn// From pjn at nworks.com Thu Jul 25 05:06:30 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Thu, 25 Jul 1996 20:06:30 +0800 Subject: [Noise] was Re: Givin Message-ID: In> I guess I don't really have to worry too much, though. It is illegal In> for children to possess such items publicly, and any parent who In> condones it is simply breaking the law. I don't blame the child, I In> blame the moronic parent who let's it happen. You would be suprised at what kids can get away with without their parents knowing... P.J. pjn at nworks.com ... Wndows is jst finefor bacgrond telcomncations. ___ Blue Wave/QWK v2.20 [NR] From jsw at netscape.com Thu Jul 25 05:22:21 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 25 Jul 1996 20:22:21 +0800 Subject: Netscape In-Reply-To: <199607250317.UAA03425@mail.pacifier.com> Message-ID: <31F73E84.415A@netscape.com> jim bell wrote: > > At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote: > >The Deviant wrote: > >> > >> I would have suggested even being as nice as "We'll do the same as MIT > >> does with PGP's distrobution, or RSA does with RSAREF (just so you'll > >> know, RSA's FTP basicly has a readme file that says "the files in > >> subdir of a dir thats -r+x to you, so if you're a citizen go to > >> dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why > >> Netscape should be any different. > > > >MIT reportedly has a letter stating that their systems is okay. The > >state department wouldn't give us such a letter because they were > >"currently reevaluating their guidelines", or some such thing. We > >convinced them to give us temporary permission for this system until > >they had finalized their new policy. > > That still doesn't make since. > > First, there were laws. And we had to obey them. > > Then, they added ITAR. And they want us to obey it. > > Finally, it seems, they're giving us "guidelines." Not law, Not ITAR. > > Next it's gonna be their their fondest desires, their preferences,and > finally their whims. > > What's wrong with this picture? Do I detect an ass-kissing contest? If we chose to "kiss ass", we would not be distributing software that does strong encryption over the internet. We would not be selling millions of copies in thousands of retail outlets across the country. We would be doing what some other companies have been doing for years, which is only produce export grade crypto, even for US customers. The simple fact is that our executives decided not to provide our US software for download over the internet until we got a written statement from the Office of Defense Trade Controls that we would not be prosecuted for such actions. This decision was made by our executives based on advice given them by lawyers that they trust. The requirements imposed by the government were to get this written statement. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From liberty at gate.net Thu Jul 25 06:15:03 1996 From: liberty at gate.net (Jim Ray) Date: Thu, 25 Jul 1996 21:15:03 +0800 Subject: [Rant]Re: Shell buys key escrow system from TIS Message-ID: <199607251021.GAA33226@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Will Rodger, Washington Bureau Chief of Inter at ctive Week, wrote: >Administration officials didn't return calls for comment, but it's clear >that the Clinton-Gore team have their first "testbed" for trying out key >recovery, or key escrow, proposals. Hmmm. A new meme, "key recovery" is lots better than "key escrow," but I still wonder if I'm ever gonna see a journalist say, "'GAK,' or Govt. Access to Keys for cryptography." >...The multinational company will self-escrow, that is handle >all encryption keys itself, in cooperation with the British government, >sources close to the deal said. I'm left wondering about a few cooperation-with-the-corporation issues here regarding the Brit.govt, but I suppose time will tell how much of Orwell is coming true in his own homeland. >Walker declined to name the company, but several Washington-based sources >confirmed the buyer is Royal Dutch Shell. Largest corporation in the world, if I'm not mistaken. >The deal represent the first time that a foreign buyer has purchased a US >key escrow product without escrowing keys in the US. ... [I can hear Gore/Gorelick now, "Well, as long as it goes to SOME big government (with a road-to-serfdom track record in economic freedom) it's OK by me!"] >Walker, widely credited with devising the controversial commerical key >escrow system now being promoted by the current administration, claimed >"there really is an important issue here in finding a balance between the >interest of government and those of industry. ... I suppose we will hear after the election of the balance between the interests of government and those of indIVIDUALS. I always see this image of me, sitting on one end of a see-saw, with former congressman Rostenkowski on the other end. JMR PS Anyone who has had the pleasure of meeting my pal Joey Grasty would NEVER question his cypherpunk (or U.S.) patriotism. Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "It is long past time to end the laughable presumption that voters who can easily cope with the choices offered at Burger King are somehow 'confused' by more than two choices at the voting booth." -- me, in the Miami Herald, June 24, 1996, p. 10A. Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray Coming soon, the "Pennies For Perot" page. Keep billionaires off welfare! ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMfdJNm1lp8bpvW01AQGLOAQAkHzibmIw8OKsbUqFjRXy/MrkVhszA+8l z+RmUoLy52D85ZpTsSivwyPGybeAyTs/V3IGiZx8WX8tBIIdyiFHNWlesjsShiro sTVx+a8qXZ1NSS8KMIScfqh3piXjnDJWeDqbFsZAM+JvHIREzASSrky2Xhb0/fIv ITuwCG7P22A= =2+iV -----END PGP SIGNATURE----- From adam at homeport.org Thu Jul 25 07:35:42 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 25 Jul 1996 22:35:42 +0800 Subject: Digital Watermarks (long, getting off-topic) In-Reply-To: <2.2.32.19960725002302.008aeae0@panix.com> Message-ID: <199607251227.HAA04664@homeport.org> Duncan Frissell wrote: | At 10:26 AM 7/24/96 -0800, jim bell wrote: | | >Isn't it odd that when music is sold, CD's are MORE expensive than cassette | >tapes, even though you _know_ that the manufacturing cost of CD's is less? | | CDs sell for more because buyers decided that they wanted a wider range of | titles with shallower sales (hence higher unit costs) rather than a narrower | range of titles with lower sales prices. The number of CD titles available | is far greater (in general distribution) than the number of vinyl titles | that were available during vinyl's peak year. This greater availability of | short run pressings raises average unit sales costs justifying the higher | prices. Had the market decided (when physical production costs fell) that | it was satisfied with a Top-40 CD stock, average CD prices would have fallen | to vinyl levels. Thus, my desire to listen to the Drummers of Burundi justifies a cost of $16.99 for the latest REM album? If I want the wide range of African music thats now available (and I do), then I should be willing to pay a premium to get it. No reason for Alanis Morisette fans to subsidise those of us with musical taste. Except for collusion on the part of the major record companies, who have a price called the 'MAP,' or minimum access price, under which they won't provide advertising for the record & store. Those MAPs sit between 10.81 & 10.88 for the biggest six record companies. Theres a lawsuit in process now to decide if there is collusion occuring. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From frissell at panix.com Thu Jul 25 08:21:41 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 25 Jul 1996 23:21:41 +0800 Subject: Parsing John Youn (Re: OPS_nuk) Message-ID: <2.2.32.19960725122659.0069a64c@panix.com> Tim asked for a translation. I thought it was one of John's more declarative summaries. It this case, it's reality that's skewed. Voila: >At 3:30 PM 7/24/96, John Young wrote: >> The WSJ Page Ones a loser's game There is an article on the first page of the Wall Street Journal about financial losses... >> about the CIA's role in >> promoting Japanese pachinko cards to halt the surreptitious >> funneling of betting cash to the construction of a North >> Korean nuclear plant. The Central Intelligence Agency told the Japanese government that Pachinko parlors (many run by ethnic Koreans) were sending hard currency to North Korea which was assisting it in building a plant to produce fissionable materials. The Japanese decided to strong arm Pachinko parlors into using magnetic cards instead of cash to discourage money laundering. >> And the op's nuking by the Kobe quake >> looting of card-reading mechanisms, cracking encryption >> codes, and counterfeiting not-so-smart cards for counter- >> tipping the house fix. Mondex, watcher bleedin arse. During the Kobe earthquake recovery, a number of Pachinko machines were stolen, reverse engineered, and fake cards produced. They were then cashed in -- causing massive losses to the issuers. The encryption technology was very weak. Mondex watch out that the same thing doesn't happen to you. DCF "I've been translating engineers into English for years. John's no problem." From pjb at ny.ubs.com Thu Jul 25 09:01:42 1996 From: pjb at ny.ubs.com (Paul J. Bell) Date: Fri, 26 Jul 1996 00:01:42 +0800 Subject: A Global Village; an open letter to Bill & Hill and also Mr. & Mrs. Dole, from Asim at Molecule One. Cypherpunks, please excuse this note. Message-ID: <9607251316.AA01741@sherry.ny.ubs.com> really relevent to this list, way to go asim. what if we all choose to clutter this list with our own little hot buttons? -paul > From cypherpunks-errors at toad.com Wed Jul 24 18:20:55 1996 > X-Sender: molecul1 at molecule1.com > X-Mailer: Windows Eudora Version 1.4.3b4 > Mime-Version: 1.0 > Content-Type> : > text/plain> ; > charset="us-ascii"> > Date: Wed, 24 Jul 1996 00:48:32 -0700 > To: cypherpunks at toad.com > From: molecul1 at molecule1.com (Molecule One Scientific Research Institute) > Subject: A Global Village; an open letter to Bill & Hill and also Mr. & Mrs. Dole, from Asim at Molecule One. Cypherpunks, please excuse this note. > Cc: molecul1 at molecule1.com > Sender: owner-cypherpunks at toad.com > Content-Length: 4562 > > Honourable wishes, > > I write about Mrs. Clinton's concept of Global Village and wholeheartedly, > pledge my support to such an important concept. > > The world is everchanging and Mrs. Clinton is correct in that the > industrialized > countries have lost, most, of their extended families. This makes children > vulnerable to danger. If in need of help, such children are commonly abused > due to their vulnerability. > > I want to take this moment to express some understandings. Firstly, it > was never in my plan to locate where I have been over the last while. > Probably, if it hadn't been for many malicious encounters, I probably > would of gone to a remote island, as I hold so dear to my heart. A > close friend was severly violated and I had to witness a war being > fought against civillians. When an insurance policy becomes more > valuable than the human life, something must be wrong with social > ethics. > > To live through many of the experiences I had to, while living here, > made me realize high technology is dangerous in many peoples > lives. To manipulate peoples decisions using brute force seemed > terribly wrong to me. Many of the people controlling the situations > are also stressed out. Abuse results from stress. > > Concerning the old man. I knew of this man since childhood. I > always considered him one of the greatest neuroscientists > on the planet earth. Even his friends hold him with a greatest > respect. What he accomplished, very few could match his > accomplishments. > > I send much thanks to Point Communications for allowing me > a long interview about my social concerns. I wanted to personally > thank all the K12 students that partook in my interview. I was > never able to attend the requests of some of those students, > that asked me to review some of their essays, as my time > was occupied with endless other obstacles. I want those > students to understand that I just couldn't. > > I want to thank all those cool students that let me participate > at their, private, dance parties. They know I attended endless > dance parties, researching technological requirements, > so they are happy and socially satisfied. I also got to > know what kind of social threats they are faced with, both, > underground and official. Stress does tend to corrupt some > people. > > I want you to understand that I came up with Molecule One > as a means to address the needs of a culture. Even though > many plots were directed at me for proposing this project, > I always knew I spoke the truth and my intentions were > pure. Neurosciences has always been a lifelong inspiration > to me. Standards, to improve the quality of life in society, > seemed a noble goal. > > I want the students to know that Molecule One was > created for their benefit first. They are the future. When > a child remains innocent, that innocence should be > protected. Far too often, children loose their innocence > to hardend people, who's primary motive is malicious > intent. Naivete and innocence is purity and lack of > ethical standard is rampent. > > I knew that acceptance of truth is difficult for > some people, especially those ignorant and those > conditioned to believe otherwise. I always chose > positive as an outcome for motive. > > I want to thank all of you, Republican, Democrat, > and families, friends and which other political > inspiration. I respect all life and those standards that > can increase the health standard of all people. There > are many important factors that must be considered > to insure a safe and healthy society, of the > future. To work together, to attain this standard, > is important for all people, irregardless of color. > Care and courtesy, toward our fellow people, > is another social characteristic that is becoming > lost, with the loss of the extended family. > > I also want to thank all those cool computer folk > that let me play upon the info highway, as it was > being developed. I want to thank all those > cyberfolk that recognised the import of all > topics covered. Understand well, visions of > tropical islands have floated through my mind, > probably, everyday I've been here. It was > my concern for the youth and for the elderly > that made me stay and attempt to create > a project that could bring happiness and > harmony, to the society, for a long time to > come. It is a challenge. > > Thanks for the cyber inspiration, acknowledgement > and being allowed the opportunity to create a > work of art that can benefit so many. > > To the 1'st family & 2 Mr.& Mrs. Dole, all friends and families. > > Peace and best wishes, > Sincerely, > > Asim > molecul1 at molecule1.com > > From dlv at bwalk.dm.com Thu Jul 25 09:02:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 26 Jul 1996 00:02:18 +0800 Subject: Netscape 3.0B US version MD5 In-Reply-To: <199607250805.BAA27161> Message-ID: nobody at c2.org (Anonymous User) writes: > (If you have a "wish list" there, a native OS/2 version of Netscape > would be nice, too! ) Me too! --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From stephen at iu.net Thu Jul 25 10:13:36 1996 From: stephen at iu.net (Stephen Cobb) Date: Fri, 26 Jul 1996 01:13:36 +0800 Subject: RPK Public Key Cryptography Message-ID: <1.5.4.32.19960725140222.00f90270@iu.net> New algorithm from outside US, new crypto challenge? My apologies to the list if this subject is old hat but someone just pointed me to the RPK Public Key Cryptography site and I was wondering what people thought of this particular technology. The RPK Public Key Cryptography site at http://crypto.swdev.co.nz/ says: Have a look at this new approach to information privacy, designed and developed in New Zealand. The RPK public key cryptosystem provides industrial-strength public key cryptography that's available worldwide. You'll find full technical information, free evaluation software and development tools, and details of our SafeCracker Challenge program where you can earn a $$$ REWARD $$$ while trying to put us out of business! The inventor and developer of the RPK system is aparently Dr. William M.Raike who holds a US patent as co-inventor of scrambler which NSA banned in the US. The Nicolai/Raike case attracted some media attention and, after the NSA rescinded the order, it was one of the first instances in which an NSA director commented publicly on patent secrecy issues. That invention had its roots in spread spectrum technology. Note sure if that has any bearing on the public key offering. Note that I have no connection with this person, software or site, just natural curiousity about what cypherpunks think about it. Stephen Cobb, CISSP From ichudov at algebra.com Thu Jul 25 10:43:06 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 26 Jul 1996 01:43:06 +0800 Subject: Game Theory and its Relevance to Cypherpunks In-Reply-To: <199607250636.XAA06174@dns2.noc.best.net> Message-ID: <199607251413.JAA07901@manifold.algebra.com> James A. Donald wrote: > The best way to convince others you are crazy is to actually be crazy. > > More practically, if you organize your nuclear forces so that any > serious war is likely to escalate uncontrollably into the battle of > armageddon, regardless of your intentions and desires, which is how > the American government organized its nuclear forces in Europe, > then you can pretty much guarantee you will not have to face a > serious war. How did they organize them? It is interesting. - Igor. From perry at piermont.com Thu Jul 25 10:43:22 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 26 Jul 1996 01:43:22 +0800 Subject: Netscape In-Reply-To: <31F73E84.415A@netscape.com> Message-ID: <199607251435.KAA20861@jekyll.piermont.com> Jeff Weinstein writes: > The simple fact is that our executives decided not to provide > our US software for download over the internet until we got > a written statement from the Office of Defense Trade Controls > that we would not be prosecuted for such actions. This decision > was made by our executives based on advice given them by lawyers > that they trust. The requirements imposed by the government > were to get this written statement. Would people quit harassing Netscape? I don't like many things that Netscape does (SSL instead of SHTTP, etc., private HTML extensions, etc) but they are at least providing decent security, and by my lights they are under no moral obligation to martyr themselves. There is no moral obligation to sacrifice ones self for others. If they choose not to break the law so that they can continue to do their work and not go to jail, that is their choice. We have no cause to harass them for failing to put up their own cross. Indeed, some people here seem to want them not just to build the cross but nail themselves to it. Thats asking a bit much by my wa of thinking. Leave 'em alone. I'm happy that I can now transfer web pages over 128 bit RC4. I'd prefer to have the pages themselves protected and signed a la SHTTP, but thats a subtle technical consideration. Their hearts are in the right place. Perry From ichudov at galaxy.galstar.com Thu Jul 25 10:52:47 1996 From: ichudov at galaxy.galstar.com (Igor Chudov) Date: Fri, 26 Jul 1996 01:52:47 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607251409.JAA16978@galaxy.galstar.com> Here's a puzzle for our game theorists. Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's how they plan to split the money: they stay in line, and the first guy suggests how to split the money. Then they vote on his suggestion. If 50% or more vote for his proposal, his suggestion is adopted. Otherwise they kill the first robber and now it is the turn of guy #2 to make another splitting proposal. Same voting rules apply. The question is, what will be the outcome? How will they split the money, how many robbers will be dead, and so on? igor From jbugden at smtplink.alis.ca Thu Jul 25 10:54:24 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Fri, 26 Jul 1996 01:54:24 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: <9606258383.AA838315815@smtplink.alis.ca> tcmay at got.net wrote: >I believe the game-theoretic and evolutionary approaches, mixed in with >economics, offer the most solid grounding for the discussion of rights. I'll try keep my response brief, because I seem to swerve between didactic and sarcastic without being able to stop in between. As others have said, look where I'm pointing, not at what I'm pointing with. So here goes... Basically, in this view of rights and raising of children it would seem that a relativistic pragmatism prevails. Personally, I think that the two choices are either this relative pragmatism or an absolute morality. "Do unto others as you would have them do unto you." Some implications of Tim's view is that all our rights are basically a transitory agreement between individuals. If at any time the "cost" of a right becomes too high for too many (e.g. free speech leading to X for some X), then it is quite possible that this "right" will be removed. The "losers" have no higher appeal process in this matter than that of trying to gain a different consensus. This may work while there is not a large power gap between any two individuals or groups, but as power shifts to fewer people and groups (economic, social, political, etc...) the "losers" may find that the lowest cost path is into some form of economic serfdom or slavery (e.g. McJobs). Ask Phil for other examples ;-). Unlike Rawls, we are not in a position of developing our laws in advance of determining our social standing. I personally believe that our ability to develop reasonable laws and social structures will persist only as long as the majority of us have the ability to "put ourselves in someone else's shoes" and do in practical terms what Rawls suggests in theoretical ones. As soon as those with power are not able to see a situation where they could become like those without power, there will cease to be motivation to maintain a "safety net" of rights or economic means to protect the "losers" of our society. James From alexf at iss.net Thu Jul 25 11:14:58 1996 From: alexf at iss.net (Alex F) Date: Fri, 26 Jul 1996 02:14:58 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: <199607251447.KAA02494@phoenix.iss.net> > >>Isn't it odd that when music is sold, CD's are MORE expensive than cassette > >>tapes, even though you _know_ that the manufacturing cost of CD's is less? > > > >CDs sell for more because buyers decided that they wanted a wider range of > >titles with shallower sales (hence higher unit costs) rather than a narrower > I'm afraid that quantitatively, this is utter nonsense. > > A relevant data point is the fact that for about $1000, anybody can have > 1000 copies of a custom CDROM manufactured. That, by music industry The real; answer to all of these points is too simple. "Because they can" A lot has to do with percieved value. If consumers would have thought that the prices were way too high, then the market would have dictated a lower cost eventually. I think that the price of CDs vs tapes is more a marketing issue than a technical one.... Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From raph at cs.berkeley.edu Thu Jul 25 11:16:06 1996 From: raph at cs.berkeley.edu (Raph Levien) Date: Fri, 26 Jul 1996 02:16:06 +0800 Subject: Parsing John Youn (Re: OPS_nuk) In-Reply-To: <2.2.32.19960725122659.0069a64c@panix.com> Message-ID: <31F7BA04.1F382C42@cs.berkeley.edu> Duncan Frissell wrote: > > Tim asked for a translation. I thought it was one of John's more > declarative summaries. It this case, it's reality that's skewed. Voila: > > >At 3:30 PM 7/24/96, John Young wrote: > >> The WSJ Page Ones a loser's game > > There is an article on the first page of the Wall Street Journal about > financial losses... [Rest of decryption elided] Bravo! Duncan, your dcryptanalytic skills demonstrate you to be a truly worthy cypherpunk. There isn't any chance you'd be willing to do this on a regular basis, is there? Raph From bryce at digicash.com Thu Jul 25 11:23:03 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Fri, 26 Jul 1996 02:23:03 +0800 Subject: NOISE: Rand and smoking Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) In-Reply-To: Message-ID: <199607251456.QAA18357@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Someone like Tim wrote something like: > > I think > some of her essays in her Objectivist Newsletter had explained why smoking > was essentially de rigeur. > > Rothbard > wrote an article for "Liberty," circa 1986-8, which is where I read the > details. Also, I believe Barbara Branden's biography of Rand dealth with > this, but I haven't read it in many a year. > > And there is this comment, from an admittedly off-beat source > (http://www.zonpower.com/zonpower/book/chapters/chapter29.html): Uh.. yabbut we were talking about insisting that her followers smoke, which is different from saying that smoking is cool. Well, for most people it is different. So like... back to your regularly scheduled programming or something... Bryce P.S. I wonder how often the regularly scheduled programming of citizen units _is_ exactly? -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMfeLHUjbHy8sKZitAQHeYQMAhNJ0jS/hqhPlH4LqwetAbFypj+C51Pi8 TJIcMF3MxJcmrViWzlPx71c61pUpBkOd3XfdPYx4YkDknhi56mhUZ9q4FSu5/L4P KmlJioiCFQrHg/SyTZoxtVJNFSUfBxLI =aw7C -----END PGP SIGNATURE----- From alexf at iss.net Thu Jul 25 11:57:39 1996 From: alexf at iss.net (Alex F) Date: Fri, 26 Jul 1996 02:57:39 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607251458.KAA02604@phoenix.iss.net> > >> To go to trial, an indictment would be needed. How likely is this? > > > >The likelyness is irrelevant to the point. Possibility is relevant. > >Probability is not. > > "Likeliness" is _always_ relevent when discussing law. I disagree. The CDA is not likely to ever get enforced. Does this mean that we should just ignore it because likeliness is zero to none? > Thus, the guy who buys a bicycle that later turns out to have been stolen, > will usually lose the bicycle, but is not knowingly receiving stolen > property and hence is guilty of no crime. And no DA will charge him; the > courts and jails are already clogged up enough. Uhh, if the DA has a personal vendetta against the guy w/ the bike he *COULD* charge him, if he wanted to, and it would be 100% legal. What we are talking about here are laws that allow for harrassment under the guise of the legal system. Granted, laws are not necedssarily bad, people are, but still.... This stuff CAN and DOES (there goes the "likeliness" theory) happen all the time. Your point of view strikes as one from a text book where people are not crooked (nothing wrong w/ that), but the sad fact is that there are people out there who can and will take advantage of any legal loophole in order to get done what they want done. Alex F > I maintain that this "wiggle factor" in the law is not something to get > worried about ("But they _could_ arrest me for buying a book stolen 10 > years ago! We've got to do something!) and is, in fact, essential in any > justice system. There just is no "automated" or "formal" system, and > probably/hopefully never will be. > > --Tim May > > > > Boycott "Big Brother Inside" software! > We got computers, we're tapping phone lines, we know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Licensed Ontologist | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From snow at smoke.suba.com Thu Jul 25 11:59:56 1996 From: snow at smoke.suba.com (snow) Date: Fri, 26 Jul 1996 02:59:56 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: Message-ID: On Wed, 24 Jul 1996, Bill Olson (EDP) wrote: > Alan Horowitz writes: > >Phil, > >are you saying that you're a better businessman than Rush Limbaugh? > >Can we see some 1040's, please? > > Rush Limbagh is a big fat *RICH* idiot. Big? yes. Fat? I'd say so. Rich? In relation to me, yes, and probably to you. Idiot? The man _got_ rich doing something he enjoys and is good at, meanwhile you are working for the great satan. Who is the Idiot? OB Crypto: From what I have heard Mr. Limbaugh _didn't_ like the CDA, and if the right person can get to him and convince him properly, he might even come out against GAK (if he hasn't already). He has the potential to reach millions of _very_ loyal people. It might be worth someones time to try to get thru to him. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From mpd at netcom.com Thu Jul 25 12:06:03 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 26 Jul 1996 03:06:03 +0800 Subject: Digital Watermarks for copy protection in recent Billbo (fwd) In-Reply-To: <199607250621.BAA07021@einstein.ssz.com> Message-ID: <199607251521.IAA06190@netcom18.netcom.com> Jim Choate writes: >> The Sampling Theorem states that equally spaced >> instantaneous samples must be taken at a rate GREATER THAN >> twice the highest frequency present in the analog signal >> being sampled. If this is done, the samples contain all the >> information in the signal, and faithful reconstruction is >> possible. > Actualy the sampling theorem states that if you want to > reproduce a signal reliably it must be sampled at a > frequency AT LEAST TWICE that of the highest frequency of > interest in the FFT of the signal. This means the signal > must be deformable into sine waves, not all signals qualify > for this particular limitation and in general are not good > signals for sampling. You want a continuous Fourier transform, not a discrete one, to determine the frequency spectrum of the waveform being sampled. The FFT is simply an algorithm for computing the DFT without redundant computation. In general, any Lebesgue integrable complex function will have a Fourier transform, even one with a finite number of discontinuities. The reverse transform will faithfully reproduce the function, modulo the usual caveats about function spaces and sets of measure zero. There is no meaningful difference between speaking of the highest frequency in a signal, and the highest frequency present in its Fourier transform. > An example is a step change from v1 to v2. since there is > no change in voltage except for a brief moment the output > of the FFT is pretty much flat. The Fourier transforms of step functions, square wave functions, delta functions, and other oddities are perfectly well defined. Again, the FFT is not relevant here. A step function does not have a upper cutoff in the frequency domain, so you can never reproduce it perfectly from its samples, although the faster you sample, the sharper the edges of the reconstruction will become. > What comes out the other end looks like a spike (similar to > what happens when you feed a square wave to a transformer > and look at the output). If you reconstruct this via the > sampling theorem you get a sign wave of extremely low > amplitude and frequency. I don't think so. [Incomprehensible Deletia] > Back to the comb. Where a given signal has a componant leave > the teeth. Where there is no componant break them off. You > are left with a ratty looking comb. Now to each of the > remaining teeth assign an amplitude for that specific > frequency that is consistent with the FFT you calculated. > The way this FFT is implimented in practice is called a > 'Comb Filter' where it samples the signal (wide bandwidth) > over a set of very small bandwidth filters in parallel. I must have been absent on "tooth day" in Functional Analysis class. > One of the basic ideas of Algebra is that any given curve > can be explained by a arbitrary set of equations. The > Sampling Theorem just gives you a rationale for picking from > that set. AIIIIIIIIEEEEEEEEEEEEE! (I feel much better now :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From anonymous-remailer at shell.portal.com Thu Jul 25 12:07:01 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 26 Jul 1996 03:07:01 +0800 Subject: One of the biggest problems with freedom Message-ID: <199607251523.IAA06095@jobe.shell.portal.com> What our biggest problem is, is that people want the government to protect them from the oh so evil terrorists, and they will willingingly have shackles put on them, and rejoice when it is done. I know people who WANT the government to take away their rights for security, and its a lot of people, and its far too many people. Example: "I don't care if the government has my keys for encryption. I don't do anything wrong, and if it helps FBI enforce our just laws, I am all for it. Since anyone who tries to get keys without legal means will end up in Leavenworth for the rest of their life, there is no problems with people getting access to those things." When I try to refute the logic: "I don't care about the bill of rights... I don't want to have to split my family up on separate flights so there is a chance of some of them arriving without dying. I want the security of knowing I can fly okay without being blown up, thank you very much. Signapore has little or no crime since the people give up their rights for a common good." Problem with freedom is people don't use it... and like a limb, will wither and fall off if not used. Our basic item should be trying to get the masses to figure out that freedom is important and should not be construed as a gift from the government. From snow at smoke.suba.com Thu Jul 25 12:08:53 1996 From: snow at smoke.suba.com (snow) Date: Fri, 26 Jul 1996 03:08:53 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu> Message-ID: On Wed, 24 Jul 1996 hallam at Etna.ai.mit.edu wrote: > > >Talk shows that attempt to stimulate active thought on reasonable premise > >generally do not survive long in syndication. With Limbaugh's show, it > >took a double hit as the markets it played to were for the most part late night. > >BTW, this comes from actually looking it up in past TV Guides - not > >mindlessly drooling over the radio - so put away the "he's lying" crap. > And why did the networks put Rush on so late? Could it be that > he did not pull in the viewers? Not the networks, the local stations. Each station decides where to slot a specific non-network show. In many time slots he was competing sucessfully with The Late Show, and The Other Idiot (sorry, it has been a long time since I watched TV, so I can't remember the other idiots name). In one city he was place opposite Oprah Winfrey, and _still_ had decent ratings, but the TV stations got a lot more complaints about him at 3 in the afternoon, so they put him on after midnight. > >Following the shallow logic of your argument, Limbaugh is not a success > >because he does not broadcast on TV. > > It is shallow logic, but it is Rush's own logic. He promotes the > idea that success is measured in ecconomic terms. The failure of his > TV show demonstrates the failure of his ideas under the criteria > which he himself espouses. His TV show did not suceed or fail because of what Limbaugh did, but rather on decesions that were totally out of his hands. That is why he is not renewing his contracts. > >If you firmly believe the premise that Fascism was the root cause behind > >OKC, then you have no choice but to look to the White House and Capital > >Hill. > > Nope, I look to the millitas, Chritian Identity, the Klu Klux Klan > and their appologists including Liddy and Limbaugh. If you read > the propaganda that the NAZIs used you will find it if anything > less direct than Liddy or Buchannan. The NAZIs did not advertise their > intention to commit mass murder, they used code words. When Buchannan > refers to "Hose" he is using a codeword he knows will be understood. Please do not lump all militias in with the Chistian Identity & Klan types, you just display more and more ignorance. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Thu Jul 25 12:17:28 1996 From: snow at smoke.suba.com (snow) Date: Fri, 26 Jul 1996 03:17:28 +0800 Subject: [Noise] was Re: Givin In-Reply-To: Message-ID: On Thu, 25 Jul 1996 pjn at nworks.com wrote: > In> I guess I don't really have to worry too much, though. It is illegal > In> for children to possess such items publicly, and any parent who > In> condones it is simply breaking the law. I don't blame the child, I > In> blame the moronic parent who let's it happen. > > You would be suprised at what kids can get away with without their > parents knowing... I doubt that most of us here would be suprised. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From hallam at Etna.ai.mit.edu Thu Jul 25 13:09:17 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 26 Jul 1996 04:09:17 +0800 Subject: LIMBAUGH ON TV In-Reply-To: Message-ID: <9607251646.AA07787@Etna.ai.mit.edu> I'm still rather amused by the terms of your bet, $50 vs 25L. At current exchange rates 25 Lire is more like 2 cents. I thought I had already given my 2 cents. Given that this is a public newsgroup, and the one most likely to be read by spooks and the FBI I would have to be almost as stupid as Rush to accept any bets on it. Its called illegal interstate gambling. Phill From benchmaster at benchin.com Thu Jul 25 14:01:01 1996 From: benchmaster at benchin.com (Benchmaster) Date: Fri, 26 Jul 1996 05:01:01 +0800 Subject: Benchin' Registration Message-ID: <19960725164130921.AAA160@www> Hi Random! Thank you for registering as a Benchin' member! You have the privilege of reviewing software, participating in discussion groups, and winning prizes! Take this opportunity to help your fellow software seekers by reviewing your share of software products. Do 25 and get your beanie! At any Benchin' log-in screen type: User Name: rjnerd Password: 43095 You may want to change your password to one which is easier to remember. Click on the "Members" menu item, then the "Log-In" link, and enter your log-in. Then click the "Change Password" link. And if you ever forget it, we can e-mail it to you! (Just click the "Members" menu item and then "You forgot Your Log-In?") Thank You! - The Benchin' Team (Have you earned your beanie yet?) Benchin' Software Review - http://www.benchin.com/ From jimbell at pacifier.com Thu Jul 25 14:01:48 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 26 Jul 1996 05:01:48 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607251702.KAA06172@mail.pacifier.com> At 09:09 AM 7/25/96 -0500, Igor Chudov wrote: >Here's a puzzle for our game theorists. > >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >how they plan to split the money: they stay in line, and the first guy >suggests how to split the money. Then they vote on his suggestion. If >50% or more vote for his proposal, his suggestion is adopted. > >Otherwise they kill the first robber and now it is the turn of guy #2 >to make another splitting proposal. Same voting rules apply. > >The question is, what will be the outcome? How will they split the >money, how many robbers will be dead, and so on? My guess? They all agree to kill whoever made that suicidal rule. Otherwise, all but two would end up dead. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Thu Jul 25 14:05:38 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 26 Jul 1996 05:05:38 +0800 Subject: Digital Watermarks (long, getting off-topic) Message-ID: <199607251719.KAA07105@mail.pacifier.com> At 07:27 AM 7/25/96 -0500, Adam Shostack wrote: >Duncan Frissell wrote: >| At 10:26 AM 7/24/96 -0800, jim bell wrote: >| >| >Isn't it odd that when music is sold, CD's are MORE expensive than cassette >| >tapes, even though you _know_ that the manufacturing cost of CD's is less? >| >| CDs sell for more because buyers decided that they wanted a wider range of >| titles with shallower sales (hence higher unit costs) rather than a narrower >| range of titles with lower sales prices. The number of CD titles available >| is far greater (in general distribution) than the number of vinyl titles >| that were available during vinyl's peak year. This greater availability of >| short run pressings raises average unit sales costs justifying the higher >| prices. Had the market decided (when physical production costs fell) that >| it was satisfied with a Top-40 CD stock, average CD prices would have fallen >| to vinyl levels. > > Thus, my desire to listen to the Drummers of Burundi justifies >a cost of $16.99 for the latest REM album? If I want the wide range >of African music thats now available (and I do), then I should be >willing to pay a premium to get it. No reason for Alanis Morisette >fans to subsidise those of us with musical taste. If what Duncan said were true, then you'd see music stores spring up which sell ONLY the "Top-40 stock", but sell it for pre-CD vinyl prices. They'd get all that business, and OTHER record stores would sell the obscure stuff. That's not happening. Jim Bell jimbell at pacifier.com From root at adam.sp.org Thu Jul 25 14:21:11 1996 From: root at adam.sp.org (Phillip) Date: Fri, 26 Jul 1996 05:21:11 +0800 Subject: Question In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I Think so. IMHO the goverment would say that an individual or organization did/conspired to/whetever transport controled technolagy outside of the country. Thay would claim that the only thing that had changed was the mode of transport. Each single email, by it's self, would be legal, but if you Know of other portions of the source being transfered, you would be part of a "Criminal Organization". On Tue, 23 Jul 1996 pjn at nworks.com wrote: > OK...A question for you all: > > If it is illegal (by our governments standards...) to export programs > like PGP, etc., and you can send the whole source code in a message > because that is also considered illegal, then could you send the code, > broken up into many pieces, and send THAT in Email, would that be > illegal? > > (Wow...All in one sentence... :) > > > P.J. > pjn at nworks.com > > > .... I am Jesus of Borg. Blessed are they who are assimilated. > > ___ Blue Wave/QWK v2.20 [NR] > > > > - -------------------------------------------------------------------------------- Wellcome to the next 3 levels. - --------------------------- ----------------------------------- pj22298 at xx.acs.appstate.edu http://xx.acs.appstate.edu/~pj22298 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfesgAxVIXeuPUw9AQG4qAf/Rly38AYT8UatQKAuuYzcc+ySFjmfv7/A nNRiUnbkvj5TWFqsIWSdxriWRY4AX5opgn/GX5gmwu+fwxte0g2j+mvQ09pOGhhP Nc2/272G8aPwga3j9LjpbCt//m2RQ4FETr3okb6QbnJSnB6XaZkEFw8MnhFQYCj6 /hpfSnXpAzpMxd9ulk9SpdfeCxp6gWz1zFfdhKJJpR3TVIuAsS3YpNkC1+J1NO/B BnF7eyNmLovBvLnHX6dnoIoWkD2T2mZVJxZklwYEVFwWVCX6qyH3JFF9Q8E/bigt xAy3ZAU9IcT9m4+mb4xsnatTDUGsJ0efKqwOdSvDnqws1qH+wRVwtA== =bsLD -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Thu Jul 25 14:33:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 26 Jul 1996 05:33:56 +0800 Subject: Data Sources for DES Breaking In-Reply-To: <199607242051.NAA13352@netcom5.netcom.com> Message-ID: mpd at netcom.com (Mike Duvos) writes: > Given that we might embark upon this public demonstration of the > fragility of single DES, what should we use for test data? If the goal is to show that the 40bit key used in s/mime is totally insecure, then one could take some short plaintext likely to occur there and compute a lookup table, listing its encryption with all possible keys - and make it available on the internet. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Thu Jul 25 14:37:23 1996 From: deviant at pooh-corner.com (The Deviant) Date: Fri, 26 Jul 1996 05:37:23 +0800 Subject: Netscape In-Reply-To: <199607250317.UAA03425@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- hOn Wed, 24 Jul 1996, jim bell wrote: > Date: Wed, 24 Jul 1996 20:16:52 -0800 > From: jim bell > To: Tom Weinstein , > The Deviant > Cc: cypherpunks at toad.com > Subject: Re: Netscape > > At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote: > >The Deviant wrote: > >> > >> I would have suggested even being as nice as "We'll do the same as MIT > >> does with PGP's distrobution, or RSA does with RSAREF (just so you'll > >> know, RSA's FTP basicly has a readme file that says "the files in > >> subdir of a dir thats -r+x to you, so if you're a citizen go to > >> dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why > >> Netscape should be any different. > > > >MIT reportedly has a letter stating that their systems is okay. The > >state department wouldn't give us such a letter because they were > >"currently reevaluating their guidelines", or some such thing. We > >convinced them to give us temporary permission for this system until > >they had finalized their new policy. > > > That still doesn't make since. > > First, there were laws. And we had to obey them. > > Then, they added ITAR. And they want us to obey it. > > Finally, it seems, they're giving us "guidelines." Not law, Not ITAR. > > Next it's gonna be their their fondest desires, their preferences,and > finally their whims. > > What's wrong with this picture? Do I detect an ass-kissing contest? > Yup.. thats it. And they said I was an idiot when I [Correctly] said that Netscape wasn't activly fighting the ITAR. > > You should have told them that if they're "evaluating their guidelines" that > means that NO future modifications to those guidelines is binding on you, > since it is not part of ITAR and is CERTAINLY not part of the law. You > should have memorialized the contact with a lawyer's letter, and promptly > posted the new version of your software with whatever version of the > precautions (MIT, RSA, or?) you felt most happy with. > Or even better... Lets look at this version... lets say I get my internet service from MCI. Now lets say I put crypto on my web page. When somebody from out of the country visits my web page, and downloads it, who's exporting it? Them, MCI, or me? I'd say they are, and I doubt ITAR covers this... this is one of those things thats covered in "guidelines". ;) umm.... Smooch Smooch? --Deviant Unix is the worst operating system; except for all others. -- Berry Kercheval -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMferwjAJap8fyDMVAQHyMgf9EiBGYs+ZKyZ9Bq+PK8rsAbbXAzlrk0Zl AfWnnmwiRFZjK6KwNcxqmoCtSYqu2a0V6tuDzcwwHpU/buu5GD7NBa+2BjD9FqlM zF1nd72HKfBo8o8+ZZRyCzk+6z8vRdVp+MxTEdlyc6cHKZjih4uTGAK5GLBWaJgs O+58WvtYWYU1r8F+OBlhNvxCkiiKRSROKO/fByX6eSf/u/J+jY5zsO/Ul+zYLvPM ATQGLwWa4Sxvszkdqh2RcCCK7qoIeMPQ68B6pvB0nI4/suQLrTe6SHCP6kLCKT71 Cn40OmbWE7IEDaIalb7jCKMwgJB2Ut7zgWHhIMmnJVBiq8elnbRXvg== =hR/j -----END PGP SIGNATURE----- From owner-cypherpunks at toad.com Thu Jul 25 14:41:52 1996 From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com) Date: Fri, 26 Jul 1996 05:41:52 +0800 Subject: Filtering out Queers is OK Message-ID: <9607222001.AA09555@mailman.> Several folks said, ad nauseum: >Please don't respond to Steinlight's spam - thank you... (ans serveral variants) For a group who claims to defend the rights to speak and associate, etc, we seem to be wasting a lot of energy lately telling each other who we should talk to and associate with. I figure I can decide for myself. Repeating your advice won't sway me. Probably won't sway most of us. From tcmay at got.net Thu Jul 25 14:45:15 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 05:45:15 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: Several people have sent me private mail about this interpretation of crypto/privacy rights. (I guess they don't think a message to the list as a whole is warranted, to save room for ninja discussion.) As I said, my essay was an explication of my my thoughts, not a footnoted, rigorous derivation. For those interested in looking into more on this, a seach of the keywords will produce lots of hits. Including one at David Friedman's site: http://www.best.com/~ddfr/Academic/Property/Property.html. I was meeting with him several months back and mentioned my Schelling point interpretation of rights--he immediately lit up and referred me to his forthcoming paper. Now it is possible I was influenced by comments on the Extropians list about this (maybe by Hanson, Price, or Friedman himself). Certainly it was the Extropians list where I first heard of Schelling points. Anyway, check it out. At 3:31 PM 7/25/96, jbugden at smtplink.alis.ca wrote: >Basically, in this view of rights and raising of children it would seem that a >relativistic pragmatism prevails. Personally, I think that the two choices are >either this relative pragmatism or an absolute morality. > >"Do unto others as you would have them do unto you." > >Some implications of Tim's view is that all our rights are basically a >transitory agreement between individuals. If at any time the "cost" of a right >becomes too high for too many (e.g. free speech leading to X for some X), then >it is quite possible that this "right" will be removed. The "losers" have no >higher appeal process in this matter than that of trying to gain a different >consensus. Partly so, but this view is _not_ the same a standard "majoritarianism," or "rule of the herd." In liberal societies (liberal in the classical sense, for those who only know the recent interpretation) there is a Schelling point that says enforcing what others read is too expensive and intrusive to enforce, and hence we will "let" others read Jackie Collins novels, Salman Rushdie novels, whatever. Even if enough people dislike Collins and Rushdie, the larger principle will typically make censorship impossible (e.g., the enforcement mechanisms will not be in place). And I have never said that people should not _lobby_ for principles of freedom, obviously, as I am effectively lobbying in this and other essays. >This may work while there is not a large power gap between any two individuals >or groups, but as power shifts to fewer people and groups (economic, social, >political, etc...) the "losers" may find that the lowest cost path is into some >form of economic serfdom or slavery (e.g. McJobs). Ask Phil for other examples >;-). Even meant humorously (">;-)"), many of us would dispute the notion that a voluntarily-taken job is a "McJob." Frankly, working at a fast-food place is usually not a lifetime career, but is instead a way for high-school students and others to gain work skills and to establish a "reputation" useful for finding later jobs. (I worked for $1.60 an hour, minimum wage, cleaning animal cages, taking blood samples from mice, and so on. Back in high school. Certainly a "McJob," in terms of pay and my status level, but useful in getting later jobs.) >Unlike Rawls, we are not in a position of developing our laws in advance of >determining our social standing. I personally believe that our ability to >develop reasonable laws and social structures will persist only as long as the >majority of us have the ability to "put ourselves in someone else's shoes" and >do in practical terms what Rawls suggests in theoretical ones. Of course. (And Rawls would not disagree--this was his essential point.) >As soon as those with power are not able to see a situation where they could >become like those without power, there will cease to be motivation to >maintain a >"safety net" of rights or economic means to protect the "losers" of our >society. What are "those without power"? The best way to help the "losers" of our economy is to allow voluntary economic relationships to be formed. (As an aside, the raising of the minimum wage to $5 or so will further reduce employment opportunities for low-skilled, "starter" jobs. Alternatives such as automation, moving offshore, or simply withdrawing certain jobs will be attractive.) Fortunately, strong crypto means ways to route around these so-called "safety nets." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sandfort at crl.com Thu Jul 25 14:46:24 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 26 Jul 1996 05:46:24 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607251646.AA07787@Etna.ai.mit.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punk, On Thu, 25 Jul 1996 hallam at Etna.ai.mit.edu weasled: > > I'm still rather amused by the terms of your bet, $50 vs 25L. > At current exchange rates 25 Lire is more like 2 cents. That's L25, not 25L. I though Phil was a UK "subject," thus I proposed a wager of 25 Pounds Sterling. Clear enough? If Phil wants to do it all in US dollars then I will bet US$50 against his US$45. > Given that this is a public newsgroup, and the one most > likely to be read by spooks and the FBI I would have to be > almost as stupid as Rush to accept any bets on it. Its called > illegal interstate gambling. Yes, I know how it is when the mayors of cities with major league ball clubs in the World Series make public wagers on the outcome of the game--hard time in Levenworth. If Phil really believes he and I are at any credible legal risk for a making such a personal wager, he is a fool. If he really knows better (my best guess), then he is intellectually dishonest and a moral coward. I again invite Phil to put up or shut up. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ichudov at galaxy.galstar.com Thu Jul 25 15:11:32 1996 From: ichudov at galaxy.galstar.com (Igor Chudov) Date: Fri, 26 Jul 1996 06:11:32 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION Message-ID: <199607251813.NAA02650@galaxy.galstar.com> Igor Chudov wrote: > > Here's a puzzle for our game theorists. > > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > how they plan to split the money: they stay in line, and the first guy > suggests how to split the money. Then they vote on his suggestion. If > 50% or more vote for his proposal, his suggestion is adopted. > > Otherwise they kill the first robber and now it is the turn of guy #2 > to make another splitting proposal. Same voting rules apply. > > The question is, what will be the outcome? How will they split the > money, how many robbers will be dead, and so on? > I forgot to say what the GOALS are. The goals of every individual cypherpunk are (in from highest to lowest priority): 1. Stay alive 2. Get as much money as possible 3. Keep as many cypherpunks alive as possible, all other things being equal. - Igor. From dlv at bwalk.dm.com Thu Jul 25 15:15:34 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 26 Jul 1996 06:15:34 +0800 Subject: When books are outlawed In-Reply-To: <2.2.32.19960725031831.00da51a4@mail.teleport.com> Message-ID: Alan Olsen writes: > > Off Our Backs is a PC lesbian magazine. "On Our Backs" is an S&M Lesbian > magazine edited by Suzie Bright. It is not anything resembling PC. (Ms. > Bright does not have a nice oppinion of Dwarkin and her fellow travelers, to > put it mildly.) (Alan's off-topic again, as usual.) _On _Our _Wheelchairs is a PC rag for demented cripples dying from AIDS and tr trying to stifle free speech. _Our _Favorite _Vegetable is the PC rag for their supporers. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Jul 25 15:15:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 26 Jul 1996 06:15:56 +0800 Subject: Brute Force DES In-Reply-To: <199607250338.UAA13937@toad.com> Message-ID: "Chris Adams" writes: > >What's the cheapest form of storage, magtape? How much can you store on > >magtape? The entries can be sorted so that lookup doesn't take long even > >when you have to mount tapes. > > Hmmmm... Don't they have some of those 8mm tapes that go to 4-8GM per > tape? Anyone have access to one? One can also have an index to the data on faster storage: that's how I usually store the data on tapes. One note about these huge 8mm tapes (like the ones from Exabyte): random seeking them is very slow. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mclow at owl.csusm.edu Thu Jul 25 15:21:19 1996 From: mclow at owl.csusm.edu (Marshall Clow) Date: Fri, 26 Jul 1996 06:21:19 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <199607251409.JAA16978@galaxy.galstar.com> Message-ID: >Here's a puzzle for our game theorists. > >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >how they plan to split the money: they stay in line, and the first guy >suggests how to split the money. Then they vote on his suggestion. If >50% or more vote for his proposal, his suggestion is adopted. > >Otherwise they kill the first robber and now it is the turn of guy #2 >to make another splitting proposal. Same voting rules apply. > >The question is, what will be the outcome? How will they split the >money, how many robbers will be dead, and so on? > It seems to me that the last two guys in line will _almost always_ vote for killing the suggestor. the exceptions being for extreme suggestions like "let's split the money between #19 and #20", which I figure will get voted down by #s 2 thru 18. -- Marshall Marshall Clow Aladdin Systems "We're not gonna take it/Never did and never will We're not gonna take it/Gonna break it, gonna shake it, let's forget it better still" -- The Who, "Tommy" From hallam at Etna.ai.mit.edu Thu Jul 25 15:25:02 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 26 Jul 1996 06:25:02 +0800 Subject: LIMBAUGH ON TV In-Reply-To: Message-ID: <9607251827.AA07862@Etna.ai.mit.edu> >That's L25, not 25L. I though Phil was a UK "subject," thus >I proposed a wager of 25 Pounds Sterling. Clear enough? The generaly accepted abreviation is GBP. >If Phil wants to do it all in US dollars then I will bet US$50 >against his US$45. How about hard currency? I prefer Swiss francs (CHF). >If Phil really believes he and I are at any credible legal risk >for a making such a personal wager, he is a fool. If he really >knows better (my best guess), then he is intellectually dishonest >and a moral coward. The moral point is not that there is risk of being caught, it is that society has made laws and unless there are exceptional circumstances it is a duty to obey those laws. I don't argue against breaking laws which are immoral, indeed I am still refusing to pay a Poll tax bill from the UK despite the fact that the amount outstanding is inconsequential. >I again invite Phil to put up or shut up. You sound like an 18th century fop challenging someone to a duel. I do not believe that Aristotle listed "challenging to a bet" as one of his modes of reason. Rush has been rejected by the very free market principles he espouses which destroys his case through self contradiction. On the other hand I have not asserted that premise, arguments ad pecuniam are therefore irrelevant. The fact remains that the lack of Rush on TV has an explanation considerably less charitable than Rush's claim. Whether Rush returns to TV or not is of very little interest to me except insofar as it would reduce the already sparse options for TV entertainment in Cambridge. Would you believe that Continental is so lame that they do not offer either the Sci-Fi channel nor the comedy channel in the home town of MIT and Harvard? If I had realised that NBC Olympic coverage would be as bad as it is I might have got a satelite dish to pick up the feed from Astra. Phill From poodge at econ.Berkeley.EDU Thu Jul 25 15:29:43 1996 From: poodge at econ.Berkeley.EDU (Sam Quigley) Date: Fri, 26 Jul 1996 06:29:43 +0800 Subject: remailer network/winsock remailers Message-ID: Hi, I've been unsubscribed from the list for a while, and only recently rejopined, so this issue may well have been addressed in my absence. If not, though, here: It occurs to me that, with the invention of the winsock remailers, we have the potential to establish a very widespread and distributed network of part-time remailers. Specifically, it seems like there are a lot of users who are only connected to the internet for short periods (PPP/SLIP) or who only have full control over their machines for short periods. These computers could not normally be used to run remailers as mail would bounce when the computer/remailer software is down. If there were some sort of central registry where winsock (or other non-permanent) remailers could announce their ability/inability to bounce mail, email could be forwarded through these temporary remailers on a dynamic basis. I imagine the system would be something like this. User X, a part-time cypherpunk, turns on his PPP connection to get his internet fix. When he does, his remailer software connects to a central site and registers itself, the software (and capabilities of the software) it's using, and how many email messages (CPU time) X is willing to give up. The registry sends back a confirmation message, and adds X's computer to its list. Now, when user Y wants to use the remailer network, she sends a message through a series of remailers, one of which is the remailer network host computer. When the message gets to the host computer, the host looks at its list and bounces the message randomly to one of the winsock remailers. In this way, people who can't ordinarily run a remailer can still help out with the network, and the message becomes, ultimately, much more untraceable because (ideally) there are tons of temporary remailers that the message could have been sent to. This could expand the network by a lot... I imagine precautions would have to be taken to ensure that temp. remailers really are up and running (the host would have to ping remailer computers regularly to ensure that none went down without informing the host). It would also be good if incoming messages to the host remailer could specify how many hops it should take, whether or not it should be subject to random delays / burst sends, and other options which haven't occurred to me yet. This can't be a new idea, though. If something like this already exists, please send me a pointer. If not, I'd be willing to help develop a protocol for client / server interaction. -sq From adamsc at io-online.com Thu Jul 25 15:39:13 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 26 Jul 1996 06:39:13 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607251842.LAA25935@cygnus.com> On 25 Jul 96 11:12:20 -0800, ichudov at algebra.com wrote: >Here's a puzzle for our game theorists. > >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >how they plan to split the money: they stay in line, and the first guy >suggests how to split the money. Then they vote on his suggestion. If >50% or more vote for his proposal, his suggestion is adopted. > >Otherwise they kill the first robber and now it is the turn of guy #2 >to make another splitting proposal. Same voting rules apply. > >The question is, what will be the outcome? How will they split the >money, how many robbers will be dead, and so on? First, the other nineteen shoot David Sternlight. Then Perry and tcmay get shot. With the (now) absence of strong personalities to guide the conversation among the remaining 8 robbers (should have shot tcmay *before* he got his guard up) spend enough time arguing over trivialities that the police show up and catch them all. Moral: It is easier to herd cats than lead cypherpunks. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From ses at tipper.oit.unc.edu Thu Jul 25 15:43:26 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 26 Jul 1996 06:43:26 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <199607251702.KAA06172@mail.pacifier.com> Message-ID: On Thu, 25 Jul 1996, jim bell wrote: > My guess? They all agree to kill whoever made that suicidal rule. > Otherwise, all but two would end up dead. But the people at the start of the line know that if they don't hang together, they will end up dead, and if that they act purely selfishly only the last two will benefit. Because they want to stay alive, a better solution for the first person to propose equal shares, which would be opposed by the last two players, but supported by the rest. He could also split the money only amongst the first half of the gang, since he only needs half the votes. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From janke at unixg.ubc.ca Thu Jul 25 15:46:19 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Fri, 26 Jul 1996 06:46:19 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II In-Reply-To: Message-ID: Hello, Tim, I found your essay interesting, but would like to describe a hypothetical situation and my ideas of how your notion of Schelling points applies to you to see if I am correctly following your ideas: Suppose that I live in a rural area and I know that my neighbour beats his children because I have seen them with bruises before and too many times just to be from household accidents. Since I am far enough away from him, the beating does not make enough noise to distrub me from any of my activities. I am also planning on moving in three years, so there is little danger that I will be a victim if the children develop into violent criminals due, in part, to their abuse. In this case, the "least action" reasoning seems to tell me to do nothing. On the other hand, the state might do some sort of calculation like the following: (probability the children will become violent criminals) x (cost of dealing with violent criminals) -(cost of taking the children from the parent) to see if intervention is warranted. This is already a simple application of utilitarianism, however, so that the introduction of the notion of Schelling points to explain state intervention seems unnecessary. One the hand, the theory does seem distinguishable from utilitarianism for explaining the likely behaviour of the other neighbours of the beater: Cosinder ones who will be living in the area for quite some time. They are more likely to later become victims of violent crime (either from the beater or the children) so would have a greater probability of intervening than others. However, it seems that no intervention can be justified on notion of Schelling points unless (probability the children will become a violent criminal) x (cost of children's crimes to me if they do) -(cost of person acting now) is positive. (Of course, people will have diffent estimates of the costs and probability affecting whether or not they act). A utilitarian, however, would have to do the same calculation as the state to determine whether or not it was right to act, so would be more likely act, because the utilitarian needs to consider the cost to everyone, not just to him or herself. Am I following your ideas ok? :) -- Leonard Janke (janke at unixg.ubc.ca) NEW pgp key id 0x6BF11645 (0xF4118611 eaten by /dev/fd0 :( ) From pjn at nworks.com Thu Jul 25 15:46:56 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Fri, 26 Jul 1996 06:46:56 +0800 Subject: Distributed DES crack Message-ID: >> half that time...and a slim chance that we will get it with the first >> try... > My figures were based on 2^55 tries, which is exactly half of 2^56. Ahhh... OK. P.J. pjn at nworks.com ... Open mouth, insert foot, echo internationally. ___ Blue Wave/QWK v2.20 [NR] From alano at teleport.com Thu Jul 25 15:48:15 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 26 Jul 1996 06:48:15 +0800 Subject: [Rant] Re: One of the biggest problems with freedom Message-ID: <2.2.32.19960725183409.00d4a930@mail.teleport.com> At 08:23 AM 7/25/96 -0700, anonymous-remailer at shell.portal.com wrote: >Example: "I don't care if the government has my keys >for encryption. I don't do anything wrong, and if it >helps FBI enforce our just laws, I am all for it. Since >anyone who tries to get keys without legal means will end >up in Leavenworth for the rest of their life, there is >no problems with people getting access to those things." I usually ask people like this why they would wind up in Levenworth for the rest of their life? Or spend any time in jail at all? Government agents are frequently found going through the records of friends and enemies. haven ANY of them gone to jail? Sometimes one or two will get a repremand of caught doing something real dirty. There seem to be few, if any, penalties for Government Agents caught with their hands in the cookie jar. (Unless it involves cash.) Like the police, Government officials tend to protect their own. If they start to open your encrypted mail, how do you know? It is not like the postal service doing it where you can see the ripped up envolopes. Ask them if they would mind postal inspectors going through all of their private letters and postal mail. (Just to make sure you are not talking about anything you shouldn't...) Or maybe watching you when you shower to make sure that you do not have any underage children in their with you. There are lots of excuses to be made for intruding into people's lives. Does not mean it is right. suggestion for the truely insane/bored: If you really want to start driving the point home, start intercepting their mail. Steam the envalopes open, read it, seal it back up and put in back. Mention small details of their private correspondence in passing. Mention that they have still not paid that bill for Soap Opera Digest. Talk about all the money they own Uncle Bob. They will soon get the point. <> People do not seem to think about these restrictions until they REALLY start to affect them. By then it is too late. It will "never happen to them"! (You also might want to point out that not all people accused are actually guilty. Some of the worst cases are shown to be fedrales operating off of old or bad data. The innocent citizen just happens to get caught in the path of the Fedreral Juggernaught. Most of the "average citizens" who I have met who are willing to give up their freedom are far too clueless and trusting to get the point. The Government is there to help them. (Help themselves to their money, their property, their personal information, their piece of mind, etc. etc. etc.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From tcmay at got.net Thu Jul 25 15:58:09 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 06:58:09 +0800 Subject: Industry and Government "Guidelines" (Is Speech Next?) Message-ID: At 5:15 PM 7/25/96, The Deviant wrote: ... >> Then, they added ITAR. And they want us to obey it. >> >> Finally, it seems, they're giving us "guidelines." Not law, Not ITAR. >> >> Next it's gonna be their their fondest desires, their preferences,and >> finally their whims. I was going to reply, but I have decided to follow the "speech guidelines" suggested by my local MiniTru authority figure. While the government does not demand that my words be cleared by them, they have made it clear that if I sign a "Good Citizen Pledge," and agree not to speak of certain things, that my problems with the government will be lessened, my export requests expedited, and my passage through Customs will be eased. --Tim May Seriously, I think there are serious "rule of law" issues arising out of these "consultations" between industry and government. Things are not spelled out, as Mindy Cohn of the Bernstein case so articulately has described, and people seeking clearcut decisions about what can and can't be exported find they get no answers. "We can't define an illegal export, but we know it if we see it." And actually not even this, as the decision often takes months or longer, or no response is ever received. (Was the ITAR violation t-shirt ever given a CJR or turned down for one? Though my personal view is that the t-shirt was a side issue, and a frivolous example, last I heard State was simply not responding one way or another.) Seems to me, and I'm sure to others, that the ITARs are a clear case of what lawyers call "overvagueness." And my joke about a "Good Citizen Pledge" is only partly a joke. The language of companies "coming to agreements" with the State Department, in exchange for expedited handling, is a dangerous trend. Carried further, it could create classes of companies and citizens, not all of whom would be treated equally under the law. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Thu Jul 25 16:00:35 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 26 Jul 1996 07:00:35 +0800 Subject: [Rant]Re: Shell buys key escrow system from TIS Message-ID: <199607251921.MAA01459@toad.com> At 06:20 AM 7/25/96 -0400, Jim Ray wrote: >Will Rodger, >Washington Bureau Chief of Inter at ctive Week, wrote: > >>Administration officials didn't return calls for comment, but it's clear >>that the Clinton-Gore team have their first "testbed" for trying out key >>recovery, or key escrow, proposals. > >Hmmm. A new meme, "key recovery" is lots better than "key escrow," but >I still wonder if I'm ever gonna see a journalist say, "'GAK,' or Govt. >Access to Keys for cryptography." I doubt we'll see many non-cyber-journalists saying "GAK", at least in print :-) But the name "Clipper III" seems to be catching on fairly well, which has the added benefit if connoting "yet another key-grabbing attempt after the previous two failures", which I like a lot. Key recovery is at least quasi-honest, unlike "key escrow"; I'd tend to call the Clintonista's scheme "key registration" though I've generally found that "master key system" gets the point across adequately. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From abostick at netcom.com Thu Jul 25 16:02:12 1996 From: abostick at netcom.com (Alan Bostick) Date: Fri, 26 Jul 1996 07:02:12 +0800 Subject: Bare fibers In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article , Rabid Wombat wrote: > ob crypto/privacy: Anybody have a good idea for detecting a tap on > exterior fiber? I'd expect an attacker to have to interupt connectivity, > terminate both ends of a break, and insert an active device. Thoughts? As has been mentioned earlier, all an attacker has to do is encourage some of the light to exit the fiber, by bending it, contacting it with a detector, etc. If the detector is sensitive enough, the loss induced by this is minimal. This sort of tapping is exactly the sort of thing quantum cryptography is supposed to prevent, or at least identify. Nothing short of quantum methods is going to spot the tap, unless you happen to come across the tap by inspecting the entire length of the fiber. - -- Alan Bostick | [Spielberg's] latest is TWISTER, a film that mailto:abostick at netcom.com | gives whole new meaning to the phrase "giant news:alt.grelb | sucking sound." -- Patrick Taggart http://www.alumni.caltech.edu/~abostick -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMffDPeVevBgtmhnpAQHftwL9HTNe4VUHlpRkOAYW1nKFwyw3cqkM+xXt +zXOHuR52ffP1M2IZwTnPpBrBaXlCa6W+3uahnczVdJmAR/0MF5ksnh6bpjd+9IP KmqnBG52X8f+HazUEygNJkRD1oVGlMTH =FHZ5 -----END PGP SIGNATURE----- From tcmay at got.net Thu Jul 25 16:19:33 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 07:19:33 +0800 Subject: CD Prices and Inflation Message-ID: At 6:18 PM 7/25/96, jim bell wrote: >If what Duncan said were true, then you'd see music stores spring up which >sell ONLY the "Top-40 stock", but sell it for pre-CD vinyl prices. They'd >get all that business, and OTHER record stores would sell the obscure stuff. > That's not happening. Something not being talked about in any of the messages I've seen is the role of _inflation_. Those claiming CD prices are "too high" should consider inflation. (Caveat: I also consider CD prices "too high," in terms of what I'd _like_ to pay.) When I first started buying LPs, circa 1967, LP prices were usually around $4.88 (that figure rings a bell, no pun intended). Some discount prices were around $3.67, at a local PX (Post Exchange, a military store, usually having subsidized prices). I do recall paying $5.98 for some albums I wanted. And in those days the average working man's salary was under $10,000 a year, gold was $35-40 an ounce, a new 3-bedroom house in many areas cost $20-30K, a pound of hamburger cost less than a dollar, a copy of "Scientific American" cost either 60 or 75 cents (price increased) and a paperback book cost between 75 cents and $1.25. (These numbers are approximate, but mostly about right. Paperback books, for example, were at about 35 cents until the 60s, then moved to 50 cents, then to 60-75 cents, then hit the dollar point around 1970, the $1.95 point a few years later, then jumped to $2.95, $3.95, etc., and are now around $5.95 for most bestseller paperbacks. Again, don't quibble too much. A detailed check of paperback collections showing publishing dates and prices would pin these numbers down.) So, what do we have now? Salaries are 2-4x higher, gold is at $375 an ounce, a new 3-br house averages about $100K (and is 2x that in many places), hamburger is at $2-3/pound, "Scietific American" sells for $3.95 or $4.95, and paperback books go for $4.95. Roughly, then, everything on this list is 3-4 times more expensive than it was in the late 60s. So, those LPs I was buying for $4-5 should now cost $12-20, correcting for inflation/price rises. And yet I am able to find many CDs I want for $8.67 (Tower Records: "3 for $25" sales). And they never wear out. And they usually have 60 minutes or more music on them--at least the CDs I buy do--, compared to the paltry 35-40 minutes on most LPs of the past. I can also make flawless copies of CDs I borrow onto DATs. (A friend of mine has gone a bit far with this, borrowing thousands of CDs from libraries...he now has 3900 CDs recorded digitally.) So, while I "wish" CD prices were even lower, I'm paying a lot less in "real dollars" for more music today than I was paying 15 years ago or 30 years ago. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gary at systemics.com Thu Jul 25 16:42:03 1996 From: gary at systemics.com (Gary Howland) Date: Fri, 26 Jul 1996 07:42:03 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607251646.AA07787@Etna.ai.mit.edu> Message-ID: <31F7D507.41C67EA6@systemics.com> hallam at Etna.ai.mit.edu wrote: > > I'm still rather amused by the terms of your bet, $50 vs 25L. > At current exchange rates 25 Lire is more like 2 cents. > > I thought I had already given my 2 cents. > > Given that this is a public newsgroup, and the one most > likely to be read by spooks and the FBI I would have to be > almost as stupid as Rush to accept any bets on it. Its called > illegal interstate gambling. Perhaps you should consider joining the FBI? I think we would both agree that the net social benefits of this would be positive, but perhaps for different reasons. :-) BTW - 'L' is a common abbreviation for 'pounds'. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From a-billol at microsoft.com Thu Jul 25 16:52:16 1996 From: a-billol at microsoft.com (Bill Olson (EDP)) Date: Fri, 26 Jul 1996 07:52:16 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids Message-ID: snow writes: > >On Wed, 24 Jul 1996, Bill Olson (EDP) wrote: >> Alan Horowitz writes: >> >Phil, >> >are you saying that you're a better businessman than Rush Limbaugh? >> >Can we see some 1040's, please? >> >> Rush Limbagh is a big fat *RICH* idiot. > > Big? yes. > Fat? I'd say so. > Rich? In relation to me, yes, and probably to you. > > Idiot? The man _got_ rich doing something he enjoys and is good at, >meanwhile you are working for the great satan. Who is the Idiot? Yes, I work for satan. But I am wealthy because of it. Nice guys finish last. My emphasis was that he was rich, not that he was an idiot. Personally, I think the guys an asshole, but I commend him for his capitolist efforts. BTW - I'm an idiot. Never said I wasn't. > From tcmay at got.net Thu Jul 25 16:55:29 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 07:55:29 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: At 7:28 PM 7/25/96, janke at unixg.ubc.ca wrote: >Hello, Tim, > >I found your essay interesting, but would like to describe a >hypothetical situation and my ideas of how your notion of Schelling >points applies to you to see if I am correctly following your ideas: > >Suppose that I live in a rural area and >I know that my neighbour beats his children because I have seen them with >bruises before and too many times just to be from household accidents. >Since I am far enough away from him, the beating does not make enough noise >to distrub me from any of my activities. I am also planning on >moving in three years, so there is little danger that I will be a >victim if the children develop into violent criminals due, in part, >to their abuse. In this case, the "least action" reasoning seems to >tell me to do nothing. I mentioned "beatings" as a specific example of where the community may decide the costs of intervention are justified. In my view, concentrating on such "extreme" cases (beatings, Christian Scientist parents, etc.) is rarely useful, especially when most "interventions" are for so much less extreme cases. >On the other hand, the state might do some sort of calculation like >the following: > >(probability the children will become violent criminals) x >(cost of dealing with violent criminals) >-(cost of taking the children from the parent) Well, I don't believe any calculus of "probability the children will become violent criminals" is useful. We don't know if watching the Power Rangers will make an 8-year-old "turn into" a criminal at age 18. And so forth. >Am I following your ideas ok? :) > Check out the Friedman URL I gave for more details. The Schelling point view is more "energy conservation common sense" than utilitarian models usually have it. Thus, all of your talk about estimating the chances that someone will become a criminal in the distant future is not something an "energy conserver" (a lazy person, basically) will worry about too much. Especially, but not solely, because there is basically no way to predict the future. I might think that my neighbor, a Christian Fundamentalist, is raising warped kids. But this is his business, so long as I have don't have to pay for them or their ideas directly. They may turn out to be Dahmerian cannibals in 10 years, but they probably won't. And, in any case, I won't lift a finger to change their home environment. (Nor would my neighbor tolerate it--and he's got a Benelli Super-90 Tactical Shotgun, a lot more firepower than I have!) This last paragraph is pretty important. A lot of people realize they can't personally intervene with their neighbors, and so they seek the power of a mob or herd to enforce some law they themselves cannot or will not. "There ought to be a law!" is the most disgusting phrase in the English language. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Thu Jul 25 16:58:16 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 26 Jul 1996 07:58:16 +0800 Subject: Netscape Message-ID: <199607252024.NAA17509@mail.pacifier.com> At 05:15 PM 7/25/96 +0000, The Deviant wrote: >hOn Wed, 24 Jul 1996, jim bell wrote: >> That still doesn't make sense. >> First, there were laws. And we had to obey them. >> Then, they added ITAR. And they want us to obey it. >> Finally, it seems, they're giving us "guidelines." Not law, Not ITAR. >> Next it's gonna be their their fondest desires, their preferences,and >> finally their whims. >> What's wrong with this picture? Do I detect an ass-kissing contest? > >Yup.. thats it. And they said I was an idiot when I [Correctly] said >that Netscape wasn't activly fighting the ITAR. Agreed. Writing good crypto is certainly praiseworthy and desirable, but it does not "fight ITAR," per se. (It fights lack of crypto, which is not the same thing! Lack of crypto certainly needs to be fought, as well.) Writing the software and selling it domestically is, at best, "ITAR-neutral." Putting it on the net in the most unrestrictive way the State Department has previously approved of is also "ITAR-neutral." (Because such a method is, presumably, within the rights of anyone; we can conclude this because "the State Department said so.") A _PRO_-ITAR stance is one in which a company or person puts restrictions on his distribution of that software above and beyond what have historically been approved, particularly when prior distributions of software are still going on with those previously-approved restrictions. They may be absolutely entitled to do so, but that's still pro-ITAR. For a small and uninfluential company, the significance of doing that is minor, but for Netscape, it's crucial because it practically invites the government to set a new precedent beyond what they (the government) previously thought they might get away with. >> You should have told them that if they're "evaluating their guidelines" that >> means that NO future modifications to those guidelines is binding on you, >> since it is not part of ITAR and is CERTAINLY not part of the law. You >> should have memorialized the contact with a lawyer's letter, and promptly >> posted the new version of your software with whatever version of the >> precautions (MIT, RSA, or?) you felt most happy with. >> > >Or even better... Lets look at this version... > >lets say I get my internet service from MCI. Now lets say I put crypto on >my web page. When somebody from out of the country visits my web page, >and downloads it, who's exporting it? Them, MCI, or me? I'd say they >are, and I doubt ITAR covers this... this is one of those things thats >covered in "guidelines". ;) umm.... Smooch Smooch? Yes, if we really oppose ITAR, we should kill it by insisting that the government fully document it at every turn. Jim Bell jimbell at pacifier.com From sparks at bah.com Thu Jul 25 17:23:22 1996 From: sparks at bah.com (Charley Sparks) Date: Fri, 26 Jul 1996 08:23:22 +0800 Subject: One of the biggest problems with freedom Message-ID: <2.2.32.19960725212455.006a3bf8@pop1.jmb.bah.com> -----BEGIN PGP SIGNED MESSAGE----- I forget who said " The price of freedom is eternal vigilance" but it applies to threats both foreign and domestic. This includes the government. I trust no one absolutely. And I among many others have helped to pay for what freedom we have left. ( He said, in a movin' to Idaho kinda way ) cheers -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCXAwUBMffl2uJ+JZd/Y4yVAQHpFwQMC5f+guI+aH/mmOtnr50EVaKuhRHZjmtN 7/Q0MR2anBUuxb2b1eBzt/jzsQe1seh+yjGdF7PchDPU8cvo8d1zIRKNcYoo3uNZ 4DnGRt5aJncvOVtjA1MbbdPJppXzZvZwzbNaUsc/W6deE2Ug0zqhfVaBZ3/Qsw/f ZvImtor9X+MmNw== =NUjq -----END PGP SIGNATURE----- At 08:23 AM 7/25/96 -0700, you wrote: > >What our biggest problem is, is that people want the >government to protect them from the oh so evil terrorists, >and they will willingingly have shackles put on them, >and rejoice when it is done. > >I know people who WANT the government to take away their >rights for security, and its a lot of people, and its >far too many people. > >Example: "I don't care if the government has my keys >for encryption. I don't do anything wrong, and if it >helps FBI enforce our just laws, I am all for it. Since >anyone who tries to get keys without legal means will end >up in Leavenworth for the rest of their life, there is >no problems with people getting access to those things." > >When I try to refute the logic: > >"I don't care about the bill of rights... I don't want to >have to split my family up on separate flights so there is >a chance of some of them arriving without dying. I want >the security of knowing I can fly okay without being >blown up, thank you very much. Signapore has little or >no crime since the people give up their rights for a common >good." > >Problem with freedom is people don't use it... and like >a limb, will wither and fall off if not used. > >Our basic item should be trying to get the masses to figure >out that freedom is important and should not be construed >as a gift from the government. > > > From furballs at netcom.com Thu Jul 25 17:23:26 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Fri, 26 Jul 1996 08:23:26 +0800 Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu> Message-ID: On Wed, 24 Jul 1996 hallam at Etna.ai.mit.edu wrote: > > >Talk shows that attempt to stimulate active thought on reasonable premise > >generally do not survive long in syndication. With Limbaugh's show, it > >took a double hit as the markets it played to were for the most part late night. > >BTW, this comes from actually looking it up in past TV Guides - not > >mindlessly drooling over the radio - so put away the "he's lying" crap. > > And why did the networks put Rush on so late? Could it be that > he did not pull in the viewers? Syndicated shows are scheduled by the local broadcasters. They decide when and if to run them. It only makes sense that if you have control over your material but are at the mercy of the broadcaster, that is not a sound business position to remain in. > > >Following the shallow logic of your argument, Limbaugh is not a success > >because he does not broadcast on TV. > I noticed you clipped the truism about academia... > It is shallow logic, but it is Rush's own logic. He promotes the > idea that success is measured in ecconomic terms. The failure of his > TV show demonstrates the failure of his ideas under the criteria > which he himself espouses. > Maybe in your book, but your above statement demonstrates that: a) you know very little about how the TV broadcast market works, b) you are confusing the issue of business with political stance, c) that you assume to understand what makes a person financially successful, when infact you have said nothing here to demonstrate such knowledge, and d) your bank account is much smaller than his, otherwise you wouldn't piss and moan about Limbaugh's financial status in the first place. > >The issue I take with this, is the constant spouting of King Bill's > >pronouncement of why OKC occured in the first place. We don't know WHY it > >took place - that's what a trial is for (if you actually believe that > >justice is blind and lawyers tell the truth always). We will NEVER really > >know - but it's damn fine political fodder to take an unconstitutional > >swipe at the populous with the anti-terrorist legislation. > > That is not what the trial will decide. The question is who and what, > why is irrelevant given the nature of the offense. > Maybe in the UK, but in the US there is the little thing called motive. It either helps or hurts one's final outcome in the court system. > >If you firmly believe the premise that Fascism was the root cause behind > >OKC, then you have no choice but to look to the White House and Capital > >Hill. > > Nope, I look to the millitas, Chritian Identity, the Klu Klux Klan > and their appologists including Liddy and Limbaugh. If you read > the propaganda that the NAZIs used you will find it if anything > less direct than Liddy or Buchannan. The NAZIs did not advertise their > intention to commit mass murder, they used code words. When Buchannan > refers to "Hose" he is using a codeword he knows will be understood. > Well, that's your take on politcs, and a very narrow view that it is. Obviously there is more to American Politics than Pat Buchanan, and frankly I would doubt very seriously he had anything to do with Fascism and the US Government. In a former life, he was a reporter and columnist in the press (one of the self-anonted guardians of free speech). He never set policy, just did his journalistic spin on it. If anything, Buchanan is reminicient of the protectionist days of the 1930's prior to US entry into WWII. Back then Hitler was a European problem that got out of hand quickly. And, if it wasn't for the fact that France and Great Brittain tried to beggar Germany after Kaiser Willhelm surrendered, Hitler and the NAZI's may not have come to power. I would suggest you study your American history more carefully and without the grandstanding and speeches of the revisionists who pass themselves off as educators and political analysts. ...Paul From johnbr at atl.mindspring.com Thu Jul 25 17:24:57 1996 From: johnbr at atl.mindspring.com (John Brothers) Date: Fri, 26 Jul 1996 08:24:57 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <1.5.4.32.19960725212112.0069d924@pop.atl.mindspring.com> At 03:03 PM 7/25/96 -0400, you wrote: >On Thu, 25 Jul 1996, jim bell wrote: >> My guess? They all agree to kill whoever made that suicidal rule. >> Otherwise, all but two would end up dead. >But the people at the start of the line know that if they don't >hang together, they will end up dead, and if that they act purely >selfishly only the last two will benefit. Because they want to stay >alive, a better solution for the first person to propose equal shares, >which would be opposed by the last two players, but supported by the rest. >He could also split the money only amongst the first half of >the gang, since he only needs half the votes. doh! I just spent 20 minutes writing all the logic to that down! And to absolutely maximize his chances of staying alive, he will divide the money amongst robbers #2 - #10, and give up his own share. At least, that is the proposal I would make were I under those circumstances. John --- John Brothers Do you have a right not to be offended? From majordomo at ayla.avnet.co.uk Thu Jul 25 17:32:13 1996 From: majordomo at ayla.avnet.co.uk (majordomo at ayla.avnet.co.uk) Date: Fri, 26 Jul 1996 08:32:13 +0800 Subject: Welcome to tmdgmet Message-ID: <199607252025.VAA03960@ayla.avnet.co.uk> -- Hello and welcome to the Tom Dawes-Gamble Met pages mailing list ================================================================ You are very welcome to use the pages and send me Email with requests for enhancements and new ideas. I will NOT reply to any EMAIL that asks for lost passwords lost user is or for users to be deleted. you can do all of that from your own browser. I hope that through this mailing list I can reduce the work I have to do to help people. It is not currently a moderated list but only because I have not got the time to set up moderation. The main purpose of the mailing list is so that I can relay information to you about the changes and plans for the pages. Please don't unsubscribe from the mailing list unless you are changing your account or service provider. If your address is not in the mailing list then your user id will be taken out of the register and you will not be able to access the pages. You must have registered correctly to get this message. Correct registration meerly means that you choose a user name that no one else has and that you were able to key the same password twice. I have three major problem areas. 1) Compuserve users. For some reason they seem to have more problems than anyone else. Please read the User Guide for more information about this. 2) Forgotten user-ids and passwords. If you have problems in this area then again the user guide is the place to look. 3) Can you get weather for or there is no weather for XXXXXX. There can be several reasons for this. If you find that other stations have more recent weather then may be the station you are looking for has a problem. If you never see weather for the station then most likely we don't get weather for that station. If nowhere has up to date weather then may be there is a problem with the feed you can be sure that AVnet and/or Skytrak already know about the problem. I put most of the documentation in the web pages. So I beg you to look there first. If you really are stuck then by all means send me email. I but the thing to remember is that 2500 people have registered and most of them don't have problems. I will update the pages when there are significant changes. So if you have not read the User Guide for a while it may be worth a visit. I am currently restructuring the layout of the weather pages layout so you should go to the weather home page if you get an error trying to load a page. Please remember that I do the work for this page in my on time. I do not get paid for the work other than the by the "Thank You" Email and the Article that appeared in Flyer. The mailing list addresses are as follows. 1. tmdgmet at avnet.co.uk 2. tmdgmet-request at avnet.co.uk All mail addressed to tmdgmet at avnet.co.uk will be sent to all the "subscribers". You are now subscribed to the list. Mail addressed to tmdgmet-request at avnet.co.uk is specifically intended to allow you to command the mail system to do something. Here's how: 1. Address a message to tmdgmet-request at avnet.co.uk 2. Ignore the subject line in your mail program 3. in the body of the message enter either: subscribe tmdgmet (to subscribe to the tmdgmet) unsubscribe tmdgmet (to stop receiving the tmdgmet) help tmdgmet (to get a fuller explanation of these and other commands) To post new messages to everyone on the list, just send them to :- tmdgmet at avnet.co.uk Best regards, Tom. -- Tom Dawes-Gamble Email: tmdg at avnet.co.uk G-ATAG is a Jodel DR1050 /Bent Wings are Best */ From hfinney at shell.portal.com Thu Jul 25 18:45:06 1996 From: hfinney at shell.portal.com (Hal) Date: Fri, 26 Jul 1996 09:45:06 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607252305.QAA06996@jobe.shell.portal.com> I think the best way to approach this problem is to first try to solve it assuming there are only two robbers rather than 20. Then once you have that figured out, try it for three, then four, and so on. Keep in mind that 50% support is enough for a proposed distribution to pass, you don't need a strict majority. Hal From vagab0nd at sd.cybernex.net Thu Jul 25 18:53:10 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Fri, 26 Jul 1996 09:53:10 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION Message-ID: <2.2.32.19960725232126.006e51bc@mail.sd.cybernex.net> At 01:13 PM 7/25/96 -0500, you wrote: >Igor Chudov wrote: >> >> Here's a puzzle for our game theorists. >> >> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >> how they plan to split the money: they stay in line, and the first guy >> suggests how to split the money. Then they vote on his suggestion. If >> 50% or more vote for his proposal, his suggestion is adopted. >> >> Otherwise they kill the first robber and now it is the turn of guy #2 >> to make another splitting proposal. Same voting rules apply. >> >> The question is, what will be the outcome? How will they split the >> money, how many robbers will be dead, and so on? >> > >I forgot to say what the GOALS are. The goals of every individual >cypherpunk are (in from highest to lowest priority): > >1. Stay alive >2. Get as much money as possible >3. Keep as many cypherpunks alive as possible, all other things being equal. > > - Igor. > Well, two wrong so far, here it is: Nobody knew that robber#17 was Steven Segal under-cover. #1 proposed an even split, so Segal broke his neck. The other 18, being CypherPunks, were smart enough to make tracks. One dead, Segal 20 million, and no lines rehearsed. vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From vagab0nd at sd.cybernex.net Thu Jul 25 19:01:45 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Fri, 26 Jul 1996 10:01:45 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION Message-ID: <2.2.32.19960725231249.006b4c10@mail.sd.cybernex.net> At 01:13 PM 7/25/96 -0500, you wrote: >Igor Chudov wrote: >> >> Here's a puzzle for our game theorists. >> >> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >> how they plan to split the money: they stay in line, and the first guy >> suggests how to split the money. Then they vote on his suggestion. If >> 50% or more vote for his proposal, his suggestion is adopted. >> >> Otherwise they kill the first robber and now it is the turn of guy #2 >> to make another splitting proposal. Same voting rules apply. >> >> The question is, what will be the outcome? How will they split the >> money, how many robbers will be dead, and so on? >> > >I forgot to say what the GOALS are. The goals of every individual >cypherpunk are (in from highest to lowest priority): > >1. Stay alive >2. Get as much money as possible >3. Keep as many cypherpunks alive as possible, all other things being equal. > > - Igor. > OK, robber #1 secretly discusses with each other robber that if he votes for #1, that they will split it. All robbers thinking this, vote for #1. #1 then leaves town with 20 million. vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From tcmay at got.net Thu Jul 25 19:15:03 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 10:15:03 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: At 11:51 PM 7/25/96, jbugden at smtplink.alis.ca wrote: >The stats on the average internet user are usually something like 85% male, >US$50K average income, 30-35 years old, Univeristy education. I doubt the age figure, and would want to see confirmation before using it. Certainly most people I deal with on the Net seem to be younger than 30-35, though this may be a reasonable _average_ (if not _median_). But the rest of the stats fit. >It may come as no suprise then that Internet users as a group could have life >experiences significantly different than a majority of the population. >Similarily, their views may also be in the minority. On the other hand, they do >hold a majority of the technological power. > >Revenge of the Nerds is one phrase that I have heard. An old movie name, of course. And "Triumph of the Nerds" was the name of the recent PBS/Mark Stevens program. (I hate the term "nerd," as I hate the names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being called a "nerd" is complimentary, or anyone who labels himself as a "geek," is probably one who would call himself a "nigger," or a "queer.") >tcmay at got.net wrote: >>Even meant humorously (">;-)"), many of us would dispute the notion that >a >voluntarily-taken job is a "McJob." Frankly, working at a fast-food place >>is usually not a lifetime career, but is instead a [stepping stone] > >And what or who guarantees that this later, better job exists. Much of what I >read today suggests that McJobs may become the norm for many. "Guarantees"? You ask "what or who guarantees" a better job? I am speechless. There are no guarantees, friend. Not in this reality. Jobs are not something created by the stroke of a Presidential pen--jobs are what we call the exchange of labor or brainpower for money or other considerations. If Alice wants a new roof, and Bob offers to roof her house for a price she think is reasonable, this is a "job" for Bob. And so on. >Can you image working at a low paying job for your entire life. I personally >can't. I work hard and am doing well for myself. Like most of those here, >crypto >would be a benefit for me. On the other hand, unlike most of the population, I >could join Mensa if I applied. My point: I'm not average and I suspect that >neither are you or most of those here. How do you make the cypherpunks agenda >(on the days that there is one ;-) of widespread concern to the average >citizen? I don't, actually. As to "working at a low paying job...", it's a matter for them to work out, perhaps by getting new skills, perhaps by working two jobs, perhaps by opening a business. The statistics on where wealth was created in the 1985-95 period show it overwhelmingly came from new entrepreneurial efforts. >I'm having a hell of a time getting my e-mail read because I'm too busy >shooting >at the food scavengers. They killed my dog! > ???? Not a persuasive argument. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jeremey at forequest.com Thu Jul 25 19:24:01 1996 From: jeremey at forequest.com (Jeremey Barrett) Date: Fri, 26 Jul 1996 10:24:01 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Assuming "perfect" intelligence on the part of the robbers (i.e. they will follow deterministic behavior and do the "right" thing), then here's what must happen IMO (1 being the first guy and 20 being the last): 1 must propose that 1, 3, 5, 7, 9, 11, 13, 15, 17, and 19 all split the money evenly. All of these will vote for it, assuming they're all perfectly smart and deduce the inevitable outcome. I arrived at this working backward from the case where two robbers are left. If 2 are left (19 & 20), 19 gets all the money. So 20 will vote for whatever 18 says, which MUST include 20 in the deal. Since 19 knows this, 19 will vote for whatever 17 says, which must include 19 in the deal, and so forth. Eventually you arrive at the conclusion that 1,3,5...,19 must all agree to split the money at the beginning. On Thu, 25 Jul 1996, Igor Chudov wrote: > Igor Chudov wrote: > > > > Here's a puzzle for our game theorists. > > > > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > > how they plan to split the money: they stay in line, and the first guy > > suggests how to split the money. Then they vote on his suggestion. If > > 50% or more vote for his proposal, his suggestion is adopted. > > > > Otherwise they kill the first robber and now it is the turn of guy #2 > > to make another splitting proposal. Same voting rules apply. > > > > The question is, what will be the outcome? How will they split the > > money, how many robbers will be dead, and so on? > > > > I forgot to say what the GOALS are. The goals of every individual > cypherpunk are (in from highest to lowest priority): > > 1. Stay alive > 2. Get as much money as possible > 3. Keep as many cypherpunks alive as possible, all other things being equal. > > - Igor. > - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Jeremey Barrett Senior Software Engineer jeremey at forequest.com The ForeQuest Company http://www.forequest.com/ "less is more." -- Mies van de Rohe. Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gage, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver", he says, "will usually know what's wrong." -- 'fortune` output -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfgENS/fy+vkqMxNAQEauAP+Ns7g50LTtdRmLg8/ffoveH6x6o/ml6a8 ELGw6/gA0oRq81gVDA/q48uUDOK3+RirV+HcAnB3/QobocxgqftOvcpwk6ewCLOB bh0f2u8OpcXd/ArrC+Upi4l87Eo1IONDudsluaEVYCBX6cTmyrK3kRskjue/3Xr6 I0UIlz6UxFE= =lvhl -----END PGP SIGNATURE----- From ponder at freenet.tlh.fl.us Thu Jul 25 20:01:34 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Fri, 26 Jul 1996 11:01:34 +0800 Subject: Ross Anderson's Eternity Service Message-ID: In response to Hal's questions... I think the Eternity Service, as I understand the idea (altho I haven't read the paper yet), is valuable to society. In some countries, the government may try to suppress views and information unpopular to them and the ES could help make the information available. Sort of like Radio Free Internet. This one use - helping people who may be living under repressive governments get access to more information - would make the service valuable. There is certainly a large risk to intellectual property holders, if people used such a service to distribute copies of software, music, videos, or whatever, to avoid paying royalties and etc. -- pj re the DES hack, has anyone asked Damien when the researchers go on vacation? ;^) From mike at fionn.lbl.gov Thu Jul 25 20:12:11 1996 From: mike at fionn.lbl.gov (Michael Helm) Date: Fri, 26 Jul 1996 11:12:11 +0800 Subject: CD Prices and Inflation Message-ID: <199607252246.PAA11703@fionn.lbl.gov> On Jul 26, 5:06am, Timothy C. May wrote: > Something not being talked about in any of the messages I've seen is the > role of _inflation_. Those claiming CD prices are "too high" should > consider inflation. Good argument, but I think you're still paying more. Some have made the argument that the cost of manufacture of a CD is less (I wouldn't know). Most people pay considerably more taxes for that new platter, too. Sales tax is 6% or more now, was 2-3% then for most people, other taxes have gone way up too. You probably had to earn $28 to bring home that $16 cd. From jimbell at pacifier.com Thu Jul 25 20:15:33 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 26 Jul 1996 11:15:33 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607252105.OAA19656@mail.pacifier.com> At 03:03 PM 7/25/96 -0400, Simon Spero wrote: >On Thu, 25 Jul 1996, jim bell wrote: >> My guess? They all agree to kill whoever made that suicidal rule. >> Otherwise, all but two would end up dead. > >But the people at the start of the line know that if they don't >hang together, they will end up dead, and if that they act purely >selfishly only the last two will benefit. Because they want to stay >alive, a better solution for the first person to propose equal shares, >which would be opposed by the last two players, but supported by the rest. >He could also split the money only amongst the first half of >the gang, since he only needs half the votes. Yes, my answer was quick, flip, and partly wrong. It turns out the answer is probably indeterminate, because the amount people want to live is indeterminate. Consider: If two were left, #2 would get everything by the rules. (he would propose, "I get everything!" The vote would be 1-1, or 50%, which would win.) If three were left, #2 knows that if #3 is eliminated, he would win as above. #1 knows this as well, and is motivated to make a deal with #3 to prevent this. #3 is also motivated to deal, because if he can't get an agreement he's not only out of the money, he's dead. How they choose to split up the money is unknowable, I suspect, because of the "death" aspect. #3 could also deal with #2 if #1's terms were onerous. This problem would be simpler to analyze (and probably determinate) if anyone whose proposal was rejected was simply out of the game, rather than dead. There's another complicating aspect. Voting order is important. According to the rules, #3 must make a proposal, which needs to be voted on. Obviously, #3 will vote for it. But even if he's come to some agreement with #2, will #2 vote yes? If #2 votes no, 3's gone and #2 wins everything. So #3 couldn't trust #2 to vote yes. particularly if #2 voted last. If #1 voted last, and #2 defected, #1 might vote for it, _IF_ it was more desireable than "zero" for him. Could #3 make a proposal like this: "I propose that the money be split up among all who vote for this proposal." #1 would have to vote for it, else he'd get nothing. Jim Bell jimbell at pacifier.com From jti at i-manila.com.ph Thu Jul 25 20:17:16 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Fri, 26 Jul 1996 11:17:16 +0800 Subject: Produce 7 Hertz Frequency Message-ID: <01BB7ABB.F7A9E440@Jerome Tan> Does anyone know how to produce a 7 hertz frequency? From jimbell at pacifier.com Thu Jul 25 20:17:37 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 26 Jul 1996 11:17:37 +0800 Subject: CD Prices and Inflation Message-ID: <199607260014.RAA00302@mail.pacifier.com> At 05:06 AM 7/26/96 -0700, Timothy C. May wrote: >So, what do we have now? Salaries are 2-4x higher, gold is at $375 an >ounce, a new 3-br house averages about $100K (and is 2x that in many >places), hamburger is at $2-3/pound, "Scietific American" sells for $3.95 >or $4.95, and paperback books go for $4.95. > >Roughly, then, everything on this list is 3-4 times more expensive than it >was in the late 60s. So, those LPs I was buying for $4-5 should now cost >$12-20, correcting for inflation/price rises. > >And yet I am able to find many CDs I want for $8.67 (Tower Records: "3 for >$25" sales). And they never wear out. And they usually have 60 minutes or >more music on them--at least the CDs I buy do--, compared to the paltry >35-40 minutes on most LPs of the past. >So, while I "wish" CD prices were even lower, I'm paying a lot less in >"real dollars" for more music today than I was paying 15 years ago or 30 >years ago. I think you're trying to hide a 5-year effect by immersing it in 30 years of change. Yes, we've had inflation, but the large spurt of post-Vietnam inflation was basically over by about 1983, when the CD was introduced. At that time, the explanations for the higher expense of CDs included the fact (then true) that they were costlier to manufacture due to the lower volume and lesser competition, as well as a lower production capacity. (all of these effects were essentially eliminated within 5 years or so.) At the time, I recall that most vinyl was around $7 or so, and CD's typically sold for $15. By 1988, therefore, CD prices should have dropped to the same as vinyl, plus whatever inflation had occurred in the 1983-1988 time frame. (20% total?) $9. Maybe. You'll respond, as you did, that SOME CD's are available for $9.00 Yes. A few. (But it's now 1996, and 1988 was 8 years ago, and back then $15 pricing rule was not frequently broken.) When they're on sale. But the vast majority are stuck, as if by glue, to the $12-$15 price range. I think most people understand, implicitly, that "there's something going on." We don't pretend to be able to quantify it, exactly, but it's there. Here's a proposal that I think would fix the problem. What if the copyright laws were amended to allow _anyone_ (individual or a company) to copy and sell any CD, paying the artist a royalty 20% greater than he'd get from the contracted record company, _and_ paying the originating record company, say, 50 cents royalty per CD. The company doing the "legal bootlegs" would still have to pay for its own production, distribution, and any other costs. This wouldn't be practical if the pricing by the main record company is reasonable; it becomes quite profitable for them if they are in competition with $15 discs. Jim Bell jimbell at pacifier.com From vagab0nd at sd.cybernex.net Thu Jul 25 20:18:06 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Fri, 26 Jul 1996 11:18:06 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net> At 09:09 AM 7/25/96 -0500, you wrote: >Here's a puzzle for our game theorists. > >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >how they plan to split the money: they stay in line, and the first guy >suggests how to split the money. Then they vote on his suggestion. If >50% or more vote for his proposal, his suggestion is adopted. > >Otherwise they kill the first robber and now it is the turn of guy #2 >to make another splitting proposal. Same voting rules apply. > >The question is, what will be the outcome? How will they split the >money, how many robbers will be dead, and so on? > >igor > Here's my guess: Eache robber is going to want the largest share of the money possible. Therefore The first guy dies automatically because that increases the share size. This continues on until there are only two robbers left. Robber #19 suggests that he receives the full 20 million and since his vote is 50%, he receives it all. 18 robbers dead. vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From jgrasty at gate.net Thu Jul 25 20:27:15 1996 From: jgrasty at gate.net (Joey Grasty) Date: Fri, 26 Jul 1996 11:27:15 +0800 Subject: remailer network/winsock remailers Message-ID: <199607260008.UAA29844@osceola.gate.net> Sam wrote: > > Hi, > > I've been unsubscribed from the list for a while, and only recently > rejopined, so this issue may well have been addressed in my absence. If > not, though, here: > > It occurs to me that, with the invention of the winsock remailers, we > have the potential to establish a very widespread and distributed network > of part-time remailers. Specifically, it seems like there are a lot of > users who are only connected to the internet for short periods (PPP/SLIP) > or who only have full control over their machines for short periods. > These computers could not normally be used to run remailers as mail > would bounce when the computer/remailer software is down. > Actually, the way the WinSock Remailer works is that the user's ISP spools the mail and the remailer fetches it from the mail spool via the POP3 protocol. Thus, as long as the mail spool does not overflow, messages will not be lost. As I develop the remailer, one of the features I'm adding is the ability of the remailer to fetch only the messages with valid remail headers and leave the remaining messages in the mail spool. In this way, the mail spool is shared between the user and the remailer. The only disadvantage is that all of the improperly formatted messages end up in the user's mailbox. An annoyance. Another feature I'm adding is the ability to remail outgoing messages through another remailer to hide the origin of the message. This is to hide the presence of the remailer or to provide a discardable account that takes all the heat for spams, harrassment, etc. Thus, a limited stealth capability is achieved. A third feature is to accept inputs from a message pool, say alt.anonymous.messages, and remail them through another remailer. These are both attempts to increase the number of available remailers and to develop some way to make remailers more resistant to governments and other speedbumps on the internet. Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From jimbell at pacifier.com Thu Jul 25 20:30:18 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 26 Jul 1996 11:30:18 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607252223.PAA24106@mail.pacifier.com> At 03:03 PM 7/25/96 -0400, Simon Spero wrote: >On Thu, 25 Jul 1996, jim bell wrote: >> My guess? They all agree to kill whoever made that suicidal rule. >> Otherwise, all but two would end up dead. > >But the people at the start of the line know that if they don't >hang together, they will end up dead, and if that they act purely >selfishly only the last two will benefit. Because they want to stay >alive, a better solution for the first person to propose equal shares, >which would be opposed by the last two players, but supported by the rest. >He could also split the money only amongst the first half of >the gang, since he only needs half the votes. My previous answer was incomplete, of course. I continue to believe that the problem is unsolveable as stated, if for no other reason than the "weight" of the negative represented by dying is not stated. It's a VERY complex problem, unless there's some trick I'm not seeing. Jim Bell jimbell at pacifier.com From jti at i-manila.com.ph Thu Jul 25 20:38:22 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Fri, 26 Jul 1996 11:38:22 +0800 Subject: Apps: Unix for Windows 95 Message-ID: <01BB7ABB.D2E64540@Jerome Tan> I want to play with Unix or at least be familiar with Unix. Unfortunately, Unix systems are expensive, if possible, is there any software that can be run in Windows 95 that makes you run Unix in your system? From jad at dsddhc.com Thu Jul 25 20:51:47 1996 From: jad at dsddhc.com (John Deters) Date: Fri, 26 Jul 1996 11:51:47 +0800 Subject: Twenty Bank Robbers -- solution (?) Message-ID: <2.2.32.19960725223251.00e8eea8@labg30> At 01:13 PM 7/25/96 -0500, Igor Chudov wrote: >Igor Chudov wrote: >> >> Here's a puzzle for our game theorists. > >I forgot to say what the GOALS are. The goals of every individual >cypherpunk are (in from highest to lowest priority): > >1. Stay alive >2. Get as much money as possible >3. Keep as many cypherpunks alive as possible, all other things being equal. The first cypherpunk should propose a 10-way split: #s 11-20. It's the best offer #s 10-18 will be assured of getting without having to kill anyone. Once any one dies, I think the results will always boil down to #19 getting 100% of the money (when #s 1-18 are dead, #19 proposes that #19 gets 100% of the money and his vote is 50%, so he "wins". #20 kills him out of spite and takes it all anyway, though. No honor amongst thieves.) John -- J. Deters "Captain's log, stardate 25970-point-5. I am nailed to the hull." +-------------------------------------------------------+ | NET: jad at dsddhc.com (work) jad at pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'33"N by 93^16'42"W Elev. ~=290m (work) | | PGP Key ID: 768 / 15FFA875 | +-------------------------------------------------------+ From tcmay at got.net Thu Jul 25 20:55:09 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 11:55:09 +0800 Subject: Limbaugh and "Soul Train" Message-ID: At 8:20 PM 7/25/96, Paul S. Penrod wrote: >On Wed, 24 Jul 1996 hallam at Etna.ai.mit.edu wrote: >> And why did the networks put Rush on so late? Could it be that >> he did not pull in the viewers? > >Syndicated shows are scheduled by the local broadcasters. They decide >when and if to run them. It only makes sense that if you have control >over your material but are at the mercy of the broadcaster, that is not a >sound business position to remain in. As an interesting point of comparison, the program "Soul Train," featuring predominantly black music, has been in syndication for more than 25 years. And it usually aired late at night. (I learned this by watching a "Best of 'Soul Train'" program on VH1. The show's creator and director pointed out that being on at 11 p.m. or 1 a.m. made it tough for many of the show's fans to watch it.) My point? Controversial material is often shoved to the end of a programming schedule. This makes room for the "Wheel of Fortune" and "Adam-12" shows in prime time. I'm obviously not arguing for regulatory intervention in scheduling, for either Limbaugh or "Soul Train," merely noting that shows with strong-but-limited appeal often find themselves playing second fiddle to "The Dating Game." Yes, I think Limbaugh has "limited" appeal. I watched him a few times. Sometimes funny, often controversial. But mostly for "dittoheads." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jbugden at smtplink.alis.ca Thu Jul 25 20:57:30 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Fri, 26 Jul 1996 11:57:30 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: <9606258383.AA838345835@smtplink.alis.ca> If crypto is going to become widespread, at some point it will need to enter the mainstream consciousness. We have already discussed the issue of "getting the word out" about GAK in comparison to video cameras in every home. "If people understood the issue, they would never accept GAK..." The stats on the average internet user are usually something like 85% male, US$50K average income, 30-35 years old, Univeristy education. It may come as no suprise then that Internet users as a group could have life experiences significantly different than a majority of the population. Similarily, their views may also be in the minority. On the other hand, they do hold a majority of the technological power. Revenge of the Nerds is one phrase that I have heard. tcmay at got.net wrote: >Even meant humorously (">;-)"), many of us would dispute the notion that >a voluntarily-taken job is a "McJob." Frankly, working at a fast-food place >is usually not a lifetime career, but is instead a [stepping stone] And what or who guarantees that this later, better job exists. Much of what I read today suggests that McJobs may become the norm for many. >>jbugden at alis.com >>As soon as those with power are not able to see a situation where they >>could become like those without power, there will cease to be motivation >>to maintain a "safety net" of rights or economic means to protect the >>"losers" of our society. >What are "those without power"? Can you image working at a low paying job for your entire life. I personally can't. I work hard and am doing well for myself. Like most of those here, crypto would be a benefit for me. On the other hand, unlike most of the population, I could join Mensa if I applied. My point: I'm not average and I suspect that neither are you or most of those here. How do you make the cypherpunks agenda (on the days that there is one ;-) of widespread concern to the average citizen? >The best way to help the "losers" of our economy is to allow voluntary >economic relationships to be formed. I always thought that feudalism was a voluntary economic arrangement. The vassals pledged allegiance and offered their labour while the feudal lord pledged protection. Here is where Phil could give better examples. If we are not prepared to maintain some lowest common denominator (a.k.a. safety net), what will keep our individual freedoms intact if the concerns of the "average" citizen drift unchecked towards simple survival? I'm having a hell of a time getting my e-mail read because I'm too busy shooting at the food scavengers. They killed my dog! James From chris.liljenstolpe at SSDS.com Thu Jul 25 21:04:50 1996 From: chris.liljenstolpe at SSDS.com (Christopher Liljenstolpe) Date: Fri, 26 Jul 1996 12:04:50 +0800 Subject: Bare fibers In-Reply-To: Message-ID: <31f7ee7d.29626488@denver.ssds.com> Greetings, There are other ways of detecting the application of the tap, but at this time, the chance of detecting the existance of the tap is reallistically pretty slim. If the fiber is enclosed in a pressurised conduit, then a drop in the conduit pressure indicates that someone MAY be trying to gain access to the fiber. While a pressurized glove-box around the conduit may allow a break in the conduit to be made without detection, varying the pressure in the conduit makes that a lot more difficult. It all depends on what the value is of the data you are trying to protect/access. -=Chris On Thu, 25 Jul 1996 11:52:12 -0700, the sage abostick at netcom.com (Alan Bostick) scribed: >-----BEGIN PGP SIGNED MESSAGE----- > >In article , >Rabid Wombat wrote: > >> ob crypto/privacy: Anybody have a good idea for detecting a tap on >> exterior fiber? I'd expect an attacker to have to interupt connectivity, >> terminate both ends of a break, and insert an active device. Thoughts? > >As has been mentioned earlier, all an attacker has to do is encourage >some of the light to exit the fiber, by bending it, contacting it with >a detector, etc. > >If the detector is sensitive enough, the loss induced by this is minimal. > >This sort of tapping is exactly the sort of thing quantum cryptography >is supposed to prevent, or at least identify. Nothing short of quantum >methods is going to spot the tap, unless you happen to come across the >tap by inspecting the entire length of the fiber. > >- -- >Alan Bostick | [Spielberg's] latest is TWISTER, a film that >mailto:abostick at netcom.com | gives whole new meaning to the phrase "giant >news:alt.grelb | sucking sound." -- Patrick Taggart >http://www.alumni.caltech.edu/~abostick > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 > >iQB1AwUBMffDPeVevBgtmhnpAQHftwL9HTNe4VUHlpRkOAYW1nKFwyw3cqkM+xXt >+zXOHuR52ffP1M2IZwTnPpBrBaXlCa6W+3uahnczVdJmAR/0MF5ksnh6bpjd+9IP >KmqnBG52X8f+HazUEygNJkRD1oVGlMTH >=FHZ5 >-----END PGP SIGNATURE----- > -- ( ( | ( Chris Liljenstolpe ) ) (| ), inc. SSDS, Inc; 8400 Normandale Lake Blvd.; Suite 993 business driven Bloomington, MN 55437; technology solutions TEL 612.921.2392 FAX 612.921.2395 Fram Fram Free! PGP Key 1024/E8546BD5 FE 43 BD A6 3C 13 6C DB 89 B3 E4 A1 BF 6D 2A A9 From banisar at epic.org Thu Jul 25 21:28:33 1996 From: banisar at epic.org (Dave Banisar) Date: Fri, 26 Jul 1996 12:28:33 +0800 Subject: Freeh Testimony 7/25/96 Message-ID: This is the written testimony of FBI Director Freeh before the Senate Commerce Committee on S 1726, the Pro-Code legislation. Freeh called for the adoption of an universal key escrow system that would facilitate law enforcement access.Several Senators were critical of Freeh's testimony and asked why he and the other panelists believed that savy criminals would use escrowed encryption. Others questioned the possibility to any kind of world wide agreement could be reached. Director Freeh admitted in responding to one Senator that he would seek legislation to ban non-escrow cryptography if it were not widely adopted. He said, "we are not at the point yet that volutary is not vialble. At that point, we would look at mandatory controls." He also stated that he would also ask for import controls to be imposed "if the country was flooded with foreign robust encryption." A html version of this document is available at http://www.epic.org/crypto/export_controls/freeh.html ------------ U.S. Department of Justice Federal Bureau of Investigation Office of the Director Washington, D.C 20535 STATEMENT OF LOUIS J. FREEH DIRECTOR FEDERAL BUREAU OF INVESTIGATION ON JULY 25, 1996 BEFORE THE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE REGARDING IMPACT OF ENCRYPTION ON LAW ENFORCEMENT AND PUBLIC SAFETY Thank you Mr. Chairman and members of the Committee for providing me with this opportunity to discuss with you an issue of extreme importance and of great concern to all of law enforcement, both domestically and abroad -- the serious threat to public safety posed by the proliferation and use of robust encryption products that do not allow for timely law enforcement access and decryption. First and foremost, the law enforcement community fully supports a balanced encryption policy that satisfies both the commercial needs of industry and law abiding individuals for robust encryption products while at the same time satisfying law enforcement's public safety needs. On the one hand, encryption is extremely beneficial when used legitimately to protect commercially sensitive information and communications. On the other, the potential use of such robust encryption products by a vast array of criminals and terrorists to conceal their criminal communications and information poses an extremely serious and, in my view, unacceptable threat to public safety. Recently, the President of the International Association of Chiefs of Police sent a letter to President Clinton expressing support for a balanced encryption policy that addresses the public safety concerns of law enforcement. Additionally, the National Sheriff's Association enacted a resolution last month also expressing their support for a balanced encryption policy and opposing any legislative efforts that would undercut the adoption of such a balanced policy. Since 1992, when AT&T announced its plan to sell a small, portable telephone device that would provide users with low-cost but robust voice encryption, public policy issues concerning encryption have increasingly has been debated in the United States. Since then, people concerned about privacy, commerce, computer security, law enforcement, national security, and public safety have participated in the dialogue regarding cryptography. On the international front, this past December, the multi-national Organization for Economic Cooperation and Development (OECD) meeting in Paris, France, convened an Experts Group to draft global cryptography principles, thus reflecting an increased global interest in and concern about the use and availability of encryption that can be used to endanger a nation's public safety and national security. In addition, several Members of Congress have also joined this public discussion by introducing legislation which essentially would remove existing export controls on encryption and which would promote the widespread availability and use of any type of encryption product regardless of the impact on public safety and national security. However, the impact of these bills, should they be enacted, has not been lost on other Members of Congress as reflected in the letters to the sponsors of both Senate encryption bills by the Chairman and Vice-Chairman of the Senate Select Committee on Intelligence. Senators Specter and Kerrey indicated in their letters that they had concerns regarding these bills and expressed the opinion, which I fully endorse, that there is a "... need to balance U.S. economic competitiveness with the need to safeguard national security interests." To that balance, I would also add public safety and effective law enforcement. Without question, the use of strong cryptography is important if the Global Information Infrastructure (GII) is to fulfill its promise. Data must be protected -- both in transit and in storage -- if the GII is to be used for personal communications, financial transactions, medical care, the development of new intellectual property, and a virtually limitless number of other applications. Our support for robust encryption stems from a commitment to protecting privacy and commerce. But we are also mindful of our principal mission responsibilities: protecting America's public safety and national security in the myriad of criminal, terrorist, and espionage cases that confront us every day. Notwithstanding the accepted benefits of encryption, we have long argued that the proliferation of unbreakable encryption -- because of its ability to completely prevent our Nation's law enforcement agencies from understanding seized computer files and intercepted criminal communications which have been encrypted and then being able to promptly act to combat dangerous criminal, terrorist, and espionage activities as well as successfully prosecute them -- would seriously and fundamentally threaten these critical and central public safety interests. The only acceptable answer that serves all of our societal interests is to foster the use of "socially-responsible" encryption products, products that provide robust encryption, but which also permit timely law enforcement and national security access and decryption pursuant to court order or as otherwise authorized by law. Law enforcement is already beginning to encounter the harmful effects of conventional encryption in some of our most important investigations: - In the Aldrich Ames spy case, where Ames was told by his Soviet handlers to encrypt computer file information to them. - In a child pornography case, where one of the subjects used encryption in transmitting obscene and pornographic images of children over the Internet. - In a major drug-trafficking case, where one of the subjects of one of the court-ordered wiretaps used a telephone encryption device which frustrated the surveillance. - Some of the anti-Government Militia groups are now advocating the use of encryption as a means of preventing law enforcement from properly investigating them. It is important to understand, as one can see from the cases I have cited, that conventional encryption not only can prevent electronic surveillance efforts, which in terms of numbers are conducted sparingly, but it also can prevent police officers on a daily basis from conducting basic searches and seizures of computers and files. Without an ability to promptly decrypt encrypted criminal or terrorist communications and computer files, we in the law enforcement community will not be able to effectively investigate or prosecute society's most dangerous felons or, importantly, save lives in kidnappings and in numerous other life and death cases. We simply will not be able to effectively fulfill our mission of protecting the American public. In a very fundamental way, conventional encryption has the effect of upsetting the delicate legal balance of the Fourth Amendment, since when a judge issues a search warrant it will be of no practical value when this type of encryption is encountered. Constitutionally-effective search and seizure law assumes, and the American public fully expects, that with warrant in hand law enforcement officers will be able to quickly act upon seized materials to solve and prevent crimes, and that prosecutors will be able to put understandable evidence before a jury. Conventional encryption virtually destroys this centuries old legal principle. There is now an emerging opinion throughout much of the world that there is only one solution to this national and international public safety threat posed by conventional encryption -- that is, key escrow encryption. Key escrow encryption is not just the only solution; it is, in fact, a very good solution because it effectively balances fundamental societal concerns involving privacy, information security, electronic commerce, public safety, and national security. On the one hand, it permits very strong, unbreakable encryption algorithms to be used, which is essential for the growth of commerce over the GII and for privacy and information security domestically and internationally. On the other hand, it permits law enforcement and national security agencies to protect the American public from the tyranny of crime and terrorism. We believe, as do many others throughout the world, that technology should serve society, not rule it: and that technology should be designed to promote public safety, not defeat it. Key escrow encryption is that beneficial and balanced technological solution. American manufacturers that employ encryption in their hardware and software products are undoubtedly the technology leaders in the world. American industry has the capability of meeting all of society's basic needs, including public safety and national security, and we, as responsible government leaders, should be sending a clear signal to industry encouraging them to do so. Key escrow encryption is "win-win" technology for societies worldwide. I know you agree that it would be irresponsible for the United States, as the world's technology leader, to move towards the adoption of a national policy that would knowingly and consciously unleash on a widespread basis unbreakable, non-key escrow encryption products that put citizens in the U.S. and worldwide at risk. Unfortunately, in recent months, the nearly exclusive focus of the public discussion concerning the encryption issue has been on its commercial aspects, particularly with regard to removing export controls. This narrow focus ignores the very real threat that conventional, non-key escrow encryption poses both domestically and internationally to public safety. We continue actively to seek industry's cooperation, assistance, and great expertise in producing key escrow encryption products as a critical part of an overall, balanced, and comprehensive encryption policy that would logically include an appropriate relaxation of export controls for key escrow products. As for export controls, we have had ongoing discussions with industry, and industry has articulated the view that export controls needlessly hurt U.S. competitiveness overseas. But once again we need to carefully consider the facts and balance a number of competing interests. Although some strong encryption products can be found overseas, they are simply not ubiquitous, and, as of yet, they have not become embedded in the basic operating systems and applications found overseas. Importantly, when the U.S. recently let it be known that it was considering allowing the export of encryption stronger than that now permitted, several of our close allies expressed strong concerns that we would be flooding the global market with unbreakable cryptography, increasing the likelihood of its use by criminal organizations and terrorists throughout Europe and the world, and thereby imperiling the public safety in their countries. Ironically, the relaxation of export controls in the U.S. may well lead to the imposition of import controls overseas. The international implications and likely reactions of foreign governments to the U.S. unilaterally lifting such export controls must be fully considered. Given the fact that the use and availability of robust encryption is an issue of concern internationally, it is important to understand what steps other countries are taking to address these concerns. Recently, France, Russia and Israel have established domestic restrictions on the import, manufacturer, sale and use of encryption products, as not to endanger their public safety and national security. The European Union is moving towards the adoption of a key recovery-based key management infrastructure similar to that proposed for use within the United States. This plan, based upon the concept of using a "Trusted Third Party," allows for encryption keys to be escrowed with an independent but non-governmental party, thus allowing for lawful government access to such escrowed key pursuant to proper legal authority. Lastly, we have heard the oft-repeated argument that the "genie is out of the bottle," and that attempts to influence the future use of cryptography are futile. This is simply not true; and we strongly disagree. If strong, key escrow encryption products proliferates both overseas and domestically which will not interoperate (at least in the long-term) with non-key escrow products, then escrowed encryption products will become the worldwide standard and will be used by almost everyone, including the criminal elements, in countries participating in the GII. It is worth noting that we have never contended that a key escrow regime, whether voluntarily or mandatorily implemented, would prevent all criminals from obtaining non-key escrowed encryption products. But even criminals need to communicate with others nationally and internationally, including not just their criminal confederates but also legitimate organizations such as banks. Accessible, key escrow encryption products clearly will be used by most if widely available, inexpensive, easy to use, and interoperable worldwide. In closing, if one considers the broad range of public safety responsibilities that fall upon the law enforcement community, there is only one responsible course of action that we as government leaders must embark upon -- to promote socially#031#responsible encryption products, products that contain robust cryptography but which also provide for timely law enforcement access and decryption -- that is, key escrow encryption. The entire law enforcement community believes not only that the removal of export controls for encryption products that are non#031#law enforcement accessible is unwise, but that such an action would jeopardize our national security and the interests and safety of law-abiding citizens worldwide. We look forward to working with you and your staff on this difficult issue and would be pleased to answer any questions you might have. _________________________________________________________________________ Subject: Freeh Testimony 7/25/96 _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From eli+ at gs160.sp.cs.cmu.edu Thu Jul 25 21:46:41 1996 From: eli+ at gs160.sp.cs.cmu.edu (eli+ at gs160.sp.cs.cmu.edu) Date: Fri, 26 Jul 1996 12:46:41 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <+cmu.andrew.internet.cypherpunks+Ely0=Q200UfA410Gpl@andrew.cmu.edu> Message-ID: <199607260111.SAA11897@toad.com> Hal Finney writes: >I think the best way to approach this problem is to first try to solve >it assuming there are only two robbers rather than 20. Right. Of course, you're implicitly assuming not only that this bunch of bank robbers is rational, but that they're familiar with mathematical induction. :-> -- Eli Brandt eli+ at cs.cmu.edu From markm at voicenet.com Thu Jul 25 22:35:52 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 26 Jul 1996 13:35:52 +0800 Subject: remailer network/winsock remailers In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 25 Jul 1996, Sam Quigley wrote: > It occurs to me that, with the invention of the winsock remailers, we > have the potential to establish a very widespread and distributed network > of part-time remailers. Specifically, it seems like there are a lot of > users who are only connected to the internet for short periods (PPP/SLIP) > or who only have full control over their machines for short periods. > These computers could not normally be used to run remailers as mail > would bounce when the computer/remailer software is down. > > If there were some sort of central registry where winsock (or other > non-permanent) remailers could announce their ability/inability to bounce > mail, email could be forwarded through these temporary remailers on a > dynamic basis. Rather than using a central registry, this could be accomplished by using plan files, mailbots, or, for people who don't have Unix shell access, dynamic web pages. This would make the remailer network much more robust should the central registry be down. I think that running ephemeral remailers would be very useful if remailer software was configured to use them properly. Also, this would be useful for people who may have Unix shell access, but are not allowed to run remailer software. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfgSGrZc+sv5siulAQGMxQP8C4lX6M/BmCsj/wQgl2uIx1Let7mb3gkI AQFUkqTCHu/wihjBMrwmf0IIjv31Lkx1EAOoQFUN3KECoyN1EJGOLeLnWRQU9coH LDjtuEsq4yxXxzq5/TtlSyEs8hgcdkDH8XsrN8QFd8axsmfNGLoBEtRigxCPEKP5 PZQ8BwlLbwc= =VUPL -----END PGP SIGNATURE----- From declan+ at CMU.EDU Thu Jul 25 22:49:23 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 26 Jul 1996 13:49:23 +0800 Subject: When books are outlawed In-Reply-To: <2.2.32.19960725031831.00da51a4@mail.teleport.com> Message-ID: Excerpts from internet.cypherpunks: 24-Jul-96 Re: When books are outlawed by Alan Olsen at teleport.com > Off Our Backs is a PC lesbian magazine. "On Our Backs" is an S&M Lesbian > magazine edited by Suzie Bright. It is not anything resembling PC. (Ms. > Bright does not have a nice oppinion of Dwarkin and her fellow travelers, to > put it mildly.) Susie Bright is wonderful. She sent a copy of her latest book, which I have right here: "Nothing but the Girl: The Blatant Lesbian Image." It's the one I gave Bruce Taylor when he stopped by a few weeks ago. -Declan From dlv at bwalk.dm.com Thu Jul 25 22:56:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 26 Jul 1996 13:56:12 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607251827.AA07862@Etna.ai.mit.edu> Message-ID: hallam at Etna.ai.mit.edu writes: > >That's L25, not 25L. I though Phil was a UK "subject," thus > >I proposed a wager of 25 Pounds Sterling. Clear enough? > > The generaly accepted abreviation is GBP. This is an ISO currency code (also a SWIFT code). SWIFT codes generally coincide with ISO codes, but they have a few extra codes for precious metals (XAU=gold, XAG=silver) which I think aren't in the ISO document. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From harmon at tenet.edu Thu Jul 25 23:03:28 1996 From: harmon at tenet.edu (Dan Harmon) Date: Fri, 26 Jul 1996 14:03:28 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: Message-ID: Humm...... I guess he wants to do some strange things with his body functions. Dan On Thu, 25 Jul 1996, Sandy Sandfort wrote: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > On Thu, 25 Jul 1996, Jerome Tan wrote: > > > Does anyone know how to produce a 7 hertz frequency? > > No, but hum a few bars and we'll fake it. > > > S a n d y > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > From sandfort at crl.com Thu Jul 25 23:06:36 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 26 Jul 1996 14:06:36 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: <01BB7ABB.F7A9E440@Jerome Tan> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 25 Jul 1996, Jerome Tan wrote: > Does anyone know how to produce a 7 hertz frequency? No, but hum a few bars and we'll fake it. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From declan+ at CMU.EDU Thu Jul 25 23:10:15 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 26 Jul 1996 14:10:15 +0800 Subject: [Rant]Re: Shell buys key escrow system from TIS In-Reply-To: <199607251021.GAA33226@osceola.gate.net> Message-ID: Excerpts from internet.cypherpunks: 25-Jul-96 [Rant]Re: Shell buys key es.. by Jim Ray at gate.net > Hmmm. A new meme, "key recovery" is lots better than "key escrow," but > I still wonder if I'm ever gonna see a journalist say, "'GAK,' or Govt. > Access to Keys for cryptography." I seem to remember I quoted you saying just that. :) I would have asked the estimable Freeh a GAKky question, but he flew out the door after this panel ended today... -Declan From hallam at Etna.ai.mit.edu Thu Jul 25 23:21:28 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 26 Jul 1996 14:21:28 +0800 Subject: LIMBAUGH ON TV In-Reply-To: Message-ID: <9607260343.AA08244@Etna.ai.mit.edu> >> The essential humourless of your reply is indicated by your >> failure to realise that my conversion of your 25L into 2 cents >> was satirical. >Oh really? Then how come you at first defended it with your >attempted face-saving "GBP" comment? Because your continued attempts to prop up what is a very silly argument with even sillier ones is a source of amusement. I had not at that point abandoned the satirical mode. Since you can't take a hint and your arguments are now tiresome rather than amusing I'll tell it to you straight: As with Rush I don't have the slightest respect for your mode of argument. You attempt to introduce "proof by wager" as a valid form of argument. You introduce irrelevant factors such whether Rush is richer than I am, something which you have no means of knowing and as it happens I don't know either. I don't know how rich you get by lying to the American public and I haven't the foggiest idea what my portfolio is worth. There are only two levels of wealth "enough" and "not enough". I fall into the first category, Rush Limbaugh and yourself will fall into the latter regardless of how much money you earn. In short your arguments are remarkably similar to those of your hero Rush, fatuous, invalid logic, irrelevant facts and gratuitous insults. I think you are a fool, I think that Rush is a fool and I don't consider that I need prove anything to you. Phill From hallam at Etna.ai.mit.edu Thu Jul 25 23:21:49 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 26 Jul 1996 14:21:49 +0800 Subject: LIMBAUGH ON TV In-Reply-To: Message-ID: <9607260125.AA08079@Etna.ai.mit.edu> >Phill adroitly responded: > >> The moral point is not that there is risk of being caught, it >> is that society has made laws and unless there are exceptional >> circumstances it is a duty to obey those laws. >[Nice try, Phill.] The moral cowardice to which I was referring >had nothing to do with obeying or disobeying a silly law. It had >to do with Phill's citing of same as a craven excuse to neither >admit he was wrong nor to risk anything on the validity of his >pronouncement. Actually the original reply I made was simply one of a number of objections to what is a very silly argument. I could have equally answered that way had you actually proposed a duel or that we "step outside". It is a very silly mode of argument and desrves to be answered in the same manner (if at all). The essential humourless of your reply is indicated by your failure to realise that my conversion of your 25L into 2 cents was satirical. >Phill invokes the classic straw man arguement. What the bet does >do is to test the courage of one's convictions. I think it is >obvious to all where Phill fits into this equation. And precisely what does that demonstrate? We are debating the issue of whether Rush's retreat from TV is a result of failure, or more specifically whether we should believe Rush's spin on the matter. The truth or falsehood of that argument is indifferent to the depth of my belief that Rush is a big fat idiot or not. One of my friends left CERN to join Netscape a few years back. He now worth probably $10 million plus as a result. I don't think that his intelligence relative to Rush was in any way dependent on that decision. He would still be way smarter than Rush either way and Marvin Minsky would be smarter than both. Only guy I have ever met who was super rich who impressed me as an intellectual force was Bill Gates - apart that is from friends who inherited silly amounts of money. Phill From mpd at netcom.com Thu Jul 25 23:26:13 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 26 Jul 1996 14:26:13 +0800 Subject: www.anonymizer.com Message-ID: <199607260353.UAA25540@netcom16.netcom.com> I had occasion to try www.anonymizer.com recently, and noticed that it does not make SSL connections to other Web servers, nor does it seem to accept them from the user. Is there some technical reason for this? If I wish to grep the Web without my browsing habits becoming known to someone monitoring my Net connection, https://www.anonymizer.com with 128 bit encryption would probably be a good thing to connect to. I realize that the anonymizer does perform its stated function quite nicely, namely that of preventing Web sites from collecting information on people who visit them. It just seems that this additional functionality would be useful and not particularly difficult to implement. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From sandfort at crl.com Thu Jul 25 23:32:31 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 26 Jul 1996 14:32:31 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607260125.AA08079@Etna.ai.mit.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Interestingly, Phill responded to my last message with both a private one and a public one. In the private one (which I mistakenly believed was sent to the list), he told me that he was declining the wager. As his reasons, he mentioned that he was not as interested in money as I appeared to be. To which I replied: It's not about the money. Phill knows that, I know that, and so does everyone else. He further chided that I could draw no other conclusions then that he wasn't interested in the wager. I responded: Oh yes I can. And fortunately, so can everyone else. Better a live jackel than a dead lion, right? In Phill's recent public post he said: > Actually the original reply I made was simply one of a number of > objections to what is a very silly argument. I could have equally > answered that way had you actually proposed a duel or that we > "step outside". It is a very silly mode of argument and desrves > to be answered in the same manner (if at all). Notice how Phil again proposes a straw man by making an implicit analogy between trials by combat, and a wager, the outcome of which would turn on the actual outcome of events forecast--in the alternative--by Phil and myself. > The essential humourless of your reply is indicated by your > failure to realise that my conversion of your 25L into 2 cents > was satirical. Oh really? Then how come you at first defended it with your attempted face-saving "GBP" comment? Really, Phill, have you know shame? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Thu Jul 25 23:36:22 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 26 Jul 1996 14:36:22 +0800 Subject: INTERESTING ADS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Today while thumbing through POLICE CHIEF magazine, I saw some ads that have at least peripheral Cypherpunk interest. Two were for mobile communications software/hardware. One even had a Web page (though when I browsed it with lynx, there wasn't anything to see). Both give direct access to NCIC, NLETS, motor vehicle records, local police databases, etc. They both make a point of saying they offer encrypted links. In the words of one, "And unlike conventional radio communications, all transmissions are totally secure and unavailable to eavesdropping perpetrators AND INQUIRING REPORTERS." (My emphasis added.) Cerulean http://www.cerulean.com 508-460-4000 Premier MDT 800-966-7722 for brochure and free demo disk. ^^^^^^^^^ The other ad was for computerized polygraph equipment. It looks like a laptop with input units for respiration, galvanic skin response and blood pressure. It uses something called the "Johns Hopkins Polyscore Analysis Algorithm. US$5,700. Axciton Systems 800-460-2645 S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ichudov at algebra.com Thu Jul 25 23:43:44 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 26 Jul 1996 14:43:44 +0800 Subject: CD Prices and Inflation In-Reply-To: <199607260014.RAA00302@mail.pacifier.com> Message-ID: <199607260310.WAA13233@manifold.algebra.com> buy classical CDs, they are dirt cheap and fun to listen to. if you do not like classics, it most likely means that you just have not found your favorite composer yet. - Igor. From root at edmweb.com Fri Jul 26 00:11:13 1996 From: root at edmweb.com (Steve Reid) Date: Fri, 26 Jul 1996 15:11:13 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > how they plan to split the money: they stay in line, and the first guy > suggests how to split the money. Then they vote on his suggestion. If > 50% or more vote for his proposal, his suggestion is adopted. > Otherwise they kill the first robber and now it is the turn of guy #2 > to make another splitting proposal. Same voting rules apply. I don't know the final outcome, but I do have a couple of observations... - The person at the front of the line, making the suggestion, will always vote for his own proposal, if only to save his own life. This is obvious. - The second-to-last person is in an interesting position. If everyone before him is dead and he gets to the front of the line, he will decide that he gets _all_ of the money for himself. If there's only two people left, his own Yes vote for his own proposal makes 50% and he automatically gets all the money. This is the best possible deal for him. So, I think the second-to-last person will vote No to every proposal except his own, in an effort to force this situation. Now that I think about it, solving this 'game theory' scenario has some parallels to cryptanalysis (disclaimer: I am not a cryptanalyst). By pointing out the above properties, I've removed a couple of 'bits' from the 'search space'. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From dsmith at prairienet.org Fri Jul 26 00:12:30 1996 From: dsmith at prairienet.org (David E. Smith) Date: Fri, 26 Jul 1996 15:12:30 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION Message-ID: <199607260111.UAA24805@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: ichudov at algebra.com, cypherpunks at toad.com Date: Thu Jul 25 20:12:45 1996 > > I forgot to say what the GOALS are. The goals of every individual > cypherpunk are (in from highest to lowest priority): > > 1. Stay alive > 2. Get as much money as possible > 3. Keep as many cypherpunks alive as possible, all other things being > equal. Well, the existence of "3" changes the problem entirely, as does a system of prioritization. Under these rules, Robber 1 would propose an even split, eleven ways, and it would probably be accepted. That keeps a majority alive, and a majority get some money (~2M each). Without that, I'd tend to concur with the other answers (19 & 20 each get $10M). If we have to actually give a damn about each other... :) dave - ---- David E. Smith POB 324 Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail of 'send pgp-key' subject for my PGP public key "I'm only a social smoker, just a few packs a day really" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Automagically signed with Pronto Secure for Windows. iQEVAwUBMfgbozVTwUKWHSsJAQE+jQf+OwCOcoyX9nyMO1ihLr/Jzzqr4c+FXDLl xWsAGKtr9Qr7afzCxeYRMjN5w5wGhSpXcNLa9oXgPlGRV0L2tH9vPvLifHWzzv7K nvOQIC8mBK6O7rbHY8koD6E32D1BQE6SiTRVo3b3L7HOceCIxeT40RvEQfhDKj7B RFaWehB4s1Aw1IdMh2rnIFpwY/vLDRx8/q8vXy6mAugOJmAvdoaeGQfbrKLIWSE0 D3X8F3O7fjQ3dda9oEE3xVhsJoRwuQ/Hcbk2eqrIomeLWSqeQO/OQl/vNHkNMAmX MrkdHNYlXZRhtwHS3mKfcli+iekFLKzXRpyhurUN8g3Ni14Q8I6BSQ== =eaX7 -----END PGP SIGNATURE----- From mpd at netcom.com Fri Jul 26 00:18:22 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 26 Jul 1996 15:18:22 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: Message-ID: <199607260456.VAA01884@netcom12.netcom.com> > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > On Thu, 25 Jul 1996, Jerome Tan wrote: > > > Does anyone know how to produce a 7 hertz frequency? > > No, but hum a few bars and we'll fake it. I'm not sure what this gentleman's application is. If I wanted a 7 hz signal, I would take my handy dandy programmable digital signal generator, press the "sin" button, and punch in "7" on the numeric keypad. Am I missing something here? -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From tcmay at got.net Fri Jul 26 00:22:51 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 15:22:51 +0800 Subject: CD Prices and Inflation Message-ID: At 1:14 AM 7/26/96, jim bell wrote: >At 05:06 AM 7/26/96 -0700, Timothy C. May wrote: >>So, while I "wish" CD prices were even lower, I'm paying a lot less in >>"real dollars" for more music today than I was paying 15 years ago or 30 >>years ago. > >I think you're trying to hide a 5-year effect by immersing it in 30 years of >change. Yes, we've had inflation, but the large spurt of post-Vietnam >inflation was basically over by about 1983, when the CD was introduced. At No, I'm not "trying" to hide anything. What I said is what I meant: CDs today offer more music/dollar than LPs did in 1967. And, in 1975. And, in 1983. (In 1983 I bought my last "audiophile" LP, a direct-to-disk half-speed-mastered album that cost me something like $12.) The complaint that CD prices have not fallen faster than some would like, since 1983, is a different kettle of fish from what my point was, that CD prices in 1983 or in 1996 are a better "deal" than LPs were in the period I described. As for prices not dropping, if customers stopped buying, prices would drop very rapidly. That they are not, and that "mega-stores" are sprouting up all over place tells us that CD sales are exploding. Finally, and most convincingly, nothing in U.S. law prevents Jim Bell or anyone else from setting up his own CD company and undercutting the prices of the Biggies. Hey, if you think you can supply CDs to customers for a lot less money, go for it! --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Fri Jul 26 00:39:59 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 26 Jul 1996 15:39:59 +0800 Subject: Cyber Rights Non! -- French Net-Censorship Message-ID: Date: Thu, 25 Jul 1996 20:38:22 -0500 To: fight-censorship-announce at vorlon.mit.edu From: declan at well.com (Declan McCullagh) Subject: FC: Cyber Rights Non! -- French Net-Censorship Sender: owner-fight-censorship-announce at vorlon.mit.edu Attached is a portion of the lead article from today's HotWired on the French government's net-censorship. I'm pleased to say I just received word from a French correspondent that the French "Conseil Constitutionnel" has blocked the part of the law creating "Le Conseil Sup�rieur de la T�l�matique" to decide what should be blocked online. (From what I've been able to gather, that court reviews laws to ensure they're constitutional. On June 27, the Conseil heard arguments from senators that the law violated articles of the French constitution.) I have more on other international net-censorship attempts at: http://www.eff.org/pub/Global/Dispatches/ http://www.cs.cmu.edu/~declan/international/ -Declan ----------------------------------- Read the full article at: http://www.netizen.com/netizen/ HotWired The Netizen Cyber Rights Non! by Jerome Thorel Paris, 24 July Early last month, at a time of day when typical netsurfers are just hitting their mouse-clicking stride - around 3:30 in the morning - the French Senate voted on the final version of the new Telecommunications Regulation Act. A little-remarked section of the act, introduced as an amendment a few days before, represents the French legislature's first plunge into the digital ocean. It creates a kind of administrative oversight of Internet speech, Web sites, and online services. The law's effect is to create a council - le Conseil Sup�rieur de la T�l�matique (CST) - to dictate or arbitrate guidelines regarding Internet content. It turned out, however, that the move by Telecommunications Minister Fran�ois Fillon, sponsor of the French Telecom Act, was a little hasty. France had been shaken this spring by two investigations into pedophilia and Holocaust revisionism (both considered crimes in France) on the Internet. For months, Fillon had promised French Internet service providers that they would no longer bear responsibility for the content they transmit. The law does settle that question. But no one imagined that this guarantee would include as its condition the creation of the CST. To be safe from indictment, ISPs will be obliged to follow CST's guidelines - a policy typical of France's strong tradition of centralized administration. [...] The French Net-regulation bill became law on 7 June - the same week that US federal judges declared the Communications Decency Act unconstitutional.... [...] Jerome Thorel, a Paris-based freelance reporter, writes frequently about technology and society. Andy Oram, in Cambridge, Massachusetts, contributed to this article. ------------------------------------------------------------------------- fight-censorship is archived at http://fight-censorship.dementia.org/top/ From alano at teleport.com Fri Jul 26 00:41:31 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 26 Jul 1996 15:41:31 +0800 Subject: Produce 7 Hertz Frequency Message-ID: <2.2.32.19960726050051.00dc1a50@mail.teleport.com> At 08:18 PM 7/25/96 +0800, Jerome Tan wrote: >Does anyone know how to produce a 7 hertz frequency? Find an establishment that deals in peircing equiptment. Ask him to give you a "Prince Albert". This will give you the tone you seek. (You will also never lose your carkeys again.) You may need a tesla coil for repeated tones. Enjoy! --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From sandfort at crl.com Fri Jul 26 00:45:24 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 26 Jul 1996 15:45:24 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607251827.AA07862@Etna.ai.mit.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 25 Jul 1996 hallam at Etna.ai.mit.edu further weaseled: > How about hard currency? I prefer Swiss francs (CHF). Good idea, Phill. But wait; when I wrote: > >If Phil really believes he and I are at any credible legal risk > >for a making such a personal wager, he is a fool. If he really > >knows better (my best guess), then he is intellectually dishonest > >and a moral coward. Phill adroitly responded: > The moral point is not that there is risk of being caught, it > is that society has made laws and unless there are exceptional > circumstances it is a duty to obey those laws. [Nice try, Phill.] The moral cowardice to which I was referring had nothing to do with obeying or disobeying a silly law. It had to do with Phill's citing of same as a craven excuse to neither admit he was wrong nor to risk anything on the validity of his pronouncement. > I don't argue against breaking laws which are immoral, indeed > I am still refusing to pay a Poll tax bill from the UK despite > the fact that the amount outstanding is inconsequential. Then his only stated objection to taking the bet has been removed. Why do I doubt he will have the 'nads to take my generous wager? > You sound like an 18th century fop challenging someone to a duel. No, I am challenging Phill to benefit or lose based on his beliefs. > I do not believe that Aristotle listed "challenging to a bet" > as one of his modes of reason. Phill invokes the classic straw man arguement. What the bet does do is to test the courage of one's convictions. I think it is obvious to all where Phill fits into this equation. Phill, can I assume then, that your answer to my proposed wager is "no thank you"? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From JonWienk at ix.netcom.com Fri Jul 26 00:46:23 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Fri, 26 Jul 1996 15:46:23 +0800 Subject: Defeating "Perp Profile" Analyses Of Written Materials In-Reply-To: <01I7GBFL287694F9CD@delphi.com> Message-ID: <199607260508.WAA08515@dfw-ix4.ix.netcom.com> On Wed, 24 Jul 1996, JMKELSEY at delphi.com wrote: >I wouldn't count on even heavily-chained anonymous remailer messages >to protect my identity from moderately wealthy and determined >attackers, if I did many anonymous posts. Writing style and topic >alone may narrow the suspect list down to a manageable number. There is an easy way to defeat psycholinguistic analysis techniques used by LEA's to profile perps. Buy a translation program, (such as Globalink's Spanish Assistant) use the program to translate the text to Spanish, (or any other language) and then use the program to translate the foreign language text back to English. The baselines of word choice, grammatical structure, etc. will be shifted to reflect the biases of the program rather than the biases of the writer. As an example, I will use the entire text of this message as a demonstration. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB [Begin Spanish Translation] En Casa, 24 Jul 1996, JMKELSEY@ [delphi.com] escribi�: "no hago cuento con mensajes del [remailer] iguales muy-encadenado an�nimos proteger mi identidad de asaltadores algo adinerados y determinados, si hac�a muchos postes an�nimos. Estilo de la escritura y tema solo estrechar�a la lista del sospechoso a un n�mero manejable." Hay una manera f�cil derrotar t�cnicas del an�lisis del [psycholinguistic] us� por LEA perfilar [perps]. Compra una traducci�n programa, (tal como el Spanish Assistant de Globalink) usa el programa traducir el texto a espa�ol, (o cualquier otro idioma) y entonces usa el programa traducir el texto del idioma extranjero retrocede a ingl�s. El [baselines] de opci�n de la palabra, estructura gram�tica, etc. se cambie reflejar los sesgos del programa en lugar de los sesgos del escritor. Como un ejemplo, usar� el texto entero de este mensaje como una demostraci�n. Jonathan Wienke �" 1935 bajar� en historia! �Por la primera vez una naci�n civilizada tiene registro del arma lleno! Nuestras calles ser�n m�s seguras, nuestro polic�a m�s eficaz, y el mundo seguir� nuestra primac�a en el futuro!" --Adolf Hitler " 46. El EE.UU. gobierno declara una prohibici�n en la posesi�n, venta, transportaci�n, y transfiere de todo arma de fuego no-deportivos. .Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --Las 29 Palmas Combaten [http] del Estudio de los Brazos:// www.ksfo560.com/ Personalidades/ Palms.htm �1935 Alemania= 1996 EE.UU.? Huella digital importante= 30 F9 85 7F D2 75 4B C6 AC 79 87 3D 99 21 50 CB [Begin English Translation of Spanish Text] At home, 24 Jul 1996, JMKELSEY@[ [delphi.com]] he/she/it/you wrote: "I don't make have messages of the[ [remailer]] equal very-chained anonymous letter protect my identity of attackers something wealthy persons and certain, if I/he/she/it/you did many anonymous posts. Style of the writing and alone topic would take in the list of the suspect to a governable number." There is an easy way defeat technical of the analysis of the[ [psycholinguistic]] he/she/it/you used for I/he/she/it/you READ profile[ [perps]]. You/he/she/it buy a translation you/he/she/it program, (as the Spanish Assistant of Globalink) you/he/she/it use the program translate the text to Spanish, (or any another language) and you/he/she/it then use the program translate the text of the foreign language you/he/she/it go back to English. The[ [baselines]] of option of the word, grammatical structure, etc. I/he/she/it/you am changed to reflect the biases of the program instead of the biases of the writer. Like an example, I will use the text I find out this message like a demonstration. Jonathan Wienke " 1935 will lower in history! For the first time a civilized nation has registration of the full weapon! Our streets will be surer, our more effective police, and the world will continue our primacy in the future!" --Adolf Hitler " 46. The USA gobierno declara una prohibici�n en la posesi�n, venta, transportaci�n, y transfiere de todo arma de fuego no-deportivos. .Consider [the following statement]: I [would fire] U.S [upon]. [citizens who refuse or resist confiscation of firearms banned by] U.S [the]. [government]." --The 29 Palms Combat[ [http]] of the Study of the Arms:// www.ksfo560.com/ Personalities/ Palms.htm 1935 Germany= 1996 USA? Important fingerprint= 30 F9 85 7F D2 75 4B C6 AC 79 87 3D 99 21 50 CB [Begin Follow-Up Comments] Obviously, the technique is crude, (translation software on autopilot works in mysterious ways) but it ought to be used by anyone wishing to anonymously communicate. To really work properly, the original message should be worded so that the translator program understands all of the words in the message (none of the words are bracketed and left untranslated). Otherwise, an analysis of untranslated words can be made. The subject matter, etc. can still be studied, but at least most conventional profiling techniques are rendered orders of magnitude more difficult by this process. Perhaps this could be a value-added fee-for-service option for remailer operators? (Using ecash for payment, of course.) From declan at well.com Fri Jul 26 00:57:14 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 26 Jul 1996 15:57:14 +0800 Subject: Princeton University muzzles students Message-ID: Date: Thu, 25 Jul 1996 20:33:38 -0500 To: fight-censorship+ at andrew.cmu.edu From: declan at well.com (Declan McCullagh) Subject: Princeton University muzzles students, from HotWired Sender: owner-fight-censorship at vorlon.mit.edu Kudos to Brock for writing about Princeton University's attempt to muzzle student online speech -- by citing IRS regulations. Sure, Princeton isn't bound by First Amendment strictures since it's not a state university and there is no state action. Nevertheless, it should abide by the fundamental and long-standing principles of academic freedom. Especially as a supposedly leading institution of higher education, Princeton should stand head and shoulders above the rest in fighting for free expression on its campus. To its shame, it didn't. The university attorneys should have at least read the two relevant IRS revenue rulings (they didn't) before announcing such a restrictive policy. And this isn't the first overbroad censorial policy that Princeton has on the books. Carl Kadie comments on another one at: gopher://gopher.eff.org:70/00/CAF/policies/princeton.edu.critique The Justice on Campus Project (http://joc.mit.edu/) has similar info. When Princeton administrators claimed they followed the letter of the law, in truth they used the law as an excuse to muzzle their students. -Declan ----------------- Read the full article at: http://www.netizen.com/netizen/96/30/campaign_dispatch3a.html HotWired The Netizen Poison Ivy Campaign Dispatch by Brock N. Meeks Washington, DC, 24 July Princeton University is apparently prohibiting students from exercising their First Amendment rights by going after folks who set up Web pages in support of presidential candidates, Dispatch has learned. Princeton launched its preemptory strike against free speech on 19 July in a statement issued by its general counsel's office, which warns that a violation of the school's policy against politicking "will result in appropriate disciplinary action." [...] Small problem: the IRS disagrees. Although there is no direct IRS ruling involving the use of a university's computer resources by its faculty, staff, or students to set up political Web pages, agency spokesman Wilson Fadely said there are two previous rulings "that may apply." The first deals with a student newspaper that directly endorsed one candidate for office over another. Despite the fact that the newspaper was published with university resources, "that was deemed not to be intervention," Fadely said. [...] So where does Princeton get off riding its tax-exempt hobby horse as a de facto means to trample free speech? "No comment at this time," said Howard Ende, a Princeton attorney and co-author of the 19 July statement. When informed of the IRS rulings, Ende's reply was an enigmatic, "Oh, really." [...] The one saving grace of the scenario is the perverse pleasure one can take in realizing that an elitist Ivy League school is so anal-retentive that it makes the IRS look reasonable. Go figure.... From farber at central.cis.upenn.edu Fri Jul 26 01:09:54 1996 From: farber at central.cis.upenn.edu (farber at central.cis.upenn.edu) Date: Fri, 26 Jul 1996 16:09:54 +0800 Subject: IP: NSA RESPONSE TO KEY LENGTH REPORT Message-ID: <21a.193396.40@iac-online.com> Message-ID: <2.2.32.19960718184201.0070667c at linc.cis.upenn.edu> Date: Thu, 18 Jul 1996 12:04:27 -0400 From: Matt Blaze July 18, 1996 There is currently being circulated, to members of Congress and possibly elsewhere, a four page document entitled ``Brute-Force Cryptanalytic Attacks'' that calls into question some of the conclusions of the ``Minimum Key Lengths for Symmetric Ciphers'' white paper [1]. The document bears no author or organization attribution, but we are told that it originated from NSA. The NSA document argues that ``physical realities'' make parallel key search much more expensive and time consuming than our white paper estimated. However, the NSA document appears to have been written from the perspective of general parallel processing or cryptanalysis rather than exhaustive key search per se. It ignores several elementary principles of parallel processing that apply specifically to exhaustive key search machines of the type that our white paper considered. In particular, NSA argues that interconnections, heat dissipation, input/output bandwidth, and interprocessor communication make it difficult to ``scale up'' a key search machine by dividing the task among a large number of small components. While these factors do limit the scalability of more general purpose multiprocessor computers (such as those made by Cray), they do not apply at all to specialized exhaustive key search machines. The NSA argument ignores the most fundamental feature of brute-force key search: the processors performing the search have no need to communicate with other components of the system while they perform their share of the search, and therefore the system has no need for any of the global interconnections that limit scaling. Indeed, there is no reason that all the components of a parallel search machine must be located even within the same city, let alone the same computer housing. We note that one of our co-authors (Eric Thompson, of Access Data, Inc.) designs and builds medium-scale FPGA-based key search machines with exactly this loosely-coupled structure, and regularly uses them to recover keys for clients that include the FBI. The NSA document also calls into question our cost estimates for ASIC components, suggesting that ASIC chips of this type cost NSA approximately $1000.00 each. However, our $10.00 per chip estimate is based on an actual price quote from a commercial chip fabrication vendor for a moderate-size order for an exhaustive search ASIC designed in 1993 by Michael Wiener [2]. Perhaps NSA could reduce its own costs by changing vendors. Finally, the NSA report offers estimates of the time required to perform exhaustive search using a Cray model T3D supercomputer. This is a curious choice, for as our report notes, general-purpose supercomputers of this type make poor (and uneconomical) key search engines. However, even the artificially low performance results for this machine should give little comfort to the users of 56 bit keys. According to NSA, 56 bit keys can be searched on such a machine in less than 453 days. ``Moore's law'' predicts that it will not be long before relatively inexpensive general-purpose computers offer similar computational capability. /s/ Matt Blaze Whitfield Diffie References: [1] Blaze, M., Diffie, W., Rivest, R., Schneier, B., Shimomura, T., Thompson, E., and Wiener, M. ``Minimum Key Lengths for Symmetric Key Ciphers for Commercial Security.'' January 1996. Available from ftp://ftp.research.att.com/dist/mab/keylength.txt [2] Wiener, M. ``Exhaustive DES Key Search.'' Presented at Crypto-93, Santa Barbara, CA. August 1993. ========================================================================= [Transcription of document circulated to various members of congress and others in June, 1996, apparently by NSA] BRUTE-FORCE CRYPTANALYTIC ATTACKS Two published theoretical estimates of cost versus time to perform brute-force hardware attacks on selected cryptography key lengths differ between themselves and differ significantly from what we find when we buy or build computers to carry out such attacks. The differences lie in assumptions made in the theoretical estimates, which are not fully spelled out by the authors, and in scaling up hypothesized small machines to ever larger ones without accounting for physical realities. The factors not accounted for are: o R&D costs for the first machine, typically on the order of $10 million. o As more and more chips are added to a machine, two effects occur: o Interconnections increase and increase running time; o Heat from the chips eventually limit [sic] the size of a machine. o Memory costs are not included. o When get [sic] to the very fast processing speed estimates, machines can become Input/Output bound; so [sic] it cannot achieve the estimated speed. o Assuming every algorithm can be tested in same amount of time and key length is the only difference. Table 1 are [sic] the average time estimates made for a given cost done by Michael Wiener of Bell Norther Research in 1995. These are published in Bruce Schneier's Applied Cryptography book. Note that these are average times, one-half of the total exhaust time. Table 2 are [sic] the estimates for total exhaust times using Field Programmmable Gate Arrays (FPGA) and Application Specific ICs (ASICs) done for the Business Software Alliance by Blaze, Diffie, Rivest, Schneier, Shimomura, Thompson, and Wiener in 1996. In addition to the above factors not accounted for they have assumed ASICs cost as low as $10. We find ASICs more typically cost $1000 and their capabilities can vary considerably depending upon the specific task. Table 3 are out estimates based on our experience with a Cray T3D supercomputer with 1024 nodes. This machine costs $30 million. [Tables 1, 2, and 3 not transcribed here.] From declan at well.com Fri Jul 26 01:13:53 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 26 Jul 1996 16:13:53 +0800 Subject: Fireworks expected, missed at Senate crypto hearing Message-ID: Date: Thu, 25 Jul 1996 21:05:31 -0500 To: fight-censorship+ at andrew.cmu.edu From: declan at well.com (Declan McCullagh) Subject: Fireworks expected, missed at Senate crypto hearing Sender: owner-fight-censorship at vorlon.mit.edu Precedence: bulk Contrary to the Reuters report excerpted below, there weren't any fireworks at today's ProCODE crypto hearing before the full Senate Commerce committee -- at least during the first panel when the spooks testified. (I skipped out before the second, which had industry folks.) Just more of the same, though we heard less about child pornographers and more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the committee staff for leaning too far *away* from national security interests in their summary of the legislation. Most amusing point: Sen. Larry Pressler waved a copy of the floppy with the _Applied Cryptography_ source and couldn't remember what it was called. "Um, I can't export, um, this, um," he mumbled. "Cassette," he decided it was. (Even his committee staffers smirked at that.) The FBI's Louis Freeh kept mouthing the same tired old line: "No reasonable person can envision a lawless information superhighway. It was never meant to be that. We need cops there, as we need them elsewhere. The problem is the proliferation of unbreakable encryption." He said it's "not too late" to stop the spread. After the first panel ended, a gaggle of a half-dozen camera crews waylaid Freeh in the hallway outside. The FBI director fled down the stairs. The crews split into teams. Half took the elevator and half pursued on foot. Downstairs, Freeh shot through the security checkpoint into the safety of a waiting Chevy Suburban. Why were they dogging the guy? They didn't care about crypto -- they wanted a comment about the TWA flight, and Freeh wasn't talking. He didnt' mention it at all during the hearing... -Declan -------------------- Fireworks Expected at Encryption Hearing July 25, 1996 WASHINGTON (Reuter) - After sailing through two quiet subcommittee hearings, a bill to relax restrictions on computer encoding faces a much choppier ride before the full Senate Commerce Committee on Thursday. The committee will hear from some of the Clinton administration's big guns on crime and national security, including FBI Director Louis Freeh and William Crowell, deputy director of the National Security Agency. Software manufacturers and some in Congress argued at earlier hearings that current export restrictions on encryption programs -- which code and decode information -- cost American companies billions in lost sales overseas. [...] Senate bill 1726, the Promotion of Commerce Online in the Digital Era Act of 1996, would abolish most export restrictions and prohibit mandatory key escrow. Vice President Al Gore told reporters at a press conference July 12 that the proposal, known as the ``pro-code'' bill, is ``unacceptable.'' [...] Clinton administration officials have said they favor less radical reform. Officials are expected to reject the conclusions of a study released in May by the National Research Council. The council concluded that encryption export restrictions should be relaxed and rejected key escrow as unworkable. [...] From sandfort at crl.com Fri Jul 26 01:25:56 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 26 Jul 1996 16:25:56 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607260343.AA08244@Etna.ai.mit.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 25 Jul 1996 hallam at Etna.ai.mit.edu wrote: > ...Since you can't take a hint and your arguments are now > tiresome rather than amusing I'll tell it to you straight: But I have made no arguments. I have merely proposed a wager. > As with Rush I don't have the slightest respect for your mode > of argument. Again, no argument was offered only a wager. (Phill's respect for my "mode of arguing" is certainly irrelevant to me as I imagine it is to the bulk of readers of this list.) > You attempt to introduce "proof by wager" as a valid form of > argument. This straw man was previously addressed. No one but Phill has suggested that wagers are a form of proof. (If you can quote me as suggesting otherwise, Phill, I'd be happy to explain to you where you've gotten it wrong.) > You introduce irrelevant factors such whether Rush is richer > than I am,... Apparently, Phill has lost track of which member of his enemies list made which statements. I, of course, never mentioned Rush's wealth one way or the other. > In short your arguments I made none. Phill should check his facts. > are remarkably similar to those of your hero Rush, Rush is not my hero. I never said he was. Phill should check his facts. > fatuous, invalid logic, irrelevant facts and gratuitous insults. > I think you are a fool, Res ipsa loquitur. > I think that Rush is a fool and I don't consider that I need > prove anything to you. True, but without meaning to, Phill has proven quite a lot about himself right here in front of god and everybody. It ain't a pretty picture is it? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From furballs at netcom.com Fri Jul 26 02:02:58 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Fri, 26 Jul 1996 17:02:58 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: <01BB7ABB.F7A9E440@Jerome Tan> Message-ID: On Thu, 25 Jul 1996, Jerome Tan wrote: > Does anyone know how to produce a 7 hertz frequency? > > Well, you can pick up most any project book that deals with 555 IC timers and there is some kind of circuit there dealing with frequency counting or generating. The question really is how strong a signal do you want ? ...Paul From hallam at Etna.ai.mit.edu Fri Jul 26 02:03:15 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 26 Jul 1996 17:03:15 +0800 Subject: LIMBAUGH ON TV In-Reply-To: Message-ID: <9607260443.AA08500@Etna.ai.mit.edu> >Res ipsa loquitur. prospe tibi ut galia in tres partes dividaris. From AwakenToMe at aol.com Fri Jul 26 02:03:28 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 26 Jul 1996 17:03:28 +0800 Subject: Apps: Unix for Windows 95 Message-ID: <960726004007_164494871@emout19.mail.aol.com> unix doesnt have to be $$$$$$$$ you can pick up a shareware version of unix (all the power features in it) called linux. Info magic sells nice cd sets. Goto your local microcenter... or search the net for linux (warning..about 80 googleplex hits will come up hehehe) From tcmay at got.net Fri Jul 26 02:56:16 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 26 Jul 1996 17:56:16 +0800 Subject: Produce 7 Hertz Frequency Message-ID: At 4:56 AM 7/26/96, Mike Duvos wrote: >I'm not sure what this gentleman's application is. If I wanted >a 7 hz signal, I would take my handy dandy programmable digital >signal generator, press the "sin" button, and punch in "7" on >the numeric keypad. > >Am I missing something here? What does "sin" have to do with the number 7? Oh, you must mean the movie "Se7en," in which the Se7en deadly sins were central to the plot. I get it. The seven deadly sins are the seven deadly hurts. (Cos I know about sin.) Ironic that the original message was from Jerome Tan, eh? Someone must've trigged this whole thread. I fear we're going in circles. "Kenneth, what is the frequency?" --Dan Rather Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From wombat at mcfeely.bsfs.org Fri Jul 26 02:58:24 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 26 Jul 1996 17:58:24 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: Message-ID: > On Thu, 25 Jul 1996, Jerome Tan wrote: > > > Does anyone know how to produce a 7 hertz frequency? > > No, but hum a few bars and we'll fake it. > I am. 7 hertz is sub-audible. :) > > S a n d y > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > From root at adam.sp.org Fri Jul 26 02:59:38 1996 From: root at adam.sp.org (Phillip) Date: Fri, 26 Jul 1996 17:59:38 +0800 Subject: Distributed DES crack In-Reply-To: <199607242028.NAA20103@well.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Has anyone thought of asking RSA, etc, for help? If DES falls (so to speak) it yould make thare product more desirable. - -------------------------------------------------------------------------------- Death come but once in a lifetime. - --------------------------- ----------------------------------- pj22298 at xx.acs.appstate.edu http://xx.acs.appstate.edu/~pj22298 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfhlOQxVIXeuPUw9AQEY6gf+MTSvOvj8tZQchTepFPkcNl0DoQOE6BrV Lps7VavbNrB+IJsTalpYUDOaqKk85KfWPjx8aDNmQ6sVAm/oqfc18SMqTak4A8gy 7U44/o3IPWWKY/FOqE3Q/9Nv5+hjv1OSVRE7sRWEf6Q8t+/RYz8GcTT19F5FDRJF MwralsFzvDdBCZCI6fLdL5a3TKufnqt90y6hZWlAssYtTG0VMWl+AXVw52mIpOru tI+utLOJD7mYMza+8C1m2NVrx7krYAFXTB4Qzr5UwaSWYF7aVwddiKNLHvYalihO 4siYxOAIl543rhS3gHDUrNeEsDov/OiaL9XVYuF7+tyyPT+Ej+oRSA== =F9z3 -----END PGP SIGNATURE----- From david at sternlight.com Fri Jul 26 03:01:09 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 26 Jul 1996 18:01:09 +0800 Subject: Freedom, crypto, and terrorism In-Reply-To: <2.2.32.19960725212455.006a3bf8@pop1.jmb.bah.com> Message-ID: At 2:24 PM -0700 7/25/96, Charley Sparks wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >I forget who said " The price of freedom is eternal vigilance" but it >applies to threats both foreign and domestic. This includes the government. >I trust no one absolutely. And I among many others have helped to pay for >what freedom we have left. >( He said, in a movin' to Idaho kinda way ) It was "Eternal vigilance is the price of liberty." I have just revised my views on the topic of freedom, crypto, and terrorism as a result of reading Benjamin Netanyahu's new book (a few months old) on terrorism and what the West can do about it, in one sitting. The book was written before he became Prime Minister. So as not to start a flame war here, let me just say that no intelligent person can discuss this subject without having read Netanyahu's book. It should be required reading for every American. No--I'm not going to say what my views now are. Let me just say that in about 150 very closely reasoned pages, with lots of both historical and current evidence, Netanyahu has brought me around totally in support of his views and his prescription for the United States--and I understand much better now why his positions on Israeli policy are directly in the vital interests of the United States. Readers wishing an explanation for certain recent US policies, as well as a guide to likely future ones will benefit from this book, whose influence has reached the highest circles of US leadership. Informed readers will know what I mean. Those who aren't should become so informed by reading the book. I would be happy to entertain a discussion of the book via private e-mail with those who have read it. David From david at sternlight.com Fri Jul 26 03:28:37 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 26 Jul 1996 18:28:37 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <199607252305.QAA06996@jobe.shell.portal.com> Message-ID: At 4:05 PM -0700 7/25/96, Hal wrote: >I think the best way to approach this problem is to first try to solve >it assuming there are only two robbers rather than 20. Then once you >have that figured out, try it for three, then four, and so on. Keep in >mind that 50% support is enough for a proposed distribution to pass, you >don't need a strict majority. > Exactly. I arrived at the solution the same way. Note that there is another assumption needed--that the selection of a proposer is by lot at each new stage. If the ordering of proposers is known in advance, a different solution results. A further assumption is that a certainty gain of 1/n of the total sum is preferred to a 1/n probability of gaining the entire sum and a (1-1/n) probability of gaining nothing.. David From shamrock at netcom.com Fri Jul 26 03:30:52 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 26 Jul 1996 18:30:52 +0800 Subject: Distributed DES crack Message-ID: At 10:30 7/23/96, Matt Blaze wrote: >My estimate is that an FPGA-based machine that can do a single DES key >every four months (eight months to exhaust the whole keyspace) could >be built with off-the-shelf stuff for comfortably under $50k (plus >labor, plus software development costs). A prototype board should cost >under $1000 and will help prove the concept and get a more accurate cost >estimate. I expect to build such a prototype machine myself, and, if it >works as I expect, maybe the whole thing. I am willing to financially contribute to the project. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From stewarts at ix.netcom.com Fri Jul 26 03:32:27 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 26 Jul 1996 18:32:27 +0800 Subject: www.anonymizer.com Message-ID: <199607260639.XAA21189@toad.com> At 08:53 PM 7/25/96 -0700, mpd at netcom.com (Mike Duvos) wrote: >I had occasion to try www.anonymizer.com recently, and noticed >that it does not make SSL connections to other Web servers, nor >does it seem to accept them from the user. > >Is there some technical reason for this? If I wish to grep the >Web without my browsing habits becoming known to someone >monitoring my Net connection, https://www.anonymizer.com with 128 >bit encryption would probably be a good thing to connect to. I suspect the primary reason is "that takes work we haven't done yet" rather than anything more cryptographic :-) However, there are a couple of theoretical problems with doing it as well. 0A) Suppose You and Webserver are secure by definition (because otherwise you're hosed anyway....) 0B) Let -s- denote an SSL connection and --- denote a non-SSL connection. 0C) A connection from You-s-Webserver is as secure as SSL. 1) A connection from You-s-Anonymizer-s-Webserver is less secure, because any flaw or breakin or dishonesty or compromise of the Anonymizer compromises the security of your connection. 1A) You may get ripped off or arrested if the Anonymizer's compromised 1B) The Anonymizer may be liable if you get ripped off through it. 2) An SSL connection may carry a certain amount of indentification data across it (I'm speculating a bit), which isn't really what you want in an Anonymizer. 3) A connection You-s-Anonymizer-s-Webserver may not always work the same as You-s-Webserver, because the latter may make assumptions about the connection that don't hold with the former. 3A) Of course, that's also true with non-SSL connections*, but there's less likely to be money riding on the deal. 3B) In particular, there may be different identification data passing across the Anonymized connection than the non-Anonymized. 3C) You may trust the Anonymizer and not the Webserver, or vice versa, and SSL probably isn't designed to do both correctly. 3D) The Webserver may trust the Anonymizer and not You, or vice versa, and SSL probably isn't designed to handle those correctly either. 4) The Anonymizer may have different encryption types/strengths than You or the Webserver. 4A) If You only do 40-bit RC4 and the Anonymizer can do 3DES, the Webserver may think it's got a secure connection when your end is weak - especially a problem if the Anonymizer is a popular wiretap target. This can be remedied by having the Anonymizer only make https: connections to Webservers at the same strength as its connection to You, which either requires annoyingly complex programming (bad) or a cheap hack like running several Anonymizer servers, one with wimpy encryption and one with strong encryption. 4B) If You have a strong crypto connection to the Anonymizer and the Webserver only has wimpy RC4/40, there isn't any good way for the Anonymizer to tell you about it - so your browser may be happily telling you it's got a two-toothed 3DES/RSA-2048 connection while it's really just RC4/40/RSA-512. 4B1)And that happy Java+JavaScript application your browser is running can check that it's got the MachoCrypto flag set and send your credit card number and Secret Plans to the Secret Plan Evaluation Service Website, which is a Bad Move... 4B2)Maybe you could program the Anonymizer to check out https:URLs to see what kind of crypto they support, and return anonymizered URLs that use the different-strength Anonymizers referred to in 4A. Not sure this would always work. 5) The extra RSA encryption from using SSL would probably cause a non-trivial amount of extra load for the anonymizer machine. Summary: Having said all that, I'd probably still like to have it. <<<<>>>> * Frames, for instance, do bizzare things when anonymized, at least with Netscape 3.0b5. Frames are, of course, _evil_, and are banned by the CDA, and anyone who uses them should be flamed mercilessly and forced to use Lynx on a 24x80 monochrome display until he or she repents and sees the error of their ways, and if that doesn't work they should be exiled to AOL with only Microsoft Word Internet Assistant. But that's a flame for another day.... <<<<>>>> # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From root at adam.sp.org Fri Jul 26 03:43:16 1996 From: root at adam.sp.org (Phillip) Date: Fri, 26 Jul 1996 18:43:16 +0800 Subject: Brute-forcing DES In-Reply-To: Message-ID: -----BEGIN PGP MESSAGE----- Version: 2.6.2 owGtkVtIFFEYxzWxcFpEC+kG8iWoRM4ublctyygjszTRstpsOc18uzvteM465+yO G3SDiOwC2U17EMJuD6EgERoEBZFF5otUdDGEHiIrMqIoJauz6ksR0UMf52G+OfP9 /v//N/XxaQmJcblfPU2OjbPttoJ1BfHxSCeNpNa29tWmTfx29VVXY/PWG5VZex1Z avK+896Ly5V7nxoLTwwnOA7aL+oPv542OI+eGjQyk8tXD1z/MuzIf3f3vnJyanxK 5ftS/6Gjb0rYJvfEjQVPHx+LVP0o29NeviXzx/yh0z0p0/JOdF9tSI7cvrO0Oevt g9Sd5XO/Bs/0rstMAdcIJhQ/HrjSfniwN30Cv55b3DO8/aWx29u97+P5pmO84cK9 iraO/uxFru/Luj8od0u+9TnPJh6Z2Tq96BG0b05vm2F2DRb2X96f0dlCk+eUed+d q34WfeJSUjtvjUQP2J+vjby/2Z92aUFieuNQkZpAV9Z3TH045czzrobJ21qOdziG Wid82ZHIhW7QOFllFKpQzwH3fFgbNiE3L29hDlQGEFZhxCBUgG0xgfmK4qkoLd5Q rSwDeaoQiMkZUEQdBAOi6xZyDkLO1YaRC4NRYL7RXmM6giE4mj4nSA0uQLOiIWFQ v3wtYTaj2VKGWUF5L8mjUAJ+xnSwSTTGFxIJXvnAUbJ8YCMESESaoPJwGy1vDviY JWEEKKNqkDKbQsgkBhVYJ4AIQbSgU1kfhTDV0eKCUD1mYNzjqqIKGciPliG7GvDw EKgg8/EwQg1CNRixbERIw+CtKivNrvQqMcMSLOdMsF1slGMZ/oCAIEadY3sCVR1f Y2xpEoARtIBpWtji4LNYDZhMxpB0YsqoHHZglFF9LLu0CHLYjLGSklQVVlsG6pah BaDUQLGLawEck5nlcS9YkrtmlqdEUdT/XErGCrCIbjCiCUN61WTkAOGAsaiIVDam TzXlFXdmwF/14df6F/HQTrfbnbe4sK7OSTTuJKGQ/HUCnaiHf6MFhAjlu1x/+NC1 Z5yi/AQ= =qi1D -----END PGP MESSAGE----- From david at sternlight.com Fri Jul 26 03:46:54 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 26 Jul 1996 18:46:54 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net> Message-ID: At 3:55 PM -0700 7/25/96, Erle Greer wrote: >At 09:09 AM 7/25/96 -0500, you wrote: >>Here's a puzzle for our game theorists. >> >>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >>how they plan to split the money: they stay in line, and the first guy >>suggests how to split the money. Then they vote on his suggestion. If >>50% or more vote for his proposal, his suggestion is adopted. >> >>Otherwise they kill the first robber and now it is the turn of guy #2 >>to make another splitting proposal. Same voting rules apply. >> >>The question is, what will be the outcome? How will they split the >>money, how many robbers will be dead, and so on? >> >>igor >> > >Here's my guess: >Eache robber is going to want the largest share of the money possible. >Therefore The first guy dies automatically because that increases the share >size. This continues on until there are only two robbers left. Robber #19 >suggests that he receives the full 20 million and since his vote is 50%, he >receives it all. 18 robbers dead. No. Robber 18 knows that he will be killed under those circumstances, so he proposes that Robber 20 gets all the money. 20 votes with him. Now iterate backwards. If, under my assumption the proposers are selected by lot at each stage, then 18 still knows he'd be killed, but not knowing which of 19 or 20 is the next proposer, suggests 19 and 20 split 50-50. Since each knows that he might be #20 and get nothing on the next round, they accept. Now iterate that one backwards. David From ichudov at algebra.com Fri Jul 26 03:49:34 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 26 Jul 1996 18:49:34 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <199607260111.SAA11897@toad.com> Message-ID: <199607260435.XAA00384@manifold.algebra.com> eli+ at gs160.sp.cs.cmu.edu wrote: > > Hal Finney writes: > >I think the best way to approach this problem is to first try to solve > >it assuming there are only two robbers rather than 20. > > Right. Of course, you're implicitly assuming not only that this bunch > of bank robbers is rational, but that they're familiar with > mathematical induction. :-> In my initial post that caused all the turmoil I said (literally) this: ``Twenty cypherpunks robbed a bank.'' ^^^^^^^^^^^^^ I was careful choosing words. - Igor. From wombat at mcfeely.bsfs.org Fri Jul 26 03:50:01 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 26 Jul 1996 18:50:01 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: Message-ID: On Thu, 25 Jul 1996, Marshall Clow wrote: > >Here's a puzzle for our game theorists. > > > >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > >how they plan to split the money: they stay in line, and the first guy > >suggests how to split the money. Then they vote on his suggestion. If > >50% or more vote for his proposal, his suggestion is adopted. > > > >Otherwise they kill the first robber and now it is the turn of guy #2 > >to make another splitting proposal. Same voting rules apply. > > > >The question is, what will be the outcome? How will they split the > >money, how many robbers will be dead, and so on? > > > It seems to me that the last two guys in line will _almost always_ vote for killing the suggestor. > > the exceptions being for extreme suggestions like "let's split the money between #19 and #20", which I figure will get voted down by #s 2 thru 18. Starting at the end, and working to the beginning: If only 19 and 20 are left, 19 has 50% of the vote, and can take all. #20 loses out. Therefore, with 18,19, and 20 left, 20 will take whatever 18 offers, as it is better than getting nothing. With 17,18,19,20 left, 17 should propose a split with 20, who will likely get a smaller cut from 18, because of the above. With 16, 17, 18, 19, 20, three votes are needed, reducing the take for the majority, so no one other than #16 is acting in their best interest to approve a split, except for #19 trying to avoid losing out to 17/20 in the next round. Not enough for a majority. Follow this forward, and find that any even numbered cypherpunk on Ritalin with UZI bankrobber is useless, as an additional person is needed to form the 50%-or-better as compared to the next round. All even-numbered cypherpunks should then expect a short life expectancy. (You are number 6; who is number 1?) Therefore, punk #2 should propose that the money be split equally between all even-numbered / disadvantaged punks, as they will otherwise all get bumped off by odd punks. The odd punks, of course, get nothing in #2's proposal. Taking this one step further, and assuming that all clever punks have realized this, punk #1 proposes that the evens will perform the above split, if #2 is allowed to advancve this proposal, and therefore the only profitable option open to odd punks is to spilt the money between themselves, giving the even punks nothing. Of course, if one of the punks is our recently arrived ^h^h^h^h (just remembered I'd taken the pledge ...) ;) Rabid Wombat Nocturnal Diseased Marsupial The moral of this story is that it is good to be an odd punk ... > > -- Marshall > > Marshall Clow Aladdin Systems > > "We're not gonna take it/Never did and never will > We're not gonna take it/Gonna break it, gonna shake it, > let's forget it better still" -- The Who, "Tommy" > > > From jimbell at pacifier.com Fri Jul 26 03:52:37 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 26 Jul 1996 18:52:37 +0800 Subject: Fireworks expected, missed at Senate crypto hearing Message-ID: <199607260744.AAA23283@mail.pacifier.com> At 09:19 PM 7/25/96 -0500, Declan McCullagh wrote: >Just more of the same, though we heard less about child pornographers and >more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the >committee staff for leaning too far *away* from national security interests >in their summary of the legislation. What does that mean? As opposed to what? (Gorton's my Senator, and I'm going to give a little feedback to his local office...) >The FBI's Louis Freeh kept mouthing the same tired old line: "No reasonable >person can envision a lawless information superhighway." I guess that makes me an unreasonable person! > "It was never meant to be that." Well, that's just the problem...for _him_! Sometimes actions lead to hard-to-predict outcomes. >We need cops there, as we need them elsewhere. The problem is >the proliferation of unbreakable encryption." He said it's "not too late" >to stop the spread. Wishful thinking! Not only is it too late now, it was too late with Clipper I was proposed. Jim Bell jimbell at pacifier.com From root at bunch.ci.houston.tx.us Fri Jul 26 03:53:12 1996 From: root at bunch.ci.houston.tx.us (root) Date: Fri, 26 Jul 1996 18:53:12 +0800 Subject: Bandwidth Message-ID: I guess the statement about this being an "active" list was a little understated - however it did not mention anything about being used as a personal forum for petty bickering. I have a slow link (see 9600bps) to the internet and have been watching messages steadily trickle in for the past two or three hours concerning Rush and a "wager" between two people - I notice that they copy the other interested party as if they would not receive it via the list like EVERYONE ELSE DOES! Maybe I'm opening myself up for a flame - I might even deserve it if this discussion in fact does have something to do with cryptography and or related bits of information. If it does - please let me know (private mail is fine - you can even copy the list if you feel everyone deserves to see me ripped to shreds). My 2 cents, Al - No, not like Bundy! From root at adam.sp.org Fri Jul 26 03:55:13 1996 From: root at adam.sp.org (Phillip) Date: Fri, 26 Jul 1996 18:55:13 +0800 Subject: Brute-forcing DES In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 24 Jul 1996, The Deviant wrote: > On Tue, 23 Jul 1996 pjn at nworks.com wrote: > > > Date: Tue, 23 Jul 1996 16:25:44 -0500 > > From: pjn at nworks.com > > To: cypherpunks at toad.com > > Subject: Brute-forcing DES > > > > > Any one up for a distributed brute force attack on single DES? My > > > back-of-the-envelope calculations and guesstimates put this on the > > > hairy edge of doability (the critical factor is how many machines can > > > be recruited - a non-trivial cash prize would help). > > > > >> Count me in. I've got a couple of net-connected Pentiums that are > > >> mostly idle. > > > > Although I dont have a pentium, I would be glad to put forth > > some computer power to help. > > > > >> Might be able to bring some money in by selling "I Helped Crack DES > > >> And All I Got Was This Lousy T-shirt" T-shirts. > > > > Id buy one! :) > > > > Actually... we might as well print up the t-shirts, and sell them for $15 > apeice, then buy a DES cracker with the profit ;) > > Seriously though, I'd by the t-shirt, and I'll donate processor time. I > can definatly give an 8086 (BALK) to the process, some time on a 80386, > and a limited amount of time on some p75's... > > --Deviant > Whatever occurs from love is always beyond good and evil. > -- Friedrich Nietzsche > >  I'd get a about 7 t-shirts too ;) and I coud probably donate at least 1 80386, xx% of a 80386, a LITTLE bit of a DEC Alpha or so, probably 1 or 2 808x's and mayby a 80486, and 2 (if someone ports the code) C64's! (Wouldn't it be funnie if thay were the lucky cpu's ?[headlines: DES broken by C64])... How much for {2,4}000000/sec? $60? I buy $600 worth of parts. :) - -------------------------------------------------------------------------------- A cynic is a person searching for an honest man, with a stolen lantern. -- Edgar A. Shoaff - --------------------------- ----------------------------------- pj22298 at xx.acs.appstate.edu http://xx.acs.appstate.edu/~pj22298 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfhgZQxVIXeuPUw9AQFUXwf+ONoCj3ocIiAPA3OtQXP6tA/X+XN9dOoR E0doGjt0otmGueNHxIu/7SrtqODDvhUkIS0x5zcNf9Krj3M7nhH/75proNHms/ra jGfR4vHhMVkIAQ8jETJ++GefOMIUPmPBpuDoAIy8rUofY2qi4+fC5TiUBsWoFibb uSO4mesfTObOMQps+WT8e7jg36ugWZPNATYUIzMa6k5EfUrCy98Zt0AtirJMk0Mv c2qMdjlvkCBj6lfKzITqMLiLkD5EKXHVOmcu9CDkzni/mWlQvx1N+5VdyCN0gc8X 8BcmJPFDUHVAWF7utx3ROpvsuqXpzpbbbtzOoDHKYK01n7W+cbGDhw== =gKYI -----END PGP SIGNATURE----- From daw at cs.berkeley.edu Fri Jul 26 04:01:59 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Fri, 26 Jul 1996 19:01:59 +0800 Subject: Data Sources for DES Breaking In-Reply-To: <199607242051.NAA13352@netcom5.netcom.com> Message-ID: <4t9t1u$iar@joseph.cs.berkeley.edu> In article <199607242051.NAA13352 at netcom5.netcom.com>, Mike Duvos wrote: > Given that we might embark upon this public demonstration of the > fragility of single DES, what should we use for test data? How about a Kerberos packet? Kerberos is a time-honored system. There are a number of citations that can be provided to prove that it is in use (perhaps heavy use?) on Wall Street. Alternatively, how about a Netscape SSL packet encrypted with DES? I will volunteer to provide such a challenge if anyone is going to undertake a serious keysearch effort. From nobody at REPLAY.COM Fri Jul 26 04:03:10 1996 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 26 Jul 1996 19:03:10 +0800 Subject: No Subject Message-ID: <199607260758.JAA18523@basement.replay.com> On 7/25/96, Louis Freeh said: - - In the Aldrich Ames spy case, where Ames was told by his Soviet - handlers to encrypt computer file information to them. - - - In a child pornography case, where one of the subjects used - encryption in transmitting obscene and pornographic images of children - over the Internet. - - - In a major drug-trafficking case, where one of the subjects of one - of the court-ordered wiretaps used a telephone encryption device which - frustrated the surveillance. - - - Some of the anti-Government Militia groups are now advocating the - use of encryption as a means of preventing law enforcement from - properly investigating them. Thats 4 count em FOUR horsemen. Have a nice day. From gnu at toad.com Fri Jul 26 04:05:10 1996 From: gnu at toad.com (John Gilmore) Date: Fri, 26 Jul 1996 19:05:10 +0800 Subject: Bernstein files for partial summary judgement in crypto case Message-ID: <199607260028.RAA10520@toad.com> Here's the press release on the latest development in the Bernstein case. Mark your calendars for the "oral arguments" on this motion, which cypherpunks are invited to attend in full formal dress regalia. The hearing will occur on September 20 at high noon, in San Francisco. Bring your Stetson. Check the URL at the bottom of this message to see the latest filings in the case. It'll take us a day or two to get them all in there. We have statements from various crypto luminaries about the impact of ITAR on the free exchange of software, etc. The government's cross-motion, arguing their side of the issue, will arrive within days, and we'll scan that in as well. John BERNSTEIN FILES FOR PARTIAL SUMMARY JUDGMENT IN CRYPTO CASE Claims Government's Restrictions on Export of Cryptographic Speech Violates First Amendment July 26, 1996 Electronic Frontier Foundation Contacts: Shari Steele, Staff Counsel 301/375-8856, ssteele at eff.org Mike Godwin, Staff Counsel 510/548-3290, mnemonic at eff.org Lori Fena, Executive Director 415/436-9333, lori at eff.org San Francisco, CA -- A University of Illinois at Chicago faculty member who is suing the U.S. Department of State will file a motion Friday that could strengthen his claim that government restrictions on information about cryptography violate the First Amendment's protections for freedom of speech. Relying on Judge Marilyn Hall Patel's prior ruling that computer source code is speech protected by the First Amendment, mathematician Daniel J. Bernstein will file a motion for partial summary judgment in his suit against the State Department. In his 45-page memorandum in support of his motion, Bernstein sets forth several First Amendment arguments: LEGAL ARGUMENTS * Any legal framework that requires a license for First Amendment protected speech, which may be granted or withheld at the discretion of a government official, is a prior restraint on speech. In order for this framework to be acceptable, the government has the burden of showing that publication will "surely result in direct, immediate, and irreparable damage to our Nation or its people" and that the regulation at issue is necessary to prevent this damage. The government has not met this burden regarding the ITAR legal framework. * Because restrictions on speech about cryptography are content-based, the court must apply a strict scrutiny test in determining whether individuals can be punished for engaging in this speech. A strict scrutiny test requires that a regulation be necessary to serve a compelling state interest and that it is narrowly drawn to achieve that end. The ITAR regulatory scheme has adopted the *most* restrictive approach by prohibiting all speech in the area of cryptography. * The ITAR regulatory framework lacks the necessary procedural safeguards. Grants of administrative discretion must be limited by clear standards, and judicial review must be available. "Quite simply, the ITAR Scheme allows its administrative agencies to make inconsistent, incorrect and sometimes incomprehensible decisions censoring speech, all without the protections of judicial review or oversight." * The ITAR framework is unconstitutionally vague. The government doesn't even seem to know what its regulations include and exclude! Here, the lack of standards has allowed the government to misuse a statute aimed at commercial, military arms sales to limit academic and scientific publication. * The ITAR regulatory scheme is overbroad. In an internal memo written almost 20 years ago, the government's own Office of Legal Counsel concluded that the ITAR s licensing standards "are not sufficiently precise to guard against arbitrary and inconsistent administrative action." The OLC specifically warned that the coverage was so broad it could apply to "communication of unclassified information by a technical lecturer at a university or to the conversation of a United States engineer who meets with foreign friends at home to discuss matters of theoretical interest." This is exactly what is happening here, and it is unconstitutional. CASE BACKGROUND While a graduate student at the University of California at Berkeley, Bernstein completed the development of an encryption equation (an "algorithm") he calls "Snuffle." Bernstein wishes to publish a) the algorithm, (b) a mathematical paper describing and explaining the algorithm, and (c) the "source code" for a computer program that incorporates the algorithm. Bernstein also wishes to discuss these items at mathematical conferences, college classrooms and other open, public meetings. The Arms Export Control Act and the International Traffic in Arms Regulations (the ITAR regulatory scheme) required Bernstein to submit his ideas about cryptography to the government for review, to register as an arms dealer, and to apply for and obtain from the government a license to publish his ideas. Failure to do so would result in severe civil and criminal penalties. Bernstein believes this is a violation of his First Amendment rights and has sued the government. In the first phase of this litigation, the government argued that since Bernstein's ideas were expressed, in part, in source code, they were not protected by the First Amendment. On April 15, 1996, Judge Marilyn Hall Patel in the Northern District of California rejected that argument and held for the first time that computer source code is protected speech for purposes of the First Amendment. Because of its far-reaching implications, the Bernstein case is being watched closely by privacy advocates, the computer industry, the export and cryptography communities, and First Amendment activists. In fact, several members of these communities provided declarations that were submitted in support of Bernstein's motion. ABOUT THE ATTORNEYS Lead counsel on the case is Cindy Cohn of the San Mateo law firm of McGlashan & Sarrail, who is offering her services pro bono. Major additional pro bono legal assistance is being provided by Lee Tien of Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, Levitt & Weiss; and James Wheaton and Elizabeth Pritzger of the First Amendment Project in Oakland. ABOUT THE ELECTRONIC FRONTIER FOUNDATION The Electronic Frontier Foundation (EFF) is a non-profit civil liberties organization working in the public interest to protect privacy, free expression, and access to online resources and information. EFF is a primary sponsor of the Bernstein case. EFF helped to find Bernstein pro bono counsel, is a member of the Bernstein legal team, and helped collect members of the academic community and computer industry to support this case. Full text of the lawsuit and other paperwork filed in the case is available from EFF's online archives: http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ ftp.eff.org, pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ From david at sternlight.com Fri Jul 26 04:08:45 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 26 Jul 1996 19:08:45 +0800 Subject: Freeh Testimony 7/25/96 In-Reply-To: Message-ID: At 4:03 PM -0700 7/25/96, Dave Banisar wrote: >This is the written testimony of FBI Director Freeh before the >Senate Commerce Committee on S 1726, the Pro-Code legislation. > >Freeh called for the adoption of an universal key escrow system >that would facilitate law enforcement access.Several Senators were >critical of Freeh's testimony and asked why >he and the other panelists believed that savy criminals would >use escrowed encryption. They cannot have read his prepared statement, which addresses this issue (see below). Neither, apparently did you, Dave, or you would not leave the misleading impression Freeh didn't address this topic. Were you being sloppy? Mendacious? >Others questioned the possibility to any >kind of world wide agreement could be reached. Not valid. No sooner did Europeans reject the idea of the US as escrow holder then they set busily to work developing their own standard. There's no reason the US couldn't go along with what THEY decide (and trust me, judging on form it will be more Draconian that what the US would have created). > >Director Freeh admitted in responding to one Senator that he would >seek legislation to ban non-escrow cryptography if it were not >widely adopted. He said, "we are not at the point yet that volutary >is not vialble. At that point, we would look at mandatory controls." >He also stated that he would also ask for import controls to be >imposed "if the country was flooded with foreign robust encryption." This is consistent with Netanyahu's recent book on terrorism, except that Freeh apparently doesn't include the civil liberties protections suggested by Netanyahu. I'm surprised. Freeh is said to be a very smart man--he must know that if he included those protections as an integral part of his advocacy it would go down much better with the American people. Failure so to do raises the most serious questions. > >A html version of this document is available at > >http://www.epic.org/crypto/export_controls/freeh.html Thanks; David > > >------------ > > > U.S. Department of Justice > Federal Bureau of Investigation > Office of the Director Washington, D.C 20535 > >STATEMENT >OF >LOUIS J. FREEH >DIRECTOR >FEDERAL BUREAU OF INVESTIGATION ON >JULY 25, 1996 >BEFORE THE >COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION >UNITED STATES SENATE >REGARDING >IMPACT OF ENCRYPTION ON LAW ENFORCEMENT AND PUBLIC SAFETY > ... > It is worth noting that we have never contended that a key >escrow regime, whether voluntarily or mandatorily implemented, would >prevent all criminals from obtaining non-key escrowed encryption >products. But even criminals need to communicate with others nationally >and internationally, including not just their criminal confederates but >also legitimate organizations such as banks. Accessible, key escrow >encryption products clearly will be used by most if widely available, >inexpensive, easy to use, and interoperable worldwide. From jkenth at c2.org Fri Jul 26 04:14:08 1996 From: jkenth at c2.org (J. Kent Hastings) Date: Fri, 26 Jul 1996 19:14:08 +0800 Subject: Anonymous Web Services Inc. Message-ID: <31F8711F.4707@c2.org> Cpunx, ecashers, and others: Oh joy, these guys are good publicity for our side. :^( Arghh!!! http://www.angelfire.com/pg1/digicrime/index.html > Anonymous Web Services Inc. > > ---------------------------------------------------------------------- > [Image] > > What We Do > > * We make deals > > * We rip people off for you > > * We get you money > > * We get you WebServer accounts > > * We work for you > > ---------------------------------------------------------------------- > We are an anonymous server that relays our pages through such services > as Angelfire, C2, and many other services. We are in business for you > benefit. > > If you have an America Online account, we have the capabilities to > give you complete unlimited access, and you pay nothing! > ---------------------------------------------------------------------- > > Have you always wanted that $8,000.00 snowboard? Or that 4x4 FORD > F150? Well, if you give us the URL of the product you would like us to > get for you, just send the needed information, and we will go > "shopping" for you. Of course this isn't totally free, you have to pay > 5%. Hey, paying $5.00 for a $100.00 CD Player isn't bad! > > We deal in the anonymous market, as do most World Wide Web servers, > and that is why security is the top priority, wherever you go. If you > want to set up an account with us, so you can steal stuff, "buy" > stuff, and make anonymous web pages, send us your credit card number, > and other needed information such as your expiration date, and we will > set up an accounts for you! We also accept ECash! > > Do you know somebody that you really hate? Tell us their name, and > what you would like to do to them, and we can make them wanted by the > Alabamba police, or we can anonymously transfer money from their > credit cards or checking accounts to you! Now dowsn't that sound > great? Free money, and free pleasure! > ---------------------------------------------------------------------- > > If you create an accounts with us, you will feel nothing but the best > superiority to all of the little losers peddling aourd you. Consider > our service as, your own personal hacker. Except you can tell us > whatever you want, and make us fuck up your enemies. We don't kill > people, we just take away their old identity. > ---------------------------------------------------------------------- > Send email to WebMaster at digicrime.org > > Special Offer... > ---------------------------------------------------------------------- > > If you are in Illinois, particularly in the northern part, we can give > you FREE Ameritech Voice Mail! Free? You ask, well there is an easy > way to get the numbers. You can either E-Mail me for instructions, or > E-Mail me for a already made box. We have some boxes that allow you to > make calls from, for example, if you have a friend in Australia, give > him a call, talk to him for an hour. It is totally free, illegal, and > untraceable. > ---------------------------------------------------------------------- > Last Updated Tue Jul 2 01:04:34 1996 > ---------------------------------------------------------------------- > This web page was provided by Angelfire Communications. > The material on this page are the responsibility of its author, not > Angelfire Communications.Kent -- Browse sample chapters of new books by bestselling authors, pay online with a credit card or ecash, then download books in HTML or Adobe Acrobat format from the web at http://www.pulpless.com/ From mpd at netcom.com Fri Jul 26 04:34:35 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 26 Jul 1996 19:34:35 +0800 Subject: IP: NSA RESPONSE TO KEY LENGTH REPORT In-Reply-To: <21a.193396.40@iac-online.com> Message-ID: <199607260642.XAA14728@netcom23.netcom.com> Matt Blaze writes: > Finally, the NSA report offers estimates of the time > required to perform exhaustive search using a Cray model T3D > supercomputer. This is a curious choice, for as our report > notes, general-purpose supercomputers of this type make poor > (and uneconomical) key search engines. A tiny nit to pick here. The Cray T3D and T3E computers are massively parallel machines consisting of DEC Alpha chips hooked up in a 3D Torus configuration. They would probably make pretty decent key search engines, as opposed to the general purpose vector supercomputers Cray is better known for. > Table 3 are out estimates based on our experience with a > Cray T3D supercomputer with 1024 nodes. This machine costs > $30 million. > [Tables 1, 2, and 3 not transcribed here.] You left out the most interesting part! -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From stewarts at ix.netcom.com Fri Jul 26 04:48:19 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 26 Jul 1996 19:48:19 +0800 Subject: [NOISE IS NOISE] Re: Rand and smoking Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) [NOISE E. D.] Message-ID: <199607260548.WAA19993@toad.com> >Uh.. yabbut we were talking about insisting that her followers >smoke, which is different from saying that smoking is cool. >Well, for most people it is different. You fail to understand the precisely reasoned Aristotelian syllogistic logic of Ms. Rand's position (you heretic!): 1) Smoking is a result of fire. 2) Fire is cool. 3) Therefore, smoking is cool. Q.E.D. 4) Logic is cool, and non-logic is non-cool 5) We're cool 6) Therefore, light up that cigarette or be excommunicated! Q.E.D. >P.S. I wonder how often the regularly scheduled programming of >citizen units _is_ exactly? If you don't see the fnords, they won't eat you. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Confuse Authority! From root at adam.sp.org Fri Jul 26 04:51:48 1996 From: root at adam.sp.org (Phillip) Date: Fri, 26 Jul 1996 19:51:48 +0800 Subject: Cracking DES or building a DES cracking machine? In-Reply-To: <199607240124.UAA12269@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 23 Jul 1996, Igor Chudov @ home wrote: > Hm, > > If we are talking about convincing 100,000 people to donate a lot > of their CPU time, would not it be possible to convince the same > 100,000 people to donate $10 each and build a $1,000,000 DES cracking > machine? > > Then we can crack DES keys for a certain sum per key, without asking > any unnecessary questions. Profits can be donated to purchasing AK-47's > for poor preschool children or some similar charitable project. > > - Igor. > > Yea, but how keep the machine? How pays for power? etc... By spliting up over this type of network we defente several things: Utilities/Facilities - power, heating/cooling. Taxes - We neither create an orginzation nor profit, Porfit - Thars' none, so no one complains. And we [MIGHT] save the time to have such a thing built. [ But if we do make the machine, I Wan't it when we're done] - -------------------------------------------------------------------------------- - --- Losing intrest? Try a new bank. - --------------------------- ----------------------------------- pj22298 at xx.acs.appstate.edu http://xx.acs.appstate.edu/~pj22298 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfhnJwxVIXeuPUw9AQFYPQf/StKZCEAybMCC4iuMgYtpwYX1NJ9Bv+F0 ZGCi5uZ5lvW/SHr83LseRHT80Wf0ynKZc/fVlgmp7xe56sNxubsf+0swz1noBTZp umZNOFLYQBp4eJ9+M8KHadx7mx5nDGtWjcbmCh4r8SDv0n5aM21eDNvtsLwt9xfW nE9G1DBf8NrJO/sMQFULCJP5i+LFvsv71kVB4Xw/Y4seQoOrZWDvSDxRDQSqen+U VmOmpmY3D1reyDl8StQ5kuQoXzsaT+TtEG5dWHH23FLZE/SE7GoMsTDAodpTq8ET Q01hnQpSAQp3WOwhzXXbOO2ON2sP7MKqVj+HAsJ1us9SSEHy9CqTRg== =5OcK -----END PGP SIGNATURE----- From david at sternlight.com Fri Jul 26 04:58:14 1996 From: david at sternlight.com (David Sternlight) Date: Fri, 26 Jul 1996 19:58:14 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com> Message-ID: At 4:33 PM -0700 7/25/96, Jeremey Barrett wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Assuming "perfect" intelligence on the part of the robbers (i.e. they will >follow deterministic behavior and do the "right" thing), then here's what >must happen IMO (1 being the first guy and 20 being the last): > >1 must propose that 1, 3, 5, 7, 9, 11, 13, 15, 17, and 19 all split >the money evenly. All of these will vote for it, assuming they're all >perfectly smart and deduce the inevitable outcome. > >I arrived at this working backward from the case where two robbers are left. > >If 2 are left (19 & 20), 19 gets all the money. So 20 will vote for whatever >18 says, which MUST include 20 in the deal. Since 19 knows this, 19 >will vote for whatever 17 says, which must include 19 in the deal, and so >forth. Eventually you arrive at the conclusion that 1,3,5...,19 must >all agree to split the money at the beginning. Your solution fails if the proposer is determined by lot, stage by stage. Any other approach will be felt unfair by some, but that approach will be thought fair by all. David From gary at systemics.com Fri Jul 26 05:03:32 1996 From: gary at systemics.com (Gary Howland) Date: Fri, 26 Jul 1996 20:03:32 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: Message-ID: <31F89692.167EB0E7@systemics.com> David Sternlight wrote: > > >>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > >>how they plan to split the money: they stay in line, and the first guy > >>suggests how to split the money. Then they vote on his suggestion. ^^^^ ^^^ > No. Robber 18 knows that he will be killed under those circumstances, so he > proposes that Robber 20 gets all the money. 20 votes with him. I think many are assuming that the cypherpunk making the suggestion gets a vote. My reading of the puzzle is that he does not. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From adamsc at io-online.com Fri Jul 26 05:05:07 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 26 Jul 1996 20:05:07 +0800 Subject: LIMBAUGH ON TV Message-ID: <199607260626.XAA20871@toad.com> On 25 Jul 96 13:35:44 -0800, hallam at Etna.ai.mit.edu wrote: >I'm still rather amused by the terms of your bet, $50 vs 25L. >At current exchange rates 25 Lire is more like 2 cents. > >I thought I had already given my 2 cents. I think he meant 25 british Pounds and used L since the pound sign isn't kosher on many systems. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From shamrock at netcom.com Fri Jul 26 05:13:20 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 26 Jul 1996 20:13:20 +0800 Subject: DES brute force? (was: Re: Borders *are* transparent) Message-ID: At 21:10 7/23/96, Mixmaster wrote: >The problem with banking applications is that cracking a real key >causes lots of real damage. I don't think it is illegal (as long >as you don't withdraw somebody else's money), but publishing e.g. >one of the DES keys used for the "EC Card" PIN verification would >bring the European ATM system close to collapse. Finding a self- >generated key, on the other hand, is not very impressive. Keys can be changed. Sounds like a good target to me. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From llurch at networking.stanford.edu Fri Jul 26 05:20:10 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 26 Jul 1996 20:20:10 +0800 Subject: Princeton University muzzles students In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 25 Jul 1996, Declan McCullagh wrote: > When Princeton administrators claimed they followed the letter of the > law, in truth they used the law as an excuse to muzzle their students. This instrumentalist conspiracy theory is a bit of a leap beyond the facts. They were spammed. The content of the spam was political. They responded quite stupidly. There is no evidence that they were looking for "an excuse to muzzle their students." They should "clarify" the policy, which everyone who would be expected to enforce it opposes, within two weeks. Commercial speech might take longer. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfiFyJNcNyVVy0jxAQGznwIAkC50QnSfsuGZ+cylFBgDK/ibL136O6eW LgXRVdCx4ZE2QERgq54O1FOWkvRdLfoXqVpr1Eai65z2wY117bBH6w== =4XWE -----END PGP SIGNATURE----- From roy at sendai.scytale.com Fri Jul 26 05:31:04 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Fri, 26 Jul 1996 20:31:04 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II In-Reply-To: Message-ID: <960726.002108.6f7.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, tcmay at got.net writes: > (I hate the term "nerd," as I hate the > names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being > called a "nerd" is complimentary, or anyone who labels himself as a "geek," > is probably one who would call himself a "nigger," or a "queer.") I have business cards that identify me as a "Certified Computer Geek[tm]". They seem to impress the non-cognoscenti. And as long as they are amused (and their checks don't bounce), I'll make more cards. Attitude really is everything. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfhYuhvikii9febJAQHM9QQAitHxEgBJAk5rXDesCMrHiH+OHq0bdACo K32Oxjp6B8PrksfZc421+ZcMbktAFp6zLr0PxRtXuHYst7U6POz2u8SjVArfqVrK 89lRIeVJlfdk1WXiWJ+Kjn9g3slV9eaanT48pSFoKpXpKaOaKFWj1eT+Kk5PQcGq ABz3Elv4src= =z38z -----END PGP SIGNATURE----- From proff at suburbia.net Fri Jul 26 05:40:12 1996 From: proff at suburbia.net (Julian Assange) Date: Fri, 26 Jul 1996 20:40:12 +0800 Subject: PREDICTIONS, MUST BE BREAK TIME... In-Reply-To: <960725173949.d5f@spire.com> Message-ID: <199607260832.SAA25609@suburbia.net> > The AFIM can 'rebuild' fingerprints to overcome dirt a scar tissue > problems. It also uses a special lense which reads only 3d images so > photocopies and a cut off fingers will not work. > > Tyler Whitaker > ttw at spire.com > Senior Internet Engineer > Spire Technologies. It is interesting to note that when your fingers / hands are cut off they automagically turn into two dimensional objects. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From stewarts at ix.netcom.com Fri Jul 26 06:19:39 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 26 Jul 1996 21:19:39 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607260854.BAA24001@toad.com> At 11:35 PM 7/25/96 -0500, ichudov at algebra.com (Igor Chudov) wrote: >In my initial post that caused all the turmoil I said (literally) this: >``Twenty cypherpunks robbed a bank.'' > ^^^^^^^^^^^^^ >I was careful choosing words. That was my reaction as well. I'd assume that if twenty cypherpunks rob a bank, either it's one of Eric's party games (:-), or else they probably conspired over the net to rob a bank by computer. 1) The bank probably knows which bank got robbed. 2) The public probably won't hear about it. 3) The cypherpunks might or might not. 4) The number and identity of the cypherpunks is unknown, both to each other and to the bank. 5) If all twenty bank-robbing cypherpunks do conspire to get together in a room to split up the loot, it's probably a chat-room or mud-room; it's not likely to be physical space. 6) It's very hard to kill people whose identities you don't know across a net that obscures their physical location as well. 7) I suppose you could kill-file them, which does cut them out of the voting process, and therefore probably out of the money, but is certainly less drastic than shooting them. 8) Besides, how do you tell who's first on the list when they're all nyms anyway? 9) Who's got the money, anyway? Was there some sort of secret-sharing protocol to make sure that the one cypherpunk holding the loot doesn't just telnet to Argentina.com with it? 10) Money? What money? 11) How do they conduct the voting? Merely arguing over the voting protocols could occupy megabytes of list bandwidth. 12) They could just decide to use the money to pay the winner of a lottery to predict when somebody shoots Jim Bell. 13) But that wouldn't really take much, so there's still a lot left over. 14) N>10 of the twenty are really all Tentacles, so they can all vote to shoot any non-Tentacle and then vote to split the cash between themselves. 15) They could even killfile one or two Tentacles just to make it look like a fair process. 16) I _knew_ we shouldn't have killfiled Lieutenant Niedermeyer! 17) Seventeen is the mystical number. 18) If the public _does_ hear about it, the bank's stock will drop like a rock, and they can use the money to buy out the bank. 19) It's mine, mine, all mine! 20) Bang! # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From stewarts at ix.netcom.com Fri Jul 26 06:25:50 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 26 Jul 1996 21:25:50 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607260909.CAA24224@toad.com> My commentary below supposes that the robbers are _not_ cypherpunks, but are fanatic logicians, and prefer poverty to death. It also assumes that all motions are non-debatable, which reduces the amount of dealmaking possible. At 05:52 AM 7/26/96 -0400, Rabid Wombat wrote: >If only 19 and 20 are left, 19 has 50% of the vote, and can take all. #20 >loses out. >Therefore, with 18,19, and 20 left, 20 will take whatever 18 offers, as >it is better than getting nothing. >With 17,18,19,20 left, 17 should propose a split with 20, who will likely >get a smaller cut from 18, because of the above. > >With 16, 17, 18, 19, 20, three votes are needed, reducing the take for >the majority, so no one other than #16 is acting in their best interest >to approve a split, except for #19 trying to avoid losing out to 17/20 in >the next round. Not enough for a majority. Wrong. If 16 gets killed, 18 knows that 17 and 20 will probably split the money, so it's in 18's interest to team with 16 and 19. 15, 17, and 20 can also vote to split the money. 14's position is a bit shakier, but he's got more people to deal with. ...>... >All even-numbered cypherpunks should then expect a short life expectancy. >(You are number 6; who is number 1?) What do you want? - The money! # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From mycroft at actrix.gen.nz Fri Jul 26 06:26:41 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Fri, 26 Jul 1996 21:26:41 +0800 Subject: DES-busting Javanese pagers and TVs In-Reply-To: <199607240039.UAA27954@unix.asb.com> Message-ID: <199607260647.SAA11707@mycroft.actrix.gen.nz> "Deranged Mutant" wrote: Would it be better to have them all try random keys rather than use assigned keyspaces? Can't keysearches be shorted by half (not that it's that significant, 2^55 rather than 2^56) using complement keys? 2^55 bits is not significant? It is on my hardware! -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Mencken and Nathan's Second Law of The Average American: All the postmasters in small towns read all the postcards. From rp at rpini.com Fri Jul 26 06:37:56 1996 From: rp at rpini.com (Remo Pini) Date: Fri, 26 Jul 1996 21:37:56 +0800 Subject: Am I protected by ignorance? Message-ID: <9607260929.AA14439@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Fri Jul 26 11:26:59 1996 I have a question about legal issues: Lets asume I have a service provider in switzerland who gives me web-space. I publish strong cryptography there. The server itself is physically in USA, but my domain is something like "www.itar.ch" (a swiss web-address). Since there is no way for me to know where the server stands, do I violate the ITAR, and if so, am I realistically prosecutable? - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfiPZBFhy5sz+bTpAQHbKggAi7kG/Bp8x+fApJTTSDw6AAcXe+U5TyVG ladtDvnQOQE66raEqvfTWUPuyB5Fa9xqRAe/kpSkxU7802TPMnxMii3dJPLaOMv7 eYZx58VVVeSmbnC3qnN4SU5uSYnS7dNXE50kPaZDq0bap3O2LVB0yTL30xqBuF5+ EJs73dJQRKt/UipbymTLmeThDM1bRj0CxRL5b1OHHoYM5yDMhpxrS5KWnke7Pxqe lTM3K+XTdpLC3MgmD15hpAfpn82uYGm8a21EsJ/ODLdxrdEv7mRm36V7EYH+JAqM 9jM3Hy38vnGHk6inB2dLGofa5tzFdbEhW2TtL6chRAnmemQkmVN8jg== =eWJb -----END PGP SIGNATURE----- From mycroft at actrix.gen.nz Fri Jul 26 06:43:34 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Fri, 26 Jul 1996 21:43:34 +0800 Subject: Fireworks expected, missed at Senate crypto hearing In-Reply-To: <199607260744.AAA23283@mail.pacifier.com> Message-ID: <199607261051.WAA12127@mycroft.actrix.gen.nz> jim bell wrote: >The FBI's Louis Freeh kept mouthing the same tired old line: "No >reasonable person can envision a lawless information superhighway." I guess that makes me an unreasonable person! "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- No matter how subtle the wizard, a knife in the shoulder blades will seriously cramp his style. From mycroft at actrix.gen.nz Fri Jul 26 06:46:12 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Fri, 26 Jul 1996 21:46:12 +0800 Subject: Defeating "Perp Profile" Analyses Of Written Materials In-Reply-To: <199607260508.WAA08515@dfw-ix4.ix.netcom.com> Message-ID: <199607261105.XAA12145@mycroft.actrix.gen.nz> JonWienk at ix.netcom.com wrote: [Begin English Translation of Spanish Text] At home, 24 Jul 1996, JMKELSEY@[ [delphi.com]] he/she/it/you wrote: "I don't make have messages of the[ [remailer]] equal very-chained anony= mous=20 letter protect my identity of attackers something wealthy persons and cer= tain,=20 if I/he/she/it/you did many anonymous posts. Style of the writing and al= one=20 topic would take in the list of the suspect to a governable number." John Young obviously uses this technique regularly :-) -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- "Who cares if it doesn't do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..." From mycroft at actrix.gen.nz Fri Jul 26 06:56:02 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Fri, 26 Jul 1996 21:56:02 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: Message-ID: <199607261026.WAA12047@mycroft.actrix.gen.nz> David Sternlight wrote: No. Robber 18 knows that he will be killed under those circumstances, so he proposes that Robber 20 gets all the money. 20 votes with him. Now iterate backwards. If, under my assumption the If there are 3 robbers, #1 can work out any split he likes that gives a portion of the money to #3, since #3 knows he won't see a cent unless he goes along with it. If he chooses not to give anything to #3, #3 loses nothing but may decide to kill him out of spite. In the case of 4 robbers, #1 could decide to split the money with #3 or #4. #3 will vote with him if he chooses #3 because he won't get anything otherwise. #4 will vote with him if he chooses #4, because #4 knows that he has no choice but to agree with anything #2 decides, and on the assumption that the proposer at each round wishes to maximize his share, he'll offer #4 less than #1 did. (In this case, #3 has nothing to lose, so he may vote with 1 and 4, but it doesn't matter) Iterating backwards from here to the case of N robbers, #1 only has to offer any floor((N-1)/2) of robbers #3..#N any amount in order to get their votes. proposers are selected by lot at each stage, then 18 still knows he'd be killed, but not knowing which of 19 or 20 is the next proposer, suggests 19 and 20 split 50-50. Since each knows that he might be #20 and get nothing on the next round, they accept. Now iterate that one backwards. In this case, 18 will be killed anyway if the other two are willing to bet their half of the money on being next in line. It's possible that for N robbers, all of them will vote against the proposer at every stage until one of them ends up with all the money. -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- #define BITCOUNT(x) (((BX_(x)+(BX_(x)>>4)) & 0x0F0F0F0F) % 255) #define BX_(x) ((x) - (((x)>>1)&0x77777777) \ - (((x)>>2)&0x33333333) \ - (((x)>>3)&0x11111111)) From stewarts at ix.netcom.com Fri Jul 26 07:05:54 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 26 Jul 1996 22:05:54 +0800 Subject: Bare fibers Message-ID: <199607260854.BAA23997@toad.com> At 11:52 AM 7/25/96 -0700, abostick at netcom.com (Alan Bostick) wrote: >As has been mentioned earlier, all an attacker has to do is encourage >some of the light to exit the fiber, by bending it, contacting it with >a detector, etc. >If the detector is sensitive enough, the loss induced by this is minimal. >This sort of tapping is exactly the sort of thing quantum cryptography >is supposed to prevent, or at least identify. So far, so good. >Nothing short of quantum methods is going to spot the tap, >unless you happen to come across the tap by inspecting the entire >length of the fiber. Pressurized conduit is a favorite paranoid technique - if the Bad Guy cuts open the conduit to get at the fiber, your alarm system notices the pressure drop and goes off. For slightly less paranoid scenarios, you can use heavy narrow conduit with epoxied joints, and the extra alarm wire or two to help detect cutting. For substantially more paranoid types, you can always fill your conduit with some sort of flammable substance that reats with air... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From junger at pdj2-ra.F-REMOTE.CWRU.Edu Fri Jul 26 07:13:03 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Fri, 26 Jul 1996 22:13:03 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net> Message-ID: <199607261119.HAA12437@pdj2-ra.F-REMOTE.CWRU.Edu> Erle Greer writes: : At 09:09 AM 7/25/96 -0500, you wrote: : >Here's a puzzle for our game theorists. : > : >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's : >how they plan to split the money: they stay in line, and the first guy : >suggests how to split the money. Then they vote on his suggestion. If : >50% or more vote for his proposal, his suggestion is adopted. : > : >Otherwise they kill the first robber and now it is the turn of guy #2 : >to make another splitting proposal. Same voting rules apply. : > : >The question is, what will be the outcome? How will they split the : >money, how many robbers will be dead, and so on? : > : >igor : > : : Here's my guess: : Eache robber is going to want the largest share of the money possible. : Therefore The first guy dies automatically because that increases the share : size. This continues on until there are only two robbers left. Robber #19 : suggests that he receives the full 20 million and since his vote is 50%, he : receives it all. 18 robbers dead. That ``solution'' assumes that cypherpunks are rather stupid. Since everyone can do that calculation it is quite clear that at least 18 would refuse to vote (or fail to vote) in a way that produces such a result. On the other hand, a proposal by the first guy to split the proceeds equally among the first ten should be satisfactory to the first ten. On that basis nobody dies and ten receive two million each, if we assume that each is a simple profit maximizer. I think that that result is stable, but am not going to try to prove that it is. (If the result is not stable, it should be relatively easy to establish that fact.) -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From rp at rpini.com Fri Jul 26 07:24:12 1996 From: rp at rpini.com (Remo Pini) Date: Fri, 26 Jul 1996 22:24:12 +0800 Subject: Distributed DES crack Message-ID: <9607261128.AA17859@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Fri Jul 26 13:25:22 1996 > At 10:30 7/23/96, Matt Blaze wrote: > > >My estimate is that an FPGA-based machine that can do a single DES key > >every four months (eight months to exhaust the whole keyspace) could > >be built with off-the-shelf stuff for comfortably under $50k (plus > >labor, plus software development costs). A prototype board should > cost > >under $1000 and will help prove the concept and get a more accurate > cost > >estimate. I expect to build such a prototype machine myself, and, if > it > >works as I expect, maybe the whole thing. > > I am willing to financially contribute to the project. > > If this were to be a card (via RS232 or PC-bus), thousands of people would be able to copy it, once the development process is finished. -> You'd have hardware that all those people could use for a distributed crack, the building cost would be distributed also (<$100), only development would have to be at one place (sponsored of course). Now, that would be a scary thought for DES-fans! - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfirIxFhy5sz+bTpAQEpQggAsgkbxVgxbKSSMrCT/gjBvmagHhl0KWqd 9rtbRcp8D2jKXYQ1f7yVWsvD/UEWV4hKpZtUOLKk90HrnL96N+QERUsx55ojqHxQ VzOInVjEexlM+mIYcP+IYCmMtM05o7GcVJTFjmT9GrpNWSVrA0szwJnROLkkkJ9b JV8+QSKusYX+Xy5BBpBEmyb6036+zgurZuGll6+A0hks5azGnRlbcYMgQhQ1ToKn /TqeFSCxwPCMSrfnhtfMeyCCa0z7ysue36kXhZaSHbgw2Zm+ejaB4/lINjultl33 iE7IqcE3Q824itorCmak3PM3CslTOG6iOszRSL70JD8t0ddjt4c/UA== =+ipg -----END PGP SIGNATURE----- From mycroft at actrix.gen.nz Fri Jul 26 07:54:50 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Fri, 26 Jul 1996 22:54:50 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <31F89692.167EB0E7@systemics.com> Message-ID: <199607261138.XAA12217@mycroft.actrix.gen.nz> Gary Howland wrote: > No. Robber 18 knows that he will be killed under those circumstances, so he > proposes that Robber 20 gets all the money. 20 votes with him. I think many are assuming that the cypherpunk making the suggestion gets a vote. My reading of the puzzle is that he does not. I hadn't thought of that. If the proposer gets no vote, and assuming he still gets counted to make up 50%, for N > 3, he should suggest giving some money to the penultimate ceil(N/2) robbers. In the case of N <= 3, the last robber gets everything. -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Fine day to work off excess energy. Steal something heavy. From bryce at digicash.com Fri Jul 26 08:09:05 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Fri, 26 Jul 1996 23:09:05 +0800 Subject: NOT noise! Serious cypherpunkly work afoot Message-ID: <199607261224.OAA05075@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Anybody have a Nextstep box with gcc and gnumake that I can borrow some CPU cycles from? Thanks! Bryce Ecash 2.x Team -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMfi4yUjbHy8sKZitAQFAlAMA0yfFER9v3N9sYezA/Kt8oT7DeIX9NY1d nn2B3ErsG4O7RXvmHvbtSG7raysqP5VCGQKstdUuufAVR50XQZQeQaV5RAh9dJkw bGSsVdJwnpJUwzZKe8cKq2j3FcRRgqpJ =2Qj6 -----END PGP SIGNATURE----- From Clay.Olbon at dynetics.com Fri Jul 26 08:25:08 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Fri, 26 Jul 1996 23:25:08 +0800 Subject: Silliness on cypherpunks Message-ID: While I don't intend to try to impose my views on what cypherpunks should discuss, I would like to inject some comments on some recent trends that I throw into the "silliness" category. The first issue is the seemingly sincere attempts at answering questions that are obviously irrelevant. IMO cypherpunks are not "Mr. Answer Man" for every question someone has regarding computers or electrical engineering. Sure, most of us are pretty capable of answering these questions - that doesn't mean that we should. Whenever I asked a silly question at home, my dad used to tell me - "look it up". The process of finding the answer was actually far more important than the answer itself. We should attempt to ignore these kinds of questions. Maybe eventually they will go away. My other "peeve of the day" is the wonderful introduction of the "mee too" postings to cypherpunks. I know it makes you feel really great to donate your old TRS-80 to the cause of brute-forcing DES, but honestly, most of us don't share your joy. Nuff said. For the record, I appreciate good humor (I get a real kick out of the "Cypherpunk Enquirer"). I think humor absolutely has a place on this list, I just differentiate humor from some of the "silliness" trends I noted above. Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From dlv at bwalk.dm.com Fri Jul 26 08:28:46 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 26 Jul 1996 23:28:46 +0800 Subject: [FUNNY] Rich Graves exposed Message-ID: I didn't realize Rich is a neo-Nazi revisionist. :-) Path: ...!bloom-beacon.mit.edu!news.mathworks.com!tank.news.pipex.net!pipex!oleane!jussieu.fr!math.ohio-state.edu!uwm.edu!news.nap.net!news.pyrotechnics.com!kiwi.pyrotechnics.com!scallon From: scallon at pyrotechnics.com (Brendan J. F. Scallon) Newsgroups: can.politics,alt.revisionism,soc.culture.jewish,alt.personals.intercultural,soc.couples.intercultural,alt.fan.ernst-zundel,alt.censorship,news.groups Subject: Re: Ken McVay and Rich Graves support censorship Followup-To: can.politics,alt.revisionism,soc.culture.jewish,alt.personals.intercultural,soc.couples.intercultural,alt.fan.ernst-zundel,alt.censorship,news.groups Date: 26 Jul 1996 03:41:43 GMT Organization: George Clinton/Bootsy Collins '96 Lines: 14 Message-ID: <4t9epn$972 at news.pyrotechnics.com> References: <4s5b5c$1s5 at tor-nn1-hb0.netcom.ca> <4ss1co$eq at Networking.Stanford.EDU> <4ssifd$1b2 at Networking.Stanford.EDU> <005304Z22071996 at anon.penet.fi> <4sun4t$rln at news1.panix.com> <093312Z22071996 at anon.penet.fi> NNTP-Posting-Host: kiwi.pyrotechnics.com X-Newsreader: TIN [version 1.2 PL2] For those of you who do not understand: Kenneth McVay started the Nizkor Project after he stumbled across Dan Gannon's revisionist BBS (denies the Holocaust). His Nizkor Project had millions of byltes of data about the Holocaust and info about the revisionists (i.e. Gannon, Les Greaseball, Rich Graves, Kevin Alfred Strom, etc.); He was awarded the Order of British Columbia for his work. -- Brendan John Francis Scallon When it comes to the net, I'm scallon at pyrotechnics.com similar to the thrilla in Manila Race: Other__Celtic__ http://www.pyrotechnics.com/~scallon CLINTON/COLLINS '96 This country needs a Parliament From trei at process.com Fri Jul 26 08:53:36 1996 From: trei at process.com (Peter Trei) Date: Fri, 26 Jul 1996 23:53:36 +0800 Subject: Produce 7 Hertz Frequency Message-ID: <199607261309.GAA27282@toad.com> > From: Jerome Tan > Does anyone know how to produce a 7 hertz frequency? Jerome has so far asked us, among other things: What does 'reverse engineering' mean in a hacking context? Does anyone know how to make a home-made telephone voice changer? Is it possible to penetrate a firewall? How can I crack unix password files? Is there a way I can run Unix under Win95? I think this man needs to read alt.2600, not cypherpunks. I wonder if this is the same Jerome Tan who was at Nanyang Technological University in Singapore? I wonder what the folks at St Luke's Medical Center in Manilla think of this stuff? Peter Trei ptrei at acm.org From frankw at in.net Fri Jul 26 08:59:58 1996 From: frankw at in.net (Frank Willoughby) Date: Fri, 26 Jul 1996 23:59:58 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <9607261146.AA09833@su1.in.net> >> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >> how they plan to split the money: they stay in line, and the first guy >> suggests how to split the money. Then they vote on his suggestion. If >> 50% or more vote for his proposal, his suggestion is adopted. >> Otherwise they kill the first robber and now it is the turn of guy #2 >> to make another splitting proposal. Same voting rules apply. Perhaps I'm missing something, but it seems to me that first person in line (#1) would say propose that the first 11 people in line each receive a split of 1/11 of the 20 million and that since this doesn't come out exactly even, that he (#1) would make up the few cents difference out of his share (a small price to pay to keep alive). This would probably get the votes of the first 11 people. Results: o First 11 people split the money (last 9 get zip) o All live. Best Regards, Frank Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc. Fortified Networks Inc. - Information Security Consulting http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817 Home of the Free Internet Firewall Evaluation Checklist From Clay.Olbon at dynetics.com Fri Jul 26 09:01:15 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Sat, 27 Jul 1996 00:01:15 +0800 Subject: Rush on crypto Message-ID: snow wrote: > OB Crypto: From what I have heard Mr. Limbaugh _didn't_ like the CDA, >and if the right person can get to him and convince him properly, he might >even come out against GAK (if he hasn't already). He has the potential to >reach millions of _very_ loyal people. It might be worth someones time to >try to get thru to him. When Clinton testified in the recent whitewater trial via videotape, it was reported in the press that the testimony was sent to Arkansas via an encrypted data link. Rush commented that it was only a matter of time before some smart teenager figured out how to decrypt it. I sent him a brief email discussing crypto (PGP, etc.) and gave him some links, explaining why it was not likely that a teenager could decrypt the transmission. I never received a reply (didn't expect to however, I am sure he is inundated with email). He uses a computer and mentions it often on his radio show - I think Chris is right, if we could somehow get him to understand the technology, he would probably be on our side against GAK. As a libertarian, I find that I agree with Rush on a great many issues (many more than I have in common with the liberals). Most of the people who speak badly of him have never listened to him for any length of time. Sound bites taken out of context are wonderful for mischaracterization. Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From rp at rpini.com Fri Jul 26 09:30:57 1996 From: rp at rpini.com (Remo Pini) Date: Sat, 27 Jul 1996 00:30:57 +0800 Subject: Anonymous Web Services Inc. Message-ID: <9607261333.AA21798@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Fri Jul 26 15:30:18 1996 I went to that page. It's lousy and useless. If you follow the adresses in the source, you end up at "Aristocratic Advertising Administration", which belongs to this guy: floeter at sendit.nodak.edu and floeter at www.hillsboro.k12.nd.us http://134.129.18.248/~floeter/ and he as a collegue at bladow at sendit.nodak.edu and HREF="http://134.129.18.248/~bladow/inex.htm I guess those two just want to be cool (what a pity). - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfjIaxFhy5sz+bTpAQG/3Qf8DCOB0S0Z8YKIDfU3Cz3pOPemW9l48Dfm 5G3eOhEQ2zE7y6K/piyT8pef3U8N4ri7pC9BhmGgMbJdF8s/SYUNhjF2uTS4eSR8 NI4hfeibWNMZ8msbkG6cvn5RtzexyMwAN5K8wCa6+WKynBWWSAwtpx7zRs/9fcxZ /qaOYfOByikkecCi83W4Uqc/s2HB21YspOswPjv++vpJZHyXb2BVu7ke1fhBatfV 85GDL4YdG3KjdEr2vErtEeLZnLpkpGWoYKngUOByIVc0ib3lmupLsqveZrjXiR74 aweKoSIHSALwyVje7IC7L9VEsuISJuG+n+riZLb56KyjUFFlvvQY7A== =tRWT -----END PGP SIGNATURE----- From wb8foz at nrk.com Fri Jul 26 09:50:29 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 27 Jul 1996 00:50:29 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <199607260854.BAA24001@toad.com> Message-ID: <199607261346.JAA19696@nrk.com> > > >``Twenty cypherpunks robbed a bank.'' > > ^^^^^^^^^^^^^ > >I was careful choosing words. > > That was my reaction as well. I'd assume that if twenty cypherpunks > rob a bank, either it's one of Eric's party games (:-), or else > they probably conspired over the net to rob a bank by computer. Will they ALL fit in Tim May's hot tub? -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From Clay.Olbon at dynetics.com Fri Jul 26 09:55:19 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Sat, 27 Jul 1996 00:55:19 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: jim bell wrote: >My previous answer was incomplete, of course. I continue to believe that >the problem is unsolveable as stated, if for no other reason than the >"weight" of the negative represented by dying is not stated. It's a VERY >complex problem, unless there's some trick I'm not seeing. Jim is right. The problem with any optimization problem is when unquantifiable negatives are included. The "classic" example of this is an inventory problem. The optimal solution is minimal (or no) inventory, however there are unquantifiable negatives that arise when a customer cannot get his product when he wants it. I don't think the problem is that complex if the negative is that you get no money rather than "you die". As an aside, many game theory problems (possible including the simplified version of this one) are solvable using linear programming (and no, that is not writing C one line at a time ;-). It has been far too long since my last game theory course to consider trying to set this problem up however (I've found that I don't use either game theory or LP a whole lot in the "real world" of engineering). Clay *************************************************************************** Clay Olbon II * Clay.Olbon at dynetics.com Systems Engineer * PGP262 public key on web page Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html ***************************************************************** TANSTAAFL From hfinney at shell.portal.com Fri Jul 26 09:56:20 1996 From: hfinney at shell.portal.com (Hal) Date: Sat, 27 Jul 1996 00:56:20 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com> Message-ID: <199607261359.GAA05920@jobe.shell.portal.com> First, the line is established before the proposals begin. So the proposer is not determined by lot, everyone knows who will be #1, #2, etc. Second, I think the proposer gets to vote. The wording is a bit ambiguous, but it just says that "they" vote, and I think "they" pretty clearly refers to the whole group. Now here is the solution for two people: #1 (first in line) proposes that he gets it all. #1 votes yes, #2 votes no. The proposal passes. Here it is for three people: #1 (first in line) proposes that he gets it all. #1 votes yes, #2 probably votes no (since he will get it all if the proposal fails, by the above) and #3 (end of line) reasons like this: if the proposal fails, he (#3) will get nothing because #2 will get it all. Therefore voting yes or no makes no difference to whether #3 stays alive (his first priority) or how much money he makes (his second priority). But it does make a difference in terms of keeping as many people alive as possible (his third priority). So he votes yes because of this third reason. Therefore the proposal passes and the first person in line gets it all in this case. Of course, #1 could have offered some money to #3 and gotten his vote, but that would violate the terms of the problem: #1 wants to make as much money as possible. And since he can get #3's vote even while offering nothing to him, that is what he will do. Hal From ichudov at algebra.com Fri Jul 26 10:00:13 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 27 Jul 1996 01:00:13 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <31F89692.167EB0E7@systemics.com> Message-ID: <199607261346.IAA02877@manifold.algebra.com> Gary Howland wrote: > > David Sternlight wrote: > > > > >>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > > >>how they plan to split the money: they stay in line, and the first guy > > >>suggests how to split the money. Then they vote on his suggestion. > ^^^^ ^^^ > > No. Robber 18 knows that he will be killed under those circumstances, so he > > proposes that Robber 20 gets all the money. 20 votes with him. > > I think many are assuming that the cypherpunk making the suggestion > gets a vote. My reading of the puzzle is that he does not. > Everyone who is still alive, including the one making a suggestion, can vote. - Igor. From ichudov at algebra.com Fri Jul 26 10:03:18 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 27 Jul 1996 01:03:18 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: Message-ID: <199607261353.IAA03025@manifold.algebra.com> David Sternlight wrote: > > At 4:05 PM -0700 7/25/96, Hal wrote: > >I think the best way to approach this problem is to first try to solve > >it assuming there are only two robbers rather than 20. Then once you > >have that figured out, try it for three, then four, and so on. Keep in > >mind that 50% support is enough for a proposed distribution to pass, you > >don't need a strict majority. > > > > Exactly. I arrived at the solution the same way. Note that there is another > assumption needed--that the selection of a proposer is by lot at each new > stage. If the ordering of proposers is known in advance, a different > solution results. Yes, the cypherpunk robbers are ordered by alphabet. igor From frissell at panix.com Fri Jul 26 10:04:59 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 27 Jul 1996 01:04:59 +0800 Subject: Unix under Windows 95 Message-ID: <2.2.32.19960726142458.0084c02c@panix.com> See: http://www.windows95.com/apps/unix.html For a collection of Unix software ported to Windows 95. The PERL 5.0 works better for me under 95 than under Unix (but I probably don't know Unix. Unix Plea: Could some Unix Guru out there give me (privately) a simple alias statement or whatever that would automatically forward mail for a named user at host.com to another email address somewhere in the world. DCF From jya at pipeline.com Fri Jul 26 10:39:26 1996 From: jya at pipeline.com (John Young) Date: Sat, 27 Jul 1996 01:39:26 +0800 Subject: TIM_ers Message-ID: <199607261449.OAA25194@pipe2.t2.usa.pipeline.com> 7-21-96. Sunday WaPo: "Liquid Explosives, Miniature Timers May Foil Airline Security Measures." 1994 spelled the beginning of what some experts fear might be a resurgence of hi-tech terrorism, this time involving persons with more advanced bomb-making skills who know how to defeat even the best airport security devices. The new terrorists favor smaller and much less detectable plastic or liquid explosives detonated by miniaturized and benign looking timers. At the heart of such devices is a timer built by rewiring a commonly available Casio digital watch, which is connected to a stabilized form of liquid nitroglycerin stored in a bottle ostensibly filled with contact lens solution. The stabilizer for the nitroglycerin looks like unsuspicious cotton. Even newer screening devices that can see through clothes would have difficulty ferreting out such a substance, according to airplane security experts. ----- http://jya.com/timers.txt TIM_ers From wombat at mcfeely.bsfs.org Fri Jul 26 10:42:50 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sat, 27 Jul 1996 01:42:50 +0800 Subject: Am I protected by ignorance? In-Reply-To: <9607260929.AA14439@srzts100.alcatel.ch> Message-ID: Your "ignorance" - Gee, I didn't know the server was in the US! or theirs? It would be fairly easy to figure out that the server was probably in the US, by tracing the route, watching the amount of delay between hops over time, etc. If the server was discovered, I don't think your claim of ignorance as to its location would be much of a defence. OTOH, IANAL. On Fri, 26 Jul 1996, Remo Pini wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > To: cypherpunks at toad.com > Date: Fri Jul 26 11:26:59 1996 > I have a question about legal issues: > > Lets asume I have a service provider in switzerland who gives me web-space. > I publish strong cryptography there. The server itself is physically in > USA, but my domain is something like "www.itar.ch" (a swiss web-address). > Since there is no way for me to know where the server stands, do I violate > the ITAR, and if so, am I realistically prosecutable? > > > - --------< fate favors the prepared mind >-------- > Remo Pini rp at rpini.com > PGP: http://www.rpini.com/remopini/rpcrypto.html > - ------< words are what reality is made of >------ > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQEVAwUBMfiPZBFhy5sz+bTpAQHbKggAi7kG/Bp8x+fApJTTSDw6AAcXe+U5TyVG > ladtDvnQOQE66raEqvfTWUPuyB5Fa9xqRAe/kpSkxU7802TPMnxMii3dJPLaOMv7 > eYZx58VVVeSmbnC3qnN4SU5uSYnS7dNXE50kPaZDq0bap3O2LVB0yTL30xqBuF5+ > EJs73dJQRKt/UipbymTLmeThDM1bRj0CxRL5b1OHHoYM5yDMhpxrS5KWnke7Pxqe > lTM3K+XTdpLC3MgmD15hpAfpn82uYGm8a21EsJ/ODLdxrdEv7mRm36V7EYH+JAqM > 9jM3Hy38vnGHk6inB2dLGofa5tzFdbEhW2TtL6chRAnmemQkmVN8jg== > =eWJb > -----END PGP SIGNATURE----- > > From reagle at rpcp.mit.edu Fri Jul 26 11:06:15 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Sat, 27 Jul 1996 02:06:15 +0800 Subject: MasterCard & GTE In Electronic Certification Deal 07/25/96 Message-ID: <199607261434.KAA08910@mccannerick-bh.mccann.com> What I spoke of yesterday: PURCHASE, NEW YORK, U.S.A., 1996 JUL 25 (NB) -- REPEAT/By Ian Stokell. The race is on to provide extensive, secure electronic commerce over the Internet. Now MasterCard International and GTE Corp. (NYSE:GTE) have announced plans to deliver electronic certification services under the new Secure Electronic Transaction (SET) standard. The certificate authority services will be appearing by the fourth quarter, and will be implemented in a number of pilot programs worldwide, say the two companies. Newsbytes notes that a major obstacle to electronic commerce on the Internet is not the lack of suitable technologies, but public distrust in having to send credit card numbers electronically, with the perception that they can be easily intercepted en route. Industry experts say the public needs some sort of proven online security methods backed by financial and online heavyweights such as MasterCard. A sort of digital certificate will be developed by the two companies that will protect both the consumer and vendor against unauthorized card number use. The digital certificates will reportedly be issued via the Internet to cardholding consumers, Internet merchants, and institutions processing the transactions. While a number of methods for secure transactions are beginning to appear in the online world, notes Newsbytes, none have instantly jumped out in front of the pack. The companies say that the SET standard appeared first in June, and that software to allow it to be incorporated into Internet browsers, servers, and gateways will be available by the early fourth quarter from several vendors. The standard was developed by MasterCard and Visa in cooperation with a number of other companies, including GTE, IBM, Microsoft, and Netscape. Said Steve Mott, senior vice president, Electronic Commerce/New Ventures at MasterCard. "Obtaining digital signatures is expected to be no more difficult than signing up for an online service. We are also pushing to extend SET certification to chip cards to get added hardware/platform security and portability. We expect to extend our activities with GTE along these and other lines, so they are a key strategic ally for MasterCard and our members." Mott added: "We will begin testing the software by the end of the summer and through the remainder of this year. The missing link (to online commerce) was providing digital certificates to add the extra software authentication needed to make SET complete." A number of electronic commerce pilots are being planned for the fourth quarter. Pilots that have already been announced in which MasterCard is participating are in Denmark (with PBS, IBM, and Europay) and Malaysia (with MBf and VeriFone). GTE plans to offer both certification authority products and services under the CyberTrust brand name. CyberTrust will reportedly support all popular Web browsers, servers, and other public key-enabled applications, such as secure e-mail and electronic data interchange. (19960724/Press Contact: Sean Healy, MasterCard International, 914-249-4606) _______________________ Regards, Silence is the voice of complicity. -? Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From bryce at digicash.com Fri Jul 26 11:22:33 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Sat, 27 Jul 1996 02:22:33 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607261359.GAA05920@jobe.shell.portal.com> Message-ID: <199607261520.RAA13570@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Someone like Hal wrote something like: > > Here it is for three people: > > #1 (first in line) proposes that he gets it all. #1 votes yes, #2 > probably votes no (since he will get it all if the proposal fails, by > the above) and #3 (end of line) reasons like this: if the proposal > fails, he (#3) will get nothing because #2 will get it all. Therefore > voting yes or no makes no difference to whether #3 stays alive (his > first priority) or how much money he makes (his second priority). But > it does make a difference in terms of keeping as many people alive as > possible (his third priority). So he votes yes because of this third > reason. Therefore the proposal passes and the first person in line > gets it all in this case. > > Of course, #1 could have offered some money to #3 and gotten his vote, > but that would violate the terms of the problem: #1 wants to make as > much money as possible. And since he can get #3's vote even while > offering nothing to him, that is what he will do. Well this isn't quite true because the cypherpunks are apparently allowed to change their votes based upon how their votes will effect other cyhpherpunks' votes. So #3 can vote "No" on "#1 gets it all" proposals because he knows that #1 _knows_ he will vote "No" on "#1 gets it all" proposals and thus #1 will instead give #3 some money. So if you are going to play it that way then you have to be sure that none of your cypherpunks are allowed to think about the possibility that their own (probable) voting will affect their companions' voting. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMfjiRkjbHy8sKZitAQHq7wL/QKAA1Zz7s7PvBWs5SNEqD8X1bivgFg2l eFuUgcsM1ZJeZ9XHc6cWVwDWfn7Z8Xu15sflbTBvkIyN7IVKBq5ff2nchHdqj4XQ y58h0lU0ZYyqlRceeTymrEB2Lebw6WJM =qJ1E -----END PGP SIGNATURE----- From bqm1808 at is.nyu.edu Fri Jul 26 11:37:06 1996 From: bqm1808 at is.nyu.edu (Brendon Macaraeg) Date: Sat, 27 Jul 1996 02:37:06 +0800 Subject: "privatizing" phones? Message-ID: <1.5.4.32.19960726085331.0067db88@is.nyu.edu> Cpunks: While shopping for a new phone recently, I came across two models (Toshiba and Uniden I believe) that have buttons to "privatize" you conversations. These were on no-cord models. Does anyone have any idea on what these actually do? Can the phones change the frequency the call is on randomly so people can't tune into it? I know cellulars offer something similar. Personally, I would never put much faith into something of this sort. -B ======================================== Brendon Macaraeg http://www.itp.tsoa.nyu.edu/~brendonm Finger macaragb at acf2.nyu.edu for PGP Public Key From declan+ at CMU.EDU Fri Jul 26 11:37:06 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sat, 27 Jul 1996 02:37:06 +0800 Subject: Freeh Testimony 7/25/96 In-Reply-To: Message-ID: David's comments bring more heat than light. Freeh's statements were not distributed to senators before the hearing, so they couldn't have read his prepared statement. Further, he wandered considerably from his prepared statement at the hearing. I wonder why David is talking about what Freeh addressed in his statement, instead of what he actually said. -Declan Excerpts from internet.cypherpunks: 26-Jul-96 Re: Freeh Testimony 7/25/96 by David Sternlight at sternli > They cannot have read his prepared statement, which addresses this issue > (see below). Neither, apparently did you, Dave, or you would not leave the > misleading impression Freeh didn't address this topic. Were you being > sloppy? Mendacious? From snow at smoke.suba.com Fri Jul 26 11:45:10 1996 From: snow at smoke.suba.com (snow) Date: Sat, 27 Jul 1996 02:45:10 +0800 Subject: Limbaugh and "Soul Train" In-Reply-To: Message-ID: On Fri, 26 Jul 1996, Timothy C. May wrote: > At 8:20 PM 7/25/96, Paul S. Penrod wrote: > >On Wed, 24 Jul 1996 hallam at Etna.ai.mit.edu wrote: > (I learned this by watching a "Best of 'Soul Train'" program on VH1. The > show's creator and director pointed out that being on at 11 p.m. or 1 a.m. > made it tough for many of the show's fans to watch it.) Judging by my neighborhood, I would doubt that. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From declan+ at CMU.EDU Fri Jul 26 11:48:01 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sat, 27 Jul 1996 02:48:01 +0800 Subject: NOT noise! Serious cypherpunkly work afoot In-Reply-To: <199607261224.OAA05075@digicash.com> Message-ID: Excerpts from internet.cypherpunks: 26-Jul-96 NOT noise! Serious cypherp.. by bryce at digicash.com > Anybody have a Nextstep box with gcc and gnumake that I can borrow > some CPU cycles from? Sure, if you don't mind a 68040. Not on the Net (though I suppose I could enable dialup) but I'd be happy to compile and run code for you. -Declan From snow at smoke.suba.com Fri Jul 26 11:52:25 1996 From: snow at smoke.suba.com (snow) Date: Sat, 27 Jul 1996 02:52:25 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: <01BB7ABB.F7A9E440@Jerome Tan> Message-ID: On Thu, 25 Jul 1996, Jerome Tan wrote: > Does anyone know how to produce a 7 hertz frequency? Why? Wanna kill some chickens? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Fri Jul 26 12:09:26 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 27 Jul 1996 03:09:26 +0800 Subject: Produce 7 Hertz Frequency Message-ID: <199607261558.IAA11068@mail.pacifier.com> At 04:48 PM 7/26/96 -0700, Timothy C. May wrote: >At 4:56 AM 7/26/96, Mike Duvos wrote: > > >>I'm not sure what this gentleman's application is. If I wanted >>a 7 hz signal, I would take my handy dandy programmable digital >>signal generator, press the "sin" button, and punch in "7" on >>the numeric keypad. >> >>Am I missing something here? > >What does "sin" have to do with the number 7? Oh, you must mean the movie >"Se7en," in which the Se7en deadly sins were central to the plot. I get it. >The seven deadly sins are the seven deadly hurts. > >(Cos I know about sin.) > >Ironic that the original message was from Jerome Tan, eh? Someone must've >trigged this whole thread. I fear we're going in circles. > >"Kenneth, what is the frequency?" > >--Dan Rather Secant ye shall find! Jim Bell jimbell at pacifier.com From declan at well.com Fri Jul 26 12:17:13 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 27 Jul 1996 03:17:13 +0800 Subject: Fireworks expected, missed at Senate crypto hearing In-Reply-To: <199607260744.AAA23283@mail.pacifier.com> Message-ID: On Fri, 26 Jul 1996, jim bell wrote: > >Just more of the same, though we heard less about child pornographers and > >more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the > >committee staff for leaning too far *away* from national security interests > >in their summary of the legislation. > > What does that mean? As opposed to what? (Gorton's my Senator, and I'm > going to give a little feedback to his local office...) He criticized the committee staff for not preparing a balanced summary. Harsh words, from a Repub. If his comments yesterday are indicia, he won't vote for Pro-CODE. -Declan From mycroft at actrix.gen.nz Fri Jul 26 12:31:48 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Sat, 27 Jul 1996 03:31:48 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607261359.GAA05920@jobe.shell.portal.com> Message-ID: <199607261531.DAA12535@mycroft.actrix.gen.nz> Hal wrote: Of course, #1 could have offered some money to #3 and gotten his vote, but that would violate the terms of the problem: #1 wants to make as much money as possible. And since he can get #3's vote even while offering nothing to him, that is what he will do. It was a much more interesting question before the addition of this "clarification," IMO. -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Kin, n.: An affliction of the blood From jeremey at forequest.com Fri Jul 26 12:42:43 1996 From: jeremey at forequest.com (Jeremey Barrett) Date: Sat, 27 Jul 1996 03:42:43 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Does the proposer have a vote? I assumed he did. On Thu, 25 Jul 1996, Igor Chudov wrote: > Igor Chudov wrote: > > > > Here's a puzzle for our game theorists. > > > > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > > how they plan to split the money: they stay in line, and the first guy > > suggests how to split the money. Then they vote on his suggestion. If > > 50% or more vote for his proposal, his suggestion is adopted. > > > > Otherwise they kill the first robber and now it is the turn of guy #2 > > to make another splitting proposal. Same voting rules apply. > > > > The question is, what will be the outcome? How will they split the > > money, how many robbers will be dead, and so on? > > > > I forgot to say what the GOALS are. The goals of every individual > cypherpunk are (in from highest to lowest priority): > > 1. Stay alive > 2. Get as much money as possible > 3. Keep as many cypherpunks alive as possible, all other things being equal. > > - Igor. > - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Jeremey Barrett Senior Software Engineer jeremey at forequest.com The ForeQuest Company http://www.forequest.com/ "less is more." -- Mies van de Rohe. Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gage, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver", he says, "will usually know what's wrong." -- 'fortune` output -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfjwES/fy+vkqMxNAQFKqAP/WAsGcyj68bzCWPBPv2olelyb/cdr9fZF yaDxGwHSMz/wCNFD9OOpjrNhhANFPBoFpI7fyhXLMsiazmQD/8t5wdywS7ILyWJl jw+BnFHuU5aT8y+1KfADLtLrX3R2EHpEh5Rn3T7ZK7bBHdolML52JJfHFZEyaU1f 2yTVG+KbLWw= =sjJf -----END PGP SIGNATURE----- From snow at smoke.suba.com Fri Jul 26 12:46:52 1996 From: snow at smoke.suba.com (snow) Date: Sat, 27 Jul 1996 03:46:52 +0800 Subject: LIMBAUGH ON TV In-Reply-To: <9607260125.AA08079@Etna.ai.mit.edu> Message-ID: On Thu, 25 Jul 1996 hallam at Etna.ai.mit.edu wrote: > decision. He would still be way smarter than Rush either way and > Marvin Minsky would be smarter than both. Only guy I have ever met > who was super rich who impressed me as an intellectual force was ^^^^^ > Bill Gates - apart that is from friends who inherited silly amounts > of money. You mis-spelled farce. HTH. HAND. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Fri Jul 26 12:57:12 1996 From: snow at smoke.suba.com (snow) Date: Sat, 27 Jul 1996 03:57:12 +0800 Subject: CD Prices and Inflation In-Reply-To: <199607260310.WAA13233@manifold.algebra.com> Message-ID: On Thu, 25 Jul 1996, Igor Chudov @ home wrote: > buy classical CDs, they are dirt cheap and fun to listen to. > if you do not like classics, it most likely means that you > just have not found your favorite composer yet. I just can't get into the lyrics. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From WlkngOwl at unix.asb.com Fri Jul 26 12:59:28 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 27 Jul 1996 03:59:28 +0800 Subject: Anonymous Web Services Inc. Message-ID: <199607261640.MAA03597@unix.asb.com> Assuming your excerpt is accurate, it's either a bad joke, a scam on dumb users (possibly by equally dumb operators) or a sting. My $.02 worth. (Hey, imagine a day when eca$h for two cents is posted with a comment like that?) Rob On 26 Jul 96 at 0:17, J. Kent Hastings wrote: > Cpunx, ecashers, and others: > > Oh joy, these guys are good publicity for our side. :^( > Arghh!!! > > http://www.angelfire.com/pg1/digicrime/index.html > > Anonymous Web Services Inc. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jya at pipeline.com Fri Jul 26 12:59:54 1996 From: jya at pipeline.com (John Young) Date: Sat, 27 Jul 1996 03:59:54 +0800 Subject: IET_fws Message-ID: <199607261638.QAA23802@pipe3.t2.usa.pipeline.com> Bill Stallings reports in 7-23-96 Network World on the IETF's proposals for Net security: Toward that end, the IETF last summer published five security-related proposed standards -- RFC 1825 through RFC 1829 -- that define a security capability at the IP level. IP-layer security encompasses two functional areas: authentication and privacy. The authentication mechanism assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header and that the packet was not altered in transit. The privacy facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. ----- http://jya.com/ietfws.txt IET_fws From jya at pipeline.com Fri Jul 26 13:24:59 1996 From: jya at pipeline.com (John Young) Date: Sat, 27 Jul 1996 04:24:59 +0800 Subject: AP on Crypto Hearing Message-ID: <199607261628.QAA23111@pipe3.t2.usa.pipeline.com> 7-25-96. The Associated Press: Computer Codes May Aid Crime Washington -- FBI Director Louis Freeh warned Congress on Thursday that allowing uncontrolled export of U.S. computer security codes may help international criminals and terrorists hide their activities from law enforcement. "Encryption products used unchecked by criminals and terrorists for their illegal activities pose an extremely serious and, I believe, unacceptable threat," Freeh told the Senate Commerce, Science and Transportation Committee. Legislation pending in the Senate would permit U.S. companies to export high-tech encryption devices that ensure greater privacy for computer files, electronic mail messages and systems such as stock exchange transactions. Sponsors said the bill would "help America maintain our superiority in software development" and guard against unwarranted government intrusion. "It is irrelevant that we can make a better product if we cannot sell it," said Sen. John Ashcroft, R-Mo., one of the sponsors. The Clinton administration has proposed that encryption exports be allowed only if a decoding "key" for the devices is left with a third party -- such as a bank or insurance company -- so that law enforcement personnel with a court order could break the code, if necessary. Freeh said such an arrangement would safely open profitable foreign markets for U.S. software companies. The Internet, he said, "was never intended as a place without police officers. We need cops there, as we do elsewhere, to protect people, to guard their rights." The encryption codes available today are so powerful, Freeh said, that it would take the FBI more than a year to decode a single message in some cases. Ramzi Yousef, on trial in New York on charges of plotting to bomb a dozen U.S. airliners, used a laptop computer containing files the FBI still hasn't been able to decode, he added. Sponsors and industry officials noted, however, that many of these devices are already available abroad, and anyone can download them free from the Internet. They can also be sold within the United States at local computer stores. "The criminal element the administration is trying to prevent from obtaining this technology already has it," said Roel Pieper, president of Tandem Computers Inc. "The only ones who suffer as a result of this policy is the U.S. industry." Netscape Communications Corp. President Jim Barksdale estimated his company will lose $40 million this year in potential export sales for encryption products. But a top official at the National Security Agency -- whose job is to break secret codes -- said the encryption "genie is not out of the bottle." NSA Deputy Director William Crowell said encryption won't be widely used until it is marketed and sold, with support to help people use it. "The administration's proposal is not designed to keep the plug in the bottle, but to help provide a full range of trusted security services," Crowell said. Industry executives also said use of the decoding keys would be costly and raises questions about government access to private business and personal information, such as bank and medical records. "Keys can be compromised in many ways. They can be stolen, revealed by disgruntled employees or obtained through bribery, Pieper said. ----- From mpd at netcom.com Fri Jul 26 14:24:22 1996 From: mpd at netcom.com (Mike Duvos) Date: Sat, 27 Jul 1996 05:24:22 +0800 Subject: Anonymous Web Services Inc. In-Reply-To: <199607261640.MAA03597@unix.asb.com> Message-ID: <199607261743.KAA11989@netcom13.netcom.com> Someone wrote: > > Oh joy, these guys are good publicity for our side. :^( > > Arghh!!! > > > > http://www.angelfire.com/pg1/digicrime/index.html Isn't that Arjen Lenstra's humor page? -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From bshantz at nwlink.com Fri Jul 26 14:30:46 1996 From: bshantz at nwlink.com (Brad Shantz) Date: Sat, 27 Jul 1996 05:30:46 +0800 Subject: Inflation and Housing Message-ID: <199607261750.KAA15397@montana.nwlink.com> -----BEGIN PGP SIGNED MESSAGE----- To: tcmay at got.net, cypherpunks at toad.com Date: Fri Jul 26 10:53:17 1996 Tim May wrote: > So, what do we have now? Salaries are 2-4x higher, gold is at $375 an > ounce, a new 3-br house averages about $100K As a person in the process of buying a house, I see the price of mortgages in a slightly different light than just inflation. Oh, it's still inflation, no argument there. I see it mainly as a problem with debt. Back in the early sixties (which I don't remember, by the way) houses cost just slightly over what the average salary was...cars cost considerably less. Sometime right around then, there was a boom in people needing/getting credit. In fact, I'd even be willing to say it was right after WWII when all the GI's suddenly hit the civillian economy and were buying houses, and getting into college with the new-fangled GI bill. As a result of huge people getting large amounts of credit, we have become a debt ridden society. Now it takes 40% of the "husband's" monthly income to go toward housing cost, whereas it used to be the 25% rule. People don't even blink twice now when the terms of a 30 year fixed mortgage comes up. That's "just the way it's done." Now, I also see a problem with people my age (25) wanting what took their parents 30 years to get in the first 3 years out of school. (i.e. Big house, 2 or 3 cars, kids, dogs, cats, horses, stocks, etc.) It is rare now to see people buying a "starter" home and then selling it and moving on up. Why? Well in Seattle, the starter homes are in really "NASTY" areas of town. Nobody wants to live there. So, then the starter homes in "nice" areas that are bought are promptly remodelled and sold as "regular" homes. Uh, hello, doesn't mean that another "starter" home has been removed from the market. Anyway, my point is that people here aren't buying the starter homes, they are buying the bigger homes. In order to do that, they have to take bigger loans. Bigger loans mean that the cycle of debt continues. So, yes salaries are 2x to 4x higher, but there is a problem in the amount of credit being given to young people. There is something inherently wrong with the amount of our economy that deals with debt. We can't continue to purchase things on margin, or on credit. Another recession is going to come, and when it hits, it will hit HARD. At least that's my opinion. Brad -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfkGDq80j2q8tTgtAQHL4AP9EcyJ0YT9XQRz1ympFKeMX0Wo5JNOR4Z8 FA913PIRu4zkYi8/WQN4yNJh5jA5376PBVAXbW/upcNQZ+VbxXYh4T0QQPk51vPK MCHqGoVsTJpKJ+Utx7/0Wi0B6Y/TZnYaDgj9dz0TpdkH1fmyJXGi4kH+R3Y1TDoq f/i7gB5dzRQ= =rnpj -----END PGP SIGNATURE----- From david at sternlight.com Fri Jul 26 14:38:47 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 27 Jul 1996 05:38:47 +0800 Subject: Freedom, crypto, and terrorism In-Reply-To: <2.2.32.19960725212455.006a3bf8@pop1.jmb.bah.com> Message-ID: At 11:56 PM -0700 7/25/96, David Sternlight wrote: > >I have just revised my views on the topic of freedom, crypto, and terrorism >as a result of reading Benjamin Netanyahu's new book (a few months old) on >terrorism and what the West can do about it, in one sitting. The book was >written before he became Prime Minister. Several have asked me about this by e-mail. The title of the book is "Fighting Terrorism--How democracies can defeat domestic and international terrorism." The first chapter of the book may be read free at: http://www.washingtonpost.com/wp-srv/style/longterm/books/chap1/fighting.htm Netanyahu's recommendations are in the final chapter of the book. David From minow at apple.com Fri Jul 26 14:48:57 1996 From: minow at apple.com (Martin Minow) Date: Sat, 27 Jul 1996 05:48:57 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net> Message-ID: "Peter D. Junger" notes > a proposal by the first guy to split the >proceeds equally among the first ten should be satisfactory to the first >ten. To extend this reasoning, the first person in line announces that the first nine (in any order) to join his "coalition" will split the $2 million. At that point, it's a win-win (or at least win-break-even) for the entire group. Martin Minow minow at apple.com From pjn at nworks.com Fri Jul 26 15:01:16 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sat, 27 Jul 1996 06:01:16 +0800 Subject: Question Message-ID: In> On Mon, 4 Sep 1989, Damien Lucifer wrote: > > On Tue, 23 Jul 1996 pjn at nworks.com wrote: > > > OK...A question for you all: > > In> Man, this is strange. I think C'punks just got time warped by Agents In> of the Evil Empire or somethin'. pjn wrote on 23 July 96, but Damien In> Lucifer replied to it on 4 Sep, 1989! Wow! Somebody better call In> Special Agent Mulder. In> Hahaha... (Honestly, Im a Invader from Outerspace. We time travel.) P.J. pjn at nworks.com ... Resistance is futon. Borgie go nap-nap now. ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Fri Jul 26 15:02:17 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sat, 27 Jul 1996 06:02:17 +0800 Subject: New Book Message-ID: Hey all- I was in the local Barnes and Noble Bookstore and I saw a book that looked interesting. It is called The Ultimate Spy Book written by H. Keith Melton and it contains a large wealth of information about the writing and breaking of cyphers from the time of Queen Elizabeth to the NSA. It is about $30, but it is well worth it... P.J. pjn at nworks.com ... etc etc etc etc ___ Blue Wave/QWK v2.20 [NR] From jkenth at c2.org Fri Jul 26 15:17:23 1996 From: jkenth at c2.org (J. Kent Hastings) Date: Sat, 27 Jul 1996 06:17:23 +0800 Subject: Anonymous Web Services Inc. In-Reply-To: <199607261640.MAA03597@unix.asb.com> Message-ID: Deranged and cpunx, I figure the digicrime site for provocateurs. Ignore them and they'll go away, or what? Kent (from pine) From perry at piermont.com Fri Jul 26 15:39:58 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 27 Jul 1996 06:39:58 +0800 Subject: New Book In-Reply-To: Message-ID: <199607261825.OAA23533@jekyll.piermont.com> pjn at nworks.com writes: > I was in the local Barnes and Noble Bookstore and I saw a book that > looked interesting. It is called The Ultimate Spy Book written by > H. Keith Melton and it contains a large wealth of information about > the writing and breaking of cyphers from the time of Queen Elizabeth > to the NSA. It is about $30, but it is well worth it... The canonical text on the subject remains "The Codebreakers", a book which literally changed history given that Whit Diffie got interested in crypto because of it. Sparked my interest and that of many others, too... Perry From mpd at netcom.com Fri Jul 26 15:40:03 1996 From: mpd at netcom.com (Mike Duvos) Date: Sat, 27 Jul 1996 06:40:03 +0800 Subject: IP: NSA RESPONSE TO KEY LENGTH REPORT In-Reply-To: <199607261744.NAA23409@jekyll.piermont.com> Message-ID: <199607261753.KAA12891@netcom13.netcom.com> Perry comments: > Mike Duvos writes: > > Matt Blaze writes: > > > Finally, the NSA report offers estimates of the time > > > required to perform exhaustive search using a Cray model T3D > > > supercomputer. This is a curious choice, for as our report > > > notes, general-purpose supercomputers of this type make poor > > > (and uneconomical) key search engines. > > > > A tiny nit to pick here. The Cray T3D and T3E computers are > > massively parallel machines consisting of DEC Alpha chips hooked > > up in a 3D Torus configuration. They would probably make pretty > > decent key search engines, > > Not compared to programmable logic devices, they wouldn't... > > And that is, after all, the point... My point was that the T3D is not a "general-purpose supercomputer." -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From reiter at research.att.com Fri Jul 26 15:43:47 1996 From: reiter at research.att.com (Mike Reiter) Date: Sat, 27 Jul 1996 06:43:47 +0800 Subject: new service for PGP Message-ID: <199607261724.NAA16316@cloak.research.att.com> To all PGP users: We would like to make you aware of a new tool, called PathServer, for use with the "Pretty Good Privacy" (PGP) key management and encryption software. PathServer is a tool to help users to determine to whom a public key belongs, i.e., to "authenticate" the key. PathServer returns an active graphical representation of disjoint paths from a trusted key to the query key. PathServer helps support user authentication policies requiring that no single introducer is relied upon multiple times for information regariding a key. PathServer can be accessed at http://akpublic.research.att.com/~reiter/PathServer We welcome and appreciate any comments or suggestions. Send any comments to reiter at research.att.com or stubblebine at research.att.com. PathServer is an experimental service that is still under development, and thus it will likely be unreliable and slow for a while. Thanks in advance for your patience. Mike Reiter Stuart Stubblebine From hfinney at shell.portal.com Fri Jul 26 15:45:40 1996 From: hfinney at shell.portal.com (Hal) Date: Sat, 27 Jul 1996 06:45:40 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: Message-ID: <199607261724.KAA16957@jobe.shell.portal.com> Gary Howland writes: >I think many are assuming that the cypherpunk making the suggestion >gets a vote. My reading of the puzzle is that he does not. As we have seen apparently the intention was that he does get a vote. However I don't think the answer changes even with Gary's interpretation. With two people, #1 (the front of the line) must propose that all money go to #2, otherwise #2 (who is the only one with a vote in Gary's version) will vote against it (and get all the money when #1 dies). With this proposal #2 will vote in favor since he gets the same amount of money either way, and it keeps more people alive (see the post which describes the goals of the robbers). This is different than the original problem, but it is the only case which differs. With three people, #1 (in front) proposes to keep it all. #2 will vote in favor since if the proposal doesn't pass, #2 will end up with nothing anyway (per above). So #2's third goal comes into play, maximizing the number of players alive, and he will vote in favor. #3 may vote against but #2's vote will be 50% (#2 and #3 get to vote in Gary's version) and will carry. So #1 keeps it all, the same answer as in the original version. Extensions to n players are again left as an exercise, but I think the answers come out the same in Gary's version. Hal From perry at piermont.com Fri Jul 26 15:46:51 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 27 Jul 1996 06:46:51 +0800 Subject: IP: NSA RESPONSE TO KEY LENGTH REPORT In-Reply-To: <199607261753.KAA12891@netcom13.netcom.com> Message-ID: <199607261814.OAA23478@jekyll.piermont.com> Mike Duvos writes: > > > A tiny nit to pick here. The Cray T3D and T3E computers are > > > massively parallel machines consisting of DEC Alpha chips hooked > > > up in a 3D Torus configuration. They would probably make pretty > > > decent key search engines, > > > > Not compared to programmable logic devices, they wouldn't... > > > > And that is, after all, the point... > > My point was that the T3D is not a "general-purpose supercomputer." Well, thats moot -- it isn't a special purpose keysearch machine, and thats whats really needed. Alpha's don't cut it... Perry From haystack at cow.net Fri Jul 26 15:47:38 1996 From: haystack at cow.net (Bovine Remailer) Date: Sat, 27 Jul 1996 06:47:38 +0800 Subject: No Subject Message-ID: <9607261856.AA07442@cow.net> Here is an interesting news article from CNN concerning cryptography and export regulations in the US. http://www.cnn.com/TECH/9607/25/electronic.security.wir/index.html -- Tangent PGP key available on MIT PGP public keyserver. Key ID: BA8010B1 From perry at piermont.com Fri Jul 26 15:51:08 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 27 Jul 1996 06:51:08 +0800 Subject: IP: NSA RESPONSE TO KEY LENGTH REPORT In-Reply-To: <199607260642.XAA14728@netcom23.netcom.com> Message-ID: <199607261744.NAA23409@jekyll.piermont.com> Mike Duvos writes: > Matt Blaze writes: > > Finally, the NSA report offers estimates of the time > > required to perform exhaustive search using a Cray model T3D > > supercomputer. This is a curious choice, for as our report > > notes, general-purpose supercomputers of this type make poor > > (and uneconomical) key search engines. > > A tiny nit to pick here. The Cray T3D and T3E computers are > massively parallel machines consisting of DEC Alpha chips hooked > up in a 3D Torus configuration. They would probably make pretty > decent key search engines, Not compared to programmable logic devices, they wouldn't... And that is, after all, the point... Perry From shamrock at netcom.com Fri Jul 26 15:59:41 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 27 Jul 1996 06:59:41 +0800 Subject: Why the world needs privay protecting Ecash Message-ID: >>> S.KOREA PROBES 15,000 PEOPLE OVER CREDIT CARD USE - South Korean > state prosecutors are probing 15,000 people for excessive use of > their credit cards overseas in a crackdown on lavish spending, a > prosecution official said on Thursday. [Reuters, 200 words] -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From tcmay at got.net Fri Jul 26 16:00:04 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 27 Jul 1996 07:00:04 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: At 1:46 PM 7/26/96, David Lesher wrote: >> >> >``Twenty cypherpunks robbed a bank.'' >> > ^^^^^^^^^^^^^ >> >I was careful choosing words. >> >> That was my reaction as well. I'd assume that if twenty cypherpunks >> rob a bank, either it's one of Eric's party games (:-), or else >> they probably conspired over the net to rob a bank by computer. > > >Will they ALL fit in Tim May's hot tub? This is _my_ game-theoretic solution to the puzzle: let the 20 robbers battle it out, kill each other, whatever, then invite the survivors over and get rid of them all, leaving me with the money. Though I've had to delete most of the discussion of this puzzle, some things come to mind: 1. Similarities with "the unexpected hanging" problem. (Briefly, a man is told he will be hung in the next 20 days. But out of sensitivity to his feelings, he will not be hung if he can predict that he'll be hung on the *next day*. The man points out that he cannot be hung on the 20th day, as if he was still alive on the 19th day, he'd know that the 20th day was the day of the hanging. Hence, no hanging on the 20th day. So there are 19 days left. But the same logic applies, and so on, backward. He says smugly "I can't be hanged at all." So he is surprises when he is hanged on the 13th day.) 2. Inadequate accounting for or weighting of the "costs" of being killed. (I think others, including Jim Bell that I saw, mentioned this.) An abstract game theory problem is often hard to find a stable solution for, and is all the more difficult when the stakes are so high and yet are treated "abstractly." 3. The _iterated_ (repeated) form should have different results. I initially dismissed the posed problem, but the dozens of responses suggest that folks *do* find this stuff interesting. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Jul 26 16:00:30 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 27 Jul 1996 07:00:30 +0800 Subject: Produce 7 Hertz Frequency Message-ID: At 7:26 PM 7/26/96, The Deviant wrote: >> What does "sin" have to do with the number 7? Oh, you must mean the movie >> "Se7en," in which the Se7en deadly sins were central to the plot. I get it. >> The seven deadly sins are the seven deadly hurts. >> > >Gee... or mabey he's refering to "sin" as the common abreviation of "sine" >as in "sine wave". > > --Deviant ??? I suggest some people on this list are losing track of the English language. Get a clue. --Tim Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Fri Jul 26 16:06:42 1996 From: snow at smoke.suba.com (snow) Date: Sat, 27 Jul 1996 07:06:42 +0800 Subject: No Subject Message-ID: As previously discussed, I am announcing a Greater Chicago Area CypherPunks Physical Meet. The date is Saturday, 3 August 1996 at or around 4 p.m. at Ye Olde Saint Andrews Pub, 5938 N. Broadway, Chicago Il. Instructions are at the end of this post. Things _I_ would like to discuss, of course, this is me, so it is very amenable to changer: 1) Setting up a Chicago Area Remailer, not simply running a single remailer on a single account, but trying to go one better. 2) Discuss the possibility of a public event to spread the word about cryptography/encryption. 3) Discuss the next meeting. The reasons for selecting St. Andrews Inn: 1) It is relatively empty. 2) It has Food (Supposedly real good shepard's pie, made from real shepards(I asked)), Drink (Cider, and they know what snakebite is), and Non-alcoholic beverages. 3) It is easy (relatively) to get to. To get to St. Andrews Inn: By Car: Take Lake Shore Drive North until the LSD ends. Go North on Sheridan (right turn off of LSD) to Thorndale (About 5900 North) Turn left on Thorndale (heading west) and drive to Broadway (About 4 or 5 blocks) Park. St. Andrews is on the North West Corner of the intersection, under the green awning. By El: Take the Red Line (Howard/Dan Ryan) to Thorndale Go west 1/2 block from the El, This is Broadway St. Andrews is on the North West Corner of the intersection, under the green awning. I will try to have a map up at http://www.encodex.com/cypherpunks later today. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From david at sternlight.com Fri Jul 26 16:06:53 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 27 Jul 1996 07:06:53 +0800 Subject: Defeating "Perp Profile" Analyses Of Written Materials In-Reply-To: <01I7GBFL287694F9CD@delphi.com> Message-ID: At 10:08 PM -0700 7/25/96, JonWienk at ix.netcom.com wrote: >On Wed, 24 Jul 1996, JMKELSEY at delphi.com wrote: >>I wouldn't count on even heavily-chained anonymous remailer messages >>to protect my identity from moderately wealthy and determined >>attackers, if I did many anonymous posts. Writing style and topic >>alone may narrow the suspect list down to a manageable number. > >There is an easy way to defeat psycholinguistic analysis techniques used by >LEA's to profile perps. Buy a translation program, (such as Globalink's >Spanish >Assistant) use the program to translate the text to Spanish, (or any other >language) and then use the program to translate the foreign language text >back >to English. The baselines of word choice, grammatical structure, etc. >will be >shifted to reflect the biases of the program rather than the biases of the >writer. As an example, I will use the entire text of this message as a >demonstration. You are using two code books for double encoding. This is the kind of problem analysts solve while brushing their teeth. All the analyst has to do is determine your translation programs (easy to do since they have such obvious anomalies) and create reverse code books. The malapropisms are so obvious that there should be little difficulty aggregating the longest phrases that make up one codebook entry. David From rpowell at algorithmics.com Fri Jul 26 16:18:07 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Sat, 27 Jul 1996 07:18:07 +0800 Subject: FTP Software Licenses Pretty Good Privacy 07/23/96 In-Reply-To: Message-ID: <96Jul26.163748edt.20481@janus.algorithmics.com> >>>>> In article , Rich Graves writes: > -----BEGIN PGP SIGNED MESSAGE----- > Yes, this was in InfoWorld a couple weeks ago. But... >> Under the terms of the agreement, PGP has licensed its encryption >> software to FTP for use in OnNet32 2.0 for Windows 95 and Windows NT, >> both versions of which will ship in the third quarter of this year on >> both sides of the Atlantic. ^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > This is news. I'd asked for clarification of this point, but I guess > everybody killfiled me. Oh well. I certainly haven't killfiled you, and I am also completely mystified by this. Any comments from the politikal people on this list? Perhaps two different companies (US and not)? -Robin From trei at process.com Fri Jul 26 16:22:18 1996 From: trei at process.com (Peter Trei) Date: Sat, 27 Jul 1996 07:22:18 +0800 Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks Message-ID: <199607262014.NAA02740@toad.com> > > At 6:40 PM 7/26/96, Bill Frantz wrote: > >At 9:09 AM 7/26/96 -0700, Timothy C. May wrote: > >>... I hate the term "nerd," as I hate the > >>names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being > >>called a "nerd" is complimentary, or anyone who labels himself as a "geek," > >>is probably one who would call himself a "nigger," or a "queer.") [...] > >People with pride in themselves and what they do can make their detractors > >eat their insults. We should make it clear that "nerd," "dweeb," "geek," > >"jerk," etc. are where the money is. We should turn them into terms of > >pride in what we are and what we do. > Maybe it's a generational thing (though Bill is as old as me, I think), but > terms of insult are just that. The biggest users seem to be clueless > journalists, like blonde bimbette Sue Hutchinson of the "S.J. Mercury > News," who writes repeatedly of "nerdfests," and "geek conventions." (Hey, > maybe womyn need to reclaim the terms "bimbo" and "airhead"?) [..] > --Tim May Isn't it a little strange that Tim was on the exact opposite side of this argument when I started a thread titled: "CypherPUNK considered harmful" ... in which I argued that we needed a better name for folks like us? Peter Trei trei at process.com [I'm off to the Security WG of the W3C in Redmond, so I won't see replies until Wednesday.] From frantz at netcom.com Fri Jul 26 16:41:09 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 27 Jul 1996 07:41:09 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: <199607261837.LAA24288@netcom8.netcom.com> At 9:09 AM 7/26/96 -0700, Timothy C. May wrote: >... I hate the term "nerd," as I hate the >names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being >called a "nerd" is complimentary, or anyone who labels himself as a "geek," >is probably one who would call himself a "nigger," or a "queer.") I must disagree with Tim on this issue. Back in the dark ages, before the revolution, the Yankee was an insult used by British sympathisers to describe the hick American revolutionaries. The Americans adopted it as a matter of pride and threw it back in their detractors face. Homosexuals are doing the same thing with the them "queer". When I went to Dan Farmer and Wietse Venema's class in Internet Security, Dan taught the class wearing a tank-top which said "QUEER" across the front. People with pride in themselves and what they do can make their detractors eat their insults. We should make it clear that "nerd," "dweeb," "geek," "jerk," etc. are where the money is. We should turn them into terms of pride in what we are and what we do. Bill ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From llurch at networking.stanford.edu Fri Jul 26 16:45:49 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sat, 27 Jul 1996 07:45:49 +0800 Subject: CandleWeb V1.1 - Web client, "secure E interpreter" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I doubt this is going to become a mass-market phenomenon, but some people seemed to be interested in E. - ---------- Forwarded message ---------- Date: Fri, 26 Jul 1996 12:06:01 +0200 From: Gunnar R|nning To: win-request at metrics.com Subject: CandleWeb V1.1 - Web client with interactive animation support CandleWeb AS is pleased to announce version 1.1 of the CandleWeb client. The client is freely available for Windows 95 and X11. Precompiled versions exist for Windows 95, Linux, Sunos 4 and Irix. CandleWeb is a powerful and easy way to create interactive animations and applications for use on the Web. The CandleWeb client is an interpreter for the language E(pronounced like "awe" in english). CandleWeb features include : - - Vector graphics objects to reduce bandwidth requirements and simplify animation development. - - Bitmap graphics(GIF and JPEG). - - Sound (MIDI and WAV). - - User-interaction objects. - - Web-protocols support. http(GET/POST), ftp, and file URLs are supported. Access to file URLs is by default prohibited due to security considerations. - - Portability and architecture independence. - - Security, interpreted programs is executed in a safe environment. The client has builtin damage-repair and double-buffering to achieve high performance graphics. Animations are easier to create in E than in traditional languages, due to the declarative nature of the E graphicssystem. AweThor is an authoring tool for CandleWeb that simplifies the task of creating animations and graphics in E. AweThor is available as shareware for $100(US). Download the client from : Find more information on : New features in this release of CandleWeb : - - Composite objects. The language now has support for user-defined composite objects. - - Support for dynamic loading of libraries and automatic revision control to store library copies locally. - - A new parser written in PCCTS has allowed us to clean up the language, and bring it somewhat closer to the C programming language in syntax. - - Global variables. - - Local function declarations. - - Regular expressions, through the new function regmatch. - - Support for MIDI and WAV on Win95 and Unix platforms using the Unix Sound Standard(USS). Linux has support for USS. Can play single or continuous sounds asynchronously. - - Better color support for X11 : 1. 24-bits support. 2. On PseudoColor it does not install a private colormap by default anymore. 3. Use the -perfect option to install a private colormap. 4. When -perfect is specified it uses a dithering technique to achieve 2048 virtual colors. - - HTTP post is now supported through the function post(). - - Other new builtin functions : optimizeObjects, contentType, substr, getWindowSize, read, write, and link. - - New functionality in the translation attribute : Motion(for motion of the mousecursor), ResizeWindow, Transparent (to send matching events onwards to the next inputarea). This release also include number of bug-fixes , and some speed optimizations to the interpreter. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfkkwZNcNyVVy0jxAQGhHQIAwYjS30G7yTqKFrk9L3EP5hX3K2+y2LAK gYOwTVqtN5v+94kBhKqfNogwNM2j/ku5crAWr10jpskuTUFKpF0sLw== =SrQb -----END PGP SIGNATURE----- From jimbell at pacifier.com Fri Jul 26 16:46:59 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 27 Jul 1996 07:46:59 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607261757.KAA18208@mail.pacifier.com> At 10:04 AM 7/26/96 -0400, Clay Olbon II wrote: >jim bell wrote: >>My previous answer was incomplete, of course. I continue to believe that >>the problem is unsolveable as stated, if for no other reason than the >>"weight" of the negative represented by dying is not stated. It's a VERY >>complex problem, unless there's some trick I'm not seeing. > >Jim is right. The problem with any optimization problem is when >unquantifiable negatives are included. The "classic" example of this is an >inventory problem. The optimal solution is minimal (or no) inventory, >however there are unquantifiable negatives that arise when a customer >cannot get his product when he wants it. I don't think the problem is that >complex if the negative is that you get no money rather than "you die". As >an aside, many game theory problems (possible including the simplified >version of this one) are solvable using linear programming (and no, that is >not writing C one line at a time ;-). It has been far too long since my >last game theory course to consider trying to set this problem up however >(I've found that I don't use either game theory or LP a whole lot in the >"real world" of engineering). Here is my best (currently!) guess at an APPROXIMATION of the solution. In order to avoid the indeterminacy of the weight of a death versus money, I assume that a solution can be found on the first proposal. (presumably, the first chooser is _motivated_ to find one, right?!?) This means that the 1st chooser must select a distribution that will make at least 50% happy. The first wild guess is that he's offer equal shares of the money to himself (#1) and the next nine (#2-#10). But the problem with that is that the higher-numbered people might feel inclined to defect, possibly figuring that by getting rid of the people before them, they could increase the size of their likely reward. Probably the solution is to offer those higher enough money so that they have no reason to defect. The amount that should be offered to each could be related to the maximum amount that person might reasonably be able to expect, if all of the people ahead of him in line had been eliminated. #1 and #2 can, at best, expect 1/10th of the reward each, #3 and #4 can expect 1/9th, #5 and #6 can expect 1/8th, #7 and #8 can expect 1/7, and finally #9 and #10 can expect 1/6. Of course, all this adds up to more than 1 (actually, 1627/1260), so the result must be normalized to bring the total amount offered down to "1". BTW, as extra "inducement" the people at the beginning of the line (2, 3, 4, etc) can agree and publicly announce that if anyone between 2 and 10 defects from this arrangement, he will be passed over in subsequent iterations of this process, selecting people starting from #11 and above in their place. Thus, the people between #1 and #10 are strongly motivated to go along with this arrangement from the beginning, particularly those near #10. Of course, this raises yet another possibility. Suppose #1 made an proposal like this: "The money is to be split equally among everybody who votes for this proposal." The high numbers (11-20) are motivated to vote for this, for fear that in the absense of such an agreement the low numbers would agree to split the pot without them. Likewise, the low numbers would be inclined to get an agreement rather than risk having their proposals rejected and them killed. Anyone who defects risks losing out on everything. (However, in order for proposals like this to be properly evaluated, it is necessary to establish certain issues, such as whether there's a secret ballot or not, etc. Also, even if the results of the ballot are not secret, are the votes revealed all at one time, or are the participants polled individually, and in what order. Can a participant adjust his vote according to the votes of another?) Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Fri Jul 26 16:47:02 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 27 Jul 1996 07:47:02 +0800 Subject: Distributed DES crack Message-ID: <199607261723.KAA16305@mail.pacifier.com> At 01:28 PM 7/26/96 +0200, Remo Pini wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >To: cypherpunks at toad.com >Date: Fri Jul 26 13:25:22 1996 >> At 10:30 7/23/96, Matt Blaze wrote: >> >> >My estimate is that an FPGA-based machine that can do a single DES key >> >every four months (eight months to exhaust the whole keyspace) could >> >be built with off-the-shelf stuff for comfortably under $50k (plus >> >labor, plus software development costs). A prototype board should >> cost >> >under $1000 and will help prove the concept and get a more accurate >> cost >> >estimate. I expect to build such a prototype machine myself, and, if >> it >> >works as I expect, maybe the whole thing. >> >> I am willing to financially contribute to the project. >> >> >If this were to be a card (via RS232 or PC-bus), thousands of people would >be able to copy it, once the development process is finished. -> You'd have >hardware that all those people could use for a distributed crack, the >building cost would be distributed also (<$100), only development would >have to be at one place (sponsored of course). Now, that would be a scary >thought for DES-fans! I've proposed that if it were done in this way, the circuit should be built external to a PC-clone or other computer, so that it can be easily tiled on a large pcb, in an "n by m" array. The reason is that if an individual cracker module were as simple and cheap as it should be, a person could easily want to run dozens if not hundreds of them. Communication would probably be done with a single serial data bus, with each module individually addressed. Due to the nature of the DES crack, communication would be rare, so it's likely that an ordinary '386 or '486-based computer could handle all the communication for a large number of such modules. I don't know if the figure of $10 thrown around for an FPGA is accurate, but if it is then a cost of $30 for each subsystem is probably doable, including pc board, assembly, and a few other components. A cost of $3000 for a 10-by-10 array seems reasonable to me, particularly since the throughput of each of those FPGA's ought to be at least 10x that of a general-purpose PC in this application. Jim Bell jimbell at pacifier.com From frantz at netcom.com Fri Jul 26 16:47:10 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 27 Jul 1996 07:47:10 +0800 Subject: AP on Crypto Hearing Message-ID: <199607261857.LAA26180@netcom8.netcom.com> At 4:28 PM 7/26/96 +0000, John Young wrote: > 7-25-96. The Associated Press: > > Computer Codes May Aid Crime > >... > > But a top official at the National Security Agency -- whose > job is to break secret codes -- said the encryption "genie > is not out of the bottle." NSA Deputy Director William > Crowell said encryption won't be widely used until it is > marketed and sold, with support to help people use it. True, crypto won't be widely used until it is marketed and sold. Only the 4 horsemen will have it. Terrorists with their government supporters will have the support and training. So will high level drug dealers and money launderers (mostly the same people). Child pornographers will learn quickly. Militias already have the infrastructure to teach military techniques and some of them know about comsec. Soon all of them will. Face it, the 5 horsemen won't have a problem. The 4 horsemen are a red herring. The issue is domestic surveillance. The bottom line of the issue is: Do we get end-to-end secure telephones before or after the telecom industry/taxpayers have to make the investment to provide law enforcement with access to 1% of all the calls in the country? ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From whallen at capitalnet.com Fri Jul 26 16:48:11 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Sat, 27 Jul 1996 07:48:11 +0800 Subject: TIM_ers Message-ID: <199607261849.OAA03749@ginger.capitalnet.com> At 14:49 96.07.26 GMT, John Young wrote: > 7-21-96. Sunday WaPo: > > "Liquid Explosives, Miniature Timers May Foil Airline > Security Measures." > > > At the heart of such devices is a timer built by > rewiring a commonly available Casio digital watch, which > is connected to a stabilized form of liquid > nitroglycerin stored in a bottle ostensibly filled with > contact lens solution. The stabilizer for the > nitroglycerin looks like unsuspicious cotton. Even newer > screening devices that can see through clothes would > have difficulty ferreting out such a substance, > according to airplane security experts. "See through cloths", wasn't there an ad in the back of comic books for a pair of sunglasses that did the same thing. And did these same sources mention how a bottle of lens solution with wired up Casio watch attached to it would not be considered conspicuous? If you want to bring down a plane just go to the courier services at the office blocks with a parcel for across the country, us a gps reciever with preset co-ordinates and when the plane gets there, ooopppss. If you want high tech thats the way to go. Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From wb8foz at nrk.com Fri Jul 26 16:48:23 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 27 Jul 1996 07:48:23 +0800 Subject: Freeh Testimony 7/25/96 In-Reply-To: Message-ID: <199607261908.PAA21017@nrk.com> > Freeh's statements were not distributed to senators before the hearing, > so they couldn't have read his prepared statement. > > Further, he wandered considerably from his prepared statement at the > hearing. I wonder why David is talking about what Freeh addressed in his > statement, instead of what he actually said. Further, the more interesting aspects were what Freeh said under interactive questioning by the Senators. He artfully avoided many of their direct questions, but found himself on the rocks on others. He seemed rather surprised at the tenor & thrust of the questioning; He could not have thought this would be a cake-walk but he sure acted that way. The transcript will be interesting reading. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From david at sternlight.com Fri Jul 26 16:52:20 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 27 Jul 1996 07:52:20 +0800 Subject: Freeh Testimony 7/25/96 In-Reply-To: Message-ID: At 8:55 AM -0700 7/26/96, Declan B. McCullagh wrote: >David's comments bring more heat than light. > >Freeh's statements were not distributed to senators before the hearing, >so they couldn't have read his prepared statement. > >Further, he wandered considerably from his prepared statement at the >hearing. I wonder why David is talking about what Freeh addressed in his >statement, instead of what he actually said. Because that's what Banisar pointed us to in his message. Had he qualified his own post of Freeh's opening statement I might have reacted differently. This increases the odds on "sloppy" rather than "mendacious". David From deviant at pooh-corner.com Fri Jul 26 16:54:36 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 27 Jul 1996 07:54:36 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: <199607260456.VAA01884@netcom12.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 25 Jul 1996, Mike Duvos wrote: > Date: Thu, 25 Jul 1996 21:56:52 -0700 (PDT) > From: Mike Duvos > To: cypherpunks at toad.com > Subject: Re: Produce 7 Hertz Frequency > > > SANDY SANDFORT > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > > > C'punks, > > > > On Thu, 25 Jul 1996, Jerome Tan wrote: > > > > > Does anyone know how to produce a 7 hertz frequency? > > > > No, but hum a few bars and we'll fake it. > > I'm not sure what this gentleman's application is. If I wanted > a 7 hz signal, I would take my handy dandy programmable digital > signal generator, press the "sin" button, and punch in "7" on > the numeric keypad. > > Am I missing something here? > > -- > Mike Duvos $ PGP 2.6 Public Key available $ > mpd at netcom.com $ via Finger. $ > Well... we could always tell him to do it the hard way... 1) set a bicycle wheel up to go around exactly 7 times per second. 2) attach a baseball card 3) place this somewhere so that the baseball card hits something exactly once per rotation. The frequency of the baseball card hitting will be 7 hertz. ;) --Deviant Television has brought back murder into the home -- where it belongs. -- Alfred Hitchcock -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfkT4jAJap8fyDMVAQG9sgf9EembGEU2XC+7IOAS868v7ak4JyniX3Pr 1fwZDmzVPmmXFMhUJoXN8N5UP4V68L3/S5pYlVjzN1xyzjqSloGW1MEpNFIswoGI 5m7tx0SjES8/Xy4b0kf1O4x18yb82TlgKo4FMevqWluIxk7UYU3Knnhym0nYHj8F txoBr92ZO2416CYRuU6+gpS0+4Je7DWNIOhdKtg+dYUmOJQNp4gZ3ovBkqwIoWw7 mqFwTePIBZtHEABt4blwcPGoz3q5aCM4TBJm7DFK8ZOPZwwnLXEkXlo200XGH9dG DS5EwCoY0lisI5boaXs+NY89mEuf5Mevu+ApI1gKWnvXG37MbeU3Ug== =PRMS -----END PGP SIGNATURE----- From david at sternlight.com Fri Jul 26 16:58:23 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 27 Jul 1996 07:58:23 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com> Message-ID: At 6:59 AM -0700 7/26/96, Hal wrote: >First, the line is established before the proposals begin. So the >proposer is not determined by lot, everyone knows who will be #1, #2, >etc. Second, I think the proposer gets to vote. The wording is a bit >ambiguous, but it just says that "they" vote, and I think "they" pretty >clearly refers to the whole group. > >Now here is the solution for two people: > >#1 (first in line) proposes that he gets it all. #1 votes yes, #2 votes >no. The proposal passes. > >Here it is for three people: > >#1 (first in line) proposes that he gets it all. #1 votes yes, #2 >probably votes no (since he will get it all if the proposal fails, by >the above) and #3 (end of line) reasons like this: if the proposal >fails, he (#3) will get nothing because #2 will get it all. Therefore >voting yes or no makes no difference to whether #3 stays alive (his >first priority) or how much money he makes (his second priority). But >it does make a difference in terms of keeping as many people alive as >possible (his third priority). So he votes yes because of this third >reason. Therefore the proposal passes and the first person in line >gets it all in this case. > >Of course, #1 could have offered some money to #3 and gotten his vote, >but that would violate the terms of the problem: #1 wants to make as >much money as possible. And since he can get #3's vote even while >offering nothing to him, that is what he will do. But Hal, these are Cypherpunks, which means some of them are smart and some are uh, er, um, not so smart. I would not want to be first in line. David From jimbell at pacifier.com Fri Jul 26 17:00:11 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 27 Jul 1996 08:00:11 +0800 Subject: Twenty Bank Robbers -- Solution? Message-ID: <199607261858.LAA21548@mail.pacifier.com> At 01:13 PM 7/25/96 -0500, Igor Chudov wrote: >> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >> how they plan to split the money: they stay in line, and the first guy >> suggests how to split the money. Then they vote on his suggestion. If >> 50% or more vote for his proposal, his suggestion is adopted. >> >> Otherwise they kill the first robber and now it is the turn of guy #2 >> to make another splitting proposal. Same voting rules apply. >> >> The question is, what will be the outcome? How will they split the >> money, how many robbers will be dead, and so on? > >I forgot to say what the GOALS are. The goals of every individual >cypherpunk are (in from highest to lowest priority): > >1. Stay alive >2. Get as much money as possible >3. Keep as many cypherpunks alive as possible, all other things being equal. Getting closer: #1 says to the rest: "We're going to have a sequential vote, #1 to #20. The first 10 who vote "yes" to this proposal get to share in the loot, equally." #1 must vote in favor, obviously. The second can "guarantee" himself a part of the pot, if it's given out in this first round, by voting "yes." The #2 is only motivated to vote "no" if he thinks he can get a better deal on subsequent iterations, and it's conceivable there won't BE more iterations if at least 9 people after him vote "yes" and he's voted no. Also, if this first proposal is rejected, the #2 wouldn't be in an appreciably better position than #1 was. So #2 will vote yes, as well. This procedure will repeat. As more people vote "yes," the danger in defecting (voting "no") will increase, because it will be effectively certain that someone else will collect that reward. As long as there are more people left to vote than would be necessary to increase the vote total to 10, nobody can afford to vote "no." So the proposal will pass, and the first 10 intelligent people will win. Jim Bell jimbell at pacifier.com From deviant at pooh-corner.com Fri Jul 26 17:01:19 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 27 Jul 1996 08:01:19 +0800 Subject: Bare fibers In-Reply-To: <199607260854.BAA23997@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 26 Jul 1996, Bill Stewart wrote: > Pressurized conduit is a favorite paranoid technique - if the > Bad Guy cuts open the conduit to get at the fiber, your alarm > system notices the pressure drop and goes off. > For slightly less paranoid scenarios, you can use heavy narrow > conduit with epoxied joints, and the extra alarm wire or two > to help detect cutting. For substantially more paranoid types, > you can always fill your conduit with some sort of flammable > substance that reats with air... for that matter, string fibers in bundles as such _ _/ \_ / \_/ \ \_/ \_/ / \_/ \ \_/ \_/ \_/ where the middle one carries the real signal, and the outer ones cary fake signals, and use them for interruption detection. --Deviant Legalize free-enterprise murder: why should governments have all the fun? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfkxiTAJap8fyDMVAQFRBgf+NmGLsJnPRQdJTgyb+7EBwQsqy7hlDAzZ MKC1cuQY6Z4UfVBO3PR5BTygKLRp2bjhH8DIiLKP5ILk3rh8ujVfE4qlFtdQj7t0 Mq4MO5x5EmBx4fQxJfzLshPBUlkjh7jBZ9y/VQVdpWmNrf++js913O4VGQwXRI0Y 9pf3P3UaPqtgkcCmTnxmaCFgxAr5l1gwSPEcmNDmx8AfhZBd2Od/3/v6xsO2uxCz yWV3b1X5i2DxKVjx4aWlqH9uvfn8dJSw9Efi0UAnA1vX5Hn2OGufYyI05MHXsEUf Cutjtd3q/s5OSrXkAN8hjZrQ2m/34wqhtowHZ2bFJIX/vsi5hk8c1Q== =8r2J -----END PGP SIGNATURE----- From ericd at cyberfarm.com Fri Jul 26 17:06:31 1996 From: ericd at cyberfarm.com (Eric Davis) Date: Sat, 27 Jul 1996 08:06:31 +0800 Subject: U.S. Territories? Message-ID: Are U.S. territories (Guam, Virg-Isl, etc) included in U.S. export restrictions for items such as strong crypto, etc.. Thanks Eric Davis ----------------------------------------------------- Eric Davis ericd at cyberfarm.com Co-Founder MediaCast: http://www.mediacast.com/ Personal contact: ericd at cyberfarm.com [KD6HTO (RF)] ----------------------------------------------------- - "If women of the world had not been excluded from - world affairs things today might have been - different." Said Alice Paul, Founder of the World - Women's Party for Equal Rights in 1938. From jeremey at forequest.com Fri Jul 26 17:16:51 1996 From: jeremey at forequest.com (Jeremey Barrett) Date: Sat, 27 Jul 1996 08:16:51 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Allright, considering the 3rd goal, I think the first guy gets all the money and everyone lives. Here's why: in the case of 2, 19 takes it all and 20 gets nothing. So with 3, since 20 will get nothing with 2 left, he may as well vote for 18 to get it all, since that increases the number who survive. So with 4, 17 proposes that 17 get all the money, and since 19 and 20 are already resigned to getting nothing, they will go along with 17. Following this to the end, the first guy gets all the money and everyone lives. On Thu, 25 Jul 1996, Igor Chudov wrote: > Igor Chudov wrote: > > > > Here's a puzzle for our game theorists. > > > > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's > > how they plan to split the money: they stay in line, and the first guy > > suggests how to split the money. Then they vote on his suggestion. If > > 50% or more vote for his proposal, his suggestion is adopted. > > > > Otherwise they kill the first robber and now it is the turn of guy #2 > > to make another splitting proposal. Same voting rules apply. > > > > The question is, what will be the outcome? How will they split the > > money, how many robbers will be dead, and so on? > > > > I forgot to say what the GOALS are. The goals of every individual > cypherpunk are (in from highest to lowest priority): > > 1. Stay alive > 2. Get as much money as possible > 3. Keep as many cypherpunks alive as possible, all other things being equal. > > - Igor. > - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Jeremey Barrett Senior Software Engineer jeremey at forequest.com The ForeQuest Company http://www.forequest.com/ "less is more." -- Mies van de Rohe. Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gage, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver", he says, "will usually know what's wrong." -- 'fortune` output -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfkOiC/fy+vkqMxNAQEo3wP/V+DuUGKc9YUBC/QzFtx/hX+arZwJqAU5 rXdvHF7DGnRbjiqRqFvZGy8DpoDhGD/UZkO71Ilf25iSW7Nkq/FUaYuyR3An/axi YqUxw+Mq3b42FyNWXZRENqG1aGZDRMxy41mEIBzp8gljIqRBCQh+EUrvrFzs+xP0 UX+RQJ5N+Zs= =u5PJ -----END PGP SIGNATURE----- From deviant at pooh-corner.com Fri Jul 26 17:20:26 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 27 Jul 1996 08:20:26 +0800 Subject: Produce 7 Hertz Frequency In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 26 Jul 1996, Timothy C. May wrote: > Date: Fri, 26 Jul 1996 16:48:43 -0700 > From: "Timothy C. May" > To: cypherpunks at toad.com > Subject: Re: Produce 7 Hertz Frequency > > At 4:56 AM 7/26/96, Mike Duvos wrote: > > > >I'm not sure what this gentleman's application is. If I wanted > >a 7 hz signal, I would take my handy dandy programmable digital > >signal generator, press the "sin" button, and punch in "7" on > >the numeric keypad. > > > >Am I missing something here? > > What does "sin" have to do with the number 7? Oh, you must mean the movie > "Se7en," in which the Se7en deadly sins were central to the plot. I get it. > The seven deadly sins are the seven deadly hurts. > Gee... or mabey he's refering to "sin" as the common abreviation of "sine" as in "sine wave". --Deviant Just once, I wish we would encounter an alien menace that wasn't immune to bullets. -- The Brigadier, "Dr. Who" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfkcGTAJap8fyDMVAQH7egf+Ij2xBdjejSrwmBgeySG0LTIa5a7n5+o9 5xJb9ZOdzVkFNVmwQnYmXn6HK+GWHME2U04XjHADyb1JTTKJQeoYiXKQSfeiRn4O mqY9pbXzDlAvzqOl6qRH7cRxoFRXo/kvnaTbt2vTGrPL5wxAPLzMuOXVGxRn/vYt yk9a51ZNs4+7CzVabimpSzmpw0fajuTgLcskQIa4gXISKwK5IYV3rMh1/dpOebAo H79SphU71m4boGm3Uw2/sRpu/p4Wye5S+TUTkzqNlOzIY71LI/3lnVFX6lDZjLVD YEBVdmULMkmF/fHHQopOIdR95zxC64HPHHtSEmZvjwiod7jDwl0WVQ== =08/O -----END PGP SIGNATURE----- From tcmay at got.net Fri Jul 26 17:21:15 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 27 Jul 1996 08:21:15 +0800 Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks Message-ID: At 6:40 PM 7/26/96, Bill Frantz wrote: >At 9:09 AM 7/26/96 -0700, Timothy C. May wrote: >>... I hate the term "nerd," as I hate the >>names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being >>called a "nerd" is complimentary, or anyone who labels himself as a "geek," >>is probably one who would call himself a "nigger," or a "queer.") > >I must disagree with Tim on this issue. Back in the dark ages, before the >revolution, the Yankee was an insult used by British sympathisers to >describe the hick American revolutionaries. The Americans adopted it as a >matter of pride and threw it back in their detractors face. I think Bill and I must've been in an exchange on this before, as I recall similar words from someone, perhaps Bill. Look, anyone is perfectly free to wear t-shirts espousing "Wimp Pride" and saying "We're gimps, we're wimps, we're dweebs, and we're PROUD!" I just cringe when I meet young programmers at Cypherpunks who mumble "I'm just a computer geek." Fine, I write them off as geeks. >Homosexuals are doing the same thing with the them "queer". When I went to >Dan Farmer and Wietse Venema's class in Internet Security, Dan taught the >class wearing a tank-top which said "QUEER" across the front. I have no problem with dykes, fags, fairies, queens, and other assorted queers and perverts "reclaiming" these terms...I'll just ignore such folks. (And I do find it passing strange that several of these "queers" expressed outrage to me that I used the word "queer" in the name of a thread; I guess it's the same way niggers insist that only _they_ are allowed to use this "reclaimed" word.) >People with pride in themselves and what they do can make their detractors >eat their insults. We should make it clear that "nerd," "dweeb," "geek," >"jerk," etc. are where the money is. We should turn them into terms of >pride in what we are and what we do. Maybe it's a generational thing (though Bill is as old as me, I think), but terms of insult are just that. The biggest users seem to be clueless journalists, like blonde bimbette Sue Hutchinson of the "S.J. Mercury News," who writes repeatedly of "nerdfests," and "geek conventions." (Hey, maybe womyn need to reclaim the terms "bimbo" and "airhead"?) As I see it, the best way to handle such terms of insult is to refuse to respond to it, not some bullshitty scheme of "reclaiming" the term. (A journalist once called me to get a "nerd's" perspective on a crypto issue--I told her I'm not a nerd and hung up on her.) As for what people ought to call themselves, e.g., when journalists ask what they are. just what is wrong with "engineer," "programmer," "scientist," and "cryptographer"? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From johnbr at atl.mindspring.com Fri Jul 26 17:28:28 1996 From: johnbr at atl.mindspring.com (John Brothers) Date: Sat, 27 Jul 1996 08:28:28 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <1.5.4.32.19960726212858.00698e9c@pop.atl.mindspring.com> At 07:19 AM 7/26/96 -0400, you wrote: >On the other hand, a proposal by the first guy to split the >proceeds equally among the first ten should be satisfactory to the first >ten. On that basis nobody dies and ten receive two million each, if we >assume that each is a simple profit maximizer. > >I think that that result is stable, but am not going to try to prove >that it is. (If the result is not stable, it should be relatively easy >to establish that fact.) Slightly more stable is: punk #1 proposes that punks 2 - 10 get all the money, and he gets none, if he prefers poverty to death. Now, why does this work? Punk #1 has set a precedent that improves the share of each of the following 9 cypherpunks by 11% over the 'first 10 split evenly' proposal, to 2.22 million. In order to justify killing punk #1, according to the rules, punk #2 will have to come up with a proposal that improves his share to more than 2.22 million (because the cypherpunks don't want to kill each other unless there is more money to be made) But he can't - there are still 18 other punks left, and he'll still need 9 additional votes on his side to stay alive - and he'll die if he gives less money to the 'lucky 9' than #1's proposal, since everyone can see that as more people die, the total profit available to the remainder will increase. In other words, if he votes no, he will be forced to offer 2.22 million to punks 3 - 11, to stay alive, and take no money himself. He loses by voting no, so he is a guaranteed yes. Punk #3 will consider voting no. Since there will only be 18 left when he gets the proposal, he can also propose 2.22 million to punks 3 - 11. But a) he can't do better than 2.22 million, and that means that he has to vote yes, since he doesn't want to kill the other punks, everything else being equal. Punk 4 is in the exact same situation - with 17 left, he still needs 9 to win, and voting 2.22 million to punks 4 - 12 won't gain him anything over voting yes. So he will vote yes because he doesn't want to kill. Punk 5 is the first one with a chance at a windfall. If he bumps off 1 - 4 he can propose 2.5 million for himself and 6-12. But he is vulnerable to the same strategy from punk #7. 7 will have no reason to keep #5 alive, since that will reduce his profit margin. #5 will be forced to vote yes to stay alive. #6 is in the same situation as number 5, since he can't increase the profit margin. He has to vote yes #7 is vulnerable to #9. 8 has no advantage, they both vote yes. #9 is vulnerable to 11, and 10 has no advantage. They both vote yes, and that is it. ---- --- John Brothers Do you have a right not to be offended? From david at sternlight.com Fri Jul 26 17:30:24 1996 From: david at sternlight.com (David Sternlight) Date: Sat, 27 Jul 1996 08:30:24 +0800 Subject: TIM_ers In-Reply-To: <199607261449.OAA25194@pipe2.t2.usa.pipeline.com> Message-ID: At 7:49 AM -0700 7/26/96, John Young wrote: > 7-21-96. Sunday WaPo: > > "Liquid Explosives, Miniature Timers May Foil Airline > Security Measures." > > 1994 spelled the beginning of what some experts fear > might be a resurgence of hi-tech terrorism, this time > involving persons with more advanced bomb-making skills > who know how to defeat even the best airport security > devices. The new terrorists favor smaller and much less > detectable plastic or liquid explosives detonated by > miniaturized and benign looking timers. > > At the heart of such devices is a timer built by > rewiring a commonly available Casio digital watch, which > is connected to a stabilized form of liquid > nitroglycerin stored in a bottle ostensibly filled with > contact lens solution. The stabilizer for the > nitroglycerin looks like unsuspicious cotton. Even newer > screening devices that can see through clothes would > have difficulty ferreting out such a substance, > according to airplane security experts. > If so, we can't stop such people at the airport, and we are thrown back on intelligence, and going after terrorist support networks and terrorist-supporting States, a la Netanyahu. Like key escrow, fancy airport detection schemes will spot the dunce terrorists (which helps), but to get the sophisticated ones, much more is needed. By the way, one of Freeh's points is that even if terrorists communicate with each other using what Freeh hopes will become illegal or seldom-used crypto, they have to communicate with lots of others not in on the conspiracy (banks, etc.) and if all legal crypto is escrowed either by common practice or by law, they can be gotten at that way. Perhaps Freeh is hinting at sources and methods for some of the government's successes, rather than presenting idle speculation. David From deviant at pooh-corner.com Fri Jul 26 17:33:53 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 27 Jul 1996 08:33:53 +0800 Subject: [Noise] Re: Twenty Bank Robbers -- Game theory:) In-Reply-To: <199607260854.BAA24001@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 26 Jul 1996, Bill Stewart wrote: > Date: Fri, 26 Jul 1996 01:52:43 -0700 > From: Bill Stewart > To: cypherpunks at toad.com > Subject: Re: Twenty Bank Robbers -- Game theory:) > > At 11:35 PM 7/25/96 -0500, ichudov at algebra.com (Igor Chudov) wrote: > >In my initial post that caused all the turmoil I said (literally) this: > >``Twenty cypherpunks robbed a bank.'' > > ^^^^^^^^^^^^^ > >I was careful choosing words. > > That was my reaction as well. I'd assume that if twenty cypherpunks > rob a bank, either it's one of Eric's party games (:-), or else > they probably conspired over the net to rob a bank by computer. > > 1) The bank probably knows which bank got robbed. But not how much money was taken, or from which accounts. > 2) The public probably won't hear about it. > 3) The cypherpunks might or might not. Not all of them anyway. > 4) The number and identity of the cypherpunks is unknown, > both to each other and to the bank. Although, the cypherpunks probably know how many, just not who. That or they know some of the names, but can't prove it, and don't know if there are more. > 5) If all twenty bank-robbing cypherpunks do conspire to > get together in a room to split up the loot, > it's probably a chat-room or mud-room; > it's not likely to be physical space. Definatly. > 6) It's very hard to kill people whose identities you don't know > across a net that obscures their physical location as well. True. > 7) I suppose you could kill-file them, which does cut them out > of the voting process, and therefore probably out of the money, > but is certainly less drastic than shooting them. But that doesn't, unless _everybody_ did it. > 8) Besides, how do you tell who's first on the list when they're > all nyms anyway? > 9) Who's got the money, anyway? Was there some sort of secret-sharing > protocol to make sure that the one cypherpunk holding the loot > doesn't just telnet to Argentina.com with it? The money is in a numbered account, and will be transfered equaly to other numbered accounts. > 10) Money? What money? heh. > 11) How do they conduct the voting? Merely arguing over the voting > protocols could occupy megabytes of list bandwidth. Sence nobody knows who's involved anyway, its really a matter of who controls the numbered account. > 12) They could just decide to use the money to pay the winner of > a lottery to predict when somebody shoots Jim Bell. > 13) But that wouldn't really take much, so there's still a lot left over. > 14) N>10 of the twenty are really all Tentacles, so they can all > vote to shoot any non-Tentacle and then vote to split the > cash between themselves. > 15) They could even killfile one or two Tentacles just to make it look > like a fair process. > 16) I _knew_ we shouldn't have killfiled Lieutenant Niedermeyer! > 17) Seventeen is the mystical number. > 18) If the public _does_ hear about it, the bank's stock will drop > like a rock, and they can use the money to buy out the bank. > 19) It's mine, mine, all mine! > 20) Bang! > Hrmmm.... --Deviant The Macintosh is Xerox technology at its best. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfk2wjAJap8fyDMVAQEzoAf+K9Q0/reRj+PD69dEEmFg9GoSBVv4bFBf 5SERy9WeOxVXICeA0fXPBGA/cDvhzedKJ9TasV9x1GmXUX17twtaj2hbrG5CMQyD jRybHOh8/uLBTGfcb+hf0HuHRHYkeJ9kmFJlX0g9LzKcWWmev4N270oUd/NoLlpn Xv1rxvjxga42n8G5w1g3Yo/SYJnnzEEHv5K2GIV2HyNnRq53UQKtnFlK4SV5Qgxg Mh7kunrec+KwNLAAwCl81iCAqjE2jzBYYxTTbQK3COiKRT3Ld8z6H6pIqkDBdXTw L6hZvuFTfh1Sgjy+BiE+oNFhKHg8idZIiSOzIX1pUGAqGI0BVUB1OA== =F6fC -----END PGP SIGNATURE----- From vagab0nd at sd.cybernex.net Fri Jul 26 17:34:35 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Sat, 27 Jul 1996 08:34:35 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <2.2.32.19960726220742.00726ee0@mail.sd.cybernex.net> At 05:55 PM 7/25/96 -0500, you wrote: >At 09:09 AM 7/25/96 -0500, you wrote: >>Here's a puzzle for our game theorists. >> >>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >>how they plan to split the money: they stay in line, and the first guy >>suggests how to split the money. Then they vote on his suggestion. If >>50% or more vote for his proposal, his suggestion is adopted. >> >>Otherwise they kill the first robber and now it is the turn of guy #2 >>to make another splitting proposal. Same voting rules apply. >> >>The question is, what will be the outcome? How will they split the >>money, how many robbers will be dead, and so on? >> >>igor >> > >Here's my guess: >Eache robber is going to want the largest share of the money possible. >Therefore The first guy dies automatically because that increases the share >size. This continues on until there are only two robbers left. Robber #19 >suggests that he receives the full 20 million and since his vote is 50%, he >receives it all. 18 robbers dead. I wasn't very clear why #1 died. Any suggestion of his is shot down and then he is killed. And so on... and so on... until the final two are left. vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From jims at MPGN.COM Fri Jul 26 17:42:47 1996 From: jims at MPGN.COM (James C. Sewell) Date: Sat, 27 Jul 1996 08:42:47 +0800 Subject: Am I protected by ignorance? Message-ID: <2.2.32.19960726211544.006de9b8@tansoft.com> At 11:29 AM 7/26/96 +0200, Remo Pini wrote: > >Since there is no way for me to know where the server stands, do I violate >the ITAR, and if so, am I realistically prosecutable? The Feds consider crypto as munitions so I guess you could ask that same question as: I sold a bunch of Stinger missiles to a man with an American sounding name, "Smith." How was I to know he was __________[bad guys]? I bet they would prosecute you for the missiles so I'd suspect they would on the crypto too. Me? A lawyer? HAHAHAHAHAHhahahahhaaa Yeah, right! Jim Sewell - jims at tansoft.com Tantalus Incorporated - Key West, FL From ericm at lne.com Fri Jul 26 18:21:48 1996 From: ericm at lne.com (Eric Murray) Date: Sat, 27 Jul 1996 09:21:48 +0800 Subject: "privatizing" phones? In-Reply-To: <1.5.4.32.19960726085331.0067db88@is.nyu.edu> Message-ID: <199607262311.QAA22874@slack.lne.com> Brendon Macaraeg writes: > > Cpunks: > > While shopping for a new phone recently, I came across > two models (Toshiba and Uniden I believe) that > have buttons to "privatize" you conversations. These > were on no-cord models. I have one of these, a Panasonic "Secure Guard" cordless. It was on sale, I couldn't resist. :-) It's a 46mhz analog model, newer phones use frequencies in the 900mhz range and/or digital encoding. The 900mhz range is one of those 'blocked' in most newer radio scanners, this is required by law as of a few years ago. Many scanners can have some or all of the locked-out ranges restored by suitable modification (i.e. removing a resistor). Many of these mods are posted on the net. > Does anyone have any idea > on what these actually do? Can the phones change > the frequency the call is on randomly > so people can't tune into it? The Panasonic I have doesn't change frequencies during the call by itself, although you can do that by pressing a button. The "secure" feature does some sort of analog frequency-diddling to make most of the sound transmitted between the phone and base unit unintelligable. I'm not a hardware type but I expect that this isn't very hard to 'crack' given a bit of equipment. I'm sure most HAM hobbiests could do so. It only keeps your conversations somewhat safe from the local snoops with scanners. While most speech comes out pretty good, you can't have the 'secure' feature on when you're attempting to navgate phonemail systems... it messes up the DTMF tones just enough to make then unrecognizable to many phonemail systems. > I know cellulars offer something similar. Yea, that's more secure although if I remember right, nowhere near unbreakable. Why, then drug dealers and terrorists could make phone calls and our great and wonderful law enforcement personell would not be able to listen in on the perps. Wouldn't want that now, would we? > Personally, I would never put much faith into > something of this sort. Well, it's not "secure" but it's somewhat better than nothing. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From frantz at netcom.com Fri Jul 26 18:23:47 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 27 Jul 1996 09:23:47 +0800 Subject: Usenet Conference on Security Message-ID: <199607262252.PAA03209@netcom8.netcom.com> Just a few of the highlights: (1) Ron Rivest speaking on SDSI (2) Ian Goldberg et.al's secure environment for running untrusted programs in Solaris. Since it runs Netscape, it may let Perry provide a second layer of containment for Java. (3) Carl Ellison's "Establishing Identity Without Certification Authorities (4) Peter Gutmann's "Secure Deletion of Data from Magnetic and Solid-State Memory". (Bottom line, use thermite for magnetic media.) (5) Don Davis's "Compliance Defects in Public Key Cryptography" (6) Sameer Parekh's description (advertisement for) Community Connexion (7) Derek Atkins' description of the PGP Library API. Other amusements: While the Department of Justice guy (whose name slips my mind) was saying 4 horsemen over and over (really an oversimplification of his position), Data Fellows Ltd., Paivantaite 8, FIN-02210 ESPOO, Finland (http://www.datafellows.com) was in the vendor area offering strong crypto products with the line in one of their handouts, "This is orders of magnitude more security than DES-based or US products that are under the US ITAR export restrictions." In talking with them I didn't smell any snake oil. A BOF on PKI with Ron Rivest (who had already described SDSI) where Matt Blase describing PoliceMaker, and Carl Ellison described SPKI. All three approaches get away from the central certificate hierarchy God. Each one has something to offer that the other do not. (In a spirit of advertising/disclosure, I have been working with Carl on SPKI.) ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From ericm at lne.com Fri Jul 26 18:26:16 1996 From: ericm at lne.com (Eric Murray) Date: Sat, 27 Jul 1996 09:26:16 +0800 Subject: Anonymous Web Services Inc. In-Reply-To: Message-ID: <199607262255.PAA22798@slack.lne.com> J. Kent Hastings writes: > > Deranged and cpunx, > > I figure the digicrime site for provocateurs. > Ignore them and they'll go away, or what? Um guys, it's a joke. Check out the rest of the digicrime home page. Last time I looked at it it was pretty funny, and quite obvious to even a paranoid security weenie like me. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From gnu at toad.com Fri Jul 26 18:40:32 1996 From: gnu at toad.com (John Gilmore) Date: Sat, 27 Jul 1996 09:40:32 +0800 Subject: Securing 5% of the Internet against Wiretapping by Christmas Message-ID: <199607262316.QAA06024@toad.com> I've been working on a project in secret for a few months, and now am talking about it with everyone so that we can all help it along. Want all the Internet traffic between you and every other privacy-conscious site on the net to automatically be encrypted using Triple-DES, RSA, and Diffie-Hellman? Without changing your hardware or software, except to stick a Linux PC on your network, or install a new version of Linux on your laptop? Want it all by Christmas? Then check out http://www.cygnus.com/~gnu/swan.html From minow at apple.com Fri Jul 26 18:49:19 1996 From: minow at apple.com (Martin Minow) Date: Sat, 27 Jul 1996 09:49:19 +0800 Subject: Hackers on tv alert (for SF area only) Message-ID: San Francisco TV channel 4 (the NBC affiliate) will broadcast a "news" segment on hackers "they can access your computer and ruin your life" at/around 9:00 PM this evening (Friday, July 26). I'm sure it will be as informative, educational and unbiased, just like the rest of the Olympic coverage. Martin Minow minow at apple.com From jimbell at pacifier.com Fri Jul 26 19:43:14 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 27 Jul 1996 10:43:14 +0800 Subject: Bernstein files for partial summary judgement in crypto case Message-ID: <199607270022.RAA09976@mail.pacifier.com> At 05:28 PM 7/25/96 -0700, John Gilmore wrote: >Here's the press release on the latest development in the Bernstein >case. >July 26, 1996 Electronic Frontier Foundation >In his 45-page memorandum in support of his motion, Bernstein sets forth >several First Amendment arguments: >* Any legal framework that requires a license for First Amendment >protected speech, which may be granted or withheld at the discretion of a >government official, is a prior restraint on speech. In order for this >framework to be acceptable, the government has the burden of showing that >publication will "surely result in direct, immediate, and irreparable >damage to our Nation or its people" and that the regulation at issue is >necessary to prevent this damage. The government has not met this burden >regarding the ITAR legal framework. Maybe it's just me, but why would even the _certainty_ that a publication will "surely result in direct, immediate, and irreparable damage to our Nation or its people" justify violation of 1st amendment rights? There are, certainly, kinds of "damage" which should not warrant prohibition: If, for instance, a business regularly cheats its customers, my investigation of that behavior and revealing it publicly would certain "damage" that business, but we conclude that's justified if for no other reason than it's the truth. Would digging up an embarrassing revelation about "our Nation or its people" constitute "irreparable damage" sufficient to justify concluding that the 1st amendment didn't apply? Had the fact that we'd slaughtered Indians in the late 1800's been kept secret until today, would its discovery and publication be that "irreparable damage" that regulation could legitimately seek to prohibit? Would the news that the events leading up to the "Gulf of Tonkin resolution" were a fraud cause "irreparable damage"? Would finding out the truth about the Watergate incident cause "irreparable damage"? In a sense, speaking of any of these incidents might cause "irreparable damage" to government and people, but it's "damage" that a person should simply be entitled to do, given the concepts of free speech and the 1st amendment. In short, I don't think Bernstein should give an inch. There may, in fact, be limits on the 1st amendment, but I don't see this as being one of them. Jim Bell jimbell at pacifier.com From rich at c2.org Fri Jul 26 19:43:48 1996 From: rich at c2.org (Rich Graves) Date: Sat, 27 Jul 1996 10:43:48 +0800 Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks In-Reply-To: <199607262014.NAA02740@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I missed the original, but it appears that Peter Trei once claimed that Tim May wrote: > > >People with pride in themselves and what they do can make their detractors > > >eat their insults. We should make it clear that "nerd," "dweeb," "geek," > > >"jerk," etc. are where the money is. We should turn them into terms of > > >pride in what we are and what we do. > > > Maybe it's a generational thing (though Bill is as old as me, I think), but > > terms of insult are just that. The biggest users seem to be clueless > > journalists, like blonde bimbette Sue Hutchinson of the "S.J. Mercury > > News," who writes repeatedly of "nerdfests," and "geek conventions." (Hey, > > maybe womyn need to reclaim the terms "bimbo" and "airhead"?) Actually, I know Sue, and I believe she has. She's got a rather healthy sense of humor, thank you, "for a womyn." I don't think it's a generational thing, because lord (tm) knows that there are members of my generation with sticks firmly up their asses, too. - -rich nerd - -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCM$/GSS d- s++:- a- C++ UU+ P++ L+ E- W+++ N++ o+ K++ w !O M+ V-- PS++ PE Y++ PGP++ t 5 X R- tv- b+ DI++ D- G+ e++* h r* y+ - -----END GEEK CODE BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMfldt5NcNyVVy0jxAQEXMgIAh+jiyGCmcJUm2Adzq46I51/QhBeMAejn yXQER/sdniq2esC6jH/07eHScp5m1WUy9m4UW+MSR92PKryghb1b0w== =gXd/ -----END PGP SIGNATURE----- From adam at homeport.org Fri Jul 26 19:55:56 1996 From: adam at homeport.org (Adam Shostack) Date: Sat, 27 Jul 1996 10:55:56 +0800 Subject: Freeh Testimony 7/25/96 In-Reply-To: Message-ID: <199607270019.TAA11458@homeport.org> I find it unfortunate that Mr. Freeh doesn't understand his job. It is to enforce the law. This basic lack of understanding of his responsibilities explains a lot, including filegate. He was just protecting America from Espionage, and the law be damned. Adam | This is the written testimony of FBI Director Freeh before the | Senate Commerce Committee on S 1726, the Pro-Code legislation. | But we are also mindful of our principal mission responsibilities: | protecting America's public safety and national security in the myriad of | criminal, terrorist, and espionage cases that confront us every day. -- "It is seldom that liberty of any kind is lost all at once." -Hume From ichudov at algebra.com Fri Jul 26 20:51:44 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 27 Jul 1996 11:51:44 +0800 Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks In-Reply-To: Message-ID: <199607270013.TAA07369@manifold.algebra.com> Timothy C. May wrote: > > I just cringe when I meet young programmers at Cypherpunks who mumble "I'm > just a computer geek." Fine, I write them off as geeks. > OK, I am a foreigner. Can anyone explain me what the word "geek" means and what are the origins of this word? I thought it was a cool word, meaning someone orthogonal to the present world but being able to change it. - Igor. From attila at primenet.com Fri Jul 26 21:29:27 1996 From: attila at primenet.com (attila) Date: Sat, 27 Jul 1996 12:29:27 +0800 Subject: www.anonymizer.com Message-ID: <199607262318.QAA01690@primenet.com> Addressed to: Bill Stewart Cypherpunks ** Reply to note from Bill Stewart 07/25/96 11:38pm -0700 = <<<<>>>> = * Frames, for instance, do bizzare things when anonymized, at least = with Netscape 3.0b5. Frames are, of course, _evil_, and are banned = by the CDA, and anyone who uses them should be flamed mercilessly = and forced to use Lynx on a 24x80 monochrome display until he or she = repents and sees the error of their ways, and if that doesn't work = they should be exiled to AOL with only Microsoft Word Internet Assistant. = But that's a flame for another day.... = <<<<>>>> = I did not realize you were sadistic --or is this possibly latent masochism? my aggravation is the commercial hosts want to know all --we do not wish to give them our all... maybe an easier solution on anonyminity would be to establish a _plausible_ ID for www.anonymizer.com sites. make sure the target receives as much information as, say Netscape, might give them... So what if time, inc. collects 5000 cases of Bill Stewart at some host which anonymizer creates. your point on matching security levels is valid; anonymizer needs to report the difference in security levels to you --you make the decision. --send a very simple response form at connect time showing the parameters, and you make the decision. this, of course, would be a reasonable idea in all cases so you have a solid idea oj just who are connected to --fun if both ends are anonymized! --- Cyberspace is Our Freedom! Fuck Their CDA! Democracy Requires Free Speach & Strong Cryptography From ichudov at algebra.com Fri Jul 26 21:34:06 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 27 Jul 1996 12:34:06 +0800 Subject: Schelling points and enthropy of human mind Message-ID: <199607270005.TAA07330@manifold.algebra.com> Hi, Tim May presented an interesting concept of two persons who want to meet in Washington DC but forgot to decide where to meet. He says that they will likely to be in only several places and that such places will be "points of low enthropy". The question is, how do you define "enthropy" in this case? Also, for a while I've been thinking about enthropies of cultures and individuals. I wonder if anyone knows any books or theories that define such things. - Igor. From tcmay at got.net Fri Jul 26 21:55:41 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 27 Jul 1996 12:55:41 +0800 Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks Message-ID: At 12:13 AM 7/27/96, Igor Chudov @ home wrote: >Timothy C. May wrote: >> >> I just cringe when I meet young programmers at Cypherpunks who mumble "I'm >> just a computer geek." Fine, I write them off as geeks. >> > >OK, I am a foreigner. Can anyone explain me what the word "geek" means >and what are the origins of this word? I thought it was a cool word, >meaning someone orthogonal to the present world but being able to >change it. No, "geek" is not a "cool" word. "geek n. Slang. 1. An odd or ridiculous person. 2. A carnival performer whose show consists of bizarre acts, such as biting the head off a live chicken. (Perhaps alteration of dialectical "geck," fool, from Low German "gek," from Middle Low German." (American Heritage Dictionary of the English Language, Third Edition) And the full Oxford English Dictionary, Second Edition, Magnifying Glass Version, gives essentially the same definition, and cites an 1875 appearance in American slang. It mentions a "dumb sideshow stooge." Until recently, this was the only usage I knew of. One heard girls pointing at "geeky guys" and saying "What a geek!" Still think it's a "cool" word? How programmers came to adopt this as a badge of pride is beyond me. (I guess they don't especially care what the girls think, especially of course if they're one of the oh-so-popular "Geek Queers"--I don't even want to _think_ about what they bite the heads off of.) That foreigners are arriving in the U.S. and calling themselves "geeks," "dweebs," and "nerds" reminds me of those old cruel ploys of teaching foreigners a few words of English, e.g., "I am a very shitty person, fuck you very much!" Sad, real sad. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Jul 26 22:12:08 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 27 Jul 1996 13:12:08 +0800 Subject: Why the world needs privay protecting Ecash Message-ID: At 7:17 PM 7/26/96, Lucky Green wrote: >>>> S.KOREA PROBES 15,000 PEOPLE OVER CREDIT CARD USE - South Korean >> state prosecutors are probing 15,000 people for excessive use of >> their credit cards overseas in a crackdown on lavish spending, a >> prosecution official said on Thursday. [Reuters, 200 words] > Good to know that the U.S. will cooperate in these investigations. I would hate to see these South Korean's spending "the people's" money in improper ways...oops, am I confusing South Korea with the Benevolent People's Republic of North Korea? Or are they just converging, just as the U.S. is converging with the PRC? Which raises a question about the laws in the U.S. on "structuring" of financial transfers. If Alice uses her U.S. VISA card to make many cash withdrawals at ATMs in Zurich, Lichtenstein, Geneva, London, etc., are there any U.S. requirements that she obtain and fill out reports (in triplicate) on these transactions? Suppose the cumulative ATM transactions hit the magic $10,000 level? I've heard folks describe this as a sure-fire way to transfer funds out of the U.S. to offshore banks, without the risks of carrying cash (*), but I wonder if any laws actually make this fall into the "structuring" penumbra. ("Structuring" refers to, for example, making multiple sub-$10,000 transfers so as to (apparently) evade the intent of the U.S. law on reporting all transactions of $10,000 or more.) (* Traveller's checks, cashier's checks, etc., are other options. One Cypherpunk has some interesting ideas about using traveller's checks to evade the U.S. requirements.) P.S. Do you know that if you save $200 a week out of your paycheck and put under your mattress, that after a year you will have saved $10,000? That's the good news. Now, the bad news. Do you know that if you try to deposit this $10,000 in cash in a bank, or spend it on a car, that an investigation may be triggered? That your money may be taken from you in an "asset seizure"? Unless you can prove where you got the money--rather hard in the mattress example--it may be taken from you and never returned, even if there is never a court case charging you with a crime, much less a conviction. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From perry at piermont.com Fri Jul 26 22:19:04 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 27 Jul 1996 13:19:04 +0800 Subject: Usenet Conference on Security In-Reply-To: <199607262252.PAA03209@netcom8.netcom.com> Message-ID: <199607270034.UAA24175@jekyll.piermont.com> Bill Frantz writes: > While the Department of Justice guy (whose name slips my mind) was saying 4 > horsemen over and over (really an oversimplification of his position), Data > Fellows Ltd., Paivantaite 8, FIN-02210 ESPOO, Finland > (http://www.datafellows.com) was in the vendor area offering strong crypto > products with the line in one of their handouts, "This is orders of > magnitude more security than DES-based or US products that are under the US > ITAR export restrictions." In talking with them I didn't smell any snake > oil. As an aside, the stuff Datafellows is selling is, I believe, a commercial version of SSH, which is very good stuff. Its a full replacement for the whole berkeley "r" utilities using strong crypto (public key and conventional) for authentication and privacy. Does rlogin, rsh, redirects X sessions, slices and dices, etc. Really spiffy. (SSH suffers from a few minor flaws, but they will likely be corrected in the future; the only thing that worries me about it is that it is very large and thus hard to fully analyse, but it looks good enough that I've been using it day to day for many many months for all my medium security work.) Perry From jimbell at pacifier.com Fri Jul 26 22:22:07 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 27 Jul 1996 13:22:07 +0800 Subject: Freeh Testimony 7/25/96 Message-ID: <199607270244.TAA16229@mail.pacifier.com> At 03:08 PM 7/26/96 -0400, David Lesher wrote: >Further, the more interesting aspects were what Freeh said under >interactive questioning by the Senators. He artfully avoided >many of their direct questions, but found himself on the rocks >on others. > >He seemed rather surprised at the tenor & thrust of the questioning; >He could not have thought this would be a cake-walk but he sure >acted that way. Here's a question I'd like somebody to ask Freeh: "There are some people who believe the development of uncompromised good encryption and easy communication, represented by the Internet, will lead to a world with drastically less _need_ for government, and a world that will be essentially ungovernable by centralized governments. You are a representative of government, first and foremost. Your job and salary and pension may be on the line if these predictions are true. To what extent is your position on key-escrow/GAK designed to resist or prevent such an eventuality?" (He'll probably answer that he doesn't understand the question..." Jim Bell jimbell at pacifier.com From tcmay at got.net Fri Jul 26 22:34:19 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 27 Jul 1996 13:34:19 +0800 Subject: Schelling points and enthropy of human mind Message-ID: At 12:05 AM 7/27/96, Igor Chudov @ home wrote: >Hi, > >Tim May presented an interesting concept of two persons who >want to meet in Washington DC but forgot to decide where to meet. >He says that they will likely to be in only several places and >that such places will be "points of low enthropy". > >The question is, how do you define "enthropy" in this case? Well, I used "entropy" in the usual sense of the constellation of definitions: - low entropy means increased predictability (in this case, Alice and Bob are more able to "predict" what the other will decide than if the points were more "random") - low entropy is associated with "less randomness" (randomness is a notoriously controversial subject, discussed here often, so please don't clutter the list with quibbles about randomness) - "random" is related to "unpredictable" is related to "not compressible" is related to "disorderly" - "nonrandom" is related to "predictable" is related to "compressible" is related to "orderly" Schelling points are of course related to the notion of "emergent order," in that order emerges without prior communication between Alice and Bob. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frissell at panix.com Fri Jul 26 23:19:31 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 27 Jul 1996 14:19:31 +0800 Subject: Why the world needs privay protecting Ecash Message-ID: <2.2.32.19960727041849.008b50f0@panix.com> At 12:05 PM 7/27/96 -0700, Timothy C. May wrote: >If Alice uses her U.S. VISA card to make many cash withdrawals at ATMs in >Zurich, Lichtenstein, Geneva, London, etc., are there any U.S. requirements >that she obtain and fill out reports (in triplicate) on these transactions? >Suppose the cumulative ATM transactions hit the magic $10,000 level? It might be hard to get an ATM card that lets you take out $10,000/day. I suppose a VISA card or a Debit card might allow that amount. Form 4790 Report of International Transportation of Currency or Monetary Instruments available at: ftp://ftp.fedworld.gov/pub/irs-pdf/f4790.pdf Says: A TRANSFER OF FUNDS THROUGH NORMAL BANKING PROCEDURES WHICH DOES NOT INVOLVE THE PHYSICAL TRANSPORTATION OF CURRENCY OR MONETARY INSTRUMENTS IS NOT REQUIRED TO BE REPORTED. Form 4789 The Currency Transaction Report available at: ftp://ftp.fedworld.gov/pub/irs-pdf/f4789.pdf Says: "Currency.�The physical transfer of currency from one person to another. This does not include a transfer of funds by means of bank check, bank draft, wire transfer or other written order that does not involve the physical transfer of currency." I guess an ATM is a machine and not a person. But these are the instructions not the regs. The form doesn't have to be filed by individuals only by financial institutions. An ATM doesn't involve the bank giving you cash unless you are using the ATM machine at your own bank. I remember seeing some regs that did mention ATM transfers but can't recall specifics. Usually, they figure that they have the "paper trail" anyway through your normal bank records. DCF From tcmay at got.net Fri Jul 26 23:38:20 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 27 Jul 1996 14:38:20 +0800 Subject: Why the world needs privay protecting Ecash Message-ID: At 4:18 AM 7/27/96, Duncan Frissell wrote: >At 12:05 PM 7/27/96 -0700, Timothy C. May wrote: > >>If Alice uses her U.S. VISA card to make many cash withdrawals at ATMs in >>Zurich, Lichtenstein, Geneva, London, etc., are there any U.S. requirements >>that she obtain and fill out reports (in triplicate) on these transactions? >>Suppose the cumulative ATM transactions hit the magic $10,000 level? > >It might be hard to get an ATM card that lets you take out $10,000/day. I >suppose a VISA card or a Debit card might allow that amount. Who said it had to be in one day? I didn't. Most vacations to Europe last a couple of weeks, e.g., "If this is Tuesday, I need to make a withdrawal in Milano." I think a lot of ATMs will now dispense big chunks of cash--I've never checked on limits, but I notice that some CRT screens now have chunks up to $600 or so listed. >The form doesn't have to be filed by individuals only by financial >institutions. An ATM doesn't involve the bank giving you cash unless you are >using the ATM machine at your own bank. I remember seeing some regs that >did mention ATM transfers but can't recall specifics. Usually, they figure >that they have the "paper trail" anyway through your normal bank records. Thanks. Still not sure if it applies, but I'd forgotten that it's up to the banks to do the reports; good to know it's not up to me. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rollo at artvark.com Fri Jul 26 23:40:24 1996 From: rollo at artvark.com (rollo at artvark.com) Date: Sat, 27 Jul 1996 14:40:24 +0800 Subject: Pie cutting algorithm Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2555 bytes Desc: not available URL: From hal9001 at panix.com Fri Jul 26 23:48:01 1996 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Sat, 27 Jul 1996 14:48:01 +0800 Subject: Twenty Bank Robbers -- Game theory:) [Classic Answer] Message-ID: At 9:09 -0500 7/25/96, Igor Chudov wrote: >Here's a puzzle for our game theorists. > >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >how they plan to split the money: they stay in line, and the first guy >suggests how to split the money. Then they vote on his suggestion. If >50% or more vote for his proposal, his suggestion is adopted. > >Otherwise they kill the first robber and now it is the turn of guy #2 >to make another splitting proposal. Same voting rules apply. > >The question is, what will be the outcome? How will they split the >money, how many robbers will be dead, and so on? > >igor This is a variant on the normal distribution problem/game where you have a number of homogeneous/identical items that are either too numerous to distribute by the "one for you and one for me" method or are not equivalent to each other. The "goal" is to have a method of distributing so that each person feels that they got "their fair share". The classic solution is to have #1 divide the items into 20 piles (any of which he is willing to take as his share). Then number #2 is offered the choice of accepting #1's distribution or rearranging the distribution until he is happy to accept any of them. This accept/rearrange process goes on until #19 has made his decision. Then #20 is allowed to select any one pile as his share. The "choose a pile" option then goes back up the line (to #19, #18, etc) with each taking one of the remaining piles until it gets to whoever was before the person who did the last rearrangement. This person then has the option of doing a new rearrangement or approving the current distribution. After he does a rearrangement or approves the distribution, the option keeps going up the line until it gets to #1 (who selects a pile). You then keep going down [and up] the line until there are only two piles and the last approver/rearranger gets the last pile after the choice of piles is made by the other person. This is "fair" since at all times the person who is making a pile selection has already approved the distribution (or at the end is offered his choice of the two remaining piles). From anonymous-remailer at shell.portal.com Fri Jul 26 23:50:18 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sat, 27 Jul 1996 14:50:18 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI Message-ID: <199607270433.VAA28441@jobe.shell.portal.com> I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY CAN TRACK YOU DOWN AND CLOSE THIS LIST. From hal9001 at panix.com Fri Jul 26 23:50:53 1996 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Sat, 27 Jul 1996 14:50:53 +0800 Subject: [Noise] [Smut] [Off-topic] Re: A Global Village, or thefuture of porn on the net In-Reply-To: <2.2.32.19960725070145.00d77a58@mail.teleport.com> Message-ID: At 0:01 -0700 7/25/96, Alan Olsen wrote: >Porn stories and/or hacked pictures of celebrities already occurs. Has >since I have been on usenet... (Many years now.) One of my favorites >involves the Brady Bunch... In fact there are celebrities who have hired >people to track down phoney pictures and get them pulled from web sites. > >(I always expected something like this to show up on Star Trek:TNG. Having >Beverly Crusher catching Weasly with the holodeck porn programs involving >all sorts of convelutions of the bridge crew. He would probibly blame it on >Riker...) It WAS done on TNG. It was the first Lt. Barclay Episode. He was living in the Holodeck. He had a "Love Goddess" program of Troi, for example. From deviant at pooh-corner.com Fri Jul 26 23:51:40 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 27 Jul 1996 14:51:40 +0800 Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks In-Reply-To: <199607270013.TAA07369@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 26 Jul 1996, Igor Chudov @ home wrote: > Date: Fri, 26 Jul 1996 19:13:19 -0500 (CDT) > From: "Igor Chudov @ home" > To: "Timothy C. May" > Cc: cypherpunks at toad.com > Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks > > Timothy C. May wrote: > > > > I just cringe when I meet young programmers at Cypherpunks who mumble "I'm > > just a computer geek." Fine, I write them off as geeks. > > > > OK, I am a foreigner. Can anyone explain me what the word "geek" means > and what are the origins of this word? I thought it was a cool word, > meaning someone orthogonal to the present world but being able to > change it. > > - Igor. > Ummm... its usually functionally equivalent to "nerd" -- a complete social outcast thats really smart, or at least appears to be. --Deviant "Uncle Cosmo ... why do they call this a word processor?" "It's simple, Skyler ... you've seen what food processors do to food, right?" -- MacNelley, "Shoe" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfmgCjAJap8fyDMVAQHqpQf/UMogPnVpjUgZKGO63mnSoOxgi829a+oj 2bzm1cOcJQtRGqSpHhjRKoV66h3LvOkYgx2hn+t3b6iA32UOO6SQ9HlucPsGKQVf 2E3GMrE94Numi6HC6J1FSSzFmmhRAxzMGbNav/VDgbEzufvAHpLKCEGpsnQ8VT6+ vJ08y7RPz6u/hFw51QZCMAW10Dfq1HZYwRidPCWooH8ynbEV7T6pXg+qiU8Ogpjh T4eaA8M2fY9uzj85fE124zztwoV8PB+MlLSw4+LyFxshyZtUiN4eQT6SdDJrUOHX Qw7RatH014JTC3UZO7b8DjyjXpMqnfOOgQTCuYxUS6eqjqlLFpqb5A== =IeDx -----END PGP SIGNATURE----- From hal9001 at panix.com Fri Jul 26 23:54:00 1996 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Sat, 27 Jul 1996 14:54:00 +0800 Subject: Twenty Bank Robbers -- solution (?) In-Reply-To: <2.2.32.19960725223251.00e8eea8@labg30> Message-ID: At 17:32 -0500 7/25/96, John Deters wrote: >At 01:13 PM 7/25/96 -0500, Igor Chudov wrote: >>Igor Chudov wrote: >>> >>> Here's a puzzle for our game theorists. >> >>I forgot to say what the GOALS are. The goals of every individual >>cypherpunk are (in from highest to lowest priority): >> >>1. Stay alive >>2. Get as much money as possible >>3. Keep as many cypherpunks alive as possible, all other things being equal. > >The first cypherpunk should propose a 10-way split: #s 11-20. It's the >best offer #s 10-18 will be assured of getting without having to kill >anyone. Once any one dies, I think the results will always boil down to #19 >getting 100% of the money (when #s 1-18 are dead, #19 proposes that #19 gets >100% of the money and his vote is 50%, so he "wins". #20 kills him out of >spite and takes it all anyway, though. No honor amongst thieves.) As I noted in a separate message, I think that if the killing starts it will not necessarily go as far as you propose. Since, when it is #17's change, all he needs is one extra vote, he can offer to split with #20 (who, as you note, will get nothing from #19 - so it is in his interest to accept any offer from #17 that is for at least 50% [anything less he should/could reject since #18 will/should offer him at least 50% to prevent #18 getting killed]). Also, I question WHO #1 should offer the split to. All he wants is 9 extra votes so it does not need to be #11-20. I'd think that #1-10 (if #1 wants part of the money) or #2-11 (if he does not but wants to hedge his bet by allowing for one "No" vote from that group) would be better since by voting "YES", each gets to not need to worry about coming up with a split or risking death (11-20 do not have this type of immediate threat hanging over their heads so they are more likely to vote "NO" and hope for a better deal [as the first ones start dropping dead, there are less votes needed so the "I'll Bribe you with part of the Split" offers are going to be worth more to those who are included]). From hal9001 at panix.com Sat Jul 27 00:12:34 1996 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Sat, 27 Jul 1996 15:12:34 +0800 Subject: Twenty Bank Robbers -- Game theory:) In-Reply-To: <199607251409.JAA16978@galaxy.galstar.com> Message-ID: At 9:09 -0500 7/25/96, Igor Chudov wrote: >Here's a puzzle for our game theorists. > >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's >how they plan to split the money: they stay in line, and the first guy >suggests how to split the money. Then they vote on his suggestion. If >50% or more vote for his proposal, his suggestion is adopted. > >Otherwise they kill the first robber and now it is the turn of guy #2 >to make another splitting proposal. Same voting rules apply. > >The question is, what will be the outcome? How will they split the >money, how many robbers will be dead, and so on? > >igor I've read the differing scenarios and they seem to fall into two groups - Either #1 makes an offer good enough to get 9 others to vote for it (and thus save his life) or there is a blood bath ending with #19 getting all the money and #20 with nothing but his life. I think that if the blood bath occurs it will not get to the 2 survivor stage. I think it will end at the 4 (or possibly 3) survivor stage. I base this analysis on #20's best outcomes and interests. He will survive no matter what (assuming that we ignore the cases where those who do not get their fair share wack those who got money and take it) so this is not an issue for him (he has no way of being killed for being too greedy). The amount of money that he will get is totally dependent on what the current "split proposer" offers him as an incentive to vote for the split (as noted, once #19 gets to the top of the queue, he can [will?] grab everything and cut out #20 so it is in #20's financial interest to vote for a prior robber who will offer him some of the money). Since the vote must be 50% or better for the proposed split, once it is #17's chance (ie: When we are down to only 4 robbers and 2 yes votes will "win"), he can get #20's vote by offering him at least 50% of the money (more than 50% will be an incentive to #20 to take the deal since if he goes thumbs down to a 50/50 split with #17, #18 will only need to offer #20 the same 50/50 deal ["its then 50% or nothing"] after #17 gets killed). #17 can hedge his bet by offering #18 some of the rest (assuming a secret vote or all voting at the same time in ignorance of how the other voted) since it might gain his vote (a split between 17&20 leaves #18 out in the cold so he might go for some money as opposed to none [in the case where #20 goes for 17&20 split]). From ichudov at algebra.com Sat Jul 27 00:20:25 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 27 Jul 1996 15:20:25 +0800 Subject: Bernstein files for partial summary judgement in crypto In-Reply-To: <199607270022.RAA09976@mail.pacifier.com> Message-ID: <199607270513.AAA08975@manifold.algebra.com> jim bell wrote: > Would digging up an embarrassing revelation about "our Nation or its people" > constitute "irreparable damage" sufficient to justify concluding that the > 1st amendment didn't apply? Had the fact that we'd slaughtered Indians in > the late 1800's been kept secret until today, would its discovery and > publication be that "irreparable damage" that regulation could legitimately > seek to prohibit? Would the news that the events leading up to the "Gulf of > Tonkin resolution" were a fraud cause "irreparable damage"? Would finding > out the truth about the Watergate incident cause "irreparable damage"? Just recall how the government harassed the smithsonian institution for their plans to put togethrr an exhibition about bombing of japan. i was profoundly disgusted (even though i am a militarist). - Igor. From sandfort at crl.com Sat Jul 27 00:20:27 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 27 Jul 1996 15:20:27 +0800 Subject: HACKER REPORT Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Just saw part I of a two-part series on "hackers" being broadcast by a local San Francisco TV station. Nothing horrible, in my opinion. The adroitly sidestepped the hacker/cracker distinction by saying the "hacker" has come to mean..." and then gave the negative, intrusive definition. The interviewed a spokesman for "InsWeb" an on-line insurance company that has been the target of "hackers." During the filmed segment, they did a trace-route on the intrusion which lead back to Germany. The explained "social engineering" and showed how a hacker could get someone to reveal their password. They also interviewed a San Jose computer crime cop named Keith Lowery. He didn't add much to the discussion. At the end, Pete Wilson (the TV guy, not the governor) said something like, "Hackers tells us that the problem may be overblown. Most people--and this includes most hackers--know the difference between right and wrong." Tomorrow's show should be more interesting (and possibly much more sensationalistic). Part II is "The Hacker Underground." Oooh, scary! S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Sat Jul 27 00:25:16 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 27 Jul 1996 15:25:16 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, anonymous-remailer at shell.portal.com wrote: > ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI > I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL > HACKERS AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI > IMMEDIATELY SO THAT THEY CAN TRACK YOU DOWN AND CLOSE THIS LIST. Damn! What were we thinking? We left that "who cypherpunks" back door open on majordomo at toad.com. Now "they" are going to come and get us all. Curses! Foiled again! And they say there is no legitimate use for 'ludes. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From alano at teleport.com Sat Jul 27 01:19:57 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 27 Jul 1996 16:19:57 +0800 Subject: The Four Horsemen Go to the Olympics! Message-ID: <2.2.32.19960727061522.00d86d78@mail.teleport.com> Well, there was an explosion at the Olympics... It may have been a bomb or it may have been a transformer. Expect this to be used as fuel as to why every one in America must be under constant survelance by the Government. The Four Horsemen are now an Olympic Event! --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From stewarts at ix.netcom.com Sat Jul 27 01:35:48 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 27 Jul 1996 16:35:48 +0800 Subject: Gambling Protocols Message-ID: <199607270636.XAA15637@toad.com> >>If Phil really believes he and I are at any credible legal risk >>for a making such a personal wager, he is a fool. The obvious approach is for some kind person to send encrypted email to both Phill and Sandy and offer to hold their digicash in escrow. What kind of protocol would it take to implement this correctly? The escrow agent needs to verify that the e-money is good (though not necessarily where it came from), and perhaps put some kind of lock on it to prevent double-spending by the bettors. The bettors need to be able to verify that the escrow agent hasn't ripped them off. (The escrow agent may have a certain amount of reputation with the two players, but may not be in a regular escrow business so he may be willing to rip them off, unlike a bank which probably doesn't want to risk its reputation. In a typical betting-escrow situation today, the escrow agent doesn't need much reputation because he's right there while the two bettors are arm-wrestling, shooting pool, trying to out-drink each other, or whatever, so he can't really abscond.) Non-payer-anonymous double-spender-identifying e-money would be one approach - if the escrow agent rips them off, he's traceable, and if one of the bettors double-spends, he gets fingered. Perhaps the escrow agent should deposit the money (and a key) with the bank and get back an encrypted set of money and a certificate saying the encrypted money is worth $X (which lets you use basic Chaumian first-spender-wins e-money.) Any better approaches? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From stewarts at ix.netcom.com Sat Jul 27 01:45:19 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 27 Jul 1996 16:45:19 +0800 Subject: LIMBAUGH ON TV [Political Rant] Message-ID: <199607270636.XAA15627@toad.com> At 02:27 PM 7/25/96 -0400, hallam at Etna.ai.mit.edu wrote: >The moral point is not that there is risk of being caught, it >is that society has made laws and unless there are exceptional >circumstances it is a duty to obey those laws. I haven't seen society making laws recently; I've seen societies tolerating governments and governments making laws, generally to benefit one special interest or another, and I include bureaucratic growth and self-preservation as special interests. I don't see how duty attaches to any of that. Duty attaches to keeping committments you've made to other people and living up to your moral values, and in spite of government telling me I've got a duty to it, I don't. Meanwhile, society is a bunch of individuals and the interactions they have with each other. If you want society to work well, there are lots of things you can and should do to help - but duties are to individuals. Letting other people live their lives in peace may count as a duty - and if it does, then governments have the duty not to make laws unless there are exceptional circumstances. The facts that people can lose money gambling or get stoned by taking drugs or make money by helping other people do these things are certainly not exceptional... >I don't argue against breaking laws which are immoral, indeed >I am still refusing to pay a Poll tax bill from the UK despite >the fact that the amount outstanding is inconsequential. Why? Aside from the fact that Maggie and the Parliament were quite obnoxious in enacting and implementing it, what's wrong? If you're think that some people's Fair Share of the cost of supporting society is higher than others', and object because this tax From dfloyd at IO.COM Sat Jul 27 01:52:44 1996 From: dfloyd at IO.COM (Douglas R. Floyd) Date: Sat, 27 Jul 1996 16:52:44 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI In-Reply-To: <199607270433.VAA28441@jobe.shell.portal.com> Message-ID: <199607270629.BAA09515@xanadu.io.com> > > I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS > AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY > CAN TRACK YOU DOWN AND CLOSE THIS LIST. > Troll. From stewarts at ix.netcom.com Sat Jul 27 02:07:33 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 27 Jul 1996 17:07:33 +0800 Subject: LIMBAUGH ON TV [Political Rant] Message-ID: <199607270636.XAA15632@toad.com> At 02:27 PM 7/25/96 -0400, hallam at Etna.ai.mit.edu wrote: >The moral point is not that there is risk of being caught, it >is that society has made laws and unless there are exceptional >circumstances it is a duty to obey those laws. I haven't seen society making laws recently; I've seen societies tolerating governments and governments making laws, generally to benefit one special interest or another, and I include bureaucratic growth and self-preservation as special interests. I don't see how duty attaches to any of that. Duty attaches to keeping committments you've made to other people and living up to your moral values, and in spite of government telling me I've got a duty to it, I don't. Meanwhile, society is a bunch of individuals and the interactions they have with each other. If you want society to work well, there are lots of things you can and should do to help - but duties are to individuals. Letting other people live their lives in peace may count as a duty - and if it does, then governments have the duty not to make laws unless there are exceptional circumstances. The facts that people can lose money gambling or get stoned by taking drugs or make money by helping other people do these things are certainly not exceptional... >I don't argue against breaking laws which are immoral, indeed >I am still refusing to pay a Poll tax bill from the UK despite >the fact that the amount outstanding is inconsequential. Why? Aside from the fact that Maggie and the Parliament were quite obnoxious in enacting and implementing it, what's wrong? If you're think that some people's Fair Share of the cost of supporting society is higher than others', and object because this tax treats everyone equally, the Politically Correct way to protest it would seem to be to pay _more_ tax because you're a well-paid technical person, not to pay _less_ tax because factory workers can't afford to pay as much as you.... >You sound like an 18th century fop challenging someone to a duel. Hey, an armed society is a polite society, and since you're being rude calling him a fop, he obviously ought to blow you away :-) (Just because I believe in the right to own weapons doesn't mean I have to _like_ the things or the arguments gun nuts make .....) >Would you believe that Continental is so lame that they do not >offer either the Sci-Fi channel nor the comedy channel in the >home town of MIT and Harvard? If I had realised that NBC >Olympic coverage would be as bad as it is I might have got a >satelite dish to pick up the feed from Astra. But Phil - Cable TV Regulation is the Law! It's the government helping protect you from dig-eat-dog competition! It's your _duty_ to watch government-enforced-monopoly TV and _like_ it! # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From jacquard at teleport.com Sat Jul 27 02:17:16 1996 From: jacquard at teleport.com (Shaun Clark) Date: Sat, 27 Jul 1996 17:17:16 +0800 Subject: Questions... In-Reply-To: Message-ID: <31F9C0A5.4BA4@teleport.com> Hello, I would rather I not be too blunt, but despite my generous interest in computer hacking cracking, and other such related topics, I have come to be confused by the mailer, can I ask any questions that I wish, or am I limited by some type of header subject? From jacquard at teleport.com Sat Jul 27 02:17:45 1996 From: jacquard at teleport.com (Shaun Clark) Date: Sat, 27 Jul 1996 17:17:45 +0800 Subject: Overwelmed with Stupidity... Message-ID: <31F9C2BC.5458@teleport.com> Ok, ok... Let me say something, but I don't want anyone to take this wrong. I'm not trying to be stupid, but I don't have half the knowledge you all seem to posses. For instance what the heck is a TRS-80, DES, or even GAK? I probabl;y know or have heard but, I'm not picking up on the three letter words. So, if you could help meout maybe I just might be able to start contributing activly to this mailer! From stewarts at ix.netcom.com Sat Jul 27 03:33:01 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 27 Jul 1996 18:33:01 +0800 Subject: The Four Horsemen Go to the Olympics! Message-ID: <199607270845.BAA17860@toad.com> At 11:15 PM 7/26/96 -0700, Alan Olsen wrote: >Well, there was an explosion at the Olympics... It may have been a bomb or >it may have been a transformer. >Expect this to be used as fuel as to why every one in America must be under >constant survelance by the Government. >The Four Horsemen are now an Olympic Event! Yeah, it's been a wild week. There was also an airplane hijacking today, which ended peacefully. The hijacker had a laptop wrapped in tinfoil he was claiming was a bomb.* And of course Clinton's first speeches after the TWA crash were "we don't have any evidence of terrorism yet but you'll all have to give up your civil liberties so we can do a better job of protecting you." ---- *Penn Jillette proposed that a good boot-up program for laptops and PDAs is one that displays a big timer counting backwards, for use in airports that want to see that you've got a real laptop. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From rich at c2.org Sat Jul 27 03:35:25 1996 From: rich at c2.org (Rich Graves) Date: Sat, 27 Jul 1996 18:35:25 +0800 Subject: HACKER REPORT In-Reply-To: Message-ID: On Fri, 26 Jul 1996, Sandy Sandfort wrote: > At the end, Pete Wilson (the TV guy, not the governor) said > something like, "Hackers tells us that the problem may be > overblown. Most people--and this includes most hackers-- Really? Hackers are people? -rich From jti at i-manila.com.ph Sat Jul 27 05:13:52 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Sat, 27 Jul 1996 20:13:52 +0800 Subject: Off Topic: Send e-mail to post to Usenet Message-ID: <01BB7BE8.26667AA0@ip66.i-manila.com.ph> How can I send e-mail to post my message to the Usenet without using the NNTP server of my ISP? I say this because my ISP's news server is not working 100% correctly, if not, it is not 100% dependable. From jwilk at iglou.com Sat Jul 27 05:25:08 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Sat, 27 Jul 1996 20:25:08 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI Message-ID: At 09:33 PM 7/26/96 -0700, anonymous-remailer at shell.portal.com wrote: >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY >CAN TRACK YOU DOWN AND CLOSE THIS LIST. > I find this rather comical. I think I'll add this to my web-site. Maybe then the FBI will close it down. :-) ========================================== Blake Wehlage ��� R�V�L����� B�+ ��mP@� � ��� Goto: http://members.iglou.com/jwilk From ceridwyn at wolfenet.com Sat Jul 27 06:08:52 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Sat, 27 Jul 1996 21:08:52 +0800 Subject: HACKER REPORT Message-ID: <2.2.32.19960727110434.006e366c@gonzo.wolfenet.com> >Just saw part I of a two-part series on "hackers" being broadcast >by a local San Francisco TV station. Nothing horrible, in my >opinion. The adroitly sidestepped the hacker/cracker distinction >by saying the "hacker" has come to mean..." and then gave the >negative, intrusive definition. Did somebody record this, and if so, could I send you a tape so you can copy it for me? Thanks... //cerridwyn// From pjn at nworks.com Sat Jul 27 07:15:29 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sat, 27 Jul 1996 22:15:29 +0800 Subject: EFFector Online 09.09: Mo Message-ID: In> "The Singapore government isn't interested in controlling information, In> but wants a gradual phase-in of services to protect ourselves. It's In> not to control, but to protect the citizens of Singapore. In our In> society, you can state your views, but they have to be correct." In> - Ernie Hai, coordinator of the Singapore Government Internet This was in the latest Effector Online... P.J. pjn at nworks.com ... Answers: $1, Short: $5, Correct: $25, dumb looks are still free. ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Sat Jul 27 07:22:18 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sat, 27 Jul 1996 22:22:18 +0800 Subject: Distributed DES crack Message-ID: In> Has anyone thought of asking RSA, etc, for help? If DES falls (so to In> speak) it yould make thare product more desirable. Hmmm... Damn good idea. P.J. pjn at nworks.com ... Captian's log, stardate 25970-point-5. I am nailed to the hull. ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Sat Jul 27 07:27:27 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sat, 27 Jul 1996 22:27:27 +0800 Subject: One of the biggest proble Message-ID: In> What our biggest problem is, is that people want the What our biggest problem is is people like you. And that is a hell of a rant for a person with too few balls to use a "normal" E-Mail acct. P.J. pjn at nworks.com ... Can not read right brain: bort etry rolic ___ Blue Wave/QWK v2.20 [NR] From frissell at panix.com Sat Jul 27 08:40:46 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 27 Jul 1996 23:40:46 +0800 Subject: Why the world needs privay protecting Ecash Message-ID: <2.2.32.19960727132151.008b7140@panix.com> At 02:20 PM 7/27/96 -0700, Timothy C. May wrote: >Who said it had to be in one day? I didn't. Most vacations to Europe last a >couple of weeks, e.g., "If this is Tuesday, I need to make a withdrawal in >Milano." The original definition of multiple transactions (structuring) said the transactions had to occur within one day. There is now a separate rule that says that the bank has to report *any* suspicious transactions even if they don't fall under specific regulations. Keep the population guessing as to what's reportable. >I think a lot of ATMs will now dispense big chunks of cash--I've never >checked on limits, but I notice that some CRT screens now have chunks up to >$600 or so listed. New York money center banks allow $1000 a day or so. Credit cards (which are also bank accounts although most don't think of them as such) let more get out and one can always over pay one's credit card to get a credit balance of any amount. They take the money. Usually in those cases, you can withdraw the credit limit each day and then when the account settles overnight it draws down the credit balance you've built up and your available credit is back. Some may do this "live" one would have to experiment. ATM and credit cards may also have different limits for point-of-sale transactions than for cash withdrawals. >Thanks. Still not sure if it applies, but I'd forgotten that it's up to the >banks to do the reports; good to know it's not up to me. You have to report taking cash (currency or monetary instruments) into or out of the country but you don't have to rat on yourself for cash transactions with a bank here. DCF From sparks at bah.com Sat Jul 27 08:46:19 1996 From: sparks at bah.com (Charley Sparks) Date: Sat, 27 Jul 1996 23:46:19 +0800 Subject: The Four Horsemen Go to the Olympics! Message-ID: ANybody got a big timer I can run at boot up ?? PC and MAC ? I travel a lot ! On Sat, 27 Jul 1996 01:43:11 -0700 Bill Stewart wrote: > At 11:15 PM 7/26/96 -0700, Alan Olsen wrote: > >Well, there was an explosion at the Olympics... It may have been a bomb or > >it may have been a transformer. > >Expect this to be used as fuel as to why every one in America must be under > >constant survelance by the Government. > >The Four Horsemen are now an Olympic Event! > > Yeah, it's been a wild week. There was also an airplane hijacking > today, which ended peacefully. The hijacker had a laptop wrapped > in tinfoil he was claiming was a bomb.* And of course Clinton's > first speeches after the TWA crash were "we don't have any evidence > of terrorism yet but you'll all have to give up your civil liberties > so we can do a better job of protecting you." > > ---- > *Penn Jillette proposed that a good boot-up program for laptops > and PDAs is one that displays a big timer counting backwards, > for use in airports that want to see that you've got a real laptop. > > # Thanks; Bill > # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com > # > # Dispel Authority! > ---------------------- Charley Sparks sparks at bah.com From sandfort at crl.com Sat Jul 27 08:49:55 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 27 Jul 1996 23:49:55 +0800 Subject: HACKER REPORT In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 27 Jul 1996, Rich Graves wrote: > On Fri, 26 Jul 1996, Sandy Sandfort wrote: > > > At the end, Pete Wilson (the TV guy, not the governor) said > > something like, "Hackers tells us that the problem may be > > overblown. Most people--and this includes most hackers-- > > Really? Hackers are people? MOST hackers. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From schryver at radiks.net Sat Jul 27 09:15:28 1996 From: schryver at radiks.net (Scott Schryvers) Date: Sun, 28 Jul 1996 00:15:28 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI Message-ID: <199607271407.JAA09592@sr.radiks.net> At 09:33 PM 7/26/96 -0700, you wrote: >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY >CAN TRACK YOU DOWN AND CLOSE THIS LIST. > I'm not. Yet. From WlkngOwl at unix.asb.com Sat Jul 27 09:50:15 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 28 Jul 1996 00:50:15 +0800 Subject: [NOISE] Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks Message-ID: <199607271502.LAA14230@unix.asb.com> On 27 Jul 96 at 4:49, and entity caling itself Timothy C. May wrote: [..] > Look, anyone is perfectly free to wear t-shirts espousing "Wimp Pride" and > saying "We're gimps, we're wimps, we're dweebs, and we're PROUD!" > > I just cringe when I meet young programmers at Cypherpunks who mumble "I'm > just a computer geek." Fine, I write them off as geeks. [..] > As for what people ought to call themselves, e.g., when journalists ask > what they are. just what is wrong with "engineer," "programmer," > "scientist," and "cryptographer"? I prefer reclaiming far more ancient terms. "Journeyman programmer" gets more attention than "Consultant" and actually describes something. 'nuff said. --Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jimbell at pacifier.com Sat Jul 27 10:12:53 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 28 Jul 1996 01:12:53 +0800 Subject: The Four Horsemen Go to the Olympics! Message-ID: <199607271514.IAA08581@mail.pacifier.com> At 01:43 AM 7/27/96 -0700, Bill Stewart wrote: >Yeah, it's been a wild week. There was also an airplane hijacking >today, which ended peacefully. The "funny" part of it, for those who remember the spate of hijackings in the early 70's, is that he hijacked a Cuba-bound airliner...to Miami! Jim Bell jimbell at pacifier.com From sparks at bah.com Sat Jul 27 10:30:43 1996 From: sparks at bah.com (Charley Sparks) Date: Sun, 28 Jul 1996 01:30:43 +0800 Subject: Lynx... Message-ID: <2.2.32.19960727153316.006eecb4@pop1.jmb.bah.com> -----BEGIN PGP SIGNED MESSAGE----- I have had it with all the cutsie moving graphics and Java intrusions on my feeble 28.8 connection. Can someone PLEASE tell me where I can get a copy of Lynx or similar text based browser for '95 and / or NT ? Thanks folks Charley -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCWAwUBMfo2quJ+JZd/Y4yVAQFPkAQIyBl+XmSRoJUlpDbof8FGNi4TGexivaux ZPPiyuCflseiw53077xP4FsF8Q1v5SgDe/87OCCDiG3XrWqOyRhah5IRmDw+3S2L brxbTc/oqwkCddAGglF08OGOIGHa8iK0x2KhRVZPStRopNbHgVIJiDJzcSFOeFLY mpj0jKto1s7+ =qxPe -----END PGP SIGNATURE----- Charles E. Sparks In God we trust, all others we encrypt ! http:/www.clark.net/pub/charley/index.htm Public Key At http://www.clark.net/pub/charley/cp_1.htm From mikev at is.co.za Sat Jul 27 10:37:51 1996 From: mikev at is.co.za (Mike van der Merwe) Date: Sun, 28 Jul 1996 01:37:51 +0800 Subject: Olympic bombing In-Reply-To: <31F9C2BC.5458@teleport.com> Message-ID: Hi all I can just see the FBI screaming "we need weaker encryption to combat terrosism on US soil" with nasty effects -- it seems all to many people, lawmakers included, will be only to happy to sacrifice their privacy that the FBI can better combat these terrorist acts (which could *of course* could been prevented had only the FBI been able to read their encrypted mail...) Somehow I got the feeling watching CNN that the FBI was given a shitload of ammo. Call me cynical but the Reichstag fire comes to mind... Later Mike ___________________ "Those that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin (1773) From jkenth at c2.org Sat Jul 27 10:38:20 1996 From: jkenth at c2.org (J. Kent Hastings) Date: Sun, 28 Jul 1996 01:38:20 +0800 Subject: Anonymous Web Services Inc. In-Reply-To: <199607262255.PAA22798@slack.lne.com> Message-ID: On Fri, 26 Jul 1996, Eric Murray wrote: > J. Kent Hastings writes:... > > I figure the digicrime site for provocateurs. > > Um guys, it's a joke...Check out the rest of the digicrime home page... Oh yeah, empty links. It's a trap, I tells ya! Kent From alanh at infi.net Sat Jul 27 10:57:23 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 28 Jul 1996 01:57:23 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI In-Reply-To: <199607270433.VAA28441@jobe.shell.portal.com> Message-ID: > I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS > AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY > CAN TRACK YOU DOWN AND CLOSE THIS LIST. At least will you let them grab us one at a time, slowly until elections, so that they don't run out of things to generate press releases with? From JonWienk at ix.netcom.com Sat Jul 27 11:00:13 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Sun, 28 Jul 1996 02:00:13 +0800 Subject: Publicly Verifiable Anonymous Voting System Message-ID: <199607271553.IAA28911@dfw-ix2.ix.netcom.com> [Begin Rant] As I write this, I am listening to the news coverage of the bombing in Centennial Park. The ABC news reports are already linking the suspected Georgia Militia members accused of plotting to use pipe bombs at the Olympic Games. Just like OKC, the militia-gun owner-right-wing extremist smear is gearing up before the blood has a chance to dry. On the other hand, the govt seems to be awfully reluctant to admit the obvious about TWA 800... [End Rant] Here is the how the voting system works. 1. All voting information (public keys, ballots, ballot signatures, etc.) is publicly available via a Web site or other similar means, and can be downloaded in its entirety by anyone who cares to take the trouble to do so. The software (and source code) used to generate ballots should be publicly available as well. 2. When someone registers to vote, they submit a RSA public key to a registered voter key database. The public key database does not contain voter information; only keys. Access to the key entry terminals is controlled, so that only registered voters can submit keys. A receipt is given to the voter with a hash of the key printed on it (PGP fingerprint style), the key entry clerk's name, a receipt serial number, etc., so the voter can verify the correct key was put in the system, and who to shoot if it wasn't. 3. On election day, each voter submits a ballot signed with their private key. The ballot contains the fingerprint of the voter's public key, the voter's choices, (preferably in a standardized ASCII format) and the digital signature. The ballot goes into the vote database regardless of whether it is valid or not. The voter receives a printed receipt confirming that the ballot was entered in the database, with a hash of the entire ballot (headers, signature, and all), receipt serial number, etc. 4. After the election, each voter can verify whether their public key and ballot are in the database, and see whether their vote is deemed valid or not (if the signature on the ballot can be verified by a key in the key database). If there are any discrepancies, the voter has the public key, the ballot, and the receipts to prove that his vote should be counted. 5. Since the key/vote databases are not connected to individuals, no one can connect votes to voters unless cheating occurs during the registration process. If there is fraud or other errors, the key/ballot/receipt combo is all that is necessary to prove the error--no identification of the bearer is required. 6. Keys in the system should expire every few years. Any comments / constructive criticisms welcome. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB From alanh at infi.net Sat Jul 27 11:05:50 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 28 Jul 1996 02:05:50 +0800 Subject: Questions... In-Reply-To: <31F9C0A5.4BA4@teleport.com> Message-ID: > Hello, I would rather I not be too blunt, but despite my generous interest in computer > hacking cracking, and other such related topics, I have come to be confused by the > mailer, can I ask any questions that I wish, or am I limited by some type of header > subject? Shaun, let me explain. There's a committee of seven people. Me, Tim May, David Sternlight, some assination-politics guy, some guy named Vultis or somesuch, and so on. Only if we're in unanimous agreement on the outcome of an issue, may you start a thread on a new topic. which then continues till the first posting which calls someone a Nazi. From alanh at infi.net Sat Jul 27 11:07:56 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 28 Jul 1996 02:07:56 +0800 Subject: Bernstein files for partial summary judgement in crypto In-Reply-To: <199607270513.AAA08975@manifold.algebra.com> Message-ID: It wqasn't the government who ridiculed the Smithsonian, it was private citizens. And if you call, letter-writing to the newspapers = harrasment, then you've set yourself inside a rather constrained emotional box, indeed. From mpd at netcom.com Sat Jul 27 11:26:56 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 28 Jul 1996 02:26:56 +0800 Subject: Overwelmed with Stupidity... In-Reply-To: <31F9C2BC.5458@teleport.com> Message-ID: <199607271623.JAA07683@netcom18.netcom.com> Shaun Clark writes: > Ok, ok... Let me say something, but I don't want anyone to > take this wrong. I'm not trying to be stupid, but I don't > have half the knowledge you all seem to posses. That's ok. Welcome to the list. > For instance what the heck is a TRS-80, DES, or even GAK? I > probabl;y know or have heard but, I'm not picking up on the > three letter words. So, if you could help meout maybe I just > might be able to start contributing activly to this mailer! TRS stands for "Technical Report Series." These are put out periodically by the computer science departments of major universities. TRS-80 is a monograph titled - "The Sternlight Effect: The Application of Nonlinear Matched Filters to the Reduction of Additive Gaussian Noise in Usenet Articles." DES stands for "Diethylstilbestrol", a synthetic estrogen given to women at high risk for miscarriage in the 1950's. Its use was discontinued when the daughters of those who took it were discovered to have a high incidence of vaginal and cervical adenocarcinomas. Male offspring suffered no life-threatening health problems from prenatal DES exposure, but were often afflicted with TWS. (Teeny Weeny Syndrome) And finally, GAK is the name for the green slime frequently seen to cover people on Nickelodeon, the childrens' cable channel. It is prepared from a variety of non-toxic ingredients in the Nickelodeon kitchens, and supposedly is safe to ingest, should one feel motivated to do so. Now that you know the secret Three Letter Abbreviations, you are an official Cypherpunk. Congratulations. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From nsyfrig at condor.depaul.edu Sat Jul 27 11:31:18 1996 From: nsyfrig at condor.depaul.edu (Nathan Syfrig) Date: Sun, 28 Jul 1996 02:31:18 +0800 Subject: The Four Horsemen Go to the Olympics! Message-ID: At 11:15 PM 7/26/96 -0700, Alan Olsen wrote: >Well, there was an explosion at the Olympics... It may have been a bomb or >it may have been a transformer. >Expect this to be used as fuel as to why every one in America must be under >constant survelance by the Government. >The Four Horsemen are now an Olympic Event! And here's your suspect (from anonymous): I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY CAN TRACK YOU DOWN AND CLOSE THIS LIST. Now all you have to do is match this sentence structure with the 911 tape. Maybe there's a correlation between an electronic fingerprint and fingerprints on the phone booth. This is very worrysome, as it truly is a "world stage" event that could really serve to galvanize various governments into uniting against strong non-escrowed crypto. Hey, it will look good for the international PR, never mind the fact that not everybody will be so 'diligent' in registering their keys and/or use the "approved" crypto. And of course, this country just purchased another IBM computer for "nuclear simulation". Gee, I wonder what else that power might be used for? (but then again, it's from IBM, purveyor of the Olympics computer services) Nathan (standard not-my-emplyers-views disclaimer) From JonWienk at ix.netcom.com Sat Jul 27 11:35:44 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Sun, 28 Jul 1996 02:35:44 +0800 Subject: HACKER REPORT Message-ID: <199607271621.JAA04860@dfw-ix6.ix.netcom.com> On Sat, 27 Jul 1996, Sandy Sandfort wrote: [snip] >On Sat, 27 Jul 1996, Rich Graves wrote: > >> On Fri, 26 Jul 1996, Sandy Sandfort wrote: >> >> > At the end, Pete Wilson (the TV guy, not the governor) said >> > something like, "Hackers tells us that the problem may be >> > overblown. Most people--and this includes most hackers-- >> >> Really? Hackers are people? > >MOST hackers. [snip] The rest, of course, are chupa-cabras, yeti, descendants of the Roswell crash survivors, and ATF agents... Jonathan Wienke From ceridwyn at wolfenet.com Sat Jul 27 11:42:55 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Sun, 28 Jul 1996 02:42:55 +0800 Subject: Fireworks expected, missed at Senate crypto hearing Message-ID: <2.2.32.19960727164414.006bec60@gonzo.wolfenet.com> >>more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the >>committee staff for leaning too far *away* from national security interests >>in their summary of the legislation. > >What does that mean? As opposed to what? (Gorton's my Senator, and I'm >going to give a little feedback to his local office...) (If you have Real-Audio capability, you can listen to the hearings at www.hotwired.com/wiredside). Basically he expressed his disappointment at the committee for having a biased view and having minds that were already made up regarding the issue, and he said he was beginning to lean towards the bill, but the attitude of the committee just might make him vote against it. He's my senator too and believe me he got some feedback! =) //cerridwyn// From snow at smoke.suba.com Sat Jul 27 12:04:34 1996 From: snow at smoke.suba.com (snow) Date: Sun, 28 Jul 1996 03:04:34 +0800 Subject: Overwelmed with Stupidity... In-Reply-To: <31F9C2BC.5458@teleport.com> Message-ID: On Sat, 27 Jul 1996, Shaun Clark wrote: > Ok, ok... Let me say something, but I don't want anyone to take this wrong. I'm not > trying to be stupid, but I don't have half the knowledge you all seem to posses. For > instance what the heck is a TRS-80, DES, or even GAK? I probabl;y know or have heard > but, I'm not picking up on the three letter words. So, if you could help meout maybe I > just might be able to start contributing activly to this mailer! > Don't worry about TRS-80, if you are lucky, you will never need to know, and if you are unlucky, well, let the horror wait until that point. GAK is Government Access to Keys. As for DES and the rest, try the standard primer Applied Cryptography, Protocols, Algorithms and Source Code in C by Bruse Schneier. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From minow at apple.com Sat Jul 27 12:05:57 1996 From: minow at apple.com (Martin Minow) Date: Sun, 28 Jul 1996 03:05:57 +0800 Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks In-Reply-To: Message-ID: Igor asks: >OK, I am a foreigner. Can anyone explain me what the word "geek" means >and what are the origins of this word? Originally, it referred to a carnival sideshow character who killed chickens by biting off their heads. It now means a social misfit, and we all know that computer programmers have no normal life. Don't ask why I'm online at 10 PM Friday night. Martin. From minow at apple.com Sat Jul 27 12:11:54 1996 From: minow at apple.com (Martin Minow) Date: Sun, 28 Jul 1996 03:11:54 +0800 Subject: Vote early, vote often Message-ID: I've uploaded my entry in the "Big Java Applet" contest. The best way to locate it (your vote counts) is to point Netscape to http://www.jade.org:8001/jade/show_entries?inCat=Global_Community The best way to view it from a Macintosh is to point the Sun Applet viewer to http://www.vmeng.com/pub/minow/SunClock.html Although you can also use NetScape 3.0b5 to view it, this release seems to have drawing problems on the Macintosh. I haven't tried other browsers. Your comments and improvements are welcome. There is very little Cypherpunks relevance, although "phase of the moon" may be a useful number to mix into a random number generator. (The source is available from the website.) Martin. From alano at teleport.com Sat Jul 27 12:12:18 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 28 Jul 1996 03:12:18 +0800 Subject: Fireworks expected, missed at Senate crypto hearing Message-ID: <2.2.32.19960727172611.00e106c8@mail.teleport.com> At 09:44 AM 7/27/96 -0700, Cerridwyn Llewyellyn wrote: > >>>more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the >>>committee staff for leaning too far *away* from national security interests >>>in their summary of the legislation. >> >>What does that mean? As opposed to what? (Gorton's my Senator, and I'm >>going to give a little feedback to his local office...) > >(If you have Real-Audio capability, you can listen to the hearings at >www.hotwired.com/wiredside). >Basically he expressed his disappointment at the committee for having a >biased view and having minds that were already made up regarding the issue, >and he said he was beginning to lean towards the bill, but the attitude of >the committee just might make him vote against it. >He's my senator too and believe me he got some feedback! =) I would not trust Slade Gordon as far as I can shoot him with a tree shreader. Gordon was the CO-SPONSOR of the CDA. Exon got all the press, but Gordon was just as responsible. (Maybe the netfolk ought to make that fact well known when he comes up for re-election. Hint! Hint!) Where issues of freedom are involved, I doubt if he is on our side. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From jimbell at pacifier.com Sat Jul 27 12:15:32 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 28 Jul 1996 03:15:32 +0800 Subject: Olympic bombing Message-ID: <199607271652.JAA12072@mail.pacifier.com> At 05:41 PM 7/27/96 +0200, Mike van der Merwe wrote: > >Hi all > >I can just see the FBI screaming "we need weaker encryption to combat >terrosism on US soil" with nasty effects -- it seems all to many people, >lawmakers included, will be only to happy to sacrifice their privacy that >the FBI can better combat these terrorist acts (which could *of course* >could been prevented had only the FBI been able to read their encrypted >mail...) > >Somehow I got the feeling watching CNN that the FBI was given a shitload >of ammo. Call me cynical but the Reichstag fire comes to mind... > >Later >Mike This was on another list. It expresses my sentiments quite well. >Received: from ez0.ezlink.com (lneil at ez0.ezlink.com [199.45.150.1]) by bud.indirect.com (8.7.4/8.6.6) with SMTP id UAA15498; Fri, 26 Jul 1996 20:36:06 -0700 (MST) >Received: by ez0.ezlink.com id AA20227 > (5.67b/IDA-1.5); Fri, 26 Jul 1996 21:36:25 -0600 >Date: Fri, 26 Jul 1996 21:36:25 -0600 >From: "L. Neil Smith" >Message-Id: <199607270336.AA20227 at ez0.ezlink.com> >To: mongoose at indirect.com >Subject: TWA 800 and Atlanta >Cc: tompkins at indirect.com > >TWA 800 AND THE POLICE STATE OF GEORGIA > >By L. Neil Smith > >Special to _The Libertarian Enterprise_ > > I've been sitting around all week, watching the Olympics whether I >like it or not, because my wife and daughter want to watch them, and I >can deny them nothing. > > In between undeniably dramatic moments -- astonishingly courageous >little girls "playing hurt", as if they were major-league football >players -- I've been treated to story after story of how, due to the >efforts of thousands of uniformed professional paranoids, Georgia, USA >is coming to resemble _Soviet_ Georgia. The sight of _hundreds_ of >trailers moved in to house these security "troops" is demoralizing in >and of itself to anyone with a regard for a free society. > > At the same time, I've been a TV witness to the tragedy of TWA >Flight 800 and an ignoble struggle by network fear-vampires to wring >the story of its last delectable drop -- "It was a bomb!" "It was a >missile!" "It was a bomb!" "It was a missile!" -- the whole thing >beginning to sound like a macabre Certs commercial. > > Over it all hung the spectre of international terrorism, and the >swollen, corrupt, bulbous-nosed, droopy-jowled visage of a politician >(no "New Democrat" as it turns out, but just another damned fascist) >grimly determined -- exactly like Richard Milhous "Guns are an >Abomination" Nixon before him -- to be the last democratically elected >President of the United States: William Jefferson Blythe Clinton. > > Clinton -- aided by his vile minions, the national "news" media -- >went into raptures of ecstasy, listing all the ways that the freedom >of Americans would have to be curtailed (Clinton has spoken of this >before; it's a favorite theme of his) due to the heinous act he >transparently hoped had been committed against TWA 800. > > Afterward, the round-heeled sprayheads obligingly searched out the >usual street-cretins to rubberstamp Our Glorious Leader's latest Five >Minute Plan, and add that they wouldn't mind at all paying extra for >the "service" of having their inalienable rights violated even worse >-- within the increasingly Bulgarian-style compounds American airports >have become -- than they're being violated now. > > But there's a simpler, more effective way to prevent the criminal >acts generally labelled "terrorism" that Clinton and his idiot-box >doxies don't want anyone to know about. Behind virtually every >terrorist attack we've ever seen or suffered, it's relatively easy to >discover vicious and repeated acts of aggression against innocent >individuals by the state. > > Preceeding the highly-publicized excesses of the Irish Republican >Army, for example, we find 850 years of violent occupation by an >exceptionally brutal foreign power that's managed to con the world >into believing that it's civilized. > > Half a hundred years of Middle Eastern terror arise directly from >the fact that, instead of coming to America -- the appropriate refuge >for "huddled masses yearning to breathe free" -- either before or >after World War II, European Jews decided to take somebody else's land >away, and treat their victims the same way they themselves were >treated by the Nazis. (In fairness, at least before the war, would-be >refugees from Hitler's terroristic state weren't given much choice, at >least not by the American Medical Association, the American Bar >Association, and the Roosevelt Administration, all of whom worked >overtime, keeping out imported professional competition.) > > Similarly, there would never have been an Oklahoma City had there >never been a Ruby Ridge or Waco. If Clinton had any real interest in >reducing the threat of "domestic terrorism" (he most assuredly does >not: terrorism, like war before it, has become "the health of the >state") instead of ratcheting government controls tighter around the >necks of 250 million Americans who've done nothing wrong, he'd >immediately arrest, try, convict, and punish all of those responsible >for Ruby Ridge and Waco, abolish the outlaw agencies in whose names >they were perpetrated, and repeal or nullify the unconstitutional laws >which provided them their justification. > > The trouble is, he'd have to arrest, try, convict, and punish >_himself_. > > Oh, yeah, the plan: the best-kept "secret" of our overly- >governmentalized age is that terrorism almost invariably >_reactionary_; simply stop doing things -- things you shouldn't be >doing anyway -- that cause terrorists to attack you and the attacks >will stop. > > Terrorism is the price that governments -- and their hostage >subjects -- pay for exercising illegitimate power. Despite pundits >whose ignorance is exceeded only by their presumption (_Wall Street >Journal_'s Paul Gigot leaps immediately to mind) 20th century history >demonstrates beyond a shadow of a doubt that no further expansion of >that power will do anything but make make the problem worse. > > Benjamin Franklin warned us, more or less, that anyone who trades >liberty for safety is a fool, in part, because there ain't no such >_thing_ as safety. > > We're reminded by Amnesty International that more individuals have >been murdered by governments in this century -- well over 100 million >-- than have died in its wars (war itself being a government >enterprise, as well), proving that government is a worse threat than >anything it claims to protect us from. Tragedies like TWA 800 is >presumed to be, represent a failure of the _state_ -- of the very >_idea_ of the state -- and it is the state, not individuals, that must >be penalized, by reducing its income, and especially the power it >wields over individual lives. > > Americans are famous the world over for doing what was never done >before. It's time we did something historically unprecedented again. >We flew the first airplane; we sent the first men to the Moon. Both of >those were possible _only_ because we were the first people ever to >tell a King to go to hell. > > Now it's time to tell a President to go to hell. It's time to be >the first people ever to _refuse_ to be steam-rollered out of our >liberties by jackbooted thugs claiming to protect us from people and >events that don't threaten any of us nearly as much as the thugs >themselves. > >=================================== > >L. Neil Smith's award-winning first novel, _The Probability Broach_, >which has long been out of print, will be republished by TOR Books >this October. Permission to redistribute this article is herewith >granted by the author, provided that it is reproduced unedited, in its >entirety, and appropriate credit given. > > > Jim Bell jimbell at pacifier.com From tcmay at got.net Sat Jul 27 12:19:25 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 03:19:25 +0800 Subject: Pie cutting algorithm Message-ID: At 3:40 AM 7/27/96, Rollo Silver wrote: >Tim May said: ><< ObCrypto Sidebar: The "fair" method for dividing a pie between two people >I (RS) believe Claude Shannon proposed the following N-person pie-cutting >algorithm more than 25 years ago: Thanks! I should've suspected that The Master had worked on this problem. >Tim May: as a Licensed Ontologist, do you know who made the wiseassed (but >deep) remark "Ontology recapitulates Philology"? or for that matter, >"Oncology recapitulates Proctology". No, but my friend Chip Morningstar pointed out that "ontology recapitulates philately," (For those befuddled by these jokes, the biological original was "ontogeny recapitulates phylogeny," which means that the morphological development of a fetus in the womb retraces, or recapitulates, the morphological development throughout history of the species, roughly. Thus, gills, fins, etc.) --Tim Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sat Jul 27 12:21:39 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 03:21:39 +0800 Subject: The Four Horsemen Go to the Olympics! Message-ID: At 4:32 PM 7/27/96, Nathan Syfrig wrote: >This is very worrysome, as it truly is a "world stage" event that could >really serve to galvanize various governments into uniting against strong >non-escrowed crypto. Hey, it will look good for the international PR, >never mind the fact that not everybody will be so 'diligent' in registering >their keys and/or use the "approved" crypto. Well, the large crowds milling in public squares with massive numbers of world journalists watching...a classic series of "soft targets." If several million-dollar bomb sniffers are placed in all airports, the terrs will just shift to _trains_, as experts point out. Or _ships_. Or _crowds_. Next time you're out driving around, think of places where a car bomb could take out dozens of people, or where a bag or backpack could take out crowds. (The Mad Bomber in New York or Boston killed quite a few people by using lockers in public places....kind of hard to put bomb sniffers in all such places. And bomb technology, timers, detonators, etc. have advanced apace in the last several decades since the Mad Bomber.) While I don't claim there is nothing to be done about terrorism, the fact is that modern nations highly value free travel and often mingle in "soft target" areas. Even a police state wherein people's movements are carefully controlled cannot fully avoid such acts. By the way, the airline solution is not too difficult to visualize: 1. Eliminate checked baggage, or at least require those with checked baggage to deposit it enough hours in advance to be inspected and to pay any surcharges for this inspection. (I try to only have carry-on baggage, and this seems to be a major trend.) 2. Let the market decide. Airlines could announce their baggage inspection policy, and customers could decide on the tradeoffs between increased inspections and higher costs, and greater confidence in security. I think I'll repost my "Soft Targets" piece of a few weeks ago, in the light of TWA 800 and this morning's bomb in Atlanta. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ceridwyn at wolfenet.com Sat Jul 27 12:29:27 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Sun, 28 Jul 1996 03:29:27 +0800 Subject: "privatizing" phones? Message-ID: <2.2.32.19960727172110.006e30bc@gonzo.wolfenet.com> >While shopping for a new phone recently, I came across >two models (Toshiba and Uniden I believe) that >have buttons to "privatize" you conversations. These >were on no-cord models. Does anyone have any idea >on what these actually do? Can the phones change > the frequency the call is on randomly >so people can't tune into it? I know cellulars offer something >similar. Personally, I would never put much faith into >something of this sort. Even if they did change the frequency the call was on, it would be a simple matter to decode how the frequency change was negotiated, and "follow" the call (also easily accomplished with cellular calls). Failing that, there is a very limited range of frequencies allocated for cordless fones, and simply re-scanning for the conversation is a trivial inconvenience. //cerridwyn// From JeanPaul.Kroepfli at ns.fnet.fr Sat Jul 27 12:34:50 1996 From: JeanPaul.Kroepfli at ns.fnet.fr (Jean-Paul Kroepfli) Date: Sun, 28 Jul 1996 03:34:50 +0800 Subject: Overwelmed with Stupidity... Message-ID: <01BB7BF2.DF9051E0@JPKroepsli.S-IP.EUnet.fr> Shaun Clark[jacquard at teleport.com] wrote 27 juillet 1996 09:18 >For instance what the heck is a TRS-80, DES, or even GAK? TRS-80: A venerable microcomputer, twenty years ago (Tandy Radio Shack, I believe with 80 columns); many experiences begin with this one (and Altair (some years before) or Apple II). DES: Data Encryption Standard, a (also venerable) cryptography algorithm, it has a too short key (56 bits effective) but a good design. Recycled, with TripleDES (or 3DES), in a three pass function. GAK: Government Access to Key, his private key must be deposited (mandatory or pushed voluntary) to a public or private (registered) agency. The Law Enforcement Agencies (and intelligence agencies, but sh!) have access to the key with a court order (nobody is smiling). Jean-Paul ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- Jean-Paul et Micheline Kroepfli (our son: Nicolas and daughter: Celine) eMail: JeanPaul.Kroepfli at utopia.fnet.fr Also Compuserve and MSNetwork Phone: +33 81 55 52 59 (F) PostMail: F-25640 Breconchaux (France) or: +41 21 843 27 36 (CH) or: CP 138, CH-1337 Vallorbe Fax: +33 81 55 52 62 (Switzerland) Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting PGP Fingerprint : 19 FB 67 EA 20 70 53 89 AF B2 5C 7F 02 1F CA 8F "The InterNet is the most open standard since air for breathing" From jya at pipeline.com Sat Jul 27 12:43:29 1996 From: jya at pipeline.com (John Young) Date: Sun, 28 Jul 1996 03:43:29 +0800 Subject: COL_oss Message-ID: <199607271737.RAA10853@pipe2.t2.usa.pipeline.com> 7-27-96. FiTi: "Colossus faces rebirth into a world of dispute." The man behind the resurrection of Colossus is Tony Sale, a computer expert and former MI5 operative who once worked for Peter Wright of "Spycatcher" fame. Its reconstruction, now in its final weeks, is not merely an act of homage to the mathematical supermen of Bletchley who hastened the Allied victory over the Nazis. Neither is it just a triumph over the official secrecy in which the machine was cloaked until a few years ago. It is a working demonstration of Sale's contention that Colossus was the world's first computer. So sophisticated was the machine intelligence at Bletchley Park that the very existence of Colossus was not revealed until 1970, according to Tony Sale. After the war the government ordered 10 Colossi to be broken up -- some say as part of an intelligence deal with the Americans. Gripped by a desire to assert the claims of Colossus, the former MI5 man asked GCHQ to reinstate his security clearance so he could work on the project. The parts could be found in any British telephone exchange up to the 1970s. Yet it took until 1992 to get all the electronics declassified. Only last November was Sale allowed to demonstrate the machine's ability to break the Lorenz wheel settings. Even today members of the public are forbidden to operate Colossus: some of its codebreaking algorithms are still, it seems, a secret. ----- http://jya.com/coloss.txt (15 kb) COL_oss From gregorye at microsoft.com Sat Jul 27 12:51:59 1996 From: gregorye at microsoft.com (Gregory Ellison) Date: Sun, 28 Jul 1996 03:51:59 +0800 Subject: Overwelmed with Stupidity... Message-ID: >Shaun Clark writes: > > > Ok, ok... Let me say something, but I don't want anyone to > > take this wrong. I'm not trying to be stupid, but I don't > > have half the knowledge you all seem to posses. > and Mike Duvos replies: >That's ok. Welcome to the list. > then proceeds to pull Mike's leg by telling him TRS-80 is a technical paper by David Sternlight, DES is a synthetic estrogen that shrinks your dick, and GAK is green slime on a kiddie show. In my mind, this is just schoolyard bully-ism at the expense of the "new kid." Really mature, really nurturing of the serious values and issues this list exists to disseminate. Go back to second grade, Mike. I, too, am a relative newcomer to this list, and have not participated very actively because I'm having a hard time gauging the balance between the genuinely useful technical and philosophical issues being discussed (of which there are many) and the childish, irrational ranting and insulting pseudo-intellectual one-upsmanship being bantered about (of which there is far too much). If people like Mike Duvos can't bring themselves to offer any useful information to newcomers who earnestly ask, they could at least refrain from insulting them for the "crime" of not knowing. Shaun, TRS-80 is an early line of microcomputers produced by Radio Shack, DES is a (not very secure) encryption algorithm supported by the Bureau of Standards, and GAK stand for "govenment access to keys," the position that the government should have access to all private keys (in escrow, of course) just in case there is a "legitimate" need to listen in on anybody's private communications. I believe in the values this list was founded to promulgate, and I value it for the open political, technical and philosopical discussions of issues crucial to our time. And, yes, it's great to have fun, too, but does it always have to be mean-spirited fun at someone else's expense? -- Gregory "Opinions expressed herein are entirely my own and not the opinions of my employer." PGP key for is on the keyservers > From ichudov at algebra.com Sat Jul 27 13:01:04 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 28 Jul 1996 04:01:04 +0800 Subject: Publicly Verifiable Anonymous Voting System In-Reply-To: <199607271553.IAA28911@dfw-ix2.ix.netcom.com> Message-ID: <199607271806.NAA12990@manifold.algebra.com> JonWienk at ix.netcom.com wrote: > > Here is the how the voting system works. > > 1. All voting information (public keys, ballots, ballot signatures, etc.) is > publicly available via a Web site or other similar means, and can be downloaded > in its entirety by anyone who cares to take the trouble to do so. The software > (and source code) used to generate ballots should be publicly available as well. or usenet > > 2. When someone registers to vote, they submit a RSA public key to a > registered voter key database. The public key database does not contain > voter information; only keys. Access to the key entry terminals is > controlled, so that only registered voters can submit keys. A receipt > is given to the voter with a hash of the key printed on it (PGP > fingerprint style), the key entry clerk's name, a receipt serial > number, etc., so the voter can verify the correct key was put in the > system, and who to shoot if it wasn't. so the authority that controls the voting knows to whom the keys belong. When voters submit their votes, they will know who signed these votes. I do not see how this system is anonymous. Look into "Applied Cryptography" By Schneier, 2nd edition, Page 125. - Igor. From tcmay at got.net Sat Jul 27 13:01:40 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 04:01:40 +0800 Subject: [REPOST] The Net and Terrorism Message-ID: [I sent this out on 29 June 1996. In light of recent events, the comments about "soft targets" seem worth mentioning again. I doubt my comment, "A few airliners will shot down by Soviet surface-to-air missiles. This is unsurprising." will get me any visits from the FBI, as this is the consensus of folks far more expert than I. Likewise, my closing coment, "avoid crowded downtown areas," was just common sense, not a tip-off to the Atlanta bombing.] There have been many recent reports linking the Net and anonymous remailers, pseudonyms, and (of course) strong crypto to various possible and actual terrorist events, with an emphasis on the "possible." (If the Net is linked to _actual_ terrorist incidents, little is being disclosed publically as of yet.) Recent comments by John Deutch, William Perry, and Louis Freeh make reference to the growing danger of the Net. And the "Russian mafia" is playing a major role in this debate; I won't recap the various articles in major magazines about arms sales from the former Soviet Army, the reports that an entire paramilitary unit of the KGB is now working for the Russian mafia, and the obvious corruption of the entire former Soviet system (I'm not saying it wasn't corrupt before, just that now the paymasters have changed). Can anything be done? To stop the likely effects of lots more surface-to-air missiles, lots more nerve gas available on the black market, and so on? In a word, "no." I've been thinking about this a lot, reading the various articles, and pondering the implications. The plain fact is that the modern world is one of great "liquidity," and the vast amount of arms built up by the U.S.S.R. (thanks in large part to responding to a similar build-up in the U.S., without taking any sides...) are now "leaking out" in increasing numbers. (The leakage is quite similar to that seen in the 1975-79 period, when thousands of tons of armaments abandoned by the U.S. in Viet Nam were sold around the world. Except, of course, that the the Soviet weapons include some interesting new things.) Not even a police state can stop armaments from being diverted in situations such as faced in the former U.S.S.R. (For those not familiar with the conditions, read up on it. The combination of former command economy, secret police, selling off of industry to highest bidders, lack of a conventional industrial base...all of this makes it nearly unavoidable that much of the former state industry is now controlled by black marketeers and former Party apparatchniks....after all, who else would have the money to buy these former State industries?) In fact, a former police state does not change its stripes. The names and paymasters change a bit, but the organism lives on. (One need only look at the police states of Central and South America and their platitudes about the "Drug War" to understand the realities of such markets.) Unbreakable crypto will of course be used. This is unsurprising. A few airliners will shot down by Soviet surface-to-air missiles. This is unsurprising. I expect a city or two to get nuked in the next decade or so. (Haifa or Tel Aviv would be my leading candidates.) To me, this is unsurprising. My personal solution dovetails with other perceived threat responses: avoid living in or near major cities and take reasonable measures to cope with moderate economic or physical crises. (No, I am not a "survivalist," just mentally and physically prepared to deal with a major earthquake, economic dislocation, or terrorist incident in San Jose, which is 30 miles north of me.) FBI Director Louis Freeh and the TLA spooks are already sounding the alarm about the "Four Horsemen." Sen. Sam Nunn is calling for measures to ensure that cyberspace is "secured" and that the Net is not used to further chemical and biological terrorism. The point is that even a police state cannot stop the consequences of the increased "degrees of freedom" the modern world (and the Net) provides. In fact, police states tend to make the scale of the corruption even greater, as the Soviet and Latin American examples show. (I could of course get into the examples of arms dealings in Iran-Contra, the CIA's role in covert arms supply, etc., but this should be self-evident to all.) An Australian radio journalist asked me if the Net could make possible new types of terrorism, and could allow terrorists to plot crimes in new ways. He seemed surprised when I said "Of course" and then proceeded to give some examples of how the Net can be used to undermine governments (what those governments of course refer to as "terrorism," even when it is mostly not). I'm not advocating such "terrorism," by the way, merely telling it like it is. Arguing that the Net cannot and will not be used in such ways is naive and ultimately counterproductive. It is more accurate and useful to point out that the increased role of terrorism is due to many factors, including prominently the vast amount of armaments in the world, the role of police states which have benefitted from these build-ups in the military-industrial complex, the expansion of "virtual communities" around the world, and, crucially, the expanded number of degrees of freedom in transportation, communication, banking, and other such Information Age channels. Keep your head down, avoid crowded downtown areas, prepare for moderate disruptions, and reject arguments that an American Police State will do anything to stop terrorism. (Remember, terrorism is just warfare carried on by other means, with apolgies to Von Clausewitz.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mpd at netcom.com Sat Jul 27 13:06:30 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 28 Jul 1996 04:06:30 +0800 Subject: Overwelmed with Stupidity... In-Reply-To: Message-ID: <199607271755.KAA17499@netcom11.netcom.com> Gregory Ellison writes: > then proceeds to pull Mike's leg by telling him TRS-80 is a > technical paper by David Sternlight, DES is a synthetic > estrogen that shrinks your dick, and GAK is green slime on a > kiddie show. Well, I will admit the first one was satire, but the last two were perfectly accurate. For the humor impaired, this is an example of AOL. (That's Acronym OverLoad, not to be confused with the popular online service.) You see, Gregory, there are far more things in the universe than there are three letter abbreviations for them. Hence, as the number of acronyms increases, collisions are inevitable. Asking "What is GAK?" or "What is ATM?" is really not well-defined outside of a narrow discipline. > Really mature, really nurturing of the serious values and > issues this list exists to disseminate. > I, too, am a relative newcomer to this list, ... As is evident. > Shaun, TRS-80 is an early line of microcomputers produced > by Radio Shack, "TRS" is also an excellent line of precision torque sensors, should you be in the market for one. > I believe in the values this list was founded to > promulgate, and I value it for the open political, technical > and philosopical discussions of issues crucial to our time. > And, yes, it's great to have fun, too, but does it always > have to be mean-spirited fun at someone else's expense? Har! If you want "mean-spirited fun", drop into rec.pets.cats sometimes. Methinks you live a sheltered life. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From dbell at maths.tcd.ie Sat Jul 27 13:13:45 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Sun, 28 Jul 1996 04:13:45 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI In-Reply-To: <199607270433.VAA28441@jobe.shell.portal.com> Message-ID: <9607271904.aa21871@salmon.maths.tcd.ie> In message <199607270433.VAA28441 at jobe.shell.portal.com>, anonymous-remailer at sh ell.portal.com writes: >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY >CAN TRACK YOU DOWN AND CLOSE THIS LIST. Troll, troll, troll your post gently down the stream. Merrilly, merrilly, merrilly, merrilly, your threat is just steam. Derek From david at sternlight.com Sat Jul 27 13:15:54 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 28 Jul 1996 04:15:54 +0800 Subject: Anonymous Web Services Inc. In-Reply-To: Message-ID: At 3:55 PM -0700 7/26/96, Eric Murray wrote: >J. Kent Hastings writes: >> >> Deranged and cpunx, >> >> I figure the digicrime site for provocateurs. >> Ignore them and they'll go away, or what? > > >Um guys, it's a joke. If so it's not a very good one. Like the earlier similar one last year, he's probably going to attract unwelcome attention and end up on some lists he'd just as soon not be on. It's the same principle by which airline personnel take bomb jokes very seriously. Make one and your trip will be rather longer and less direct than you expected. David From david at sternlight.com Sat Jul 27 13:56:30 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 28 Jul 1996 04:56:30 +0800 Subject: Pie cutting algorithm In-Reply-To: Message-ID: At 8:40 PM -0700 7/26/96, Rollo Silver wrote: >Tim May: as a Licensed Ontologist, do you know who made the wiseassed (but >>deep) remark "Ontology recapitulates Philology"? Was he being definite? David From pjn at nworks.com Sat Jul 27 14:01:25 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sun, 28 Jul 1996 05:01:25 +0800 Subject: "privatizing" phones? Message-ID: In> have buttons to "privatize" you conversations. These In> were on no-cord models. Does anyone have any idea Hmmm... To Privatize a cordless phone, one would have to turn it off. P.J. pjn at nworks.com ... Save the whales...harpoon a politican! ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Sat Jul 27 14:04:36 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sun, 28 Jul 1996 05:04:36 +0800 Subject: HACKER REPORT Message-ID: In> Just saw part I of a two-part series on "hackers" being broadcast In> by a local San Francisco TV station. Nothing horrible, in my In> opinion. The adroitly sidestepped the hacker/cracker distinction In> by saying the "hacker" has come to mean..." and then gave the In> negative, intrusive definition. <> In> Tomorrow's show should be more interesting (and possibly much In> more sensationalistic). Part II is "The Hacker Underground." In> Oooh, scary! Christ. They are almost taking this chapter-for-chapter out of The Hacker Crackdown... P.J. pjn at nworks.com ... Descartes of Borg - "I assimilate, therefore I am." ___ Blue Wave/QWK v2.20 [NR] From vagab0nd at sd.cybernex.net Sat Jul 27 14:18:48 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Sun, 28 Jul 1996 05:18:48 +0800 Subject: Public vs. Private Munitions Message-ID: <2.2.32.19960727192453.0069bd10@mail.sd.cybernex.net> Here's how I understand it: The U.S. Government, concerned only with making America a safer place for us taxpayers to live in, wants to regulate domestic encryption in order to have access to the content of all transmissions. Their theory is that any cryptosystem that is stronger than their cryptanalysis systems can be used in illegal transmissions and should be considered munitions. Theoretically, the government should only be have the resources to control commercially-available, public encryption systems. Who is to stop anyone from designing their own cryptosystem for personal use? If the government intercepted a transmission from this private cryptosystem, and could not decrypt it, would they assume that it must be considered munitions? Similarly, anyone could send uniformly-formatted random garble that could also be considered munitions, or at least waste the governments processing time. Why are we so worried about government regulation? Can't we just devise our own cryptosystems and just don't sell them or make them publicly available? vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From david at sternlight.com Sat Jul 27 14:40:37 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 28 Jul 1996 05:40:37 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: Here's another: Twenty beautiful women are to pass before you, one by one (or 20 handsome men). You see only one at a time. You cannot speak to them. After seeing any one, you must pick her or reject her. If you reject her, you cannot change your mind. If you pick her the exercise terminates. What is the optimal strategy for insuring you get the most beautiful woman possible under the circumstances? David From alano at teleport.com Sat Jul 27 14:49:35 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 28 Jul 1996 05:49:35 +0800 Subject: The Four Horsemen Go to the Olympics! Message-ID: <2.2.32.19960727182820.00d65a58@mail.teleport.com> At 03:22 AM 7/28/96 -0700, Timothy C. May wrote: >By the way, the airline solution is not too difficult to visualize: > >1. Eliminate checked baggage, or at least require those with checked >baggage to deposit it enough hours in advance to be inspected and to pay >any surcharges for this inspection. (I try to only have carry-on baggage, >and this seems to be a major trend.) > >2. Let the market decide. Airlines could announce their baggage inspection >policy, and customers could decide on the tradeoffs between increased >inspections and higher costs, and greater confidence in security. > >I think I'll repost my "Soft Targets" piece of a few weeks ago, in the >light of TWA 800 and this morning's bomb in Atlanta. Actually, if I wanted to blow up the Portland airport, all I would do is set up a mortar up on the hills overlooking the airport. The entire airport is pretty visible from those hills. There is no way to completely eliminate terrorism. And since the imposition of order tends to promote the escalation of disorder, I expect it to only get worse... And the only people to "win" will be the control freaks. --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From tcmay at got.net Sat Jul 27 14:54:59 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 05:54:59 +0800 Subject: "Soft Targets" as Schelling Points Message-ID: The connection should be clear, but in case it is not: many soft targets are Schelling points for terrorist actions. Putting yourself in the mind of a terrorist or militia crazy or whatever, where would you attack? The Olympics, obviously. (And security officials of course see the same Schelling point, hence the unprecedented security measures and presence.) Given that most Olympic events are well-guarded, etc., what's the next target to look at? Crowded public gatherings, where the "message" can still be delivered and where security measures are problematic. There are tens of thousands of such soft targets/Schelling points in an "open society," and it is unreasonable to expect to defend each one of them. (Costly, too.) And if they are so-defended, the attacker moves to other targets. Keep your head down. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jya at pipeline.com Sat Jul 27 15:14:55 1996 From: jya at pipeline.com (John Young) Date: Sun, 28 Jul 1996 06:14:55 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: <199607271921.TAA27750@pipe2.ny3.usa.pipeline.com> The Washington Post, July 27, 1996, p. A22. Speaking in Code on the Internet ... [Editorial] The decibel level has been rising in the argument over how much control the federal government should have over the export of encryption technology. The Senate Commerce Committee held hearings Thursday on a proposal dubbed Pro-CODE (Promotion of Commerce On-line in the Digital Era) that would lift current restrictions on exporting encryption software above a certain level of complexity. The move is opposed strongly by law enforcement and national security authorities, who fear the consequences to their tracking of terrorism or crime if uncrackable cryptography becomes the global standard. But encryption software -- which scrambles a person's computer messages so no one can read them without a key -- also is thought by many in the computer industry to be the missing piece that's preventing customers from a full-scale move to the Internet for banking and other confidential transactions, rather than, as now, worrying about the security of their data. They also see it as a market in which the United States maintains a comfortable lead, one that is threatened if domestic encryption makers can't sell their products elsewhere. The makers argue that foreign encryption software will rush in to fill the gap, doing nothing about the uncrackability problem -- indeed, making it worse. The administration in turn is pursuing a wider international agreement to maintain controls on cryptology export by all the industrialized nations and has been putting pressure on its colleagues in the Organization for Economic Cooperation and Development, which will rule on the matter in a Paris meeting in September. Administration officials, including FBI chief Louis Freeh, have been pushing for an alternative policy of "voluntary key escrow" -- encryption makers would deposit a key to the code with a neutral third body before exporting the products and could then have access to the codes only by court order, as happens now with wiretapping. Mr. Freeh, testifying at Thursday's hearing in favor of an optional key escrow plan, noted that the point is not to prevent all copies of uncrackable code from going abroad -- that's clearly impossible -- but to prevent such high-level code from becoming the international standard, with architecture and transmission channels all unreadable to world authorities. To software companies and Internet users who have been clamoring for the right to encrypt as securely as possible, Mr. Freeh and others argue, "the genie is not yet out of the bottle" on "robust," meaning uncrackable, encryption. It's far from obvious to anyone that an optional escrow plan really can prevent the growth of inaccessible transmissions by international terrorists or criminals. Encryption, if widely used, could conceivably ease some privacy problems concerning who gets to see personal and financial data on individuals -- though such data usually are vulnerable to being dug out of storage rather than intercepted in transmission. But neither is it clear that the encryption enthusiasts' desire for free development should take precedence over the tracking of terrorism. At the very least, Congress should be exceedingly cautious about getting out ahead of administration concerns on controls that, once lifted, are hardly reversible. ----- From whallen at capitalnet.com Sat Jul 27 15:27:00 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Sun, 28 Jul 1996 06:27:00 +0800 Subject: Olympic bombing Message-ID: <199607271949.PAA05828@ginger.capitalnet.com> At 17:41 96.07.27 +0200, Mike van der Merwe wrote: >I can just see the FBI screaming "we need weaker encryption to combat >terrosism on US soil" with nasty effects -- it seems all to many people, >lawmakers included, will be only to happy to sacrifice their privacy that >the FBI can better combat these terrorist acts (which could *of course* >could been prevented had only the FBI been able to read their encrypted >mail...) > >Somehow I got the feeling watching CNN that the FBI was given a shitload >of ammo. Call me cynical but the Reichstag fire comes to mind... The phrase "Get a life" comes to mind. Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From dbell at maths.tcd.ie Sat Jul 27 15:28:13 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Sun, 28 Jul 1996 06:28:13 +0800 Subject: The Four Horsemen Go to the Olympics! In-Reply-To: Message-ID: <9607272054.aa22855@salmon.maths.tcd.ie> In message , Nathan Syfrig writes: >This is very worrysome, as it truly is a "world stage" event that could >really serve to galvanize various governments into uniting against strong >non-escrowed crypto. Hey, it will look good for the international PR, >never mind the fact that not everybody will be so 'diligent' in registering >their keys and/or use the "approved" crypto. Depends how quickly they track down the bombers, a quick arrest gives little incentive, but a drawn-out search may encourage a knee-jerk response. Seeing as this is an election year, Clinton may try to make himself look more decisive to avoid accusations of indecision, so he may introduce some harsh measures. Here's an aside about Irish politics: About a month ago, one of Ireland's top journalists was shot dead; the suspicion fell on one of Dublin's crime bosses. (Veronica Guerin investigated organised crime in the last few years.) Now there is a lot of legislation being rushed into place that I think is badly thought out (e.g. extending detention to seven days with a judge's permission, weakening the right to silence in drug cases) and I think it will lead to innocent people being jailed with little effect on the crime bosses. (I don't think there is a government cover-up in this case, just a panic.) The assasination was the catalyst for harsh measures, though the Irish government hasn't had the catalogue of events like the Oklahoma bombing to make it move towards the draconian end of things, though that is weakening. (True, there is the situation where the government response to IRA behaviour has been very strict, for instance censoring Sinn Fein and IRA, though that case of censorship was dropped a couple of years back. The patronising side of Irish political culture probably dates back to the '20s, when the state was founded, and the '30s or '40s when the latest draft of the constitution was drawn up.) (For what it's worth, the Irish Government seems to have little or no opinion on encryption, though one TD seems to be for censoring certain sites. TD = a member of the Irish parliament.) >And of course, this country just purchased another IBM computer for >"nuclear simulation". Gee, I wonder what else that power might be used >for? (but then again, it's from IBM, purveyor of the Olympics computer >services) There's an IBM ad running on British TV stations where Spinal Tap decide to get IBM to help them with their current tour. One reason is that IBM is doing this for the Atlanta Olympics. O, the irony!!! (Spinal Tap seem to have survived their trip to Springfield.) Derek - enough rambling for now From minow at apple.com Sat Jul 27 16:48:05 1996 From: minow at apple.com (Martin Minow) Date: Sun, 28 Jul 1996 07:48:05 +0800 Subject: Is Colossus out of date? Message-ID: You may recall recent comments by Attorney General Janet Reno where she notes that exportable encryption cannot be broken in reasonable time by modern supercomputers. With that as background, you may find the following paragraph interesting. It is from the Financial Times article on Colossus. http://jya.com/coloss.txt > [Tony] Sale describes [Colossus] as a large electronic valve > programmable logic calculator. "No lay person would argue > that it is not a computer," he says. Furthermore, because > it wasted no time retrieving a stored program it was almost > as fast as a high-speed modern computer whose nominal > work-rate is 1,000 times quicker. A simulation of Colossus > which Sale ran on a top-of-the-range Pentium PC took twice > as long as the real thing. Martin Minow minow at apple.com From jleonard at divcom.umop-ap.com Sat Jul 27 17:16:17 1996 From: jleonard at divcom.umop-ap.com (Jon Leonard) Date: Sun, 28 Jul 1996 08:16:17 +0800 Subject: Game Theory and its Relevance to Cypherpunks In-Reply-To: <199607250636.XAA06174@dns2.noc.best.net> Message-ID: <9607272209.AA18318@divcom.umop-ap.com> James A. Donald wrote: > At 03:21 AM 7/21/96 -0700, Llywarch Hen wrote: > > What Timothy May espouses is not the appearance of craziness but actual > > insanity itself. > > The best way to convince others you are crazy is to actually be crazy. > > More practically, if you organize your nuclear forces so that any > serious war is likely to escalate uncontrollably into the battle of > armageddon, regardless of your intentions and desires, which is how > the American government organized its nuclear forces in Europe, > then you can pretty much guarantee you will not have to face a > serious war. This was, of course, the logic behind the alliances before World War I. It was obviously suicidal to start a war with any of the major powers, but it happened anyway. Game theory is the proper tool to analyze this sort of scenario, but the tendency for non-ideal behavior has to be factored in. Brinksmanship is another aspect of game theory, too... Jon Leonard From jamesd at echeque.com Sat Jul 27 17:20:59 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 28 Jul 1996 08:20:59 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: <199607272208.PAA08644@dns1.noc.best.net> At 10:31 AM 7/25/96 EST, jbugden at smtplink.alis.ca wrote: > Basically, in this view of rights and raising of children it would seem that a > relativistic pragmatism prevails. Personally, I think that the two choices are > either this relative pragmatism or an absolute morality. The fact that someone is doing something that is morally wrong, does not automatically give us the right to go and rectify it at gunpoint. Not all wrongs are crimes, only those wrongs for which is just to engage in violent retribution. > Some implications of Tim's view is that all our rights are basically a > transitory agreement between individuals. Tim may or may not believe this, but that is not a consequence of his views. The schelling point theory of rights is substantially equivalent in practice to "We hold these truths to be self evident." --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From alano at teleport.com Sat Jul 27 18:17:42 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 28 Jul 1996 09:17:42 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: <2.2.32.19960727231424.00da4094@mail.teleport.com> At 07:21 PM 7/27/96 GMT, John Young wrote: > The Washington Post, July 27, 1996, p. A22. [Snip] > Mr. Freeh and others argue, "the genie is not yet > out of the bottle" on "robust," meaning uncrackable, > encryption. Why does it sounds like Mr. Freeh and his friends are drinking out of a different bottle than the rest of us? The genie is out of the bottle and has been for a while. The tools are there for those who care to use them. Maybe it is a diffrenet genie that he is trying to portray... Maybe it is the acceptance and relyance on crypto that has not quite escaped into the general populace. If someone tried to portray all automobie drivers as dangerous maniacs and cars as only useful for making getaways, he would be laughed out of the room. If someone tried to claim that phones are a haven for drug dealers, and thus must be licenced, they would get a harsh reaction from the public. Freeh is fighting a war against the public having a positive view of Crypto. By smearing crypto users as "criminals and terrorists", he is using his office to influence the opinions of "law abiding citizens" to be anti-crypto. I beleive that there is alot that can be done to influence the public to be pro-crypto. With the proper memes, you can reveal the flaws in the anti-privacy forces arguments. Here are a few in no particular order... Teaching computer users how to use PGP. Offer to give instruction in use of PGP amongst general PC and Mac users groups. Whenever possible associate the wiretapping requests of the FBI with the opening of mail. Remind people of the abuses in the past. Ask them of if they can remember any good coming from these program. Ask them if they mind *you* looking through their mail and what makes the Government any better or worse. Local stations will usually have a "public forum discussion" program on varioussubjects. get on it. Usually the program is rigged in one direction por another, but you can get in a good meme or two that will stick in the heads of the people watching. (And it can be alot of fun!) Offer to sponsor a crypto archive and discussion area on a local BBS. Keep it current. Get others interested. Spread the tools and teach people how to use them. Build web sites that are pro-crypto. Where possible, get them working under SSL. Are there any SSL crypto sites out there? I know of only one, and it is not advertised. (Or up to date.) Work fast lest the darkness overcome us all... Be creative. The control freaks and authoritarians lack that creativity. Lets use it to our advantage. --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From markm at voicenet.com Sat Jul 27 18:22:00 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 28 Jul 1996 09:22:00 +0800 Subject: Overwelmed with Stupidity... In-Reply-To: <199607271755.KAA17499@netcom11.netcom.com> Message-ID: On Sat, 27 Jul 1996, Mike Duvos wrote: > Well, I will admit the first one was satire, but the last two > were perfectly accurate. For the humor impaired, this is an > example of AOL. (That's Acronym OverLoad, not to be confused > with the popular online service.) > > You see, Gregory, there are far more things in the universe than > there are three letter abbreviations for them. Hence, as the > number of acronyms increases, collisions are inevitable. Asking > "What is GAK?" or "What is ATM?" is really not well-defined > outside of a narrow discipline. It's quite obvious from the context of the post what the original poster was asking. You're just being a smart-ass. Your nonsense post is the kind of thing that most 5th graders would find immature. Grow up. PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ From pjn at nworks.com Sat Jul 27 18:37:00 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Sun, 28 Jul 1996 09:37:00 +0800 Subject: ALL OF YOU ARE CRIMIN Message-ID: > At 09:33 PM 7/26/96 -0700, anonymous-remailer at shell.portal.com wrote: >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY >CAN TRACK YOU DOWN AND CLOSE THIS LIST. > Damnit Sen. Exxon! We told you not to use the computer!! :) P.J. pjn at nworks.com ... "The future of robotics" � by Cy Borg and Anne Droid ___ Blue Wave/QWK v2.20 [NR] From markm at voicenet.com Sat Jul 27 19:16:44 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 28 Jul 1996 10:16:44 +0800 Subject: Public vs. Private Munitions In-Reply-To: <2.2.32.19960727192453.0069bd10@mail.sd.cybernex.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 27 Jul 1996, Erle Greer wrote: > Here's how I understand it: > The U.S. Government, concerned only with making America a safer place > for us taxpayers to live in, wants to regulate domestic encryption in order > to have access to the content of all transmissions. Their theory is that > any cryptosystem that is stronger than their cryptanalysis systems can be > used in illegal transmissions and should be considered munitions. > Theoretically, the government should only be have the resources to > control commercially-available, public encryption systems. Who is to stop > anyone from designing their own cryptosystem for personal use? If the > government intercepted a transmission from this private cryptosystem, and > could not decrypt it, would they assume that it must be considered > munitions? Similarly, anyone could send uniformly-formatted random garble > that could also be considered munitions, or at least waste the governments > processing time. > Why are we so worried about government regulation? Can't we just > devise our own cryptosystems and just don't sell them or make them publicly > available? If encryption is regulated and outlawed, then Joe Sixpack won't have access to any none Government Approved encryption algorithms. I may still have access to strong crypto, but if it isn't widespread, I won't be able to use it very effectively. As to your question about whether random data would be outlawed, it certainly wouldn't surprise me. Of course, one could always apply for permission to transmit random data that is not used to transmit encrypted information from the government. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfq1BbZc+sv5siulAQE8pQP/YtLpV65vtOEDhCO7DcEiOqiNEc6Y/xy8 gyN80IOH+lpKX72nZF8bK+iQUj0ho4MtyPIFEoCorO72FP0gyMDPBMgi7aBcvchS p25TNlUsTMvCxbbrPuZ7plZNMEfrZz7vqUpOd2IbFd5mIBg0lRqWtegLeIOGV410 uguC7XNsl6I= =P0ky -----END PGP SIGNATURE----- From mpd at netcom.com Sat Jul 27 19:28:19 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 28 Jul 1996 10:28:19 +0800 Subject: Overwhelmed With Stupid Questions In-Reply-To: Message-ID: <199607280025.RAA15779@netcom11.netcom.com> Mark M. Writes: > It's quite obvious from the context of the post what the original > poster was asking. You're just being a smart-ass. Your nonsense > post is the kind of thing that most 5th graders would find immature. > Grow up. Every once in a while, this list receives a burst of inquiries which... A. Are clearly explained in a number of widely available FAQs which one would hope people interested in cryptography would have bothered to read. B. Request information which reasonable persons might better obtain by using, or learning to use, various commonly available Net grepping tools. If the Nth such inquiry in a given week is not always responded to with complete and utter seriousness, that is something you and others of your ilk will just have to deal with. This is Cypherpunks. It is not "Unix hacking hints", "Introduction to Cryptography", nor "Fun With Batteries and Wire." Everyone with an interest in the topics covered by this list is welcome here, but let's keep the "What is DES?" questions out of the feed from the list server. This is, of course, merely the opinion of one person, and may be agreed with or ignored as others see fit. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jya at pipeline.com Sat Jul 27 19:28:24 1996 From: jya at pipeline.com (John Young) Date: Sun, 28 Jul 1996 10:28:24 +0800 Subject: BCI_sys Message-ID: <199607280037.AAA18224@pipe6.t1.usa.pipeline.com> 7-27-96. WaPo: A report on the Army's Battlefield Combat Identification System (BCIS), designed by TRW, which identifies friendly targets through triple-checked microwave pulses, encrypted signals that change frequencies 43 times a second to resist jamming or detection by the enemy. (The roasting of friendlies depicted in "Courage Under Fire" is cited as firing increased public interest.) ----- http://jya.com/bcisys.txt (14 kb) BCI_sys From tcmay at got.net Sat Jul 27 19:34:13 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 10:34:13 +0800 Subject: Twenty Beautiful Women Message-ID: At 6:19 PM 7/27/96, David Sternlight wrote: >Here's another: > >Twenty beautiful women are to pass before you, one by one (or 20 handsome >men). You see only one at a time. You cannot speak to them. After seeing >any one, you must pick her or reject her. If you reject her, you cannot >change your mind. If you pick her the exercise terminates. > >What is the optimal strategy for insuring you get the most beautiful woman >possible under the circumstances? Look at the first 1/e of them, or about the first 36.8% of them. In this case, the first 7 of them. Then pick the first one after this group which is better than any of the first group. While there is some chance that one will get to #20 and find that none of #8-20 were better than #1-7, this strategy is the best compromise between "committing too early" and "waiting too long." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sat Jul 27 19:49:53 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 28 Jul 1996 10:49:53 +0800 Subject: Questions... In-Reply-To: Message-ID: Alan Horowitz writes: > > Hello, I would rather I not be too blunt, but despite my generous > interest in computer > hacking cracking, and other such related topics, I > have come to be confused by the > mailer, can I ask any questions that I > wish, or am I limited by some type of header > subject? > > > > Shaun, let me explain. There's a committee of seven people. Me, Tim May, > David Sternlight, some assination-politics guy, some guy named Vultis or > somesuch, and so on. > > Only if we're in unanimous agreement on the outcome of an issue, may you > start a thread on a new topic. which then continues till the first > posting which calls someone a Nazi. No, no, this is all wrong. There's a guy named Lance Deitweller and he has fun posting as different people and posting under different names. Sometimes Lance's different personalities (he calls them "tentacles") even argue with one another! These posters have been definitevely shown to be Lance's tentacles: Alan Olsen (Lance posing as friend of vegetables) "Dr." David Sternlight Igor Chewed-Off Jim Bell (talk.politics.assassination) Black Unicorn "Tim May" (Lance is pretending to be senile) Vladimir Z. Nuri (Lance's parody of a Brighton Beach Sovok) None of these people are real in any sense. It's just Lance playing games. As for the creative misspellings of my family name, Igor Ch. used to have a collection: Vulvis, Vilus, Vul(gar)is, what you get when you cross a vulva and a penis, etc, etc. Igor will probably post whatever I missed. ObGodwin: David C [no dot] Lawrence is a Nazi. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Sat Jul 27 20:24:47 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 11:24:47 +0800 Subject: Public vs. Private Munitions Message-ID: At 7:24 PM 7/27/96, Erle Greer wrote: > Theoretically, the government should only be have the resources to >control commercially-available, public encryption systems. Who is to stop While I'm not exactly sure what you mean by a "commercially-available, public encryption system," I think your point is incorrect. (My confusion is that a commercially-available system is not necessarily a "public" system, if by public one means public domain. If one means "published specifications," still not the case. Confusing.) Howver, the government cannot step in and "control" a commercially-available product, by even the most liberal interpretations of the commerce clause. "Tim's Pretty Flaky Snakeoil System," for example. I can announce it, sell it, and the government is powerless to "control" it. (Even if it were "public.") If by "public" you mean an NBS or NIST standard, like DES, then I suppose the government can in some sense "control" it. (Even this is iffy, IMO, as I know of no rules saying DES implementations must be approved by NIST or anyone else.) >anyone from designing their own cryptosystem for personal use? If the >government intercepted a transmission from this private cryptosystem, and >could not decrypt it, would they assume that it must be considered >munitions? Similarly, anyone could send uniformly-formatted random garble >that could also be considered munitions, or at least waste the governments >processing time. Most of the cryptosystems are not under the "control" of the government, even by the standards of your first definition. Period. RSA is not a government-controlled system, though it is both "commercially-available" AND "public" (in that the spec and algorithm are clearly published). And the talk about "personal use" is misleading, IMO. It suggests that government can and should regulate use for "business purposes" but not personal uses. I disagree with this distinction. > Why are we so worried about government regulation? Can't we just >devise our own cryptosystems and just don't sell them or make them publicly >available? You mean the way public key systems in general and RSA in particular were invented and devised by non-government folks? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From david at sternlight.com Sat Jul 27 20:38:52 1996 From: david at sternlight.com (David Sternlight) Date: Sun, 28 Jul 1996 11:38:52 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: At 10:29 AM -0700 7/28/96, Timothy C. May wrote: >At 6:19 PM 7/27/96, David Sternlight wrote: >>Here's another: >> >>Twenty beautiful women are to pass before you, one by one (or 20 handsome >>men). You see only one at a time. You cannot speak to them. After seeing >>any one, you must pick her or reject her. If you reject her, you cannot >>change your mind. If you pick her the exercise terminates. >> >>What is the optimal strategy for insuring you get the most beautiful woman >>possible under the circumstances? > >Look at the first 1/e of them, or about the first 36.8% of them. In this >case, the first 7 of them. Then pick the first one after this group which >is better than any of the first group. > >While there is some chance that one will get to #20 and find that none of >#8-20 were better than #1-7, this strategy is the best compromise between >"committing too early" and "waiting too long." Correct. David From bdolan at use.usit.net Sat Jul 27 20:39:31 1996 From: bdolan at use.usit.net (Brad Dolan) Date: Sun, 28 Jul 1996 11:39:31 +0800 Subject: Olympic bombing In-Reply-To: Message-ID: Just heard Newt mumbling about the need for better intelligence monitoring and *more* "anti-terrorist" legislation. Bet you're right. bd On Sat, 27 Jul 1996, Mike van der Merwe wrote: > > Hi all > > I can just see the FBI screaming "we need weaker encryption to combat > terrosism on US soil" with nasty effects -- it seems all to many people, > lawmakers included, will be only to happy to sacrifice their privacy that > the FBI can better combat these terrorist acts (which could *of course* > could been prevented had only the FBI been able to read their encrypted > mail...) > > Somehow I got the feeling watching CNN that the FBI was given a shitload > of ammo. Call me cynical but the Reichstag fire comes to mind... > > Later > Mike > > ___________________ > > "Those that give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety." -- Benjamin Franklin (1773) > > From JonWienk at ix.netcom.com Sat Jul 27 20:59:25 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Sun, 28 Jul 1996 11:59:25 +0800 Subject: Publicly Verifiable Anonymous Voting System In-Reply-To: <199607271806.NAA12990@manifold.algebra.com> Message-ID: <199607280143.SAA21148@dfw-ix5.ix.netcom.com> On Sat, 27 Jul 1996, ichudov at algebra.com (Igor Chudov @ home) wrote: >so the authority that controls the voting knows to whom the keys belong. >When voters submit their votes, they will know who signed these votes. > >I do not see how this system is anonymous. > >Look into "Applied Cryptography" By Schneier, 2nd edition, Page 125. > > - Igor. To the extent that no link is recorded between a particular key and a particular voter, the system is anonymous. As I said in the original post, if the govt cheats during the key registration process, the system is not anonymous. However, if the registered voter database and the key/ballot database are on non-connected, separate systems, it is certainly possible to devise a key registration protocol to ensure anonymity. Here is a more detailed description of the registration method: 1. The registration process takes place in two separate rooms, one anonymous, and one non-anonymous, which are staffed by separate people, with separate computer systems. The only way to enter/exit the anonymous room is via the non-anonymous room. 2. The voter enters the non-anonymous room, where he provides proofs of identity and residence and is entered in the registered voter database, which is NOT publicly available. 3. Once the voter has demonstrated eligibility, he is given a token that designates him as a registered voter, but has no personal information. A hard-to-counterfeit carved rod (too large to conceal on one's person) or something similar would be a good choice. 4. The token gives the voter clearance to enter the anonymous room. Upon presenting the token, the voter inputs his key into the key database. (Insert your key disk in drive A and press Enter...) After the key has been entered into the system, the voter is given the receipt indicating that his key has been entered in the key database. 5. The voter goes back to the non-anonymous room. He turns in the token, signs a statement indicating that he entered a key and received a receipt for it, (to prevent voters from registering more than one key and thus voting more than once) and then goes home. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB From jti at i-manila.com.ph Sat Jul 27 21:25:49 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Sun, 28 Jul 1996 12:25:49 +0800 Subject: Decrypt info about domain name Message-ID: <01BB7C70.66036320@ip68.i-manila.com.ph> Where can I find the file to decrypt in order to change the domain name of a Unix system? From jti at i-manila.com.ph Sat Jul 27 21:29:12 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Sun, 28 Jul 1996 12:29:12 +0800 Subject: cypherpunks vs hackers Message-ID: <01BB7C70.6F8B4480@ip68.i-manila.com.ph> How can we differentiate cypherpunks to hackers? What are their attitudes, psychological thinking, main objective? From ichudov at algebra.com Sat Jul 27 21:46:05 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 28 Jul 1996 12:46:05 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: <199607280248.VAA20048@manifold.algebra.com> Timothy C. May wrote: > >Twenty beautiful women are to pass before you, one by one (or 20 handsome > >men). You see only one at a time. You cannot speak to them. After seeing > >any one, you must pick her or reject her. If you reject her, you cannot > >change your mind. If you pick her the exercise terminates. > > > >What is the optimal strategy for insuring you get the most beautiful woman > >possible under the circumstances? > > Look at the first 1/e of them, or about the first 36.8% of them. In this > case, the first 7 of them. Then pick the first one after this group which > is better than any of the first group. > > While there is some chance that one will get to #20 and find that none of > #8-20 were better than #1-7, this strategy is the best compromise between > "committing too early" and "waiting too long." This "some chance" is 1/e (for a very large number of women), obviously. There is 1/e chance that the best woman will be in the first 1/e fraction of women. Also, I would appreciate if someone specified what exactly the goal function is. - Igor. From ichudov at algebra.com Sat Jul 27 22:29:29 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 28 Jul 1996 13:29:29 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: <199607280325.WAA20204@manifold.algebra.com> David Sternlight wrote: > At 10:29 AM -0700 7/28/96, Timothy C. May wrote: > >Look at the first 1/e of them, or about the first 36.8% of them. In this > >case, the first 7 of them. Then pick the first one after this group which > >is better than any of the first group. > > > >While there is some chance that one will get to #20 and find that none of > >#8-20 were better than #1-7, this strategy is the best compromise between > >"committing too early" and "waiting too long." > > Correct. > Prove it. - Igor. From blancw at accessone.com Sat Jul 27 22:31:48 1996 From: blancw at accessone.com (blanc) Date: Sun, 28 Jul 1996 13:31:48 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: <01BB7BFD.3CA047A0@blancw.accessone.com> From: James A. Donald > Some implications of Tim's view is that all our rights are basically a > transitory agreement between individuals. Tim may or may not believe this, but that is not a consequence of his views. The schelling point theory of rights is substantially equivalent in practice to "We hold these truths to be self evident." ............................................................................. Oh. I thought it was "we hold these truths to be too uneconomical for us to deal with". On a side note, I was thinking some time ago about situations in far off places in Europe where some people are mistreating others in the most horrendous ways (like Bosnia where the males are being beaten, the females are being raped). The news services report to us what is happening and so we know all about it, and we may feel the greatest sympathy for them, but yet be unable to render assistance - sufficient assistance - to be of any real help, from lacking the resources necessary to do what would be required. So here is an example where one would be moved, not to impose one's view of what is right or wrong, but to provide relief to those suffering, based on one's sense of injustice, yet likewise calculate that it would not be feasible to take action, reasoning that the cost would be excessive; too burdensome. .. Blanc From blancw at accessone.com Sat Jul 27 22:37:11 1996 From: blancw at accessone.com (blanc) Date: Sun, 28 Jul 1996 13:37:11 +0800 Subject: [NOISE IS NOISE] Re: Rand and smoking Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) [NOISE E. D.] Message-ID: <01BB7BFD.39BF47C0@blancw.accessone.com> From: Bill Stewart You fail to understand the precisely reasoned Aristotelian syllogistic logic of Ms. Rand's position (you heretic!): 1) Smoking is a result of fire. 2) Fire is cool. 3) Therefore, smoking is cool. Q.E.D. 4) Logic is cool, and non-logic is non-cool 5) We're cool 6) Therefore, light up that cigarette or be excommunicated! Q.E.D. ..................................................................... I don't remember reading anything about Ayn Rand insisting that her followers smoke, although I've read many of the Objectivist newsletters which were published for some time and read Barbara Branden's biography of her (I must have missed those parts). I do remember somewhat her description of what smoking meant to her and know that it was a very important symbol in her life. If her followers saw fit to emulate her on account of a mere symbol to the detriment of their health, and if this was at Rand's insistence, then I would say that they were demonstrating the principle which Rand also illustrated in her books, that being "the sanction of the victim". Ironic, huh. Sometimes you can identify the things that are far enough away to see, but not the ones that are too close to notice. .. Blanc From rah at shipwright.com Sat Jul 27 22:40:59 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Jul 1996 13:40:59 +0800 Subject: NEW: E-LEX - electronic lexicons Message-ID: For all you dictionary attackers out there... ;-) Cheers, Bob --- begin forwarded text Date: Sat, 27 Jul 1996 22:17:03 -0500 Reply-To: "Sean M. Burke" Sender: NEW-LIST - New List Announcements From: "Sean M. Burke" Subject: NEW: E-LEX - electronic lexicons To: Multiple recipients of list NEW-LIST E-LEX on listproc at listserv.acns.nwu.edu E-LEX is a new email list for the discussion of the design of dictionaries with electronic interfaces. Topics may include: * the possibilities of hypertext/hypermedia for the electronic interface * adaptation of machine-readable dictionaries to user-friendly human-usable form * issues in conversion and adaptation of paper dictionaries to electronic form The list's new homepage is at http://www.ling.nwu.edu/~sburke/e-lex/ To subscribe to E-LEX, send a message to listproc at listserv.acns.nwu.edu containing this line in the message body: subscribe E-LEX Your Name Owner: Sean M. Burke sburke at babel.ling.nwu.edu ------- Use this information at your own risk. For more information and disclaimer send E-mail to LISTSERV at LISTSERV.NODAK.EDU with the command INFO NEW-LIST in the body. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From vagab0nd at sd.cybernex.net Sat Jul 27 22:43:39 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Sun, 28 Jul 1996 13:43:39 +0800 Subject: Why was blocked. Message-ID: <2.2.32.19960728035209.00727a9c@mail.sd.cybernex.net> >Umm.. when telling other ppl that they do not know how to read, it might >be usefull to use sentances with a subject AND a predicate. I know that >this is something they taught you _way_ back in second grade, but you >should still remember it. > > --Deviant I'm not even going to comment on the twentieth word here. Nope. Not gonna'. Can't make me. No way. vagab0nd at sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key. From mpd at netcom.com Sat Jul 27 22:48:06 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 28 Jul 1996 13:48:06 +0800 Subject: Twenty Beautiful Women In-Reply-To: <199607280248.VAA20048@manifold.algebra.com> Message-ID: <199607280354.UAA06579@netcom3.netcom.com> ichudov at algebra.com (Igor Chudov @ home) writes: > Also, I would appreciate if someone specified what exactly > the goal function is. Me too. This is an interesting problem, vaguely reminescent of the pie judging contests commonly used as examples of non-parametric statistics. Given two pies, (or two women), a judge can subjectively order them by tastiness, (or beauty), but there is no concept of an continuous metric in which the ratings of particular items are embedded. This makes it somewhat difficult (at least for me) to determine the function being maximized in this problem. Do we mean a strategy which gives the highest probability of choosing the most beautiful woman over all possible orderings? If not, then we need some way of saying whether we value N dates with the woman having rank I over M dates with the woman having rank J, which requires information the problem does not give us. The first case is ambiguous, since there are numerous strategies which differ only in the probability of selecting items having other than the highest rank, and the second implies the existence of some sort of metric. Indeed, what a person would regard as an strategy maximizing the chances of choosing the "best" item overall depends very much upon the choice of such a metric. If we have 20 women whose attractiveness is evenly spaced, one might proceed quite differently than if the top 18 were attractive and almost indistinguishable, and the other two had a contagious and fatal disease. If we make the leap of assigning the integers 1 to 20 to the individuals, and seek a strategy which maximizes the mean attractiveness over all possible orderings, then the problem can be solved by backtracking from the last choice made. This results in a variable threshold at each stage in which we select the current candidate if its rank in the items seen so far exceeds the threshold, and proceed if this is not the case. If we want a single partition point at which we choose the first item better than any item before the partition point, then 1/e seems believable, although I haven't personally worked out the math. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From tcmay at got.net Sat Jul 27 23:03:34 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 14:03:34 +0800 Subject: cypherpunks vs hackers Message-ID: At 1:36 PM 7/27/96, Jerome Tan wrote: >How can we differentiate cypherpunks to hackers? What are their attitudes, >psychological thinking, main objective? I would differentiate cypherpunks to hackers this way: dC/dH Not sure what the result is, but the slope is the key. --Tim Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Sat Jul 27 23:20:31 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 28 Jul 1996 14:20:31 +0800 Subject: Twenty Beautiful Women Message-ID: <199607280429.VAA06199@mail.pacifier.com> At 09:48 PM 7/27/96 -0500, Igor Chudov @ home wrote: >Timothy C. May wrote: >> While there is some chance that one will get to #20 and find that none of >> #8-20 were better than #1-7, this strategy is the best compromise between >> "committing too early" and "waiting too long." > >This "some chance" is 1/e (for a very large number of women), obviously. > >There is 1/e chance that the best woman will be in the first 1/e >fraction of women. > >Also, I would appreciate if someone specified what exactly the goal >function is. > > - Igor. "Come again?" [quickly ducking...] Jim Bell jimbell at pacifier.com From vagab0nd at sd.cybernex.net Sat Jul 27 23:34:52 1996 From: vagab0nd at sd.cybernex.net (Erle Greer) Date: Sun, 28 Jul 1996 14:34:52 +0800 Subject: Public vs. Private Munitions Message-ID: <2.2.32.19960728043610.00693fa8@mail.sd.cybernex.net> At 11:25 AM 7/28/96 -0700, you wrote: >At 7:24 PM 7/27/96, Erle Greer wrote: > >> Theoretically, the government should only be have the resources to >>control commercially-available, public encryption systems. Who is to stop > >While I'm not exactly sure what you mean by a "commercially-available, >public encryption system," I think your point is incorrect. I didn't mean that I think that the govt should be allowed to control. I meant that govt would only be able to regulate commercial and/or public systems. They, of course, would have no say in the specs of my personally-written cryptosystem. >(My confusion is that a commercially-available system is not necessarily a >"public" system, if by public one means public domain. If one means >"published specifications," still not the case. Confusing.) Sorry about the confusion. Although I may have used the two terms loosely, I was trying to contrast commercial and public against something written in secret and not offered for govt approval. >Howver, the government cannot step in and "control" a >commercially-available product, by even the most liberal interpretations of >the commerce clause. "Tim's Pretty Flaky Snakeoil System," for example. I >can announce it, sell it, and the government is powerless to "control" it. >(Even if it were "public.") > >If by "public" you mean an NBS or NIST standard, like DES, then I suppose >the government can in some sense "control" it. (Even this is iffy, IMO, as >I know of no rules saying DES implementations must be approved by NIST or >anyone else.) > >>anyone from designing their own cryptosystem for personal use? If the >>government intercepted a transmission from this private cryptosystem, and >>could not decrypt it, would they assume that it must be considered >>munitions? Similarly, anyone could send uniformly-formatted random garble >>that could also be considered munitions, or at least waste the governments >>processing time. > >Most of the cryptosystems are not under the "control" of the government, >even by the standards of your first definition. Period. RSA is not a >government-controlled system, though it is both "commercially-available" >AND "public" (in that the spec and algorithm are clearly published). > >And the talk about "personal use" is misleading, IMO. It suggests that >government can and should regulate use for "business purposes" but not >personal uses. I disagree with this distinction. Absolutely not! Let me clarify that I feel that the govt should have no part in crypto regulation, be it commercial, public, private, business, etc. >> Why are we so worried about government regulation? Can't we just >>devise our own cryptosystems and just don't sell them or make them publicly >>available? > >You mean the way public key systems in general and RSA in particular were >invented and devised by non-government folks? After some responses and some thought, I have seen the error in my thinking. Having a secret, proprietary cryptosystem would loose the public-key benefit. It would be fine, I believe, for point-to-point communications though. From WlkngOwl at unix.asb.com Sat Jul 27 23:56:34 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 28 Jul 1996 14:56:34 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: <199607280458.AAA27199@unix.asb.com> On 27 Jul 96 at 19:21, John Young wrote: > The Washington Post, July 27, 1996, p. A22. > Speaking in Code on the Internet ... [Editorial] Some bothersome things about this editorial... [..] > security of their data. They also see it as a market in > which the United States maintains a comfortable lead, one > that is threatened if domestic encryption makers can't sell > their products elsewhere. The makers argue that foreign > encryption software will rush in to fill the gap, doing > nothing about the uncrackability problem -- indeed, making > it worse. The administration in turn is pursuing a wider IMO, the US does not have a comfortable lead. It's already falling behind considering some of the stronger crypto programs available (at least as freeware) are made outside the US. Many of the stronger algorithms were invented outside of the US (IDEA for instance). [..] > with wiretapping. Mr. Freeh, testifying at Thursday's hearing in > favor of an optional key escrow plan, noted that the point is not > to prevent all copies of uncrackable code from going abroad -- that's > clearly impossible -- but to prevent such high-level code > from becoming the international standard, with architecture > and transmission channels all unreadable to world > authorities. To software companies and Internet users who So why should criminals bother with using standards if they are readable by authorities? > have been clamoring for the right to encrypt as securely as > possible, Mr. Freeh and others argue, "the genie is not yet > out of the bottle" on "robust," meaning uncrackable, > encryption. Are they going to magically erase all copies of strong software that is already currently available? (Side note: the Pacifica news report on Friday notes that while Freeh gave his testimony, over 100 copies of PGP were downloaded from MIT's site.) [..] > Encryption, if widely used, could conceivably ease some > privacy problems concerning who gets to see personal and > financial data on individuals -- though such data usually > are vulnerable to being dug out of storage rather than > intercepted in transmission. But neither is it clear that And evidence cannot be encrypted. You cannot encrypt an airplane full of cocaine or an unusually expensive car baught by money from drugs, espionage, etc. Nor can you encrypt bomb-making materials, nor conversations in a room (from your mouth to a telephone receiver). Nor will encryption do anything about informants inside the communications loop. etc. etc.... > the encryption enthusiasts' desire for free development > should take precedence over the tracking of terrorism. At It's not clear that terrorism can be tracked, even if it's unencrypted. The OK and WTC bombings were apparently not encrypted, and there's some allegations that the authorities had advanced warnings of the latter. > the very least, Congress should be exceedingly cautious > about getting out ahead of administration concerns on > controls that, once lifted, are hardly reversible. The controls haven't done much to prevent free software from being exported. They only control commercial sales of software (and hardware). Particularly absent in the WaPo-ed is that many do not trust the authorities (in the US and elsewhere)--particularly the FBI, which has a long history of extra-legal surveillance. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From tcmay at got.net Sun Jul 28 01:11:49 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 16:11:49 +0800 Subject: Public vs. Private Munitions Message-ID: At 4:36 AM 7/28/96, Erle Greer wrote: >At 11:25 AM 7/28/96 -0700, you wrote: >>At 7:24 PM 7/27/96, Erle Greer wrote: >> >>> Theoretically, the government should only be have the resources to >>>control commercially-available, public encryption systems. Who is to stop >> >>While I'm not exactly sure what you mean by a "commercially-available, >>public encryption system," I think your point is incorrect. > >I didn't mean that I think that the govt should be allowed to control. I >meant that govt would only be able to regulate commercial and/or public >systems. They, of course, would have no say in the specs of my >personally-written cryptosystem. Your clarification does not improve things. The notion that the "govt would only be able to regulate commercial and/or public systems" is wrong. (There may be a very few situations involving product safety, fraud, etc....many of us disagree with even these interventions, of course.) Think of it this way: "govt would only be able to regulate commercial and/or public word processors." The government has no authority to "regulate" word processors, commercial or otherwise. >>(My confusion is that a commercially-available system is not necessarily a >>"public" system, if by public one means public domain. If one means >>"published specifications," still not the case. Confusing.) > >Sorry about the confusion. Although I may have used the two terms loosely, >I was trying to contrast commercial and public against something written in >secret and not offered for govt approval. The United States government does not receive software submissions "for govt approval." I really think you need to look into what the role of the U.S. government actually is, with regard to programs. (It is always important to remember that there are no laws whatsover about the types of software individuals or businesses may use, save for some specific laws about such things as racial discrimination, sexual harassment, taxes, etc. But no laws about crypto, word processors, etc. And the government has no "Sofware Approval Office.") I guess we will have to agree that we are unable to find a common basis for communication. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Jul 28 01:11:49 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 28 Jul 1996 16:11:49 +0800 Subject: Twenty Beautiful Women Message-ID: At 3:54 AM 7/28/96, Mike Duvos wrote: >ichudov at algebra.com (Igor Chudov @ home) writes: > > > Also, I would appreciate if someone specified what exactly > > the goal function is. > >Me too. > >This is an interesting problem, vaguely reminescent of the pie >judging contests commonly used as examples of non-parametric >statistics. Given two pies, (or two women), a judge can >subjectively order them by tastiness, (or beauty), but there is >no concept of an continuous metric in which the ratings of >particular items are embedded. You're both reading far too much into this problem. David S. specified "beauty," the personal judgment of the chooser. No deep philosophical meaning. Perhaps an equivalent formulation will make this clearer: One is passing through a town with 20 gas stations, with gas at various prices. The stipulation is that one cannot turn around. Once a gas station has been passed, there's no turning back. So, what is the best strategy for finding the lowest gas price (or shortest lines, or cleanest appearance, or brightest sign, or whatever one wants to analyze). Or even by the most beautiful girl standing in front, to return us to the original statement. So, you see, the problem is well-defined, with an elegant solution. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan+ at CMU.EDU Sun Jul 28 02:31:11 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sun, 28 Jul 1996 17:31:11 +0800 Subject: Fireworks expected, missed at Senate crypto hearing In-Reply-To: <2.2.32.19960727172611.00e106c8@mail.teleport.com> Message-ID: Excerpts from internet.cypherpunks: 27-Jul-96 Re: Fireworks expected, mis.. by Alan Olsen at teleport.com > Gordon was the CO-SPONSOR of the CDA. Exon got all the press, but Gordon > was just as responsible. (Maybe the netfolk ought to make that fact well > known when he comes up for re-election. Hint! Hint!) Speaking of CDAesque legislation and elections, remember that Bob Dole cosponsored the Grassley bill, which was even worse than Exon's brainchild... -Declan From declan+ at CMU.EDU Sun Jul 28 02:35:40 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sun, 28 Jul 1996 17:35:40 +0800 Subject: Is Colossus out of date? In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 27-Jul-96 Is Colossus out of date? by Martin Minow at apple.com > You may recall recent comments by Attorney General Janet Reno where > she notes that exportable encryption cannot be broken in reasonable > time by modern supercomputers. Freeh stressed the same point on Thursday. This info was on a sheet of paper that looked like a DoJ form, though I couldn't get close enough to read it. -Declan From stewarts at ix.netcom.com Sun Jul 28 04:48:04 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 28 Jul 1996 19:48:04 +0800 Subject: Public vs. Private Munitions Message-ID: <199607280635.XAA10977@toad.com> At 02:24 PM 7/27/96 -0500, Erle Greer wrote: > Theoretically, the government should only be have > the resources to control commercially-available, public > encryption systems. [...] > Why are we so worried about government regulation? > Can't we just devise our own cryptosystems and just don't > sell them or make them publicly available? Theoretically, the First Amendment says you can say or write anything you want. In practice, the Supremes have said it means far less than that; during some of their worst years they approved convicting people for speaking against the draft because it interfered with the US ability to conduct a war it hadn't yet gotten into, and they've generally held that commercial speech doesn't rate the same protection as political speech. Feh! Theoretically, on the other hand, the US Government has the power to regulate interstate commerce. (A bad idea, in my opinion, though taking that power away from the states was clearly good.) In practice, the Supremes have let the Congress get away with all sorts of abuses, like banning a farmer from growing grain on his own land and feeding it to his own hogs, and banning citizens from growing or manufacturing their own drugs because it's difficult to tell whether a given bunch of drugs was really grown in the state it's in or bought from out of state. Various government officials have taken the position that giving a university class on encryption is restricted by ITAR; Dan Bernstein's lawsuit against them is off to a very good start. This isn't even distributing products - this is discussing math. It's potentially illegal for me to even write the evil equations in this mail message, since it's going to foreigners. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From shamrock at netcom.com Sun Jul 28 04:51:58 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 28 Jul 1996 19:51:58 +0800 Subject: Twenty Beautiful Women Message-ID: At 20:54 7/27/96, Mike Duvos wrote: >ichudov at algebra.com (Igor Chudov @ home) writes: > > > Also, I would appreciate if someone specified what exactly > > the goal function is. > >Me too. For clarification, the problem is often stated in textbooks similar like this: You ask someone to write one number each on ten pieces of paper without you being able to see the numbers. The person may use any number from 1 to 10^99, but may not use a number twice. The person turns over the ten papers. You goal is to determine the paper with the highest number [rules apply as described in the original post] The general solution is to flip over 1/e papers and choose the paper that has a higher number on it than any of the 1/e papers turned over at first. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From mpd at netcom.com Sun Jul 28 04:52:19 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 28 Jul 1996 19:52:19 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: <199607280642.XAA08454@netcom5.netcom.com> tcmay at got.net (Timothy C. May) writes: > You're both reading far too much into this problem. David > S. specified "beauty," the personal judgment of the chooser. > No deep philosophical meaning. Which means that given two candidates, we can order them with regard to beauty. No other information is implied. > Perhaps an equivalent formulation will make this clearer: > One is passing through a town with 20 gas stations, with > gas at various prices. The stipulation is that one cannot > turn around. Once a gas station has been passed, there's no > turning back. So, what is the best strategy for finding the > lowest gas price (or shortest lines, or cleanest > appearance, or brightest sign, or whatever one wants to > analyze). Or even by the most beautiful girl standing in > front, to return us to the original statement. > So, you see, the problem is well-defined, with an elegant > solution. Ahem. I think the sticking point here lies in the translation of the phase "lowest gas price" into the appropriate function to be minimized. Suppose we have 20 gas stations with prices p[1] through p[20] which we have an equal chance of encountering in any of the 20! possible orders while driving through town. We have a deterministic strategy for picking a station to buy gas at which tells us whether or not to buy at the current station as a function only of the rankings of the prices of gas at stations so far encountered, including the current one. This strategy maps every one of the 20! permutations of the gas stations into one of the 20 prices, namely the price at which we purchase gas by applying the specified strategy when stations are encountered in the given order. Finding the "best" strategy implies that we have some function whose domain is the set of such strategies, and whose output is a real number, such that the "best strategy" is one for which this number is minimized. Calling this function the "lowest gas price" is somewhat misleading, since there are a variety of different notions of "average" we may use to condense the 20! gas prices a given strategy generates into a single number. If we were concerned about our wallets, we would probably want the strategy such that the arithmetic mean of gas prices was minimized over all orderings of stations, but this is a parametric notion, and requires that we know specific numeric values of prices, and not simply whether one price is bigger than another. Non-parametrically speaking, the only obvious way of ordering strategies is lexographically, where a strategy which yields more occurrences of the lowest ranked price is better than one which yields less, and if two strategies are equal in their yields of the N lowest ranked prices, we then compare them on the price ranked N+1. This is a function only of the relative rankings, but may not necessarily choose the strategy which on average results in the expenditure of the least amount of money. So while the solution may be elegant, I would argue that the problem, as given, is far from "well-defined", unless some explicit metric which admits arithmetic means is introduced. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From mpd at netcom.com Sun Jul 28 05:07:18 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 28 Jul 1996 20:07:18 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: <199607280701.AAA09887@netcom5.netcom.com> Lucky Green writes: > For clarification, the problem is often stated in textbooks similar like this: > > You ask someone to write one number each on ten pieces of paper without you > being able to see the numbers. The person may use any number from 1 to > 10^99, but may not use a number twice. The person turns over the ten > papers. > > You goal is to determine the paper with the highest number [rules apply as > described in the original post] > > The general solution is to flip over 1/e papers and choose the paper that > has a higher number on it than any of the 1/e papers turned over at first. Stated this way, I suppose strategy A is better than strategy B if after an arbitrarily large number of trials, N(A>B) > N(B>A). It is still unclear that such a notion translates smoothly into notions like "lowest gas price", where buying once at a station that is half the price beats buying a dozen times at a station that is only one cent less. It does translate perfectly well into the original problem of picking subjectively beautiful women, however, which is also non-parametric in a similar way. It would be nice to see a short proof that for the optimal solution, the threshold is the max of the first 1/e elements, and is not a function of how many steps have been taken. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From vinnie at webstuff.apple.com Sun Jul 28 05:16:21 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Sun, 28 Jul 1996 20:16:21 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: AT Sat, 27 Jul 1996 16:14:24 Alan Olsen wrote >I beleive that there is alot that can be done to influence the public to be >pro-crypto. With the proper memes, you can reveal the flaws in the >anti-privacy forces arguments. > >Here are a few in no particular order... . >Offer to sponsor a crypto archive and discussion area on a local BBS. Keep >it current. Get others interested. Spread the tools and teach people how >to use them. > actually this is the major reasons that I am doing the Macintosh Crypto conference at apple Sept 5/6.I want to educate mac developers about crypto. (with or without mr may) Maybe, Just maybe one of these guys will go out and write great crypto program (like a Kid-Crypto..Kidpix clone) that will let the average joe use crypto. as things stand now, windoze folks are going to have to settle with Mcro$ofts Access to Keys...MAK or is it Bill's Access to Keys.. BAK in any case I didnt want to get into a my pulldownmenu is longer than your pulldownmenu argument.. I just want to see it get on the radar fo people who code. You see I dont care what your favorite platform is,( if you like editing in VI fine, I personnly like TECO), BUT I am acting localy, doing my part, not just complaining about it... So if you want to help, I am still looking for folks to talk... maybe about why crypto is so important. Crypto-archarchy. or maybe some e$ stuff would be nice... Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From EALLENSMITH at ocelot.Rutgers.EDU Sun Jul 28 05:46:52 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sun, 28 Jul 1996 20:46:52 +0800 Subject: Internet blamed for pipe bombs Message-ID: <01I7LFRDFCHS9EDGT3@mbcl.rutgers.edu> I found instructions out of the US for such a while back, which fact should help in any debates on limiting access to such information in the US. Also note the attempted link to the War On (some) Drugs. -Allen >Pipe bombs: Easy weapons you can whip up at home > _(c) Copyright 1996 Nando.net _ > Sacramento Bee > SACRAMENTO, Calif. -- It's no wonder curious teenagers, drug dealers > looking to intimidate and thousands of others for unknown reasons are > building pipe bombs, experts say: The ingredients are at the hardware > store and the instructions on the Internet. > Across the country, latest figures from the U.S. Bureau of Alcohol, > Tobacco and Firearms show a 20 percent jump in pipe bomb incidents > between 1990 and 1994. [...] > "We've been incredibly busy," said sheriff's bomb technician Judd > Holiday. "As crime in other categories is dropping, this is going up." [...] > Crude, cheap and surprisingly powerful, pipe bombs are proliferating > in part because directions are easy to find on computer networks, > experts say. One electronic recipe for a pipe hand grenade ends with > the exhortation "Ready to go!" > "It's all over the Internet," said Peter Urrea, resident agent in > charge of the Sacramento office of the federal Bureau of Alcohol, > Tobacco and Firearms. > Pipe bombs are also an increasingly popular tool of intimidation for > makers and dealers of the illegal drug methamphetamine, said Holiday. From rp at rpini.com Sun Jul 28 06:02:23 1996 From: rp at rpini.com (Remo Pini) Date: Sun, 28 Jul 1996 21:02:23 +0800 Subject: Lynx... Message-ID: <9607281031.AA29427@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Sun Jul 28 12:28:37 1996 well, you could turn off all those things in netscape anyway... - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMftA1RFhy5sz+bTpAQG6SwgAlvNbuuCfTSuQZQ/+JNuAMuaWb03arq9f JWDH7VsoX23KNMkUSZlXiRxq3vDIR8clVfXx+j6Gwpy+vGZhC7YhTIcIutZEYh2z tpjjC1ySw92gxs7Rxm8h0IGnZIT6N8Tak070/Qc8hgWIEvHqQZHkv5UjydoSTCW7 rRcVM/mvF4x1MQrgX6NK+DRf7+1uOQFLQkbBv63sIRZeRKj/5v8u126lDShT+LOO 73S6LH7wZ6AiLEB09O2ay4v3IFJbdcLgmQGItrHn8j7v5pUf/E3MMb5TI61jj7a7 vqlin7elVIX1HXLMuvhWAfkhhISuj5YDhsChoNWDWgP1R0XnjtxfRA== =lUu/ -----END PGP SIGNATURE----- From EALLENSMITH at ocelot.Rutgers.EDU Sun Jul 28 06:02:27 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Sun, 28 Jul 1996 21:02:27 +0800 Subject: Security debate after Olympics bombing Message-ID: <01I7LFV08TDW9EDGT3@mbcl.rutgers.edu> Well, at least some people have the right idea. -Allen >Experts point out differences in Atlanta, TWA incidents > _(c) Copyright Nando.net_ > The Associated Press > WASHINGTON -- With nerves already on edge after the suspicious downing > of TWA Flight 800, the bombing at the Olympic Games in Atlanta on > Saturday renewed concerns about U.S. safeguards against terrorism. > But analyses by security experts drew important distinctions between > the incidents, and politicians cautioned against measures that would > limit liberties. > Investigators have not officially determined what caused the Flight > 800 tragedy, but if the jetliner was brought down by terrorists it was > a relatively sophisticated operation. > By comparison, the device in Atlanta was easy to make and detonated in > an easily accessible place. "I don't believe that a pipe bomb would > have taken down that TWA plane," said a Treasury agent, who requested anonymity. > Another federal investigator noted differences between the Atlanta > attack and Middle Eastern terrorists who often use high-powered truck > bombs. And domestic militia groups tend to focus on government > buildings, not crowds. > James Alan Fox, the dean of Northeastern University's criminal justice > school and a student of criminal behavior, said there are basically > two motivations for bombers: revenge and attention. > "The desire to make a statement can be that of a well-organized > terrorist group that uses the victims as pawns to advance their cause, > or it could be someone who is just interested in feeling important," > he said. > Given the recent rise of violent anti-government groups, Fox > speculated that a militia sympathizer might use such an event to grab > the spotlight. > "Through an amateurish bombing like this, he can feel like he's part > of the movement," Fox said. "He can elevate his sense of importance." [...] > And building one is almost as simple. "If you don't know how to do it, > there are any number of books available ... that will teach you > explicitly, step-by-step, how to manufacture the device," Vitch said. [...] > House Speaker Newt Gingrich stressed that security was already high at > the Olympics, and cautioned against adopting a "police state" > mentality. > "If a terrorist is nutty enough, there's always an opportunity for > tragedy," he said, appearing after Nunn on CNN. "A free people can't > back down." From rp at rpini.com Sun Jul 28 06:03:06 1996 From: rp at rpini.com (Remo Pini) Date: Sun, 28 Jul 1996 21:03:06 +0800 Subject: "privatizing" phones? Message-ID: <9607281026.AA29368@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Sun Jul 28 12:24:57 1996 > Even if they did change the frequency the call was on, > it would be a simple matter to decode how the frequency > change was negotiated, and "follow" the call (also easily > accomplished with cellular calls). Failing that, there is > a very limited range of frequencies allocated for cordless > fones, and simply re-scanning for the conversation is a > trivial inconvenience. //cerridwyn// > Most of those systems do also change the order of the transmitted data, and that's not limited to a few possibilities. If it's digital, they usually encrypt it (only weak, but hey, you normally have to find the key real time!) - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfs/vhFhy5sz+bTpAQEcnwf9G+HAE57+cOydDLAoaetvywK5jFq8IdIW POXECrmy53+lTe4n/Z763ytNTUJRYBXcUQrTyg4BiVgDoqt5vm+ZxlPKec64FxME a/UM0wpBBANUmgZVWiojtm+lMuxUxfjXbYyV1hRkBfe+gZ0RF00kOhTsWRqEaUTX UTpbPalsh+fVtCrhU4lkxk70epu8b6F6SiFw9+awP3mRImlu5SdRBduS6G1yTvSX UetAkO60anp6wTIy5s5e+FuWFNmWVqZIGt72fKdqtQshx9xvikzpKGSOExidFTkA Z8gWmk1mfU1PiD/8Yfe6VWJdHlFWbqGDGQmRcfwqi5awmDPeNs7arw== =4IN4 -----END PGP SIGNATURE----- From sparks at bah.com Sun Jul 28 06:10:44 1996 From: sparks at bah.com (Charley Sparks) Date: Sun, 28 Jul 1996 21:10:44 +0800 Subject: Public and Private Munitions Message-ID: <2.2.32.19960728111110.006b97c8@pop1.jmb.bah.com> -----BEGIN PGP SIGNED MESSAGE----- Morning all, I'm only on the second cup....... - From what I gather, is someone took PGP and ... say Private Idaho ( examples only, please ) and put then in a cute box with the instructions printed out and sold it in a store, the government couldn't control it ? So, why doesn't someone round up a couple of nice shareware front ends , and the rest of ot, put it in an envelope and sell it for $5.00 US. The buyer would then have to pay the shareware fee, and the balance after the packaging could go into escrow for the legal defense fund of Cypherpunks or to Phil ? Another note on GAK One morning King Arthur and his knights set forth on a quest. Lancelot, feeling poorly, was left behind. Arthur stopped to see Lancelot on his way out and entrusted him with the key to Gwenevere's (sp) chastity belt. ( Lancelot being a true and faithful knight ) As the band made it's way about a mile from the castle, a knight happened to see a rider from the castle, riding for all he was worth. Tha king called a halt to wait for the rider. It was Lancelot... breathlessly he said to the king, sire, thou has given me the wrong key..... Charley -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCXAwUBMftKbOJ+JZd/Y4yVAQE2lAQNEuODwOm97mvJR29D8ONs2T1v5jicT7UI vBL0rL8WSxCJmeY6ZyOJPI4oS/f1VTdZiMTR48YuQsMZgNWmlPMoW+3mpqvW5lVl ZTb1eyy2OTk6BHk5h3lKTSxMPVn8shlm3YN5v8H0Qd7WJDBO8Dav2WGlKuaI4Ppp 7b81A1hNKvNOjw== =ffzw -----END PGP SIGNATURE----- Charles E. Sparks In God we trust, all others we encrypt ! http:/www.clark.net/pub/charley/index.htm Public Key At http://www.clark.net/pub/charley/cp_1.htm From proff at suburbia.net Sun Jul 28 06:10:49 1996 From: proff at suburbia.net (Julian Assange) Date: Sun, 28 Jul 1996 21:10:49 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: <199607281026.UAA07031@suburbia.net> > > At 20:54 7/27/96, Mike Duvos wrote: > >ichudov at algebra.com (Igor Chudov @ home) writes: > > > > > Also, I would appreciate if someone specified what exactly > > > the goal function is. > > > >Me too. > > For clarification, the problem is often stated in textbooks similar like this: > > You ask someone to write one number each on ten pieces of paper without you > being able to see the numbers. The person may use any number from 1 to > 10^99, but may not use a number twice. The person turns over the ten > papers. > > You goal is to determine the paper with the highest number [rules apply as > described in the original post] > > The general solution is to flip over 1/e papers and choose the paper that > has a higher number on it than any of the 1/e papers turned over at first. Can someone explain the theory behind this? -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From jya at pipeline.com Sun Jul 28 07:25:12 1996 From: jya at pipeline.com (John Young) Date: Sun, 28 Jul 1996 22:25:12 +0800 Subject: War of Words Message-ID: <199607281155.LAA10811@pipe3.t1.usa.pipeline.com> Financial Times, July 27/28, 1996, p. XVIII. War of words over the facts By Peter Aspden It must be tough to return from a spell of duty as a war correspondent to a gentle, civilised, country such as Britain. One minute you are witnessing the most unspeakable atrocities committed in the name of politics, religion or just for the hell of it; the next, you are listening to heated debate over the future of the rugby Five Nations Championship. It does nothing for your sense of perspective. Martin Bell, who covered the Bosnian war with such distinction for the BBC, left the stench of the Srebrenica mass executions to breathe the irrelevant odours of Euro-scepticism and National Lottery-mania over the media airwaves. It shocked him to the core, as he revealed in a recent speech: "I ask myself: is this my country? Is it even my planet?" Bell's exasperation has led him to question the model of balanced, dispassionate, objective journalism which has been the bedrock of BBC -- and indeed most serious newspaper and broadcasting -- journalism. He now calls it "bystander journalism". "What I believe in now is what I prefer to call the journalism of attachment, a journalism that cares as well as knows." Predictably, this has set alarm bells ringing. Traditionalists fussed over their hallowed dictum -- facts are sacred, comment is free -- with scarcely a pause for reflection. It is precisely when issues take on a tragic, awful dimension, they argued, that one needs to stick to the facts of the matter. There is no room for sentiment on the front lines. But Bell's point is well made. The trouble with facts, or at least those which are given privilege by traditional journalism, is that they are hard, cold, numbing. If, while reporting on Srebrenica, one talks about diplomatic initiatives, talks about talks, United Nations troop movements, one soon loses one's audience. It is a lesson which even academics, those ultimate upholders of cool objectivity, have come to appreciate. I remember the American philosopher Richard Rorty beginning a lecture on human rights to Oxford University students with a harrowing account of a Bosnian Moslem having his penis bitten off. The atmosphere became electric, no mean feat for the Sheldonian Theatre. We probably would not hear of such incidents in a normal news account from Bosnia; we certainly would not see anything related to it, on grounds of poor taste. But the sexual sadism which is a component of virtually every ethnic cleansing campaign there has ever been is a fact, too. Not a cold, hard fact, but one which has the power to move people. Therein lies its strength. It is not as if the media show any consistency here. On certain occasions, they are only too willing to allow news reports to emote. When we see an interview with a distressed relative whose family has been wiped out or gone missing, we are meant to feel for them. And the police exploit that feeling: they hope that public compassion will turn to solid leads. The facts here are heart-wrenching. But, more importantly, they are facts with which we can identify. It requires little imagination to see ourselves in the wretched situation we watch on the small screen. We know what it is like to lose a loved one, or we feel we know. What we find difficult is to move from micro to macro. What happened at Srebrenica, like what happened at Auschwitz and Belsen, is almost unimaginable. And faced with the unimaginable, we go cold. This applies to news reports as well as the self-defence mechanisms of our fragile emotions. One cannot countenance sitting down after dinner in front of the television to hear of such brutalities, let alone see them. But that is no excuse. The trouble with cold facts is that they harden, while all the time we should be being tenderised. And then we fall to that terrible disease of fattened western sensibilities, "compassion fatigue". We should listen to Martin Bell. He knows a thing or two about human behaviour which most of us choose to exclude from our worldview. We should have heard more from him on the horrors of Bosnia, and less on the grotesquely inadequate responses of our gentle, civilised countries as they sought to respond to the unthinkable. [End] From liberty at gate.net Sun Jul 28 07:30:49 1996 From: liberty at gate.net (Jim Ray) Date: Sun, 28 Jul 1996 22:30:49 +0800 Subject: Public vs. Private Munitions Message-ID: <199607281231.IAA64028@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: >...And the government has no "Sofware Approval Office." Yet. JMR P.S. Today's Dave Barry column is worth reading for a humorous look at smoking from a libertarian who doesn't agree with Ayn Rand on the subject. Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "It is long past time to end the laughable presumption that voters who can easily cope with the choices offered at Burger King are somehow 'confused' by more than two choices at the voting booth." -- me, in the Miami Herald, June 24, 1996, p. 10A. Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray Coming soon, the "Pennies For Perot" page. Keep billionaires off welfare! ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMftcFG1lp8bpvW01AQF3xwP/aOa2tmp1+oOogdq3a5VNJ3AltT/f9hcD 6z9iTRulIlgLfB56MPZfjY6/hsjL37cwHkPQB2XEuSQxuaRATJrp640yMyHoy7rj nQdUV5YetkXyS6aLExECMIfAzAPw7rZzhhP5T0ljEHRBnqiZ3uTh6JiGPQZrcDaD BcVaWfiSxjI= =gRJg -----END PGP SIGNATURE----- From iang at systemics.com Sun Jul 28 07:58:38 1996 From: iang at systemics.com (Ian Grigg) Date: Sun, 28 Jul 1996 22:58:38 +0800 Subject: Schelling Points leads to interesting family investment opportunities Message-ID: <31FB5FFA.41C67EA6@systemics.com> Hi Tim, you said: > The _costs_ of extending beyond the Schelling point boundaries > is deemed to be too high, and the boundary persists. This reminds me of the transactional theory of business units. Working from memory, the optimal size of a business unit is positively related to the cost of the transactions conducted between units, other things being held constant. Thus, in a place where it is "expensive to do business" the dominant form of company will be large. Conversely in a cheap business environment, small companies will predominate. This notion spurs one to examine the transactional costs and to decide (or not) to lower them... The interesting part for your family context is that falling transaction costs have purportedly produced a shift away from large companies to smaller units. Those falling costs are in the sphere of digital communications, other technology, and regulation. If such were to apply to the context of families, upbringing children and education in general, one might predict that the size of the family should shrink. In a sense we might have already seen this. The extended family is really just a memory for most westerners, but is still the norm in poor countries. And I guess we have seen a strong increase in the number of single-parent families in most western countries. One would then be lead to ask, if you are proposing that Internet technologies in general and crypto in particular are influences on the Schelling points related to the family rights set, can this result in smaller family units? That is, the cost of providing (net) education falls, and the ease of crypto communication allows children to grow up as individuals in the big wide Inter-world rather than the shoolyard. If I were permitted to ramble without judicious limit, I would talk about the economic unit becoming a single person, and that person becoming responsible for their own success, regardless of their age. In this view of the future, a child is an economic unit, and is responsible for his own education, and thus must learn for the future. Obviously there is a bootstrapping problem here previously known as birth, and this could be addressed by well-meaning investors purchasing educational rights to a mother's future child (in effect, buying an unborn baby). The child then becomes the ward of the investor, who attempts to raise the child to produce the maximal return. Of course, in order to eliminate the distorting effects of love and child-like whims (I don't want to log into teacher today), there would have to be a free market for raising rights, based on caveat emptor examination of progress. Thus would be exist an informational approach to encourage the child's attention to books, and of course, towards a successful career as an investor in the youth of tomorrow. This would also allow specialisation of investment, those that concentrate on the early years, those on the teens and those that reap the final rewards of first productive working years. The arisal of these strata would lay to rest for ever that old saw of the economists by showing that there is no market failure in education, and thus no need for regulation. And in answer to those anticipated questions from concerned parents, no, I don't have any children, and yes, in the new world, senior citizens can contract to investors to provide granny services, so that they won't be unemployed. But perhaps I should really have placed a judicious limit on my ramblings :-) -- iang iang at systemics.com From schryver at radiks.net Sun Jul 28 08:14:33 1996 From: schryver at radiks.net (Scott Schryvers) Date: Sun, 28 Jul 1996 23:14:33 +0800 Subject: "privatizing" phones? Message-ID: <199607281303.IAA17543@sr.radiks.net> At 12:26 PM 7/28/96 +0200, you wrote: If its the same standard used in digital cel phones it shouldn't take more than 30 seconds to figure out the key. The standard used in digital cel phones is a 120 bit key and the crypto is basic xor which is easily broken using basic cryptanalysis. >-----BEGIN PGP SIGNED MESSAGE----- > >To: cypherpunks at toad.com >Date: Sun Jul 28 12:24:57 1996 >> Even if they did change the frequency the call was on, >> it would be a simple matter to decode how the frequency >> change was negotiated, and "follow" the call (also easily >> accomplished with cellular calls). Failing that, there is >> a very limited range of frequencies allocated for cordless >> fones, and simply re-scanning for the conversation is a >> trivial inconvenience. //cerridwyn// >> > >Most of those systems do also change the order of the transmitted data, and >that's not limited to a few possibilities. If it's digital, they usually >encrypt it (only weak, but hey, you normally have to find the key real >time!) > >- --------< fate favors the prepared mind >-------- >Remo Pini rp at rpini.com >PGP: http://www.rpini.com/remopini/rpcrypto.html >- ------< words are what reality is made of >------ >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3i >Charset: noconv > >iQEVAwUBMfs/vhFhy5sz+bTpAQEcnwf9G+HAE57+cOydDLAoaetvywK5jFq8IdIW >POXECrmy53+lTe4n/Z763ytNTUJRYBXcUQrTyg4BiVgDoqt5vm+ZxlPKec64FxME >a/UM0wpBBANUmgZVWiojtm+lMuxUxfjXbYyV1hRkBfe+gZ0RF00kOhTsWRqEaUTX >UTpbPalsh+fVtCrhU4lkxk70epu8b6F6SiFw9+awP3mRImlu5SdRBduS6G1yTvSX >UetAkO60anp6wTIy5s5e+FuWFNmWVqZIGt72fKdqtQshx9xvikzpKGSOExidFTkA >Z8gWmk1mfU1PiD/8Yfe6VWJdHlFWbqGDGQmRcfwqi5awmDPeNs7arw== >=4IN4 >-----END PGP SIGNATURE----- > > From sparks at bah.com Sun Jul 28 08:51:15 1996 From: sparks at bah.com (Charley Sparks) Date: Sun, 28 Jul 1996 23:51:15 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: <2.2.32.19960728133504.006b8dac@pop1.jmb.bah.com> I occasionally get invited to teach at a local college.. some students are not US. Anyone have any suggestions on a way I can sneek some good privacy into the lesson plan.. the course is usually the Internet or networking in general. Charley >>snip snip<< >as things stand now, windoze folks are going to have to settle with >Mcro$ofts Access to Keys...MAK or is it Bill's Access to Keys.. BAK in any >case I didnt want to get into a my pulldownmenu is longer than your >pulldownmenu argument.. I just want to see it get on the radar fo people >who code. > >You see I dont care what your favorite platform is,( if you like editing in >VI fine, I personnly like TECO), BUT I am acting localy, doing my part, >not just complaining about it... So if you want to help, I am still looking >for folks to talk... maybe about why crypto is so important. >Crypto-archarchy. or maybe some e$ stuff would be nice... > > > >Vinnie Moscaritolo >------------------ >"friends come and friends go..but enemies accumulate." >http://www.vmeng.com/vinnie/ >Fingerprint: 4FA3298150E404F2782501876EA2146A > > > From m5 at vail.tivoli.com Sun Jul 28 09:17:28 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 29 Jul 1996 00:17:28 +0800 Subject: Twenty Beautiful Women In-Reply-To: <199607280248.VAA20048@manifold.algebra.com> Message-ID: <31FB75D5.7FFF@vail.tivoli.com> Igor Chudov @ home wrote: > Also, I would appreciate if someone specified what exactly the goal > function is. Are you wunna them "funny boys"? [ note clear cp relevance viz. a particular thread I've been nuking lately ] ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From dlv at bwalk.dm.com Sun Jul 28 09:58:55 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 29 Jul 1996 00:58:55 +0800 Subject: ABC Message-ID: I just heard something funny on ABC: Interviewer: Is this the kind of bomb the militias like to use? Interviewee: Yes, it's a pipe bomb. Of course, you can find out on the Internet how to make these... (Well, _I thought this was funny.) I hereby volunteer Jim Bell to write the Cyperpunk bomb-making FAQ. Or a more general chemical FAQ including common poisons. Are you up to this task, Jim? :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From m5 at vail.tivoli.com Sun Jul 28 09:59:05 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 29 Jul 1996 00:59:05 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: <2.2.32.19960728133504.006b8dac@pop1.jmb.bah.com> Message-ID: <31FB7D22.2103@vail.tivoli.com> Charley Sparks wrote: > > I occasionally get invited to teach at a local college.. some students are > not US. Anyone have any suggestions on a way I can sneek some good privacy > into the lesson plan.. How about someting sly and devious, like "Today, students, we're going to look into issues of privacy on the internet and with communications in general. We will survey the science of cryptography, using a variety of cryptographic techniques as illustrations of particular issues... "For our next meeting, please read the first several chapters of Bruce Schneier's 'Applied Cryptography' from the required reading list for the class." If you're stifled by any agency, scream at the top of your lungs. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From anonymous-remailer at shell.portal.com Sun Jul 28 10:01:38 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Mon, 29 Jul 1996 01:01:38 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI Message-ID: >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY >CAN TRACK YOU DOWN AND CLOSE THIS LIST. Tips for reporting this 'clandestine' list to the FBI (and it's contributors) 1) Be sure to speak slowly and use small words when contacting the FBI. 2) If you can, be sure to work the words 'Pipe Bomb', 'Olympics', and/or 'TWA' into your sentences. 3) Remember to unsubscribe from the list before reporting it. 4) Try not to be belligerant when the talking with the FBI - RE: tracking down cpunks; they're laughing at you, already. 5) Try not to use the word 'inbred' in your report..they seem particullarly sensitive to this...for some reason. 6) When meeting FBI in person, do not wear shiny objects or bright colors - it distracts them. 7) When calling the FBI hotline, don't ask to speak to someone about munition smuggling AND computers crimez - this will put the operator into coma. 8) Be sure to ask for special agent 'Fox Mulder' and 'Dana Sculley' - they're 'the best' 9) 10)... _______ Warren Crossfield Programmer/MacOS "Buy a Pentium - so you can restart Windoze faster!" From dlv at bwalk.dm.com Sun Jul 28 10:05:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 29 Jul 1996 01:05:08 +0800 Subject: [NOISE] Rich Graves is accused of forgery and other net-abuse Message-ID: Hmm, I though Rich Graves was a Nazi, but now the Nazis reject him too. :-) Message-ID: <012317Z28071996 at anon.penet.fi> Path: ...!newsfeed.internetmci.com!swrinde!howland.reston.ans.net!EU.net!news.eunet.fi!anon.penet.fi Newsgroups: alt.fan.ernst-zundel,alt.revisionism,news.groups,alt.internet.media-coverage,news.admin.net-abuse.misc,c2.chat,alt.cyberpunk,soc.culture.jewish From: an572010 at anon.penet.fi (Vyshinsky) X-Anonymously-To: alt.fan.ernst-zundel,alt.revisionism,news.groups,alt.internet.media-coverage,news.admin.net-abuse.misc,c2.chat,alt.cyberpunk,soc.culture.jewish Organization: Anonymous forwarding service Reply-To: an572010 at anon.penet.fi Date: Sun, 28 Jul 1996 01:21:24 UTC Subject: Re: Spammed by a Nazi obssessive References: <4t8nk8$3ic at Networking.Stanford.EDU> Lines: 80 [multi-mailed to llurch at stanford.edu, postmaster at stanford.edu, and postmaster at c2.net] llurch at stanford.edu writes: > joelr at winternet.com (Joel Rosenberg) writes: > >In article schwartz at infinet.com writes: > > > >>Maybe someone should mention to Ingrid that this little crap works both > >>ways. She may have been spammed, so are we. > >> > >>Sara > > > >I got the same spew, and sent back a message, with a copy to the root, that > >I want no further email from these folks. No big deal. > > > Right. It's not. > > It doesn't work both ways. Neither way is acceptable. Fortunately, with > the exceptions of Skippy, Giwer, and Marduk, whom nobody loves, nobody > seems to be into continuing net abuse after they've been notified that > it's wrong. You, postmaster at c2.org, postmaster at stanford.edu and news.admin.net-abuse.misc were notified about forged cancels by you against others. Did you stop since? Your practice of posting to a lot of newsgroups with a followup-to line for an "enemy" newsgroup, is the classic practice of trolling. Most of the newsreaders wont see the rebuttals, and presume that your post was unchallenged, so inspiring a rebuttal with the same arguments that have already been made. You've not stopped regardless of the number of complaints. Your practice of forging your e-mail address away from your true e-mail address is also net abuse. This is an obvious taking advantage of sameer at c2.net, a net hero, the admin of your ISP, that you are maliciously taking advantage of to avoid complaints of your actual e-mail address, llurch at stanford.edu, whom you work for. Whoever "Skippy" is, she has not forged cancels since March 1996, and has never done the other abuses you deal out in prolific quantity. Are you going to stop these three net abuses because of yet another complaint? You haven't before. --****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION*** Your e-mail reply to this message WILL be *automatically* ANONYMIZED. Please, report inappropriate use to abuse at anon.penet.fi For information (incl. non-anon reply) write to help at anon.penet.fi If you have any problems, address them to admin at anon.penet.fi From shamrock at netcom.com Sun Jul 28 10:32:55 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 29 Jul 1996 01:32:55 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: At 9:35 7/28/96, Charley Sparks wrote: >I occasionally get invited to teach at a local college.. some students are >not US. Anyone have any suggestions on a way I can sneek some good privacy >into the lesson plan.. the course is usually the Internet or networking in >general. Ignore ITAR. It is unconstitutional. BTW, independently from what the Supreme Court may ore may not decide. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From shamrock at netcom.com Sun Jul 28 10:43:04 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 29 Jul 1996 01:43:04 +0800 Subject: Internet blamed for pipe bombs Message-ID: At 5:36 7/28/96, E. ALLEN SMITH wrote: >> Across the country, latest figures from the U.S. Bureau of Alcohol, >> Tobacco and Firearms show a 20 percent jump in pipe bomb incidents >> between 1990 and 1994. > >[...] > >> "We've been incredibly busy," said sheriff's bomb technician Judd >> Holiday. "As crime in other categories is dropping, this is going up." The friendly Anarchist's Bookstore in San Francisco sells several books on building bombs. No Internet connection required. I would like offer another possible explanation for the increase in pipe bombings. The People are getting frustrated and a pipe bomb can be very useful device releasing one's frustration. [No, I do not approve of pipe bombing civilians]. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From dlv at bwalk.dm.com Sun Jul 28 11:28:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 29 Jul 1996 02:28:15 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: <2.2.32.19960728133504.006b8dac@pop1.jmb.bah.com> Message-ID: Charley Sparks writes: > I occasionally get invited to teach at a local college.. some students are > not US. Anyone have any suggestions on a way I can sneek some good privacy > into the lesson plan.. the course is usually the Internet or networking in > general. Put useful stuff on a diskette, including PGP. Make as many copies of the diskette as you have students. Hand it out in class. Assign homework projects that would involve using PGP. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Jul 28 11:28:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 29 Jul 1996 02:28:41 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI In-Reply-To: Message-ID: anonymous-remailer at shell.portal.com writes: > > Tips for reporting this 'clandestine' list to the FBI (and it's contributors) ^ > 1) Be sure to speak slowly and use small words when contacting the FBI. ... > _______ > Warren Crossfield > Programmer/MacOS > "Buy a Pentium - so you can restart Windoze faster!" 11. When using an anonymous remailer, strip your signature. 12. Don't rely on a Mac spellchecker. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Sun Jul 28 11:37:01 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 29 Jul 1996 02:37:01 +0800 Subject: Schelling Points leads to interesting family investment opportunities Message-ID: At 12:41 PM 7/28/96, Ian Grigg wrote: >Hi Tim, > >you said: >> The _costs_ of extending beyond the Schelling point boundaries >> is deemed to be too high, and the boundary persists. > >This reminds me of the transactional theory of business units. >Working from memory, the optimal size of a business unit is >positively related to the cost of the transactions conducted >between units, other things being held constant. > >Thus, in a place where it is "expensive to do business" the >dominant form of company will be large. Conversely in a >cheap business environment, small companies will predominate. >This notion spurs one to examine the transactional costs and >to decide (or not) to lower them... Yes, I think these things are deeply intertwined. Coase's work on the nature of corporations, for example. (Another connection is that economics and markets are largely about "signalling mechanisms," and it can be argued that prices are variants of Schelling points, albeit hopping around as other market players jockey for advantage.) >The interesting part for your family context is that falling >transaction costs have purportedly produced a shift away from >large companies to smaller units. Those falling costs are in >the sphere of digital communications, other technology, and >regulation. If such were to apply to the context of families, >upbringing children and education in general, one might >predict that the size of the family should shrink. Which it has, as you note. The availability of microwave dinners, transportation to new jobs, new employment patterns, and other factors too numerable to mention are correlated fairly strongly with a reduction in the size of the average family. >One would then be lead to ask, if you are proposing that >Internet technologies in general and crypto in particular >are influences on the Schelling points related to the family >rights set, can this result in smaller family units? I wouldn't go quite _this_ far! (And it's hard to go too much further than we have already...as you noted, increasing numbers of Westerners are single.) Certainly your comments are generally relevant and interesting, and sociologists should have fun examining the economic, game-theoretic, psychological, and other factors that are interlinked. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From wombat at mcfeely.bsfs.org Sun Jul 28 11:48:53 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Mon, 29 Jul 1996 02:48:53 +0800 Subject: ALL OF YOU ARE CRIMIN In-Reply-To: Message-ID: On Sat, 27 Jul 1996 pjn at nworks.com wrote: > > At 09:33 PM 7/26/96 -0700, anonymous-remailer at shell.portal.com wrote: > >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS > >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY > >CAN TRACK YOU DOWN AND CLOSE THIS LIST. > > > Yes, your remailer appears to be working. You're welcome. From tcmay at got.net Sun Jul 28 11:52:46 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 29 Jul 1996 02:52:46 +0800 Subject: Feinstein wants controls on Internet, Books Message-ID: One of my senators, Senator Dianne Feinstein, is now arguing on CNN for controls on information put on the Internet, on censorship of books and articles describing how pipe bombs work, and for making it easier to get wiretaps against those suspected of committing thought crimes. One or two more major incidents on top of the recent ones (World Trade Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect Congress will simply vote to repeal the Bill of Rights and just be done with this whole experiment in liberty. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pjn at nworks.com Sun Jul 28 12:05:34 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Mon, 29 Jul 1996 03:05:34 +0800 Subject: ALL OF YOU ARE CRIMIN Message-ID: > At 09:33 PM 7/26/96 -0700, anonymous-remailer at shell.portal.com wrote: >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY >CAN TRACK YOU DOWN AND CLOSE THIS LIST. > Damnit Sen. Exxon! We told you not to use the computer!! :) P.J. pjn at nworks.com ... "The future of robotics" � by Cy Borg and Anne Droid ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Sun Jul 28 12:28:52 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Mon, 29 Jul 1996 03:28:52 +0800 Subject: cypherpunks vs hackers Message-ID: In> How can we differentiate cypherpunks to hackers? What are their In> attitudes, psychological thinking, main objective? It is interesting to note that while both groups have opposite objectives (Hackers want all information free, where cypherpunks want everbody to be able to have privacy), and yet in there own ways, they are both right. I think what we need to define is the diffrence between hackers and crackers. A hacker breaks into a computer like a cracker (but the similarities end there). The hacker just want to look and learn, possably "map out" the system just to see how everything works with everything else. Crackers break into computers for the sake of destroying or stealing information or the system itself. Both cypherpunks and hackers think that the government is wrong in many things that they do. P.J. pjn at nworks.com ... It would seem that evil retreats when forcibly confronted. - Excalbian ___ Blue Wave/QWK v2.20 [NR] From jeremey at forequest.com Sun Jul 28 12:35:05 1996 From: jeremey at forequest.com (Jeremey Barrett) Date: Mon, 29 Jul 1996 03:35:05 +0800 Subject: Public vs. Private Munitions In-Reply-To: <2.2.32.19960727192453.0069bd10@mail.sd.cybernex.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hrm... that should foster communication. So lemme see if I understand your point... everyone in the U.S needs to devise their own cryptosystem, and then use it to communicate securely. To who? Since I can't publish my system for fear the government will find it out and then restrict it, noone else will know about it. I can have a good old time encrypting stuff to myself, but that's about it. And the likelihood that I'm an expert cryptographer in order to design a good system is pretty remote. On Sat, 27 Jul 1996, Erle Greer wrote: > Here's how I understand it: > The U.S. Government, concerned only with making America a safer place > for us taxpayers to live in, wants to regulate domestic encryption in order > to have access to the content of all transmissions. Their theory is that > any cryptosystem that is stronger than their cryptanalysis systems can be > used in illegal transmissions and should be considered munitions. > Theoretically, the government should only be have the resources to > control commercially-available, public encryption systems. Who is to stop > anyone from designing their own cryptosystem for personal use? If the > government intercepted a transmission from this private cryptosystem, and > could not decrypt it, would they assume that it must be considered > munitions? Similarly, anyone could send uniformly-formatted random garble > that could also be considered munitions, or at least waste the governments > processing time. > Why are we so worried about government regulation? Can't we just > devise our own cryptosystems and just don't sell them or make them publicly > available? > - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Jeremey Barrett Senior Software Engineer jeremey at forequest.com The ForeQuest Company http://www.forequest.com/ "less is more." -- Mies van de Rohe. Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gage, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver", he says, "will usually know what's wrong." -- 'fortune` output -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfufny/fy+vkqMxNAQEU5AQAuRmv5F2zTegRuwaQ+BL/nRkuR2oGHJKZ i5y1M8DHH1SX4dM0idxV3VCqQuuEXqhjO2Q6HSKp+5H3UtDvQMihOD78WE9w67mj ogsMFFHgmh19W79Z/Plv/G4VhDlBcx4rlYeTGaBGK7mRc6YV/qsQ1U4hQmdnyOmw 1L6EVE8wZYc= =N4Dh -----END PGP SIGNATURE----- From pjn at nworks.com Sun Jul 28 12:43:39 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Mon, 29 Jul 1996 03:43:39 +0800 Subject: WaPo on Crypto-Genie Message-ID: In> Why does it sounds like Mr. Freeh and his friends are drinking out of In> a different bottle than the rest of us? Why does it sound like they have been drinking period? P.J. pjn at nworks.com ... He's not exactly working on all thrusters. - Mcoy ___ Blue Wave/QWK v2.20 [NR] From alano at teleport.com Sun Jul 28 12:49:27 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 29 Jul 1996 03:49:27 +0800 Subject: [noise] Re: WaPo on Crypto-Genie Message-ID: <2.2.32.19960728174203.00eb3568@mail.teleport.com> At 12:59 PM 7/28/96 -0500, pjn at nworks.com wrote: > In> Why does it sounds like Mr. Freeh and his friends are drinking out of > In> a different bottle than the rest of us? > > Why does it sound like they have been drinking period? I would guess it is either "Night Train", "Thunderbird", or one of those French wines with the anti-freeze added for extra "kick". --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From m5 at vail.tivoli.com Sun Jul 28 12:51:02 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 29 Jul 1996 03:51:02 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: Message-ID: <31FBA3C0.6A7@vail.tivoli.com> Sorry, me again; I can't resist the irony: Timothy C. May wrote: > > One of my senators, Senator Dianne Feinstein, is now arguing on CNN for > controls on information put on the Internet ... There's a diagram of a pipe bomb on the CNN web site, in the story about the horrible things. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From alano at teleport.com Sun Jul 28 12:53:48 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 29 Jul 1996 03:53:48 +0800 Subject: Internet blamed for pipe bombs Message-ID: <2.2.32.19960728173842.00e15cbc@mail.teleport.com> At 08:30 AM 7/28/96 -0700, Lucky Green wrote: >At 5:36 7/28/96, E. ALLEN SMITH wrote: > >>> Across the country, latest figures from the U.S. Bureau of Alcohol, >>> Tobacco and Firearms show a 20 percent jump in pipe bomb incidents >>> between 1990 and 1994. >> >>[...] >> >>> "We've been incredibly busy," said sheriff's bomb technician Judd >>> Holiday. "As crime in other categories is dropping, this is going up." > >The friendly Anarchist's Bookstore in San Francisco sells several books on >building bombs. No Internet connection required. I would like offer another >possible explanation for the increase in pipe bombings. The People are >getting frustrated and a pipe bomb can be very useful device releasing >one's frustration. The local PBS station had a program on bomb detection and manufacture. It included a section with someone from the BATF explaining how Pipebombs work and included slow motion video. (It might have been an episode of NOVA. I came in in the middle.) It even included information about how nails and screws would be included for extra schrapnel. (Maybe this is part of a plot to remove funding from PBS once and for all...) The media and government types who are blaming the Internet for pipebombs do not get out enough. I have seen good working descriptions in books since I was a small child. (Of course, I actually read books as a child. And not just the pablum they expect kids to read nowadays.) Of course, since when have government and media pronouncements have had anything to do with the real world and/or truth... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From m5 at vail.tivoli.com Sun Jul 28 12:53:50 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 29 Jul 1996 03:53:50 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: Message-ID: <31FBA2D3.C32@vail.tivoli.com> Timothy C. May wrote: > > One of my senators, Senator Dianne Feinstein, is now arguing on CNN for > controls on information put on the Internet, on censorship of books and > articles describing how pipe bombs work ... I can only assume that anybody who reaches adulthood without incidentally learning how to make a bomb, or who at least becomes acquainted with someone else who they can confidently assume knows how to help out in a pinch, is merely an idiot. It appears that Ms. Feinstein herself has no idea how to make a bomb, and that therefore she assumes it's a monstrous cabal of psychotic murderers that passes this sort of information around via illicit texts and, lately, the despicable Internet. Who's never read a spy novel or muder mystery with (possibly bogus, though at least vaguely accurate) bomb-building hints? Who's grown up with violent American television and film without absorbing at least a shred of information regarding bombs? Is it really possible that a marginally intelligent person could find themselves needing to build a bomb but have no idea how to proceed? Either that, or Ms. Feinstein assumes (depressingly, perhaps correctly) that her constituency is itself so collectively idiotic that they'll accept such activity as good work done for their benefit. I doubt the latter. Ms. Feinstein has never in public speech given me intuitive feelings that she's at all a devious, subtly manipulative person. I think she's an honest idiot who turns the fortune of her political power to causes she believes to be right. It's infuriating. So infuriating, in fact, that I'll vent a bit more. How effective does Ms. Feinstein imagine a ban on bomb-building information might be? Those who've already learned can't be expected to forget, so there'll be a period of time during which today's crop of crazed bombers work the urges out of their systems. There'll be the determined traffic in illegal dog-eared volumes traded secretly among those awful militia members in all the "scary" states between Lake Tahoe and the Potomac. Given the rarity of bombings today, can anyone honestly expect that even the most draconian crack-down on information will turn back the clock to the days before virtually every adolescent male knew the raw ingredients of gunpowder? Finally, note that you'd better hurry and order your video copy of the old Star Trek episode "Arena"... [ ... time to mellow out; I'm switching from coffee to beer. ] ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From tcmay at got.net Sun Jul 28 13:13:02 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 29 Jul 1996 04:13:02 +0800 Subject: cypherpunks vs hackers Message-ID: At 5:59 PM 7/28/96, pjn at nworks.com wrote: > In> How can we differentiate cypherpunks to hackers? What are their > In> attitudes, psychological thinking, main objective? > > It is interesting to note that while both groups have opposite > objectives (Hackers want all information free, where cypherpunks want > everbody to be able to have privacy), and yet in there own ways, they > are both right. I don't believe this is an accurate picture of "what hackers want." The "information wants to be free" view is one facet of the outlook of many--but not all--hackers. Rather than debate semantics of the definition of "hacker," or ask others to suggest definitions, it might be better for interested folks to read some of the various books on the topic and then decide for themselves. Some of them are: - Levy, "Hackers," of course - Haffner and Markoff, "Cyberpunk" - Sterling's book on hackers - any one (but not more) of the several Shimomura v. Mitnick books etc. --Tim Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ericm at lne.com Sun Jul 28 13:33:04 1996 From: ericm at lne.com (Eric Murray) Date: Mon, 29 Jul 1996 04:33:04 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: Message-ID: <199607281817.LAA01221@slack.lne.com> Timothy C. May writes: > > > One of my senators, Senator Dianne Feinstein, is now arguing on CNN for > controls on information put on the Internet, on censorship of books and > articles describing how pipe bombs work, and for making it easier to get > wiretaps against those suspected of committing thought crimes. > > One or two more major incidents on top of the recent ones (World Trade > Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect > Congress will simply vote to repeal the Bill of Rights and just be done > with this whole experiment in liberty. Yes, but it won't be nearly that blatant. In classic Orewllian Doublespeak, it'll be called the "Terrorist Victims Bill of Rights and Freedom of Information Act" and will merely 'abridge' the Bill of Rights with the "right" of the government to investigate, wiretap, arrest and detain without trial any suspected "terrorists" and "drug kingpins". Cancelling the Bill of Rights would be too obvious, and probably isn't the outright goal of any but a few extremists in government. Rather, the majority of bureaucrats/elected officials want to redefine the Rights to only apply to "good citizens", for somewhat varying definitions of "good". "They" won't suddenly stage a fascist coup, instead it will (and has been) a long step-by-step process. I don't think that most policy-makers are even aware of what they're doing (DiFi certainly isn't) they're just responding to preceived public pressure and trying to stay elected. The ugliest phrase in American lexicon: "There oughta be a law". -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From nobody at vegas.gateway.com Sun Jul 28 13:33:43 1996 From: nobody at vegas.gateway.com (Anonymous Remail Service) Date: Mon, 29 Jul 1996 04:33:43 +0800 Subject: Terrorist voice recognition Message-ID: <199607281838.OAA12013@black-ice.gateway.com> Does anyone else find it odd that the tape of the 911 call, threatening the terrorist bomb at the Olympic Park, still hasn't been released to the media? It would seem that there is at least a possibility that someone could know this person's voice and finger him for the feds... I have a [disturbing, hence anonymous] explanation: The feds figure they have already got a pool of people who can recognise the voice of a pipe-bomber, as sworn courtroom admissions show that the previous pipebombs' burial locations, supposedly known to "the Georgia Militia," were actually only known to a single government informant infiltrator. [The media, for some strange reason, didn't choose to report this little item. The militia case has now been delayed.] Hmmmmmmmm. From ericm at lne.com Sun Jul 28 13:34:38 1996 From: ericm at lne.com (Eric Murray) Date: Mon, 29 Jul 1996 04:34:38 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: <31FBA2D3.C32@vail.tivoli.com> Message-ID: <199607281835.LAA01418@slack.lne.com> Mike McNally writes: > > Either that, or Ms. Feinstein assumes (depressingly, perhaps correctly) > that her constituency is itself so collectively idiotic that they'll > accept such activity as good work done for their benefit. Of course. She'll have "done something" about the "terrorisim problem". Never mind that it's completely ineffective and restrictive of civil liberties. Most Americans don't particularly care about civil liberties as long as their day-to-day life runs smoothly. Especially if it's other people's civil liberties that are restricted. The media hypes the terrorisim threat because it helps sell air time and newspapers. Fear sells. How many of you were glued to the tube for the dismal "coverage" of the Olympic Park bombing? I was, and I usually hate TV. Fear is a powerful attention-getter, almost at good as sex. Since we're not allowed to have sex in the media, guess what we get? The articicially-generated climate of fear creates a reaction among the populace. Witness the countless studies that show that people's fear of being a crime victim has increased markedly in the last 10 or 15 years while actual crime statistics have for the most part gone down. The politicians have picked up on this reaction with a vengance, being "tough on crime" is a sure way to get (re)elected. > So infuriating, in fact, that I'll vent a bit more. How effective does > Ms. Feinstein imagine a ban on bomb-building information might be? Those > who've already learned can't be expected to forget, so there'll be a > period of time during which today's crop of crazed bombers work the > urges out of their systems. [..] DiFi and crowd isn't thinking of how their information crackdown would actually work. They probably don't really care if it'll be effective or not. The point is to "do something" right now about the "terrible problem". That something just has to sound like it'll be effective; no one will find out if it works or not for 10 or 15 years, which is an eternity for politicians (and most constituents). -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From rah at shipwright.com Sun Jul 28 14:09:46 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 29 Jul 1996 05:09:46 +0800 Subject: e$: The Demographic "Transaction" (was Re: Schelling Points...) In-Reply-To: Message-ID: At 5:00 AM -0400 7/29/96, Timothy C. May wrote: > Which it has, as you note. The availability of microwave dinners, > transportation to new jobs, new employment patterns, and other factors too > numerable to mention are correlated fairly strongly with a reduction in the > size of the average family. On a wild tangent to the topic at hand, this reminds me of a talk at MIT I went to last year (?) given by an editor emeritus of SciAm, can't remember his name at the moment, but he was introduced by Phillip Morrison, which was memorable for its own sake. This guy talked about something he called the "demographic transition", where a country's per capita life expectancy went past, say, 50 or so. When that happens, people start to breed less. (Well, maybe the keep *breeding*, but not procreatively ;-)). As a result, family sizes and populations decline. He said that this has started to happen in India, and China's getting there, draconian population controls or not. I got the impression that he thought China couldn't have enforced their population controls without an increase in life expectancy, reality not being optional, and that law and government is an inevatably reactive and not proactive business. He said there are many hypotheses about what causes this decline in fertility, including the commonly held one that people make babies as a form old age pension income :-), but that all he was talking about was this very strong inverse correlation between population growth and life expectancy. He talked about this happening in Athens, and on the Italian peninsula during the Roman empire, and gave other historical examples, including, of course, Europe and America, Sweeden at the turn of the century being a good example. He said America was the exception which proves the rule, because most of our population growth now comes from immigration, and that one way to kill the vitality of America was to kill immagration, which should give erst-superpatriot Buchananite/Perotistas some pause for reflection. He even manges to describe the post-war baby-boom in these terms, but I forget how he did it. He also said that the obvious things like public health and education were good ways to increase life expectancy, but that the very best way to cause this "demographic transition" was a dramatic increase in personal income. :-). Given the recent Forbes "Billionaire" issue, calling the 21st century the "Asian Century", full of stories of the unleashed economic power of the former command economies of India, Indonesia, Malaysia, etc., not to mention China and VietNam or even Korea and Japan (yes, Virginia, they were and are quasi-command economies, especially in their domestic accounts) and, to a lesser extent, Singapore, I think he may be on to something here... The crypto-economic relavence here is that once we have the ability to have peer-to-peer transactions for everything transmittable (financial assets, expertise, even teleoperated skillsets), economic "commands" won't be audible for all the din of internet digital commerce. Watch what happens to life expectancy then... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From ichudov at algebra.com Sun Jul 28 14:12:37 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 29 Jul 1996 05:12:37 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: Message-ID: <199607281859.NAA24412@manifold.algebra.com> Timothy C. May wrote: > One of my senators, Senator Dianne Feinstein, is now arguing on CNN for > controls on information put on the Internet, on censorship of books and > articles describing how pipe bombs work, and for making it easier to get > wiretaps against those suspected of committing thought crimes. I just thought about this: obviously (witness the CDA which is much less notorious than this proposition) none of what she suggests would ever work technically and pass the courts legally. She may be dumb enough not to realize that BUT I think that she realizes that too. Therefore we can logically conclude that she does it just to score some immediate points with angry electorate. igor From anonymous-remailer at shell.portal.com Sun Jul 28 14:18:51 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Mon, 29 Jul 1996 05:18:51 +0800 Subject: your favorite poison recipes Message-ID: <199607281911.MAA02693@jobe.shell.portal.com> Please post your favorite poison recipes to this mlist. From markm at voicenet.com Sun Jul 28 14:20:44 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 29 Jul 1996 05:20:44 +0800 Subject: cypherpunks vs hackers In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 28 Jul 1996 pjn at nworks.com wrote: > It is interesting to note that while both groups have opposite > objectives (Hackers want all information free, where cypherpunks want > everbody to be able to have privacy), and yet in there own ways, they > are both right. I don't entirely agree with this. I think both groups want information to be free, but also want people to be able to have privacy. Most hackers (used in the sense of people who break into computers) attack computers owned by such companies as TRW and the phone companies. Both of these systems have little regard for privacy. Most non-malicious hackers promote system security, but at the same time, don't like government-controlled monopolies and agencies to be able to keep secret information that should be free. A very interesting paper by Dorothy Denning (she used to be regarded very highly by the hacker community before she started to support Clipper) expresses some of the concerns and morals of hackers. It's called "Concerning Hackers Who Break Into Computer Systems" and is in Phrack issue 32. > > I think what we need to define is the diffrence between hackers and > crackers. A hacker breaks into a computer like a cracker (but the > similarities end there). The hacker just want to look and learn, > possably "map out" the system just to see how everything works with > everything else. Crackers break into computers for the sake of > destroying or stealing information or the system itself. That's debatable. I think many people incorrectly consider these terms to be mutually exclusive. There are many hackers (used in the sense defined in the Jargon File) who also break into systems and could therefore be considered crackers also. Most hackers definitely have the knowledge to break into computer systems, but many crackers aren't very well versed in programming and learn how to break into computers by using canned programs and G-files. > > Both cypherpunks and hackers think that the government is wrong > in many things that they do. Agreed. PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMfu9sbZc+sv5siulAQHhCgP/UZ/HQ2e0jeyzuVv+zuMZux4A2gmrsgtY GcasxhtY9iD67fSjX5ujympfPtWEH7gtFjEVxasdbwpePaJhlKnZ0OpEGRsX3lZc 0PujC19M5U0GarGc0MUJrU0mpywch4bGPgr/hOBx0gOgnQZwmVVXwawN2te7rpb0 Ynej29oTTWQ= =RC2J -----END PGP SIGNATURE----- From declan+ at CMU.EDU Sun Jul 28 14:33:48 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Mon, 29 Jul 1996 05:33:48 +0800 Subject: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS) In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 28-Jul-96 Re: ALL OF YOU ARE CRIMINAL.. by anonymous-remailer at shell > Tips for reporting this 'clandestine' list to the FBI (and it's contributors) > > 1) Be sure to speak slowly and use small words when contacting the FBI. > 2) If you can, be sure to work the words 'Pipe Bomb', 'Olympics', and/or > 'TWA' into your sentences. > 3) Remember to unsubscribe from the list before reporting it. At a recent conference in downtown DC, I was chatting with a few folks in the hotel bar. One of 'em was reminiscing about his days at the CIA and I reminded him that during my presentation earlier that day I talked about crypto-anarchy (giving appropriate credit to Tim May, of course). I asked him if he had ever monitored the cypherpunks list. "No, I didn't. It was too high-traffic," he said. "But the guy in the next office over from me did." Is this the first confirmed report of TLA cypherpunk-monitoring? -Declan From alano at teleport.com Sun Jul 28 15:03:07 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 29 Jul 1996 06:03:07 +0800 Subject: your favorite poison recipes Message-ID: <2.2.32.19960728201127.00dc9e30@mail.teleport.com> At 12:11 PM 7/28/96 -0700, anonymous-remailer at shell.portal.com wrote: >Please post your favorite poison recipes to this mlist. Why post them? Barnes and Noble bookstore will sell you good poison recipes in book form. (I found mine in the bargain section.) You can also find them in any good book on organic chemistry or in a bookstore that specializes in mysteries. Or you can just go to McDonalds and ask them what is in the hamburgers... (Of course, they will not tell you that it is made with troll meat.) --- |"Computers are Voodoo -- You just have to know where to stick the pins."| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From david at sternlight.com Sun Jul 28 15:07:46 1996 From: david at sternlight.com (David Sternlight) Date: Mon, 29 Jul 1996 06:07:46 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: <199607280458.AAA27199@unix.asb.com> Message-ID: At 5:55 PM -0700 7/27/96, Deranged Mutant wrote: >On 27 Jul 96 at 19:21, John Young wrote: > >> The Washington Post, July 27, 1996, p. A22. >> Speaking in Code on the Internet ... [Editorial] > >Some bothersome things about this editorial... > >[..] >> security of their data. They also see it as a market in >> which the United States maintains a comfortable lead, one >> that is threatened if domestic encryption makers can't sell >> their products elsewhere. The makers argue that foreign >> encryption software will rush in to fill the gap, doing >> nothing about the uncrackability problem -- indeed, making >> it worse. The administration in turn is pursuing a wider > >IMO, the US does not have a comfortable lead. It's already falling >behind considering some of the stronger crypto programs available (at >least as freeware) are made outside the US. Many of the stronger >algorithms were invented outside of the US (IDEA for instance). This, and similar remarks by others, consistently misses the point which I have been making for about a year now, and which Director Freeh finally made explicit in his testimony last week. That is--the government is concerned with mass market software incorporating robust crypto, used overseas, and recognizes that they can't keep niche products off the market, nor stop bad guys from using crypto the government would just as soon they didn't. Since the US has a hammerlock on that mass market, and since few would switch products to let the crypto tail wag the features dog (no slur intended), ITAR follows. Though I've no connection with Freeh, it's interesting that his language is almost word for word the same as what I've been using. Do you suppose some of his staff reads my stuff? Until now we haven't seen such an open public admission of what the government is concerned about--probably because the State Department doesn't like to have an official spokesman admit we're mass monitoring and seining foreign traffic since it is an embarassment to the polite fiction of diplomatic relations (though I'm sure the truth is that every country with the capability does it). > >[..] >> with wiretapping. Mr. Freeh, testifying at Thursday's hearing in >> favor of an optional key escrow plan, noted that the point is not >> to prevent all copies of uncrackable code from going abroad -- that's >> clearly impossible -- but to prevent such high-level code >> from becoming the international standard, with architecture >> and transmission channels all unreadable to world >> authorities. To software companies and Internet users who > >So why should criminals bother with using standards if they are >readable by authorities? See above. > >> have been clamoring for the right to encrypt as securely as >> possible, Mr. Freeh and others argue, "the genie is not yet >> out of the bottle" on "robust," meaning uncrackable, >> encryption. > >Are they going to magically erase all copies of strong software that >is already currently available? (Side note: the Pacifica news report >on Friday notes that while Freeh gave his testimony, over 100 copies >of PGP were downloaded from MIT's site.) What he's saying is that US-exported copies of the Lotus Lockshens, Microsoft Machayas, and Netscape Niguns of the world still do not contain robust crypto the USG cannot read. > >> the encryption enthusiasts' desire for free development >> should take precedence over the tracking of terrorism. At > >It's not clear that terrorism can be tracked, even if it's unencrypted. >The OK and WTC bombings were apparently not encrypted, and there's >some allegations that the authorities had advanced warnings of the >latter. He says it can, and suggests following the banking trail among other things. We know the government has already had good success with this strategy. And one of the objectives is to identify sponsors of terrorism and retaliate against them (cf. Netanyahu). > >> the very least, Congress should be exceedingly cautious >> about getting out ahead of administration concerns on >> controls that, once lifted, are hardly reversible. > >The controls haven't done much to prevent free software from being >exported. They only control commercial sales of software (and >hardware). Exactly. > >Particularly absent in the WaPo-ed is that many do not trust the >authorities (in the US and elsewhere)--particularly the FBI, which >has a long history of extra-legal surveillance. So as Netanyahu says at length we need to build in protections against abuses, using both the legislature and the judiciary. David From alano at teleport.com Sun Jul 28 15:14:52 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 29 Jul 1996 06:14:52 +0800 Subject: Feinstein wants controls on Internet, Books Message-ID: <2.2.32.19960728201109.00b00b78@mail.teleport.com> >Return-Path: cypherpunks-errors at toad.com >Received: from toad.com (toad.com [140.174.2.1]) by desiree.teleport.com (8.7.5/8.7.3) with ESMTP id LAA20243; Sun, 28 Jul 1996 11:45:31 -0700 (PDT) >Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id LAA24963 for cypherpunks-outgoing; Sun, 28 Jul 1996 11:18:18 -0700 (PDT) >Received: from slack.lne.com (slack.lne.com [140.174.94.3]) by toad.com (8.7.5/8.7.3) with ESMTP id LAA24943 for ; Sun, 28 Jul 1996 11:18:04 -0700 (PDT) >Received: (from ericm at localhost) by slack.lne.com (8.7.1/1.0) id LAA01221; Sun, 28 Jul 1996 11:17:38 -0700 >From: Eric Murray >Message-Id: <199607281817.LAA01221 at slack.lne.com> >Subject: Re: Feinstein wants controls on Internet, Books >To: tcmay at got.net (Timothy C. May) >Date: Sun, 28 Jul 1996 11:17:38 -0700 (PDT) >Cc: cypherpunks at toad.com >In-Reply-To: from "Timothy C. May" at Jul 29, 96 02:26:17 am >MIME-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Sender: owner-cypherpunks at toad.com >Precedence: bulk >X-UIDL: 80129fa915fe7d4135b53b9b5e157ff7 > >Timothy C. May writes: >> >> >> One of my senators, Senator Dianne Feinstein, is now arguing on CNN for >> controls on information put on the Internet, on censorship of books and >> articles describing how pipe bombs work, and for making it easier to get >> wiretaps against those suspected of committing thought crimes. >> >> One or two more major incidents on top of the recent ones (World Trade >> Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect >> Congress will simply vote to repeal the Bill of Rights and just be done >> with this whole experiment in liberty. > >Yes, but it won't be nearly that blatant. In classic Orewllian >Doublespeak, it'll be called the "Terrorist Victims Bill >of Rights and Freedom of Information Act" and will merely >'abridge' the Bill of Rights with the "right" of the government >to investigate, wiretap, arrest and detain without trial >any suspected "terrorists" and "drug kingpins". > >Cancelling the Bill of Rights would be too obvious, and probably >isn't the outright goal of any but a few extremists in government. >Rather, the majority of bureaucrats/elected officials want to >redefine the Rights to only apply to "good citizens", for somewhat >varying definitions of "good". "They" won't suddenly stage a fascist >coup, instead it will (and has been) a long step-by-step process. >I don't think that most policy-makers are even aware >of what they're doing (DiFi certainly isn't) they're >just responding to preceived public pressure and trying >to stay elected. > >The ugliest phrase in American lexicon: "There oughta be a law". > > > >-- >Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm >PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF > > --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From anonymous-remailer at shell.portal.com Sun Jul 28 15:23:56 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Mon, 29 Jul 1996 06:23:56 +0800 Subject: De facto martial law Message-ID: <199607282018.NAA06170@jobe.shell.portal.com> Assoc. Press, 28-Jul-1996 Federal investigators reported "very good leads" Sunday in the hunt for the Olympic bomber, and the Georgia National Guard mobilized fresh troops to add muscle to the force protecting against a repeat attack. [...] Huge crowds, including more than 80,000 at the stadium, seemed undeterred by tougher security screening and fears of terrorism. "The more they check us, the happier I am," Nancy Hudgins, of Stone Mountain, Ga., said at a handball game in the Georgia Congress Center. [...] The Georgia state government said it would dispatch by Monday morning an additional National Guard infantry battalion, the 121st from Macon, to supplement the civilian bag-searchers, metal-detector operators and guards at Atlanta Olympic sites. About 4,000 guardsmen are already deployed on any one day here. The battalion would add "a few hundred" to that contingent, government spokesmen said. The civilian, police and military security army on hand here totals some 30,000. The White House said Sunday about 900 FBI agents are now assigned to Olympic duty. [...] 27-Jul-1996 The Olympics turned into an armed encampment Saturday, police and soldiers and bomb-sniffing dogs everywhere, all athletes and fans subject to search, the free spirit of the Summer Games suddenly gone. The bomb that killed a woman and injured more than 100 people, among the thousands jolted at a rock concert in Centennial Olympic Park at 1:25 a.m., instantly transformed the Games into fields of fear. Sentries wielding machine guns and rifles guarded gates and patrolled buildings from basements to rooftops. Officers conducted meticulous searches of vehicles, checking under them with extended mirrors the way a dentist probes for cavities. [...] Security, already on high alert since the TWA Flight 800 explosion, became more visible all over. Soldiers carrying machine guns scout[ed] the rowing site at Lake Lanier, in normal times a peaceful recreational community. Reuters, 07/28 Olympics-FBI search man's home in bomb hunt, paper A man from rural north Georgia says the FBI searched his home for clues to the weekend bombing at Atlanta's Centennial Olympic Park, a newspaper reported on Sunday. The Daily Citizen-News of Dalton quoted 41-year-old Terry Roper of Rocky Face, Georgia, as saying that investigators showed up at his remote country home on Saturday and searched the house, the yard and his vehicles with bomb-sniffing dogs. [...] The federal agents left after the search, telling the man they would be in touch, the newspaper said. [...] "I was home here all night long. I haven't been to Atlanta in a year or so," it quoted Roper as saying. He said he knows nothing about bomb-making. [...] The newspaper said police were acting on an anonymous tip phoned into its circulation department by an unidentified caller. Roper told the newspaper he believed the call stemmed from a workplace conversation about precautions against terrorism at Olympic venues. "I never have mentioned nothing about making a bomb, blowing anything up or anything like that. I don't know how to make a bomb," he was quoted as saying. 07/28 Olympics-Militia group condemns attack, calls it ... An extreme rightwing Georgia militia on Sunday denied responsibility for an explosion at the Atlanta Olympics in which two people died, and a member held on previous bomb charges called it a cowardly act. J.J. Johnson, a co-founder of the "112th Regiment Militia-at-Large for the Republic of Georgia" told a news conference they were angry over press suggestions that they planted the pipe bomb among Olympic revellers early on Saturday. "We categorically deny having any knowledge of this or anything to do with this," he said. "Atlanta now looks like a virtual police state, which is something the patriots and militia have fought against. Why would we do something to bring that about?" said Johnson, a radio talk show host who moved to Georgia from Ohio. [...] Johnson and militia attorney Nancy Lord offered to assist the FBI by providing investigators with names of potential bomb-makers from around the state. The names turned out to belong to informants for the federal Bureau of Alcohol, Tobacco and Firearms (ATF) [...] "They're the only people we know of in the Georgia area who like to talk about pipe bombs, who like to build pipe bombs," said Lord [...] From mallet at juno.com Sun Jul 28 15:25:01 1996 From: mallet at juno.com (mallet at juno.com) Date: Mon, 29 Jul 1996 06:25:01 +0800 Subject: overwhelmed/overloaded Message-ID: <19960728.134140.9231.0.mallet@juno.com> Clearly, some of us aren't exhibiting the proper sensitivity to the feelings of others. This can't continue. But it will. So, live with it. Maybe we could have a cypherpunk nanny who exhorts niceness from a bully pulpit, but please can we keep it to one nanny? May it could be a rotating honor. Flame away, nannies. From stewarts at ix.netcom.com Sun Jul 28 15:50:48 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 29 Jul 1996 06:50:48 +0800 Subject: Feinstein wants controls on Internet, Books Message-ID: <199607282047.NAA28494@toad.com> At 02:26 AM 7/29/96 -0700, tcmay at got.net (Timothy C. May) wrote: >One of my senators, Senator Dianne Feinstein, is now arguing on CNN for >controls on information put on the Internet, on censorship of books and >articles describing how pipe bombs work, and for making it easier to get >wiretaps against those suspected of committing thought crimes. Unlike many pro-censorship ideas from your Congresscritters and fedcops, Federal courts have dealt with this one, at least for magazines. "The Progressive" wanted to publish the plans for hydrogen bombs a few years back, and a federal district court issued a restraining order to prevent publication. Another magazine published the article, and a federal appeals court dismissed the case. (United States v. The Progressive, 467 F.Supp. 990 (W.D. Wis.), dismissed without opinion, 610 F.2d 819 (7th Cir. 1979).) Prior restraint is extremely difficult to get away with, and when the information is already widely available, such as simple pipe bombs, it's just not tenable. Now, there are subtleties to building them that may require some amount of thought, rather than being totally obvious to the builder, and there are things that are obvious but are difficult to do. For instance, say you, hypothetically, wanted to blow up your government's legislative building. You'd obviously want to pick a dark and stormy night, say early in November, and you'd sneak into the basement with barrels of gunpowder. You'd use a long, slow-burning fuse, so it would blow up the next day when they're in session, but after lighting it you'd still run away very fast just in case your fuse speeds up on you. The obvious thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT. However, if you do get caught, maybe you'll end up with your name in lights and people will set off firecrackers in your honor every fall, while if you don't get caught you won't be personally famous. Tough choice:-) Penny for the Guy? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From Scottauge at aol.com Sun Jul 28 16:01:13 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Mon, 29 Jul 1996 07:01:13 +0800 Subject: Just some comments on what I've read here Message-ID: <960728163937_247531092@emout12.mail.aol.com> 1) Seems to be some excitment about banning information on the internet here... Setting up a set of computers for a private net is not that big a deal (just some money involved and with the availability of Linux - a UNIX variant - for free make it hardware and telephone costs.) Do it for companies all over (hence the aol address - just a local phone call from anywhere!) and it works just fine. So if people want to play by different rules.. it's possible. Think of it as a members only social club. (I can make computers real hard to get into, but social engineering kicks my butt all the time.) 2) Whats wrong with America? I've been leaning towards Libertarian for some time now. Voted for Ross last time as a message I ain't happy with how things are going over there. Likely gonna vote Harry Brown - my first vote for a Libertarian. (He is seems to have it together versus the others) - but hey, gettin off the subject here.... Seems we are no longer United in these United States... A stranger is not a potential friend or ally but a potential robber, baby raper... you fill in the blank. We're all scared of each other! Something has been happening where rich are pitted against the poor, the working against the non-working, races vs other races. Is it a conspiracy as some of my friends who look for black helicopters say, or a natural reaction of politicians and "leaders" seeing a formula that works and then implementing it. To much Hard Copy and Extra reporting out there too. I don't give a rat's a*s about most of the sh*t their putting out (censorship mine for those with delicate eyes). But US culture has become very valuable and ya gotta get them foreign markets ya know. There was a time when a famil could have a picnic on the white house lawn. Then it got gated, now the street is closed. Our leaders seem to be no longer among us. But it doesn't matter. Some beuracrat (sp) gets a bug up their butt to give you trouble, your f*cked. With a seconds thought and a signature on a peice of paper ya can have your land gone or your bank account cleared or you name it. One second and on to the next thing as far as they are concerned. Can we impeach them? Can we vote for someone else next time? They're a buffer between the ones we can give trouble too. Plus Laws are so damn big these days. It takes a ream of paper (sometimes a whole 3000 page box of paper) to print these things out. You can bet the leg. not reading these things! They got advisors to read over sections and say this is good, this is bad. The real representatives and senators are out looking for campaign money. So damn, I now speculate these guys and gals are letting the advisors put the laws together - again someone not answerable (or even known) to the public. So now, you got legislators not reading the bills they are working on and there is a whole army of serfs ready to make some regulations that are in effect the same as law and ready to start looking for people to bother so they can look busy - and these serfs are not answerable to the public. Sorry, but congress is a part time job as far as I'm concerned. These laws are the result of people with nothing to do. I listen to the TV set and I hear "Oh we gotta law comin to fix this". Bullsh*t. There are plenty of other laws out there to hassle trouble makers with. They didn't nab Capone on murder, but on tax evasion. People fix stuff, not laws. Somebody is measuring their prouctivity by the amount of paper they can spew out of their office. 3) I'm a keen believer in Social Evolution A quick definition: If your a drug addict and your stupid enough to OD, you deserve to die. Another example: Your a drug dealer and ya get shot - oh well. Goes with the choice , dude. We keep protecting people from their choices. We think we are doing a favor for ourselves but I POSTULATE we are not. We keep on fightin nature and it just ain't possible. There just might be a reason for this weedin out process. But I'll admit it - I have a prejudice against stupid people - not mentally hadicapped, but stupid people. Well, thanks for reading my ranting and raving.... From jimbell at pacifier.com Sun Jul 28 16:20:46 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 29 Jul 1996 07:20:46 +0800 Subject: your favorite poison recipes Message-ID: <199607282123.OAA06727@mail.pacifier.com> At 12:11 PM 7/28/96 -0700, anonymous-remailer at shell.portal.com wrote: >Please post your favorite poison recipes to this mlist. I recommend a book called "Handbook for Poisoners," by Raymond Bond. While it is mostly a collection of (mostly fictional) poison stories, the forward is a rather extensive non-fictional summary of poisons as was commonly known when the book was written, in 1950 or so. The main problem is that it doesn't include the various anticholinesterases then known, such as Tabun or Sarin. Jim Bell jimbell at pacifier.com From alano at teleport.com Sun Jul 28 16:20:50 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 29 Jul 1996 07:20:50 +0800 Subject: Feinstein wants controls on forwards Message-ID: <2.2.32.19960728205450.00de7e34@mail.teleport.com> At 01:11 PM 7/28/96 -0700, Alan Olsen wrote: Damn! Sorry! Forwarded it to the wrong alias in Eudora. (I knew I was going to fuck that up one of these days... Need more caffiene.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From minow at apple.com Sun Jul 28 16:52:01 1996 From: minow at apple.com (Martin Minow) Date: Mon, 29 Jul 1996 07:52:01 +0800 Subject: your favorite poison recipes In-Reply-To: <199607281911.MAA02693@jobe.shell.portal.com> Message-ID: Anonymous writes: >Please post your favorite poison recipes to this mlist. Rare roast beef, baked potato with plenty of butter, red wine. This is an excellent poison whose only disadvantage is that it must be taken daily for many years. The primary advantage of this poison is that the coroner will most assuredly list the cause of death as "heart disease." Martin. From jimbell at pacifier.com Sun Jul 28 17:09:28 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 29 Jul 1996 08:09:28 +0800 Subject: Feinstein wants controls on Internet, Books Message-ID: <199607282209.PAA08400@mail.pacifier.com> At 01:45 PM 7/28/96 -0700, Bill Stewart wrote: >For instance, say you, hypothetically, wanted to blow up your government's >legislative building. You'd obviously want to pick a dark and stormy night, >say early in November, and you'd sneak into the basement with barrels >of gunpowder. You'd use a long, slow-burning fuse, so it would blow up >the next day when they're in session, but after lighting it you'd still >run away very fast just in case your fuse speeds up on you. The obvious >thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT. >However, if you do get caught, maybe you'll end up with your name in lights >and people will set off firecrackers in your honor every fall, >while if you don't get caught you won't be personally famous. Tough choice:-) > >Penny for the Guy? Fawke You! Jim Bell jimbell at pacifier.com From anonymous-remailer at shell.portal.com Sun Jul 28 17:17:21 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Mon, 29 Jul 1996 08:17:21 +0800 Subject: H0W T0 MAK3 A P1P3 B0M8 Message-ID: <199607282208.PAA10748@jobe.shell.portal.com> http://www.infocom.net/~cbottaro/explosives.html From jya at pipeline.com Sun Jul 28 17:20:31 1996 From: jya at pipeline.com (John Young) Date: Mon, 29 Jul 1996 08:20:31 +0800 Subject: Crypto and Sec Files Message-ID: <199607282138.VAA00962@pipe5.t1.usa.pipeline.com> The Complete Internet Business Toolkit By Winn Schwartau and Chris Goggans Van Nostran Reinhold, New York, 1996 262 pp. Paper, with CD-ROM. $34.95 ISBN 0-442-02222-0 [Excerpt] The contents of this CD-ROM are copyrighted and protected by United States copyright laws. The individual programs included on the CD-ROM are copyrighted by the authors or owners of those programs. To use any program, you must follow the requirements as stated within any licensing agreement included with that program. ... You should also remember that some ofthe applications and information included on this CD-ROM is forbidden to export from the United States. Cryptographic algorithms and programs using such algorithms are classified as munitions by the United States government, and the penalties for taking them out of the country are very harsh. For this reason, DO NOT TAKE THE CD-ROM OUT OF THE UNITED STATES, OR YOU MAY WIND UP IN JAIL. [The Crypto and Secure directories of 22 directories]: \TOOLKIT\CRYPTO\ ABSOLUTE EXE 310,509 02-20-96 5:39p ANONMAIL ARJ 17,123 03-10-96 6:45p BLIND-SE DOC 9,276 03-10-96 6:45p BLOWFISH ZIP 18,981 03-19-93 3:53a BLOWFS58 ZIP 62,698 03-10-96 7:08p CHAIN ZIP 22,300 03-10-96 6:45p CPHANT ZIP 40,448 03-10-96 6:46p CRIPWIN2 ZIP 81,121 02-16-96 1:21p CRYPT20 ZIP 62,143 03-10-96 7:08p CRYPT201 ZIP 1,137,996 03-19-93 3:43a CRYPTE1 ZIP 28,521 03-10-96 7:09p CRYPTIC ZIP 486,830 02-13-96 7:17p CRYV120S ZIP 343,690 02-16-96 1:21p DES EXE 71,484 02-20-96 4:12p DES3 ZIP 195,642 02-14-96 5:52p DIGSIG ZIP 63,394 02-16-96 12:02p DOSBAT ZIP 5,455 03-10-96 6:45p EFW32U ZIP 525,722 02-16-96 1:27p ELIPT210 ZIP 61,786 03-10-96 7:00p ENCRYP ZIP 218,717 02-16-96 1:27p ENCRYPT ZIP 17,873 03-10-96 7:09p ENIGMA21 EXE 196,189 02-20-96 6:02p ENIGMA30 ZIP 449,132 02-20-96 6:03p ENIGWIN1 EXE 1,019,818 02-20-96 6:06p EXCRAK ZIP 278,946 02-12-96 7:05p HDSK41B ZIP 263,869 03-10-96 6:42p IDEA22A ZIP 14,592 03-10-96 7:00p IDEA3 ZIP 6,885 03-10-96 7:09p KRYPTO11 ZIP 15,972 03-10-96 7:09p MD5ASM32 ZIP 7,988 03-10-96 7:00p MESS11B ZIP 26,490 03-10-96 6:40p MRRCIP ZIP 148,569 02-20-96 6:18p NAUT090 ZIP 53,356 03-10-96 6:47p NAUT09OS ZIP 106,864 03-10-96 6:48p NCRYPT31 ZIP 21,481 03-10-96 7:09p NEWDES12 ZIP 30,295 03-10-96 7:09p OTP-10 ZIP 83,559 03-10-96 7:01p PASSGN50 ZIP 147,742 02-12-96 7:41p PGP262 ZIP 282,786 03-20-96 12:40a PGP262DC ZIP 167,102 03-20-96 12:41a PGP262S ZIP 658,945 03-20-96 12:44a PGPCLIP ZIP 52,020 02-13-96 7:14p PGPFRONT ZIP 62,885 03-10-96 7:10p PGPSHE33 ZIP 114,840 03-10-96 7:11p PKCRACK ZIP 25,374 03-10-96 6:56p PUBKEYS ZIP 7,118 03-10-96 6:45p QPCRAK ZIP 255,731 02-16-96 1:52p R4DCRYPT ZIP 15,895 03-19-93 3:54a RC4 ZIP 815 03-19-93 3:46a SCRYPT3 ZIP 27,169 03-10-96 7:11p SCYTAL13 ZIP 489,687 02-16-96 1:57p SECDR13A ZIP 87,769 03-10-96 6:49p SECDR13C ZIP 108,617 03-10-96 6:50p SFS10TEX ZIP 293,319 03-10-96 7:12p SFS110 ZIP 245,159 03-10-96 7:12p SPLOK18 ZIP 10,394 02-16-96 1:58p SPLOK95 ZIP 22,799 02-13-96 5:27p SPLOKNT ZIP 22,538 02-13-96 7:14p STEGODOS ZIP 21,958 03-10-96 6:42p TANGLE ZIP 34,472 03-10-96 7:13p TOMB100 ZIP 22,800 03-10-96 7:13p UECRYP01 ZIP 15,774 03-10-96 7:13p UNSSL C 11,646 03-10-96 6:56p VOUCH10 ZIP 89,257 03-10-96 7:13p WDCRAK ZIP 270,716 02-16-96 12:37p WINCRACK ZIP 141,025 03-10-96 6:57p WINPGP10 ZIP 23,739 02-16-96 2:10p WINPGP26 ZIP 245,421 09-21-92 11:24p WNS210 ZIP 84,102 03-10-96 6:42p WPCRACK1 ZIP 146,717 02-16-96 2:13p WPCRACKB ZIP 9,140 03-10-96 6:58p WPCRAK ZIP 181,848 02-16-96 12:31p ZIPCRACK ZIP 83,005 01-29-96 12:05p \TOOLKIT\SECURE\ BLANK20 ZIP 10,499 02-12-96 4:26p CALLER1A ZIP 1,180,957 02-12-96 2:06p CALLERID ZIP 1,278,664 02-16-96 1:19p CID125 ZIP 478,908 02-16-96 1:20p DMNPASS2 ZIP 41,742 02-16-96 1:21p KEYAPP EXE 135,168 02-19-96 10:58a LOCK ZIP 10,448 02-16-96 1:37p LOCKSET ZIP 12,138 02-12-96 4:27p LOCKTT23 ZIP 233,259 02-16-96 1:38p NOBLANK ZIP 23,673 02-12-96 4:39p PRGRD-22 ZIP 165,933 02-12-96 4:43p RESTEASY ZIP 63,911 02-16-96 1:54p S-TOOLS ZIP 134,707 02-16-96 12:14p SAFEPR ZIP 331,502 02-16-96 1:56p SECGP114 ZIP 31,548 02-16-96 1:57p SECLAU ZIP 42,057 02-16-96 1:58p SECURE ZIP 69,463 02-12-96 2:00p SECURE10 ZIP 49,753 02-16-96 1:58p SECWIZ ZIP 184,984 02-12-96 2:00p WINPAS11 ZIP 12,493 02-12-96 7:01p WINSEC10 ZIP 317,974 02-12-96 7:02p WINU202 ZIP 171,252 02-13-96 5:30p WLOCK16U ZIP 19,324 02-12-96 7:02p \TOOLKIT\SECURE\TEXT\ BIBLIO ZIP 18,912 01-29-96 12:08p CRC ZIP 29,038 01-29-96 12:08p FCVOL1 ZIP 155,958 01-29-96 12:09p FCVOL2 ZIP 166,764 01-29-96 12:11p GRNBOOK ZIP 275,675 01-29-96 12:12p IPEXT_PS ZIP 43,578 01-29-96 12:12p ITAR9307 ZIP 205,226 01-29-96 12:12p NCSCTG25 ZIP 20,682 01-29-96 12:12p ORNGBOOK ZIP 94,112 01-29-96 12:12p REDBOOK ZIP 19,891 01-29-96 12:13p SECURITY ZIP 51,123 01-29-96 12:13p SEC BIBL ZIP 16,861 01-29-96 12:13p SNR9501 ZIP 24,719 01-29-96 12:19p SNR9503 ZIP 22,168 01-29-96 12:19p SNR9504 ZIP 34,758 01-29-96 12:19p TEMPEST ZIP 6,868 01-29-96 12:13p TOUR PS ZIP 69,116 01-29-96 12:21p UEBER ZIP 4,100 01-29-96 12:13p UNIX SEC ZIP 8,179 01-29-96 12:21p WORM REP ZIP 111,782 01-29-96 12:21p ---------- In accord with Schwartau's and Goggans's copyright and export notifications, these files might be made available to those who may not have access to the volume's CD-ROM. Request a selection(s) by PGP msg and your thumbprint. From tob at world.std.com Sun Jul 28 17:30:09 1996 From: tob at world.std.com (Tom Breton) Date: Mon, 29 Jul 1996 08:30:09 +0800 Subject: Schelling Points, Rights, and Game Theory--Part II Message-ID: <199607282239.AA07299@world.std.com> tcmay at got.net (Timothy C. May) writes: > [Schelling Points, rights, etc.] This seems more a case of "the border is at the river" than Schelling Points. The river is the border because it hard to cross (harder than dry land), not because it is easy to see. Tom From alanh at infi.net Sun Jul 28 17:49:59 1996 From: alanh at infi.net (Alan Horowitz) Date: Mon, 29 Jul 1996 08:49:59 +0800 Subject: Twenty Beautiful Women In-Reply-To: Message-ID: > What is the optimal strategy for insuring you get the most beautiful woman > possible under the circumstances? Bribe the Mama-San. One gal might work the streets or the bar by herself, but 20 women is someone's inventory. From setho at westnet.com Sun Jul 28 17:56:52 1996 From: setho at westnet.com (Seth Oestreicher) Date: Mon, 29 Jul 1996 08:56:52 +0800 Subject: Feinstein wants controls on Internet, Books Message-ID: <1.5.4.32.19960728224008.0095b920@westnet.com> >There's a diagram of a pipe bomb on the CNN web site, in the story about >the horrible things. In case you want to see, check it out at: http://www.cnn.com/US/9607/27/pipe.bomb.explain/index.html The picture that is on the page gives enough information for the average person to go to the hardware store and buy the parts..... Not only do they HAVE to point out that the information is available, but also provide it. *NOW* who is irresponsible? Seth From tob at world.std.com Sun Jul 28 18:04:27 1996 From: tob at world.std.com (Tom Breton) Date: Mon, 29 Jul 1996 09:04:27 +0800 Subject: Publicly Verifiable Anonymous Voting System Message-ID: <199607282239.AA07297@world.std.com> JonWienk at ix.netcom.com writes: > That doesn't really do it. In fact, I'm not sure why you move in this direction at all. No offense. Seems to me that voter registration of some kind must be UNanonymous. I want to have confidence that my empowered political opponents aren't voting 10,000 times each. It also seems to me that if the entire system is the government's black-box, there is no anonymity. It is a trustworthy as the government itself. At worst, if they want to know how you voted, they can sum all votes, then sum all votes but yours, then subtract. Seems to me that the best thing would be a system where you the voter pick who is to handle your vote, in a sort of hierarchical tree. Each level has the same goal as a DC net, to make it difficult to tell who among many people communicated, and further levels confuse which group did, and which group-of-groups did, and so forth. Each group delivers its collected votes, publicly but unidentified, to a group-of-groups, and watches that groups' output. Obviously you would use multiple envelopes to prevent premature disclosure. At each level, you need to be able to identify your own vote and check that it is unaltered, but no-one else should be able to associate it to you. This assumes that there is no way for anyone to see you looking for your own ballot, which is a separate facet of the problem. Everyone needs to be able to see that the collected votes did not exceed the number of voters that group has. This is pretty simple and requires a fair bit of collaboration to defeat. But it can be partially defeated by partial collaboration and the rest guessed from parallel voting patterns. If your entire group is seen to vote the same way, your vote among them is obvious. Tom From deviant at pooh-corner.com Sun Jul 28 18:05:54 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 29 Jul 1996 09:05:54 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 28 Jul 1996, David Sternlight wrote: > Date: Sun, 28 Jul 1996 12:59:37 -0700 > From: David Sternlight > To: Deranged Mutant , John Young , > cypherpunks at toad.com > Subject: Re: WaPo on Crypto-Genie Terrorism > > At 5:55 PM -0700 7/27/96, Deranged Mutant wrote: > >On 27 Jul 96 at 19:21, John Young wrote: [stuff skipped] > > This, and similar remarks by others, consistently misses the point which I > have been making for about a year now, and which Director Freeh finally > made explicit in his testimony last week. That is--the government is > concerned with mass market software incorporating robust crypto, used > overseas, and recognizes that they can't keep niche products off the > market, nor stop bad guys from using crypto the government would just as > soon they didn't. Since the US has a hammerlock on that mass market, and > since few would switch products to let the crypto tail wag the features dog > (no slur intended), ITAR follows. > Hrmmm... "is concerned" I can understand, but banning it, or what we do with it, is definatly against the First Amendment. > > Though I've no connection with Freeh, it's interesting that his language is > almost word for word the same as what I've been using. Do you suppose some > of his staff reads my stuff? > > Until now we haven't seen such an open public admission of what the > government is concerned about--probably because the State Department > doesn't like to have an official spokesman admit we're mass monitoring and > seining foreign traffic since it is an embarassment to the polite fiction > of diplomatic relations (though I'm sure the truth is that every country > with the capability does it). > yes, I'd say that every country that can does... but what does that have to do with anything? > > > > >[..] > >> with wiretapping. Mr. Freeh, testifying at Thursday's hearing in > >> favor of an optional key escrow plan, noted that the point is not > >> to prevent all copies of uncrackable code from going abroad -- that's > >> clearly impossible -- but to prevent such high-level code > >> from becoming the international standard, with architecture > >> and transmission channels all unreadable to world > >> authorities. To software companies and Internet users who > > > >So why should criminals bother with using standards if they are > >readable by authorities? > > See above. > > > > >> have been clamoring for the right to encrypt as securely as > >> possible, Mr. Freeh and others argue, "the genie is not yet > >> out of the bottle" on "robust," meaning uncrackable, > >> encryption. > > > >Are they going to magically erase all copies of strong software that > >is already currently available? (Side note: the Pacifica news report > >on Friday notes that while Freeh gave his testimony, over 100 copies > >of PGP were downloaded from MIT's site.) > > What he's saying is that US-exported copies of the Lotus Lockshens, > Microsoft Machayas, and Netscape Niguns of the world still do not contain > robust crypto the USG cannot read. > Which they should, I might add. > >Particularly absent in the WaPo-ed is that many do not trust the > >authorities (in the US and elsewhere)--particularly the FBI, which > >has a long history of extra-legal surveillance. > > So as Netanyahu says at length we need to build in protections against > abuses, using both the legislature and the judiciary. > Oh, yes oh wise one. We need protections against free speech. The First Amendment was designed to hurt us. Seig Hiel! --Deviant The first version always gets thrown away. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfvwjzAJap8fyDMVAQH3DAf7BXgEFQEYJebKjJAUTdg6y8PtweuyoBGZ SEXDQLrxSTQYc2XGHw917jT3SiYk2+gqD6I7I54dUeGUk1MvSFUsmEDYxdK6WYSs h3vLosEc+g+DPcX2C0mFafI2oImLmN4xmLfTnxaSnLXhCsYfbqze1xSzZeBgWKf9 8Ylf2WL8PoSnF6gCYY1axv4TAuagr/1J3Dz+pP4gC030JJpxAfvNo6cUMFLKV8i/ Jtt3C+TWVG4B9+6qmCiRZ7hEgerqHSKGH94zvQ9zNF5D7FuBR217mmX4bg5ZBcTy 57I54AfKnOCr3ZD9s43EqLL2pwnavMVdW+jvOPIGkHdnNEdc25rwIA== =6DT+ -----END PGP SIGNATURE----- From tob at world.std.com Sun Jul 28 18:22:50 1996 From: tob at world.std.com (Tom Breton) Date: Mon, 29 Jul 1996 09:22:50 +0800 Subject: Twenty Bank Robbers -- Game theory:) Message-ID: <199607282239.AA07295@world.std.com> What the 20 Cypherpunk Bankrobbers do, aside from writing "Memo: Need better loot-division scheme. *URGENT*." Assume every player acts completely rationally, and unwaveringly trusts every other player to fully understand the situation and act solely to maximize their profit in this single situation. Also assume that each player announces an immutable, unconditional monetary distribution before anyone has voted, and the announced distribution constitutes the whole of the payoff (no way to make or enforce promises, no external loyalties, no side payments, etc.) Also assume no revolt against the rules is possible. Every proposer makes the most profitable deal for himself that will pass the vote, if they can predict it (As it happens, they always can with one exception, see below) Every player, when voting, compares what he is offered right now with what he will be offered between now and the first guaranteed successful proposal. He inspects the future possibilities and sees that the next offerer can make a successful proposal if they (the player) vote down the current proposal, and if his vote is needed this time, it will not be needed for the next offer to succeed. (You can check this assumption below). So he sees no reason to hope for a better result by voting against apparently favorable offers. ---- If we were to keep the condition that all other things being equal, players vote for the other players to live, the proposer always keeps the *entire* amount. If a player expects to be offered no money next time, it makes no sense to offer him anything this time, because you've got his vote for sure anyways (nice guys finish last). Working backwards, once a player will be shut out in the future, it never makes sense to cut him in. In fact, for each player it makes sense to some proposer to shut him out. The guy next in line will never vote for the proposer to live, so is always shut out. So nobody but the proposer expects any money and everybody but the guy next in line votes for the proposer to live. ---- So instead I'm going to assume that if a player does not do *better* than he will next time, he votes against the proposer. The result is that the first player not only lives, but makes out like a bandit, to the extent that the loot is subdividable. If there were 40 million and 1 guys in line, he'd be meat. Likewise, if the money was all in $2,500,000 notes he should start framing his last words. I'm going to write it in reverse order, where #0 is the last guy, #1 is second to last, etc. because it's easier to see the progression that way. 1 Player: #0: everything Voting for: #0 Trivially succeeds 1/1 2 players: #0: nothing #1: Everything Voting for: #1 Succeeds 1/2 3 players: #0: $.01 #1: nothing #2: Everything else. Voting for: #0 #2 Succeeds 2/3 4 players: #1: $.01 #0, #2: nothing #3: Everything else. Voting for: #1 #3 Succeeds 2/4 5 players: #1, #3: nothing #0, #2: $.01 #4: Everything else. Voting for: #0 #2 #4 Succeeds 3/5 6 players: #1, #3: $.01 #0, #2, #4: nothing #5: Everything else Voting for: #1 #3 #5 Succeeds 3/6 The other cases proceed similarly, grouping even/odd. In the end, the guy at the head of the list offers every other guy a penny and keeps the rest -- and then starts to sweat as he wonders whether our assumption of perfect rationality will hold up in real life. Paul Foley nearly got it, but it does matter who is offered money. If it didn't, then nobody could count on doing worse on the next proposal. -------- The case where the proposer does not get a vote is completely different: 1 Player: #0: everything Voting for: Vote is indeterminate 0/0 Player seals himself into a box with the money, Schroedinger's cat, and a vial of poison that has a 50% chance of being shattered. Everything that follows depends on how we resolve that case. If we assume some probability mixture of money & death, it is not given how to weight the player's negative payoff (death) vs positive payoff (money). Let's assume Schroedinger's player gets all the money and is not required to suicide. 2 players: #0: Everything #1: nothing Voting for: Fails 0/1 Remember the assumption that if a player does not do *better*, he votes against the proposer. This is a null move since the outcome is the same as above. 3 players: #0: nothing #1: $.01 (or nothing) #2: Everything else Voting for: #1 Succeeds 1/2 Note that we assumed that #1 requires strictly more money than he would otherwise be offered (His life means nothing to him). Otherwise he would be offered $0. (Yeah, I don't want to rewrite the analysis just for that). It would end up with the same pattern, though, just faster. 4 players: #0: $.01 #1: $.02 (or $.01) #2: nothing #3: Everything else Voting for: #0, #1 Succeeds 2/3 That fact that the proposer cannot vote means he needs to pick up an extra vote. He can't get it from the guy who would get almost everything, and a penny secures the vote of the player who would get nothing. So he has to offer the player who would get $.01 the next increment of money. If #1 valued his life, he'd be offered $.01 instead. 5 players: #0: $.02 #1: nothing (or group #0,#1 interchangeably) #2: $.01 #3: nothing #4: Everything else Voting for: #0, #2 Succeeds 2/4 ...leaving the next (previous) proposer a similar position. 6 players: #0: nothing #1: $.01 (or group #0,#1,#2 interchangeably) #2: $.02 #3: $.01 #4: nothing #5: Everything else Voting for: #1, #2, #3 Succeeds 3/5 7 players: #0: $.01 #1: ? #2: nothing #3: ? #4: $.01 #5: nothing #6: Everything else Voting for: #0, #4, ? Succeeds 3/6 For the first time here, one of the proposers has an arbitrary decision. He has #0 and #4 and he needs to pick up one more vote. He can't do it for $.01 and there are two ways to do it for $.02. We would have encountered this situation earlier if #1 valued his life. Here we have to add some notation to indicate a non-determinate distribution over a set: (set): (non-zero payoffs, all others are 0) average 7 players: #0: $.01 (#1,#3): ($.02) average $.01 #2: nothing #4: $.01 #5: nothing #6: Everything else Voting for: #0, #4, (#1 or #3) Succeeds 3/6 8 players: #0: ? (#1,#3): ? #2: $.01 #4: ? #5: $.01 #6: nothing #7: Everything else Voting for: #2, #5, ?, ? Succeeds 4/7 The proposer easily gets #2 and #5 and needs two more votes. #6 can't be reached. The rest all have an expected payoff of $.01, so he gives $.02 to any two of them. Our indeterminate-list seems to be growing. 8 players: (#0, #1,#3, #4): ( 2 x $.02) average $.01 #2: $.01 #5: $.01 #6: nothing #7: Everything else Voting for: #2, #5, 2 of (#0, #1,#3, #4) Succeeds 4/7 9 players: (#0, #1, #2, #3, #4, #5): ( 3 x $.02) average $.01 #6: $.01 #7: nothing #8: Everything else Voting for: #6, 3 of (#0, #1, #2, #3, #4, #5) Succeeds 4/8 The indeterminate-list has now swallowed up everything but the last 3 players and will continue to do so because the average payoff to the list is always more than $.01 and less than $.02. 10 players: (#0, #1, #2, #3, #4, #5, #6): ( 4 x $.02) average $.08/7 #7: $.01 #8: nothing #9: Everything else Voting for: #7, 4 of (#0, #1, #2, #3, #4, #5, #6) Succeeds 5/9 -------- Another set of assumptions is that the players do not trust each other to be rational or to see all outcomes. In this case, the guy at the head of the line says in a loud voice to the guy behind him: "Whoever would vote to kill me even though I offer them money would vote to kill you too even if you split the money with them, so if it gets to you you should cut out anyone who got my money but voted to kill me, but keep those who got my money and voted to keep me alive." He then allocates equal portions to half the group, including himself and not including the guy behind him. He probably lives. -------- From alanh at infi.net Sun Jul 28 18:34:02 1996 From: alanh at infi.net (Alan Horowitz) Date: Mon, 29 Jul 1996 09:34:02 +0800 Subject: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS) In-Reply-To: Message-ID: Cute story. But it's not "confirmed". Well, it might be if you want to hold yourself to the journalistic standards of the Mall crowd. From drosoff at ARC.unm.EDU Sun Jul 28 19:01:31 1996 From: drosoff at ARC.unm.EDU (David Rosoff) Date: Mon, 29 Jul 1996 10:01:31 +0800 Subject: Questions... Message-ID: <1.5.4.16.19960728232836.46cf8b88@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 12.12 PM 7/27/96 -0400, Alan Horowitz wrote: >> Hello, I would rather I not be too blunt, but despite my generous >interest in computer > hacking cracking, and other such related topics, I >have come to be confused by the > mailer, can I ask any questions that I >wish, or am I limited by some type of header > subject? > > > >Shaun, let me explain. There's a committee of seven people. Me, Tim May, >David Sternlight, some assination-politics guy, some guy named Vultis or >somesuch, and so on. > >Only if we're in unanimous agreement on the outcome of an issue, may you >start a thread on a new topic. which then continues till the first >posting which calls someone a Nazi. And if they *don't* like your suggestion, you get killed and they move on to the next guy's suggestion of how to split up the available issues so that each cypherpunk gets a fair share of ranting. =============================================================================== David Rosoff (nihongo ga sukoshi dekiru) ---------------> drosoff at arc.unm.edu PGP public key 0xD37692F9 -----> finger drosoff at acoma.arc.unm.edu or keyservers 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Is it a forgery? --- I have PGP signed all email and news posts since May 1996. =============================================================================== "Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfqXpBguzHDTdpL5AQHkjQQAoLcf75f6TcKCGUaoq0c1JiL+seDFgw2l LQNHY+P/coI8KmQeEpeZgdAVEmts+BNbhGfHSaHTFtyAoUP24OfRDyVr7Mn4d0gF 1wuDp4aVNtGAEMCVkg9dXL6Klf38NeglU1EH2522loYo6g6/ANiTdPX729KrMNMO 3iPydVCu0aI= =NhSg -----END PGP SIGNATURE----- From drosoff at ARC.unm.EDU Sun Jul 28 19:03:49 1996 From: drosoff at ARC.unm.EDU (David Rosoff) Date: Mon, 29 Jul 1996 10:03:49 +0800 Subject: "privatizing" phones? Message-ID: <1.5.4.16.19960728232828.46cf5af8@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 04.11 PM 7/26/96 -0700, Eric Murray wrote: >It's a 46mhz analog model, newer phones use frequencies >in the 900mhz range and/or digital encoding. >The 900mhz range is one of those 'blocked' in most newer radio >scanners, this is required by law as of a few years ago. >Many scanners can have some or all of the locked-out >ranges restored by suitable modification (i.e. removing >a resistor). Many of these mods are posted on the net. One of my friends has a Radio Shack scanner (the cat. # of which I do not recall) which does pick up the 900MHz range. We tried (unsuccessfully) to modify it according to an internet posting. I don't know how old it is. =============================================================================== David Rosoff (nihongo ga sukoshi dekiru) ---------------> drosoff at arc.unm.edu PGP public key 0xD37692F9 -----> finger drosoff at acoma.arc.unm.edu or keyservers 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Is it a forgery? --- I have PGP signed all email and news posts since May 1996. =============================================================================== "Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfqQkRguzHDTdpL5AQFCuQP+ILE3NAbjEZ2p6d6WDIhoi9yNYafQOiSv u00hink6Ylz8pQGP1xhQ9Bsn5pLyrS9Mck/UJ4Qw6omJBrE2LkgNy5Du8xdkqlQu 9MZaVqPXYphnGdAJ+oORXhvSkI9G0qYZPJjByypMd4Da92vqmDogrdTJFKgK21vh OeTNyh8i+zQ= =55JX -----END PGP SIGNATURE----- From sandfort at crl.com Sun Jul 28 19:18:06 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 29 Jul 1996 10:18:06 +0800 Subject: your favorite poison recipes In-Reply-To: <199607281911.MAA02693@jobe.shell.portal.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 28 Jul 1996 anonymous-remailer at shell.portal.com wrote: > Please post your favorite poison recipes to this mlist. Okay, glad to oblige. The French name for my recipe is: POISSON D'AVRIL Buy one fresh mackerel for each person you expect to serve. Do not buy mackerels with clouded eyes; they have been frozen or are too old, or both. They eye's should be clear with a slight sheen. With a sharp knife, split each mackerel lengthwise, remove the bones and place skin side down on a buttered baking pan. Brush the top of each mackerel with clarified butter in which... Oops, my mistake! I thought you said "poisson." Never mind. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From deviant at pooh-corner.com Sun Jul 28 19:18:10 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 29 Jul 1996 10:18:10 +0800 Subject: your favorite poison recipes In-Reply-To: <199607282123.OAA06727@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 28 Jul 1996, jim bell wrote: > Date: Sun, 28 Jul 1996 14:22:40 -0800 > From: jim bell > To: cypherpunks at toad.com > Subject: Re: your favorite poison recipes > > At 12:11 PM 7/28/96 -0700, anonymous-remailer at shell.portal.com wrote: > >Please post your favorite poison recipes to this mlist. > > > I recommend a book called "Handbook for Poisoners," by Raymond Bond. While > it is mostly a collection of (mostly fictional) poison stories, the forward > is a rather extensive non-fictional summary of poisons as was commonly known > when the book was written, in 1950 or so. The main problem is that it > doesn't include the various anticholinesterases then known, such as Tabun or > Sarin. > Speaking of poison's, and finding pipe-bomb info on the net and such, i might add that it is probably safer to let your children on the net than it is to let them play near a vegitable garden. That is, at least if you grow tomatos... --Deviant Whatever occurs from love is always beyond good and evil. -- Friedrich Nietzsche P.S. -- for those who don't know, Tomatos were, for many years, thought to be poisonous, and whoever ate them and lived were considered to be witches. The reason for this is that tomato leaves have a high concentration of CN in them. If you don't know what CN is, just remember not to eat any tomato leaves, and don't drop them in HCl either. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfwCJzAJap8fyDMVAQFNZAf/T3XPwEHYMyt2IbNKFLhu7Jm44xRatC0x yaKVP6PRYewrea4My6UuSKsLZi+oHI0Ffhk9Ij/IOQUJNIg34YdCiE++h5r/gWiD q1rC0EteqpMhmlRwzk0XqMCFIdP4S5gBpYKe/s5939s6cTQHIiF3YeN1Y5XbUrl9 sFQuKQkL+SuOqdYPmihyWL5qjt2+q41wE2wc+rEVLJSQYPfeu73Vb5o8ap6IvFKq yzm8bFKJ+4cDAFFmDPLkhbNxgc+qtvO6y1ZqnV4wnnHyeZejiZIlP/j5HbN8ER15 FGvzt7u3s++CFtNjWUvrgCHbJ69QnYwvRrCsqYZybfDN7ph/uBy1EA== =uqsa -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sun Jul 28 19:19:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 29 Jul 1996 10:19:21 +0800 Subject: your favorite poison recipes In-Reply-To: <199607281911.MAA02693@jobe.shell.portal.com> Message-ID: <3uwsRD1w165w@bwalk.dm.com> anonymous-remailer at shell.portal.com writes: > Please post your favorite poison recipes to this mlist. Our least favorite vegetable in a wheelchair can tell you that swallowing cum can be _very bad for your health if the guy squirting in your mouth is HIV+. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jamesd at echeque.com Sun Jul 28 19:27:30 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 29 Jul 1996 10:27:30 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION Message-ID: <199607290016.RAA04209@dns1.noc.best.net> At 04:33 PM 7/25/96 -0700, Jeremey Barrett wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > Assuming "perfect" intelligence on the part of the robbers (i.e. they will > follow deterministic behavior and do the "right" thing), then here's what > must happen IMO (1 being the first guy and 20 being the last): [...] > If 2 are left (19 & 20), 19 gets all the money. So 20 will vote for whatever > 18 says, which MUST include 20 in the deal. But here we run into the paradox, that it is not in each persons self interest to pursue is self interest. Example; Suppose only two are left: Then No. 19 get everything, and No. 20 gets nothing. So if only three are left, it will maximize 20's return to vote for a proposal by number 18, that number 18 gets 19,999,999 dollars, and number 20 gets one dollar But suppose that number 20 announces in advance that he considers an unequal division morally wrong, and will always vote against any unequal division. If this threat is credible, which it is, number 18 will have no choice but to propose an equal split, so number 20 now gets 6,666,666 dollars, instead of one dollar. Now if number 20 had threatened to vote against any proposal that did not split the money equally between himself, and number 18, thus going for ten million instead of six million, this threat would be less credible, and he would very likely have wound up with one dollar. This is a particular example of the various well known paradoxes of utilitarianism, that utility is maximized by a firm and credible promise to utterly disregard utility maximization. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Sun Jul 28 19:33:25 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 29 Jul 1996 10:33:25 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <199607290016.RAA04220@dns1.noc.best.net> Llywarch Hen wrote: > > > What Timothy May espouses is not the appearance of craziness but actual > > > insanity itself. James A. Donald wrote > > if you organize your nuclear forces so that any > > serious war is likely to escalate uncontrollably into the battle of > > armageddon, regardless of your intentions and desires, which is how > > the American government organized its nuclear forces in Europe, > > then you can pretty much guarantee you will not have to face a > > serious war. At 03:09 PM 7/27/96 -0700, Jon Leonard wrote: > This was, of course, the logic behind the alliances before World War I. > It was obviously suicidal to start a war with any of the major powers, > but it happened anyway. Your history is false: War was romantic and a big vote winner before World War I, and after World War I and before world war II the "intellectuals" were still big fans of war, just as they are still big fans of communism and socialism today, though World War I was sufficient to kick sense into most normal people. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From cjs at netcom.com Sun Jul 28 19:41:47 1996 From: cjs at netcom.com (Christopher J. Shaulis) Date: Mon, 29 Jul 1996 10:41:47 +0800 Subject: your favorite poison recipes In-Reply-To: <199607282123.OAA06727@mail.pacifier.com> Message-ID: <199607282228.SAA01051@localhost.cjs.net> > At 12:11 PM 7/28/96 -0700, anonymous-remailer at shell.portal.com wrote: > >Please post your favorite poison recipes to this mlist. > > I recommend a book called "Handbook for Poisoners," by Raymond Bond. While I recommend: 2oz Kahula 2oz Vodka 2oz Creme Mix this with some ice in a glass, garnish with a cherry. If you use Midori instead of Kahula, it turns a really cool shade of green. Drink. If ya don't like my poison, pick ya own. =) Christopher From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sun Jul 28 19:56:50 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Mon, 29 Jul 1996 10:56:50 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: <199607282047.NAA28494@toad.com> Message-ID: <199607290044.UAA00896@pdj2-ra.F-REMOTE.CWRU.Edu> Bill Stewart writes: : Now, there are subtleties to building them that may require : some amount of thought, rather than being totally obvious to the builder, : and there are things that are obvious but are difficult to do. : : For instance, say you, hypothetically, wanted to blow up your government's : legislative building. You'd obviously want to pick a dark and stormy night, : say early in November, and you'd sneak into the basement with barrels : of gunpowder. You'd use a long, slow-burning fuse, so it would blow up : the next day when they're in session, but after lighting it you'd still : run away very fast just in case your fuse speeds up on you. The obvious : thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT. : However, if you do get caught, maybe you'll end up with your name in lights : and people will set off firecrackers in your honor every fall, : while if you don't get caught you won't be personally famous. Tough choice:-) : : Penny for the Guy? Did the old Guy and his co-conspirators use crypto? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From moroni at scranton.com Sun Jul 28 20:32:49 1996 From: moroni at scranton.com (Moroni) Date: Mon, 29 Jul 1996 11:32:49 +0800 Subject: ALL OF YOU ARE CRIMIN In-Reply-To: Message-ID: For somone who is so afraid what people are doing with knowledge found on the internet you seem to be doing a good job of using it yourself. You are a hypocrit of the woorst kind. It is disgusting that you would complain about other people and then use a remailer. And in case you are unaware of netiquette one doesn't use all capital letters . That is screaming . If we don't know who you are I doubt that we have done anything to be screamed at by you. If this list really bothers you then I think it would be better for all if you left it.If you reaaly want to contact a fed agency about problems why don't you contact them about alt.bestality(I like animals). In any case I think that we are monitored by the government anyway. They have to do something to justify not being cut back moroni with real handle and real electronic address above On Sun, 28 Jul 1996, Rabid Wombat wrote: > > > On Sat, 27 Jul 1996 pjn at nworks.com wrote: > > > > At 09:33 PM 7/26/96 -0700, anonymous-remailer at shell.portal.com wrote: > > >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS > > >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY > > >CAN TRACK YOU DOWN AND CLOSE THIS LIST. > > > > > > > Yes, your remailer appears to be working. You're welcome. > From sandfort at crl.com Sun Jul 28 20:34:45 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 29 Jul 1996 11:34:45 +0800 Subject: BOMB PLANS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, The Sunday San Francisco Examiner had an article about how simple it is to make a pipe bomb. It was syndicated from the Dallas Morning News. In the article a "federal bomb expert" opined: They're probably one of the more common explosive devices that are encountered. That's because the pipe not only provides a container, but fragments into sharapnel." ^^^^^^^^^ ^^^^^^^^^^^^^^ Now I don't know what takes to qualify one as a "bomb expert," but the standards must be pretty low. The reason hand grenades look like pineapples is because it's very difficult to get metal to fragment unless it is scored or otherwise predisposed to come apart in little pieces. What I've been told is that a pipe bomb just peals open at it's weakest place and otherwise stays in one piece. Don't know, but that's what I've heard. Makes sense to me. To put the fear of god in the readers the article dutifully chants the following mantra: Detailed instructions for making pipe bombs and other explosive devices are available for sources as varied as anti-government publications [what about GOVERNMENT publications?], pamphlets sold at gun shows and the Internet. Are we surprised? S a n d y P.S. On an odder note, the same paper had an article entitled, "Two-headed baby born in Tijuana." The article reported, "...the child (sic) had been born with two spinal columns and two heads" One of the more bizarre statements was, "It's not clear whether un-named girl--or girls--are Siamese twins." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From declan at eff.org Sun Jul 28 20:49:50 1996 From: declan at eff.org (Declan McCullagh) Date: Mon, 29 Jul 1996 11:49:50 +0800 Subject: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS) In-Reply-To: Message-ID: I believe my source, who's given me nothing but accurate information before. YMMV, and you will of course filter this through how much you trust *me* to evaluate him. But in the absence of a formal statement from the NSA legal counsel, I think this as good as it gets. -Declan On Sun, 28 Jul 1996, Alan Horowitz wrote: > Cute story. But it's not "confirmed". > > Well, it might be if you want to hold yourself to the journalistic > standards of the Mall crowd. > // declan at eff.org // I do not represent the EFF // declan at well.com // From lzirko at c2.org Sun Jul 28 21:15:20 1996 From: lzirko at c2.org (Lou Zirko) Date: Mon, 29 Jul 1996 12:15:20 +0800 Subject: your favorite poison recipes Message-ID: <199607290212.TAA10468@infinity.c2.org> -----BEGIN PGP SIGNED MESSAGE----- To: cjs at netcom.com, jimbell at pacifier.com, cypherpunks at toad.com Date: Sun Jul 28 21:12:49 1996 You forgot 2oz of Grand Marnier(sp). Also the Creme should be Irish. Lou Z. > While > > I recommend: > > 2oz Kahula > 2oz Vodka > 2oz Creme > > Mix this with some ice in a glass, garnish with a cherry. > > If you use Midori instead of Kahula, it turns a really cool > shade of green. > > Drink. > > If ya don't like my poison, pick ya own. =) > > Christopher > > Lou Zirko (502)383-2175 Zystems lzirko at c2.org "We're all bozos on this bus" - Nick Danger, Third Eye -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 iQEVAwUBMfweNstPRTNbb5z9AQEikwf/ZuyH2o7oip3C8Tt14mi5Vkc2yLhndlM8 q6m6/+AmsyaS0wrba+Dc52mPsmDLRraalYBY+IX5rFW/WRbSYoFqSrydxNr6XH7x PFRmKr2eYHy4lia2jc2CyUahfu4HXn4kr9rJdEBb2mr/LOkrZJKnrFBgORvvbxMv bHBGWILa2EgAb7fBEXNgeoJlZbyOfj296SAw/bI5dkb3R+A53DouvUi6cTF7ZgKx nfZVRbb34qwH3oi6ey6S3buZBnEHjsl6sIBCEKxkM/blVafX2XiLwN6k7nmH7ZRh AXvvoNMi8JlGJMQGqZUzyZqMm9IRd27oPT19qVITOzcuUwYryZY1+w== =VFom -----END PGP SIGNATURE----- From gbroiles at netbox.com Sun Jul 28 22:00:51 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Mon, 29 Jul 1996 13:00:51 +0800 Subject: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS) Message-ID: <2.2.16.19960729025129.372f692c@mail.io.com> >[Declan asked a former CIA employee] if he had ever monitored the >cypherpunks list. "No, I >didn't. It was too high-traffic," he said. "But the guy in the next >office over from me did." > >Is this the first confirmed report of TLA cypherpunk-monitoring? Given that no names or dates are mentioned, I dunno if it's fair to call it "confirmed". It doesn't seem to be re-confirmable, if someone else wanted to verify it independently. I'm also not sure that a TLA employee reading the list because they happen to find it interesting counts as "monitoring". "Monitoring" suggests to me that it's being read/filtered/indexed/archived in some organized and deliberate fashion. Even so, the issue seems likely to generate more heat than light. If the list is interesting, it's unremarkable that one or more TLA employees would choose to read it. On our better days, we're talking about the intersection(s) between politics and privacy and technology - issues which affect the performance of many of a TLA's duties as well as the public will to maintain the policies and funding of the TLA and its employees. It's not surprising that TLA's want the capability to read every word written and hear every word spoken; it's just surprising that they believe that using law to maintain their ability to do that is compatible with the Constitution. -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From vinnie at webstuff.apple.com Sun Jul 28 22:35:35 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Mon, 29 Jul 1996 13:35:35 +0800 Subject: your favorite poison recipes Message-ID: Anonymous writes: >Please post your favorite poison recipes to this mlist. I'd have to say Federal Match in.308, Lead poisoning -- Long distance. martian Minow writes: > >Rare roast beef, baked potato with plenty of butter, red wine. > Martin; last time I checked you were a trickle down vegaterian too. Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From markm at voicenet.com Sun Jul 28 22:42:37 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 29 Jul 1996 13:42:37 +0800 Subject: BOMB PLANS In-Reply-To: Message-ID: On Sun, 28 Jul 1996, Sandy Sandfort wrote: > The Sunday San Francisco Examiner had an article about how simple > it is to make a pipe bomb. It was syndicated from the Dallas > Morning News. In the article a "federal bomb expert" opined: > > They're probably one of the more common explosive > devices that are encountered. That's because the > pipe not only provides a container, but fragments > into sharapnel." ^^^^^^^^^ > ^^^^^^^^^^^^^^ > Now I don't know what takes to qualify one as a "bomb expert," > but the standards must be pretty low. The reason hand grenades > look like pineapples is because it's very difficult to get metal > to fragment unless it is scored or otherwise predisposed to come > apart in little pieces. What I've been told is that a pipe bomb > just peals open at it's weakest place and otherwise stays in one > piece. Don't know, but that's what I've heard. Makes sense to > me. You're right. A pipe bomb isn't even technically a "bomb". It just has various combustible chemicals within a sealed container. The explosive force is just due to the high pressure released. Nails and screws can be used as shrapnel, but if the container was scored, the explosive force would be weakened. Newer hand grenades have scored wire wrapped around the core so when it explodes, the container is shattered and the wire fragments fly out at very high speeds. I would guess that these are more powerful than the "pineapple" grenades. -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00008.pgp Type: application/octet-stream Size: 288 bytes Desc: "PGP signature" URL: From mclow at owl.csusm.edu Sun Jul 28 22:58:03 1996 From: mclow at owl.csusm.edu (Marshall Clow) Date: Mon, 29 Jul 1996 13:58:03 +0800 Subject: Feinstein wants controls on Internet, Books Message-ID: >From : > The president said he has invited congressional leaders to meet with the > head of the FBI on Monday. > > The leaders will discuss bills that would expand wiretaps and allow for > chemically "tagging" explosives, which could help track terrorist acts. > Such legislation is needed to "increase the protection of the American > people," Clinton said. > > Both measures were taken out of an anti-terrorism bill Clinton signed > into law earlier this year. He also said that a spate of recent acts of > political violence showed that law enforcement needed such powers. > > "As strong as the bill was, it did not give our law enforcement officials > some of the powerful tools I had recommended," Clinton said. and from a similar article on AOL (from Reuters): > ``We will ... do whatever is necessary to give law enforcement the tools they need to find >terrorists before they strike and to bring them swiftly to justice when they do,'' he said. > [snip; same as the cnn story] > > The expanded wiretap authority would allow law enforcement personnel to listen to all >communications devices used by a given person, including a home phone, mobile phone and >pager. At present, authority is given over a specific phone number, rather than for a >specific person. > > The second measure would require explosives makers to insert a chemical fingerprint >in their products that would help authorities narrow their search for a bomber. The White House web page does not have a transcript of the President's speech; in fact, under "Today's Top Issue" was 'President Clinton's Call for a National Community Policing Number', dated July 23rd. -- Marshall Marshall Clow Aladdin Systems "We're not gonna take it/Never did and never will We're not gonna take it/Gonna break it, gonna shake it, let's forget it better still" -- The Who, "Tommy" From ichudov at algebra.com Sun Jul 28 22:58:15 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 29 Jul 1996 13:58:15 +0800 Subject: Terrorists are adult Kids? In-Reply-To: Message-ID: <199607290336.WAA27752@manifold.algebra.com> -----BEGIN PGP SIGNED MESSAGE----- To: sandfort at crl.com (Sandy Sandfort) Cc: cypherpunks at toad.com, scrm Subject: Terrorists are adult Kids? Sandy Sandfort wrote: > The Sunday San Francisco Examiner had an article about how simple > it is to make a pipe bomb. It was syndicated from the Dallas > Morning News. In the article a "federal bomb expert" opined: > > They're probably one of the more common explosive > devices that are encountered. That's because the > pipe not only provides a container, but fragments > into sharapnel." ^^^^^^^^^ > ^^^^^^^^^^^^^^ > Now I don't know what takes to qualify one as a "bomb expert," > but the standards must be pretty low. The reason hand grenades > look like pineapples is because it's very difficult to get metal > to fragment unless it is scored or otherwise predisposed to come > apart in little pieces. What I've been told is that a pipe bomb > just peals open at it's weakest place and otherwise stays in one > piece. Don't know, but that's what I've heard. Makes sense to > me. It depends on the quality of metal the pipe is made from. If it has a lot of carbon the pipe indeed can split into small pieces. Also, as far as I remember, if you heat the pipe red and then throw it into water and repeat this process several times, the metal may become very fragile. Plz correct me if I am wrong. Also, nothing prevents you from making grenade-like marks on the pipes. It is very easy if you have the right instruments. While in high school in Russia, I was taught how to work with metal and indeed making these kind of marks is one of the most trivial exercises. BTW, almost all male kids in russia experiment with bomb-making, rocket-making, explosives and so on. Once I was going to school #57 in a tram and a small bomb exploded right in my school bag. It was made from Ammonium triiodide which is really unstable. Everyone in the tram was really surprised and I was really pissed off. In the hindsight it was fairly dangerous and some of my friends were hurt by bombs. HOWEVER, I have a theory that males never really grow up and continue playing toys 'til they die. I think that guns are also male toys, by the way. So the idea is, maybe if kids play enough with explosives WHILE THEY ARE KIDS, they would get enough of it and would not continue playing with them when they grow up (and become more dangerous). Like, I myself pretty much lost interest in building explosive devices and rocketry after 18. Since this country is too safe, kids do not get their share of danger and try to recoup it in adulthood. Which results in stupid terrorism. - Igor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfwxvsJFmFyXKPzRAQGSogQAluZwxBXFVU/AI9aZZyNOefpYc3Sumjka egpoZCnAWXPmmvGU0e+N8adYynQxgGWb2o6WTPFS3kNG8G3aEujMojlbJod1fGx9 VbD8TZjpi67jgmDJuDbXIWjgcVAzwjWmijn9L0x9h4nNTbyChvRxnwo2Q6vYoqir loniT0I/1dg= =DmH5 -----END PGP SIGNATURE----- From AwakenToMe at aol.com Sun Jul 28 23:00:29 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 29 Jul 1996 14:00:29 +0800 Subject: ALL OF YOU ARE CRIMIN Message-ID: <960729000545_247767161@emout17.mail.aol.com> Obviously this was someone trying to be anoying and someone that wasnt too serious. From rah at shipwright.com Sun Jul 28 23:03:12 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 29 Jul 1996 14:03:12 +0800 Subject: SET in Java Message-ID: --- begin forwarded text Date: Sun, 28 Jul 1996 11:40:33 -0700 From: tedg at doppio.Eng.Sun.COM (Ted Goldstein) To: set-discuss at commerce.net, bjueneman at novell.com Subject: SET in Java Mime-Version: 1.0 Content-MD5: nhtCOgaiveb2ol2V4sPdow== Sender: owner-set-talk at commerce.NET Precedence: bulk +----------------------------------------------------+ Addressed to: set-discuss at commerce.net +----------------------------------------------------+ JavaSoft is developing a SET implementation as part of the Java Electronic Commerce Framework (http://java.sun.com/commerce). For more information, feel free to contact me. Thanks, Ted Goldstein Chief Java Commerce Officer, JavaSoft, Sun Microsystems Inc. (408) 343-1675 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This message was sent by set-discuss at commerce.net. For a complete listing of available commands, please send mail to 'majordomo at commerce.net' with 'help' (no quotations) contained within the body of your message. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From AwakenToMe at aol.com Sun Jul 28 23:22:17 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 29 Jul 1996 14:22:17 +0800 Subject: BOMB PLANS Message-ID: <960729000357_247766065@emout15.mail.aol.com> welllll pipe bombs do fragment. Years ago someone decided to try to put one under my step brothers truck tire....... needless to say...nothing happened to the truck or our house in front of the truck but next door and across the street..the houses were sprayed with metal fragments. From geeman at best.com Mon Jul 29 00:06:33 1996 From: geeman at best.com (geeman at best.com) Date: Mon, 29 Jul 1996 15:06:33 +0800 Subject: FW: LOOKING FOR THAT SPECIAL SOMEONE? Message-ID: <01BB7CD4.99E42F80@geeman.vip.best.com> Anyone else on the list goet this? ---------- From: mary[SMTP:mary at globalpac.com] Sent: Sunday, July 28, 1996 3:56 PM To: ml at aol.com Subject: LOOKING FOR THAT SPECIAL SOMEONE? Feeling sentimental? Would you like to get in touch with an old friend, loved one, family member or colleague? Do you need help in locating a (former) spouse for alimony or support payments? Does someone owe you money that you haven't been able to collect because you can't find them or their assets? Let me help. I've been doing this for twenty some years and am very good at it. My fees are reasonable and if I can't find what you need, there will be no charge. If interested, please reply to above. Thank you for your time. Mary Anderson P O Box 39362, Los Angeles, Ca 90039 From geeman at best.com Mon Jul 29 00:20:03 1996 From: geeman at best.com (geeman at best.com) Date: Mon, 29 Jul 1996 15:20:03 +0800 Subject: Internet blamed for pipe bombs Message-ID: <01BB7CD4.96FA07E0@geeman.vip.best.com> I've heard that in a lot of cases, too, automobiles have been the vehicle used by the prep. to transport bomb-making materials and bombs to/from their target sites. I'm starting to get concerned that this type of personal transportation technology makes it just too damn easy to wreak havoc and destruction on unsuspecting innocents. I think they ought to pass some kind of legislation restricting the use of vehicles that do not have approved travel-itineraries on file with the Travel Escrow Bureau. >>> Across the country, latest figures from the U.S. Bureau of Alcohol, >>> Tobacco and Firearms show a 20 percent jump in pipe bomb incidents >>> between 1990 and 1994. >> >>[...] >> >>> "We've been incredibly busy," said sheriff's bomb technician Judd >>> Holiday. "As crime in other categories is dropping, this is going up." > >The friendly Anarchist's Bookstore in San Francisco sells several books on >building bombs. No Internet connection required. I would like offer ano ther >possible explanation for the increase in pipe bombings. The People are >getting frustrated and a pipe bomb can be very useful device releasing >one's frustration. From deviant at pooh-corner.com Mon Jul 29 00:25:18 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 29 Jul 1996 15:25:18 +0800 Subject: BOMB PLANS In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 28 Jul 1996, Sandy Sandfort wrote: > Date: Sun, 28 Jul 1996 18:17:28 -0700 (PDT) > From: Sandy Sandfort > To: Cypherpunks > Subject: BOMB PLANS > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > [usefull info deleted] > > S a n d y > > P.S. On an odder note, the same paper had an article > entitled, "Two-headed baby born in Tijuana." > The article reported, "...the child (sic) had > been born with two spinal columns and two heads" > One of the more bizarre statements was, "It's > not clear whether un-named girl--or girls--are > Siamese twins." Technicly, Siamese twins must have certain ammounts of organs independantly, and certain amounts share, within a certain amount of body space. Anything else is just unsplit twins. ;) --Deviant Old MacDonald had an agricultural real estate tax abatement. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfxJnjAJap8fyDMVAQH7xQf8CC/qzRa76hW8G8Q9a4/To2i0Bi4vwWuT JmQfaBBLPdAHZFhBLKvl2E0YtB9Pa+oRu4/G2/4UAqNhlH1skOeabW7MzQZQg7L7 n9+is8rkgIA9Kv8iNMP16Co3goTRQRu/PbAjB77Fyc5A6f/B3y4UI8K4twuPyJSz bC9w6OU/uRyiUF8VaEPe2zBqTrh90je17Il90sLgmHp+whNU/3a01kGIVK15ji3B qdhVXxRIgCK1UF6fh38KjVWV52/GVt1xXuEOM/14bknhZHNyHfjHQlj4aMGuWGyY SqJtpo1dJ6yi9jkA7Qn2nkKb+rq/BK+ciMlrzRJDCwY0IhqRveL16g== =q2Xk -----END PGP SIGNATURE----- From dwa at corsair.com Mon Jul 29 00:53:22 1996 From: dwa at corsair.com (Dana W. Albrecht) Date: Mon, 29 Jul 1996 15:53:22 +0800 Subject: RPK Cryptography Message-ID: <199607290543.WAA28726@vishnu.corsair.com> Has anyone on the list heard of this? Any opinions regarding its security? Dana W. Albrecht dwa at corsair.com --------------------------------------------------------------------------- > May 21, 1996 -- AUCKLAND, New Zealand -- A fledgling startup, RPK New > Zealand, today announced that a new public key encryption system, > known also as RPK, is available free, for review and evaluation on the > World Wide Web. RPK is inviting worldwide evaluation and scrutiny of > their new system with the goal of creating, for the first time ever, a > worldwide industrial-strength security and encryption standard. The > company is also offering a free version of an end user program > designed to be used for secure transfer of information to encourage > use and trial of the technology. > > RPK New Zealand is one of the new, very small, "worldwide entities" > that has benefited from the global market access provided by the > public Internet. Previously kept confidential while patent > applications were being filed in New Zealand and for the rest of the > world under international treaty, the RPK cryptographic system was > unveiled this week via the World Wide Web (http://crypto.swdev.co.nz) > where the technology's inventor, Bill Raike, has also offered a > US$3,000 "RPK SafeCracker Challenge." > > Raike, a mathematician and computer scientist who has dual U.S. and > New Zealand citizenship, combined some simple algorithms with well- > accepted higher mathematics to invent the world's fastest-ever system > for secure communications and he's betting US$3,000 that no one in > the world can break into RPK's Virtual Vault and thereby prove him and > his fledgling startup wrong. From pluto at well.com Mon Jul 29 00:54:43 1996 From: pluto at well.com (cp) Date: Mon, 29 Jul 1996 15:54:43 +0800 Subject: E-cash Message-ID: Salve, As another idea to prevent the netizen from being a sitting duck for the gov and the big mailorder companys: Get an account at MarkTwain! Do it now! Pluto ********************************************************************** P pluto at inx.de P Free information! # G-> pluto at well.com <-G Freedom through knowledge. # P www.well.com/user/pluto/ P Wisdom for all!! =:-) # ********************************************************************** +--HI, I'm a signature virus :-) Copy me into your sign to join in. ---+ From snow at smoke.suba.com Mon Jul 29 01:45:34 1996 From: snow at smoke.suba.com (snow) Date: Mon, 29 Jul 1996 16:45:34 +0800 Subject: BOMB PLANS In-Reply-To: Message-ID: On Sun, 28 Jul 1996, Mark M. wrote: > On Sun, 28 Jul 1996, Sandy Sandfort wrote: > > but the standards must be pretty low. The reason hand grenades > > look like pineapples is because it's very difficult to get metal > > to fragment unless it is scored or otherwise predisposed to come > > apart in little pieces. What I've been told is that a pipe bomb > > just peals open at it's weakest place and otherwise stays in one > > piece. Don't know, but that's what I've heard. Makes sense to > > me. > You're right. A pipe bomb isn't even technically a "bomb". It just has > various combustible chemicals within a sealed container. The explosive force > is just due to the high pressure released. Nails and screws can be used as > shrapnel, but if the container was scored, the explosive force would be > weakened. Newer hand grenades have scored wire wrapped around the core so > when it explodes, the container is shattered and the wire fragments fly out > at very high speeds. I would guess that these are more powerful than the > "pineapple" grenades. I don't know about "more powerful", but they are more effective, and IIRC a little smaller & lighter. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From deviant at pooh-corner.com Mon Jul 29 02:24:47 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 29 Jul 1996 17:24:47 +0800 Subject: Terrorists are adult Kids? In-Reply-To: <199607290336.WAA27752@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- - ----PLEASE NOTE: NOTHING DESCRIBED IN THIS POST IS A PARTICURLY GOOD IDEA---- On Sun, 28 Jul 1996, Igor Chudov @ home wrote: > Date: Sun, 28 Jul 1996 22:36:39 -0500 (CDT) > From: "Igor Chudov @ home" > To: Sandy Sandfort > Cc: cypherpunks at toad.com, scrm at manifold.algebra.com > Subject: Terrorists are adult Kids? > > To: sandfort at crl.com (Sandy Sandfort) > Cc: cypherpunks at toad.com, scrm > Subject: Terrorists are adult Kids? > > Sandy Sandfort wrote: > > The Sunday San Francisco Examiner had an article about how simple > > it is to make a pipe bomb. It was syndicated from the Dallas > > Morning News. In the article a "federal bomb expert" opined: > > > > They're probably one of the more common explosive > > devices that are encountered. That's because the > > pipe not only provides a container, but fragments > > into sharapnel." ^^^^^^^^^ > > ^^^^^^^^^^^^^^ > > Now I don't know what takes to qualify one as a "bomb expert," > > but the standards must be pretty low. The reason hand grenades > > look like pineapples is because it's very difficult to get metal > > to fragment unless it is scored or otherwise predisposed to come > > apart in little pieces. What I've been told is that a pipe bomb > > just peals open at it's weakest place and otherwise stays in one > > piece. Don't know, but that's what I've heard. Makes sense to > > me. > > It depends on the quality of metal the pipe is made from. If it > has a lot of carbon the pipe indeed can split into small pieces. > Also, as far as I remember, if you heat the pipe red and then throw it > into water and repeat this process several times, the metal may > become very fragile. Well, yes, but not just that... The force (and indeed the type of explosion) caused by a pipe bomb depends on several things, including (but not limited to), the type of pipe, the type of explosives, and the material used to seal the ends of the pipe. Idealy you would use gauged copper pipe (copper bends, tears, etc, comparitvly easy), with copper stopping at the end. The stopping needs to be the same material as the pipe, or else there will be significantly less gass-expansion when the bomb goes off (i.e., the end is the weekest point, you've made a rather shitty shotgun). One might also conceive of using actuall explosives (C4, Semtex, plasticene) in a pipe bomb, rather than the usual "matcheads and gunpowder" approach as suggested by many "cookbooks". > Also, nothing prevents you from making grenade-like marks on > the pipes. It is very easy if you have the right instruments. > While in high school in Russia, I was taught how to work with > metal and indeed making these kind of marks is one of the most > trivial exercises. yes. but for best results these "alterations" to the pipe must be of uniform depth and spacing. > BTW, almost all male kids in russia experiment with bomb-making, > rocket-making, explosives and so on. Once I was going to school I wouldn't limit that to Russia. Every kid goes through their pyromaniacy stage, its really just a question of how good they are at it ;) > #57 in a tram and a small bomb exploded right in my school bag. > It was made from Ammonium triiodide which is really unstable. > > Everyone in the tram was really surprised and I was really pissed off. > I'll bet. > In the hindsight it was fairly dangerous and some of my friends were > hurt by bombs. HOWEVER, I have a theory that males never really grow > up and continue playing toys 'til they die. I think that guns are also > male toys, by the way. > Hrmm.. that's a little extreme, dontcha think? > So the idea is, maybe if kids play enough with explosives WHILE THEY ARE > KIDS, they would get enough of it and would not continue playing with them > when they grow up (and become more dangerous). Like, I myself pretty much > lost interest in building explosive devices and rocketry after 18. > Hrmm... I've always lived in the US, and I lost interest in that sort of thing when I was ~14... > Since this country is too safe, kids do not get their share of danger > and try to recoup it in adulthood. Which results in stupid terrorism. > Bullshit. --Deviant The world is not octal despite DEC. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfxfmjAJap8fyDMVAQENWgf+PYWEUe7j9s04Db+FbIB06HXbaJZG0PoW 12RIumrewpYgPTjOHpdMrQ404aNcxUo08MCHxF2U5+CekNgdVUzZ6BclxGzJ2m9T 4ppad/rViOyPopEGWYrZuZifmasglxLcnsQI+kl7WcN0zX9ZxH/GPpSzkhd4CUdn AwnFrB7SAfFm8uzqFEGrPUUywiZsDmsPdv2vYHfZMR22Z64Ceaq00gchg4kvvjya 8PA77glHxPZgWq6X6JijAEgL5isyHw7S+Iwa0VROoeGOTRiU/uxhTRAdHOVhfblr I/9yVCyQbZEx0yhqo2SU5i1p9/kbQNOCQwRULiCHR7QsZbBMx32RwQ== =mWR2 -----END PGP SIGNATURE----- From nobody at REPLAY.COM Mon Jul 29 03:15:57 1996 From: nobody at REPLAY.COM (Anonymous) Date: Mon, 29 Jul 1996 18:15:57 +0800 Subject: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS) In-Reply-To: Message-ID: <199607290725.JAA24074@basement.replay.com> + I believe my source, who's given me nothing but accurate information + before. YMMV, and you will of course filter this through how much you + trust *me* to evaluate him. But in the absence of a formal statement from + the NSA legal counsel, I think this as good as it gets. + + -Declan Well, you can always check on the subscribers list. There are several addresses from NSA in there (for example ncsc.mil). From deviant at pooh-corner.com Mon Jul 29 03:22:11 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 29 Jul 1996 18:22:11 +0800 Subject: BOMB PLANS In-Reply-To: <960729000357_247766065@emout15.mail.aol.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 29 Jul 1996 AwakenToMe at aol.com wrote: > Date: Mon, 29 Jul 1996 00:03:57 -0400 > From: AwakenToMe at aol.com > To: sandfort at crl.com, cypherpunks at toad.com > Subject: Re: BOMB PLANS > > welllll pipe bombs do fragment. Years ago someone decided to try to put one > under my step brothers truck tire....... needless to say...nothing happened > to the truck or our house in front of the truck but next door and across the > street..the houses were sprayed with metal fragments. this would be because of not properly sealing the ends of the pipe (see also, shotgun effect) --Deviant Slowly and surely the unix crept up on the Nintendo user ... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfxjlTAJap8fyDMVAQFfzgf6AkvVjWhe2wKVmbKwuHGfxAGA3DQnmd0s uYOINVyUOIiw7Pt1kiJpKCry4eX3n1n5wWlCvkMLNMY0+A7W1MAeWItBJlo2D2T+ vvie3APaYUbzmppWGli/3Luap1bfB+g7gRPmGlnT3zpY0Nl2ulW+kHf96/aXkycs L4Y5alaQOql1/4/5Zq849VrVKo1xfR7adltcIBIUZ0FfQZqwyY9cZYexHUkyAOaM R29ytqL4jCADTdznTzjNzTkzZUCWxdn8j5fQ2tO4QSp2PwJXpooz2J4Jno7e+nuT PweAUgjFxkGHGzM8bZtijO1TNICcOpIEp6d/uYULXKtXYPMRPO6hvg== =zsly -----END PGP SIGNATURE----- From mccoy at communities.com Mon Jul 29 03:34:34 1996 From: mccoy at communities.com (Jim McCoy) Date: Mon, 29 Jul 1996 18:34:34 +0800 Subject: BOMB PLANS Message-ID: Sandy write: > > The Sunday San Francisco Examiner had an article about how simple > it is to make a pipe bomb. It was syndicated from the Dallas > Morning News. In the article a "federal bomb expert" opined: > > They're probably one of the more common explosive > devices that are encountered. That's because the > pipe not only provides a container, but fragments > into sharapnel." ^^^^^^^^^ > ^^^^^^^^^^^^^^ > Now I don't know what takes to qualify one as a "bomb expert," > but the standards must be pretty low. The reason hand grenades > look like pineapples is because it's very difficult to get metal > to fragment unless it is scored or otherwise predisposed to come > apart in little pieces. This is no longer true with respect to hand grenades and was not really accurate wrt the old pineapple grenades. Modern grenades are pre-scored to produce good fragments, in fact one reason for abandoning the old grenades was that they fragmented into only a few large chunks along the weakest stress lines of the pineapple gripping and this did not produce the desired effect (which is lots of little high-KE pieces, four or five big pieces with relatively low-KE were produced by the pineapple grenades...) An equivalent effect for a pipe bomb would be produced by mixing in a handful of brads, wire cut into 5mm lengths, or tacks, most "recipes" for such devices I have seen tell someone to mix in nails. This is really stupid if you consider that most people only have relatively big nails sitting around and coupled with the volume restriction of a pipe bomb you will get the same poor effects as the old hand grenades. jim From amehta at giasdl01.vsnl.net.in Mon Jul 29 04:54:25 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Mon, 29 Jul 1996 19:54:25 +0800 Subject: E-Cash promotion idea Message-ID: <1.5.4.32.19960729084347.00331d14@giasdl01.vsnl.net.in> At 05:15 24/07/96 -0500, Matt Carpenter wrote: >getting change from the merchant. Ian Goldberg pointed out that >with the current ecash protocol, accepting change not only eliminates your >anonymity, but that you also have to go online to make sure you aren't being >cheated. I'm sure it should be possible for the merchant to electronically give you an "IOU" for the amount of change s/he owes you, no matter how small, without loss of your anonymity. Next time you go to the same merchant, the IOU could automatically be adjusted against the new purchase. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From amehta at giasdl01.vsnl.net.in Mon Jul 29 04:54:33 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Mon, 29 Jul 1996 19:54:33 +0800 Subject: e$: The Demographic "Transaction" (was Re: Schelling Points...) Message-ID: <1.5.4.32.19960729084343.00330008@giasdl01.vsnl.net.in> At 15:09 28/07/96 -0400, Robert Hettinga wrote: > >He said there are many hypotheses about what causes this decline in >fertility, including the commonly held one that people make babies as a >form old age pension income :-) That's true: when the state does not provide old-age pension, that's the only alternative, and surely not a bad one. >He also said that the obvious things like public health and education were >good ways to increase life expectancy, but that the very best way to cause >this "demographic transition" was a dramatic increase in personal income. As I see it, having more children makes sound economic sense when you have child labor. You feed the child for 4-5 years, after which it contributes financially to the family for the rest of its short life. More stringent enforcement of anti child-labor legislation would help. Increase in life expectancy is also good, because then you need fewer children as insurance. The spread of the Internet, and the ability to post anonymously should help in exposing instances of violation of child-labor laws, and increasing outrage. Hopefully, it will also make it easier to spread literacy, which is arguably the best way to keep population down. I'd really like to know who this "he" is whom Robert is citing. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From JR at ns.cnb.uam.es Mon Jul 29 05:50:15 1996 From: JR at ns.cnb.uam.es (JR at ns.cnb.uam.es) Date: Mon, 29 Jul 1996 20:50:15 +0800 Subject: Twenty Bank Robbers -- CLARIFICATION Message-ID: <960729114511.2080086f@ROCK.CNB.UAM.ES> > I forgot to say what the GOALS are. The goals of every individual > cypherpunk are (in from highest to lowest priority): > > 1. Stay alive > 2. Get as much money as possible > 3. Keep as many cypherpunks alive as possible, all other things being equal. > > - Igor. > Most responses fail to consider "suicidal" behaviours. In many cases, when there are rounds left, it may be worth playing against your interests if that will yield later a higher benefit. The fact that anyone makes a proposal is of no interest to anyone else as long as goal#2 stands over goal#3 and there is enough people to stablish uncertainty of behaviour. As an example, if #1 proposes he gets all the money, all other things being equal, #3,#5,...#19 should theoretically vote for him since they know they can't win as long as there's a #2... But #19 knows he could win if only he and #20 were alive. It is in his interest to vote 'no'. If #1 dies, then he may get a chance, because #18 is in his same position and might do the same in the other rounds. Yes, you can follow it backwards and discover that goal #3 above then should take precedence. Should it? There's still goal #2 above. If the c'punks can't communicate among them then that's the end of it. #1 gets all. But if they can, there's another side: If you not only know the order of proposers, but also their proposals, then you can always play 'unfair' or 'against you' until the proposal that's better for you comes. Say #2 speaks to #20 and agrees to propose that he'll get some money too. Restriction #2 above takes precedence and proposer #2 knows he'll get #20 vote as long as he makes that proposal. It is in #20's interest to vote against #1 "all for me" in the first round since that way he'll get some money on #2's proposal. But then #3, #4, etc... can play the same game. The first one that can provide a proposal making happier most of the people will win... Say #1 proposes to even split between half of them. Will that work? If they can't cheat their vote that's the end of it. Then comes another point in place. Can they cheat? Obviously, under these arrangements, anyone proposing he gets all money, other than #19 risks his life for others can agree into a better split. But OTOH, #18 and #20 know that they can agree on something better than #19's proposal of he getting all. If #18 cheats, #19 can agree with #20 to split even and #18 is dead. If #18 doesn't cheat. then #20 has two chices: - believe #19 will not cheat and propose an even split. Vote against. - fear #19 cheating and the risk of not getting anything. Odds are all for #19, so he shoudl vote for #18 proposal. The only choice is for #18 and #20 to agree in an even split, where #18 can also cheat and ask for all money. But then he risks #19 and #20 agreeing on voting against him. So #18 must offer something to #20, and it must be enough for #20 not wanting to take the risk of #19 cheating too. Following back, everybody but #19 and #20 risk their lives. #19 is interested in everybody else being dead, and #20 in anyone giving him anything. Anyone who gives anything to #20 will get his vote. Anyone not giving anything to #20 risks #20 voting for someone else on the hope he'll get something on the next proposal. And everyone needs an agreement with #20 to keep his life. As you go back, #18 has a better chance of staying alive if he can ensure #19 and #20 won't agree because his offer is safer than the risks involved for #20. Work backwards. The point is, the expectancies of winning work at all round, and at every point you are interested in not dying. As you reach the end if you make an agreement and cheat you have less risk (there are less possibilities for new agreements), but if you have gone to that, it's because more and more people have cheated before, and confidence will be low. So you are more interested in not cheating to keep your life. I think the net result is that most c'punks will be offering even splits to ensure a maximum of votes. As people makes arrangements and c'punks dies, confidence and credibility on agreements in advance will fail, so the risk for the latests increases too... In the end all comes down to gullibility of the partners. If you assume they are not gullible, you'll vote for the first proposal of an even split to save your life. If they are, then you can play against while there remains gullible people, but then you know your cheating is your dead (except for #19 and #20) and you risk less by going even. That's more or less like real life: one can temporarily play against himself if that will yield later a higher benefit. But that comes at a cost in credibility, and the more you use it, the less useful it becomes. On a non-gullible environment, the first time you cheat your reputation breaks and it is in everyone else's interest to play against you. That's the ancient concept of honor. On a less-exceptic or more tolerant environment you may have a few goes before getting people absolutely exceptical again. The number of goes will depend on their tolerance level. Same for the game: there can be cheating up to a tolerance level. After that everyone will know that a non-even split proposal will take out your life. Where the border comes is a matter of circumstances. jr From pjn at nworks.com Mon Jul 29 06:49:11 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Mon, 29 Jul 1996 21:49:11 +0800 Subject: cypherpunks vs hacker Message-ID: In> Rather than debate semantics of the definition of "hacker," or ask In> others to suggest definitions, it might be better for interested folks In> to read some of the various books on the topic and then decide for In> themselves. Some of them are: In> - Levy, "Hackers," of course Very good history. In> - Haffner and Markoff, "Cyberpunk" In> - Sterling's book on hackers Hacker Crackdown. In> - any one (but not more) of the several Shimomura v. Mitnick books I think that Markoffs book on the incident was written beter then the rest. I might also suggest: - Masters of Deception - The Cuckoos Egg by Stoll P.J. pjn at nworks.com ... Resistance is futile, taglines will assimilate your hard drive. ___ Blue Wave/QWK v2.20 [NR] From WlkngOwl at unix.asb.com Mon Jul 29 07:12:04 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 29 Jul 1996 22:12:04 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: <199607291030.GAA29365@unix.asb.com> On 28 Jul 96 at 12:59, David Sternlight wrote: > >IMO, the US does not have a comfortable lead. It's already falling > >behind considering some of the stronger crypto programs available (at > >least as freeware) are made outside the US. Many of the stronger > >algorithms were invented outside of the US (IDEA for instance). > > This, and similar remarks by others, consistently misses the point which I > have been making for about a year now, and which Director Freeh finally > made explicit in his testimony last week. That is--the government is > concerned with mass market software incorporating robust crypto, used > overseas, and recognizes that they can't keep niche products off the [..] Really? The RAR archiver is getting quite popular (DOS and OS/2), and uses a variation of DES in the encryption (according to the authors). An Italian archiver called CODEC also uses DES. PGP gets more publicity than any crypto product around (CNN, NPR, Pacifica, NYTimes, etc.) and will likely get bigger as time goes on and as the arguments over escrow proposals get louder. MS's C[r]API and Netscape also make people more aware of strong crypto... > Though I've no connection with Freeh, it's interesting that his language is > almost word for word the same as what I've been using. Do you suppose some > of his staff reads my stuff? Actually, I don't care one whit. > >So why should criminals bother with using standards if they are > >readable by authorities? > > See above. Doesn't counter my question/argument. Serious criminals with a few braincells who care about wiretapping or protecting their files from the authorities will obviously not use anything that the government can read. Even a ban on unescrowed crypto worldwide will not help. Every copy of strong crypto software will not magically disappear upon the signing of such treaties and laws. [..] > >Are they going to magically erase all copies of strong software that > >is already currently available? (Side note: the Pacifica news report > >on Friday notes that while Freeh gave his testimony, over 100 copies > >of PGP were downloaded from MIT's site.) > > What he's saying is that US-exported copies of the Lotus Lockshens, > Microsoft Machayas, and Netscape Niguns of the world still do not contain > robust crypto the USG cannot read. So? People can use alternate programs to encrypt the software, such as PGP. [..] > >It's not clear that terrorism can be tracked, even if it's unencrypted. > >The OK and WTC bombings were apparently not encrypted, and there's > >some allegations that the authorities had advanced warnings of the > >latter. > > He says it can, and suggests following the banking trail among other > things. We know the government has already had good success with this [..] Apparently not successful enough, as the two examples I posted happened successfully. Banking trails will exist with or without escrow. [..] > >Particularly absent in the WaPo-ed is that many do not trust the > >authorities (in the US and elsewhere)--particularly the FBI, which > >has a long history of extra-legal surveillance. > > So as Netanyahu says at length we need to build in protections against > abuses, using both the legislature and the judiciary. 1. The damage is already done if rights are violated, irregardless of the law. If the police listen in on your phone conversations because of your political views, you may have legal recourse.... but they've already listened in. 2. Legislative/judicial protections are meaningless if judges don't follow up on them. Historically they give leeway to the police, and as of late judges that enforce the technicalities are lambasted publicly for letting criminals go free. 3. Israel isn't exactly a prime example of human rights, especially if you're a Palestinian. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From sparks at bah.com Mon Jul 29 07:50:47 1996 From: sparks at bah.com (Charley Sparks) Date: Mon, 29 Jul 1996 22:50:47 +0800 Subject: A Libertine Question Message-ID: <2.2.32.19960729122101.0069c538@pop1.jmb.bah.com> -----BEGIN PGP SIGNED MESSAGE----- My opinions are just that, MINE but here's a question .. In the event that drugs are legalized like alcohol ( also a drug ) and tobacco and cafeine, who will take responsibility for housing and feeding those, who are now blameless, individuals who can't or won't take responsibility for themselves and work or whatever. With freedom and liberty come a lot of responsibility. Too many people today balme every damn thing in the world for their problems - and get away with it.... 1. My grear grand parents were slaves, I suffer because of that, so I killed 30 White people. 2. My momma didn't give me no tit so I raped those women and killed them and on, and on............... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCXAwUBMfysk+J+JZd/Y4yVAQEAaQQLBX5NMGRRbjP+uWSv4cxMJsI5jBq/QsIy k9Q9a4csLhfOvVJ1ZbLszIR9xsb0oQkaK2l/2oX3igVB8+jwN8SZL0p4RJp00Tf+ D5DYVKTcF/JdwsHSSGLpdGWRExpiPxJqKlaNS7oL0R1Zx6Cqz8LlRxRMnnLkUgCo lLNUKKkMJZ5FuQ== =a8IV -----END PGP SIGNATURE----- Charles E. Sparks In God we trust, all others we encrypt ! http:/www.clark.net/pub/charley/index.htm Public Key At http://www.clark.net/pub/charley/cp_1.htm From frissell at panix.com Mon Jul 29 08:16:02 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 29 Jul 1996 23:16:02 +0800 Subject: International Standards Message-ID: <2.2.32.19960729103852.008b5154@panix.com> Mr. Freeh, testifying at Thursday's hearing in favor of an optional key escrow plan, noted that the point is not to prevent all copies of uncrackable code from going abroad -- that's clearly impossible -- but to prevent such high-level code from becoming the international standard, with architecture and transmission channels all unreadable to world authorities. Looks like the fibbies (FBI) haven't been reading the "Proceedings of the IETF". Strong crypto is already an international standard. DCF From frogfarm at yakko.cs.wmich.edu Mon Jul 29 08:28:35 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Mon, 29 Jul 1996 23:28:35 +0800 Subject: Terrorists are adult Kids? In-Reply-To: <199607290336.WAA27752@manifold.algebra.com> Message-ID: <199607291117.HAA20498@yakko.cs.wmich.edu> Igor Chudov writes: > Since this country is too safe, kids do not get their share of danger > and try to recoup it in adulthood. Which results in stupid terrorism. "There are, in my opinion, three terrible ages of childhood -- one to ten, ten to twenty, and twenty to thirty. And whatever age they are, there are very few of them who are not careless and nowadays, at least from my observation, are likely to remain so at least until they are thirty and perhaps longer." -Cleveland Amory, _The Best Cat Ever_ As an aside, I read an article on a home-schooling web page that put forth the theory that "teenagers" didn't really exist as a concept until comparatively recently - you were either a child or an adult, and "teenager" is a rather socially (and individually) destructive idea that came about in this latter half of the 20th century, leading to increased irresponsibility and a "childhood that never ends." -Ian, in his third childhood. (and I thought most people were lucky to have a second...) -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information "We think people like seeing somebody in a uniform on the porch." -US Postal spokeswoman, quoted in AP, 1/27/96. I don't know about you, but most people I know who saw someone in uniform on their porch would pull out the shotgun... From junger at pdj2-ra.F-REMOTE.CWRU.Edu Mon Jul 29 08:45:47 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Mon, 29 Jul 1996 23:45:47 +0800 Subject: Terrorists are adult Kids? In-Reply-To: <199607290336.WAA27752@manifold.algebra.com> Message-ID: <199607291256.IAA04683@pdj2-ra.F-REMOTE.CWRU.Edu> Igor Chudov @ home writes: : Once I was going to school : #57 in a tram and a small bomb exploded right in my school bag. : It was made from Ammonium triiodide which is really unstable. That reminds me of my father's little jiffy fly killer recipe: Prepare a batch of ammonium tri-iodide and while it is still moist mix it with granulated sugar and then spread that mixture on the surfaces where you expect the flies to land. The flies will be attracted to the sugar and then POOF! . . . . Trouble is I was always too impatient and in checking to see whether the ammonium tri-iodide was ready I would blow the stuff up in my face--which rather gave a new meaning to the phrase ``red-faced''. : So the idea is, maybe if kids play enough with explosives WHILE THEY ARE : KIDS, they would get enough of it and would not continue playing with them : when they grow up (and become more dangerous). Like, I myself pretty much : lost interest in building explosive devices and rocketry after 18. I suspect that there is a lot of truth in that. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From pjn at nworks.com Mon Jul 29 08:56:06 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Mon, 29 Jul 1996 23:56:06 +0800 Subject: cypherpunks vs hacker Message-ID: > It is interesting to note that while both groups have opposite > objectives (Hackers want all information free, where cypherpunks want > everbody to be able to have privacy), and yet in there own ways, they > are both right. In> I don't entirely agree with this. I think both groups want In> information to be free, but also want people to be able to have In> privacy. Most hackers (used in the sense of people who break into In> computers) attack computers owned by such companies as TRW and the In> phone companies. Both of these systems have little regard for privacy. In> Most non-malicious hackers promote system security, but at the same In> time, don't like government-controlled monopolies and agencies to be In> able to keep secret information that should be free. A very In> interesting paper by Dorothy Denning (she used to be regarded very In> highly by the hacker community before she started to support Clipper) In> expresses some of the concerns and morals of hackers. It's called In> "Concerning Hackers Who Break Into Computer Systems" and is in Phrack In> issue 32. > I have read the file (I have all Phracks from the beginning. Crypt is good too, but they dont have the same level of information as Phrack) and I though that it was very inciteful (sp). > I think what we need to define is the diffrence between hackers and > crackers. A hacker breaks into a computer like a cracker (but the > similarities end there). The hacker just want to look and learn, > possably "map out" the system just to see how everything works with > everything else. Crackers break into computers for the sake of > destroying or stealing information or the system itself. In> That's debatable. I think many people incorrectly consider these In> terms to be mutually exclusive. There are many hackers (used in the In> sense defined in the Jargon File) who also break into systems and could In> therefore be considered crackers also. Most hackers definitely have In> the knowledge to break into computer systems, but many crackers aren't In> very well versed in programming and learn how to break into computers In> by using canned programs and G-files. I am saying that hackers do break into computers, but crackers are more malicious in their intent. And yes, pathetic hackers rely on programs. I have respect for hackers who do all the work themselfs. > > Both cypherpunks and hackers think that the government is wrong > in many things that they do. In> Agreed. P.J. pjn at nworks.com ... Sorry, the dog ate my Blue Wave packet. ___ Blue Wave/QWK v2.20 [NR] From seth at hygnet.com Mon Jul 29 10:16:38 1996 From: seth at hygnet.com (Seth I. Rich) Date: Tue, 30 Jul 1996 01:16:38 +0800 Subject: A Libertine Question Message-ID: <199607291359.JAA00921@arkady.hygnet.com> >My opinions are just that, MINE but here's a question .. You mean "libertarian" -- not "libertine". Got me all hopeful for something juicy and fun. Seth --------------------------------------------------------------------------- Seth I. Rich - seth at hygnet.com "Info-Puritan elitist crapola!!" Systems Administrator / Webmaster, HYGNet (pbeilard at direct.ca) Rabbits on walls, no problem. From gary at systemics.com Mon Jul 29 10:22:41 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 30 Jul 1996 01:22:41 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: <199607282209.PAA08400@mail.pacifier.com> Message-ID: <31FCC299.59E2B600@systemics.com> jim bell wrote: > > At 01:45 PM 7/28/96 -0700, Bill Stewart wrote: > > >For instance, say you, hypothetically, wanted to blow up your government's > >legislative building. You'd obviously want to pick a dark and stormy night, > >say early in November, and you'd sneak into the basement with barrels > >of gunpowder. You'd use a long, slow-burning fuse, so it would blow up > >the next day when they're in session, but after lighting it you'd still > >run away very fast just in case your fuse speeds up on you. The obvious > >thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT. > >However, if you do get caught, maybe you'll end up with your name in lights > >and people will set off firecrackers in your honor every fall, > >while if you don't get caught you won't be personally famous. Tough choice:-) > > > >Penny for the Guy? > > Fawke You! I used to have a T-shirt that read: "Guy Fawkes - the only person to enter Parliament with honest intentions" Crypto relevance? T-shirts perhaps? Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From raph at CS.Berkeley.EDU Mon Jul 29 10:39:18 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 30 Jul 1996 01:39:18 +0800 Subject: List of reliable remailers Message-ID: <199607291350.GAA00405@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"treehole"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (c2 alpha) (flame replay) (alumni portal) Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Note: The remailer list now includes information for the alpha nymserver. Last update: Mon 29 Jul 96 6:47:32 PDT remailer email address history latency uptime ----------------------------------------------------------------------- nymrod nymrod at nym.jpunix.com ######*-**-+ 13:54 100.00% alumni hal at alumni.caltech.edu *####*#*##+* 2:27 100.00% replay remailer at replay.com *+********** 4:59 100.00% mix mixmaster at remail.obscura.com ---+----+--+ 1:46:21 99.98% portal hfinney at shell.portal.com ####*#####+# 1:44 99.97% alpha alias at alpha.c2.org -+*++++*++++ 1:43:56 99.94% c2 remail at c2.org -+++*+++++++ 1:53:47 99.89% winsock winsock at c2.org --..-- 7:27:06 99.89% treehole remailer at mockingbird.alias.net -+---++-+--- 3:36:15 99.85% vegas remailer at vegas.gateway.com *#*#***-*#-* 18:48 99.84% lead mix at zifi.genetics.utah.edu ++++++++++ + 38:33 99.61% penet anon at anon.penet.fi ----------- 9:09:35 99.57% haystack haystack at holy.cow.net +##+#+*###+* 3:57 99.38% ncognito ncognito at rigel.cyberpass.net -.-_...--. 16:44:18 99.15% amnesia amnesia at chardos.connix.com ---++---- - 3:24:07 98.92% lucifer lucifer at dhp.com + +++++++++ 44:40 97.98% nemesis remailer at meaning.com *******+**** 30:09 97.48% extropia remail at miron.vip.best.com ---------- 9:40:29 93.46% jam remailer at cypherpunks.ca ***** *** 18:42 76.47% flame remailer at flame.alias.net 4:18:14 4.27% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From gcg at pb.net Mon Jul 29 11:39:18 1996 From: gcg at pb.net (Geoffrey C. Grabow) Date: Tue, 30 Jul 1996 02:39:18 +0800 Subject: Secure drive? Message-ID: <2.2.32.19960729153141.006d12f8@mail.pb.net> Greetings all, Does anyone know if the 1.4a version works correctly with Win95? If not, is there an updated version? If not, will there be one anytime soon? If not, will PGPLIB (aka PGP3.0) provide a similar function? If not... heck! G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | Great people talk about ideas. | | Oyster Bay, New York | Average people talk about things. | | gcg at pb.net | Small people talk about people. | |-----------------------------------------------------------------------| |That which does not kill us, makes us stranger. - Trevor Goodchild | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From gcg at pb.net Mon Jul 29 11:53:50 1996 From: gcg at pb.net (Geoffrey C. Grabow) Date: Tue, 30 Jul 1996 02:53:50 +0800 Subject: "privatizing" phones? Message-ID: <2.2.32.19960729151349.006e8264@mail.pb.net> At 12:26 07/28/96 +0200, Remo Pini wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >To: cypherpunks at toad.com >Date: Sun Jul 28 12:24:57 1996 >> Even if they did change the frequency the call was on, >> it would be a simple matter to decode how the frequency >> change was negotiated, and "follow" the call (also easily >> accomplished with cellular calls). Failing that, there is >> a very limited range of frequencies allocated for cordless >> fones, and simply re-scanning for the conversation is a >> trivial inconvenience. //cerridwyn// >> > >Most of those systems do also change the order of the transmitted data, and >that's not limited to a few possibilities. If it's digital, they usually >encrypt it (only weak, but hey, you normally have to find the key real >time!) >> The key doesn't need to be found in real time! You can always record the call and decrypt it later. If the information deals with an event in the future, you could have plenty of time to crack it. G.C.G. From rah at shipwright.com Mon Jul 29 12:04:00 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 30 Jul 1996 03:04:00 +0800 Subject: (Don't laugh *too* hard now...) "Filter"software for moneylaundering Message-ID: --- begin forwarded text Encoding: 17 TEXT Date: Mon, 29 Jul 1996 16:06:53 +-200 Reply-To: Law & Policy of Computer Communications Sender: Law & Policy of Computer Communications From: Andrzej Adamski Subject: "Filter"software for money laundering Comments: cc: "comcri-l at man.torun.pl" , "lacc at suburbia.net" To: Multiple recipients of list CYBERIA-L Sorry for cross-posting this message: Dear All, Are you familiar with any software or any listing of producers of software to be used in tracking money-laundering? If so, let me know. Regards, Andrzej Adamski Chair of Criminal Law & Criminal Policy Nicolas Copernicus Univwersity 87-100 Torun, Poland aadamski at cc.uni.torun.pl --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From geeman at best.com Mon Jul 29 12:13:45 1996 From: geeman at best.com (geeman at best.com) Date: Tue, 30 Jul 1996 03:13:45 +0800 Subject: Implementing DSS Fortezza KEA Message-ID: <01BB7D2F.494C6960@geeman.vip.best.com> ---------- From: source at iaccess.za[SMTP:source at iaccess.za] Sent: Monday, July 29, 1996 7:05 AM To: coderpunks at toad.com Subject: Implementing DSS Fortezza KEA We have almost completed our SSL 3.0 implementation, and are looking for the specs on Fortezza DSS and KEA and would like to know where it is available. >From the US National Security Agency. As another respondee said, the details of KEA are not available, but information on implementation of the protocol is. It's in the public domain. From lc2m+ at andrew.cmu.edu Mon Jul 29 12:26:41 1996 From: lc2m+ at andrew.cmu.edu (L Jean Camp) Date: Tue, 30 Jul 1996 03:26:41 +0800 Subject: call your rep Message-ID: >>the Senate commerce committee held its final >>hearing on Burns's bill yesterday with the appearance >>of FBI Director Freeh and Bill Reinsch at Dept of Commerce. >>The Senate committee would like to hold a mark-up on >>the bill (Pro-CODE) next week, but lack the certain votes of the members >>of the committee to do so. >> >>Expressions of support for S. 1726 to critical Democrats >>and Republicans are needed--especially: >> Olympia Snowe, R-Maine, 224-5344; Bill Frist, R-Tennessee >>224-3344; Spencer Abraham, R-Michigan 224-4822; Ernest >>Hollings, D-South Carolina, 224-6121; Daniel Inouye D-Hawaii >>224-3934; Wendell Ford D-Kentucky 224-4343; James Exon, >>D-Nebraska 224-4224; Jay Rockefeller D-West Virginia 224-6472; >>John Kerry D-Massachusetts 224-2742; John Breaux D-Louisiana >>224-4623; Richard Bryan D-Nevada 224-6244; Byron Dorgan >>D-North Darkota 224-2551. >> >>Calls are needed by Tuesday in order to schedule the mark-up. >> From alexf at iss.net Mon Jul 29 13:24:23 1996 From: alexf at iss.net (Alex F) Date: Tue, 30 Jul 1996 04:24:23 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607291702.NAA03342@phoenix.iss.net> > Jim Choate writes: > You want a continuous Fourier transform, not a discrete one, to > determine the frequency spectrum of the waveform being sampled. > The FFT is simply an algorithm for computing the DFT without > redundant computation. In general, any Lebesgue integrable > complex function will have a Fourier transform, even one with a > finite number of discontinuities. The reverse transform will > faithfully reproduce the function, modulo the usual caveats about > function spaces and sets of measure zero. > Well of course! My thoughts exactly. Great minds think alike. Now, would you mind doing a little translation (for the laymen), since I didn't understand? I appreciate it, Alex F =-=-=-=-=-=-=-=-=-=-=-=-=- Alex F alexf at iss.net Marketing Specialist Internet Security Systems =-=-=-=-=-=-=-=-=-=-=-=-=- From amehta at giasdl01.vsnl.net.in Mon Jul 29 13:31:13 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Tue, 30 Jul 1996 04:31:13 +0800 Subject: Publicly Verifiable Anonymous Voting System Message-ID: <1.5.4.32.19960729162635.002edd50@giasdl01.vsnl.net.in> At 08:53 27/07/96 -0700, JonWienk at ix.netcom.com wrote: >Here is the how the voting system works. > >1. All voting information (public keys, ballots, ballot signatures, etc.) is >publicly available via a Web site or other similar means, and can be downloaded ... One problem with such a system is sheer complexity. Even an illiterate person must be convinced of the transparency of the system, i.e. that his/her vote "counts". In the conventional system, where you mark a piece of paper that goes into a locked box watched over by reps of the rival parties, which you can subsequently view being opened and processed, you intuitively understand how the system works. This was one of our arguments (not, admittedly, our strongest) against electronic voting when they sought to introduce it in 1989 for the Indian federal elections -- further details on http://www.cerfnet.com/~amehta/evmsunob.htm Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From m1tca00 at FRB.GOV Mon Jul 29 13:32:48 1996 From: m1tca00 at FRB.GOV (Thomas C. Allard) Date: Tue, 30 Jul 1996 04:32:48 +0800 Subject: Internet blamed for pipe bombs In-Reply-To: Message-ID: <31FCEB4D.401B@frb.gov> Lucky Green wrote: > > At 5:36 7/28/96, E. ALLEN SMITH wrote: > > >> Across the country, latest figures from the U.S. Bureau of Alcohol, > >> Tobacco and Firearms show a 20 percent jump in pipe bomb incidents > >> between 1990 and 1994. > > > >[...] > > > >> "We've been incredibly busy," said sheriff's bomb technician Judd > >> Holiday. "As crime in other categories is dropping, this is going up." [...] > I would like offer another > possible explanation for the increase in pipe bombings. The People are > getting frustrated and a pipe bomb can be very useful device releasing > one's frustration. > > [No, I do not approve of pipe bombing civilians]. Well, the statistic itself is pretty meaningless without some context. There may have been a "20 percent jump" between '90 and '94, but at what rate had pipe bomb "incidents" been growing BEFORE that? -- rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, it doesn't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D From vinnie at webstuff.apple.com Mon Jul 29 13:33:24 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Tue, 30 Jul 1996 04:33:24 +0800 Subject: your favorite poison recipes Message-ID: Anonymous writes: >Please post your favorite poison recipes to this mlist. I'd have to say Federal Match in.308, Lead poisoning -- Long distance. martian Minow writes: > >Rare roast beef, baked potato with plenty of butter, red wine. > Martin; last time I checked you were a trickle down vegaterian too. Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A Expanded Recipient List: From tcmay at got.net Mon Jul 29 13:51:38 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 04:51:38 +0800 Subject: A Libertine Question Message-ID: At 12:21 PM 7/29/96, Charley Sparks wrote: >My opinions are just that, MINE but here's a question .. > >In the event that drugs are legalized like alcohol ( also a drug >) and tobacco and cafeine, who will take responsibility for >housing and feeding those, who are now blameless, individuals >who can't or won't take responsibility for themselves and work >or whatever. With freedom and liberty come a lot of >responsibility. Too many people today balme every damn thing in >the world for their problems - and get away with it.... "No one." Who takes responsibility when people fail to save enough of their paycheck to last them through the month? Who takes responsibility when people drink too much, miss work, and are fired? And so on. Drugs are no different from ethanol. We tried outlawing ethanol, and eventually came to our senses. Many of us--on all sides of the ideological spectrum--think the same is inevitable with other drugs. The issue of "who takes care of" people who can't hold their liquor, or who overeat, or who smoke too much, does not enter into the equation. (Though there are pathological examples of cases where insurance companies are trying to sue tobacco companies for the costs incurred because of smoking by policyholders. A bad, and, I think, dreadfully abusive, use of the court system.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From bart.croughs at tip.nl Mon Jul 29 14:28:02 1996 From: bart.croughs at tip.nl (Bart Croughs) Date: Tue, 30 Jul 1996 05:28:02 +0800 Subject: e$: The Demographic "Transaction" (was Re: Schelling Points...) Message-ID: <01BB7D85.BA386100@groningen06.pop.tip.nl> At monday 29 july, Arun Mehta wrote: >As I see it, having more children makes sound economic sense when >you have child labor. You feed the child for 4-5 years, after >which it contributes financially to the family for the rest of >its short life. More stringent enforcement of anti child-labor >legislation would help. Increase in life expectancy is also good, >because then you need fewer children as insurance. The only effect of more stringent enforcement of anti child-labor legislation is to harm the children involved. You may think that the millions of families in Third World countries who are too poor to provide for their children, will be magically become rich enough to send their children to school once the anti child-labor legislation will be enforced. This is not the case. When the factories don't want the children anymore because of the government regulations, the children will simply be working in other places - at home, in the streets. And this is work that pays less. Child labour in the West didn't stop because of anti child-labour laws; it stopped the moment the people became rich enough to provide for their children, thanks to the capitalist revolution in the 18th & 19th century. The same path will have to be followed by the Third World countries today. >The spread of the Internet, and the ability to post anonymously >should help in exposing instances of violation of child-labor >laws, and increasing outrage. Hopefully, it will also make it >easier to spread literacy, which is arguably the best way to keep >population down. Instead of posting to the net to increase outrage about the violations of harmful child labour laws, you better begin posting to the net to increase outrage about the socialist governments in the Third World that keep their populations in poverty. I suggest you read the books of C. Nardanelli: 'Child labour and the industrial revolution' , and F. Hayek (ed): 'Capitalism and the historians'. Bart bart.croughs at tip.nl From mclow at owl.csusm.edu Mon Jul 29 14:28:11 1996 From: mclow at owl.csusm.edu (Marshall Clow) Date: Tue, 30 Jul 1996 05:28:11 +0800 Subject: Terrorists are adult Kids? In-Reply-To: Message-ID: >In the hindsight it was fairly dangerous and some of my friends were >hurt by bombs. HOWEVER, I have a theory that males never really grow >up and continue playing toys 'til they die. I think that guns are also >male toys, by the way. > >So the idea is, maybe if kids play enough with explosives WHILE THEY ARE >KIDS, they would get enough of it and would not continue playing with them >when they grow up (and become more dangerous). Like, I myself pretty much >lost interest in building explosive devices and rocketry after 18. > An interesting theory, which my experience supports. I started with model rocketry, and then discovered that it was more fun to blow the rockets up, rather than have them come back to earth. (You don't have to sweat the construction details as much, either) About the time I turned 21, I lost interest in making exploding rockets and blowing craters in sand dumes. -- Marshall Marshall Clow Aladdin Systems "We're not gonna take it/Never did and never will We're not gonna take it/Gonna break it, gonna shake it, let's forget it better still" -- The Who, "Tommy" From darryl.gittins at edrd.dnd.ca Mon Jul 29 14:56:48 1996 From: darryl.gittins at edrd.dnd.ca (Darryl Gittins) Date: Tue, 30 Jul 1996 05:56:48 +0800 Subject: mailing list Message-ID: <96Jul29.105559pdt.21893@hsr.edrd.dnd.ca> Hey... how do I get on the mailing lissst....? Thanks From frantz at netcom.com Mon Jul 29 15:00:57 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 30 Jul 1996 06:00:57 +0800 Subject: Usenet Conference on Security Message-ID: <199607291805.LAA13951@netcom8.netcom.com> At 8:34 PM 7/26/96 -0400, Perry E. Metzger wrote: >As an aside, the stuff Datafellows is selling is, I believe, a >commercial version of SSH, which is very good stuff. Its a full >replacement for the whole berkeley "r" utilities using strong crypto >(public key and conventional) for authentication and privacy. Does >rlogin, rsh, redirects X sessions, slices and dices, etc. Really >spiffy. In addition to SSH, I also picked up a flyer for "F-Secure Desktop", a disk encryption package for Windows. Sorry I didn't pick up their "what we sell" flyer. You should be able to get that information from http://www.datafellows.com or f-Secure-sales at datafellows.com ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From wb8foz at nrk.com Mon Jul 29 15:04:27 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 30 Jul 1996 06:04:27 +0800 Subject: what's a weapon? (fwd) Message-ID: <199607291733.NAA02778@nrk.com> ------- Forwarded Message ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 16 July 28, 1996 Carl Landwehr, Editor Hilarie Orman, Assoc. Editor ==================================================================== ... Drawing an analogy with encryption and US ITAR, a poster reported that A piper is being taken to court for practicing on Hampstead Heath, which has a by-law forbidding music. Mr Brooks, the piper, has denied the charge. He claims he wasn't playing a musical instrument, but practicing with a weapon. In 1746 in England, bagpipes were declared to be instruments of war, not musical weapons, and a subsequent Act of Parliament specifically stated that they were weapons. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From rpowell at algorithmics.com Mon Jul 29 15:23:15 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Tue, 30 Jul 1996 06:23:15 +0800 Subject: Questions... In-Reply-To: Message-ID: <96Jul29.145711edt.20482@janus.algorithmics.com> >>>>> In article , dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes: > Alan Horowitz writes: >> > Hello, I would rather I not be too blunt, but despite my generous >> interest in computer > hacking cracking, and other such related topics, I >> have come to be confused by the > mailer, can I ask any questions that I >> wish, or am I limited by some type of header > subject? >> >> >> >> Shaun, let me explain. There's a committee of seven people. Me, Tim May, >> David Sternlight, some assination-politics guy, some guy named Vultis or >> somesuch, and so on. >> >> Only if we're in unanimous agreement on the outcome of an issue, may you >> start a thread on a new topic. which then continues till the first >> posting which calls someone a Nazi. > No, no, this is all wrong. There's a guy named Lance Deitweller and he has > fun posting as different people and posting under different names. Sometimes > Lance's different personalities (he calls them "tentacles") even argue with > one another! > These posters have been definitevely shown to be Lance's tentacles: > Alan Olsen (Lance posing as friend of vegetables) > "Dr." David Sternlight > Igor Chewed-Off > Jim Bell (talk.politics.assassination) > Black Unicorn > "Tim May" (Lance is pretending to be senile) > Vladimir Z. Nuri (Lance's parody of a Brighton Beach Sovok) You forgot: Dr. Dimitri Vulis (Rabid spewer of flames about someone/something involving wheelchairs and vegetables, as though carrots, or any other vegetable, use wheelchairs, but no-one really knows what this branch of Lance is talking about, nor wants to. This particular tentacle somehow manages to make reference to its favorite imaginary topic in every messaage it writes on any topic whatsoever. Also, never mispell its name.) -Robin PS: For the record, I find that Dimitri often has interesting things to say. I just wish he'd stop talking about wheelchairs and vegetables. Makes me get sad (I broke my back and almost ended up in a wheelchair, but I'm much better now) and hungry (I'm a vegetarian) at the same time. From roger at coelacanth.com Mon Jul 29 15:32:02 1996 From: roger at coelacanth.com (Roger Williams) Date: Tue, 30 Jul 1996 06:32:02 +0800 Subject: "privatizing" phones? In-Reply-To: <2.2.32.19960729151349.006e8264@mail.pb.net> Message-ID: >>>>> Geoffrey C Grabow writes: > The key doesn't need to be found in real time! You can always > record the call and decrypt it later. If the information deals > with an event in the future, you could have plenty of time to > crack it. US 900 MHz digital cordless phones use MSK modulation on one of 40 channel pairs at 902.59-903.59 and 926.59-927.59 MHz. Privacy is achieved by XORing a PN sequence with the CODEC data. The sequence offset is determined by a 16-bit code derived from the base unit's serial number (handset's codes are programmed when placed in the base unit). Simple scrambling, not any "encryption" worthy of the name. A little experimentation with a cordless phone, a scanner with an MSK demodulator, a sound board, and some simple code to capture serial data on your computer's printer port would yield all of the frame information you need, and could then be used to capture real-world data for analysis. Post-processing of the captured data would yield the scrambling code in a matter of a day or so, and then you'd have the code for that target phone. -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From david at sternlight.com Mon Jul 29 15:44:58 1996 From: david at sternlight.com (David Sternlight) Date: Tue, 30 Jul 1996 06:44:58 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: <199607291030.GAA29365@unix.asb.com> Message-ID: At 11:27 PM -0700 7/28/96, Deranged Mutant wrote: >> This, and similar remarks by others, consistently misses the point which I >> have been making for about a year now, and which Director Freeh finally >> made explicit in his testimony last week. That is--the government is >> concerned with mass market software incorporating robust crypto, used >> overseas, and recognizes that they can't keep niche products off the >[..] > >Really? The RAR archiver is getting quite popular (DOS and OS/2), and uses >a variation of DES in the encryption (according to the authors). An >Italian archiver called CODEC also uses DES. PGP gets more publicity than >any crypto product around (CNN, NPR, Pacifica, NYTimes, etc.) and will >likely get bigger as time goes on and as the arguments over escrow proposals >get louder. MS's C[r]API and Netscape also make people more aware of >strong crypto... None of these are mass market software in the sense I discussed. Mass market products are generally known as "productivity applications". Even PGP, which has a certain following, doesn't do anything but encryption etc. on its own. It's not a word processor like Microsoft Word, mail program like Eudora, or shared data base cum mail system like Lotus Notes. Those are the mass market applications generating huge volumes of readable traffic of value. As for Netscape (and its mailer), it complies with ITAR. Thus your rejoinder is irrelevant and non-responsive. ... > >Doesn't counter my question/argument. Serious criminals with a few >braincells who care about wiretapping or protecting their files from >the authorities will obviously not use anything that the government >can read. Let those who passed basic English use the skills they were taught. Freeh said, and I repeated, that the system wasn't designed to prevent determined criminals from using robust crypto. > >Even a ban on unescrowed crypto worldwide will not help. Every copy >of strong crypto software will not magically disappear upon the >signing of such treaties and laws. You are either dense or obfuscating. The point has now been made repeatedly that the issue isn't the disappearance of stand-alone niche crypto, but prevention of robust, built-in, unescrowed crypto, transparently usable in exported copies of Microsoft Word, Netscape, Eudora, etc. Read the previous sentence until you understand it. David From declan at well.com Mon Jul 29 15:53:18 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 30 Jul 1996 06:53:18 +0800 Subject: Feinstein wants controls on Internet, Books Message-ID: Feinstein today introduced an amendment revisiting her 1995 net-censorship amendment tacked onto the anti-terrorism bill. Seeks to ban bomb-making info from the Net and is being marketed in those words, but is not Net-specific. -Declan >One of my senators, Senator Dianne Feinstein, is now arguing on CNN for >controls on information put on the Internet, on censorship of books and >articles describing how pipe bombs work, and for making it easier to get >wiretaps against those suspected of committing thought crimes. > >One or two more major incidents on top of the recent ones (World Trade >Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect >Congress will simply vote to repeal the Bill of Rights and just be done >with this whole experiment in liberty. > >--Tim May > >Boycott "Big Brother Inside" software! >We got computers, we're tapping phone lines, we know that that ain't allowed. >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero >W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, >Licensed Ontologist | black markets, collapse of governments. >"National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Jul 29 16:22:13 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 07:22:13 +0800 Subject: e$: The Demographic "Transaction" Message-ID: Before I get started, let me point out that the "demographic transition" is standard fare in sociology classes. Lots of stuff on the Web about it (do a search of that string with Alta Vista, for example, and you'll see 1000 hits). At 7:37 PM 7/29/96, Bart Croughs wrote: >At monday 29 july, Arun Mehta wrote: > > >>As I see it, having more children makes sound economic sense when >>you have child labor. You feed the child for 4-5 years, after >>which it contributes financially to the family for the rest of >>its short life. More stringent enforcement of anti child-labor >>legislation would help. Increase in life expectancy is also good, >>because then you need fewer children as insurance. > >The only effect of more stringent enforcement of anti child-labor >legislation is to harm the children involved. You may think that the >millions of families in Third World countries who are too poor to provide >for their children, will be magically become rich enough to send their >children to school once the anti child-labor legislation will be enforced. >This is not the case. When the (end quote...Bart, your lines are apparently way longer than 72-80 characters!) What I want is for the world's billions of children to have mandated benefits comparable to what the children of the elite in America have! And if there is not enough money to pay for this standard of living, we can just print more! (I would never let _my_ children, Biff and Buffy, interrupt their tennis camp experiences by working a job for less than what they will eventually earn as management coaches and wellness advisors, and I will work to ensure that children in Third World nations are not similarly disgraced by doing manual labor. And if they and their families go hungry as a result of my principles, they will have won the moral victory. And a few of them might even advance to the finals at Forest Hills!) --Tim May P.S. Since many on the CP list seem to miss signals, this piece reflects my views that the current outrage over "child labor" will merely end up killing a bunch of children who otherwise might have earned enough to eat. Food is not simply distributed for free, and if children cannot find work in Kathy Lee's Sweatshop Apparel Factory, and assuming that "tennis camps" are not the alternative, the effect of First World holy righteousness will be killing off a lot of these kids. Maybe not such a bad thing, given the 7 billion world population. Even better, of course, would be adopting a laissez-faire approach. Me, I wear linen/cotton shirts produced in Bangla Desh, probably by hordes of poorly-paid Bengalis. But, since the likely alternative for them is sitting in the mud swatting horseflies and watching the water buffaloes until starvation eventually claims them, I feel great about wearing "slave labor-produced" goods! And why can't we work to outlaw the "manufacturing sector jobs" in the U.S. economy, the ones that only pay $22 an hour for boring labor? After all, $22/hour is hardly enough to send Biff and Muffy to tennis camp, let alone the proper prep schools, let alone the $250K needed to send them to a good Ivy League school. These blue-collar workers are being exploited by the capital class and need to be liberated from these jobs. Let them eat cake. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From eli+ at gs160.sp.cs.cmu.edu Mon Jul 29 16:33:56 1996 From: eli+ at gs160.sp.cs.cmu.edu (eli+ at gs160.sp.cs.cmu.edu) Date: Tue, 30 Jul 1996 07:33:56 +0800 Subject: "Soft Targets" as Schelling Points In-Reply-To: <+cmu.andrew.internet.cypherpunks+olybBWW00UfAA10EF9@andrew.cmu.edu> Message-ID: <199607292005.NAA08697@toad.com> Tim May writes: >The connection should be clear, but in case it is not: many soft targets >are Schelling points for terrorist actions. I see no coordination problem here. Schelling points are a useful concept when you have several actors, each of whom benefits from making the same choice as the others. Here, I think you want to say "soft targets are easy to attack". -- Eli Brandt eli+ at cs.cmu.edu From rah at shipwright.com Mon Jul 29 16:50:05 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 30 Jul 1996 07:50:05 +0800 Subject: CBO study of electronic payment systems now on Web Message-ID: --- begin forwarded text Date: Mon, 29 Jul 1996 15:16:31 -0400 From: PHILIP WEBRE To: rah at shipwright.com Subject: CBO study of electronic payment systems now on Web The new Congressional Budget Office study on electronic payment systems (ASCII or Word Perfect Formats available) is now available at: gopher://gopher.cbo.gov:7100/1 The Executive Summary Follows: July 1996 EMERGING ELECTRONIC METHODS FOR MAKING RETAIL PAYMENTS Financial intermediaries such as banks and credit card companies are developing products that will enable consumers and businesses to pay for retail, or small-dollar, purchases electronically. Increasingly cheaper computing power and advances in data communications technology have made those new payment methods possible. The Congressional Budget Office (CBO) study Emerging Electronic Methods for Making Retail Payments examines the effect the new forms of payment will have on the market for retail payments and the issues they will raise for federal policy. The two primary types of payment being advanced for use in retail purchases are prepaid stored-value cards and on-line payments made with personal computers through the Internet. Stored-value cards will function much like prepaid mass transit or phone cards but could substitute for cash in small-dollar purchases. Payments proposed for use over the Internet will include both familiar and new methods. Familiar methods use existing credit cards and checking accounts that are suitably modified for secure on-line use. Breaking new ground, several companies have proposed or issued types of on-line scrip, which essentially functions like privately issued traveler's checks. This study assesses the market potential for stored-value cards and on-line payments by analyzing both the current use of cash in the economy and the specific markets commonly cited as likely candidates for such payment methods. An eventual market for stored-value cards of $20 billion yearly is not inconceivable but will develop gradually. The introduction of electronic payment methods raises a number of policy issues. Existing laws and regulations, for example, do not clearly cover some of the new methods, or cover them only under certain circumstances. Questions arise as to whether the balances of stored-value cards and on-line scrip will be covered by deposit insurance or be subject to reserve requirements, and whether consumers will be protected by current regulations that limit liability for unauthorized use of credit cards and electronic fund transfers. Even in areas that existing laws cover--such as antitrust policy and law enforcement against money laundering, fraud, and tax evasion--applying and enforcing those laws may be more difficult. Two major concerns are the effect of the new payment methods on monetary policy and the effect of having nondepository institutions issue them. Issuance by firms other than federally regulated depository institutions raises competitive issues and concerns about the safety and soundness of the financial system. Given the expected small size of the market for electronic payments, however, monetary policy and the financial system are unlikely to be seriously affected. Questions about the study should be directed to Judith Ruud or Philip Webre of CBO's Natural Resources and Commerce Division at (202) 226-2940. The Office of Intergovernmental Relations is CBO's Congressional liaison office and can be reached at 226-2600. For additional copies of the study, please call the Publications Office at 226-2809. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From gcg at pb.net Mon Jul 29 17:20:48 1996 From: gcg at pb.net (Geoffrey C. Grabow) Date: Tue, 30 Jul 1996 08:20:48 +0800 Subject: Secure drive? Message-ID: <2.2.32.19960729205856.0068b428@mail.pb.net> At 11:56 07/29/96 -0700, Alan Olsen wrote: >At 11:31 AM 7/29/96 -0400, you wrote: >>Greetings all, >> Does anyone know if the 1.4a version works correctly with Win95? If not, >>is there an updated version? If not, will there be one anytime soon? If >>not, will PGPLIB (aka PGP3.0) provide a similar function? If not... heck! > >My understanding is that is does. I need to test if the new version also >works with the Zip Drive. (It used to not, but it was supposed to get fixed...) > >I will be trying it soon and will post my results to the list... > > I assume that when you say that "it does", this means that I can access the encrypted drive from Win95. If so, can you tell me how. I have a 50mb partition that's encrypted and if I boot to DOS everything works perfectly, but from Win95, the drive is always encrypted. I've tried entering my passphrase prior to Win95 loading... no effect. If I try to enter my pp from a DOS box, it says that the SECTSR isn't loaded, but MEM says that it is. Any thoughts? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | Great people talk about ideas. | | Oyster Bay, New York | Average people talk about things. | | gcg at pb.net | Small people talk about people. | |----------------------------------------------------------------------| | PGP 2.6.2 public key available at www.pb.net/~wizard | |----------------------------------------------------------------------| | That which does not kill us, makes us stranger. - Trevor Goodchild | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From wb8foz at nrk.com Mon Jul 29 17:46:18 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 30 Jul 1996 08:46:18 +0800 Subject: 2nd CDA decision in.... Message-ID: <199607292134.RAA03705@nrk.com> Just heard: Us folks 2, Ralph Reed & the Thought Police, 0. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From frissell at panix.com Mon Jul 29 18:41:23 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 30 Jul 1996 09:41:23 +0800 Subject: Secure drive? Message-ID: <2.2.32.19960729222333.008ca220@panix.com> >I assume that when you say that "it does", this means that I can access the >encrypted drive from Win95. If so, can you tell me how. I have a 50mb >partition that's encrypted and if I boot to DOS everything works perfectly, >but from Win95, the drive is always encrypted. I've tried entering my >passphrase prior to Win95 loading... no effect. If I try to enter my pp >from a DOS box, it says that the SECTSR isn't loaded, but MEM says that it >is. Any thoughts? Sort of. Open "Control Panel." Open "System." Click the "Performance" tab. Click the irtual Memory radio button. Check/select "Let e specify my own virtual memory settings." Check Diable virtual memory (not recommended). Click the "OK" radio button. Ignore the warning dialog box which appears and click "Yes." Reboot WIN95 and your encrypted partition should be accessible (if you log into it under DOS before loading Windows), and all your drives will be operating at 16-bit speeds. DCF From frantz at netcom.com Mon Jul 29 18:53:54 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 30 Jul 1996 09:53:54 +0800 Subject: DES-Busting Screen Savers? Message-ID: <199607292231.PAA12201@netcom8.netcom.com> At 2:28 AM 7/24/96 -0700, Steve Reid wrote: >On the subject of choosing keys randomly, rather than dividing up the >keyspace... > >This seems like a very good idea to me. > >One potential problem is actually choosing the random keys. Have to be >able to get entropy at a fast rate, and/or use a good PRNG. I think you chose your starting place in the key space and then proceed sequentially from there. However, if it turns our that gray code increments of the key can reduce the key setup time, then you would want to use that ordering of the key space for the "next" key to try. Another possibility is to work in randomly chosen blocks of 1000 to 1,000,000 or so keys. This approach would reduce the cost of getting good random numbers to manageable levels. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From frogfarm at yakko.cs.wmich.edu Mon Jul 29 18:54:47 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Tue, 30 Jul 1996 09:54:47 +0800 Subject: Parsing JYA; now others? Message-ID: <199607292236.SAA31701@yakko.cs.wmich.edu> Say, Duncan - you can do John Young, but can you make any sense of this? >From: doghead at psyclone.com (Blowjob Jesus) Newsgroups: news.admin.net-abuse.misc,news.admin.misc Subject: Re: ! Blacklist Spammers and Rogue ISP's !!!!!!!!!! Date: Thu, 25 Jul 1996 01:08:56 GMT Organization: The Mighty Psyclone - Gonna Blow Yer Mind Lines: 56 Message-ID: <31f6c6d2.439333 at news.alpha.net> References: <4t59aq$3n0 at park.interport.net> Reply-To: doghead at psyclone.com NNTP-Posting-Host: 156.46.104.253 X-Newsreader: Forte Agent .99e/32.227 On Wed, 24 Jul 96 13:41:28 GMT, tonyb(remove this garbage to email me)@interport.net (tony brower) wrote: >Conventional response to spam is completely ineffective. Farflung was the offense, easy is the time spent drinking salad dressing. Christian Dior, well-known parking ticket, adds his pickle fork. >Nothing currently prevents the abuser from getting another account in >another name and continuing the practise. Wendigo spake in gruff pebbles, like unto a Timex! Reginald Denny left the room with scanners on full auto. >Even ISP's spam their adverts across newsgroups. Freedom, paged in 4k chunks, permeates UDP. There never was a governor. The double nickle blowed up good. >Why can't people who spam and otherwise abuse Usenet for commercial purposes >be blacklisted? Approved for your convenience, in sterile jello molds. The Lawnboy nods assent. >e.g. after first warning, no more accounts allowed from that Credit Card or >other payment source. The sun, a gaseous ball of tomato paste and model trains, is lost among clouds of thankfullness. >Why can't providers who refuse to curtail abuse from their customers also be >blacklisted and shut out from the net? >e.g. If ISP's are held responsible for abuse by their customers they'll >enforce nettiquette ("abide by the rules or lose your account here and >anywhere for one year"). Irresponsible ISP's will lose customers to those >ISP's who care. Hell, let them make their own net for cycling and recylcing >commercial, make money fast and sex #'s posts. OJ Simpson skirvined the net and was clarified. When failed and not sanguine, there was no response to the 'sturm und drang.' >Isn't this the fastest way to clean out all the junk that has permeated the >newsgroups posted by inconsiderate, greedy assholes (who have NOTHING to fear >by conventional response)? Response time is minimal. Lost among oceans of billiard balls made of styrofoam - tiny marmots build complicated nests of velveeta. Regroup? -- From jbugden at smtplink.alis.ca Mon Jul 29 18:57:06 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 30 Jul 1996 09:57:06 +0800 Subject: A Libertine Question Message-ID: <9606298386.AA838689552@smtplink.alis.ca> I find it funny that I'm considered Conservative by most people who know me. Your opinion may vary. ;-) tcmay at got.net wrote: >Who takes responsibility when people fail to save enough of their >paycheck to last them through the month? Who takes responsibility when >people drink too much, miss work, and are fired? And so on. One common thread in many of these discussions is the ease with which moral judgements are made about the situation: "fail to save", "drink too much". I know the social psychology explanation that people who view the world as ordered attach these types of judgements to situations which violate their ordered view of the world. "She was just asking for it dressed like that..." However, now I'm puzzled. From what I've read of Tim May, he does not hold such an orderly view of the world. The "rules" of existence may prove to be deterministic, but the results are chaotic. So Tim, where are these moral judgments coming from? >The issue of "who takes care of" people who can't hold their liquor, or >who overeat, or who smoke too much, does not enter into the equation. Think of how many of our laws are being enacted that tacitly make being poor or indigent a crime. Curfews being a recently discussed example. If the equation is one of economics, then "who takes care of" people does indeed enter the equation. I suggest that it is more economical to provide for a minimum quality of life- if only as a form of insurance for myself. Think: Rawls. The alternative is to have garbage collectors to "take care of" those that fall behind. Think: Soylent Green. Better twisted than bitter, as Tiny Tim Cratchet used to say. James From Ryan.Russell at sybase.com Mon Jul 29 19:05:11 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Tue, 30 Jul 1996 10:05:11 +0800 Subject: Just some comments on what I've read here Message-ID: <9607292227.AA22099@notesgw2.sybase.com> Sure, we'll just set up our own [i/I]nternet...(We need a letter between upper and lower case...) It won't be that expensive...lesse....my WAN, for about 5000 people and 15000 machines, only runs me about $400,000 US per month. That's just circuit charges, of course... doesn't include any of the networking equipment or cost of the machines....is this a troll or what? Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: Scottauge @ aol.com @ smtp Date: 07/28/96 04:39:39 PM Subject: Just some comments on what I've read here 1) Seems to be some excitment about banning information on the internet here... Setting up a set of computers for a private net is not that big a deal (just some money involved and with the availability of Linux - a UNIX variant - for free make it hardware and telephone costs.) Do it for companies all over (hence the aol address - just a local phone call from anywhere!) and it works just fine. So if people want to play by different rules.. it's possible. Think of it as a members only social club. (I can make computers real hard to get into, but social engineering kicks my butt all the time.) 2) Whats wrong with America? I've been leaning towards Libertarian for some time now. Voted for Ross last time as a message I ain't happy with how things are going over there. Likely gonna vote Harry Brown - my first vote for a Libertarian. (He is seems to have it together versus the others) - but hey, gettin off the subject here.... Seems we are no longer United in these United States... A stranger is not a potential friend or ally but a potential robber, baby raper... you fill in the blank. We're all scared of each other! Something has been happening where rich are pitted against the poor, the working against the non-working, races vs other races. Is it a conspiracy as some of my friends who look for black helicopters say, or a natural reaction of politicians and "leaders" seeing a formula that works and then implementing it. To much Hard Copy and Extra reporting out there too. I don't give a rat's a*s about most of the sh*t their putting out (censorship mine for those with delicate eyes). But US culture has become very valuable and ya gotta get them foreign markets ya know. There was a time when a famil could have a picnic on the white house lawn. Then it got gated, now the street is closed. Our leaders seem to be no longer among us. But it doesn't matter. Some beuracrat (sp) gets a bug up their butt to give you trouble, your f*cked. With a seconds thought and a signature on a peice of paper ya can have your land gone or your bank account cleared or you name it. One second and on to the next thing as far as they are concerned. Can we impeach them? Can we vote for someone else next time? They're a buffer between the ones we can give trouble too. Plus Laws are so damn big these days. It takes a ream of paper (sometimes a whole 3000 page box of paper) to print these things out. You can bet the leg. not reading these things! They got advisors to read over sections and say this is good, this is bad. The real representatives and senators are out looking for campaign money. So damn, I now speculate these guys and gals are letting the advisors put the laws together - again someone not answerable (or even known) to the public. So now, you got legislators not reading the bills they are working on and there is a whole army of serfs ready to make some regulations that are in effect the same as law and ready to start looking for people to bother so they can look busy - and these serfs are not answerable to the public. Sorry, but congress is a part time job as far as I'm concerned. These laws are the result of people with nothing to do. I listen to the TV set and I hear "Oh we gotta law comin to fix this". Bullsh*t. There are plenty of other laws out there to hassle trouble makers with. They didn't nab Capone on murder, but on tax evasion. People fix stuff, not laws. Somebody is measuring their prouctivity by the amount of paper they can spew out of their office. 3) I'm a keen believer in Social Evolution A quick definition: If your a drug addict and your stupid enough to OD, you deserve to die. Another example: Your a drug dealer and ya get shot - oh well. Goes with the choice , dude. We keep protecting people from their choices. We think we are doing a favor for ourselves but I POSTULATE we are not. We keep on fightin nature and it just ain't possible. There just might be a reason for this weedin out process. But I'll admit it - I have a prejudice against stupid people - not mentally hadicapped, but stupid people. Well, thanks for reading my ranting and raving.... From roy at sendai.scytale.com Mon Jul 29 19:08:01 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Tue, 30 Jul 1996 10:08:01 +0800 Subject: A Libertine Question In-Reply-To: <2.2.32.19960729122101.0069c538@pop1.jmb.bah.com> Message-ID: <960729.164258.3K8.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, sparks at bah.com writes: > In the event that drugs are legalized like alcohol ( also a drug > ) and tobacco and cafeine, who will take responsibility for > housing and feeding those, who are now blameless, individuals > who can't or won't take responsibility for themselves and work > or whatever. I vote for "nobody". I firmly believe that those who will not accept responsibility for themselves are best removed from the gene pool (preferably before they have the opportunity to breed). > With freedom and liberty come a lot of > responsibility. Too many people today balme every damn thing in > the world for their problems - and get away with it.... That they are allowed to "get away with it" is a _big_ problem. But the typical 'liberal' solutions to social problems seem (at least to me) all centered around disallowing failure. Thus the "hapless drug victim" must be coddled and supported by society (at our expense, of course), lest they experience discomfort. I like to point out that evolution always requires multiple generations, and that when nothing dies, nothing evolves. This means, of course, that the liberal money-throwers are unlikely to ever see their "benevolence" produce a good result, even if said benevolence _could_ produce improvements. And while offering up the public teat may help in certain limited and individual cases, it generally only weakens the resolve of the suckler to improve hir situation. Failure should _never_ be disallowed or legislated away. It's the single most important contributor to evolution (animal or social). OBDisclaimer: As a matter of fact, I _am_ a Social Darwinist. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMf0z1Bvikii9febJAQHsWgP/dPHNz1RfHBDobkpDpb7w9sibX7y0i07h Dk1cBPMmUGMik3d6h+0PMRExecVUkeQnzR/Hsbd0bws97IBfuB1QSTwpzKo/VuD9 VUO1iA61zGlNJGO/Lm2Pd3RmFj+c0ko4Fi6kChmeUY38xszbj1PBnvp9KZc+Ahs5 KYBMlgvbI2w= =CN0F -----END PGP SIGNATURE----- From Scottauge at aol.com Mon Jul 29 19:08:36 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Tue, 30 Jul 1996 10:08:36 +0800 Subject: Just some comments on what I've read here Message-ID: <960729184944_587677685@emout19.mail.aol.com> In a message dated 96-07-29 18:28:06 EDT, you write: > It won't be that expensive...lesse....my WAN, for about 5000 > people and 15000 machines, only runs me about $400,000 US > per month. That's just circuit charges, of course... doesn't > include any of the networking equipment or cost of the > machines....is this a troll or what? > I dunno, are you a nob? As I recall I said the expenses where going to be in the switches (or public networks). Plus I'm thinking the most basic services of telnet, ftp, smtp, and some nnp... Plug two network boards (whether ethernet or X.25 or ATM) into a UNIX computer and you have a router. You cannot tell me that hardware (minus the hardcore ATM/X.25 stuff) is not inexpensive enough to put something together. At least for a few thousand users all sophisticated enough to know how to install a UNIX or Linux system... I'm talking about a club here - not a replacement for the internet. Open up your mind, dude.... From rod at wired.com Mon Jul 29 19:09:42 1996 From: rod at wired.com (Roderick Simpson) Date: Tue, 30 Jul 1996 10:09:42 +0800 Subject: Denning vs. Gilmore Message-ID: Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do citizens of the world have an "unalienable right" to privacy - or are there reasons why governments ought to have access to our communications? This debate will run daily through August 7. Follow along at http://www.wired.com/braintennis/. To get into the debate yourself, go to: http://www.hotwired.com/cgi-bin/interact/replies_all?msg.21655 An excerpt of Dorothy's first post today: "I'm not ready to accept 'the cat is out of the bag.' Let's look for a way of enjoying the benefits of encryption without unnecessarily hindering the ability of law enforcement to perform its mission. Let's use encryption for privacy, but also give law enforcement access to communications and computer files when there is probable cause and a judge has issued a court order. In some cases, that access must be surreptitious. Imagine the FBI calling a family boss and saying 'Give me your keys so I can wiretap your phone!'" John Gilmore's first post follows tomorrow. See you there. Best, Roderick Simpson rod at wired.com Wired Online From dlv at bwalk.dm.com Mon Jul 29 19:13:59 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 30 Jul 1996 10:13:59 +0800 Subject: Feinstein wants controls on Internet, Books In-Reply-To: Message-ID: <3aouRD1w165w@bwalk.dm.com> declan at well.com (Declan McCullagh) writes: > Feinstein today introduced an amendment revisiting her 1995 net-censorship > amendment tacked onto the anti-terrorism bill. Seeks to ban bomb-making > info from the Net and is being marketed in those words, but is not > Net-specific. So, is she going to shut down the CNN Web site with bomb-making info? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jbugden at smtplink.alis.ca Mon Jul 29 19:16:19 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 30 Jul 1996 10:16:19 +0800 Subject: A Libertine Question Message-ID: <9606298386.AA838693723@smtplink.alis.ca> Mike McNally wrote: >Uhh, "fail to save" isn't a moral judgement; it's an observable >phenomenon. Either somebody does save money or they don't. I >don't see in Tim's wording any judgement being made. It's a >numerical thing. >If you replace "drink too much," with "drink enough that they", you >get another observable phenomenon. As is the observable phenomenon that some people focus on the details and miss the point. You may also consider this to be a moral judgement. To argue that the cited examples - out of the universe of possible examples - did not imply a moral judgement is an argument useful only for its humour. James From Ryan.Russell at sybase.com Mon Jul 29 19:31:57 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Tue, 30 Jul 1996 10:31:57 +0800 Subject: Just some comments on what I've read here Message-ID: <9607292315.AA23622@notesgw2.sybase.com> And my point is that you obviously have no clue about running a sizeable net. It looks like you are trying to propose Fidonet. Go ask one of them how much it costs for them to run a node. Any sort of dialup service is pretty much going to limit you to store-and-forward items. Any full-time links attempting to mesh "a few thousand" users is going to quickly exceed my paltry $400K. You might want consider using the main Internet, and looking into encryption... Ryan ---------- Previous Message ---------- To: Ryan.Russell, cypherpunks cc: From: Scottauge @ aol.com @ smtp Date: 07/29/96 06:49:45 PM Subject: Re: Just some comments on what I've read here In a message dated 96-07-29 18:28:06 EDT, you write: > It won't be that expensive...lesse....my WAN, for about 5000 > people and 15000 machines, only runs me about $400,000 US > per month. That's just circuit charges, of course... doesn't > include any of the networking equipment or cost of the > machines....is this a troll or what? > I dunno, are you a nob? As I recall I said the expenses where going to be in the switches (or public networks). Plus I'm thinking the most basic services of telnet, ftp, smtp, and some nnp... Plug two network boards (whether ethernet or X.25 or ATM) into a UNIX computer and you have a router. You cannot tell me that hardware (minus the hardcore ATM/X.25 stuff) is not inexpensive enough to put something together. At least for a few thousand users all sophisticated enough to know how to install a UNIX or Linux system... I'm talking about a club here - not a replacement for the internet. Open up your mind, dude.... From m5 at vail.tivoli.com Mon Jul 29 19:34:55 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 30 Jul 1996 10:34:55 +0800 Subject: A Libertine Question In-Reply-To: <9606298386.AA838693723@smtplink.alis.ca> Message-ID: <31FD4FA8.6DF6@vail.tivoli.com> jbugden at smtplink.alis.ca wrote: > As is the observable phenomenon that some people focus on the details > and miss the point. You may also consider this to be a moral judgement. I'm sorry, but this thread is making no sense. You wondered aloud why Tim would make moral judgements; I claim he didn't. What exactly was it you were trying to say? > To argue that the cited examples - out of the universe of possible > examples - - that you clearly have in stock as ready-to-use straw men - > did not imply a moral judgement is an argument useful only for its > humour. So you're saying that you made a response to Tim questioning his use of moral judgements just to introduce your own moral judgement? If you want to issue moral pronouncements ex cathedra, why not just start a new thread instead of couching them in a confusing response? ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From Scottauge at aol.com Mon Jul 29 19:39:25 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Tue, 30 Jul 1996 10:39:25 +0800 Subject: New Internet Message-ID: <960729192528_587706324@emout08.mail.aol.com> In a message dated 96-07-29 19:16:30 EDT, you write: > Any sort of dialup service is pretty much going to > limit you to store-and-forward items. Any full-time > links attempting to mesh "a few thousand" > users is going to quickly exceed my paltry $400K. I agree... but I am also thinking that not one person is picking up the tab. Undoubtedly some systems are going to go up and down also... so - at the beginning - it could be like fidonet. But hopefully it would be more than a bunch of machines calling each other up an bursting information, some may backbone for a while. From jbugden at smtplink.alis.ca Mon Jul 29 19:42:24 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 30 Jul 1996 10:42:24 +0800 Subject: e$: The Demographic "Transaction" Message-ID: <9606298386.AA838695422@smtplink.alis.ca> tcmay at got.net (Timothy C. May) wrote: >Let them eat cake. Earlier, in: Re: "Soft Targets" as Schelling Points tcmay at got.net (Timothy C. May) wrote: >Keep your head down. Are you consciously trying to compare yourself with Marie Antoinette? With so many sans-culottes around, you could succeed. I'd rather be left than dead right. James From m5 at vail.tivoli.com Mon Jul 29 19:48:59 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 30 Jul 1996 10:48:59 +0800 Subject: A Libertine Question In-Reply-To: <9606298386.AA838689552@smtplink.alis.ca> Message-ID: <31FD44F0.26C1@vail.tivoli.com> jbugden at smtplink.alis.ca wrote: > tcmay at got.net wrote: > >Who takes responsibility when people fail to save enough of their > >paycheck to last them through the month? Who takes responsibility when > >people drink too much, miss work, and are fired? And so on. > > One common thread in many of these discussions is the ease with which moral > judgements are made about the situation: "fail to save", "drink too much". Uhh, "fail to save" isn't a moral judgement; it's an observable phenomenon. Either somebody does save money or they don't. I don't see in Tim's wording any judgement being made. It's a numerical thing. If you replace "drink too much," with "drink enough that they", you get another observable phenomenon. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From jbugden at smtplink.alis.ca Mon Jul 29 20:01:56 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 30 Jul 1996 11:01:56 +0800 Subject: A Libertine Question Message-ID: <9606298386.AA838696773@smtplink.alis.ca> tcmay at got.net (Timothy C. May) wrote: >The issue of "who takes care of" people who can't hold their liquor, or who overeat, or who smoke too much, does not enter into the equation. Perhaps the judgemental tone of these descriptions are clearer to you. Mike McNally wrote: >So you're saying that you made a response to Tim questioning his use of moral judgements just to introduce your own moral judgement? Tim can and does make moral judgements. So do I. So do you. I was curious as to why Tim brought them into an argument that did not need moral judgements to make its point. I suspect that it is more reflexive than carefully thought out, and I think may reflect on some of his core assumptions about society in general. But I don't know, so instead of making my own assumptions, I asked. James Feel free to respond by private e-mail. From WlkngOwl at unix.asb.com Mon Jul 29 20:30:33 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 30 Jul 1996 11:30:33 +0800 Subject: International Standards Message-ID: <199607300016.UAA17971@unix.asb.com> On 29 Jul 96 at 6:38, Duncan Frissell wrote: > Mr. Freeh, [..] > clearly impossible -- but to prevent such high-level code > from becoming the international standard, with architecture [..] > Looks like the fibbies (FBI) haven't been reading the "Proceedings of the > IETF". Strong crypto is already an international standard. Methinks they regard as international standards what's built into something like MacOS or Windows. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From frissell at panix.com Mon Jul 29 20:38:15 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 30 Jul 1996 11:38:15 +0800 Subject: A Libertine Question Message-ID: <2.2.32.19960730001300.008c4c28@panix.com> At 06:19 PM 7/29/96 EST, jbugden at smtplink.alis.ca wrote: >I suggest that it is more economical to provide for a minimum quality >of life- if only as a form of insurance for myself. Think: Rawls. > >The alternative is to have garbage collectors to "take care of" those that fall >behind. Think: Soylent Green. > >Better twisted than bitter, as Tiny Tim Cratchet used to say. > >James But many of us believe that coercive "solutions" to life's problems whether right or wrong are no longer possible because technology is in the process of making individuals and small groups "ungovernable" by force. If this is true, whatever the morality of coercive solutions, they will not be able to be applied to the real world. Thus if we designed the Internet (Ver.6) rather than Louis Freeh, his opinion of our design is meaningless. Perhaps the communitarians in the audience will have to fall back on disfellowship as the ultimate sanction (like the early Christians). They won't be able to apply any more advanced weaponry. DCF From jbugden at smtplink.alis.ca Mon Jul 29 20:41:13 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 30 Jul 1996 11:41:13 +0800 Subject: A Libertine Question Message-ID: <9606298386.AA838698411@smtplink.alis.ca> Duncan Frissell wrote: >But many of us believe that coercive "solutions" to life's problems whether >right or wrong are no longer possible because technology is in the >process of making individuals and small groups "ungovernable" by force. Basically, I agree. But as earlier essays have suggested, our current government may just be a Schelling point of sorts among the possible social organizations that can exist. Thus, technology is mearly a different lens to view the same basic interaction among players. The players may move into different equivalence classes, but the basic roles are the same. In other times, alphabets, industrialization, and nuclear weapons could have played similar roles in the upsetting of the status quo. In this context, right and wrong do not need to enter the discussion. However, optimizing each individual's situation does not necessarily result in an optimal situation for the group. This is the basis of the classic prisoner's dilemna from game theory. I understand that for the iterated version, Tit-for-Tat is a stable strategy in that no other strategy will do better and thereby displace it over time in a large population. Tit-for-Tat: Start co-operating. Co-operate if the other party co-operated on the last round. Defect if they defected on the last round. So, how do *we* get crypto widespread? James From tcmay at got.net Mon Jul 29 20:47:22 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 11:47:22 +0800 Subject: "Soft Targets" as Schelling Points Message-ID: At 8:05 PM 7/29/96, eli+ at gs160.sp.cs.cmu.edu wrote: >Tim May writes: >>The connection should be clear, but in case it is not: many soft targets >>are Schelling points for terrorist actions. > >I see no coordination problem here. Schelling points are a useful >concept when you have several actors, each of whom benefits from >making the same choice as the others. Here, I think you want to say >"soft targets are easy to attack". There are _many_ "soft targets," of course. Millions, in fact. But some are "more likely" than others to be hit, a la Schelling points. Schelling points need not involve "coordination" between actors, though Schelling points provide one means of coordination without communication (e.g., where does each think a meeting will occur). Schelling points are like "The Match Game" (an old t.v. show largely written by one of the main contributors to "Mad Magazine"). Namely, "Name a place likely to be attacked by terrorists." Coordination is not the issue. Rather, the Olympics was (obviously) a likely target, for a variety of reasons. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Mon Jul 29 21:13:37 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 30 Jul 1996 12:13:37 +0800 Subject: Clinton must like terrorists... Message-ID: <199607300127.SAA25730@mail.pacifier.com> Clinton must like terrorists... because his most recent proposals will end up making more of them. Jim Bell jimbell at pacifier.com From blancw at microsoft.com Mon Jul 29 21:14:55 1996 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 30 Jul 1996 12:14:55 +0800 Subject: A Libertine Question Message-ID: >From: jbugden at smtplink.alis.ca > >In this context, right and wrong do not need to enter the discussion. >[. . .] >So, how do *we* get crypto widespread? ............................................................... Interest in crypto will spread when everyone's files are by law made available to anyone working in a government agency and people begin to get this growing feeling that there is something terribly wrong. . . . .. Blanc From tcmay at got.net Mon Jul 29 21:15:12 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 12:15:12 +0800 Subject: A Libertine Question Message-ID: At 11:19 PM 7/29/96, jbugden at smtplink.alis.ca wrote: >I find it funny that I'm considered Conservative by most people who know me. >Your opinion may vary. ;-) I don't find it surprising (a different word from "funny") that you are a kind of "conservative." Many folks calling themselves conservatives actually want various kinds of laws, safety nets, social order, etc. (Many "conservative farmers" want government price guarantees, for example.) >tcmay at got.net wrote: >>Who takes responsibility when people fail to save enough of their >>paycheck to last them through the month? Who takes responsibility when >>people drink too much, miss work, and are fired? And so on. > >One common thread in many of these discussions is the ease with which moral >judgements are made about the situation: "fail to save", "drink too much". This is quibbling. Use whatever other word or weasel phrase for "fail to save" and "drink too much." Common euphemisms are: "became a victim of ethanol addiction," "lacked personal financial skills," etc. My point was an obvious one, clearly made, which I won't repeat here. >I know the social psychology explanation that people who view the world as >ordered attach these types of judgements to situations which violate their >ordered view of the world. "She was just asking for it dressed like that..." This is fatuous nonsense. I made no comment even remotely similar to this. (In fact, in my view, a woman can wear a tiny string bikini and, if attacked, blow away her attacker; though the bikini may make concealed carry a bit harder.) >However, now I'm puzzled. From what I've read of Tim May, he does not hold such >an orderly view of the world. The "rules" of existence may prove to be >deterministic, but the results are chaotic. So Tim, where are these moral >judgments coming from? The likely reason you are confused is that you set up a straw man, found it conflicted with other things I have argued, and now wish me to "explain." >Think of how many of our laws are being enacted that tacitly make being >poor or >indigent a crime. Curfews being a recently discussed example. If the >equation is >one of economics, then "who takes care of" people does indeed enter the >equation. I suggest that it is more economical to provide for a minimum quality >of life- if only as a form of insurance for myself. Think: Rawls. I have strongly argued against curfews, as I don't want cops telling my 15-year-old child when she or he can and can't be on public roads. As to "insurance," be my guest. That is, you and others are perfectly able to form insurance pools, old age retirement funds, etc. These are usually called "pension plans." However, please don't hold a gun to my head and demand that I contribute to a plan, especially one which is a Ponzi scheme like Social Security (SS is not self-funding, and "IOUs" are being placed in the pot for the future, as is well-known.) Sounds fair to me. >The alternative is to have garbage collectors to "take care of" those that fall >behind. Think: Soylent Green. A bad form of argument, citing bad SF movies to prove your points. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at eff.org Mon Jul 29 21:19:22 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 30 Jul 1996 12:19:22 +0800 Subject: call your rep In-Reply-To: Message-ID: While phone calls can't hurt, this markup ain't gonna happen this week. This from Burns' remarks at Cato this morning and reports from committee staffers. In fact, in the wake of the recent bombing it may be better *not* to push for a markup this week that would result in a narrow vote along partisan lines. That would bode ill for the bill's future on the floor. -Declan > >>the Senate commerce committee held its final > >>hearing on Burns's bill yesterday with the appearance > >>of FBI Director Freeh and Bill Reinsch at Dept of Commerce. > >>The Senate committee would like to hold a mark-up on > >>the bill (Pro-CODE) next week, but lack the certain votes of the members > >>of the committee to do so. > >> > >>Expressions of support for S. 1726 to critical Democrats > >>and Republicans are needed--especially: > >> Olympia Snowe, R-Maine, 224-5344; Bill Frist, R-Tennessee > >>224-3344; Spencer Abraham, R-Michigan 224-4822; Ernest > >>Hollings, D-South Carolina, 224-6121; Daniel Inouye D-Hawaii > >>224-3934; Wendell Ford D-Kentucky 224-4343; James Exon, > >>D-Nebraska 224-4224; Jay Rockefeller D-West Virginia 224-6472; > >>John Kerry D-Massachusetts 224-2742; John Breaux D-Louisiana > >>224-4623; Richard Bryan D-Nevada 224-6244; Byron Dorgan > >>D-North Darkota 224-2551. > >> > >>Calls are needed by Tuesday in order to schedule the mark-up. > >> > // declan at eff.org // I do not represent the EFF // declan at well.com // From whallen at capitalnet.com Mon Jul 29 21:28:44 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Tue, 30 Jul 1996 12:28:44 +0800 Subject: what's a weapon? (fwd) Message-ID: <199607300157.VAA12459@ginger.capitalnet.com> At 13:33 96.07.29 -0400, David Lesher wrote: >------- Forwarded Message > >Drawing an analogy with encryption and US ITAR, a poster reported that >A piper is being taken to court for practicing on Hampstead Heath, >which has a by-law forbidding music. Mr Brooks, the piper, has denied >the charge. He claims he wasn't playing a musical instrument, but >practicing with a weapon. In 1746 in England, bagpipes were declared to >be instruments of war, not musical weapons, and a subsequent Act of >Parliament specifically stated that they were weapons. > >> If you have ever heard the pipes being practiced you'll know why. Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From weidai at eskimo.com Mon Jul 29 21:37:52 1996 From: weidai at eskimo.com (Wei Dai) Date: Tue, 30 Jul 1996 12:37:52 +0800 Subject: game theory Message-ID: I agree with Tim that game theory is very interesting and a potentialy useful tool in cryptography. However, game theory currently has a major limitation. An even moderately complex game is likely to have a very large set of equilibria (possible solutions where none of the players will deviate from their strategy if they knew the strategy of all other players). It takes a lot of work to calculate the equilibria set, and even if this is done, game theorists are hard pressed to explain or predict which equilibrium is the actual outcome. I have not read any of Schelling's work, but the notion of Schelling points seems to be closely connected to that of equilibria in game theory. If this is the case, then I don't see how it can be usefully applied to the complex interactions of an entire society. It is easy to say that current social conventions are an equilibrium in some game, but how much is this worth? What we would like to know is what is the entire set of possible equilibria, why we are in one of them (instead of the others), and how changes in the game (such as introduction of strong crypto) change that set. I find it unlikely that game theory will soon advance to such a state that it will give us the answers to these questions. Wei Dai P.S. Now that I've reread Tim's original messages, I realize that maybe Schelling points are not really the equilibria of game theory. If this is the case, Tim, can you please clarify its actual meaning? (Perhaps by quoting a definition from Schelling's book?) ObCrypto: Here is a simple cryptographic application of game theory. A fair exchange protocol allows two parties to reveal valuable secrets to each other one bit at a time. Modeled as a game, it goes like this: There are N (an even number) rounds. On odd rounds Alice decides whether to reveal a bit to Bob or to stop the game. On even rounds Bob decides whether to reveal a bit to Alice or to stop the game. The goal is to get as many bits as possible and secondarily to reveal as few bits as possible. Now using backwards inductions, we can show that the only subgame perfect equilibrium of this game is that Alice stops the game in round 1. The analysis goes like this: on the last round (if the game goes that far) Bob will have gotten all of the bits from Alice, so it makes no sense for him to reveal his last bit to Alice. On the next to last round, Alice knows that even if she reveals her bit, she cannot get Bob's last bit, therefore she would stop on that round. Therefore Bob would stop on round N-2, and on it goes. Wei Dai From admin at dcwill.com Mon Jul 29 21:45:23 1996 From: admin at dcwill.com (Fred) Date: Tue, 30 Jul 1996 12:45:23 +0800 Subject: Parsing JYA; now others? In-Reply-To: <199607292236.SAA31701@yakko.cs.wmich.edu> Message-ID: <199607300114.SAA06363@python.ee.unr.edu> > Say, Duncan - you can do John Young, but can you make any sense of this? > Approved for your convenience, in sterile jello molds. The Lawnboy > nods assent. > The sun, a gaseous ball of tomato paste and model trains, is lost > among clouds of thankfullness. > Response time is minimal. Lost among oceans of billiard balls made of > styrofoam - tiny marmots build complicated nests of velveeta. Sounds like the lyrics to a YES song to me. Compare the styles: "The silhouette will charge the view of distant atmospheres." Fred From dlv at bwalk.dm.com Mon Jul 29 22:23:27 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 30 Jul 1996 13:23:27 +0800 Subject: Questions... In-Reply-To: <96Jul29.145711edt.20482@janus.algorithmics.com> Message-ID: Robin Powell writes: > PS: For the record, I find that Dimitri often has interesting things > to say. I just wish he'd stop talking about wheelchairs and > vegetables. Makes me get sad (I broke my back and almost ended up in > a wheelchair, but I'm much better now) and hungry (I'm a vegetarian) > at the same time. This reminds me of another mine-flame war I recently had on another forum with a vegetarian who claimed that vegetarian airplane food is much worse than airplane meat. He never tried the latter, so he just assumed it must be better, and so poor vegetarians were being discriminated against. I found it funny because so many people (including myself) ask for vegetarian food when flying because their meat is usually even worse. Likewise, Robin opens his (or her? this is a gender neutral name) big mouth without knowing what the fuck s/he's talking about - and makes himself/ herself look like a complete idiot, comparable to "Dr." David Sternlight. We have one demented cripple on this mailing list whose agenda is centered around silencing everything he doesn't agree with. He keeps whining about anonymous remailers which permit "homophobes" to get away with posting their crimethoughts. He threatens to sue everyone who badmouths his meal ticket - the wheelchair. Our taxes pay for his wheelchair, his Internet access, his apartment, his welfare check... Disgraceful. Unless you're a fascist, you shouldn't identify with this demented cripple. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frantz at netcom.com Mon Jul 29 22:25:32 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 30 Jul 1996 13:25:32 +0800 Subject: A Libertine Question Message-ID: <199607300242.TAA05651@netcom8.netcom.com> At 8:13 PM 7/29/96 -0400, Duncan Frissell wrote: >Perhaps the communitarians in the audience will have to fall back on >disfellowship as the ultimate sanction (like the early Christians). They >won't be able to apply any more advanced weaponry. Just as the ultimate net sanction is excommunication (usually via the ISP, killfiles etc.), the ultimate communitarian sanction is shunning. Anything more takes force, and government reserves the use of force to itself. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From tcmay at got.net Mon Jul 29 22:30:58 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 13:30:58 +0800 Subject: game theory Message-ID: At 1:42 AM 7/30/96, Wei Dai wrote: >I agree with Tim that game theory is very interesting and a potentialy >useful tool in cryptography. However, game theory currently has a major ... >I have not read any of Schelling's work, but the notion of Schelling >points seems to be closely connected to that of equilibria in game theory. >If this is the case, then I don't see how it can be usefully applied to >the complex interactions of an entire society. It is easy to say that >current social conventions are an equilibrium in some game, but how much >is this worth? What we would like to know is what is the entire set of >possible equilibria, why we are in one of them (instead of the others), >and how changes in the game (such as introduction of strong crypto) change >that set. I find it unlikely that game theory will soon advance to such a >state that it will give us the answers to these questions. ... >P.S. Now that I've reread Tim's original messages, I realize that maybe >Schelling points are not really the equilibria of game theory. If this is >the case, Tim, can you please clarify its actual meaning? (Perhaps by >quoting a definition from Schelling's book?) I certainly make no grandiose claims that any _single_ facet of reality is guaranteed to be useful, as I'm sure Wei Dai would agree. I presented the theory of Schelling points because I've found the notion to be interesting, unifying, and helpful in my understanding of many phenomena. (Clearly, there are dozens or even hundreds of such "core concepts.") Schelling was addressing a different aspect of game theory than conventional equilibria (as in payoffs, I presume to be Wei's emphasis). The David Friedman paper I cited the URL for (http://www.best.com/~ddfr/Academic/Property/Property.html) has a fuller explanation of Schelling points than I can justify writing here. He writes: "Such an outcome, chosen because of its uniqueness, is called a Schelling point, after Thomas Schelling who originated the idea. It provides a possible solution to the problem of coordination without communication. As this example shows, it is relevant both to situations where communication is physically impossible and to situations where communication is impossible because there is no way that either party can provide the other with a reason to believe that what he says is true." My conjecture that game theory and cryptography have some natural and fruitful points of intersection is of course just a conjecture. I have long believed--though I cannot formally prove it--that many of the problems with digital cash and related ideas are "made to converge" by consideration of iterated games, e.g., reputations, expectations, expected payoffs, and so forth. I believe we see this in the "real world," where economies actually work in ways that the pure theory (absent game theory) would suggest problems. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From amehta at giasdl01.vsnl.net.in Mon Jul 29 22:32:01 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Tue, 30 Jul 1996 13:32:01 +0800 Subject: e$: The Demographic "Transaction" (was Re: Schelling Points...) Message-ID: <1.5.4.32.19960730023643.002e900c@giasdl01.vsnl.net.in> At 19:37 29/07/96 +-200, Bart Croughs wrote: >The only effect of more stringent enforcement of anti child-labor legislation is to harm the children involved. You may think that the millions of families in Third World countries who are too poor to provide for their children, will be magically become rich enough to send their children to school once the anti child-labor legislation will be enforced. < This is getting off-topic, if there is such a thing on this list, but anyway... of course legislation alone is no good. Typically, it is accompanied by efforts to provide alternate livelihood to the older children or parents, free schooling, etc. > Child labour in the West didn't stop because of anti child-labour laws; it stopped the moment the people became rich enough to provide for their children, thanks to the capitalist revolution in the 18th & 19th century. The same path will have to be followed by the Third World countries today.< Take your point, though we may be talking chicken and egg here. If you have lots of children, you and your children never will become rich enough to change... >Instead of posting to the net to increase outrage about the violations of harmful child labour laws, you better begin posting to the net to increase outrage about the socialist governments in the Third World that keep their populations in poverty.< Socialism as an economic philosophy is fairly discredited, and is on its way out without my expressions of outrage needed to help it along. Yet, the capitalist economy seems to be no better at dealing with extreme poverty. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From tcmay at got.net Mon Jul 29 22:32:50 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 13:32:50 +0800 Subject: "Filter"software for money laundering Message-ID: (Apparently the Poles are seeking tools for controlling the economic transactions of its citizen-units. Thanks to Bob for forwarding this to us. I am copying Andrzej Adamski on my response.) At 2:59 PM 7/29/96, Robert Hettinga wrote: >--- begin forwarded text >Date: Mon, 29 Jul 1996 16:06:53 +-200 >Reply-To: Law & Policy of Computer Communications > >Sender: Law & Policy of Computer Communications > >From: Andrzej Adamski >Subject: "Filter"software for money laundering >Comments: cc: "comcri-l at man.torun.pl" , > "lacc at suburbia.net" >To: Multiple recipients of list CYBERIA-L > >Sorry for cross-posting this message: > >Dear All, > > Are you familiar with any > software or any listing of producers of software to be used in > tracking money-laundering? > > If so, let me know. Yes, the Cypherpunks mailing list (send a request as described below) has software to defeat methods of tracking money-laundering. In particular, anonymous remailers, unbreakable cryptography, offshore data havens, digital cash, information markets, and a large body of thought about methods to defeat attempts by Central States to control and track the economic transactions of individuals and corporations. I realize our Polish correspondent may be seeking tools to _assist_ the Police of his country in stopping his countrymen from moving funds around without the approval and control of the apparatchniks who control such things in command economies, but I think he needs to know just how hopeless the task really is. The Polish state will crumble, though it may take a couple of generations. --Tim May, Crypto Anarchist Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Mon Jul 29 22:38:02 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 30 Jul 1996 13:38:02 +0800 Subject: Clinton must like terrorists... In-Reply-To: <199607300127.SAA25730@mail.pacifier.com> Message-ID: jim bell writes: > Clinton must like terrorists... because his most recent proposals will end > up making more of them. Clinton is a terrorist and a murderer. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Mon Jul 29 23:07:28 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 30 Jul 1996 14:07:28 +0800 Subject: Denning vs. Gilmore Message-ID: <199607300322.UAA02252@mail.pacifier.com> At 04:14 PM 7/29/96 +0100, Roderick Simpson wrote: >Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore >over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do >citizens of the world have an "unalienable right" to privacy - or are there >reasons why governments ought to have access to our communications? This >debate will run daily through August 7. Follow along at >http://www.wired.com/braintennis/. To get into the debate yourself, go to: > >http://www.hotwired.com/cgi-bin/interact/replies_all?msg.21655 > >An excerpt of Dorothy's first post today: > > "I'm not ready to accept 'the cat is out of the bag.' The Wicked Witch of the East wasn't "ready to accept" a house being dropped on her. Denning's personal desires are equally irrelevant. > Let's look for a way of enjoying > the benefits of encryption without > unnecessarily hindering the ability of law > enforcement to perform its mission. I consider the primary benefit of good encryption to be the "hindering the ability of law enforcement to perform" the particularly abusive "mission" they've chosen for themselves. > Let's use encryption for privacy, but also give > law enforcement access to communications and > computer files when there is probable cause > and a judge has issued a court order. Many if not most of us out here believe that the ("probable cause") system is abusive, and has all the prospects of continuing to be abusive in the future. > In some cases, that access must be > surreptitious. But some of us consider such access to be unconstitutional, however "useful" you may believe it to be. In the past, the government has had the extreme luxury of not being forced to convince the public of its "right" to wiretap. Now, the advance of technology is forcing the question of such approval to be answered, and the Denning-types are getting really worried that the public isn't going to give that approval. Tough! Jim Bell jimbell at pacifier.com From sebago at earthlink.net Mon Jul 29 23:31:29 1996 From: sebago at earthlink.net (Allen Robinson) Date: Tue, 30 Jul 1996 14:31:29 +0800 Subject: cypherpunks vs hacker Message-ID: <199607300355.UAA29837@andorra.it.earthlink.net> On 29 Jul 96 at 6:06, pjn at nworks.com wrote: (in response to Tim's suggestion that:) > In> Rather than debate semantics of the definition of "hacker," or ask > In> others to suggest definitions, it might be better for interested folks > In> to read some of the various books on the topic and then decide for > In> themselves. Some of them are: > > In> - Levy, "Hackers," of course > > Very good history. > > In> - Haffner and Markoff, "Cyberpunk" > > In> - Sterling's book on hackers > > Hacker Crackdown. > > In> - any one (but not more) of the several Shimomura v. Mitnick books > > I think that Markoffs book on the incident was written beter then the > rest. > > I might also suggest: > > - Masters of Deception > > - The Cuckoos Egg by Stoll > Not to unduly belabor this, but I quite recently discovered another, somewhat less widely known book on the subject. _Approaching Zero_ by Paul Mungo & Bryan Clough. I've only skimmed it, but my 11 year-old son has promised to lend it to me when he finishes reading it. AR #%#%#%#%#%#%#%#%#%#%#%#%#%#%#% "In the end, more than they wanted freedom, they wanted security. When the Athenians finally wanted not to give to society but for society to give to them, when the freedom they wished for was freedom from responsibility, then Athens ceased to be free." - Edward Gibbon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Allen Robinson.........................sebago at earthlink.net PGP public key FE4A0A75 fingerprint 170FBC1F7609B76F 967F1CC8FCA7A41F From harmon at tenet.edu Mon Jul 29 23:37:51 1996 From: harmon at tenet.edu (Dan Harmon) Date: Tue, 30 Jul 1996 14:37:51 +0800 Subject: mailing list In-Reply-To: <96Jul29.105559pdt.21893@hsr.edrd.dnd.ca> Message-ID: Are you a good turtle? On Mon, 29 Jul 1996, Darryl Gittins wrote: > > Hey... > > how do I get on the mailing lissst....? > > Thanks > > From tcmay at got.net Mon Jul 29 23:51:25 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 14:51:25 +0800 Subject: e$: The Demographic "Transaction" (was Re: Schelling Points...) Message-ID: At 2:36 AM 7/30/96, Arun Mehta wrote: >Socialism as an economic philosophy is fairly discredited, and is >on its way out without my expressions of outrage needed to help >it along. Yet, the capitalist economy seems to be no better at >dealing with extreme poverty. Really? Extreme poverty seems to be its own reward. So, I think market economies are dealing with the incompetent and/or the lazy very well. (This may sound harsh to many of you, but think about a world of seven billion souls, many of them living at the margins of survival. Not much more could be expected, no matter the economic system. In particular, command economies have not been more effective. Think about it this way: in 100 years, who cares if a billion or so folks lived only an average of 38.37 years instead of 41.91 years?) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jim at ACM.ORG Tue Jul 30 00:46:39 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Tue, 30 Jul 1996 15:46:39 +0800 Subject: Bush administration DT/Clipper strategy Message-ID: <199607300503.WAA17737@mycroft.rand.org> This redacted and declassified high level memo outlining the linkage of the Digital Wiretap bill and the Clipper initiative in the Bush administration was recently obtained by EPIC (http://www.epic.org) as the result of an FOIA request. I tried to keep the original spacing and relative lengths of blacked-out areas. Jim Gillogly 7 Wedmath S.R. 1996, 05:02 ___________________________________________________________________ UNCLASSIFIED stamped over TOP SECRET THE WHITE HOUSE WASHINGTON January 17, 1991 [sic] MEMORANDUM FOR THE HONORABLE DICK CHENEY Secretary of Defense THE HONORABLE WILLIAM P. BARR Attorney General THE HONORABLE ROBERT M. GATES Director of Central Intelligence SUBJECT: Legislative Strategy for Digital Telephony (S) On December 30, 1991, I sent to the President a memorandum seeking his approval for a legislative strategy for digital telephony. The substance of that memorandum is attached. On January 15, 1992, he approved the following course of action: - Justice should go ahead now to seek a legislative fix to the digital telephony problem, and all parties should prepare to follow through on the encryption problem in about a year. Success with digital telephony will lock in one major objective; we will have a beachhead we can exploit for the encryption fix; and the encryption access options can be developed more thoroughly in the meantime. (TS) Brent Scowcroft Attachment Declassified/Released on 6/28/96 under provisions of E.O. 12958 by J. Saunders, National Security Council UNCLASSIFIED stamped over UNCLASSIFIED stamped over TOP SECRET TOP SECRET Declassifiy on: OADR ___________________________________________________________________ [Attachment: XXXX replaces blacked-out portions] UNCLASSIFIED stamped over TOP SECRET THE PRESIDENT HAS SEEN 1-15-92 THE WHITE HOUSE WASHINGTON December 29, 1991 31 DEC 30 P3:00 ACTION MEMORANDUM FOR THE PRESIDENT FROM: BRENT SCOWCROFT SUBJECT: Legislative strategy for Digital Telephony Purpose EO To approve a legislative remedy to looming problems for law 12958 enforcement XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 1.5 (C) Background XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXxXXXXXXXXXXXXX Analog technology allows interception of a single communication through a tap on the target's line XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Same XXXXXXXXXXXXXXXXXXXXXXXXX Digital technology simultaneously intermingles thousands of pieces of information on the line XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX The best solution to this problem is to obtain legislation which ensures the cooperation of the telephone commXXXXXXXX providing access to target communications XXXXXXXXXXXXXXXXXXXXXXXX All Same agencies agree with this legislative approach and that we should do it fairly soon. Preliminary soundings on the Hill suggest there is a reasonable chance of success even though these kinds of issues raise "civil liberties" issues with the attendant political fireworks. A timely legislative vehicle is the FCC Authorization Bill which has passed the House and awaits action in the Senate. We expect the Senate to take it up in January. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXX Partially Declassified/Released 6/28/96 XXXXXXXXXXXXXXXXXXXXXXXXXXX under provisions of by J. Saunders, National Security Council UNCLASSIFIED stamped over UNCLASSIFIED stamped over cc: Vice President TOP SECRET TOP SECRET Chief of Staff Declassifiy on: OADR ___________________________________________________________________ UNCLASSIFIED stamped over 2 TOP SECRET Delibera... Materi... Deliberative Material XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXX The Justice view is that we should carefully press ahead and try to obtain a solution now. Justice contends that the costs of waiting (loss of access and the cost to recoup) are growing rapidly, and an attempt to fix it now is worth the political risks. RECOMMENDATION XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXX Therefore, I recommend you give Justice the go-ahead to seek a fix to the digital telephony problem and direct all the parties to prepare to follow through on encryption in about a year. I prefer first to / meet with senior Approve __V___ Disapprove ______ advisors to discuss ______ GB UNCLASSIFIED stamped over UNCLASSIFIED stamped over TOP SECRET TOP SECRET ___________________________________________________________________ Transcribed by: ---- Jim Gillogly 7 Wedmath S.R. 1996, 05:02 From tcmay at got.net Tue Jul 30 00:59:35 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 15:59:35 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: It is imperative that Netscape, Microsoft, Qualcomm, and the other players be pressured/urged/cajoled to commit to introducing strong, unescrowed crypto for the *domestic* versions, even if not for export versions. I believe several signs are pointing to jockeying in the U.S. to get the major players in software to introduce "one version" programs with key escrow built in. While the avowed intent will be to stop _export_ of unescrowed strong crypto, such a "one version" (interoperable) strategy would mean that key escrow is the de facto situation within the United States. Several months back, during the flap over Netscape founder Jim Clarke's statements about the needs for key escrow, one result was that Netscape acknowledged that even if it had to have *two* versions, a domestic version and an export version, it would not put key escrow or other GAK versions into U.S . releases. It bears repeating, though we all know this: There are no restrictions whatsoever on crypto use in the United States. (The restrictions on airwave use of codes are more complicated to analyze, and don't effect speech, writing, normal communications, etc.) Not compromising on what is available to U.S. users is critical. (Of course, we all know that what is widely available to U.S. users will quickly become available in Europe, Asia, and elsewhere. But this is no reason, formally, to compromise on basic freedoms within the U.S.) So, I urge you, be prepared to attack any of the major software vendors who offer any "one version" solutions which limit the strength of crypto available to the U.S. customers in the name of offering a single, world, exportable version. Without this ITAR hook, the government is currently powerless to control crypto domestically. (Many believe such restrictions would be dismissed on First Amendment grounds, as restrictions on the form of speech. Of course, many also believe the ITARs will eventually be found to be unconstitutional, at least the parts dealilng with software, technical articles, speech, etc.) One of the lines of my ever-expanding .sig has been "Boycott "Big Brother Inside" software!" I added this during the Lotus Notes flap, where Lotus honcho Ray Ozzie was proposing his "40 + 24" solution, where Lotus would give 24 bits of the 64-bit key to the government. When I coined the logo "Big Brother Inside," the Cypherpunks meeting after Clipper was announced in '93, it was this kind of cozy relationship between industry and government I was mainly commenting on. The NSA and FBI know that recruiting Netscape, Microsoft, Novell, Lotus, and others to implement GAK in their stupendously popular software products is the single best way to control the spread of strong crypto. I say we make it clear that this will not fly for U.S. versions! What kind of GAK gets built into products intended to be exported to Albania and Iran is of little relevance here in the U.S., where no laws give the government permission to dictate what is in a program, or how long a key is, or whether master keys have been duly deposited with the secret police. Let's remind people of this. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jti at i-manila.com.ph Tue Jul 30 01:45:46 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 30 Jul 1996 16:45:46 +0800 Subject: HD Encryption Message-ID: <01BB7E25.00B25EC0@ip74.i-manila.com.ph> Is there such thing as HD encryption? From tcmay at got.net Tue Jul 30 02:01:15 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 30 Jul 1996 17:01:15 +0800 Subject: Bush administration DT/Clipper strategy Message-ID: Many thanks to Jim G. for posting this. Several things caught my eye, but I'll only comment on one: " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXX The Justice view is that we should carefully press ahead and try to obtain a solution now. Justice contends that the costs of waiting (loss of access and the cost to recoup) are growing rapidly, and an attempt to fix it now is worth the political risks." Considering that this was written in early 1992, I think we (and others) have done quite well to help stall this scheme for the past several years; the black eyes gotten by the fumbled Clipper I and Clipper II schemes have delayed and possibly derailed any hope for controlling both digital telephony and encrytion. (The document mentions going after digital telephony first, then tacking the encryption problem. Whatever one thinks of the needs or issues, this should make it clear that controlling crypto was a plan, not just the "public consumption" story of Clipper as a purely voluntary phone system for government contractors and the like.) The "race to the fork in the road," aka the point of no return, is underway. I think it is actually already too late to control crypto...too many packages already released, too many degrees of freedom in communication, too much "anarchy" in the Net. If we can keep NSA and the other TLA intelligence agencies in a state of confusion and missteps for another two years, I think the war will largely be over. (Not in digital money and banking, for other and more complicated reasons, but in the area of unbreakable communications.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jti at i-manila.com.ph Tue Jul 30 02:10:58 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Tue, 30 Jul 1996 17:10:58 +0800 Subject: Source Codes in C or Pascal Message-ID: <01BB7E24.F8E80BE0@ip74.i-manila.com.ph> Does anyone knows where to find source codes of sample encryption programs? I just wanted to know how they work... Thanks in advance! From stewarts at ix.netcom.com Tue Jul 30 04:04:22 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 30 Jul 1996 19:04:22 +0800 Subject: HD Encryption Message-ID: <199607300821.BAA23220@toad.com> At 04:03 PM 7/28/96 +0800, Jerome Tan wrote: >Is there such thing as HD encryption? If you mean keeping the partition on your hard disk encrypted, with blocks decrypted when you want to read them and encrypted when you write, similar to the way Stacker and Doublespace decompress and compress files when reading and writing, sure. Obviously this sort of thing is operating-system dependent.... Most DOS commercial products that do this are not very good - they'll offer some sort of "fast proprietary encryption" which is either weaker than DES or FAR weaker than DES - though some use DES and a few have triple-DES as an option. There are several freeware products as well, with names like secdev and secdrv, that have good crypto. I don't know the Macintosh market. Some of the DOS/Windows products work under Windows 95 or NT, some don't. For networked environments, like Unix, there are better research-based systems like Matt Blaze's CFS Crypto File System, but since it's written in the US and Matt's with a large US company with many lawyers, he's not allowed to export it to you. There are also some commercial products. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From stewarts at ix.netcom.com Tue Jul 30 04:13:30 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 30 Jul 1996 19:13:30 +0800 Subject: Source Codes in C or Pascal Message-ID: <199607300821.BAA23226@toad.com> At 03:42 PM 7/28/96 +0800, you wrote: >Does anyone knows where to find source codes of sample encryption >programs? I just wanted to know how they work... Thanks in advance! The best archives are outside the US and not subject to its export laws. Some popular locations are ftp.funet.fi (in Finland), ftp.ox.ac.uk (at Oxford University in England), and ftp.dsi.unimi.it (in Italy.) You can also use AltaVista to look for Ron Rivest's home page, and look at his reference lists. The Cypherpunks home page is on www.csua.berkeley.edu . If you're somewhere that US technical books are readily available, Bruce Schneier's book "Applied Cryptography" is very good. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From pjn at nworks.com Tue Jul 30 05:43:49 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Tue, 30 Jul 1996 20:43:49 +0800 Subject: TLAs on cypherpnks (was R Message-ID: In> Is this the first confirmed report of TLA cypherpunk-monitoring? Might be the first reported, but many people probably thought it was... I did... P.J. pjn at nworks.com ... RAM = Rarely Adequate Memory ___ Blue Wave/QWK v2.20 [NR] From source at iaccess.za Tue Jul 30 05:51:33 1996 From: source at iaccess.za (source at iaccess.za) Date: Tue, 30 Jul 1996 20:51:33 +0800 Subject: Netscape Security Lies Message-ID: <199607300939.CAA24753@toad.com> We have just tested Netscape's security page and it seems they are either lying or have a major bug. All you have to do to confirm this is to go to their page http://home.netscape.com/newsref/ref/netscape-security.html#test and click on the link under the heading Testing the Secure Server link "Here is a secure server you can visit. Do an iptrace and analyse of the interaction between the server and their browser version 3.05bgold and 3.05b, of which both reports that they are not even running a secure version of the server there. We decided to test further and found that the RSA secure server is only SSL 2 and SSL 3 which is what Netscape seems to be touting to the resting of the world saying they have it NOW. Later, if not much later seems far more realistic. I do not like being lied to, mislead or steam rolled by, how about you? From ceridwyn at wolfenet.com Tue Jul 30 05:56:38 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Tue, 30 Jul 1996 20:56:38 +0800 Subject: "privatizing" phones? Message-ID: <2.2.32.19960730102239.006cc4b8@gonzo.wolfenet.com> >> Even if they did change the frequency the call was on, >> it would be a simple matter to decode how the frequency >> change was negotiated, and "follow" the call (also easily >> accomplished with cellular calls). Failing that, there is >> a very limited range of frequencies allocated for cordless >> fones, and simply re-scanning for the conversation is a >> trivial inconvenience. //cerridwyn// >Most of those systems do also change the order of the transmitted data, and >that's not limited to a few possibilities. If it's digital, they usually >encrypt it (only weak, but hey, you normally have to find the key real >time!) Right. After posting that, I realized I forgot to specify I was only referring to analog cordless/cell fones. Digital is a bit of a different story, as it requires more sophisticated equipment to decode. Still not secure though. (right now it's simply obscure). //cerridwyn// From ogren at cris.com Tue Jul 30 07:51:48 1996 From: ogren at cris.com (David F. Ogren) Date: Tue, 30 Jul 1996 22:51:48 +0800 Subject: Some Questions RE: Nortons For Your Eyes Only Message-ID: <199607301045.GAA08042@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Tue Jul 30 06:40:47 1996 For those of you who have not heard it, Norton's For Your Eyes Only is a piece of software designed to integrate several encryption functions into Win95. Among its features (as I understand it) are automatically encrypting/decrypting on the fly (ala Secure Drive), encryption of the HD boot info, Command auditing, and a hybrid crypto system based on RSA. Several symmetric algorithms are available including RC4, 3DES and Blowfish. Non-US versions do not include the strong crypto algorithms. I only have second-hand information about this program and have a few questions regarding it. 1. Apparently, For Your Eyes Only (FYEO for short) encrypts files using a user-selectable symmetric algorithm and then encrypts the session key with RSA. Does FYEO store this encrypted session key with the rest of the file (like PGP does), or does it keep a central database of encrypted session keys? Keeping the session keys centrally would obviously prevent sharing files across machines, so I imagine that they must be appended (or prepended) to the ciphertext. 2. From what I understand, FYEO prompts you to enter your passphrase when logging in and this passphrase unlocks your RSA key. What algorithm is used to encrypt the RSA key? I am concerned that an exportable (and therefore weak) algorithm is used to protect the RSA key. This would mean that the RSA key could be readily hacked. And if the RSA secret key can be hacked easily, it will do no good at all to have strong encryption on the files themselves. 3. Does FYEO include any kind of authentication system. If so, what signature and message digest algorithms does it use? Thanks. - -- David F. Ogren | ogren at concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMf3msOSLhCBkWOspAQHN4gf9HeVeJ6a6oKwdmtwcHhFT0cnMjdFIjP4V zcc7Is7qPSMFTZy+1+IwITiXPUugHdxeJbI2JvUyfptbjllfqvacNGy54iIqRZhz DPqaQkeZ8hjj843kZQB1/tmcA+np3jR6C3p3s5PC8np8Ld36J8rQZ6DVNi3XSoSh 6rOXlQKpmxZgq2gtCK+wydG39rvMsKDYo+ATqHZbX+0lryi3+4RI6Yi4185rrMW4 8iMwZs7VHFnl7sicaIro101Gc3xmrMzj+lRfa0kR1G3Ek2x9I7TArKRmcz2qonZM dUJivrjf52rUK+9Mi95HzeI6Sakb6iSIBaP7OO3w/IIIV1W6ufiqIg== =M3JW -----END PGP SIGNATURE----- From ceridwyn at wolfenet.com Tue Jul 30 08:04:28 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Tue, 30 Jul 1996 23:04:28 +0800 Subject: fbi, crypto, and defcon Message-ID: <2.2.32.19960730112953.0072a3d0@gonzo.wolfenet.com> At this year's DefCon (last weekend), there were two speakers from the recently created FBI San Francisco Computer Crime division. During a question/answer session, the question came up regarding their division's view on crypto as compared to the FBI's official view. They, of course, declined to answer on the grounds that they were instructed not to talk about it, and proceeded to explain how they just enforce the law, not create it (deftly ignoring the point made about Freeh's involvement in making laws). The question was rephrased: "How do you personally feel about exporting strong crypto", and again they refused to answer on the grounds that they were there as spokesmen for the FBI, but people could talk to them later and ask any questions they liked, and "the answers may surprise you". Evidence that maybe some goons really do have a clue, but are still too afraid to do anything about it... //cerridwyn// From liberty at gate.net Tue Jul 30 08:07:12 1996 From: liberty at gate.net (Jim Ray) Date: Tue, 30 Jul 1996 23:07:12 +0800 Subject: The Ironic Arms Trafficker Message-ID: <199607301128.HAA99044@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- In the August 12, 1996 issue of Forbes, on page 38, is a half-page or so by Janet Novack titled, _The Accidental Arms Trafficker._ She quotes CEO Michael Zisman, of IBM's Lotus Development Corp. saying, "Theoretically, when I take my laptop and get on an airplane and go to London, I am violating the law." Goes on to talk briefly about ITAR and the quiet change by the State Dept. in travel rules, mentions Zisman is in DC lobbying for Pro-Code, calls 64 bit Lotus Notes encryption "advanced," and talks about competitors beating Lotus to market. [I suppose Zisman hasn't been listening to Dr. Sternlight or Freeh (whose head, say the Bethesda proctologists, is now stuck *even* *deeper*! ;}] Anyway, no mention of Lotus' Big-Brother Inside proposal, hence my use of the term "ironic." JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "Isn't it odd that Harry Browne is dominating talk radio ...while his campaign continues to be overlooked by mainstream newspapers and television news?" asked campaign director Sharon Ayres. "Is Harry Browne being deliberately ignored, or is the rest of the media just slow to catch on to this genuine grassroots political phenomenon?" she asked. "Both." I answered. [See the Miami Herald for no details.] Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray Coming soon, the "Pennies For Perot" page. Keep billionaires off welfare! ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMf3w+G1lp8bpvW01AQGs9AP/bRhHsroIfyfwOwxoprBmop0lFiRifBaF BA8mpxflDHKUnguuYEBiLKMVS4mW2F8O/tzg13iFlqnbljMTQnSCv3RxhSVL6vMo fcvekwAb0vh/GfumqqXWBupsap+YOoGI/4YIJgZBi/L4LfGlT++qCzdcRoHBSebQ YDAOPG6UaXw= =yB35 -----END PGP SIGNATURE----- From ichudov at algebra.com Tue Jul 30 08:14:39 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 30 Jul 1996 23:14:39 +0800 Subject: Taxes in the digicash world Message-ID: <199607301117.GAA06799@manifold.algebra.com> Hi Suppose that digital cash becomes easy enough to use and becomes the mainstream medium in most [or at least many] economic transactions. The question is, how can the government TECHNICALLY collect taxes? I do not mean to start `libertarianism vs. socialism' discussion, I am more interested in the technical aspects of tax collection when transfers of money are protected by strong crypto.. Let's say, maybe this tax would work: every time someone verifies that a piece of digital cash is valid, s/he has to pay the government a little percentage of the amount. Since digital banks are easier to control than other participants of the market, this kind of tax legislation is easier to enforce. Of course these banks may be offshore, and then such collection becomes problemstic. Another alternative that I see is property taxes and poll taxes,or taxes on some commodities such as oil. But incomes seem to be hard to track. What else? - Igor. From proff at suburbia.net Tue Jul 30 08:22:30 1996 From: proff at suburbia.net (Julian Assange) Date: Tue, 30 Jul 1996 23:22:30 +0800 Subject: DESZIP Message-ID: <199607301201.WAA21682@suburbia.net> I am writing an historical piece on crypt(3) optimisation and password guessing heuristics. This naturally enough envolves tracking down and analysing various code/papers that have been seen as significant and/or infulential in those areas. In the late 80's Matt Bishop while at NASA, wrote DESZIP, which for a while was the seminal work. Matt has pointed me to a US summer 1987 article which describes some of the DES optimisations, however as I am an Australian national, Matt can not legally send me the actual implimentation to me due to idiotic ITAR restrictions. If someone not as constrained could address the problem described, I should be delighted. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From rp at rpini.com Tue Jul 30 08:58:38 1996 From: rp at rpini.com (Remo Pini) Date: Tue, 30 Jul 1996 23:58:38 +0800 Subject: Returned mail.No such addressee Message-ID: <9607301258.AA22999@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Tue Jul 30 14:55:00 1996 To: cpunks Date: Tue Jul 30 13:50:00 1996 Actually the archives from ftp.dsi.unimi.it have moved to: ftp://idea.sec.dsi.unimi.it/pub/ It's a very large repository and to hell with ITAR, it's italian. - --------< fate favors the prepared mind >-------- Remo Pini rp at rpini.com PGP: http://www.rpini.com/remopini/rpcrypto.html - ------< words are what reality is made of >------ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMf4GJRFhy5sz+bTpAQHB7QgAo+IcNX+FIBW9bJsN3l9O7OIw5mFTQr+x LsvrNsSrTx0jVJaUIaLDh1BzBme9caBYDzdJl+LfAtjufvIBJPEl2+bYVz+aWoP1 BZtfVdmL7ZR4O+z2Q5/r+mnT+Q4OZSk78Zpo9dZd3syJZa2w89DUINA3CNcCoJ8G 33Y5coB5PJZluuywozJYcENneq41lDg5k2DxP79GHyXFLBHYKj7HwO2nUei0H9// FaXRcd9X0Qp0pKPm33lXiKNkAVSl+xtGk8F7BjYClL9F+WjZ1jaXMSKC3aImjRvP 1DeVlSsYF0Y2GYvubOTs45ueAPwVPAboDU3UXgRGblla0utlQ9kRTw== =UYHi -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Jul 30 09:25:19 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 31 Jul 1996 00:25:19 +0800 Subject: DESZIP Message-ID: At 22:01 7/30/96, Julian Assange wrote: >In the late 80's Matt Bishop while at NASA, wrote DESZIP, which for a >while was the seminal work. Matt has pointed me to a US summer 1987 >article which describes some of the DES optimisations, however as I am >an Australian national, Matt can not legally send me the actual >implimentation to me due to idiotic ITAR restrictions. Did you try the Usual Suspects? There are numerous crypto sites in Europe. If none of them has DESZIP, would someone outside the US please upload it... -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From koontz at netapp.com Tue Jul 30 10:00:44 1996 From: koontz at netapp.com (Dave Koontz) Date: Wed, 31 Jul 1996 01:00:44 +0800 Subject: Clinton must like terrorists... Message-ID: <9607301322.AA13357@supernova.netapp.com> >Clinton must like terrorists... because his most recent proposals will end >up making more of them. Maybe he is trying to foment revolution? From jya at pipeline.com Tue Jul 30 10:26:14 1996 From: jya at pipeline.com (John Young) Date: Wed, 31 Jul 1996 01:26:14 +0800 Subject: Reno and G8 Message-ID: <199607301359.NAA13344@pipe3.t2.usa.pipeline.com> AG Janet Reno is meeting today with G-8 ministers in Paris to discuss anti-terrorism policies. Reports on those sessions from highly placed Euro subscribers would be appreciated. If needed, faxes of articles may be sent to 212-799-4003, anonymity assured. French, German or Spanish welcomed -- we've got translation software to garble them in English. From frissell at panix.com Tue Jul 30 10:57:53 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 31 Jul 1996 01:57:53 +0800 Subject: Dry Under the Waterfall Message-ID: <2.2.32.19960730135447.0085571c@panix.com> If I read *one* more bit of blather about the "information haves and have nots" I am going to take my Streetsweeper down to my local McDonalds and decrease the imbalance between these two groups by reducing the quantity of the latter. It would work just as well as any other solution. The latest blather was in a parting shot in David Kline's last "Market Forces" column in Hot Wired (www.wired.com). "How can we assure that the tired, poor, huddled masses yearning to breathe free, the wretched refuse of your teeming shore, the homeless, and tempest-tossed get onto the Net"? (My formulation -- not his.) The answer is we can't. I have been online every day since 1987 or so. Since that time I have begged, pleaded, cajoled, and threatened friends, relatives, casual acquaintances, and total strangers to get them on line. (We are talking here about people who have the cash to easily get wired if they care to.) Sometimes it has worked. Mostly it has not. It has gotten easier to dragoon people onto the net recently but it is still hard. I have taken to telling people who ask me for help setting up their computer systems that I will only help them on the condition that they obtain an ISP account and use it. The usual reason for resistance (beyond a reluctance to spend money) is a failure to appreciate the value of the online experience. No matter how much I plead, many people have not (in the past) been able to see what this all was good for. This was particularly true when online computing was a text-only experience. Non-readers have a problem with text. Now, even though the net is more graphical, it still lacks appeal for 95% of the population (or at least enough appeal to get them on to it). Even though we may know that many people could improve their lives and economic standing by learning to compute and telecommunicate, they don't *know* it and so they are not wired. Par example -- an auto mechanic of my acquaintance was assigned to the office where he worked to handle advanced paper shuffling involving auto parts. He started to use an XT to track parts and got to like it. He asked me for some advice and over the years bought an XT and other machines until he now has two desktops and a laptop networked at home. He's on the net as well. At work, he has become a supervisor in part because he can use computers. The original purchase of a computer has been paid for many times over by increased income. There is nothing new about this, of course. Even without computers, it is obvious that someone who can read and write can average more money in the modern world than one who can't. And yet many people refuse to learn to be good readers. Because they don't read, they also know less. Sans books and periodicals, you simply can't encounter a critical mass of ideas and information sufficient to achieve a self-sustaining intellectual life and the flexible abilities necessary to survive in the current economy. For readers, the modern economy is a piece of cake. And reading is not a "certification" it's a skill. You can get it with minor help. It takes no money and it can't be denied to you by a racist society. Without so much as a high school diploma, a good reader can succeed easily in today's America (credential-happy Europeans have to fend for themselves). Do you doubt this. Assume you are a good reader without credentials. 1) Learn to type. (Used manual portables cost $12 at the Sally Army.) 3) Get a temp job that requires typing. (Lie about your high school diploma. Since you are well dressed from the same Sally Army where you got your typewriter and have excellent communication skills -- these things are under your control -- it shouldn't be much trouble.) 2) Learn to word process. (Commodore 64's and used b/w TV sets cost $25 or less at flea markets. Running the tutorials at hourly PC rental places are pretty cheap as well. If you are a good typist, temp agencies will cross train you on PCs so they can rent your rear end out for more dough.) 4) Become an experienced (permanent) temp word processor on the night shift in the financial district of NYC making $22.50-$27.00/hour. ($18.00/hour -- days.) 5) Then become a (contract) tech writer and start to make more money. All that is necessary for the above is the ability to read and write fluently which is open to all persons of normal intelligence. But most choose not to learn those skills (which is why they pay so much in today's market). Similarly, most people are not interested in learning to compute and in getting wired. Instead they stand around an bitch about how their incomes are flat and they can't find work when they get laid off at 50. Hardly surprising. They've already established that they're dead from the neck up. I wouldn't hire them, why should anyone else. This is the phenomenon of the modern world. So many people one meets are pig ignorant. They are sitting under a waterfall of knowledge cascading over them in a volume unprecedented in human history and yet they contrive not to get wet. Meanwhile, we are told that the information have-nots are being denied access to the wonders of the information age. I'm very sorry but they have already rejected the wonders of the last information age that started 541 years ago with the publication of the Mazarin Bible. People who can't even bother to read and write will not be helped by our cash and Al Gore's preaching. You can lead a horse to water but you can't make him think. DCF "So Louis Freeh wants expanded wiretap authority. What's the matter? Craig Livingstone short of reading material"? From geeman at best.com Tue Jul 30 11:12:04 1996 From: geeman at best.com (geeman at best.com) Date: Wed, 31 Jul 1996 02:12:04 +0800 Subject: Implementing KEA in Software Message-ID: <01BB7DEE.844937E0@geeman.vip.best.com> ---------- From: source at iaccess.za[SMTP:source at iaccess.za] Sent: Monday, July 29, 1996 12:42 PM To: coderpunks at toad.com Subject: Re: Implementing KEA in Software The restricted hardware implementation of KEA classification does not affect us(people outside of the USA), and therefore is "unrestricted" to us in our minds, so please note, this request is only for those prepared to make it avalaible, not for those who want to let us know that it is restricted. You are asking if there;s someone around willing to commit espionage: releasing US Government Classified information? You are asking to illegally obtain US Government Classified documents? Ummmmm.... maybe you need to be a little more covert. Or perhaps you are just simply painfully unaware of the difference between US crypto export restrictions (ITAR), and laws pertaining to illegally obtaining and releasing Classified stuff. In ether case you don't look so good. Regards, The Power Team SMTP: source at iaccess.za HTTP: http://www.compusource.co.za FTP: ftp://ftp.compusource.co.za Tel: +27-21-75-9197 FAX: +27-21-72-8005 Postal: Building 6, Room 201, CompuSource (Pty) Ltd PO Box 510, Constantia, 7848, South Africa. (CompuSource reserves the right to change offers and methods of working without prior notice.) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQCNAzHb6qsAAAEEANeS5gaRlnPTnxvGNB/TUQyOlEli+EYyWZIrpadIuSZgKBsP RZIDlPohrgGudg59EZNlvQpWkdJIqOyal5UV9Dooz+iqMvwcVix6v6K8iwibM4Pq US9YmTOKKzVR4ffkn1gzdp/IhXbCkFIIkEUB/3chYm1jYkQsZSUBO7R8HxhRAAUT tB9Db21wdVNvdXJjZSA8c291cmNlQGlhY2Nlc3MuemE+iQCVAwUQMdvqrCUBO7R8 HxhRAQGSBAQAwDekrPCEc4SFCuUMjuiloztaxR8/TLnQLTM7TlYIReLss10a3SYT 8YmMGIgnv5MsuIVP0gD8ZWPhxHtuM//fCT+4hSHJ0aJ0DOqkE8o5JGCauxLdwWez MI5nbwasVgX5Ah/nEuTLfBF0cK4ifSOZB7VrmxASiaDy5EWqA/qCrtA= =RuFP -----END PGP PUBLIC KEY BLOCK----- From geeman at best.com Tue Jul 30 11:22:38 1996 From: geeman at best.com (geeman at best.com) Date: Wed, 31 Jul 1996 02:22:38 +0800 Subject: Implementing KEA in Software Message-ID: <01BB7DEF.366A1C00@geeman.vip.best.com> ---------- From: source at iaccess.za[SMTP:source at iaccess.za] Sent: Tuesday, July 30, 1996 2:37 AM To: coderpunks at toad.com Subject: Re: Implementing KEA in Software To make this quite clear...I am not anti any geographical space that has a name such as USA or any other name, as it is an inanimate substance. You would ONLY be right about classification and restrictions *IF* the information came from the USA, from a "restricted" or "classified" person, otherwise you are wrong. Remember not all info comes from the USA. No, but the KEA algorithms, the Skipjack algorithm used in the fortezza, etc. Were developed inthe US, by the NSA, with US dollars from taxpayers (for better or worse). THIS info does happen to be form, by and of the NSA, sorry. You are being childish. From rpowell at algorithmics.com Tue Jul 30 11:33:07 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Wed, 31 Jul 1996 02:33:07 +0800 Subject: New decency act court case Message-ID: <96Jul30.110635edt.20484@janus.algorithmics.com> >From the Nando Times. Formatted to my screen... Sorry about that. U.S. JUDGES DECLARE INTERNET DECENCY LAW UNCONSTITUTIONAL -------------------------------------------------------------------------------------------------------------------- Copyright �1996 Nando.net Copyright �1996 Reuter Information Service NEW YORK (Jul 29, 1996 11:35 p.m. EDT) - Federal judges Monday blocked enforcement of a new law aimed at regulating indecent material on the Internet because it bans constitutionally protected speech between adults. In its ruling, judges from the Southern District of New York granted an injunction sought by the editor of The American Reporter, an on-line newspaper, who argued that the law was too broad. The decision followed a ruling in June by a Philadelphia panel that also found a key part of the law to be unconstitutional. That ruling went farther than the one issued Monday by finding the law too vague as well as too broad. The Computer Decency Act of 1996 was passed overwhelmingly by Congress as part of the broader Telecommunications Act of 1996 and was signed by President Clinton on February 8. Because lawmakers expected immediate constitutional challenges they included provisions allowing swift appeals first through special panels and then directly to the U.S. Supreme Court. A key portion of the law, known as 223(d), makes it a crime to make indecent material available on computer systems that are accessible to children. The law provides for prison terms of two years and an $250,000 fine if indecent material is transmitted to minors. The New York panel said government attempts to limit offensive material to children would also place unacceptable restrictions on adults. It said the section not only regulates how pornographic material is sold and advertized, but "how private individuals who choose to exchange certain constitutionally protected communications with one another can do so. "The question presented is whether our Constitution tolerates this level of governmental intrusion into how adults speak to one another ... We reach the inescapable conclusion that 223(d) will serve to chill protected speech." The panel, which comprised Jose Cabranes of the Second Circuit Court of Appeals and District Judges Leonard Sand and Denise Cote, discussed software designed to enable parents to limit children's exposure to inappropriate material. "Indecent content on the Internet ordinarily does not assault a user without warning: a child cannot gain access to Internet content with the touch of a remote control and while accidental viewing of indecent content is possible, there is no evidence in this record to suggest that it is likely," the panel wrote. It said that while parents can take steps to restrict access by their children, content providers have no way of guaranteeing that indecent material will not reach a minor. The judges said that the only way a content provider would comply with the section would be to refrain from sending out the objectionable material. "Because adults would lack means of engaging in constitutionally protected indecent communications over the Internet without fear of criminal liability, the statute would unquestionably be unconstitutional," the panel said. From gkuzmo at ix.netcom.com Tue Jul 30 11:49:38 1996 From: gkuzmo at ix.netcom.com (George Kuzmowycz) Date: Wed, 31 Jul 1996 02:49:38 +0800 Subject: Privacy a thing of the past Message-ID: <199607301527.IAA20885@dfw-ix11.ix.netcom.com> No, it's not my opinion. The subject line is the title of a keynote session at the DCI Internet Expo in Boston on October 15-17. The talk is being given by a fellow named Jim Sterne, who is listed as president of something called "Target Marketing". I got the brochure for the show in this morning's mail. You can get further info at http://www.DCIexpo.com. The description of the talk begins with the intriguing line "Computing power allows us to stop treating people like numbers and go back to treating them like human beings -- individuals with specific likes, dislikes and points of view." But it ends with "Along the way, privacy will become a quaint sentiment." So I guess we treat people like human beings, but human beings whom we know everything about. Although this is a paid conference, they give out free tickets to the "expo". It's not clear whether the free ticket gets you into the keynotes, but that has usually been the case in the past. If you're in or near Boston on 10/17, you may want to share your views with Mr. Sterne. -gk- From hua at chromatic.com Tue Jul 30 12:01:43 1996 From: hua at chromatic.com (Ernest Hua) Date: Wed, 31 Jul 1996 03:01:43 +0800 Subject: Denning vs. Gilmore In-Reply-To: <199607300322.UAA02252@mail.pacifier.com> Message-ID: <199607301534.IAA03899@server1.chromatic.com> > > In some cases, that access must be surreptitious. > > But some of us consider such access to be unconstitutional, however "useful" > you may believe it to be. In the past, the government has had the extreme > luxury of not being forced to convince the public of its "right" to wiretap. > > Now, the advance of technology is forcing the question of such approval to > be answered, and the Denning-types are getting really worried that the > public isn't going to give that approval. Tough! While I may not necessarily agree that government has never been forced to convince the public (some courts, acting as an agent of the public on Constitutional issues, have ruled that wire taps should only be allowed on the narrowest of basis to avoid breach of privacy), I do feel that you have stated the most important point in terms of privacy violations. It is clear that law enforcement has used intercepts much more than it has been legally allowed. Afterall, if they truly ask a judge (and they even have stream lined courts just for this purpose) for every intercept needed, then they do not have to worry about capacity or escrowed length limits, right? The point is that they ARE exceeding the official count of intercepts, and they ARE trying to intercept without warrants. That is why they are asking for all of this. In the face of this overwhelming evidence of abuse, I absolutely refuse to give my keys to anyone without my personal review of the "evidence" against me. Ern From ericm at lne.com Tue Jul 30 12:18:56 1996 From: ericm at lne.com (Eric Murray) Date: Wed, 31 Jul 1996 03:18:56 +0800 Subject: Netscape Security Lies In-Reply-To: <199607300939.CAA24753@toad.com> Message-ID: <199607301530.IAA16533@slack.lne.com> source at iaccess.za writes: > > We have just tested Netscape's security page and it seems they are either lying > or have a major bug. > > All you have to do to confirm this is to go to their page > http://home.netscape.com/newsref/ref/netscape-security.html#test > and click on the link under the heading Testing the Secure Server link > "Here is a secure server you can visit. I checked this out with baited breath, hoping to find a juicy Netscape security hole as promised. Unfortunately, all it is is a mis-configured httpd server at rsa.com. It should be doing SSL but it's not. A bummer, but probably not a lie and certainly not a major bug. > We decided to test further and found that the RSA secure server is only SSL 2 > and SSL 3 which is what Netscape seems to be touting to the resting of the > world saying they have it NOW. Later, if not much later seems far more > realistic. Try ssl3.netscape.com:443. It's doing ssl3. > I do not like being lied to, mislead or steam rolled by, how about > you? Not at all. So quit doing it. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From sandfort at crl.com Tue Jul 30 12:45:27 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 31 Jul 1996 03:45:27 +0800 Subject: Taxes in the digicash world In-Reply-To: <199607301117.GAA06799@manifold.algebra.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 30 Jul 1996 ichudov at algebra.com asked: > ...how can the government TECHNICALLY collect taxes...when > transfers of money are protected by strong crypto[?] Igor answered his own question with regard to trying to tax digital money transactions at the bank level: > Of course these banks may be offshore, and then such collection > becomes problemstic. He then suggested: > Another alternative that I see is property taxes and poll taxes > or taxes on some commodities such as oil. But incomes seem to > be hard to track. Under a totally anonymous digital money scheme, directly tracking income becomes effectively impossible. One solution that is used in countries with historically low rates of tax compliance (e.g., France) is to base taxation on apparent wealth. Not very efficient. Commodity taxes--especially taxes on only one or a few commodities--create market distortions as people seek to minimize their tax load by commodity substitution (e.g., natural gas or ethenol for oil) or the use of black market sources (e.g., bootleg cigarettes.) Poll taxes are universally hated and trivially avoided. Their evil twin, head taxes, are likewise hated and only enforceable with mandatory universal identification. (In two months, the Mafia will be selling perfect forgeries supplied by the ChiComs.) If I were the government, I'd tax realty as my primary or only source of income. It *appears* "progressive" so it appeals to the lower class, but it is passed along to everyone in the form of higher commodity prices and rents. Realty can't be picked up and moved to another jurisdiction like personal property or people, so it is easier to hold as a tax hostage by government. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From junger at pdj2-ra.F-REMOTE.CWRU.Edu Tue Jul 30 12:50:07 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Wed, 31 Jul 1996 03:50:07 +0800 Subject: Netscape Security Lies In-Reply-To: <199607300939.CAA24753@toad.com> Message-ID: <199607301624.MAA15114@pdj2-ra.F-REMOTE.CWRU.Edu> source at iaccess.za writes: : We have just tested Netscape's security page and it seems they are either lyi : ng : or have a major bug. : : All you have to do to confirm this is to go to their page : http://home.netscape.com/newsref/ref/netscape-security.html#test : and click on the link under the heading Testing the Secure Server link : "Here is a secure server you can visit. It seems secure enough to me. It won't even let me make a connection, always saing that ``a network error occurred while Netscape was receiving data''. I am running the new non-export strength Netscape beta for Linux and have my cookies file set to ReadOnly. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From jimbell at pacifier.com Tue Jul 30 12:57:03 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 31 Jul 1996 03:57:03 +0800 Subject: Taxes in the digicash world Message-ID: <199607301610.JAA04666@mail.pacifier.com> At 06:17 AM 7/30/96 -0500, Igor Chudov @ home wrote: >Hi > >Suppose that digital cash becomes easy enough to use and becomes the >mainstream medium in most [or at least many] economic transactions. > >The question is, how can the government TECHNICALLY collect taxes? >I do not mean to start `libertarianism vs. socialism' discussion, I >am more interested in the technical aspects of tax collection when >transfers of money are protected by strong crypto.. > >Let's say, maybe this tax would work: every time someone verifies that >a piece of digital cash is valid, s/he has to pay the government a little >percentage of the amount. Since digital banks are easier to control than >other participants of the market, this kind of tax legislation is easier to >enforce. If, for every $1 somebody paid in taxes, he instead (or, in addition to) paid 10 cents to a fund to eliminate the tax collectors, at the end of that year he wouldn't be paying any taxes anymore. That's why AP will work so well. Jim Bell jimbell at pacifier.com From amehta at giasdl01.vsnl.net.in Tue Jul 30 12:59:56 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Wed, 31 Jul 1996 03:59:56 +0800 Subject: A Libertine Question Message-ID: <1.5.4.32.19960730154922.0030f230@giasdl01.vsnl.net.in> At 16:42 29/07/96 CST, Roy M. Silvernail wrote: >typical 'liberal' solutions to social problems seem (at least to me) all >centered around disallowing failure. ... >I like to point out that evolution always requires multiple generations, >and that when nothing dies, nothing evolves. Just a thought... Evolution also works better with a rich, diverse gene pool. If we define "failure" by the narrow standards of today's needs, and allow those who fail to die, we may be left with people completely unequipped to cope with the radically changed environments that future generations might face. "The first ones now may later be last, for the times, they are a-changing." BTW, have you read "Watership Down" by (forgot the first name) Adams? It illustrates what I am trying to say rather well. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From dkline at well.com Tue Jul 30 13:05:38 1996 From: dkline at well.com (David Kline) Date: Wed, 31 Jul 1996 04:05:38 +0800 Subject: Dry Under the Waterfall In-Reply-To: <2.2.32.19960730135447.0085571c@panix.com> Message-ID: You make some very good points about those too unsocialized, too unmotivated, too "declasse," as it were, to even enter the age of reading that began 500 years ago. A question though: What about the 3 million hard-working, reading, middle-class folks who have been downsized into oblivion the last three years alone? What about the tens of millions of readers who had the skills needed for the industrial age, but not for the information age? Well, change means pain, and we'll get to the millennium one way or another. But we can do it the hard way or the easy way. The hard way means severe social dislocation, possibly even threats to democracy. The easy way seems the smarter approach -- no serious effort at reforming education and at skills retraining has ever been undertaken, and it seems a better use of our tax dollars than most of the crap it's spent on now. David From amehta at giasdl01.vsnl.net.in Tue Jul 30 13:08:24 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Wed, 31 Jul 1996 04:08:24 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: <1.5.4.32.19960730155744.00313f30@giasdl01.vsnl.net.in> At 15:13 30/07/96 -0700, Timothy C. May wrote: > >It is imperative that Netscape, Microsoft, Qualcomm, and the other players >be pressured/urged/cajoled to commit to introducing strong, unescrowed >crypto for the *domestic* versions, even if not for export versions. I agree. Foreign buyers will look askance at software that is "second grade" in security terms, just so the US government can read their mail. This will encourage non-US software companies to fill the vacuum, and US companies will get pissed off and pull some strings in Washington. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From minow at apple.com Tue Jul 30 14:27:41 1996 From: minow at apple.com (Martin Minow) Date: Wed, 31 Jul 1996 05:27:41 +0800 Subject: NBC In-Reply-To: Message-ID: >So how was the tv hacker presentation? I was one interveiwed and was in >las vegas at defcon when it aired. I never saw the final product. > >se7en About what I expected: "We're only exploring, we're not trying to damage anything, etc." -- I didn't tape it so I can't give you more than that impression. Since I've been in this business for well over thirty years and, about ten years ago, had one of my systems infested by Kevin Mitnick, I'm not particularly sympathetic to the "we're just trying to learn" mentality -- if you want to learn, buy a PC and a Linux CD, write some code, give it away, and make a real contribution to the community. Martin. From mclow at owl.csusm.edu Tue Jul 30 14:29:48 1996 From: mclow at owl.csusm.edu (Marshall Clow) Date: Wed, 31 Jul 1996 05:29:48 +0800 Subject: Denning vs. Gilmore Message-ID: >Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore >over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do >citizens of the world have an "unalienable right" to privacy - or are there >reasons why governments ought to have access to our communications? This >debate will run daily through August 7. Follow along at >http://www.wired.com/braintennis/ > I especially like Dr. Denning's quote: >An encrypted global information infrastructure is without precedent in >world history. It allows individuals and groups, anywhere and any time, >to communicate securely and with total privacy across time and space. Now _there_ is a goal to shoot for! Minor comments: First, a historical question: What percentage of telegraph traffic was encrypted in the 1910s? A global information infrastructure (encrypted or not) is without precedent in world history, is it not? I noticed that she said "allows", not "would allow". That contradicts <>, doesn't it? -- Marshall Marshall Clow Aladdin Systems "We're not gonna take it/Never did and never will We're not gonna take it/Gonna break it, gonna shake it, let's forget it better still" -- The Who, "Tommy" From m5 at vail.tivoli.com Tue Jul 30 14:49:10 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 31 Jul 1996 05:49:10 +0800 Subject: Dry Under the Waterfall In-Reply-To: Message-ID: <31FE3BD8.5445@vail.tivoli.com> David Kline wrote: > Well, change means pain, and we'll get to the millennium one way or > another. But we can do it the hard way or the easy way. The hard way > means severe social dislocation, possibly even threats to democracy. The > easy way seems the smarter approach But there's absolutely no reason to believe it'll work. I mean, heck; people successful enough to become *legislators* are unlikely to use on-line media. > no serious effort at reforming education and at skills retraining has > ever been undertaken Have a nice life trying to reform American education. We're stuck with the dream system of 1840 right now, and people still seem to look back to "the good old days". There's no political capital in "let's make our educational system more sophisticated", but there's plenty of it in "let's get back to the basics in our education system". People generally learn to read because they want to, education system or no. A child or adult ready & willing (& without some physical disability) can get going in a couple of weeks. The drudgery of early elementary school has little to do with it. > and it seems a better use of our tax dollars than most of the crap > it's spent on now. Here's a novel idea: why not just refund our tax dollars instead of spending them on a wacko boondogle like dropping a network appliance into every home? (What's the actual---like, *real*---penetration of Minitel? I don't care about how many French households have a terminal; how many French people are real active users? Can you be a content provider with Minitel?) ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From tcmay at got.net Tue Jul 30 15:16:13 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 31 Jul 1996 06:16:13 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: At 3:57 PM 7/30/96, Arun Mehta wrote: >At 15:13 30/07/96 -0700, Timothy C. May wrote: >> >>It is imperative that Netscape, Microsoft, Qualcomm, and the other players >>be pressured/urged/cajoled to commit to introducing strong, unescrowed >>crypto for the *domestic* versions, even if not for export versions. > >I agree. Foreign buyers will look askance at software that is >"second grade" in security terms, just so the US government can >read their mail. This will encourage non-US software companies to >fill the vacuum, and US companies will get pissed off and pull >some strings in Washington. Exactly. Having a U.S. version, without any limits on crypto and without any software key escrow (GAK), and then having a "for export" version, with keylength limits and/or mandatory registration of keys with the U.S. National Security Agency.... Well, what this would do is to basically drive sales of the "NSA" version to near zero. Between customer distaste for an NSA version, I can imagine many foreign governments not being too pleased to see this product being used by its citizens. (We've discussed this many times, since software key escrow came to our attention in 1993. Imagine the reaction of the United States government if American corporations adopted a French software product which automatically gave access to American trade secrets to DGSE ( Direction Generale de Security France Securite Exterieure), their primary spy agency, and RG (Direction de Renseignement), their economic intelligence agency. France is well-known for spying on U.S. businesses (a la the Air France case), and would no doubt be thrilled to have a "French-GAKked" program in wide use in the U.S.) This point has been raised by us many times. And, to be fair, this point is not lost on the NSA/Freeh/Denning/Gorelick crowd, I am sure. That is, they would not countenance the importation into the U.S. of "Iraq-GAKked" and "China-GAKked" programs, for example. So, what's the deal? The resolution of this quandary almost certainly lies in an "international agreement," along the lines of the various key escrow meetings which have been held (Karlsruhe in '93, Washington in '94, etc.). A "New World Order" solution, with complicated reciprocal agreements about whom the trusted key authorities might be, how nations could gain access, etc. (These relationships are too complicated for my brain to handle...how, for example, would one come to an agreement with Libya? What about Cuba, given that many of our nominal allies trade freely with Cuba and chafe when we try to get them to join our boycotts?) Such an international deal would almost certainly mean that even fully-domestic versions of software would have to be GAKked. Hence the need for us to pressure Netscape, Microsoft, Qualcomm, Novell, etc. *not* to play ball on this. This would then "marginalize" the European and Asian customers of a special "NSA-readable" version of their products, and would likely derail the whole thing. ObMartialLaw: Clinton is pushing to have new "anti-terrorist" legislation passed *this week*, according to CNN. He wants "memories to be fresh." Joe Biden wants exanded roving wiretap laws and restrictions on efforts to "circumvent" wiretaps. Feinstein wants bomb instructions banned. And so it goes. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Tue Jul 30 15:21:03 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 31 Jul 1996 06:21:03 +0800 Subject: You know it's getting late when... Message-ID: <199607301743.KAA10519@mail.pacifier.com> Last night on (as I recall) the CBS evening news, I heard a comment by a reporter that further reinforces my opinion that "they just don't get it." The reporter was talking about terrorism versus the amount of "security" applied, and he was pointing out that Americans know the bombing had occurred in Saudi Arabia "despite the fact that political opposition there is practically illegal." (fairly close quote) Huh? "despite the fact that political opposition there is practically illegal"? "Despite"? Suggesting, apparently, that the more oppressive the rule, the LESS likely violent opposition is expected to be? I suggest a rewording: "the bombing in Saudi Arabia occurred BECAUSE OF the fact that political opposition there is practically illegal." Ostensibly, one of the reasons for having a free and fair political system is so people will not be inclined to throw bombs and plot violent revolution. Grandly ignoring this, that reporter seems to take the diametrically opposite tack: A totalitarian government can best avoid bombings and violence. Where do these people learn their political theory? One frequent line among reporters is that terrorism used to always be something that occurred elsewhere, not in America. Yet another thing that "never" seemed to happen is when nominally patriotic, even conservative people talk of throwing out the government due to oppression. (Such an activity is thought of as primarily the function of the young, usually the liberal, as in the civil rights and anti-war demonstrations of the 1960's.) I wonder when it will occur to these reporters that there may actually be a connection there somewhere! If anyone out there still doubts that the time for my "Assassination Politics" idea will never come, I claim that it's later than you think. Jim Bell jimbell at pacifier.com From blancw at MICROSOFT.com Tue Jul 30 15:32:58 1996 From: blancw at MICROSOFT.com (Blanc Weber) Date: Wed, 31 Jul 1996 06:32:58 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: >From: tcmay at got.net > >Such an international deal would almost certainly mean that even >fully-domestic versions of software would have to be GAKked. > >Hence the need for us to pressure Netscape, Microsoft, Qualcomm, Novell, >etc. *not* to play ball on this. This would then "marginalize" the European >and Asian customers of a special "NSA-readable" version of their products, >and would likely derail the whole thing. .......................................................... Deja-vu. Not to take away from the importance of this subject or any of the fine points which Tim has made, but it looks like it's time for the CPunk Annual August GAK Discussion on back-door deals, the NSA, and the Big Software Companies. :>) .. >Blanc > From pjn at nworks.com Tue Jul 30 15:40:55 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Wed, 31 Jul 1996 06:40:55 +0800 Subject: Terrorists are adult Message-ID: In> An interesting theory, which my experience supports. In> I started with model rocketry, and then discovered that it was more In> fun to blow the rockets up, rather than have them come back to earth. In> (You don't have to sweat the construction details as much, either) In> About the time I turned 21, I lost interest in making exploding In> rockets and blowing craters in sand dumes. You may be interested i knowing that Palladin Press sells a book on converting model rockets into SAM and SSM's... P.J. pjn at nworks.com ... I am Jesus of Borg. Blessed are they who are assimilated. ___ Blue Wave/QWK v2.20 [NR] From rmartin at aw.sgi.com Tue Jul 30 15:41:38 1996 From: rmartin at aw.sgi.com (Richard Martin) Date: Wed, 31 Jul 1996 06:41:38 +0800 Subject: Smart cards "a giant leap backwards" - Canadian Privacy Commissioner Message-ID: <9607301423.ZM21073@glacius.tor.aw.sgi.com> Very little that might be new or enlightening to the world; attendees of CFP '96 will remember [fuzzily, in my case] the closest thing to Bruce's counterpart in the states admitting that the USA doesn't actually have much of a counterpart to the privacy commissioner. http://www.thestar.com/thestar/editorial/news/960730A01_NA-PRIVACY30.html [This is Canada's commissioner, not Ontario's.] frodo -- Richard Martin [not speaking for a|w] rmartin at aw.sgi.com http://reality.sgi.com/rmartin_aw/ Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team] From shamrock at netcom.com Tue Jul 30 15:52:08 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 31 Jul 1996 06:52:08 +0800 Subject: Taxes in the digicash world Message-ID: At 6:17 7/30/96, Igor Chudov @ home wrote: [...] >Another alternative that I see is property taxes and poll taxes,or >taxes on some commodities such as oil. But incomes seem to be hard to >track. What you also will see is an increase in sales tax. You still got to buy groceries locally. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From frissell at panix.com Tue Jul 30 15:52:23 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 31 Jul 1996 06:52:23 +0800 Subject: Dry Under the Waterfall Message-ID: <2.2.32.19960730180444.0086bcf8@panix.com> At 08:57 AM 7/30/96 -0700, David Kline wrote: >A question though: What about the 3 million hard-working, reading, >middle-class folks who have been downsized into oblivion the last three >years alone? What about the tens of millions of readers who had the skills >needed for the industrial age, but not for the information age? I mean actual ability to read and write *meaningfully*. Not the official "literacy" handed out in thousands of local institutions designed to produce mental retardation in this country. It is a skill almost are capable of (most had it in 1856 -- we know this because we can read the Lincoln-Douglas debates), but monopoly government institutions can no more make genuine literacy than they can make decent steel. >Well, change means pain, and we'll get to the millennium one way or >another. But we can do it the hard way or the easy way. The hard way >means severe social dislocation, possibly even threats to democracy. The >easy way seems the smarter approach -- no serious effort at reforming >education and at skills retraining has ever been undertaken, and it seems >a better use of our tax dollars than most of the crap it's spent on now. H.L. Mencken (always an optimist) said that a significant improvement in the quality of American education could only be achieved if you dynamited all the schools and shot all the teachers. Whether that is true or not. The governments have had the minds of our children since 1870 or so. If they haven't done a better job than this perhaps it is time to retire them. DCF From frantz at netcom.com Tue Jul 30 15:54:48 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 31 Jul 1996 06:54:48 +0800 Subject: Paranoid Musings Message-ID: <199607301811.LAA28373@netcom7.netcom.com> Sometimes paranoia strikes. Since these musings are crypto related, I thought I would share them. (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? We know that a university CS student can break one message in a week using the universities farm of workstations. But, our foremost reputation agency for crypto strength, the ITAR, allows systems with RC4-40 to be exported. What does this mean? I combine the above with Whit Diffie's observation that, while crypto users are interested in the security of *each* message, organizations which monitor communications want to read *every* message. A TLA interested in monitoring communications would need to crack RC4-40 much faster than 1/week. Now expensive specialized cracking equipment can certainly speed up the process, but there may be a better way. If cryptanalysis of RC4 yields techniques which make the process much easier, then it is the ideal cypher to certify for export. The paranoid conclusion is that there is a significant weakness in RC4. (2) What did Microsoft give up to export its crypto API? Well, if you were a TLA, what would you want. I think I would want an agreement to be able to insert my own code in that vendor's products. Then I would be able to have widely distributed Trojan horses signed by the vendor. I would have the opportunity to significantly weaken standardized crypto systems installed world wide. Conspiracy theorists, start your mailers. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From mpd at netcom.com Tue Jul 30 15:56:01 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 31 Jul 1996 06:56:01 +0800 Subject: VISA Travel Money Message-ID: <199607301755.KAA10273@netcom23.netcom.com> Happened to browse the VISA Web site last evening to read about the new microprocessor-based VISA Cash Cards that are being accepted in lieu of small change at the Olympics in Atlanta. While there, I noticed a new product that VISA is about to introduce. Called "VISA Travel Money", it is a pre-paid card with a user-selected PIN which one can simply purchase at a participating financial institution, just like Travelers Checks. One can then use it at any of the 250,000 ATMs in 89 countries until the amount one paid for it has been extracted, after which, one presumedly tosses it. Since the card is pre-paid, and does not involve the extension of credit, I would think that a "nym" would have no difficulty in purchasing one. Seems like a convenient way to keep moderate amounts of cash in a form which cannot be easily stolen, nor perused by the Feds. I wonder if an SSN is required at the time of purchase? In any case, http://www.visa.com/ and a few clicks will get you all the available information. VISA Travel Money: No Horseman should leave home without it! :) From m5 at vail.tivoli.com Tue Jul 30 16:00:10 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 31 Jul 1996 07:00:10 +0800 Subject: New Anti-Terrorism Pact Message-ID: <31FE4E68.184B@vail.tivoli.com> >From the Reuters story: > The ministers also vowed to prevent extremists from using the Internet > computer network to plan attacks and spread bomb-making instructions. Yawn. [ ... I guess they'll have to rough it and use the phone. ] ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From stewarts at ix.netcom.com Tue Jul 30 16:27:13 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 31 Jul 1996 07:27:13 +0800 Subject: Digital Watermarks for copy protection in recent Billbo Message-ID: <199607301939.MAA08382@toad.com> >Now, would you mind doing a little translation (for the laymen), >since I didn't understand? We did Fourier transforms in third--or-fourth semester calculus in college, but then I _was_ an engineer; electrical engineers would go on to do lots more of this stuff, since frequencies and waveforms are their territory. Essentially, you can look at "most" continuous functions in normal time-space, or you can represent them in a frequency space instead, and you can reproduce the original function by transforming from the frequency space back to the time space. The "Lebesgue" bit is a precise definition of "most". (For most of the math I did in college, "Lebesgue" was a phrase meaning "/* you are not expected to understand this */", and it and Measure Theory got trotted out to clarify rigorously when functions are well-behaved enough for the stuff we were learning to apply. Most functions you use are Lebegue integrable, unless you use stuff like "f(x) = 0 if x is rational and 1 if x is irrational".) Discrete Fourier Transforms are a related analysis technique that work on sets of numbers such as equally-spaced samples from a continuous function. The Fast Fourier Transform is a particularly efficient way to do DFTs, which was a breakthrough that made them practical to do on computers, and Jim was reminding the previous poster that for the problem at hand, determining the frequency spectrum of whatever-it-was, that DFTs aren't what you need; you need the regular continuous Fourier transform. At 01:04 PM 7/29/96 +0000, you wrote: >> Jim Choate writes: > >> You want a continuous Fourier transform, not a discrete one, to >> determine the frequency spectrum of the waveform being sampled. >> The FFT is simply an algorithm for computing the DFT without >> redundant computation. In general, any Lebesgue integrable >> complex function will have a Fourier transform, even one with a >> finite number of discontinuities. The reverse transform will >> faithfully reproduce the function, modulo the usual caveats about >> function spaces and sets of measure zero. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From deviant at pooh-corner.com Tue Jul 30 16:27:24 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 31 Jul 1996 07:27:24 +0800 Subject: Source Codes in C or Pascal In-Reply-To: <01BB7E24.F8E80BE0@ip74.i-manila.com.ph> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 28 Jul 1996, Jerome Tan wrote: > Date: Sun, 28 Jul 1996 15:42:41 +0800 > From: Jerome Tan > To: "'cypherpunks at toad.com'" > Subject: Source Codes in C or Pascal > > Does anyone knows where to find source codes of sample encryption programs? I just wanted to know how they work... Thanks in advance! > > Any good cryptography book should have code in it. Look in "Applied Cryptography" by Bruce Schneier (sp?), it has lots of it in the back of the book. --Deviant This novel is not to be tossed lightly aside, but to be hurled with great force. -- Dorothy Parker -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMf5hxTAJap8fyDMVAQG4NQf+LyzI3NxQ2BHJi202vWvKd+ERVibyhSay oKSAGALec87G7Y1A0Syhioqao1YFjIzYuRDWCuB4RFI9TmXXmDzU7YhLkqKMvX+Q lFnysk3Z3vFx2Y5WM/KaBujIpSA9Kdyjk12jFPTUmD0s7hvl9tL54CTLPW27AYrv u79lYrDgRB/nuGFmLt6j9ZrCtyVYu5yehRUffsKsdHSIKmV4s6i61lPBPQWmdHIt /fk0f1GasdZpeOKoxkMtE6kGR3nhxKe+Dtio5942h5fHA5MxDGQZKlgOUXYgAmiu yyYRqY7H2OwRSG3MHnoUrn5LMo8MqauEEuQIXKvD8N8ip7tkQv797A== =nF0x -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Tue Jul 30 16:29:32 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 31 Jul 1996 07:29:32 +0800 Subject: TLAs on cypherpnks (was R Message-ID: <199607301939.MAA08395@toad.com> At 05:35 AM 7/30/96 -0500, pjn at nworks.com wrote: > In> Is this the first confirmed report of TLA cypherpunk-monitoring? > Might be the first reported, but many people probably thought it was... > I did... ABout N years ago, when you could still read all of Usenet if you really wanted, and when Usenet mostly was carried by telephone rather than NNTP, there were a few places that got their newsfeeds by weekly magtape. One of them was Australia. Another was the FBI..... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From sunder at amanda.dorsai.org Tue Jul 30 16:30:40 1996 From: sunder at amanda.dorsai.org (Ray Arachelian) Date: Wed, 31 Jul 1996 07:30:40 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: Message-ID: On Mon, 29 Jul 1996, David Sternlight wrote: > Let those who passed basic English use the skills they were taught. Freeh > said, and I repeated, that the system wasn't designed to prevent determined > criminals from using robust crypto. Yes, and the implication is this: the system was designed to prevent law abiding folk from using robust crypto, and to allow the TLA's and LEA's to snoop on them. Ya just gotta luv ol' Lou Freeh, why it warms my heart to know his intentions, or was that my asshole, I get soo conf00sed sometimes.... NOT! > You are either dense or obfuscating. The point has now been made repeatedly > that the issue isn't the disappearance of stand-alone niche crypto, but > prevention of robust, built-in, unescrowed crypto, transparently usable in > exported copies of Microsoft Word, Netscape, Eudora, etc. Read the previous > sentence until you understand it. Gee, um, is there really that much of a difference? Regardless of whether he misinterpreted or missed your point, without built in strong crypto in such staples as Word, Netscape, Eudora, etc, without easily invoked "Press this button" transparent, but strong crypto, the issue is moot. Joe Sixpack won't be able to protect his privacy effectively, and so out of Joe's lack of geek skills, Lou C. Furr Freeh can read Joe's email and his loveletters, and listen in on Joe's phonecalls whenever he gets the urge. And Lou, like all his kind does have that urge. Too often. It seems you sir have missed THAT point. Was it that you missed it on purpose? Or out of ignorance? One of the majorly useful tactics is to make it hard for someone to use crypto - if you do, they aren't likely to use it, this makes your, I mean Freeh's job much easier. So what if there are some cypherpukes out there, they're only a handfull and surely they're easily dealt with, and easily tracked by regular means, and well, if they get out of line, they can be dealt with. Just have to join the list and watch them. Divide and conquer. Divide the tools Joe Sixpack would use from those that would make them spook-proof and you can conquer Joe's privacy easily. ========================================================================== + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK|AK| do you not understand? |======= ===================http://www.dorsai.org/~sunder/========================= Key Escrow Laws are the mating calls of those who'd abuse your privacy! From aba at atlas.ex.ac.uk Tue Jul 30 16:35:22 1996 From: aba at atlas.ex.ac.uk (aba at atlas.ex.ac.uk) Date: Wed, 31 Jul 1996 07:35:22 +0800 Subject: crypto CD source Message-ID: <16689.9607301944@exe.dcs.exeter.ac.uk> Some time ago on the list there was some discussion of putting together a CD full of cryptographic software and reference material. Nothing came of it, but I think several people expressed an interest, for those of you who were interested, take a look at: http://www.sevenlocks.com/ Only problem is the price: http://www.sevenlocks.com/Encyclopedia.htm Single issue $195 One-year subscription (4 issues) $695 ($174/issue) Two-year subscription (8 issues) $995 ($124/issue) Ouch! Bit pricy, perhaps they justify it by the value added information they've supplied? Interesting that they keep the information up-to-date, one issue per quarter. They have a large supply of crypto software available on-line as well. (No mention of ITAR on their software down load pages (78 Mb of security related software they claim), and it looks you could download the lot even if you weren't in the US). Adam -- #!/bin/perl -sp0777i Message-ID: At 11:47 AM -0400 7/30/96, Sandy Sandfort wrote: > If I were the government, I'd tax realty as my primary or only > source of income. It *appears* "progressive" so it appeals to > the lower class, but it is passed along to everyone in the form > of higher commodity prices and rents. Realty can't be picked up > and moved to another jurisdiction like personal property or > people, so it is easier to hold as a tax hostage by government. Sometimes, in my wilder moments, I think about it this way: Agriculture created cities, where the "government", actually large landowners, relied on implicitly forcible payments-in-kind of agricultural produce. Industrialism (Maybe. Maybe printing did.) created nation states, which rely on forcibly obtained taxes on cash-flow and financial assets. Maybe, in a financial cryptography -enabled geodesic economy, cashflow and financial asset taxation become impossible as a revenue source for anything but the propigation and/or regulation (probably private) of cashflows and financial assets themselves ;-). The phrase "Government services" becomes exposed for the oxymoron that it really is under this scenario. There'll be no way to compel payment for these "services", so they'll be forced to prove their usefulness in a market of some kind. They'll have to earn their money the old fashioned way. I expect that large economic entities may exist, the way cities and nation-states do, but they won't be geographic in nature, because location ceases to be as economically important as it is in agriculturalism, where land is the source of all wealth, or as it is in industrialism, where actual physical positions in distribution and information heirarchies are so important. (The three laws of retail, and all that...) It's even hard for me to see large permanent entities as salient features of such an economy. That is, each entity will be more like an ad-hoc partnership of other smaller entities, which goes away after its specific financial purpose has been completed. We're experimenting with those "virtual" organizations now, and the word "syndicate" will probably reemerge as the dominant way of doing larger business projects. The financial and entertainment markets work this way a lot, and, even though large corporations exist in those markets, lately there's been a proliferation of smaller and smaller firms as information technology enables their creation. Permanence is a function of physical reality, and information, because it's not physical, is not permanent. It is always in the process of becoming something else. So, real estate taxes may be the only thing left, but they might be used for really trivial stuff, like very local roads, infrastructure (dark fiber maintenance? :-)), etc., and not much else. Kind of like local irragation committees in third world countries (or New Mexico ;-)) devolved from the water-monopoly "states" of places like ancient Mesopotamia, Egypt or China. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From eli+ at gs160.sp.cs.cmu.edu Tue Jul 30 16:58:40 1996 From: eli+ at gs160.sp.cs.cmu.edu (eli+ at gs160.sp.cs.cmu.edu) Date: Wed, 31 Jul 1996 07:58:40 +0800 Subject: "Soft Targets" as Schelling Points In-Reply-To: <+cmu.andrew.internet.cypherpunks+ElzJw:G00UfAA10Qt9@andrew.cmu.edu> Message-ID: <199607302102.OAA11058@toad.com> Tim May writes: >Schelling points need not involve "coordination" between actors, though >Schelling points provide one means of coordination without communication >(e.g., where does each think a meeting will occur). > >Schelling points are like "The Match Game" (an old t.v. show largely >written by one of the main contributors to "Mad Magazine"). Namely, "Name >a place likely to be attacked by terrorists." This isn't EconPunks, so I'll just say I haven't seen the term used except in the context of tacit coordination (see for some examples). There is some coordination here, I guess: terrorists and television crews both benefit from being in the same place when the bomb goes off. But this probably isn't a driving motivation for either. -- Eli Brandt eli+ at cs.cmu.edu From jya at pipeline.com Tue Jul 30 17:00:46 1996 From: jya at pipeline.com (John Young) Date: Wed, 31 Jul 1996 08:00:46 +0800 Subject: CPC_ode Message-ID: <199607302100.VAA02602@pipe2.t1.usa.pipeline.com> AmBank, July 29, 1996: Technologists at banks with large overseas operations have drawn encouragement from a National Research Council report suggesting that businesses be allowed stronger forms of data encryption. Although financial transactions are generally exempt from encryption restrictions, bankers advocate more freedom in the market. They complain that government officials often refuse their requests for international use of applications with strong cryptography -- and give no reasons for their decisions. NiSaShi, July 23, 1996: Japan ID Tech, an Osaka-based information technology startup, has developed a system for encoding text as graphical images that can be sent via fax over normal communications transmission lines. The system consists of software that converts text to a two-dimensional bar code called a CP code, which is gaining popularity as a next-generation coding system. The company's encoding program also incorporates DES. MiPa, July 29, 1996: Patent: Method and system for key distribution and authentication in a data communication network (IBM). Inventors: Bjorklund, Ronald E.; Bauchot, Frederic; Wetterwald, Michele M.; Kutten, Shay; Herzberg, Amir. ----- http://jya.com/cpcode.txt (for 3, 11 kb) CPC_ode From WlkngOwl at unix.asb.com Tue Jul 30 17:01:01 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 31 Jul 1996 08:01:01 +0800 Subject: TLAs on cypherpnks (was R Message-ID: <199607302117.RAA14640@unix.asb.com> A story I heard: During a privacy conference back when Clipper was first proposed (about 3 yrs ago) people were questioning an NSA rep about escrow. He started off his rebuttal by asking "Is Sternlight here?" and then contined his reasoning as to why Clipper was a good thing. Don't know if this actually happened, but I'm sure if it did some here would remember it. --Rob On 30 Jul 96 at 5:35, pjn at nworks.com wrote: > In> Is this the first confirmed report of TLA cypherpunk-monitoring? > > Might be the first reported, but many people probably thought it was... > I did... --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From stephen at iu.net Tue Jul 30 17:13:06 1996 From: stephen at iu.net (Stephen Cobb) Date: Wed, 31 Jul 1996 08:13:06 +0800 Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI Message-ID: <1.5.4.32.19960730213130.005d75f0@iu.net> At 09:33 PM 7/26/96 -0700, you wrote: >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY >CAN TRACK YOU DOWN AND CLOSE THIS LIST. > As a Certified Information Systems Security Professional I am sworn to uphold a professional code of ethics. I have pledged to help my clients protect the privacy of their information. I do not consider the free exchange of ideas as inconsistent with that plegde or those ethics. Please feel free to email me directly with a statement of your specific fears and concerns and I am sure I can allay them. Otherwise I suggest you spend some time studying the US constitution and contemplating the personal sacrifices made those who are dedicated to defending it. Respectfully...Stephen From stewarts at ix.netcom.com Tue Jul 30 17:28:53 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 31 Jul 1996 08:28:53 +0800 Subject: Returned mail.No such addressee Message-ID: <199607302036.NAA10469@toad.com> At 02:58 PM 7/30/96 +0200, somebody signing a message as Remo Pini wrote: > Actually the archives from ftp.dsi.unimi.it have moved to: > ftp://idea.sec.dsi.unimi.it/pub/ > It's a very large repository and to hell with ITAR, it's italian. And it's got a set of mirrors for many of the other popular sites as well. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From perry at piermont.com Tue Jul 30 17:32:16 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 31 Jul 1996 08:32:16 +0800 Subject: Dry Under the Waterfall In-Reply-To: <2.2.32.19960730135447.0085571c@panix.com> Message-ID: <199607302032.QAA03561@jekyll.piermont.com> Duncan Frissell writes: > Now, even though the net is more graphical, it still lacks appeal for 95% of > the population (or at least enough appeal to get them on to it). Untrue, Duncan. Far more than 5% of the population is online already, and the numbers are expanding rapidly. Soon even the semi-literate will be on line, if only so they can get the latest pornography and sports videos. I agree, however, with your point that the "information have nots" aren't going to be helped by any handout program. I have friends who started out dirt poor using the Net from their fifth floor walkup apartment in tenements in Hell's Kitchen with ancient used equipment, and who now have decent jobs paying well over national average doing -- what else -- net related work. Its entirely a question of personal motivation. Perry From frantz at netcom.com Tue Jul 30 17:34:39 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 31 Jul 1996 08:34:39 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: <199607302110.OAA05638@netcom8.netcom.com> Someone asked a few days ago what US companies are doing to oppose ITAR. many of them are taking public positions on the ProCODE bill. Another of the things they are doing is deploying strong crypto domestically. (Arun Mehta and Tim May have detailed the mechanisms why this domestic deployment will have world-wide impact.) Here is a start at a list of such companies: Community ConneXion - Too much to mention, Thanks Sameer IBM - The Anarchistic Key Authorization system (from U of Texas), see 6th Usenix Security Symposium proceedings Netscape - SSL PGP Inc - 'nuff said Sun Microsystems - SKIP implementation, PGP v3 implementation Please add to the list. We should recognize and remember our friends. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From maldrich at grci.com Tue Jul 30 17:35:34 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Wed, 31 Jul 1996 08:35:34 +0800 Subject: mailing list In-Reply-To: Message-ID: On Mon, 29 Jul 1996, Dan Harmon wrote: No, no, no.... The correct question is, "Are you a good witch, or a bad witch?" (remember, house dropping on GAK policy wonks counts for five extra bonus points) > Are you a good turtle? > > On Mon, 29 Jul 1996, Darryl Gittins wrote: > > > > Hey... > > > > how do I get on the mailing lissst....? ------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich at grci.com | |the unfettered speech the First Amendment|MAldrich at dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From jimbell at pacifier.com Tue Jul 30 17:44:20 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 31 Jul 1996 08:44:20 +0800 Subject: Denning vs. Gilmore Message-ID: <199607302145.OAA24372@mail.pacifier.com> At 09:54 AM 7/30/96 -0700, Marshall Clow wrote: >>Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore >>over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do >>citizens of the world have an "unalienable right" to privacy - or are there >>reasons why governments ought to have access to our communications? This >>debate will run daily through August 7. Follow along at >>http://www.wired.com/braintennis/ > >I noticed that she said "allows", not "would allow". That contradicts ><>, doesn't it? Quite! I wish somebody would ask her why such a tiny fraction of the population (government functionaries, and a small fraction of them to boot!) should get their way and force (with varying degrees of the word, force) their idea of heaven on the rest of us. Despite their claims of an "emerging consensus", only an extraordinarily small group thought up GAK and has been promoting it. Whatever benefits are claimed for that system, I've always contended that we (as citizens; or, as individuals) should have the right to reject it. Are they unwilling to take NO for an answer? Jim Bell jimbell at pacifier.com From stephen at iu.net Tue Jul 30 17:47:28 1996 From: stephen at iu.net (Stephen Cobb) Date: Wed, 31 Jul 1996 08:47:28 +0800 Subject: fbi, crypto, and defcon Message-ID: <1.5.4.32.19960730213125.0038d8ec@iu.net> At 04:29 AM 7/30/96 -0700, Cerridwyn Llewyellyn wrote: > >At this year's DefCon (last weekend), there were two speakers from the >recently created FBI San Francisco Computer Crime division. they were there >as spokesmen for the FBI, but people could talk to them later and ask any >questions they liked, and "the answers may surprise you". Evidence that >maybe some goons really do have a clue, but are still too afraid to do >anything about it... //cerridwyn// I thought it was pretty cool that they even showed up, and the respect they showed for people with good technical skills was, IMHO, impressive. They were candid about the role they play and stood by the code of behaviour they are sworn to uphold. We simply don't have enough information to judge them. These guys may be campaigning for political change in their spare time. They are enforcing laws passed by a democratically elected government, which is not perfect, but a long way from tyranny. They made the point, several times, that if we don't like the laws we are free to try and get them changed, which some of us are trying to do. Okay, so their boss is part of the law making process, subject to the checks and balances that exist between the three branches of US government. They are in a position to supply their boss with data and I am personally impressed with their grasp of some of that data (it sounds to me like they are telling their boss that hackers like the ones at Defcon are not the problem). All of us who have some understanding of these issues need to do our best to educate the public and the politicians, even if we have to start from the "See Jane hack" level (pun intended). Otherwise dumb laws will be passed and then we will have to engage in mass civil disobedience (which I have personally done in the past). Stopping bad laws from becoming law is a lot easier than overturning them later. Respectfully...Stephen (hacker jeopardy scorekeeper) From david at sternlight.com Tue Jul 30 17:52:33 1996 From: david at sternlight.com (David Sternlight) Date: Wed, 31 Jul 1996 08:52:33 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Preface: Having weathered the storm of personal attacks, I've concluded that most of what is on this list _right now_ is of insufficient interest to what I'm currently working on to continue, so I've unsubscribed (there's too much traffic to let it be). I will see the occasional posts copied to me and respond, Posts allegedly from me, if not signed, are forgeries until I post a signed notice that I have rejoined the list. Thanks for listening; David At 12:37 PM -0700 7/30/96, Ray Arachelian wrote: >On Mon, 29 Jul 1996, David Sternlight wrote: > >> Let those who passed basic English use the skills they were taught. Freeh >> said, and I repeated, that the system wasn't designed to prevent determined >> criminals from using robust crypto. > >Yes, and the implication is this: the system was designed to prevent law >abiding folk from using robust crypto, and to allow the TLA's and LEA's >to snoop on them. Close. For "designed to prevent" read "not make available from the US", and for "folk" read "foreigners". There's no earthly reason the US should assist foreigners in thwarting US intelligence efforts. As readers know, I am opposed to mandatory domestic key escrow. David -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMf58VkwgH+NYrQ81AQHyKQP+LLt0G6HQ3D7S27QqCntxSi2F7/UGHJXj JXZLrLaw5/7gWa/vC/caO34ZX+MNhH6r3gjC61iYTlyKxz2Y14CIM1bJQJgfKfiF hpTCZkbQRcq6cuRkpWibeoGWHjh/m0uvexgZlNUrzxX4cwibakKZZvyWKdTqRHTH c2jX1YTP0/s= =6vhi -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Tue Jul 30 17:52:45 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 31 Jul 1996 08:52:45 +0800 Subject: Taxes in the digicash world Message-ID: <199607301939.MAA08390@toad.com> SUMMARY: A: Quotation. B,C,D: usual rehash E: Interesting conclusions A) At 06:17 AM 7/30/96 -0500, ichudov at algebra.com (Igor Chudov) wrote: >The question is, how can the government TECHNICALLY collect taxes? .... >Let's say, maybe this tax would work: every time someone verifies that >a piece of digital cash is valid, s/he has to pay the government a little >percentage of the amount. Since digital banks are easier to control than >other participants of the market, this kind of tax legislation is easier to enforce. .. >Another alternative that I see is property taxes and poll taxes, or >taxes on some commodities such as oil. But incomes seem to be hard to track. B) Basically, you can either tax income, consumption, transactions, ownership, and the right to do business. Ownership of land and easily traced tangibles, like houses and cars, still works, but isn't a big enough source of revenue for current government appetites, and taxing consumption (i.e. purchase) of these items is also revenue-limited. US-based corporations are regulated - by taxing profits, they're given an incentive to report all their consumption, generating a recording stream that fingers employees, contractors, and other corporations, making their incomes more visible. Similarly, business licensing raises the visibility of people who might otherwise engage in profitable services (typically in the name of protecting the consumer through quality control), and often creates transaction records such as building permits. C) Taxing bank _transactions_ isn't realistic - it encourages people to use offshore banks, and it's a major change in the way US taxes work. Even with payee-and-payer-anonymous digicash, when the digicash gets stored in an account for translation to treecash, the bank can tell which account, though they can't tell when and from whom you got the digicash, and if they pay interest they must report it, so that tells the IRS your average balance, letting them play the traditional game of "you received $X in your bank account, prove that it wasn't taxable income" (again, unless you're banking offshore.) D) As long as you're buying physical stuff, it's generally either small-volume (e.g. handicrafts and artwork) or made by corporations that are relatively traceable, because they're forced to report their incomes, or else it's material that's purely black-market anyway, like dope. But today's economy is moving away from manufacturing and mostly into services; the low-paid stuff like lawnmowing and babysitting helps support poor people, but isn't a big revenue impact. The interesting problems occur when both your source of income and most of your consumption are communication-based intangibles - consulting, electronic paperwork, writing software, writing entertainment, selling electronically-delivered wares, laundering money, laundering software, laundering entertainment, buying software, buying entertainment, buying consulting for your business. Since the services and payment can both be delivered invisibly, that _can_ let lots of people get under the radar. E) I think the battleground for taxation and control over the digital economy will be fought in two or three areas. One is wiretapping, of course, to protect us from narco-porno-taxevaso-terrorists; attempting to control the key management structure will be a big part of this, since it lets you trace the players as well as the money. (Even if they don't get your private keys, and can only force registering of, say, snail-address along with public keys, that gives them much of the game.) A related push is censorship, probably with mandatory authorship identification ostensibly to enforce content labelling. But the other big push will be for licensing of computer practitioners and software - there's been some attempt at this already, partly from the serious safety folks and partly from the state-level business-licensing meddlers, but I think we'll see far more of it as the government realizes that it's a big hook for retaining tax visibility. Because the software business is extremely portable and geography-independent, much of the tracking will be from the demand side. Software for some reasonably large fraction of use may need to be certified by either a licensed practitioner or a corporation that can be liable. After all, we _need_ to protect the integrity of the National Information Infrastructure to preserve American jobs and protect our kids! # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # Dispel Authority! From jimbell at pacifier.com Tue Jul 30 17:57:10 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 31 Jul 1996 08:57:10 +0800 Subject: VISA Travel Money Message-ID: <199607302157.OAA25086@mail.pacifier.com> At 10:55 AM 7/30/96 -0700, Mike Duvos wrote: >Happened to browse the VISA Web site last evening to read about >the new microprocessor-based VISA Cash Cards that are being >accepted in lieu of small change at the Olympics in Atlanta. > >While there, I noticed a new product that VISA is about to >introduce. Called "VISA Travel Money", it is a pre-paid card >with a user-selected PIN which one can simply purchase at a >participating financial institution, just like Travelers Checks. >One can then use it at any of the 250,000 ATMs in 89 countries >until the amount one paid for it has been extracted, after which, >one presumedly tosses it. > >Since the card is pre-paid, and does not involve the extension of >credit, I would think that a "nym" would have no difficulty in >purchasing one. Seems like a convenient way to keep moderate >amounts of cash in a form which cannot be easily stolen, nor >perused by the Feds. > >I wonder if an SSN is required at the time of purchase? Even if not, chances are good that "all" of the transactions can be linked together, even if they can't be directly linked to an identifiable person. Doesn't sound too promising. Jim Bell jimbell at pacifier.com From declan at well.com Tue Jul 30 18:00:39 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 31 Jul 1996 09:00:39 +0800 Subject: Nat'l Law Journal and The Independent on CWD and net-filters Message-ID: Date: Tue, 30 Jul 1996 16:04:48 -0500 To: fight-censorship-announce at vorlon.mit.edu From: declan at well.com (Declan McCullagh) Subject: FC: Nat'l Law Journal and The Independent on CWD and net-filters Sender: owner-fight-censorship-announce at vorlon.mit.edu Attached are portions of two articles from the National Law Journal and London's The Independent following up on the CyberWire Dispatch that Brock and I put out earlier this month on the rather unusual behavior of net-filtering software. The original CWD is at: http://www.eff.org/pub/Publications/Declan_McCullagh/ http://cyberwerks.com:70/cyberwire/cwd/ (eventually) -Declan =========================================================================== The National Law Journal Monday, August 5, 1996 Page A13 By Ann Davis ...Civil libertarians are demanding to know: since when were the National Organizaton for Women or the Endangered Species Coalition in the same class as devil worshippers? How can photos posted by animal rights groups be categorized as "gross depictions"? Caught in a dragnet of blocking software are web sites on everything from the safe use of fireworks to safe sex, according to a report by the Internet-based news service CyberWire Dispatch. To blocked groups' disappointment, however, Internet legal experts say any lawsuit against private computer censors may be a losing proposition... [Mike Godwin is quoted.] ...A cyber-Deep Throat recently leaked the lists to two Internet investigative reporters, Brock N. Meeks and Declan B. McCullagh. Blacklisted sites include a Silicon Valley council of the National Rifle Association and Cyber High School, whose web address is similar to that of a gay video site... [Snapshot of CyberHigh's web page included] As a lawyer for CompuServe, Inc., Mr. Cunard meets potential legal challenges with skepticism. The free speech angle? Implausible against a private entity, he said. Discrimination claims? Difficult, unless you can prove the Internet is a place of public accomodation. Tortious interferrence? not likely, because most web site operators don't require subscriptions and therefore don't have a duty to those who access their sites. =========================================================================== The Independent (London) Monday, July 22, 1996 By Charles Arthur REAL ALE IS TOO STRONG FOR THE AMERICAN MORALISTS Programs to protect children from Net porn are keeping them out of a vast range of sites, says Charles Arthur [...] Since last July, programs such as Cyber Patrol, NetNanny and Cybersitter have sold thousands of copies. Some have distribution agreements with organisations such as BT and CompuServe. The makers boast that their products "includes a bad site list of thousands of Wed sites that are not suitable for children" and "allow parents to censor what their children access on the Internet." So far, so good - except that many of those "banned" sites include many British sources holding very useful or entirely innocent information. And the morality underlying many of the bannings is very American, and quite unlike that which a British parent might be expected to apply. Among the British sites on the World Wide Web which your child would be unable to access when using the programs are the Campaign for Real Ale (Camra), the Prison Lexicon (which provides information about penal reform), the computing department of Queen Mary and Westfield College, Imperial College, the University of Stirling, the Internet connection companies Demon and Zetnet, and Telephone Information Services - which offers weather and share reports but not sex lines. Between them, the programs prevent access to tens of thousands of sites on the Internet. But they effectively apply an American system of morals - on religion, weapons, drugs, alcohol and sex - to the data which British children might be expected to know about, or could obtain from newspapers. None of the operators of any of the sites mentioned above was aware that they were "blocked", and all were mystified by it. "Which self-selected Mary Whitehouse put us on their list?" asked Iain Lowe, research manager of Camra. In Camra's case, the answer is a team of researchers at Microsystems Software, based in Farmingham, Massachusetts, which has been selling Cyber Patrol since July 1995, and now claims 80 per cent of a fast-growing market. "Camra's site is blocked under our code for beer, alcohol, wine and tobacco," said Dick Gorgens, the company's chief executive. "It was added on June 10 when it was advertising a beer festival." Mr Lowe responded, "We don't promote underage drinking. But pubs in this country are allowed to apply for childrens' certificates: all the family can go. And we have had inquiries to our site from GCSE students doing projects on the economics of the brewing industry." Mr Gorgens denied that the program was imposing American morals onto British users. However, the panel which reviews the banning of sites includes no Britons, although it does include representatives from the National Rifle Association and the right-wing anti-pornography Morality in Media group. [...] "A close look at the actual range of sites blocked by these programs shows they go far beyond just restricting 'pornography'," said Brock Meeks, an Internet journalist and consultant who, with fellow journalist Declan McCullough, obtained a decoded list of the sites banned by the programs earlier this month, July, and revealed their indiscriminate breadth in an Internet mailing list, Cyberwire Dispatch. Steve Robinson-Grindey, who runs the Prison Lexicon site, said "It is effectively an electronic encyclopaedia of everything concerning prisons and penal affairs in England and Wales. It is extensively used by schools and universities for information. Even the People's Republic of China allow access to the site." He thought it might be banned because "obviously they rely on search words for filtering - in which case they would discover the words sex, AIDS, homosexual, and so on. But they failed to realise these words were being used in serious material." [...] ------------------------------------------------------------------------- fight-censorship is archived at http://fight-censorship.dementia.org/top/ From jimbell at pacifier.com Tue Jul 30 18:10:57 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 31 Jul 1996 09:10:57 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: <199607302208.PAA25781@mail.pacifier.com> At 03:02 AM 7/31/96 -0700, Timothy C. May wrote: >Having a U.S. version, without any limits on crypto and without any >software key escrow (GAK), and then having a "for export" version, with >keylength limits and/or mandatory registration of keys with the U.S. >National Security Agency.... > >Well, what this would do is to basically drive sales of the "NSA" version >to near zero. Between customer distaste for an NSA version, I can imagine >many foreign governments not being too pleased to see this product being >used by its citizens. For over a decade, the ham radio community has been familiar with the phenomenon of handheld, microprocessor-drive "rice radios" (because they're usually Japan-built) which contain an internal limitation keeping them from receiving or transmitting out of their band. These radios are built for the world market, and are "programmed" by installing (or not installing) various diodes on a PCB. Removing, adding, or shifting diodes is an easy trick, and restores full functionality to the device. What's to prevent a software writer such as Microsoft (or anyone else, for that matter) from writing two versions of a program (domestic and export), perhaps containing a difference as minor as a two-byte EQUate representing the maximum number of bits that are "allowed" in the key. Everything else is identical. Making a change would be as simple as bringing up a hex editor and changing those bytes. (okay, admittedly that won't seem simple for most people, but a simple single-purpose editor program would probably pop up for the purpose.) Jim Bell jimbell at pacifier.com From sandfort at crl.com Tue Jul 30 18:13:54 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 31 Jul 1996 09:13:54 +0800 Subject: Taxes in the digicash world In-Reply-To: <199607301939.MAA08390@toad.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 30 Jul 1996, Bill Stewart wrote: > ...Ownership of land and easily traced tangibles, like houses > and cars, still works, but isn't a big enough source of revenue > for current government appetites... I think Bill needs to re-examine this statement. If the ONLY source of taxes was realty, the only limit to the amount it can be taxes is the asset base of the country's population. Taxes on land can be arbitrarily high just as long as the land owner can pass his costs on to tenants and customers. If my rent went up five times and everything I bought increased in price ten fold but I paid no direct taxes, would I be any worse (or better) off? The purpose of taxes is to fund government. As long as everyone thinks the suffering is pretty much evenly spread, there are few complaints--at least until it becomes impossible to live on what's left. Please understand, I not for ANY taxes. As I said to someone in private e-mail, if it were up to me, I'd fund the last days of the government with a going-out-of-business sale. It would help people make the transition and would dispose of "public" assets in a more or less orderly fashion. (How much am I bid for this lovely half acre lot in beautiful Yosemite park?) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From adamsc at io-online.com Tue Jul 30 18:22:08 1996 From: adamsc at io-online.com (Chris Adams) Date: Wed, 31 Jul 1996 09:22:08 +0800 Subject: fbi, crypto, and defcon Message-ID: <199607302232.PAA12559@toad.com> On 30 Jul 96 08:42:26 -0800, ceridwyn at wolfenet.com wrote: >making laws). The question was rephrased: "How do you personally feel >about exporting strong crypto", and again they refused to answer on the >grounds that they were there as spokesmen for the FBI, but people could >talk to them later and ask any questions they liked, and "the answers may >surprise you". Evidence that maybe some goons really do have a clue, but ^^^^^ >are still too afraid to do anything about it... //cerridwyn// This probably isn't the most accurate phrase. Generally, goons wouldn't even have said *that* much... I'm really starting to think this is a confirmation of a corollary of the Dilbert Priciple: incompetence rises to the top. // Chris Adams - Webpages for sale! Se habla JavaScript! // Automatically receive my resume or PGPKEY by sending email with a subject // of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! From jim at ACM.ORG Tue Jul 30 18:22:15 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Wed, 31 Jul 1996 09:22:15 +0800 Subject: TLAs on cypherpnks (was R In-Reply-To: <199607302117.RAA14640@unix.asb.com> Message-ID: <199607302229.PAA20023@mycroft.rand.org> "Deranged Mutant" writes: >A story I heard: During a privacy conference back when Clipper was >first proposed (about 3 yrs ago) people were questioning an NSA rep >about escrow. He started off his rebuttal by asking "Is Sternlight >here?" and then contined his reasoning as to why Clipper was a good >thing. >Don't know if this actually happened, but I'm sure if it did some >here would remember it. It happened, but that's about sci.crypt or talk.politics.crypto rather than Cypherpunks, since David wasn't vocal here in those days. A sci.crypt article on CFP '94 by Jerod Tufte dated 26 Mar 94 included the transcript of a panel discussion involving (among others) Stewart Baker, then NSA general counsel; the panel was on 24 Mar. Mike Godwin asked from the floor: You said in myth number four that we can anticipate -- and in fact NSA did anticipate that these technologies would become available in five to ten years. People would go buy telephones, have an encryption button and be able to use this technology -- I think I am quoting you accurately -- in profoundly anti-social ways. Isn't it true that many otherwise acceptable technologies can be used by individuals in profoundly anti-social ways including, say the printing press. Isn't it in fact true that in a democratic society we make a decision to empower individuals knowing upfront and openly that we do so taking risk about society. Isn't that in fact the case in this country? Baker responded: Yes. And first I should say, Mike, I haven't met you but I've read your stuff and actually, is David Sternlight here too? Sure you take risks and you have to look at each technology as it comes. Let's take a look at cars. Cars have advantages and risks and how do we deal with that. We put license plates on every car and everybody has to have a license plate on their car even if they think it violates their First Amendment Rights to do it. From alanh at infi.net Tue Jul 30 18:24:39 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 31 Jul 1996 09:24:39 +0800 Subject: A Libertine Question In-Reply-To: <9606298386.AA838689552@smtplink.alis.ca> Message-ID: On Mon, 29 Jul 1996 jbugden at smtplink.alis.ca wrote: > Think of how many of our laws are being enacted that tacitly make being > poor or indigent a crime. Horseshit. This is a poorly-disguised re-tread of one of the standard lines of the Patrice Lumumba University brand of leftist agitprop. Tell it to the starving Cubans who have to watch Fidel sitting in his palaces. From mpd at netcom.com Tue Jul 30 18:28:25 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 31 Jul 1996 09:28:25 +0800 Subject: VISA Travel Money In-Reply-To: <199607302157.OAA25086@mail.pacifier.com> Message-ID: <199607302214.PAA24454@netcom6.netcom.com> Jim Bell writes: > Even if not, chances are good that "all" of the transactions can > be linked together, even if they can't be directly linked to an > identifiable person. Doesn't sound too promising. I think it will be a popular product. Sort of the credit card equivalent of the disposable phone card. Since the transactions all involve the extraction of money, there is really no record of your purchases. The linking together of a number of cash wishdrawals is not that big a deal, although they could be used to track your movements if you did them in more than one specific location. There is also the problem of being photographed every time you use an ATM, if you do not wish your identity known. Still, for people who are not on the FBI's most wanted list, who plan to completely exhaust the card in a single location, and who dislike signing a huge bunch of Traveler's Checks at one time to buy something, it sounds like something that might be handy to have. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From shamrock at netcom.com Tue Jul 30 18:29:24 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 31 Jul 1996 09:29:24 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: At 3:02 7/31/96, Timothy C. May wrote: >This point has been raised by us many times. And, to be fair, this point is >not lost on the NSA/Freeh/Denning/Gorelick crowd, I am sure. That is, they >would not countenance the importation into the U.S. of "Iraq-GAKked" and >"China-GAKked" programs, for example. > >So, what's the deal? The resolution of this quandary almost certainly lies >in an "international agreement," along the lines of the various key escrow >meetings which have been held (Karlsruhe in '93, Washington in '94, etc.). >A "New World Order" solution, with complicated reciprocal agreements about >whom the trusted key authorities might be, how nations could gain access, >etc. (These relationships are too complicated for my brain to handle...how, >for example, would one come to an agreement with Libya? What about Cuba, >given that many of our nominal allies trade freely with Cuba and chafe when >we try to get them to join our boycotts?) I don't see a global agreement on GAK happening anytime soon. But that doesn't mean that a less ambitious agreement can't be reached. Perhaps it will come out of OECD, perhaps it will be limited to G-7. We will see an agreement on GAK amongst the major players, with the exception of Japan. After all, the players are faced with the same dilemma: how to best control the behavior of their citizens. -- Lucky Green PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President. From sunder at dorsai.dorsai.org Tue Jul 30 18:55:49 1996 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Wed, 31 Jul 1996 09:55:49 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: Message-ID: Oh, how utterly cool. This being my 1st reply to Sterndark and in the same having managed to move him off the list. Wheeeee! :) Come on, you could do better than to run off... On Tue, 30 Jul 1996, Da5id Sterndark wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Preface: Having weathered the storm of personal attacks, I've concluded that > most of what is on this list _right now_ is of insufficient interest to what > I'm currently working on to continue, so I've unsubscribed (there's too much > traffic to let it be). I will see the occasional posts copied to me and > respond, Posts allegedly from me, if not signed, are forgeries until I post > a signed notice that I have rejoined the list. > > Thanks for putting up with my spamming flame-bait; > Da5id > > At 12:37 PM -0700 7/30/96, Ray Arachelian wrote: > >On Mon, 29 Jul 1996, David Sterndark wrote: > > > >> Let those who passed basic English use the skills they were taught. Freeh > >> said, and I repeated, that the system wasn't designed to prevent > determined > >> criminals from using robust crypto. > > > >Yes, and the implication is this: the system was designed to prevent law > >abiding folk from using robust crypto, and to allow the TLA's and LEA's > >to snoop on them. > > Close. For "designed to prevent" read "not make available from the US", and > for "folk" read "foreigners". > > There's no earthly reason the US should assist foreigners in thwarting US > intelligence efforts. Right, but there's plenty of earthly reason for the government of these same United States to thwart the development of strong crypto, cause the loss of monies that would be made by software companies, cause security breeches in multi-homed companies by not allowing their offices to communicate securely over a strongly encrypted link. This causes another equivalent of the Berlin wall in terms of crypto exporting. Notice however that I didn't say Joe Sixpack was a foreigner or a criminal. You twisted this around to make it seem like he is. Joe Sixpack is as American as apple pie and patriotic to boot. So then if the laws are NOT designed to deter criminals (or foreginers) from using strong crypto, WHY ARE THEY BEING PUSHED ON US? Could this be somehow a stupid idea on Freeh's part? Nah, couldn't be. Freeh's the head of the Feebs. That would be indication that the Feebs hire brainless folk. Nope. Can't be. Clearly it is because Freeh wants to snoop not on criminals, but on the law-abiding citizens who pay his paycheck "voluntarily" via taxes. As wonderful as the postal inspector mailing kiddie porn to an unsuspecting victim, then arresting said victing when s/he opens up the package. Gee, how nice it is to meet your arrest quotas, no? But I digress. Back to the ITAR and the proposed anti-crypto laws... Nevermind that should a foreign agent wish to export RSA or PGP could easily do so >LEGALLY< in a nice OCR'able font, or just have cheap labor type it. Sure, tie the hands of the software developers so that they can't get their bread and butter from the foreign markets, while the foreign markets can easily do so here since they can import and sell crypto-software. The ITARs only serve to cripple the USA ecconomy. There's no informed NSA or FBI that can believe otherwise because the other side does have all the tools. All they serve to achieve is to keep Joe Americancitizen Sixpack away from his privacy, and Nancy Cryptowriter from her bread and butter. What a wonderful law! Don't you just love it? > As readers know, I am opposed to mandatory domestic key escrow. Ah, yet another repeat of the same tired credo you've pushed on this list for days now. I've heard it, and okay, whatever. But it's not the issue, and irrelevant to this discussion. Are you for or against the removal of the ITAR in regards to crypto? ITARs are not key escrow, though perhaps just as or almost as evil. ========================================================================== + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK|AK| do you not understand? |======= ===================http://www.dorsai.org/~sunder/========================= Key Escrow Laws are the mating calls of those who'd abuse your privacy! From karl_marx at juno.com Tue Jul 30 18:57:56 1996 From: karl_marx at juno.com (Jonathan M Summers) Date: Wed, 31 Jul 1996 09:57:56 +0800 Subject: G7 Anti-Terrorism Reports [BRIEF] Message-ID: <19960730.173749.10327.0.karl_marx@juno.com> Cypherpunks: At 1735 CDT on Tuesday, July 30, 1996, CNN Atlanta during World News Tonight reported (in a _very_ brief flash) several "resolutions" adopted by the Group of Seven (G7) trade meeting in Paris. At the bottom of the list of resolutions was to "prevent terrorist from using the Internet" (quote from CNN anchorwoman). No further explanation was given in regards to that statement, but methinks that in wake of recent terroristic activities in this country, Pro-CODE in Congress, and Netscape Navigator 3.0b3 in the hot little hands of Americans everywhere, there could be a complete retreat from the "progressive" attitude of legislators in this country towards strong crypto. John Young has already requested further information about the G7 meetings, and it would probably behoove us all to know precisely what it was that was said before such a resolution was agreed upon. Or, better yet, whose idea it was to attempt to "prevent terrorists from using the Internet." Apologies to all if this is redundant information, and apologies to the purists for intruding with this newsflash. ObCrypto: Anyone have any more information on Royal Dutch Shell apparently the first customer of TIS' firewall package with key escrow ? Has such a purchase been confirmed, and if so, does it still entail an agreement with the British government as an escrow agent ? -J. Malcolm +-=-+-=-+-=-+-=-+-=-+-= j malcolm summers / karl_marx at juno.com / summersj at southwestern.edu ignorance is not bliss +-=-+-=-+-=-+-=-+-=-+-= From anonymous-remailer at shell.portal.com Tue Jul 30 18:59:51 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Wed, 31 Jul 1996 09:59:51 +0800 Subject: fbi, crypto, and defcon Message-ID: <199607302309.QAA23623@jobe.shell.portal.com> Short review of the Fedz show at DefCon. Most of the San Francisco Computer Crime squad was in attendance. SA Black and Butler's presentation was classic good cop/bad cop (respectively). Nice quote by them in the Vegas paper about how all hackers aren't bad. They were even doing recruiting, and had the little hacker puppies eatting out their hands for a mug, t-shirt, or minature badge. It wasn't determined whose surveillance goodies were being installed in the drop ceiling of the conference room at 4:30 AM. The "hotel maintenance" guy certainly hauled ass when one of the official DefCon Goons showed up (classic textbook time for raids, black bag jobs, etc). Tsk, tsk. And me without any TSCM gear. Points to the Fedz for great psy-ops (especially the quote about how the "new" FBI is more sensitive). Points off to quite a few hackers who don't have a historical context of government abuse and are pretty damn easy to manipulate. All in all, probably more entertaining than most shows on the Strip. Obligatory comment on hackers compared to cypherpunks. Zero to no political savvy. Extremely poor organizational and communication skills. Nearly clueless on social issues. These would be the hackers. Yeah, yeah. I know there are exceptions. But all in all, I'd rather hang with C-punks. From alanh at infi.net Tue Jul 30 19:00:32 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 31 Jul 1996 10:00:32 +0800 Subject: A Libertine Question In-Reply-To: <199607300242.TAA05651@netcom8.netcom.com> Message-ID: > Date: Mon, 29 Jul 1996 19:45:46 -0700 > From: Bill Frantz > government reserves the use of force to itself. In their dreams. From sandfort at crl.com Tue Jul 30 19:04:25 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 31 Jul 1996 10:04:25 +0800 Subject: VISA Travel Money In-Reply-To: <199607302157.OAA25086@mail.pacifier.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 30 Jul 1996, jim bell wrote: > Even if not, chances are good that "all" of the transactions > can be linked together, even if they can't be directly linked > to an identifiable person. Doesn't sound too promising. It sounds VERY promising to me. Though I'm sure Jim's conjecture about linking transactions is correct, I don't see how such an aonymous payment system could not be useful in preserving privacy. One could purchase several of these cards--preferably in the smallest denominations consistent with their mission. Each card could be used so that its audit trail left whatever impression one wished to leave. Of course, if you are arrested with one or more of them on you, they could be used to tie you to times, places and activities with which you might not wish to be associated. Proper handling could obviate or reduce this risk however. It's not as anonymous as cash, but it might draw a lot less attention in my circumstances. I think it has a place in one's aresenal of privacy enchancing technologies. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From mpd at netcom.com Tue Jul 30 19:07:11 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 31 Jul 1996 10:07:11 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: Message-ID: <199607302312.QAA28508@netcom6.netcom.com> David Sternlight writes: > ... I've unsubscribed ... Door. Ass. Bump. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From ichudov at algebra.com Tue Jul 30 19:17:06 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 31 Jul 1996 10:17:06 +0800 Subject: You know it's getting late when... In-Reply-To: <199607301743.KAA10519@mail.pacifier.com> Message-ID: <199607302336.SAA11132@manifold.algebra.com> jim bell wrote: > > Ostensibly, one of the reasons for having a free and fair political system > is so people will not be inclined to throw bombs and plot violent > revolution. Grandly ignoring this, that reporter seems to take the > diametrically opposite tack: A totalitarian government can best avoid > bombings and violence. > Actually the graph goes like this: ^ Non-State Terrorism | | ..-.. | /~ \ | .-~ \ |..---/~ ~-. +------------------------------------------------> Level of Totalitarianism ^ State Terrorism | | ------------------------------------- | .-~ | .-~ | .-~ |/ +------------------------------------------------> Level of Totalitarianism - Igor. From mpd at netcom.com Tue Jul 30 19:40:53 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 31 Jul 1996 10:40:53 +0800 Subject: A Libertine Question In-Reply-To: Message-ID: <199607302350.QAA01377@netcom21.netcom.com> Alan Horowitz writes: > On Mon, 29 Jul 1996 jbugden at smtplink.alis.ca wrote: > > > Think of how many of our laws are being enacted that tacitly make being > > poor or indigent a crime. > > Horseshit. This is a poorly-disguised re-tread of one of the standard > lines of the Patrice Lumumba University brand of leftist agitprop. > > Tell it to the starving Cubans who have to watch Fidel sitting in his > palaces. Perhaps, but I can think of a lot of examples. Laws that make it illegal to ask for money. Laws that say you can't sit on the sidewalk. Laws that make it illegal to feed soup to people without a stack of permits six feet high. Laws that make it illegal to perform an excretory function outdoors in a city with almost zero public toilets. (You should have gone before you became homeless. :) Certainly, it would be naive to think that such laws are passed without being targeted at particular populations of individuals, especially during a period when "compassion fatigue" is on the rise. Here in Seattle, we have an city attorney who specializes in creating ordinances to annoy and harrass the underclass, often paving new roads over former civil liberties in the process. I'm not sure starving Cubans have anything to do with it. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From vznuri at netcom.com Tue Jul 30 19:41:11 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 31 Jul 1996 10:41:11 +0800 Subject: Dry Under the Waterfall In-Reply-To: Message-ID: <199607302312.QAA28523@netcom6.netcom.com> > >You make some very good points about those too unsocialized, too >unmotivated, too "declasse," as it were, to even enter the age of reading >that began 500 years ago. > >A question though: What about the 3 million hard-working, reading, >middle-class folks who have been downsized into oblivion the last three >years alone? What about the tens of millions of readers who had the skills >needed for the industrial age, but not for the information age? I am as equally tired of this cliche as DCF is in his essay of his own pet peeve. in a capitalist economy, labor is best/optimally utilized through relocation when the nature of the economy changes as ours is. the massive *relocation* that is occuring in the workforce is in fact an indication that our economy is moving at light speed into the 21st century. I am tired of people that feel that the world owes them a job because they are alive. ultimately you must work to live in this world, and the only exceptions are those that have somehow twisted the "system" into feeding them otherwise and bankrupting it in the process. merely because you have a body does not mean you can provide a valuable service to the world. what? the world is valuing supposed "work" that involves nothing but dumbly moving one's appendages far less? well, whose fault is that? our economy is fairer than people want to admit-- we are seeing the signs that this is true, not that it is false. it has been drummed deeply into people's brains in the public educational establishment that education is a key concept of success. and someone gets to be 30 with few educational skills, finding it hard to get a job, and says, "nobody told me it would be like this"? "downsized into oblivion"? excuse me? because someone is laid off they evaporate? well, that is the conventional wisdom of course, in which the concept of firing is equivalent to execution in many people's minds. I have talked to various people who launched into new careers by going to school and picking up entirely new skills, perceiving their "layoff" as an opportunity instead of as a condemnation. a layoff is the economy saying to someone, "look, you may be a valuable person, but in this role there is not that much value. please try, try again". it is not a PROBLEM that people switch careers. its the natural price of having a state-of-the-art economy. another pet peeve of mine is PEOPLE WHO CHOOSE TO HAVE FAMILIES that they cannot necessarily support. yes, that's right-- it's a choice to have a family, and if you're a responsible person, you will think long and hard about what it means to your life if you decide to have kids and the lifetime commitment and cash it will require of you. ask how much thought went into this "decision" of some people, and you might be aghast. and why do they feel the government must pay them for their own mistake in judgement? >no serious effort at reforming >education and at skills retraining has ever been undertaken, and it seems >a better use of our tax dollars than most of the crap it's spent on now. as DCF said, you can lead a horse to water but you can't make him think. quite to the contrary college enrollment and student loans by the government are up enormously over the past few decades. also the GI bill is more popular than ever. however like you I would like to see more transfer of funds from supporting deadbeats funneled into the education system.. anyone who doesn't understand why our economy is moving the way it is should read Toffler who predicted the shift far before it occured. jobs are *not* being lost in the ultimate sense. our economy is undergoing a fundamental shift in which new jobs are being created in categories that defy old thinking such as within large corporations. if you only look at large corporations as the barometer of the economy (as most people do, encouraged by the media in a paranoid feedback loop), indeed it would look a lot like the world is ending. From mix-admin at nym.alias.net Tue Jul 30 19:42:59 1996 From: mix-admin at nym.alias.net (lcs Remailer Administrator) Date: Wed, 31 Jul 1996 10:42:59 +0800 Subject: ANNOUNCEMENT: nym.alias.net enters beta testing Message-ID: <199607302340.TAA27428@anon.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- I'm pleased to announce that the nym.alias.net pseudonym server has now entered the beta-testing phase, and seems quite stable. Nym.alias.net offers several interesting features: * Public-Key encryption of all received mail. Once mail has gone through nym.alias.net, no one can read it except you--even if you have been sending your mail to a newsgroup and your reply-block and remailers become compromised. * Support for multiple, probabilistically-weighted, reply blocks. These can be used for redundancy or to foil traffic analysis with decoys. * Replay detection. This foils replay attacks, but can also be used for higher reliability if you send redundant copies of a message through different remailer chains. * An option to receive only fixed-length messages (by splitting up large messages and padding small ones with garbage). * An option to sign mail you send with the remailer's public key, so as to give some assurance of authenticity without having to publish your own PGP public key. * Support for finger [pending DNS approval]. You can choose to make your nym's PGP public key available to all who finger its E-mail address. Right now you can test this by fingering at 18.26.0.252. In addition, experimental nym.alias.net support for Premail is now available (in the form of a patch to premail 0.44). With this patch, premail will store your nym's PGP key on encrypted keyrings. This allows you to publish a PGP key for your pseudonym without the danger of your identity being revealed to someone with access to your main PGP keyrings (or a backup copy of them). To obtain more information about nym.alias.net, finger or send mail to . To get information about using premail with nym.alias.net, finger or send mail to . These documents are also available on the new nym.alias.net web page: http://www.cs.berkeley.edu/~raph/n.a.n.html Please report all bugs to . I'll also be glad to consider feature requests, particularly from anyone interested in developing any more client software. Enjoy! mix-admin at anon.lcs.mit.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMf6dcUTBtHVi58fRAQE4NgP/SoKSqHxobEHuyWl6lXVAHgk9yqNS/WAD jUfKYGodThr93kJZkmreyIHrWgbromJJlXo6MPq9KpZzIh85uHRzBPRSh293hfUo ta8/sdZsW1+uoEkAs8JUWlwAEGo+bfmgRnFswf80pAPClpbGo52DAKyLKfdCaFps kQ+4hoouUvo= =qEWa -----END PGP SIGNATURE----- From cme at ACM.ORG Tue Jul 30 19:55:32 1996 From: cme at ACM.ORG (Carl Ellison) Date: Wed, 31 Jul 1996 10:55:32 +0800 Subject: Freeh Testimony 7/25/96 In-Reply-To: <199607262009.NAA00790@comsec.com> Message-ID: I wish someone had asked Freeh directly whether he granted, in saying: >First and foremost, the law enforcement community fully supports a >balanced encryption policy that satisfies both the commercial needs of >industry and law abiding individuals for robust encryption products [...] that law abiding industry and individuals have a legitimate need to keep information private from the US government -- and especially the FBI. +------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2| | "Officer, officer, arrest that man! He's whistling a dirty song." | +-------------------------------------------- Jean Ellison (aka Mother) -+ From jim at ACM.ORG Tue Jul 30 19:59:14 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Wed, 31 Jul 1996 10:59:14 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: Message-ID: <199607310026.RAA20205@mycroft.rand.org> David Sternlight writes: >Preface: Having weathered the storm of personal attacks, I've concluded that >most of what is on this list _right now_ is of insufficient interest to what >I'm currently working on to continue, so I've unsubscribed (there's too much >traffic to let it be). I will see the occasional posts copied to me and "Stays less than a month" pays evens. "Audibly killfiles at least one person" pays 1 to 7. Stand not upon the order of your going, but go at once... Jim Gillogly Trewesday, 8 Wedmath S.R. 1996, 00:24 From tomw at netscape.com Tue Jul 30 20:25:51 1996 From: tomw at netscape.com (Tom Weinstein) Date: Wed, 31 Jul 1996 11:25:51 +0800 Subject: Let's Say "No!" to Single, World Versions of Software In-Reply-To: Message-ID: <31FEAD9C.167E@netscape.com> Timothy C. May wrote: > > It is imperative that Netscape, Microsoft, Qualcomm, and the other > players be pressured/urged/cajoled to commit to introducing strong, > unescrowed crypto for the *domestic* versions, even if not for export > versions. I'm surprised that you include Netscape in this list of companies. We're already distributing strong unescrowed crypto in domestic version of our products, and we will continue to do so. What do you think we have to be pressured into doing? > I believe several signs are pointing to jockeying in the U.S. to get > the major players in software to introduce "one version" programs with > key escrow built in. While the avowed intent will be to stop _export_ > of unescrowed strong crypto, such a "one version" (interoperable) > strategy would mean that key escrow is the de facto situation within > the United States. We won't do this. Our domestic version will always contain the strongest crypto we can provide. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From cme at cybercash.com Tue Jul 30 20:31:15 1996 From: cme at cybercash.com (Carl Ellison) Date: Wed, 31 Jul 1996 11:31:15 +0800 Subject: Usenet Conference on Security Message-ID: <2.2.32.19960731010837.00641a80@cybercash.com> At 03:55 PM 7/26/96 -0700, Bill Frantz wrote: >While the Department of Justice guy (whose name slips my mind) was saying 4 >horsemen over and over (really an oversimplification of his position), The person was Scott Charney. From ravage at einstein.ssz.com Tue Jul 30 20:31:42 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 31 Jul 1996 11:31:42 +0800 Subject: You know it's getting late when... (fwd) Message-ID: <199607310124.UAA03960@einstein.ssz.com> Hi all, Forwarded message: > Subject: Re: You know it's getting late when... > Date: Tue, 30 Jul 1996 18:36:38 -0500 (CDT) > From: ichudov at algebra.com (Igor Chudov @ home) > > > > Ostensibly, one of the reasons for having a free and fair political system > > is so people will not be inclined to throw bombs and plot violent > > revolution. Grandly ignoring this, that reporter seems to take the > > diametrically opposite tack: A totalitarian government can best avoid > > bombings and violence. > > > Actually the graph goes like this: > > ^ Non-State Terrorism > | > | ..-.. > | /~ \ > | .-~ \ > |..---/~ ~-. > +------------------------------------------------> Level of Totalitarianism > > ^ State Terrorism > | > | ------------------------------------- > | .-~ > | .-~ > | .-~ > |/ > +------------------------------------------------> Level of Totalitarianism > So we should take your personal opinion as fact? What statistics do you base this on? What are the vertical scales, number killed? What is the horizontal scale measured in, number wanted to kill? I suspect it simply is not possible to measure such a phenomena as terrorism as anything other than a simple counting game. The problem becomes quite quickly, what qualifies as terrorism? Consider (to some) a trivial example. There are 20 million cats and dogs killed each year because somebody was irresponsible. The vast majority of these are or were pets (not feral or wild animals as some would claim) which persons simply didn't want anymore. Now there is somewhere around 250 million people in the US. This means that 1 out of 10 (roughly) are costing the rest of us about $50 ea. to take care of their pet 'problem'. I see no difference in having my money taken via taxes (where most of it comes from) for this than having somebody come and take $50 for whatever reason by kicking my front door in. Why am I being forced to pay this money to pay for somebody elses lack of discipline and simple human empathy? Jim Choate From jya at pipeline.com Tue Jul 30 20:41:59 1996 From: jya at pipeline.com (John Young) Date: Wed, 31 Jul 1996 11:41:59 +0800 Subject: Reuter on P8 Anti-Terrorism Message-ID: <199607310059.AAA24838@pipe6.t1.usa.pipeline.com> G7, Russia adopt anti-terror pact, avoid sanctions Date: Tue, 30 Jul 1996 10:00:07 PDT PARIS (Reuter) - The world's major powers closed ranks to combat terrorism Tuesday, urging other nations to join forces with them but sidestepping a dispute over U.S. demands for sanctions against what Washington calls "terrorist states." Foreign and security ministers from the Group of Seven industrial nations and Russia approved a list of 25 measures to defeat terrorists around the globe. "We will not stop in this united effort until those responsible are brought to justice," U.S. Attorney General Janet Reno told a news conference after the five-hour meeting of the so-called P8 nations -- P being for political. The package included pledges to reinforce police cooperation and training, share intelligence, ease extradition and legal assistance, dry up sources of funding and weapons and strengthen national anti-terrorism legislation. The ministers also vowed to prevent extremists from using the Internet computer network to plan attacks and spread bomb-making instructions. Participants heard Canadian Foreign Minister Lloyd Axworthy recount how his 11-year-old son had shown him where to find such content on the Internet. French Foreign Minister Herve de Charette said the meeting had achieved its two objectives, "to adopt concrete measures and to send a very clear signal to the international community and to public opinion that the leaders of the P8 are strongly determined to act shoulder-to-shoulder, hand-in-hand." Under-Secretary of State Peter Tarnoff said the U.S. delegation had not raised President Clinton's contentious call for "strong sanctions" against four states he says support terrorism -- Iran, Iraq, Libya and Sudan. France, Japan, Britain and Germany all made clear they would not accept U.S. legislation to punish foreign firms that dealt with such countries. "We did not discuss country-specific cases ... We recognize the fact that some of legislation passed in the United States recently has encountered opposition among our trading partners," Tarnoff said. French Interior Minister Jean-Louis Debre, who co-chaired the meeting, said before it began: "The American analysis is a bit simplistic and a bit outdated. If we look at the phenomenon of terrorism today, we can see that it's more complex." He cited the bomb attack that killed two people and wounded 110 at the Atlanta Olympic Games last Saturday as evidence of what he called "home-grown terrorism" without outside help. State-sponsored and extreme-left terrorism were largely a thing of the past, and the international community now faced two virulent new forms -- regionalist extremism and religious militancy -- which did not have state support, Debre said. The United States offered extra proposals to tighten airport security and mark explosives chemically so bombers can be more easily traced, which the other countries accepted. Axworthy voiced widely shared alarm at the use of poison gas in recent attacks in Japan, including on the Tokyo subway. "We are beginning to see terrifying signs of what the future could hold if we don't take strong action. Terrorists are now getting access to weapons of mass destruction, chemical weapons, biological weapons, even nuclear weapons," he said. "It's (a threat) that really has a doomsday quality unless we act now," he said. The United States, Canada, France, Germany, Italy, Japan and Russia agreed that solving regional conflicts and stabilizing crisis areas was the best way to tackle the roots of terrorism. "There must be no safe havens," German Foreign Minister Klaus Kinkel said. The ministers agreed their experts would hold follow-up meetings to draft a new international convention to prevent the abuse of political asylum to plan, fund or commit terrorist acts and to coordinate security in public transport. Japan said it would hold an Asia-Pacific counter-terrorism seminar by next June including Asian and Latin American experts. [End] From markm at voicenet.com Tue Jul 30 20:45:04 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 31 Jul 1996 11:45:04 +0800 Subject: Paranoid Musings In-Reply-To: <199607301811.LAA28373@netcom7.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 30 Jul 1996, Bill Frantz wrote: > (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? > We know that a university CS student can break one message in a week using > the universities farm of workstations. But, our foremost reputation agency > for crypto strength, the ITAR, allows systems with RC4-40 to be exported. > What does this mean? > > I combine the above with Whit Diffie's observation that, while crypto users > are interested in the security of *each* message, organizations which > monitor communications want to read *every* message. A TLA interested in > monitoring communications would need to crack RC4-40 much faster than > 1/week. > > Now expensive specialized cracking equipment can certainly speed up the > process, but there may be a better way. If cryptanalysis of RC4 yields > techniques which make the process much easier, then it is the ideal cypher > to certify for export. > > The paranoid conclusion is that there is a significant weakness in RC4. An FPGA can break RC4 in a few hours. With several thousand of these, RC4 could be broken in about a second. Besides, RC4 has been around for 9 years and has not been successfully cryptanalyzed. The RC4 algorithm is extremely simple and doesn't have any obvious weaknesses. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMf6RNLZc+sv5siulAQH/mQP9G+J/7BnV0AlvvPph032k9SnZ8/hCOqNp aGV3WScE0FhCqtlmazDa8xopWWX1jSd2ZEhJLthQ0k70QUkKPD+gOteLr3075kan vTLOr2l4pP9b0AP20Wclw/upZ04QWgfF/YrIcSTHgwcvuxBlR49DKp/zqRcVLmaM iW/D3AwSYJQ= =GvZ2 -----END PGP SIGNATURE----- From johnston at george.lbl.gov Tue Jul 30 20:52:16 1996 From: johnston at george.lbl.gov (Bill Johnston-Lawrence Berkeley Laboratory-ITG) Date: Wed, 31 Jul 1996 11:52:16 +0800 Subject: Call for Abstracts (Multimedia Data Security) Message-ID: <2.2.32.19960731010839.006b7c80@cybercash.com> A Call for Abstracts As part of SPIE's EI '97 Electronic Imaging: Science and Technology 8-14 February 1997 San Jose Convention Center San Jose, California USA (http://www.spie.org/web/meetings/calls/pw97/pw97call_ei.html) Multimedia Data Security The growth of the use of public networks as the platform for multimedia applications in the past year has made it important to devise mechanisms for ensuring proper use of intellectual property and increased the importance of employing security mechanisms for video and audio data. This conference will serve as a forum for the exchange of ideas in the areas of security systems and mechanisms especially in applications that handle large data volumes. Papers are solicited in all areas of security systems and algorithms including but not limited to: - security systems for imaging applications - security systems for real time video applications - performance studies and comparisons for securing image data - watermarking and detection of fraudulent copying of intellectual property - metering schemes for intellectual property usage - audio and video encryption mechanisms - key management and security protocols for broadcast applications - payment systems for online multimedia applications - content protection mechanisms for online multimedia distribution. Please submit abstracts to Bill Johnston (johnston at george.lbl.gov) by August 15, 1996. From snow at smoke.suba.com Tue Jul 30 20:55:55 1996 From: snow at smoke.suba.com (snow) Date: Wed, 31 Jul 1996 11:55:55 +0800 Subject: "Soft Targets" as Schelling Points In-Reply-To: Message-ID: On Sun, 28 Jul 1996, Timothy C. May wrote: > Putting yourself in the mind of a terrorist or militia crazy or whatever, > where would you attack? Ok, you asked. Much depends on my goals. If my goal is simply to get my name/cause in the paper, I would hit major sporting events (Superbowl, World series, World Cup, olympics & etc.) I would also hit cause specific targets (If I were a radical tree hugger, I'd hit Werhauser(sp?) corporate offices, Dow Chemical Offices etc.) If I were a black panther, I'd hit police stations, Klan Headquaters, &etc. These are far to elementary, after giving it some thought (well, it has been on and off my mind since G. Gordon Liddy published his open letter to the president many years ago: If my goal was to basically reduce this country to jelly, it would take (In my decidedly none professional judgement) about 20 or so men (20 two man teams would be better, but the more people, the bigger chance of leakage, but it would make their jobs easier) Anyway: call it 20 teams. Saturday afternoon (preferably mid may) in 20 Walmarts across the country 20 stolen cars go boom (really big boom) at about the same time. Sunday Morning Sarin gas introduced into churches. Monday Morning, Rush hour: In LA, New York, Boston, Miami, New Orleans, Phoenix, Chicago, San Francisco, St. Louis, San Diego, Seattle, Portland, Albuquerque, Las Vegas (is there a rush hour in Las Vegas?) Houston, Cinncinatti(sp?), Atlanta, Little Rock, Detriot, & Des moines, cars parked along side of the highway (near bridges were possible) blow up. Around noon that day, thermite and WP gernades (or home made equivalents) are ignited in the buisness districts (or casinos of Las Vegas). The government will react with overwhelming restrictions of personal freedom, and the militas will react, the government will clamp down further, the militias will gain popularity & america will divide itself. If I were inclined to such behavior, and had the funding, That is how I would do it. Other ideas: Random Shelling of business districts, airports and subdivisions. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From tcmay at got.net Tue Jul 30 21:46:10 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 31 Jul 1996 12:46:10 +0800 Subject: Taxes in the digicash world Message-ID: At 6:45 PM 7/30/96, Lucky Green wrote: >At 6:17 7/30/96, Igor Chudov @ home wrote: >[...] >>Another alternative that I see is property taxes and poll taxes,or >>taxes on some commodities such as oil. But incomes seem to be hard to >>track. > >What you also will see is an increase in sales tax. You still got to buy >groceries locally. In the spirit of looking for points to quibble about: * food is mostly exempt from sales taxes, in most states in the U.S. Expect a major protest if a loaf of bread incurs a sales tax--I don't expect it anytime soon. * booze has a high tax rate, in excise taxes which can account for as much as 40% of the final price, plus sales tax. If the tax rises much higher, expect increased black market sales. * electronic and computer goods are often untaxed because many order them via mail-order. There have been proposals to tax out-of-state purchases, but the logistics and legal issues are murky (who gets the tax? and why should Idaho, for example, get the tax revenue for an item ordered from Georgia?). Of course, I'm not an expert in answering Igor's original question about where the taxes will come from. I'm more interested in reducing them, not raising them. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ravage at EINSTEIN.ssz.com Tue Jul 30 21:50:43 1996 From: ravage at EINSTEIN.ssz.com (Jim Choate) Date: Wed, 31 Jul 1996 12:50:43 +0800 Subject: update.281 (fwd) Message-ID: <199607310230.VAA04062@einstein> Hi all, Forwarded message: > Date: Mon, 29 Jul 96 10:18:54 EDT > From: physnews at aip.org (AIP listserver) > Subject: update.281 > > PHYSICS NEWS UPDATE > The American Institute of Physics Bulletin of Physics News > Number 281 July 29, 1996 by Phillip F. Schewe and Ben Stein > > SOLAR NEUTRINO FLUX IS NOT CORRELATED WITH > SUNSPOT ACTIVITY. The Kamiokande detector, situated a > > THE PHYSICS OLYMPIAD IN OSLO, like the sports Olympiad > > TUNNEL JUNCTION MAGNETORESISTANCE may lead to > higher-density magnetic storage devices. Physicists have known for > some time that sandwiches of alternating magnetic and nonmagnetic > microlayers can undergo a change in electrical resistance in the > presence of an external magnetic field (arising, say, from a tiny > domain on a segment of magnetic tape). This magnetoresistance > (MR) effect can be used to decode binary data and has been > employed in reading heads in computer hard drives. Giant > magnetoresistance (GMR), a stronger version of MR, affords even > greater data-decoding sensitivity. Prototype hard-drives with read > heads using GMR have achieved areal data densities of 3 > Gbits/sq.in. Tunnel junction magnetoresistance (JMR) is yet another > approach to transforming a tiny magnetic field into a change in > resistance. Unlike the all-metal GMR sensor, a room-temperature > JMR sensor consists of two metal (ferromagnetic) layers separated > by an insulating layer. A JMR trilayer junction tested recently at > MIT is only 20 nm thick and the signal (the fractional change in > resistance) was 23%, compared to a signal of less than 7% for a > 40-nm-thick, 4-layer GMR prototype. MIT physicist Jagadeesh > Moodera (moodera at slipknot.mit.edu; 617-253-5423) suggests that > the more compact size, relatively larger signal, and the low sub-nanoamp operating current of the JMR sensor could make for easier > engineering of devices and lower production costs. An areal density > of more than 10 Gbits/sq.in. is possible, he says. (J.S. Moodera et > al., Applied Physics Letters, 29 July.) > From rah at shipwright.com Tue Jul 30 22:02:10 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 31 Jul 1996 13:02:10 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: Message-ID: At 7:12 PM -0400 7/30/96, Mike Duvos wrote: > David Sternlight writes: > > > ... I've unsubscribed ... > > Door. Ass. Bump. He's gone? Cool. Anyone wanna buy a used water-cooled killfile, cheap? ;-) Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From ravage at EINSTEIN.ssz.com Tue Jul 30 22:14:58 1996 From: ravage at EINSTEIN.ssz.com (Jim Choate) Date: Wed, 31 Jul 1996 13:14:58 +0800 Subject: Taxes in the digicash world (fwd) Message-ID: <199607310310.WAA04147@einstein> Forwarded message: > Date: Wed, 31 Jul 1996 12:14:50 -0700 > From: tcmay at got.net (Timothy C. May) > Subject: Re: Taxes in the digicash world > > * electronic and computer goods are often untaxed because many order them > via mail-order. There have been proposals to tax out-of-state purchases, > but the logistics and legal issues are murky (who gets the tax? and why > should Idaho, for example, get the tax revenue for an item ordered from > Georgia?). The State of Texas requires by law that tax be paid on out of state purchases. You legaly should send in a check with copies of the receipts each year to the State Comptrollers Office. Historicaly everyone ignores it. Jim Choate From snow at smoke.suba.com Tue Jul 30 22:15:36 1996 From: snow at smoke.suba.com (snow) Date: Wed, 31 Jul 1996 13:15:36 +0800 Subject: Chicago Area Physical Meet-- Message-ID: I just realized that I didn't put a subject on the last post I made I didn't put a Subject on it. Any way, the post, and a correction: Correction: The web page is at http://www.encodex.com/cpunk. Here is the original e-mail: >From snow at smoke.suba.com Fri Jul 26 12:13:09 1996 Date: Fri, 26 Jul 1996 12:12:57 -0500 (CDT) From: snow To: cypherpunks at toad.com cc: alex at suba.com, andrew_loewenstern at il.us.swissbank.com, cabeen at netcom.com, erehwon at c2.org, lzkoch at mcs.net, paulrice at midway.uchicago.edu, somebody at tempest.ashd.com, strix at rust.net Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: RO X-Status: As previously discussed, I am announcing a Greater Chicago Area CypherPunks Physical Meet. The date is Saturday, 3 August 1996 at or around 4 p.m. at Ye Olde Saint Andrews Pub, 5938 N. Broadway, Chicago Il. Instructions are at the end of this post. Things _I_ would like to discuss, of course, this is me, so it is very amenable to changer: 1) Setting up a Chicago Area Remailer, not simply running a single remailer on a single account, but trying to go one better. 2) Discuss the possibility of a public event to spread the word about cryptography/encryption. 3) Discuss the next meeting. The reasons for selecting St. Andrews Inn: 1) It is relatively empty. 2) It has Food (Supposedly real good shepard's pie, made from real shepards(I asked)), Drink (Cider, and they know what snakebite is), and Non-alcoholic beverages. 3) It is easy (relatively) to get to. To get to St. Andrews Inn: By Car: Take Lake Shore Drive North until the LSD ends. Go North on Sheridan (right turn off of LSD) to Thorndale (About 5900 North) Turn left on Thorndale (heading west) and drive to Broadway (About 4 or 5 blocks) Park. St. Andrews is on the North West Corner of the intersection, under the green awning. By El: Take the Red Line (Howard/Dan Ryan) to Thorndale Go west 1/2 block from the El, This is Broadway St. Andrews is on the North West Corner of the intersection, under the green awning. I will try to have a map up at http://www.encodex.com/cpunk later today. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From tcmay at got.net Tue Jul 30 22:23:26 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 31 Jul 1996 13:23:26 +0800 Subject: VISA Travel Money Message-ID: At 11:17 PM 7/30/96, Sandy Sandfort wrote: >On Tue, 30 Jul 1996, jim bell wrote: > >> Even if not, chances are good that "all" of the transactions >> can be linked together, even if they can't be directly linked >> to an identifiable person. Doesn't sound too promising. > >It sounds VERY promising to me. Though I'm sure Jim's conjecture >about linking transactions is correct, I don't see how such an >aonymous payment system could not be useful in preserving privacy. >One could purchase several of these cards--preferably in the >smallest denominations consistent with their mission. Each card >could be used so that its audit trail left whatever impression >one wished to leave. I'm also skeptical of these "VISA Travel Money" cards. That is, they don't seem to be too useful for anything. After all, cash works well. (It's rarely stolen, in my experience, or at least this is not a major concern. Traveller's checks work well, and can be "cashed" into the local currency. ATM machines fill the same function these "VISA Travel Money" cards apparently do; at least when I was in Europe the last time this is what I used, and my French francs were as untraceable as could be. As I see it, yet another marketing solution looking for a problem. A real step would be a true privacy card, a card issued in a jurisdiction unfriendly to U.S. investigators and offering various transaction-blinding options. I have to wonder what pressures have been put on the major credit card companies... --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Tue Jul 30 22:29:31 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 31 Jul 1996 13:29:31 +0800 Subject: Dry Under the Waterfall Message-ID: <199607310251.TAA13176@mail.pacifier.com> At 04:32 PM 7/30/96 -0400, Perry E. Metzger wrote: >Untrue, Duncan. Far more than 5% of the population is online already, >and the numbers are expanding rapidly. Soon even the semi-literate >will be on line, if only so they can get the latest pornography and >sports videos. Don't forget the pipe-bomb designs! Jim Bell jimbell at pacifier.com From wb8foz at nrk.com Tue Jul 30 22:49:08 1996 From: wb8foz at nrk.com (David Lesher) Date: Wed, 31 Jul 1996 13:49:08 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: <199607310026.RAA20205@mycroft.rand.org> Message-ID: <199607310328.XAA03602@nrk.com> > "Stays less than a month" pays evens. > "Audibly killfiles at least one person" pays 1 to 7. > > Stand not upon the order of your going, but go at once... > > Jim Gillogly Ahhem... As I immodestly remember, I called both of these. I should therefore be Really Rich.. Right? However, I'd like to donate my winning to a worthy 'Punk cause -- the Tim May Hot Tub Maintenance Fund.... Call 1-800-TIMS TUB for details.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From snow at smoke.suba.com Tue Jul 30 23:02:54 1996 From: snow at smoke.suba.com (snow) Date: Wed, 31 Jul 1996 14:02:54 +0800 Subject: VISA Travel Money In-Reply-To: Message-ID: On Tue, 30 Jul 1996, Sandy Sandfort wrote: > It sounds VERY promising to me. Though I'm sure Jim's conjecture > about linking transactions is correct, I don't see how such an > aonymous payment system could not be useful in preserving privacy. > One could purchase several of these cards--preferably in the > smallest denominations consistent with their mission. Each card > could be used so that its audit trail left whatever impression > one wished to leave. > > Of course, if you are arrested with one or more of them on you, > they could be used to tie you to times, places and activities > with which you might not wish to be associated. Proper handling > could obviate or reduce this risk however. > > It's not as anonymous as cash, but it might draw a lot less > attention in my circumstances. I think it has a place in one's > aresenal of privacy enchancing technologies. This card has the value "written" when you "purchase" it right? Any one wanna bet on how long it will take the "Hacker" Community to figure out how to "refill" it? Otherwise all you have is a debit card. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From forsvunnet at alpha.c2.org Tue Jul 30 23:15:45 1996 From: forsvunnet at alpha.c2.org (forsvunnet at alpha.c2.org) Date: Wed, 31 Jul 1996 14:15:45 +0800 Subject: New Clinton (anti-) Encryption Policy nnn Message-ID: <199607310252.TAA21457@infinity.c2.org> Thought you all might be interested in these documents. They were put out as press releases internationaly on 7/25. It occurs to me that the list of companies collaborating with the Department of Commerce on key escrow must be publically available. If someone could get a copy it would allow us all to contact those companies with our views and (more importantly) begin a campaign against companies supporting the escrow project on the net. Here are the press releases: CLINTON ADMINISTRATION FACT SHEET: U.S. CRYPTOGRAPHY POLICY (Industry, international cooperation urged) WASHINGTON -- Because advanced encryption technology is posing problems for law-enforcement officials to investigate crimes and terrorism, the Clinton administration is pressing for a global system for unlocking encrypted messages when necessary. A July 12 fact sheet from the U.S. Department of Commerce elaborates the administration approach, called key recovery encryption. While the United States sets no limit on the level of encryption technology that can be used domestically, it does restrict exports of it. The administration says it might relax those export controls if U.S. industry cooperates on building a key recovery infrastructure. Following is the text of the fact sheet: (begin text) U.S. Cryptography Policy: Why We Are Taking the Current Approach We live in an age of electronic information. Information technology is transforming society, creating new businesses, new jobs and new careers. The technology also creates new opportunities for crime and new problems in investigating and prosecuting crime. As a result, electronic information, be it corporate trade secrets, pre-release government crop statistics, or a patient's medical records, must have strong protection from uninvited modifications or disclosure. Cryptography enables that protection. The United States is the world leader in information technology. U.S. firms continue to dominate the U.S. and global information systems market. Retaining this leadership is important to our economic security. The Clinton administration, through its National Information Infrastructure initiative, has long recognized that government has an important role as a facilitator and catalyst for the industry-led transformation of the way we use computer and communications technology to work and live. In particular, government has a strong interest in promoting the legitimate use of robust encryption to support U.S. international competitiveness, foster global electronic commerce, prevent computer crime, and ensure that the information superhighway is a safe place to conduct one's business. At the same time, there is a growing recognition, affirmed most recently by the National Academy of Sciences, that the use of encryption to conceal illegitimate activities "poses a problem for society as a whole, not just for law enforcement and national security." In brief, criminals can use encryption to frustrate legal wiretaps and render useless search warrants for stored electronic data. We know of no technical solution to the problems that would result from the global proliferation of strong cryptography. The implications of this are no small matter. Encrypted computer files have hampered the prosecution of child pornographers. Militia groups advise their members to use encryption to hide illicit weapons, financial, and other criminal activities. Aldrich Ames was instructed by his Soviet handlers to encrypt computer files that he passed to the Soviets. And international terrorists and drug dealers increasingly use encryption to prevent law enforcement officials from reading their voice and data transmissions. Grave crimes, such as a plot to shoot down several airliners over Chicago, have been foiled by the use of wiretaps. Had the FBI been unable to read those transmissions, however, a major tragedy might have ensued. Cracking Coded Messages We should not underestimate how difficult it is to decode encrypted electronic information. One approach advanced in the popular debate is to provide our law enforcement officials with more computing power. At first glance, this suggestion seems promising because in theory any encrypted message can be decoded if enough computing cycles are applied. This approach fails for five reasons: First, it relies on mathematical theory, not operational reality. Digital technology reduces voice, faxes, images, and text in any language to indistinguishable 1s and 0s. A great variety of encryption products are also available. Under ideal conditions -- if the type of communication or file, language, and encryption algorithm are known with certainty, and a short key is used to encrypt the information -- a large, specially designed computer could decode a single message relatively quickly. But state, local, and federal law enforcement officials do not operate in the clean confines of a high-tech computer center. They must first capture the 1s and 0s and discern what kind of encryption they have encountered. Second, after the decoding problem is isolated, acquiring a machine to decode a message is neither quick, easy or inexpensive. Commercially available computers could not be used because they will not have sufficient capacity. It would, for example, take years for the computers used to process all Social Security claims, payments and earnings years to decode one message using the Data Encryption Standard (DES), a widely used system originally developed by the U.S. government that uses a 56-bit key. Third, this approach betrays a misunderstanding of how crimes are prevented. Used only in the most critical cases, legally authorized wiretaps provide crucial information just before a crime is to occur. Thus a near real-time ability to decode messages is needed. Days or weeks are too long to wait to find out that a terrorist attack is about to happen. Fourth, this approach fails to acknowledge the volume of messages that could need decoding. Each wiretap results in the collection of thousands of messages relevant to the investigative purpose of the wiretap. Even under the most ideal conditions, had these messages been encrypted, the computing resources required to decrypt them quickly would simply not be available. And this example does not include the additional burden of decrypting, if possible, any digital information such as computer disks that are seized as evidence after a crime has been committed. Finally, revealing the precise capabilities of law enforcement agencies to decode messages, as would be necessary in order to present the fruits of that work as evidence in court, could provide a tutorial to criminal elements bent on eluding law enforcement. No restrictions apply to the U.S. domestic use of cryptography, and the administration has no plan to seek restrictions. Cryptography has long been controlled for export for national security reasons, so as to keep it from getting into the hands of foreign governments. But it has today become a dual-use technology, and international businesses want to use the same security products both domestically and abroad. The administration is thus under strong pressure to provide relief from cryptography export controls. For our cryptography polIcy to succeed, it must be aligned with commercial market forces and operate on an international basis. Further, it should preserve and extend the strong position that U.S. industry enjoys in the global information systems marketplace. Accordingly, the U.S. government is working with U.S. industry and our international trading partners on an approach that will protect information used in legitimate activities, assure the continued safety of Americans from enemies both foreign and domestic, and preserve the ability of the U.S. information systems industry to compete worldwide. Key Management and Recovery A consensus is emerging around the vision of a global cryptography system that permits the use of any encryption method the user chooses, with a stored key to unlock it when necessary. The encryption key would be provided voluntarily by a computer user to a trusted party who holds it for safe keeping. This is what many people do with their house keys -- give them to a trusted neighbor who can produce them when something unexpected goes wrong. Businesses should find this attractive because they do not want to lock up information and throw away the key or give an employee -- not the company -- control over company information. An individual might also use this service to ensure that she can retrieve information stored years ago. This will require a new infrastructure, consisting of trusted parties who have defined responsibilities to key owners. Under law, these trusted emergency key recovery organizations would also respond in a timely manner to authorized reques! ! ts from law enforcement officials who required the key to decode information lawfully obtained or seized from a subject of investigation or prosecution. The federal government will use key recovery encryption on its own computers because it makes good management sense. It would be irresponsible for agencies to store critical records without key recovery, risking the loss of the information for programmatic use and the inability to investigate and prosecute fraud or misuse of the information. A number of U.S. and international companies are working with the U.S. and other governments to create a system of trusted parties who are certified to safeguard the keys. In some cases, organizations might guard their own keys. In other cases, persons will use the key recovery services provided by third parties, one of a suite of services that will include electronic directories and electronic "notaries" in support of online commerce. Persons will be free to choose the type and strength of encryption that provide the degree of security they believe appropriate for their use. Taken together, an overall key management infrastructure is needed to make electronic commerce practical on a global scale. Some commercial products and services which provide emergency key recovery are already available. Testing and refinement is needed before a widespread, robust infrastructure is put in place. The U.S. government is committed to supporting the development of such a key management infrastructure through pilots and experimental trials. The State Department is expediting the review of several export license applications that test commercial key recovery on an international scale. An interagency working group is identifying several potential governmental uses of commercial cryptography -- both internal transactions and in communications with the public -- where key recovery can be tested. A plan outlining these government tests will be available in August. The government will be purchasing key recovery products for its own use and will adopt a federal standard for evaluating such products to assure agency purchasers that the key recovery features operate properly. T! ! he Department of Commerce will be establishing an industry-led advisory committee to make recommendations regarding such a standard this summer. While we are open to other alternatives, a key recovery system is the only approach we know of that accommodates all public safety interests. And even it is imperfect. Some people will not join voluntary systems, preferring to run the risk of losing their keys and being unable to recover their encrypted information. Although in some countries (e.g., France) mandatory key escrowing is already in effect, we are pursuing a market-driven approach in part because we hope and believe that key recovery will develop as a cost-effective service in an electronic commerce infrastructure. We are encouraged in this effort by recent discussions we have had at the Organization for Economic Cooperation and Development (OECD) that are leading to international cryptography management principles which support key recovery. Export Controls No matter how successful we are in realizing this vision, American users of computer technology are demanding stronger encryption for international use now. Although we do not control the use of encryption within the U.S., we do, with some exceptions, limit the export of non-escrowed mass market encryption to products using a key length of 40 bits. (The length of the encryption key is one way of measuring the strength of an encryption product. Systems using longer keys are harder to decrypt.) U.S. industry asserts that it is losing overseas sales to its European and Japanese competitors because it cannot include stronger cryptography as a component of its commercial software and hardware products. It warns that loss of a significant share of the world information systems market would cause serious economic damage to the U.S. economy and could reduce the U.S. government's ability to influence the long-term future of global cryptography. It also argues that, beca! ! use customers do not want to use one product in the U.S. and a different one overseas, export controls are causing U.S. firms to provide an unsatisfactory level of protection to their electronic information, making them vulnerable to industrial espionage by their competitors and foreign governments. While 40 bit encryption products are still strong enough for many uses, the administration recognizes that some export liberalization may be useful to build support for a key management regime. Accordingly, we are actively considering measures that would provide limited, temporary relief from cryptographic export controls in exchange for real, measurable commitments from industry (e.g., investments in products that support key recovery) toward the building of a key management infrastructure. The liberalization proposals under discussion, which would continue the current one-time review of products by the National Security Agency, include: permitting products using longer key lengths to be exported to specific industry sectors such as health care or insurance (similar to current policy for the financial sector); allowing export of non-escrowed products to a list of trustworthy firms beyond those sectors, with provisions for monitoring compliance to prevent product d! ! iversion to other firms; export of cryptography-ready operating systems; and, most dramatically, the transfer of jurisdiction over commercial encryption products from the State Department's munitions list to the Commerce Department's list of dual-use technologies. Our goal is to obtain commitments from industry by the fall. We must, however, be careful in any relaxation of controls. Other governments' law enforcement and national security needs to access material encrypted with U.S. products could drive them to erect trade barriers by imposing import controls on strong non-escrow encryption products. In addition, we do not want to do anything that would damage our own national security or public safety by spreading unbreakable encryption, especially given the international nature of terrorism. Even 40 bit encryption, if widespread and not escrowed, defeats law enforcement. It is for these reasons that we oppose the legislation (S. 1726) introduced in this Congress by Senator Burns and co-sponsored by Senator Lott and former Senator Dole. Although it contains some provisions, such as the transfer of export control jurisdiction for commercial cryptography to the Commerce Department, with which we could agree if constructed with appropriate safeguards, the bill is unbalanced and makes no effort to take into account the serious consequences of the proliferation it would permit. The importance of the U.S. information technology industry, the security stakes, and increasing congressional interest make it clear that there is an urgent need for clear policy and direction. The administration's proposed approach is broadly consistent with industry suggestions and the conclusions reached by the National Academy of Sciences in its report. That report recognizes the need to address a complex mix of commercial and security issues in a balanced manner. We agree with that need. We also agree with the report's recommendation that export controls on encryption products need to be relaxed but not eliminated, and are actively considering ways of providing short-term relief. (We do not agree with the report's recommendation that we eliminate most controls on 56-bit key length products.) Finally, we agree that key escrow is a promising but not fully tested solution, and are promoting the kinds of testing the report recommends as a way of demonstrating! ! the solution's viability while providing stronger encryption internationally. We will continue discussions with industry, other members of the private sector, the Congress, and governments at all levels to arrive at a solution that promotes a future of safe computing in a safe society. (end text) TEXT: ADMINISTRATION STATEMENT ON COMMERCIAL ENCRYPTION (International agreement sought for security, safety) WASHINGTON -- The Clinton administration has proposed a framework for an international agreement that would give law-enforcement officials around the world some access to encrypted information in telephone transmissions, electronic mail and Internet communications. A July 12 press release from the U.S. Department of Commerce gives the essence of the proposal, which would entail use of private-sector third parties who would hold spare keys to encryption tools and would surrender them to law-enforcement officials having proper �uthority. While developing this proposal, the administration would consider relaxing U.S. export controls on encryption technology. Following is the text of the administration statement: (begin text) Administration Statement on Commercial Encryption Policy The Clinton administration is proposing a framework that will encourage the use of strong encryption in commerce and private communications while protecting the public safety and national security. It would be developed by industry and will be available for both domestic and international use. The framework will permit U.S. industry to take advantage of advances in technology pioneered in this country and to compete effectively in the rapidly changing international marketplace of communications, computer networks, and software. Retaining U.S. industry's leadership in the global information technology market is of longstanding importance to the Clinton administration. The framework will ensure that everyone who communicates or stores information electronically can protect his or her privacy from prying eyes and ears as well as against theft of, or tampering with, their data. The framework is voluntary; any American will remain free to use any encryption system domestically. The framework is based on a global key management infrastructure that supports digital signatures and confidentiality. Trusted private-sector parties will verify digital signatures and also will hold spare keys to confidential data. Those keys could be ortained only by persons or entities that have lost the key to their own encrypted data, or by law enforcement officials acting under proper authority. It represents a flexible approach to expanding the use of strong encryption in the private sector. This framework will encourage commerce both here and abroad. It is similar to the approach other countries are taking and will permit nations to establish an internationally inter-operable key management infrastructure with rules for access appropriate to each country's needs and consistent with law enforcement agreements. Administration officials are currently working with other nations to develop the framework for that infrastructure. In the expectation of industry action to develop this framework internationally and recognizing that this development will take time, the administration intends to take action in the near term to facilitate the transition to the key management infrastructure. The measures the administration is considering include: 1. Liberalizing export controls for certain commercial encryption products. 2. Developing, in cooperation with industry, performance standards for key recovery systems and products that will be eligible for general export licenses and technical standards for products the government will purchase. 3. Launching several key recovery pilot projects in cooperation with industry and involving international participation. 4. Transferring export control jurisdiction over encryption products for commercial use from the Department of State to the Department of Commerce. Administration officials continue to discuss the details of these actions with experts from the communications equipment, computer hardware and software industries, civil liberties groups and other members of the public to ensure that the final proposal balances industry actions towards the proposed framework, short-term liberalization initiatives, and public safety concerns. The administration does not support the bills pending in Congress that would decontrol the export of commercial encryption products because of their serious negative impact on national security and law enforcement. Immediate export decontrol by the U.S. could also adversely affect the security interests of our trading partners and lead them to control imports of U.S. commercial encryption products. A Cabinet committee continues to address the details of this proposal. The committee intends to send detailed recommendations to the president by early September, including any recommendations for legislation and executive orders. The committee comprises the secretaries of State, Defense, Commerce and Treasury; the attorney general; the directors of Central Intelligence and the Federal Bureau of Investigation; and senior representatives from the Office of the Vice President, the Office of Management and Budget, and the National Economic Council. (end text) SENATORS, ADMINISTRATION CLASH OVER ENCRYPTION CONTROLS (Bill would allow more exports) By Bruce Odessey USIA Staff Writer WASHINGTON -- Clinton administration officials and members of a Senate committee have clashed over policy on export controls for advanced encryption technology. At issue at a July 25 Senate Commerce Committee hearing was a bill that would relax those controls by allowing U.S. exports of any encryption technology that was already generally available for sale in foreign markets. Encryption is the use of a string of letters or numbers -- known as a "key" -- that renders computer files and digital transmissions unreadable to those without access to the code. The complexity of the key is measured in bits. Present regulations prohibit U.S. exports of encryption products using a key length of more than 40 bits. "It is widely agreed that 40-bit security equals no security. It is simply too easy to break," said Senator Larry Pressler, committee chairman. "However, U.S. companies are not allowed to provide products at this level abroad .... This is a boon for our foreign competitors. They are actively developing markets we are forced to abandon." Senators of both parties expressed dissatisfaction with an administration policy announced July 12. The policy would allow some relaxation of the export controls but only if U.S. industry lent support to an administration proposal for a global cryptography system -- called an internationally inter-operable key management infrastructure, or a key escrow system. A number of governments in the Organization for Economic Cooperation and Development (OECD) are already working to create such a system. Under it, non-government parties would hold encryption keys in escrow; law-enforcement officials with court authority would have access to the keys to unscramble data transmissions, telephone conversations and electronic mail in criminal or terrorism investigations. Supporters of the bill and administration officials opposed to it differed not only about interpreting the facts but also about the facts themselves. For example, one issue concerns whether attempts to control encryption technology are already too late because advanced products -- including 56-bit products available for downloading for free from sites on the Internet -- are already widely available. "Some observers say the encryption genie is out of the bottle and that attempts to influence the future use of encryption are futile," said Louis Freeh, director of the Federal Bureau of Investigation (FBI). "This is not true, in my view." He argued that a little time remains to protect public safety because few people use encryption technology yet. "Some strong encryption products can be found overseas, but they have not yet become embedded in mainstream operating systems, which I think is a critical distinction," Freeh said. "There is still a window of opportunity for us to act here. Administration officials guessed that countries might have two years yet to reach international agreement before the infrastructure builds up to make robust encryption products widely useful. An agreement could help create an infrastructure open to scrutiny by law-enforcement officials around the world through key management. Then, even if wealthy criminal or terrorist organizations used advanced non-key escrow technology to block interception of communications among their own members, law-enforcement officials could still scrutinize their external communications to banks and other legitimate businesses conducted with key escrow products. That was the Clinton administration view, anyway, but it was not shared by many on the Senate Commerce Committee. "Is it possible to get every country on the planet to agree to this approach," asked Senator Conrad Burns, a Montana Republican who is sponsoring the bill, "and, if we cannot, wouldn't the entire approach be undermined if one or more countries chose not to adopt such an approach?" Senator Ron Wyden, an Oregon Democrat, said the Clinton policy would force U.S. industry permanently behind foreign competitors. "The terrorists and drug merchants of the 21st century are not going to be encryption simpletons," Wyden said. "Many of them are going to be savvy and sophisticated, and they are going to be hunting worldwide for these data-scrambling products," not just from U.S. suppliers. From pgut001 at cs.auckland.ac.nz Tue Jul 30 23:24:31 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Wed, 31 Jul 1996 14:24:31 +0800 Subject: RPK Public Key Cryptography Message-ID: <199607310421.QAA09064@cs26.cs.auckland.ac.nz> Tall men in dark suits made Stephen Cobb write: >My apologies to the list if this subject is old hat but someone just pointed >me to the RPK Public Key Cryptography site and I was wondering what people >thought of this particular technology. It's just Yet Another PKC. Look at the history of LUC for a similar example: An amazing new breakthrough in PKC is announced, after a couple of years of analysis by cryptographers it's found to be no better or worse than existing PKC's, but in any case noone uses it because the existing patent covers only the US and expires in a few years whereas the LUC ones cover much of the world and will be around for ages. RPK is a similar case (actually it's in a somewhat worse position, by the time it's been subjected to enough analysis for people to trust it, the RSA patent will have expired, making RPK unmarketable). Other comments on the system: - The inventor apparently has no plans to publish details on the system in a journal or present it at a conference for peer review. - Someone who used to work with him rates him as a fairly competent programmer. His crypto skills are unknown. Given what happened with LUC I predict more of the same for RPK. Peter. From cts at deltanet.com Tue Jul 30 23:30:35 1996 From: cts at deltanet.com (Kevin Stephenson) Date: Wed, 31 Jul 1996 14:30:35 +0800 Subject: Taxes in the digicash world In-Reply-To: <199607301117.GAA06799@manifold.algebra.com> Message-ID: <31FEDF34.18FA@deltanet.com> Igor Chudov @ home wrote: > > Hi > > Suppose that digital cash becomes easy enough to use and becomes the > mainstream medium in most [or at least many] economic transactions. > > The question is, how can the government TECHNICALLY collect taxes? > I do not mean to start `libertarianism vs. socialism' discussion, I > am more interested in the technical aspects of tax collection when > transfers of money are protected by strong crypto.. > > Let's say, maybe this tax would work: every time someone verifies that > a piece of digital cash is valid, s/he has to pay the government a little > percentage of the amount. Since digital banks are easier to control than > other participants of the market, this kind of tax legislation is easier to > enforce. > > Of course these banks may be offshore, and then such collection > becomes problemstic. > > Another alternative that I see is property taxes and poll taxes,or > taxes on some commodities such as oil. But incomes seem to be hard to > track. > > What else? > > - Igor. Governments consume a certain percentage of their nations gross domestic product. They will do whatever it takes to make sure their "cut" doesn't go down. The world will never live on information alone. There is always going to be a need for physical transactions. The government will just raise taxes on anything tangible. The lower class will end up paying a larger percentage of taxes because they utilize information/service technologies less then the middle and upper classes. The government and its "distributed wealth" ideals, will raise property taxes to try to even the load over the populace. Another idea is that the government will start taxing shipments. You buy a CD with your e-money, but it still has to be shipped. They can force the shipper to declare the value of the contents and collect the tax when the box arrives at your doorstop. This would be very hard to implement, but I wouldn't rule anything out at this point. When information and service becomes untaxable, you will see some very creative new taxes emerge. I have an idea for fully anonymous, offshore accountless electronic cash, but feel that the effort to implement it might be futile if the government were to ban any such successful technology. *** .sig under construction *** From tcmay at got.net Wed Jul 31 00:04:37 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 31 Jul 1996 15:04:37 +0800 Subject: You know it's getting late when... (fwd) Message-ID: At 1:24 AM 7/31/96, Jim Choate wrote: >Consider (to some) a trivial example. There are 20 million cats and dogs >killed each year because somebody was irresponsible. The vast majority of >these are or were pets (not feral or wild animals as some would claim) which >persons simply didn't want anymore. Now there is somewhere around 250 >million people in the US. This means that 1 out of 10 (roughly) are costing >the rest of us about $50 ea. to take care of their pet 'problem'. > >I see no difference in having my money taken via taxes (where most of it >comes from) for this than having somebody come and take $50 for whatever >reason by kicking my front door in. Why am I being forced to pay this money >to pay for somebody elses lack of discipline and simple human empathy? I agree, and this is one reason I am opposed to State-sponsored canine and feline genocide. And historically the lack of canine eradication programs has been a major way to control the "homeless problem," so the State is making the homeless problem worse by removing natural pest control mechanisms. --Klaus From mpd at netcom.com Wed Jul 31 00:10:44 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 31 Jul 1996 15:10:44 +0800 Subject: VISA Travel Money In-Reply-To: Message-ID: <199607310523.WAA01116@netcom9.netcom.com> Snow writes: > This card has the value "written" when you "purchase" it right? No. Unlike the VISA Cash Card, which has a chip in it and holds value, this card is simply associated with an account containing the money, which is accessed in the normal manner using ATMs and VISA's PLUS network. You can even have multiple cards issued on same account, if you choose to do so, and you get the standard set of cardmember services, such as lost card replacement, that you get with a regular credit card. > Any one wanna bet on how long it will take the "Hacker" Community > to figure out how to "refill" it? Otherwise all you have is a > debit card. Which is precisely what this card is. A disposable debit card sold through participating financial institutions. That isn't to say hackers might not have some fun with the system, but the card by itself is not vulnerable to such an attack. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From frantz at netcom.com Wed Jul 31 00:16:34 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 31 Jul 1996 15:16:34 +0800 Subject: Paranoid Musings Message-ID: <199607310502.WAA09812@netcom7.netcom.com> I'm really feeling much better now :-). At 6:48 PM 7/30/96 -0400, Mark M. wrote: >On Tue, 30 Jul 1996, Bill Frantz wrote: >> The paranoid conclusion is that there is a significant weakness in RC4. > >An FPGA can break RC4 in a few hours. With several thousand of these, RC4 >could be broken in about a second. Besides, RC4 has been around for 9 years >and has not been successfully cryptanalyzed. The RC4 algorithm is extremely >simple and doesn't have any obvious weaknesses. IMHO, NSA's cryptanalysis is second to none. I have been assuming a weakness based on a classified cryptanalysis technique. They have certainly been thinking about "S-Box" cyphers since at least Lucifer and DES. But let's approach the question from a different angle. Consider the number of messages that need to be broken and the costs of machines to do it. How many encrypted messages do you think NSA wants to read? I have no idea either, but in the spirit of never depend on expert opinion when simple arithmetic will do, let's assume a world where major email packages use encryption as a matter of course. If we assume that the 30 million net users send one email/day, then that results in about 350/second. If I assume your "several thousand" is 2000, then we need a machine with 700,000 FPGA's. Given Matt Blaze et. al.'s estimate of $10/chip complete, that is $7 million. However if you take the NSA's estimate (in their response to Blaze et al) of $1000/chip, then you get $700 million. If we assume a machine designed to break *every* message, NSA's response makes more sense. From their response (reordered): >The factors not accounted for are: > > o Memory costs are not included. It needs to store all the messages it is attacking. > o When get [sic] to the very fast processing speed estimates, > machines can become Input/Output bound; so [sic] it cannot achieve > the estimated speed. It needs to get all those messages into the machine, the plaintext out, and distribute the data to the FPGAs. > o As more and more chips are added to a machine, two effects occur: > > o Interconnections increase and increase running time; > o Heat from the chips eventually limit [sic] the size of a > machine. Fast machines produce a lot of heat. > o R&D costs for the first machine, typically on the order of $10 > million. R&D costs for high-speed I/O, large memories, and efficient heat removal might be significant. > o Assuming every algorithm can be tested in same amount of time and > key length is the only difference. This is one of Blase et. al.'s simplifying assumptions. RC4 has a simple key setup and runs faster than DES. Brute forcing 40 bit Blowfish would be considerably harder. Probably about equal to 9 additional key bits harder. Now I have no problem with believing NSA would invest $7 million. However, $700 million makes me wonder. With FPGAs, there is a significant risk that people will change the crypto system and make the investment worthless. (Which, I guess, is why they prefer general purpose computers.) However, if they can get the equivalent of a few bits of key back by cryptanalysis, then they knock the costs down to entirely reasonable (for them) levels. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From dlv at bwalk.dm.com Wed Jul 31 00:42:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 31 Jul 1996 15:42:19 +0800 Subject: WaPo on Crypto-Genie Terrorism In-Reply-To: <199607302312.QAA28508@netcom6.netcom.com> Message-ID: mpd at netcom.com (Mike Duvos) writes: > David Sternlight writes: > > > ... I've unsubscribed ... > > Door. Ass. Bump. Good riddance. For once, SternFUD did something I approve of. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at vegas.gateway.com Wed Jul 31 00:50:37 1996 From: nobody at vegas.gateway.com (Anonymous Remail Service) Date: Wed, 31 Jul 1996 15:50:37 +0800 Subject: Aspol=ego Message-ID: <199607310540.BAA29017@black-ice.gateway.com> Jim Bell raved: >If anyone out there still doubts that the time for my "Assassination ^^ >Politics" idea will never come, I claim that it's later than you think. If anyone thinks _YOU_ thought of it first, they don't know history... From mpd at netcom.com Wed Jul 31 00:53:54 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 31 Jul 1996 15:53:54 +0800 Subject: You know it's getting late when... (fwd) In-Reply-To: Message-ID: <199607310601.XAA17897@netcom10.netcom.com> Tim writes: > And historically the lack of canine eradication programs has been > a major way to control the "homeless problem," so the State is > making the homeless problem worse by removing natural pest control > mechanisms. Reminds me of the person who characterized the rise of the Radical Religious Right to power as due to "a shortage of lions." -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From tcmay at got.net Wed Jul 31 01:31:48 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 31 Jul 1996 16:31:48 +0800 Subject: FPGAs and Heat (Re: Paranoid Musings) Message-ID: At 5:05 AM 7/31/96, Bill Frantz wrote: >I'm really feeling much better now :-). I guess Ritalin really does work. >How many encrypted messages do you think NSA wants to read? I have no idea >either, but in the spirit of never depend on expert opinion when simple >arithmetic will do, let's assume a world where major email packages use >encryption as a matter of course. If we assume that the 30 million net >users send one email/day, then that results in about 350/second. If I >assume your "several thousand" is 2000, then we need a machine with 700,000 >FPGA's. Given Matt Blaze et. al.'s estimate of $10/chip complete, that is >$7 million. However if you take the NSA's estimate (in their response to >Blaze et al) of $1000/chip, then you get $700 million. I for one don't have any way of estimating how many messages they might want to read. But note some figures we've discussed here before: * NSA spent upwards of $100 M to build the "Harvest" machine in the late 50s and early 60s (you worked with Norm Hardy, Bill, so you undoubtedly know about this). Some of this machine's capacity was for cryptanalysis, some for voice analysis, and no doubt a lot for other things. But it says something about the kinds of money that will be spent. * Spysats routinely cost a billion dollars or more. (A single launch of the space shuttle costs at least $500 M, as I recall. Some shuttle launches have been to deploy SIGINT sats.) * The NSA was one of the main investors in several high tech companies, including Control Data Corporation and Cray Research. I conclude, roughly speaking, that spending $100 M on a specialized machine to break RC4 or any other modern cipher (that is breakable at the key lengths used) would not even give them pause. >If we assume a machine designed to break *every* message, NSA's response >makes more sense. From their response (reordered): I don't believe that even _they_ would plan for something like this, unless RC4 is a lot weaker than experts seem to think it is. [stuff elided] >> o As more and more chips are added to a machine, two effects occur: >> >> o Interconnections increase and increase running time; >> o Heat from the chips eventually limit [sic] the size of a >> machine. >Fast machines produce a lot of heat. But, as many have pointed out, this is not a realistic limit. The pieces of the solution could be scattered from one end of Fort Meade to another, and still not be affected much by communications costs and delays. Power density is thus not going to be a problem. (A calculation can be done on how long it will take before electricity costs exceed chip costs...I haven't done this for the crypto FPGAs, as so many things are unclear about what they might be, but for the 200 MHz Pentium (CPU alone, not a system) I get: 40 kilowatt-hours per year x $0.10 per KWH = $4 per year in electricity costs. Heat removal costs are comparable.) FPGAs and custom chips will not be much different. I conclude that the costs of building the chips and system will be orders of magnitude more expensive than the costs of running the chips with power, and that removing the heat is not an issue. (Spread out enough, simple heat removal a la office computers is fine. Leaving windows open is even cheaper ;-)) >Now I have no problem with believing NSA would invest $7 million. However, >$700 million makes me wonder. With FPGAs, there is a significant risk that >people will change the crypto system and make the investment worthless. >(Which, I guess, is why they prefer general purpose computers.) However, >if they can get the equivalent of a few bits of key back by cryptanalysis, >then they knock the costs down to entirely reasonable (for them) levels. An FPGA is field-programmable. (FPGA = Field Programmable Gate Arrays) The Xilynx and Altera lines of FPGAs could be reconfigured for other algorithms, surely. (I recall several preliminary designs discussed in various places.) This doesn't mean they've done it, only that they could buy millions of FPGAs for the cost of a single spysat or shuttle launch. So, it seems likely. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From iang at cs.berkeley.edu Wed Jul 31 01:57:32 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Wed, 31 Jul 1996 16:57:32 +0800 Subject: E-Cash promotion idea In-Reply-To: <1.5.4.32.19960729084347.00331d14@giasdl01.vsnl.net.in> Message-ID: <4tmv28$1hn@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <1.5.4.32.19960729084347.00331d14 at giasdl01.vsnl.net.in>, Arun Mehta wrote: >At 05:15 24/07/96 -0500, Matt Carpenter wrote: > >>getting change from the merchant. Ian Goldberg pointed out that >>with the current ecash protocol, accepting change not only eliminates your >>anonymity, but that you also have to go online to make sure you aren't being >>cheated. But don't forget that you can use a slightly modified protocol to accept change anonymously, without having to go online! > >I'm sure it should be possible for the merchant to electronically >give you an "IOU" for the amount of change s/he owes you, no >matter how small, without loss of your anonymity. Next time you >go to the same merchant, the IOU could automatically be adjusted >against the new purchase. An IOU is equivalent to a coupon. You could even implement it as ecash issued by the merchant, but why? Using the "change" protocol, you can do it with real ecash just as easily. It's just as hard to get an HP48 to check the signature on change coins returned by the merchant as it is to check the signature on the IOU. An HP48 is unlikely to be able to do 768-bit RSA operations. However, it could easily have coins stored on it, transmitted to the store via a convenient IR port, or an RS232 connection. It's quite straightforward; if I had a store, I'd do it myself... - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMf7/hUZRiTErSPb1AQFmCwQAj13wUVsf7zoUV9KuhnSIcEm1cELeHmfS voz+evncXOfr0aDEwb7y90iDwmm68Xrgq3IILKBLS+iu0s54LCG/jeBCPjW3b9oE nyZK47qRSmdHI7sqEwtWxlKrU4/trwY98q0nzZEIFvdJfRykPl0+Im0NBdRBYXVP i9h4uLuZz4k= =2ek/ -----END PGP SIGNATURE----- From alanh at infi.net Wed Jul 31 02:31:36 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 31 Jul 1996 17:31:36 +0800 Subject: A Libertine Question In-Reply-To: <199607302350.QAA01377@netcom21.netcom.com> Message-ID: > From: Mike Duvos > Perhaps, but I can think of a lot of examples. Laws that make it illegal > to ask for money. Laws that say you can't sit on the sidewalk. Laws > that make it illegal to feed soup to people without a stack of permits > six feet high. Laws that make it illegal to perform an excretory function > outdoors in a city with almost zero public toilets. (You should have .....You should move out of the city to a place you can afford. There is no Constitutional right to live in Seattle. This country has gone through many many many business cycles, financial panics, etc. Only in the recent era have cities been forced to do these crackdowns (you think that herding and pacifying drunk/stoned panhandlers is pleasureable? Try working as a Seattle cop for a week, oh Mr Armchair Sociologist) as a desperate measure of self-defense. We are importing farm labor. There is plenty of work for those who want it. Ask the Vietnamese/Cambodian/Laotian refugees who've arrived in Seattle. I am a strong libertarian. Sell crack cocaine, rent your pussy to horny middle-aged businessmen, do any non-violent, non-damaging-to-others-property you want, but damn well maintain public order and decorum. Or I will scream to my councilman for the cops to adjust your attitude with their billy club. From mab at research.att.com Wed Jul 31 02:40:10 1996 From: mab at research.att.com (Matt Blaze) Date: Wed, 31 Jul 1996 17:40:10 +0800 Subject: trust management workshop Message-ID: <199607310702.DAA20723@nsa.research.att.com> -------------------------------------------------------------------------- | DIMACS: Center for Discrete Mathematics & Theoretical Computer Science | | A National Science Foundation Science and Technology Center | -------------------------------------------------------------------------- DIMACS Workshop on Trust Management in Networks Dates: Sept. 30 - Oct. 2, 1996 Location: CORE Bldg., Rutgers University Busch Campus, Piscataway NJ Co-Chairs: Ernie Brickell, Bankers Trust, brickell at btec.com Joan Feigenbaum, AT&T Research, jf at research.att.com Dave Maher, AT&T Research, dpm at research.att.com Theme: The use of public-key cryptography on a mass-market scale requires sophisticated mechanisms for managing trust. For example, any application that receives a signed request for action is forced to answer the central question ``Is the key used to sign this request authorized to take this action?'' In certain applications, this question reduces to ``Does this key belong to this person?'' In others, the authorization question is considerably more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. This workshop covers all aspects of the trust management problem. Relevant topics include but are not limited to: General approaches to trust management Languages, systems, and tools Certificates and public-key infrastructure Formal models and analysis Trust management in specific application domains, including but not limited to: Banking E-mail Internet commerce Licensing Medical information systems Mobile programs and ``code signing'' Revocation of cryptographic keys Confirmed speakers include: Butler Lampson, Microsoft Matt Blaze, AT&T Research Steve Kent, BBN Carl Ellison, Cybercash Contributed talks: If you would like to attend and give a talk, please email a one-page abstract (NOT A FULL PAPER) in ascii format to Joan Feigenbaum at jf at research.att.com by September 1, 1996. The Trust Management workshop will be informal, and there are currently no plans to publish proceedings. For more information: If you would like to attend but not give a talk, contact Joan Feigenbaum at jf at research.att.com any time before the beginning of the workshop. There is a small amount of support available for people who do not have other sources of travel funds. Information about local arrangements, travel, lodging and registration can be found at http://dimacs.rutgers.edu/Workshops/Management. Those without WWW access can contact Pat Pravato at 908-445-5929 or pravato at dimacs.rutgers.edu. This workshop is part of DIMACS Special Year on Networks. Information about the Special Year on Networks can be found at DIMACS WWW site: http://dimacs.rutgers.edu or by contacting the center. --------------------------------------------------------------------- The Special Year program is made possible by long term funding from the National Science Foundation, the New Jersey Commission on Science and Technology and DIMACS university and industry partners. DIMACS Center; Rutgers University; P.O. Box 1179; Piscataway, NJ 08855-1179 TEL: 908-445-5928 FAX: 908-445-5932 ** EMAIL: center at dimacs.rutgers.edu WWW: http://dimacs.rutgers.edu **TELNET: telnet info.rutgers.edu 90 DIMACS is a partnership of Rutgers University, Princeton University, AT&T Research, Bellcore, and Lucent - Bell Laboratories. From jubois at netcom.com Wed Jul 31 03:03:26 1996 From: jubois at netcom.com (j ubois) Date: Wed, 31 Jul 1996 18:03:26 +0800 Subject: A Libertine Question Message-ID: <01BB7E76.400794E0@jubois3.mbaynet.com> Alan Horowitz wrote: I am a strong libertarian...{deletia}...damn well maintain public order and decorum. ***Or I will scream to my councilman for the cops to adjust your attitude with their billy club.*** Sounds consistent and rational to me. From se7en at dis.org Wed Jul 31 03:20:55 1996 From: se7en at dis.org (se7en) Date: Wed, 31 Jul 1996 18:20:55 +0800 Subject: NBC In-Reply-To: Message-ID: On Tue, 30 Jul 1996, Martin Minow wrote: > Since I've been in this business for well over thirty years and, > about ten years ago, had one of my systems infested by Kevin > Mitnick, I'm not particularly sympathetic to the "we're just > trying to learn" mentality -- if you want to learn, buy a PC > and a Linux CD, write some code, give it away, and make a real > contribution to the community. The taped interview lasted more than two hours, with only five minutes airing, so a lot of statements from our mouth is still out of context. As far as your learning suggestions, I have over 17 years of experience in this "underground community", have owned every type of machine available, can safely guess I have written a large amount of source code equivelent to some of the best, always give it away, and can definitely say I have made more a contribution than you could ever hope for in your wildest dreams. :) Dealing with the media is a double edge sword. They contacted me, gaveme their bent, and tpaed with me. You can figure out of two hours of tape, that with five minutes showing, vaery mnay important points got left out which would have put aired statements into context. You never know what they, and their editors, ultimately put in the story, for which I have yet to see due to my presence at Defcon. Know who you flame before you do so. :) No hard feelings. se7en From daw at cs.berkeley.edu Wed Jul 31 03:36:34 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Wed, 31 Jul 1996 18:36:34 +0800 Subject: Paranoid Musings In-Reply-To: <199607310502.WAA09812@netcom7.netcom.com> Message-ID: <4tn2q1$mh5@joseph.cs.berkeley.edu> In article <199607310502.WAA09812 at netcom7.netcom.com>, Bill Frantz wrote: > At 6:48 PM 7/30/96 -0400, Mark M. wrote: > >An FPGA can break RC4 in a few hours. I don't think so. None of the FPGAs Ian & I looked at could even approach the RC4-cracking performance of a fast Intel CPU. > If we assume that the 30 million net > users send one email/day, then that results in about 350/second. If I > assume your "several thousand" is 2000, then we need a machine with 700,000 > FPGA's. Given Matt Blaze et. al.'s estimate of $10/chip complete, that is > $7 million. However if you take the NSA's estimate (in their response to > Blaze et al) of $1000/chip, then you get $700 million. Those estimates assume that a single FPGA can break RC4 in hours. I think that is an extremely optimistic assumption, given the available public information. But perhaps NSA is orders of magnitude ahead of us in chip design (unlikely) or orders of magnitude ahead of us in RC4 cryptanalysis (and we're back to paranoid musings). > If we assume a machine designed to break *every* message, NSA's response > makes more sense. From their response (reordered): > > >The factors not accounted for are: > > > > o Memory costs are not included. > It needs to store all the messages it is attacking. Naw, this is orthogonal to the cost of cryptanalysis-- even when all messages are sent in the clear, they still need this storage. I would be willing to believe that message selection & storage is a very expensive part of SIGINT. However, if one has the resources to break all encrypted messages in realtime, I don't see why message selection & storage costs need to increase so significantly. > > o When get [sic] to the very fast processing speed estimates, > > machines can become Input/Output bound; so [sic] it cannot achieve > > the estimated speed. > It needs to get all those messages into the machine, the plaintext out, and > distribute the data to the FPGAs. Nope, I don't buy it. Show me a chip takes longer to load a known plaintext and ciphertext pair than it takes to do a 40-bit exhaustive keysearch for that pair, and I'll show you a chip that has no I/O pins. :-) Remember, if you have a million FPGAs to crack a thousand messages, you don't have to send the first message to all million FPGAs, then send the second message to all million FPGAs, etc. Instead you should send the first message to the first thousand FPGAs, and concurrently send the second message to the second thousand FPGAs, etc. > > o Assuming every algorithm can be tested in same amount of time and > > key length is the only difference. > This is one of Blase et. al.'s simplifying assumptions. RC4 has a simple > key setup and runs faster than DES. Brute forcing 40 bit Blowfish would be > considerably harder. Probably about equal to 9 additional key bits harder. I agree that key schedule complexity can have a significant influence on the complexity of exhaustive keysearch. However, DES's key schedule is actually much better suited to exhaustive keysearch than RC4's key schedule is. (I speak with implementation experience. However, it's not too hard to see why this should be true-- DES was designed for implementation in hardware, and its keyschedule consists merely of some bit permutations, which are free in hardware. RC4 uses RAM heavily, and thus can incur large I/O costs, and also is highly serialized, so it is not so well-suited to efficient hardware implementation.) Yup, brute-forcing 40-bit Blowfish will probably be even harder than RC4. > With FPGAs, there is a significant risk that > people will change the crypto system and make the investment worthless. No, FPGAs are programmable logic, and thus can be easily reprogrammed if the Netscape default encryption algorithm changes. Perhaps you are thinking of ASICs, which have their logic burned in, and cannot be changed. From kbwheaton at patrol.i-way.co.uk Wed Jul 31 04:59:10 1996 From: kbwheaton at patrol.i-way.co.uk (Mr. Brandon W. Wheaton) Date: Wed, 31 Jul 1996 19:59:10 +0800 Subject: FW: ANNOUNCEMENT: nym.alias.net enters beta testing (fwd) Message-ID: <01BB7EC3.EC5C1200@dynamic153.i-way.co.uk> ---------- From: William Knowles[SMTP:erehwon at c2.org] Sent: Tuesday, July 30, 1996 5:54 PM To: dc-stuff Subject: ANNOUNCEMENT: nym.alias.net enters beta testing (fwd) ---------- Forwarded message ---------- Date: Tue, 30 Jul 1996 19:40:36 -0400 (EDT) From: lcs Remailer Administrator To: cypherpunks at toad.com, coderpunks at toad.com, remailer-operators at c2.org, mail2news at anon.lcs.mit.edu Subject: ANNOUNCEMENT: nym.alias.net enters beta testing Newsgroups: alt.privacy.anon-server -----BEGIN PGP SIGNED MESSAGE----- I'm pleased to announce that the nym.alias.net pseudonym server has now entered the beta-testing phase, and seems quite stable. Nym.alias.net offers several interesting features: * Public-Key encryption of all received mail. Once mail has gone through nym.alias.net, no one can read it except you--even if you have been sending your mail to a newsgroup and your reply-block and remailers become compromised. * Support for multiple, probabilistically-weighted, reply blocks. These can be used for redundancy or to foil traffic analysis with decoys. * Replay detection. This foils replay attacks, but can also be used for higher reliability if you send redundant copies of a message through different remailer chains. * An option to receive only fixed-length messages (by splitting up large messages and padding small ones with garbage). * An option to sign mail you send with the remailer's public key, so as to give some assurance of authenticity without having to publish your own PGP public key. * Support for finger [pending DNS approval]. You can choose to make your nym's PGP public key available to all who finger its E-mail address. Right now you can test this by fingering at 18.26.0.252. In addition, experimental nym.alias.net support for Premail is now available (in the form of a patch to premail 0.44). With this patch, premail will store your nym's PGP key on encrypted keyrings. This allows you to publish a PGP key for your pseudonym without the danger of your identity being revealed to someone with access to your main PGP keyrings (or a backup copy of them). To obtain more information about nym.alias.net, finger or send mail to . To get information about using premail with nym.alias.net, finger or send mail to . These documents are also available on the new nym.alias.net web page: http://www.cs.berkeley.edu/~raph/n.a.n.html Please report all bugs to . I'll also be glad to consider feature requests, particularly from anyone interested in developing any more client software. Enjoy! mix-admin at anon.lcs.mit.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMf6dcUTBtHVi58fRAQE4NgP/SoKSqHxobEHuyWl6lXVAHgk9yqNS/WAD jUfKYGodThr93kJZkmreyIHrWgbromJJlXo6MPq9KpZzIh85uHRzBPRSh293hfUo ta8/sdZsW1+uoEkAs8JUWlwAEGo+bfmgRnFswf80pAPClpbGo52DAKyLKfdCaFps kQ+4hoouUvo= =qEWa -----END PGP SIGNATURE----- From kbwheaton at patrol.i-way.co.uk Wed Jul 31 05:00:17 1996 From: kbwheaton at patrol.i-way.co.uk (Mr. Brandon W. Wheaton) Date: Wed, 31 Jul 1996 20:00:17 +0800 Subject: FW: Securing 5% of the Internet against Wiretapping by Christmas (fwd) Message-ID: <01BB7EC3.E6BA1D60@dynamic153.i-way.co.uk> Something I picked up from a mailing list called dc-stuff. It's mostly having to do with security and hacking, thought not typically the "bad" sort. Thought it might not only be of interest the cypherpunks, but perhaps you could offer some hints, tips, advice?? Cheers, Bdog Date: Sat, 27 Jul 1996 16:24:52 -0700 From: John Gilmore Subject: FW: Securing 5% of the Internet against Wiretapping by Christmas I've been working on a project in secret for a few months, and now am talking about it with everyone so that we can all help it along. Want all the Internet traffic between you and every other privacy-conscious site on the net, worldwide, to automatically be encrypted using Triple-DES, RSA, and Diffie-Hellman? Without changing your hardware or software, except to stick a Linux PC on your network, or install a new version of Linux on your laptop? Want it all by Christmas? Then check out http://www.cygnus.com/~gnu/swan.html [...] -- John Gilmore An equal opportunistic encryptor From mccoy at communities.com Wed Jul 31 05:07:25 1996 From: mccoy at communities.com (Jim McCoy) Date: Wed, 31 Jul 1996 20:07:25 +0800 Subject: FPGAs and Heat (Re: Paranoid Musings) Message-ID: Oddly enough, I just left a talk at the '96 Genetic Programming conference on developing adaptable hardware and silicon evolution. One of the speakers at this particular session was the Product Line Manager from Xilinx and one of the goodies he handed out was pre-release data sheets for the new XC6200 series of FPGAs they are producing (the chips are already out in limited quantities) so here is a little update on the state of the art in this area. Tim May writes: > Bill Frantz wrote: > >> o As more and more chips are added to a machine, two effects occur: > >> > >> o Interconnections increase and increase running time; > >> o Heat from the chips eventually limit [sic] the size of a > >> machine. > >Fast machines produce a lot of heat. > > But, as many have pointed out, this is not a realistic limit. One can also use reversible logic to get arond the heat problem if mechanical means are not enough. This is a necessity for molecular-scale computing and during the post-session BS at another talk we speced out a system that could probably evolve a reversible logic compiler. Heat will not be a "wall" at any scale, it may add to the cost a little bit but the problem is solvable. The interconnection problem has also been solved in this chip series. [A long-standing problem with FPGAs is that there were generally a limited amount of "wires" running between the logic elements and thus a lot of cells were wasted because there were no interconnections left, I/O to the outside world was also a problem.] The chip has a really cool interconnection method which allows a much more efficient use of the chip real estate and which makes the entire chip directly addresable (like regular RAM) through an on-chip interface module. Given the relatively compact design in Ian and Dave's paper and the new chips one might even fit two or four cracking engines on a single FPGA. Either the NSA did not do thier homework in this area or they are lying. > >Now I have no problem with believing NSA would invest $7 million. However, > >$700 million makes me wonder. With FPGAs, there is a significant risk that > >people will change the crypto system and make the investment worthless. > >(Which, I guess, is why they prefer general purpose computers.) However, > >if they can get the equivalent of a few bits of key back by cryptanalysis, > >then they knock the costs down to entirely reasonable (for them) levels. > > An FPGA is field-programmable. (FPGA = Field Programmable Gate Arrays) The > Xilynx and Altera lines of FPGAs could be reconfigured for other > algorithms, surely. (I recall several preliminary designs discussed in > various places.) There are two types of FPGAs, one is based on anti-fuse technology which is essentially a big complicated PROM, but the Xilinx FPGAs use SRAM to configure the interconnections between logic elements. The newest line from Xilinx, the XC6000 series has the capability to be reconfigured either partially or completely from an on-chip cache in 5 ns. That is five nanoseconds and you have a completely different piece of virtual hardware. If the configuration is loaded through the slowest I/O port on the chip it only takes 200 microseconds. Even if the encryption algorithm is secret these chips open up interesting posiblities for developing general-purpose cryptanalysis machines. [Hmm, there may be a paper in there... "Evolving A General-Purpose Cryptanalysis Engine"...] What is even better from the perspective of the NSA accountants is that they only need to build the machine _once_, after that they just load up a new set of interconnections and now the DES cracker is an IDEA cracker. Add to this the fact that the XC6000 series were designed to be built cheaply in large quantities (the Xilinx rep figures the price will get down to $29/chip in 5K lots for the samples he was passing around and he is a wafer guy and not marketting droid so this may be reasonably accurate.) If anything, the Blaze, et many als. paper _underestimated_ the cost of a FPGA hardware cracking engine, particularly if you amortize the savings FPGAs give over the long term with thier almost limitless flexibility. jim From WlkngOwl at unix.asb.com Wed Jul 31 05:23:11 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 31 Jul 1996 20:23:11 +0800 Subject: G7 Anti-Terrorism Reports [BRIEF] Message-ID: <199607310938.FAA19962@unix.asb.com> On 30 Jul 96 at 18:47, Jonathan M Summers wrote: > Cypherpunks: > > At 1735 CDT on Tuesday, July 30, 1996, CNN Atlanta during World News > Tonight reported (in a _very_ brief flash) several "resolutions" adopted > by the Group of Seven (G7) trade meeting in Paris. > > At the bottom of the list of resolutions was to "prevent terrorist from > using the Internet" (quote from CNN anchorwoman). The Pacifica Report noted 'more controls on the Internet' and controlling the use of encryption, but didn't discuss this at length. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Wed Jul 31 05:39:16 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 31 Jul 1996 20:39:16 +0800 Subject: Paranoid Musings Message-ID: <199607310938.FAA19959@unix.asb.com> On 30 Jul 96 at 11:13, Bill Frantz wrote: [..] > (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? Differentiate between the cipher and the key-initialization. There may be a flaw in how the key is set up that can make brute-force searches easier. Known plaintext of a few headers may also help in guessing the s-box state, even if partially: combined with flaws in the key, this could be exploited, especially if one has a lot of experience and computing power handy. [..] > (2) What did Microsoft give up to export its crypto API? > > Well, if you were a TLA, what would you want. I think I would want an > agreement to be able to insert my own code in that vendor's products. Then > I would be able to have widely distributed Trojan horses signed by the > vendor. I would have the opportunity to significantly weaken standardized > crypto systems installed world wide. Risky. Code can always be reverse engineered. If a flaw is exploited in too-strong an algorithm (3DES and 4k-bit RSA keys, for instance) to prosecute various people, somebody might notice. If US companies seem to magically have proprietary info from foreign companies, this would also be a sign of suspicion. I think the C[r]API will be used as a form of mandating GAK instead. Rob > > > Conspiracy theorists, start your mailers. > > > ------------------------------------------------------------------------- > Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting > (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. > frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA > > > > --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Wed Jul 31 07:14:35 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 31 Jul 1996 22:14:35 +0800 Subject: Blaming the Internet for Terrorism Message-ID: <199607311115.HAA20411@unix.asb.com> This comes from today's (Wed. July 31) LI Newsday, though the byline is the AP: "Bombing Becoming All Too Popular" The Associated Press Washington - The number of Americans attacking and attempting to attack each other with bombs each year has nearly doubled this decade. For every Olympic park or Oklahamo City tragedy, police report dozens of foiled attempts where death and destruction are narrowly averted. [..] The rapid escalation poses a vexing problem for law enforcement. Unlike international terrorists with recognized agendas, these culprits are most often low-profile operators plotting in the privacy of back yards, garages and basements with easily obtained materials and simple instructions straight off the Internet. [..] In 1989, there were 1,699 criminal bombings attemted or carried out nationwide. By 1994, the last year with complete figures, the number has risen to 3,163, according to the Bureau of Alcohol, Tobacco, and Firearms. Local cases, which seldom make national headlines, demonstrate the breadth of the threat. [Examples follow...only one names the Internet:] In Baton-Rouge, La., an 18-year-ooold dropout and two friends were indicted this month for stealing bomb-making materials from two high-school chemistry labs, Court records allege the three plotted to blow up a train returning the young woman's parents from vacation to get insurance money, and had followed a terrorist handbook published on the Internet. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From alanh at infi.net Wed Jul 31 08:06:59 1996 From: alanh at infi.net (Alan Horowitz) Date: Wed, 31 Jul 1996 23:06:59 +0800 Subject: A Libertine Question In-Reply-To: <01BB7E76.400794E0@jubois3.mbaynet.com> Message-ID: On Wed, 31 Jul 1996, j ubois wrote: > adjust your attitude with their billy club.*** > > Sounds consistent and rational to me. Another 60's leftover. It's almost August, go to your Rainbow Family gathering. Do be careful, there are warrant checks on many of the incoming roads. Isn't it _so_ unjust, you're going to be held accountable for your deeds. From usura at replay.com Wed Jul 31 08:27:27 1996 From: usura at replay.com (Alex de Joode) Date: Wed, 31 Jul 1996 23:27:27 +0800 Subject: crypto CD source Message-ID: <199607311213.OAA19633@basement.replay.com> In article <16689.9607301944 at exe.dcs.exeter.ac.uk> you wrote: : Some time ago on the list there was some discussion of putting : together a CD full of cryptographic software and reference material. : Nothing came of it, but I think several people expressed an interest, : for those of you who were interested, take a look at: : http://www.sevenlocks.com/ [..] : They have a large supply of crypto software available on-line as well. : (No mention of ITAR on their software down load pages (78 Mb of : security related software they claim), and it looks you could download : the lot even if you weren't in the US). ftp.replay.com has 220 Mb of crypto software available for download at no charge .... bEST Regards, -- Alex de Joode | Replay IP Service & Web DZign -- The Netherlands usura at replay.com | http://www.replay.com mailto:info at replay.com From jya at pipeline.com Wed Jul 31 08:43:02 1996 From: jya at pipeline.com (John Young) Date: Wed, 31 Jul 1996 23:43:02 +0800 Subject: Crypto Law and Veincheck Message-ID: <199607311222.MAA14643@pipe5.t1.usa.pipeline.com> http://www.ispo.cec.be:81/ispo/lists/ispo/0464.html ---------- European Crypto Law information sources Robert Horvitz (horvitzr at omri.cz) Tue, 21 May 1996 13:22:59 +1GMT Reply to aadamski at cc.uni.torun.pl (Andrzej Adamski) who said: My name is Andrzej Adamski, I'm from Poland, Nicolas Copernicus University . I would be very grateful for getting hints where to find information on the current EU encryption policy/ legislation. What about present developments in the area of the European infrastructure of pubic (sic) key look like? ------------------------------------------------------------ Adam, the best place to start your research is at the "Cryptography in Europe" website: http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html To see the wider context, visit the "Crypto Law Survey" website created by Bert-Jaap Koops in the Netherlands, at: http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm The EU and EC seem likely to cave in to pressure (blackmail?) from the American spy agencies and impose "back doors" on any strong encryption package. Unless Europeans stand up and insist that privacy of communication is an essential human right. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Horvitz, International Coordinator, OSI Internet Program Motokov Building - Room 518, Na Strzi 63, 140 62 Praha 4, Czech Rep., tel 42 2 6114-2751, fax 6114-2750, email horvitzr at omri.cz ---------- For more on cryptography and encryption, see the IPO search page at: http://www.ispo.cec.be/topic/simple.html As an example, for artful use of crypto, see the "veincheck" proposal at: http://www.ispo.cec.be:81/ispo/lists/ispo/0252.html Social Applications of Biometrics Joe Rice (joerice at innotts.co.uk) Tue, 26 Mar 1996 21:28:20 -0800 I would welcome some input to shape the following IT technology. The technology is a physiological biometric based upon the detection and comparison of subcutaneous blood vessels, essentially bar-code reading of people. From nobody at cypherpunks.ca Wed Jul 31 09:19:09 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Thu, 1 Aug 1996 00:19:09 +0800 Subject: New Clinton (anti-) Encryption Policy nnn Message-ID: <199607311128.EAA03330@abraham.cs.berkeley.edu> > CLINTON ADMINISTRATION FACT SHEET: U.S. CRYPTOGRAPHY POLICY (Industry, > international cooperation urged) > Following is the text of the fact sheet: kersnip > Militia groups advise their members to use encryption to hide illicit > weapons, financial, and other criminal activities. Using encryption to hide illicit weapons? I think somebodys been watching too much TV. VR Troopers Transform!! From tqdb at daffy.fn.net Wed Jul 31 09:40:20 1996 From: tqdb at daffy.fn.net (TQDB) Date: Thu, 1 Aug 1996 00:40:20 +0800 Subject: fbi, crypto, and defcon In-Reply-To: Message-ID: > Date: Tue, 30 Jul 1996 17:31:25 -0400 > From: Stephen Cobb > To: cypherpunks at feist.com > Subject: Re: fbi, crypto, and defcon > Okay, so their boss is part of the law making process, subject to the checks > and balances that exist between the three branches of US government. They > are in a position to supply their boss with data and I am personally > impressed with their grasp of some of that data (it sounds to me like they > are telling their boss that hackers like the ones at Defcon are not the > problem). I think what they are really saying is that they would love to bust most hackers, but since they can't they might as well use some of them to catch the bigger fish. If they truly did believe in the laws they are supposed to uphold they wouldn't associate with hackers (who commit computer crimes) at all. > All of us who have some understanding of these issues need to do our best to > educate the public and the politicians, even if we have to start from the > "See Jane hack" level (pun intended). Otherwise dumb laws will be passed and > then we will have to engage in mass civil disobedience (which I have > personally done in the past). Stopping bad laws from becoming law is a lot > easier than overturning them later. This is exactly one good reason for having additional support for our Hack The Lies (HTL) project. Besides spreading truthful and factual information to the public, we recognize that the government definately could use its share of help from people who know what they are talking about. .TQDB From root at deimos.ceddec.com Wed Jul 31 10:17:01 1996 From: root at deimos.ceddec.com (Tom Zerucha) Date: Thu, 1 Aug 1996 01:17:01 +0800 Subject: www.anonymizer.com In-Reply-To: <199607260639.XAA21189@toad.com> Message-ID: One further note is that some servers insist on having the Client identify itself as "Mozilla" or some other Big Browser sponsored tag. And there may be trademark problems if you try to use one. I suppose you could do: Client: Mozilla 30b5 is a trademark of Netscape and see if it lets you through (much as earlier mouse drivers said "This is not Copyright 19xx Microsoft" with the copyright notice the correct displacement in the driver). zerucha at shell.portal.com finger zerucha at jobe.portal.com for PGP key From gbroiles at netbox.com Wed Jul 31 10:27:40 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Thu, 1 Aug 1996 01:27:40 +0800 Subject: A Libertine Question Message-ID: <2.2.32.19960731130157.0069c420@mail.io.com> At 04:50 PM 7/30/96 -0700, Mike Duvos wrote: >Alan Horowitz writes: >> On Mon, 29 Jul 1996 jbugden at smtplink.alis.ca wrote: >> >> > Think of how many of our laws are being enacted that tacitly make being >> > poor or indigent a crime. >> >> Horseshit. This is a poorly-disguised re-tread of one of the standard >> lines of the Patrice Lumumba University brand of leftist agitprop. > >Here in Seattle, we have an city attorney who specializes in creating >ordinances to annoy and harrass the underclass, often paving new roads >over former civil liberties in the process. The process of regulatory torment of homeless folks is divisible into two methods: restriction of anonymous behavior (e.g., travel, public speech, business transactions), and restriction of behavior to property-owners (sleeping, eating, assembly, recreation). The former is or should be disturbing to crypto-anarchy friendly folks because it limits the ability of every person to travel or make purchases or otherwise engage in economic activity anonymously. The latter should be disturbing to crypto-anarchy friendly folks because of the relationship between physical presence and regulatory jurisdiction - a government which requires you to establish your relationship to something valuable within its jurisdiction (like a car or real estate) before allowing you to exercise human/economic rights effectively establishes its ability to regulate you by seizing or otherwise burdening your relationship with your possession. In practice, the no-anonymity requirement is frequently conflated with the latter, in that demonstrating your relationship to valuable property implies susceptibility to punishment (and/or sufficient socialization/indoctrination) and long-term presence for later enforcement, such that a request for identification (with corresponding dossier check for previous instances of "antisocial" behavior) is likely to be unnecessary or penologically nonproductive. Which is a long way to say that street cops don't usually torment people with nice cars and/or houses, so those folks don't need to be so concerned about making sure their "papers" are "in order". So the unconstitutional and oppressive character of the various laws Mike Duvos refers to is mitigated by their lack of evenhanded enforcement. If a cop can demand ID from someone who "looks like he doesn't belong here" he can demand it from you. (modulo driving, this isn't legal. But give Justice [sic] Rehnquist and Clinton and random congressional maniacs a few more years and see where things stand.) Both requirements are reducible to the notion that a person must be punishable before they may act - in the extreme case, a person must be punishable before they will be allowed to exist. I find it very difficult to harmonize this position with the idea that governments exist to serve people, not the other way around. But maybe I just don't have my head right. Because homelessness itself is not inherently problematic (or easily distinguishable from "legitimate" activity), it's difficult to define it as a crime beyond Mr. "strong libertarian [sic]" Horowitz' "threat to public order and decorum". Cities have learned to regulate everyday activities since those are the only ones they're certain homeless people will engage in. Police officers have, in general, the good sense to avoid applying these regulations to people who look like they don't present a threat to "public order and decorum". Today those laws are applied to people who may smell bad and don't want traditional jobs. Tomorrow they may be applied to people who won't use only government-approved crypto or who want to defend themselves with guns or other weapons. And just as some people "don't have a right to live in Seattle" if they won't toe the line, other people may find they "don't have a right to live in the United States." * (* Other people (apparently not "strong libertarians") buy into all of that suspicious crap about the Bill of Rights and people being allowed to be themselves even if other people find it upsetting or non-decorous. But they probably don't appreciate how difficult it is to be a policeman, so we'll just ignore them, they're probably leftists. If they don't like how things go here, they can just get the hell out, hmm? Banning T-shirts with crypto code printed on them - that's one thing. But banning ratty old T-shirts that haven't been washed is totally different.) The regulation of ordinary social and economic activity is not a "homelessness issue", it's a "freedom issue". If you admit that it can legitimately be regulated but reassure yourself with your trust in the discretion and good judgement of the regulators, your liberty is more a matter of grace than of right. Have a nice day. -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From frissell at panix.com Wed Jul 31 11:46:38 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 02:46:38 +0800 Subject: Smart cards "a giant leap backwards" - Canadian Privacy Commissioner Message-ID: <2.2.32.19960731151218.0086fed0@panix.com> At 02:23 PM 7/30/96 -0400, Richard Martin wrote: >Very little that might be new or enlightening to the world; attendees >of CFP '96 will remember [fuzzily, in my case] the closest thing to >Bruce's counterpart in the states admitting that the USA doesn't actually >have much of a counterpart to the privacy commissioner. Most Central European countries have both privacy commissioners and legal requirements that everyone register their addresses with the police. I'll do without the former if I can also avoid the latter. DCF From dkline at well.com Wed Jul 31 12:00:17 1996 From: dkline at well.com (David Kline) Date: Thu, 1 Aug 1996 03:00:17 +0800 Subject: Dry Under the Waterfall In-Reply-To: <199607302312.QAA28523@netcom6.netcom.com> Message-ID: This is apparently some kind of list. Please take me off it. Thanks. From jya at pipeline.com Wed Jul 31 12:01:53 1996 From: jya at pipeline.com (John Young) Date: Thu, 1 Aug 1996 03:01:53 +0800 Subject: G7T_err Message-ID: <199607311507.PAA03675@pipe5.t2.usa.pipeline.com> Excerpts of four reports on the G7+1 antiterrorism meet in Paris: WSJ: + Mass Transport: The International Civil Aviation Organization will implement new standards for bomb detection at domestic and international airports. The eight nations will jointly develop standards for more detailed and accurate passenger and cargo lists, as well as new vehicle-identification tagging methods to make car-bombing investigations easier, U.S. officials said. + Information Sharing: The U.S Federal Bureau of Investigation will lead an effort to develop an international forensic database. The FBI offered to share certain computer records with the other seven countries. + Wiretapping and Internet: The eight countries said they would develop new lawful means to intercept communications among terrorists. They agreed to study how to prevent the Internet from becoming a tool for planning and executing terrorist events. + Explosives Tracing: The U.S. will share its research on new technologies to trace the origin of explosive devices U.S. officials said, and will push for international use of such technologies if they are found to be workable. + Other Measures: Controlling trade in certain weapons and chemicals financing of terrorist organizations and forgery of travel documents also will be studied. WaPo: The 25-point plan calls for close cooperation in formulating a range of security measures, including tightened controls on firearms and explosives; prevention of terrorist communications on the Internet; improved bomb detection methods at airports; and interdiction of terrorist groups' financial resources. They also called for the expediting of extradition procedures and faster exchanges of information on terrorist activities, including any use of chemical, biological or nuclear materials. Details on all 25 points were left for law enforcement and forensic experts to work out, with deadlines for finalization of specific measures set for 90 days to six months. FiTi: Among the measures agreed in Paris were an accelerated programme of research designed to find ways to mark explosives so their origin could be identified after a blast; the development of ways to prevent terrorists using electronic or wire communication systems, including the Internet and tougher sentences. The ministers also called for investigations into organisations with social, charitable and cultural goals which were abused by terrorists; restrictions on asylum- seeking by those who had committed attacks or were suspected of planning or funding them; and more effective border controls and extradition procedures. NYP: The details were not all made public today, but the measures the officials agreed to draft included devising methods to monitor terrorist attempts to communicate over the Internet; developing standards to make it easier to trace the origin of explosives used in terrorist bombs and cracking down domestically on the manufacture, sale, transport and export of explosives and firearms. ---------- For extensive background, links to related sites and latest information on the G7 series of meetings see: http://www.diplomatie.fr/actual/g7lyon/index.gb.html ---------- For today's four full reports: http://jya.com/g7terr.txt (20 kb for 4) G7T_err From frissell at panix.com Wed Jul 31 12:06:54 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 03:06:54 +0800 Subject: A Libertine Question Message-ID: <2.2.32.19960731151242.0087632c@panix.com> At 06:01 AM 7/31/96 -0700, Greg Broiles wrote: >Which is a long way to say that street cops >don't usually torment people with nice cars and/or houses, so those folks >don't need to be so concerned about making sure their "papers" are "in >order". Most demands for ID and conformations with police involve the operation of motor vehicles. I have never been "IDed" except at border crossings and when I was operating motor vehicles. Clean and dressed up people are rarely IDed on foot. Maybe you should mention some of the specific practices in Seattle that disturb you. >So the unconstitutional and oppressive character of the various laws >Mike Duvos refers to is mitigated by their lack of evenhanded enforcement. >If a cop can demand ID from someone who "looks like he doesn't belong here" >he can demand it from you. (modulo driving, this isn't legal. But give >Justice [sic] Rehnquist and Clinton and random congressional maniacs a few >more years and see where things stand.) Or flying on a commercial flight. So far, prosecutions for "failure to possess ID" have not succeeded. You *can* be prosecuted for failure to identify yourself (which is *not* the same thing). The Philadelphia airport was allegedly requiring *two* pieces of ID for flights. If they are talking about two pieces of photo -- government-issued ID, I wonder where the 80% of Americans without a Passport (x the 90% of Americans who are not government employees) get the second piece of ID. [Is it a violation of something if you Heil Hitler od Sieg Heil the airline clerk when they ask to see your ID. It's not a threat, it's an expression of honor.] >with guns or other weapons. And just as some people "don't have a right to >live in Seattle" if they won't toe the line, other people may find they >"don't have a right to live in the United States." * The Supremes outlawed exile as a punishment in a case during the 1950s. Said it was cruel and unusual punishment. Guess it's OK to execute people but not deprive them of having a government. DCF "If the security guard did it in Atlanta, that will be the second US Olympics in which the only 'terrorist incident' was perpetrated by a security person. I guess we should outlaw security at such gatherings to prevent terrorism." From reagle at rpcp.mit.edu Wed Jul 31 12:12:50 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Thu, 1 Aug 1996 03:12:50 +0800 Subject: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96 Message-ID: <199607311533.LAA05116@mccannerick-bh.mccann.com> >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha. >Tacoma, Washington, has just gained the distinction of being the >only municipality in the United States to tax Internet Access >providers (IAPs) like telephone service providers. > >The city of Tacoma has extended its six percent gross receipts tax on >telecommunications services to include Internet services, Information >Technology Association of America (ITAA) spokesperson Bob Cohen >told Newsbytes. > >"IAPs use telephone lines to provide consumers with the `on-ramp' >access to the Internet," Cohen told Newsbytes. "Since consumers and >providers already pay taxes on basic telephone service," Cohen said, >"the new Tacoma tax would amount to double taxation, applying to >both the telephone service and the content transmitted over the >telephone line." > >Cohen said ITAA has called on Tacoma Mayor Brian Ebersole to rescind >the new tax, saying that "excessive regulation and taxation will >change the fundamental nature of this new medium (the Internet)." > >In urging the mayor to stop the city's attempt to impose a tax on >the IAPs, ITAA President Harris N. Miler said that "Tacoma will be >hurting both the Internet and its own economic future." > >Miller told Newsbytes that the tax will mean "a loss of profits >to Tacoma-based IAPs, as well as a paperwork nightmare which may >drive companies out of business. IAPs doing business in Tacoma will >be at a competitive disadvantage to their competitors in other >municipalities." > >Miller noted that the tax regime could cause Tacoma-based IAPs to >move to other jurisdictions, "taking the jobs they provide, and the >taxes they currently pay, with them. They (IAPs) may also decide not >to provide service to Tacoma residents rather than deal with the >administrative nightmare of complying with the new tax regulations," >Miller said. > >If other cities attempted to follow Tacoma's lead in taxing IAPs, >Miler said, it could cause the "Balkanization of the Internet, a >hodgepodge of confusing, conflicting, and difficult to administer >Internet tax rules and regulations. > >Miller also hinted that the tax could inadvertently be in violation >of international tax treaties. > >"To begin taxing at the local level before it is clear what the >impact will be on industry and the public in general is bad public >policy," Miller said. > >(19960730/Press Contact: Bob Cohen, Information Technology >Association of America, 703-284-5333, Internet e-mail bcohen at itaa.org) > > > _______________________ Regards, There are no facts, only interpretations. -Friedrich Nietzsche Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From vinnie at webstuff.apple.com Wed Jul 31 12:20:56 1996 From: vinnie at webstuff.apple.com (Vinnie Moscaritolo) Date: Thu, 1 Aug 1996 03:20:56 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: here is something my girlfriend sent me the other day, after reading the Klinton-Antifreedom/terror news Setting: Germany in the late 30's. Quote from "Stones from the River", by Ursula Hegi. I think this rings true for our country today. The tragic reality is that the majority of people have simply forgotten the urge to question what they read in the news. "The people of Burgdorf went to parades and speeches--some because they genuinely believed in their leaders; others, because not to go would call attention to themselves. Most practiced the silence they were familiar with, a silence nurtured by fear and complicity that would grow beyond anything they could imagine, mushrooming into the decades after the war which, some began to fear, was about to happen. To justify this silence, they tried to find the good in their government or fled into the mazes of their own lives, turning away from the community. They knew how not to ask questions; they had been prepared for it by government and church. Over the years, they had forgotten that early urge to question." Vinnie Moscaritolo http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A ------------------ "And someone said Hey man did ya see that? His body hit the street with such a beautiful thud.. I wonder if he knew what he was getting into... Or was he just lost in the flood?" From jimbell at pacifier.com Wed Jul 31 12:49:27 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 1 Aug 1996 03:49:27 +0800 Subject: FPGAs and Heat (Re: Paranoid Musings) Message-ID: <199607311609.JAA16248@mail.pacifier.com> At 02:14 AM 7/31/96 -0800, Jim McCoy wrote: >The interconnection problem has also been solved in this chip series. [A >long-standing problem with FPGAs is that there were generally a limited >amount of "wires" running between the logic elements and thus a lot of cells >were wasted because there were no interconnections left, I/O to the outside >world was also a problem.] The chip has a really cool interconnection method >which allows a much more efficient use of the chip real estate and which >makes the entire chip directly addresable (like regular RAM) through an >on-chip interface module. Given the relatively compact design in Ian and >Dave's paper and the new chips one might even fit two or four cracking >engines on a single FPGA. However, I think it very unlikely that an organization like the NSA would bother with an FPGA to do a cracking engine. FPGA's have substantial limitations, as you alluded to above, due to the need to make them "general purpose." A non-field programmable Gate Array, a hard-wired chip, would tend to optimize the interconnections on chip including minimizing the delays, but not incur the full-custom costs such as the penalty for low volume. Jim Bell jimbell at pacifier.com From rsalz at osf.org Wed Jul 31 13:07:30 1996 From: rsalz at osf.org (Rich Salz) Date: Thu, 1 Aug 1996 04:07:30 +0800 Subject: If you have Fortezza experience Message-ID: <9607311634.AA21048@sulphur.osf.org> Please excuse the interruption. If you have experience building software that uses the Fortezza card, Murray Mazer at OSF would like to chat -- he's trying to scope out what would be involved in adding it to some WWW work for an ARPA project. (Yes, we already have the various Lock-step, etc., documents from the NSA.) Please respond to Murray directly. By way of penance for sending email to a list that I am not on, I offer a short page on exporting crypto software, http://www.osf.org/crypto-export.html, that some might find useful. /r$ From jya at pipeline.com Wed Jul 31 13:14:38 1996 From: jya at pipeline.com (John Young) Date: Thu, 1 Aug 1996 04:14:38 +0800 Subject: Geo-Politics Message-ID: <199607311620.QAA08448@pipe5.t2.usa.pipeline.com> Two articles today in WSJ and FiTi show an unpected link between geo-technology and geo-politics: One reviews the explosives sniffing technology invented by geologist Anthony Barringer for global mineral exploration -- like copper, luxury metals and oil -- but which came to have more practical utility in the antiterrorist market (the company's stock is rocketing). Even so, its best use may prove to be in discovering petroleum and other wealth of the earth. As this tech becomes more widespread, Shell has good reason to encrypt its geological logs and steganographize its governmental bribes. And, a column reviews the tie between nationalist conflicts (markets for cheap explosives) and the invention of modern states (markets for expensive munitions). How the citizenry of modern nations are united by "the need for context-free communication" that was once limited to the members of the "high culture" of pre-modern communities. And how the nationalist citizenry are adopting the cheap versions of expensive munitions of the states' high culture to get their overdue share of the earth's pie. It explores the geopolitical differences among: Ethnic community Ethnic category Nation Nation-state Nationalism ----- http://jya.com/geopol.txt GEO_pol From tcmay at got.net Wed Jul 31 13:28:00 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 04:28:00 +0800 Subject: "An who shall guard the guardians?" Message-ID: The Latin maxim "And who shall guard the guardians?" has some relevance to the headlong rush into converting the U.S. into even more of a security state than it is now. The investigation in Atlanta is now focussing on a rent-a-cop who may have planted the pipe bomb and then "discovered" it. Check the usual Web news sources for more details. Whether he is the bomber or not is not the point, which is, "who watches the cops?" A string of arsons up and down the north-south highways of California was finally shown to correlate with the travels up and down those highways (at those same times) by a Glendale arson investigator! And cases where cops have planted evidence, drugs, and guns are almost too much a part of our culture to even notice anymore. My point is not that all cops are corrupt. Indeed, I suspect that they are no more corrupt proportionately than is the general population...which is not too reassuring to me, though. ObClipper: "Who shall guard the guardians?" While the various Clipper proposals have putative safeguards to limit access, think of Craig Livingstone, a rent-a-cop the Clintons hire to work on their Enemies List. And think of the dossiers of J. Edgar Hoover. And think of Nixon. And think of what President Pat Buchanan would do with Government Access to Keys. No thanks, I'll lock my own doors. I have no plans to "voluntarily escrow" my door keys with the local cops. "Secure in one's papers and person" rings a bell, doesn't it? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ravage at EINSTEIN.ssz.com Wed Jul 31 13:41:42 1996 From: ravage at EINSTEIN.ssz.com (Jim Choate) Date: Thu, 1 Aug 1996 04:41:42 +0800 Subject: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96 (fwd) Message-ID: <199607311655.LAA05835@einstein> Hi all, Forwarded message: > Date: Wed, 31 Jul 1996 11:26:59 -0400 > From: "Joseph M. Reagle Jr." > Subject: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96 > > >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha. > >Tacoma, Washington, has just gained the distinction of being the > >only municipality in the United States to tax Internet Access > >providers (IAPs) like telephone service providers. > > Somebody needs to do their homework. Austin, TX has been taxing ISP's for at least a year now. A recent Internet Provider meeting on this issue resulted in a return to ISP's of a goodly amound of their taxes because of various issues (read that I didn't go to meeting, I don't run an ISP but a SOHO consultancy w/ Internet services). > >The city of Tacoma has extended its six percent gross receipts tax on > >telecommunications services to include Internet services, Information > >Technology Association of America (ITAA) spokesperson Bob Cohen > >told Newsbytes. I have to pay the state 8.25% interest on any funds my customers deliver to me. > >If other cities attempted to follow Tacoma's lead in taxing IAPs, > >Miler said, it could cause the "Balkanization of the Internet, a > >hodgepodge of confusing, conflicting, and difficult to administer > >Internet tax rules and regulations. Agreed. Jim Choate From proff at suburbia.net Wed Jul 31 13:44:16 1996 From: proff at suburbia.net (Julian Assange) Date: Thu, 1 Aug 1996 04:44:16 +0800 Subject: DESZIP Message-ID: <199607311701.DAA23143@suburbia.net> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjEU4rEAAAEEAOZT252f2ULHwUYi19HzJeIg3I/Pp+goO2dbJuuaQETSh0Oi P0HVro6G5rK7lFccU9dqjOJAZ8Ov2v8wvD+mt/auHBBJB7hDQsLlqJsJQlfXQVKd 4FWSdCiv4j6uMcdYZ95/OB8vIUP8rmW21idQZ9AvU9ZWYf1tx9iJtSs22Ap9AAUR tARhbm9u =jUI9 -----END PGP PUBLIC KEY BLOCK----- From tcmay at got.net Wed Jul 31 13:54:13 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 04:54:13 +0800 Subject: Photo IDs (Re: A Libertine Question) Message-ID: At 3:12 PM 7/31/96, Duncan Frissell wrote: >was allegedly requiring *two* pieces of ID for flights. If they are talking >about two pieces of photo -- government-issued ID, I wonder where the 80% of >Americans without a Passport (x the 90% of Americans who are not government >employees) get the second piece of ID. [Is it a violation of something if >you Heil Hitler od Sieg Heil the airline clerk when they ask to see your ID. >It's not a threat, it's an expression of honor.] Yeah, this "two photo IDs" is strange, given that: a. many ordinary people have only one form of photo I.D., namely, their driver's license (and many don't even have that) b. terrorists and other such persons are _very_ likely to have multiple forms of I.D., though of course not in their "true name." Hence, the policy looks ineffectual and just a sop to public relations. And just what is a "true name" for the purposes of this law, anyway? Birth name? And what is that? What about people who marry, change names, etc.? Given that there is no "standard" for photo I.D.s, will my Official Cypherpunks Card count? I can easily make my own photo I.D.s, or even order "fake I.D.s" from various mail-order outlets advertising in the Usual Places. If I show up at the airline with two photo I.D.s, one showing me to be "Security Officer Mickey Mouse" and the other showing me to be "Mickey Mouse, Internal Security Agency," will I be violating any laws? --Mickey Mouse (I just changed my name--if you don't like it, FAA, fuck off) From sandfort at crl.com Wed Jul 31 14:00:21 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 1 Aug 1996 05:00:21 +0800 Subject: SECURITY GUARD In-Reply-To: <2.2.32.19960731151242.0087632c@panix.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 31 Jul 1996, Duncan Frissell wrote: > "If the security guard did it in Atlanta, that will be the > second US Olympics in which the only 'terrorist incident' was > perpetrated by a security person. I guess we should outlaw > security at such gatherings to prevent terrorism." Geez, I hope it was the security guard. Apparently, he learned about bombs (from the prevention side, at least) from police courses, not the Internet. I'm sure such courses give attendees more than enough information to build their own devices. As per Duncan's lead, I say the government should stop spreading terrorist bomb making information via police, military and intelligence training. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at got.net Wed Jul 31 14:09:48 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 05:09:48 +0800 Subject: "adjust your attitude with their billy club" Message-ID: At 6:28 AM 7/31/96, Alan Horowitz wrote: >I am a strong libertarian. Sell crack cocaine, rent your pussy to horny >middle-aged businessmen, do any non-violent, >non-damaging-to-others-property you want, but damn well maintain public >order and decorum. Or I will scream to my councilman for the cops to >adjust your attitude with their billy club. When the local cops adjust my attitude with a billy club for dressing like a hippie and lounging around in a public place that my taxes have helped pay for, I'll remember that a "strong libertarian" said that he was doing the right thing. .... In my town, the City-State decided to crack down on the homeless by arresting people for "giving away food" in a public park. They charged the soup providers with various failures to have Health Department permits and for not having a permit to operate a restaurant, pay various fees to the City-State, and so on. I went to a City Council meeting when this was happening (1991-2) and spoke up in the public comment part of the meeting. I pointed out that the very same park at which these "food criminals" were doing their dastardly deeds in was a park at which other people and groups were cooking hot dogs and hamburgers, ladling out bowls of chili, serving potato salad, and generally "distributing food." All, of course, without benefit of licenses, health inspections, OSHA inspections, and so on. I suggested arrests of the picnic groups begin immediately, using the same exact charges used to harass the homeless helpers. The Council members, most of them leftist liberals, had no answer. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frissell at panix.com Wed Jul 31 14:13:33 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 05:13:33 +0800 Subject: Photo IDs (Re: A Libertine Question) Message-ID: <2.2.32.19960731180000.00865ea0@panix.com> At 02:56 AM 8/1/96 -0700, Timothy C. May wrote: >I can easily make my own photo I.D.s, or even order "fake I.D.s" from >various mail-order outlets advertising in the Usual Places. If I show up at >the airline with two photo I.D.s, one showing me to be "Security Officer >Mickey Mouse" and the other showing me to be "Mickey Mouse, Internal >Security Agency," will I be violating any laws? > >--Mickey Mouse (I just changed my name--if you don't like it, FAA, fuck off) They want "government-issued" photo ID. They haven't said which government have they. Time to get my Barbados driver's license. DCF From frissell at panix.com Wed Jul 31 14:14:21 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 05:14:21 +0800 Subject: "An who shall guard the guardians?" Message-ID: <2.2.32.19960731175954.0087e798@panix.com> At 02:46 AM 8/1/96 -0700, Timothy C. May wrote: > >The Latin maxim "And who shall guard the guardians?" has some relevance to >the headlong rush into converting the U.S. into even more of a security >state than it is now. Quis custodiet ipsos custodes? From blancw at microsoft.com Wed Jul 31 14:27:52 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 1 Aug 1996 05:27:52 +0800 Subject: SECURITY GUARD Message-ID: >From: Sandy Sandfort > >As per Duncan's lead, I say the government should stop spreading >terrorist bomb making information via police, military and >intelligence training. ............................................. Speaking of "security" and all the excitement about getting people's IDs (two of them), inspecting everyone's packages when they board planes, etc. -- It has been mentioned in the news that there was a warning call to 911 about 30 minutes or so before the blast. But "it didn't get to" the right people until it was too late for them to do much about it. There have been many other instances where the police or other security personnel have been been sent notice that there was a bomb or other such device to be on the alert for, but the warnings went unheeded. Or as in this case, the message "didn't get to" anyone in time. So I was thinking that it makes a joke of the need for telephone wiretapping to catch certain criminals and their dastardly plots, when warnings go unheeded or the security departments themselves are totally unprepared to respond appropriately in an emergency (also in the case of a lone pipe-bomber, there wouldn't be any conspirators making calls to coordinate the event). Furthermore, checking on the security guard's ID didn't prevent the bomb from going off and killing a couple of people. And knowing that no one's baggage in a plane contains explosives doesn't prevent some imaginative loon from using other ways to create havoc & destruction - from *outside* the plane or the building in which all those clean, examined people are sitting. Just more ironic notes on the issue of the needs of law enforcement and our "national security". .. >Blanc > > From kelli at tiger.towson.edu Wed Jul 31 14:43:02 1996 From: kelli at tiger.towson.edu (Zorak Ramone) Date: Thu, 1 Aug 1996 05:43:02 +0800 Subject: ANNOUNCE: 2nd trip to National Cryptologic Museum Message-ID: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The DC Cypherpunks are pleased to announce our second (annual?) National Cryptologic Museum Field Trip (and lunch) Featuring a talk on the Enigma cipher Co-sponsored by DC-SAGE -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What: A gathering of folks at the National Cryptologic Museum for a day of exploration, education, and general schmoozing. Who: Cypherpunks, coderpunks, crypto enthusiasts, computer nerds, crypto liberationists/crypto anarchists, system administrators, political activists, hackers, rug-chewing wannabes, and Digex employees. Not forgetting Feebs, Case Officers, ATF Agents, and Counter-Intel Specialists. When: Saturday, August 10, 1996, 11am Where: The National Cryptologic Museum, Ft Meade, MD (just outside Washington DC, about 1/2 hr from Baltimore) Why: To give us a chance to catch up on things in a relaxed and stimulating environment, as well as give those who didn't get to come along last time a second try. General Information: The National Cryptologic Museum is located on Ft. Meade (NSA National Headquarters) and is dedicated to educating the public about the history of cryptography. The majority of the museum's exhibits pertain to cryptanalysis during WWII, with special attention given to the Enigma system. Immediately following the museum tour, which may take approximately 1 hour, a talk on Enigma will be given by cryptographer Carl Ellison (cme at cybercash.com). The talk will take place in the museum's conference room. Following the lecture, we will be going over to Henckles (10 minutes from the museum), a local resturaunt reported to be a favorite hangout for NSA employees. Henckles has amazing sandwiches as well as good beer on tap. Further information on the National Cryptologic museum, as well as a pretty good map to the museum can be found on their web site at URL http://www.nsa.gov:8080/museum/. If you would like more information about DCCP, please see our web page at http://www.isse.gmu.edu/~pfarrell/dccp/index.html. Otherwise, you can send email to Kathleen Ellis (auntie at thunderdome.goucher.edu). This year's gathering promises an even greater attendance than last year's, and we anticipate a great time for everyone. Please post this announcement anywhere you feel relevant and invite some friends along! DIRECTIONS: The following is adapted from the NCM web page. If you're coming from ... Baltimore, MD Take the B/W Parkway (Rt. 295) South towards Washington, D.C. Exit at Rt. 32, heading towards Ft. Meade. Before you reach the first light, make a left onto Colony 7 Rd. Go past the Shell station to reach the Museum. Washington, D.C. Take the B/W Parkway (Rt. 295) North towards Baltimore. Take the exit for Rt. 32. When you reach the light at the end of the exit ramp, make a left, towards Columbia. Take the first right, onto Colony 7 Rd. Go past the Shell station to reach the Museum. Annapolis, MD Take Rt. 32 towards Columbia. Go past NSA, and take the first right after Canine Rd., onto Colony 7 Rd. Go past the Shell station to reach the Museum. Laurel, MD Take Rt. 198 towards Ft. Meade. Make a left onto Rt. 32, heading towards Columbia. Go past NSA, and take the first right after Canine Rd., onto Colony 7 Rd. Go past the Shell station to reach the Museum. Columbia, MD Take Rt. 32 towards Annapolis. Take the first left after crossing the B/W Parkway (Rt. 295) onto Colony 7 Rd. Go past the Shell station to reach the Museum. From nv89-pla at nada.kth.se Wed Jul 31 14:48:34 1996 From: nv89-pla at nada.kth.se (nv89-pla at nada.kth.se) Date: Thu, 1 Aug 1996 05:48:34 +0800 Subject: Taxes in the digicash world Message-ID: <199607311815.UAA29119@mail.nada.kth.se> Jim Bell wrote: > If, for every $1 somebody paid in taxes, he instead (or, in addition to) > paid 10 cents to a fund to eliminate the tax collectors, at the end of that > year he wouldn't be paying any taxes anymore. That's why AP will work so well. > > > Jim Bell > jimbell at pacifier.com > Isn't getting rid of the tax collectors a public good? If I pay money to this fund, everyone will benefit (assuming getting rid of the tax collectors is good). -Peter From koontz at netapp.com Wed Jul 31 14:53:09 1996 From: koontz at netapp.com (Dave Koontz) Date: Thu, 1 Aug 1996 05:53:09 +0800 Subject: CPC_ode Message-ID: <9607311801.AA02720@lada> thanks From jya at pipeline.com Wed Jul 31 15:31:58 1996 From: jya at pipeline.com (John Young) Date: Thu, 1 Aug 1996 06:31:58 +0800 Subject: Lords Boost Robust Crypto Message-ID: <199607311815.SAA01412@pipe2.t2.usa.pipeline.com> A positive excerpt from UK's House of Lords's July 23 lengthy, thoughtful report on the information society: http://www.hmsoinfo.gov.uk/hmso/document/inforsoc/ch5.htm#5.92 5.92 The US Government's restrictions on exporting software from the USA which includes high levels of encryption is threatening to become a major barrier to the development of the information Superhighways, which is in no-one's interests. The Government must join with other EU Member States in putting pressure on the USA to relax its restrictions on the export of encryption technology. Thanks to Mark Gould on Cyberia-L, see the full report at: http://www.hmsoinfo.gov.uk/hmso/document/inforsoc.htm INFORMATION SOCIETY: AGENDA FOR ACTION IN THE UK From pjn at nworks.com Wed Jul 31 15:38:45 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Thu, 1 Aug 1996 06:38:45 +0800 Subject: fbi, crypto, and defc Message-ID: >At this year's DefCon (last weekend), there were two speakers from the >recently created FBI San Francisco Computer Crime division. they were there >as spokesmen for the FBI, but people could talk to them later and ask any >questions they liked, and "the answers may surprise you". Evidence that >maybe some goons really do have a clue, but are still too afraid to do >anything about it... //cerridwyn// Since they were speakers, could they be part of the Spot The Fed contest? P.J. pjn at nworks.com ... Can not read right brain: bort etry rolic ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Wed Jul 31 15:49:41 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Thu, 1 Aug 1996 06:49:41 +0800 Subject: WaPo on Crypto-Genie Message-ID: > ... I've unsubscribed ... In> Door. Ass. Bump. Just be happy :) P.J. pjn at nworks.com ... Press any key ... EXCEPT THAT ONE! ___ Blue Wave/QWK v2.20 [NR] From drosoff at ARC.unm.EDU Wed Jul 31 15:59:19 1996 From: drosoff at ARC.unm.EDU (David Rosoff) Date: Thu, 1 Aug 1996 06:59:19 +0800 Subject: You know it's getting late when... Message-ID: <1.5.4.16.19960731180321.3c17237e@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 10.41 AM 7/30/96 -0800, jim bell wrote: >If anyone out there still doubts that the time for my "Assassination >Politics" idea will never come, I claim that it's later than you think. No, I'm fairly sure that it will never come. :) =============================================================================== David Rosoff (nihongo ga sukoshi dekiru) ---------------> drosoff at arc.unm.edu PGP public key 0xD37692F9 -----> finger drosoff at acoma.arc.unm.edu or keyservers 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Is it a forgery? --- I have PGP signed all email and news posts since May 1996. =============================================================================== "Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMf7oEBguzHDTdpL5AQHOPgP+PAHGvrHhQ9SBTY76dA9gYEflvGHqXKJx /NwFn+kwg/ZHxIcyYXdiLWmKIMmEuUMxyPfJaZ/OVhqqEUGqU11LpviflJp1u42B eNoMaugwybfaB3XM+k3WKieJB3Fekj29bYHXuhD1h9VNndTeX016MtR/rHeEM43u oCjX2BrjDsQ= =R+wB -----END PGP SIGNATURE----- From tcmay at got.net Wed Jul 31 16:16:19 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 07:16:19 +0800 Subject: ANNOUNCE: 2nd trip to National Cryptologic Museum Message-ID: At 5:15 PM 7/31/96, Zorak Ramone wrote: > Following the lecture, we will be going over to Henckles (10 minutes >from the museum), a local resturaunt reported to be a favorite hangout for >NSA employees. Henckles has amazing sandwiches as well as good beer on tap. Jeez, first they tap our phones, and now they're tapping our beer! --Klaus From drosoff at ARC.unm.EDU Wed Jul 31 16:18:06 1996 From: drosoff at ARC.unm.EDU (David Rosoff) Date: Thu, 1 Aug 1996 07:18:06 +0800 Subject: Violation or Protection? [OLYMPICS] Message-ID: <1.5.4.16.19960731180315.3c17b63c@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- I don't have any crypto references, but due to the Libertarian overtones on this list I believe it is on-topic enough. On the local news I saw footage of a couple schmoozing in the Olympic (Centennial?) Park after its reopening. The voice-over said that all bags are being searched, and the couple said that rather than be alarmed or nervous, they "appreciated" it. I'm not quite sure what to think about this. I don't have enough experience to form a well thought-out opinion. I'd like to hear some of everyone's thoughts on this: Is this bag-searching a violation, (which was my immediate reaction) or is it not, because you have to already be going into the controlled area to get searched? Thanks for your help. =============================================================================== David Rosoff (nihongo ga sukoshi dekiru) ---------------> drosoff at arc.unm.edu PGP public key 0xD37692F9 -----> finger drosoff at acoma.arc.unm.edu or keyservers 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Is it a forgery? --- I have PGP signed all email and news posts since May 1996. =============================================================================== "Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMf7oqBguzHDTdpL5AQEtkQP8DjGWrL2n4V0C+Uz+S2adprh3QlXpEBhj xQEPH70mTIYT/iNSvuPQqWtmedlssa0f2A+ziAGPV/DFGTQnACflgcSy3okZVq64 QeuAYx3sDk230FI5vOKXwMPZt3cGwaaVpLwZhc1MkjuSgZwkE9T39JlS1worPGNQ iGkZ8Bp2ZlY= =FEjP -----END PGP SIGNATURE----- From frissell at panix.com Wed Jul 31 16:18:18 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 07:18:18 +0800 Subject: WaPo on Crypto-Genie Terrorism Message-ID: <2.2.32.19960731183622.008599f8@panix.com> At 08:17 AM 7/31/96 -0800, Vinnie Moscaritolo wrote: >"The people of Burgdorf went to parades and speeches--some because they >genuinely believed in their leaders; others, because not to go would call >attention to themselves. Most practiced the silence they were familiar >with, a silence nurtured by fear and complicity that would grow beyond >anything they could imagine, mushrooming into the decades after the war >which, some began to fear, was about to happen. The Nets sure haven't been silent, however. Tyranny is tougher these days. DCF From hua at chromatic.com Wed Jul 31 16:29:10 1996 From: hua at chromatic.com (Ernest Hua) Date: Thu, 1 Aug 1996 07:29:10 +0800 Subject: New Clinton (anti-) Encryption Policy nnn In-Reply-To: <199607310252.TAA21457@infinity.c2.org> Message-ID: <199607311807.LAA08708@server1.chromatic.com> > It is for these reasons that we oppose the legislation (S. 1726) > introduced in this Congress by Senator Burns and co-sponsored by > Senator Lott and former Senator Dole. ^^^^ ^^^^ Me thinks this is an attempt to associate this bill with the Republicans ("the other party did it!"). > the bill is unbalanced and makes no effort to take into account ^^^^^^^^^^^^^^^^^^^^^^ Another P.O.S. rhetoric. ("emerging concensus", etc ...) > The administration's proposed approach is broadly consistent with > industry suggestions and the conclusions reached by the National > Academy of Sciences in its report. Amazing! Then why did the report conclude that key escrow should NOT be forced upon the unsuspecting public? > (We do not agree with the report's recommendation that we eliminate > most controls on 56-bit key length products.) Obviously. Why? I find this level of pure and arbitrary assertions very distasteful. If one can get away with making random assertions, then one is not really responsible to the American public. > Finally, we agree that key escrow is a promising but not fully > tested solution, and are promoting the kinds of testing the report > recommends as a way of demonstrating the solution's viability while > providing stronger encryption internationally. Yes, let's force the public to test it for us. Which is what the report recommended AGAINST. Of course, once it is in place, it is the standard. Oh my god! How did THAT happen? > We will continue discussions with industry, other members of the > private sector, the Congress, and governments at all levels to > arrive at a solution that promotes a future of safe computing in a > safe society. Bull shit. Every discussion has been: "Key escrow?" "NO!" "Key escrow?" "NO!!" "Key escrow?" "NO!!!" "Key escrow?" "NO!!!!" ... > Supporters of the bill and administration officials opposed to it > differed not only about interpreting the facts but also about the > facts themselves. THERE is an understatement if I ever heard one ... Sick of this P.O.S. Ern From gcg at pb.net Wed Jul 31 16:37:22 1996 From: gcg at pb.net (Geoffrey C. Grabow) Date: Thu, 1 Aug 1996 07:37:22 +0800 Subject: Secure drive under Win95... a better way. Message-ID: <2.2.32.19960731195620.0068a8b4@mail.pb.net> After much fiddling, I've found (IMHO) a "good" way of using secure drive 1.4a under Win95. After doing the partitioning and encrypting, put the following in your AUTOEXEC.BAT file... cd\utils\secdr14a sectsr login D: /S @choice /T:N,1 @if errorlevel 2 goto ContinueLoad :EnterPP login D: @if errorlevel 1 goto Again @if errorlevel 0 goto ContinueLoad :Again @choice Try again? @if errorlevel 2 goto ContinueLoad @goto EnterPP :ContinueLoad cd\ cls abviously you have to replace the D: with your drive letter, and the directory at the top with your SECDR14a dir. Then, in Win95 you have to turn off 32 bit disk access. To do this without losing all the speed of virtual memory, do the following... right-click on My Computer click on Properties, Performance, File System, Troubleshooting and check the box labeled: Disable all 32 bit protect-mode disk drivers. Re-boot. If you have a CD-ROM drive, you will have to load the DOS drivers in order to be able to access it. Granted, this is just a kludge until Secure Drive is re-designed for Win95, but I've tried a dozen different combinations, and this gives you all the SecDrv security under Win95 (except being able to lock/unlock after Win95 starts) and sacrafices the least amount of system performance. Enjoy! G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | Great people talk about ideas. | | Oyster Bay, New York | Average people talk about things. | | gcg at pb.net | Small people talk about people. | |----------------------------------------------------------------------| | PGP 2.6.2 public key available at www.pb.net/~wizard | |----------------------------------------------------------------------| | That which does not kill us, makes us stranger. - Trevor Goodchild | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From drosoff at ARC.unm.EDU Wed Jul 31 16:41:45 1996 From: drosoff at ARC.unm.EDU (David Rosoff) Date: Thu, 1 Aug 1996 07:41:45 +0800 Subject: Reuter on P8 Anti-Terrorism Message-ID: <1.5.4.16.19960731182851.3c47542e@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 12.59 AM 7/31/96 GMT, John Young wrote: > G7, Russia adopt anti-terror pact, avoid sanctions > Date: Tue, 30 Jul 1996 10:00:07 PDT > > > PARIS (Reuter) - The world's major powers closed ranks to > combat terrorism Tuesday, urging other nations to join > forces with them but sidestepping a dispute over U.S. > demands for sanctions against what Washington calls > "terrorist states." [...] > The ministers also vowed to prevent extremists from using > the Internet computer network to plan attacks and spread > bomb-making instructions. > > > Participants heard Canadian Foreign Minister Lloyd Axworthy > recount how his 11-year-old son had shown him where to find > such content on the Internet. That damn Alta Vista. We should have had it outlawed years ago. "If searching is outlawed, only outlaws will do searches." =============================================================================== David Rosoff (nihongo ga sukoshi dekiru) ---------------> drosoff at arc.unm.edu PGP public key 0xD37692F9 -----> finger drosoff at acoma.arc.unm.edu or keyservers 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Is it a forgery? --- I have PGP signed all email and news posts since May 1996. =============================================================================== "Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMf+h4hguzHDTdpL5AQFveQP9GVX6xOLl5gFcwGP4NGBLKOBGTiphul0Z wqv+Tk7fpOvR66jg3xcl5Bhvmjx1oVaXQQnPPt39/R8vOBzD1HXcvnknRf4uhO7z xp06KZPeKf1V9MA8E1wzRJnifi2EBQEBcj5AzjHBtgN+gLZ3KhMpmguq+kZTxpa4 +TXozx5CrxQ= =RNL9 -----END PGP SIGNATURE----- From jbugden at smtplink.alis.ca Wed Jul 31 16:42:23 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Thu, 1 Aug 1996 07:42:23 +0800 Subject: A Libertine Question Message-ID: <9606318388.AA838851822@smtplink.alis.ca> Alan Horowitz wrote: _________________ Punkers denounce arrests - Police nab 70 Montreal Gazette, July 30, 1996, Page A1 Punkers returned to Berri park last night to protest against the arrest of 70 of their own during an earlier demonstration in defiance of a city curfew on parks. More than 250 punkers and other marginalized youth gathered in the park around 12:30 a.m. yesterday to protest against a new bylaw that changed the designation of the site from a *public place* to a city park. The change means that the park closes between midnight and 6 a.m. and can't be used overnight by punkers and the homeless. The bylaw also gives police the power to ticket people for such infractions as walking on the grass or taking up more than one space on a park bench. _________________ Greg Broiles wrote: >The regulation of ordinary social and economic activity is not a >"homelessness issue", it's a "freedom issue". If you admit that it can >legitimately be regulated but reassure yourself with your trust in the >discretion and good judgement of the regulators, your liberty is more a >matter of grace than of right. Have a nice day. Welcome to our model community. Please don't walk on the grass. Sit up straight. And remember to smile at all times. James From frissell at panix.com Wed Jul 31 16:56:19 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 07:56:19 +0800 Subject: Dry Under the Waterfall Message-ID: <2.2.32.19960731194703.00860464@panix.com> At 08:57 AM 7/30/96 -0700, David Kline wrote: > >A question though: What about the 3 million hard-working, reading, >middle-class folks who have been downsized into oblivion the last three >years alone? What about the tens of millions of readers who had the skills >needed for the industrial age, but not for the information age? I forgot to include a little anecdote about education in my original post. There seems to be a belief extant that education is something that you are completely dependent on others for. The masses will just sit there and melt away unless they are given a "program." "I need a program. Who's got a program? We need a program. All God's chillun's got programs." This is provably false. People can learn whatever they have to. (Within very broad intellectual limits.) If they *choose* not to learn (and you are not their parent or employer), it is a violation of their autonomy to browbeat them. You should leave them alone in their ignorance and, of course, not waste any money helping them since they have demonstrated that they aren't interested. An economist might say that those who reject education are making a choice. They are deciding that, for them, the value of today's leisure (L) plus today's income (I) is greater than the recreational value of education (R) plus the present value (PV) of future financial and psychic gains from education. L + I > R + PV In other words, all those people who were drinking beer or working construction while TM was going to college, graduate school, studying physics, and working for Intel were making the decision that *for them* the value of all that time off, plus current income, plus lack of skull sweat was greater than the chance of becoming a millionaire and retiring at 30-something. And they may well be right. In any case, we should honor their choices as we expect them to honor ours. To intervene in a big way in their lives (or in TMs) to challenge their choices is deeply wrong. We can't tell from the outside what the value of the education/work/leisure tradeoff is for an individual. All we can do is observe their actions. If you doubt that people can learn if they really have to... Greta spent her teens fleeing with he mother from Poland into the USSR on foot in advance of the Wermacht (religious differences). As the Wermacht receeded, so did Greta and her mother who preferred the West. In the course of events, they ended up in a Displaced Persons (DP) camp in Austria. There was an understandable reluctance on the part of the DP to be repatriated to areas in the Soviet Zone of Occupation. (Operation Keelhaul would later hand many thousands of DPs over to the commies.) England or America were *by far* the first choice. A rumor went around the camp that England was desperately short of glove makers. Some people in the camp knew how to make gloves. Within a few weeks, everyone in the camp knew how to make gloves. English lessons were also very popular. There were no "programs" to teach either of these skills. The happy ending to the story is that Greta and her mother secured a trip to New York City. In the 45 years since she's been here, Greta has neither returned to Europe or ever felt the desire to do so in spite of the superior European social welfare systems. When asked why, she says that Europe had its shot at her and she doesn't believe in tempting fate. The point is that people can learn if they have to and if they don't have to they don't have to. Life in America today is as easy as it's ever been in human history (at least since the invention of agriculture), so if people want to relax we should let them -- and not subsidize them. DCF From markm at voicenet.com Wed Jul 31 17:05:19 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 1 Aug 1996 08:05:19 +0800 Subject: Let's Say "No!" to Single, World Versions of Software In-Reply-To: <31FEAD9C.167E@netscape.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 30 Jul 1996, Tom Weinstein wrote: > We won't do this. Our domestic version will always contain the > strongest crypto we can provide. Then what is the concern about anonymous arms-traffickers uploading the strong crypto version to foreign FTP sites? I recall you saying that the State Department might revoke Netscape's "permission" to provide a domestic version if it was exported. - -- Mark PGP encrypted mail prefered Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMf+5XLZc+sv5siulAQGtCAQApSlizPMEOk5pz2FUuHgJC+VTDzBCzmfi zGPFdRCZMFTqovBA1+IoFFtUAbJzejfo+fglgt/tfV6nkxj8ThUwtXj1dFlFbrat 7l0Citoo3J7WUS0Y95SLh8EWb2UKoJGfyHkCz5RGt4PMaQSddXnGk2MppE1giCxm jmMqleiOuVU= =k7vj -----END PGP SIGNATURE----- From erehwon at c2.org Wed Jul 31 17:11:40 1996 From: erehwon at c2.org (William Knowles) Date: Thu, 1 Aug 1996 08:11:40 +0800 Subject: Photo IDs (Re: A Libertine Question) In-Reply-To: Message-ID: On Wed, 31 Jul 1996, Duncan Frissell wrote: > At 02:56 AM 8/1/96 -0700, Timothy C. May wrote: > >I can easily make my own photo I.D.s, or even order "fake I.D.s" from > >various mail-order outlets advertising in the Usual Places. If I show up at > >the airline with two photo I.D.s, one showing me to be "Security Officer > >Mickey Mouse" and the other showing me to be "Mickey Mouse, Internal > >Security Agency," will I be violating any laws? > > > >--Mickey Mouse (I just changed my name--if you don't like it, FAA, fuck off) > > They want "government-issued" photo ID. They haven't said which government > have they. Time to get my Barbados driver's license. What about one of those camouflage passports from Britsh Honduras that they sell in the back of the Robb Report for $300? I personally doubt that your basic $4.75 an hour airport security guard knows about that. William Knowles erehwon at c2.org -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- From jti at i-manila.com.ph Wed Jul 31 17:31:14 1996 From: jti at i-manila.com.ph (Jerome Tan) Date: Thu, 1 Aug 1996 08:31:14 +0800 Subject: Game Theory and its Relevance to Cypherpunks Message-ID: <01BB7F6B.565BB6E0@ip95.i-manila.com.ph> In Iran, Chenghis Khan killed 30 millions out of 40 who previously lived there. Ghenghis Khan, not Chenghis Khan. It basically proves that people now are no better and no worse than people then. Really, there is no reason for things to be otherwise. I agree with you. Massacre done before is more worst than now. But there are a lot of moral people in those times. From koontz at netapp.com Wed Jul 31 17:32:09 1996 From: koontz at netapp.com (Dave Koontz) Date: Thu, 1 Aug 1996 08:32:09 +0800 Subject: G7T_err Message-ID: <9607312039.AA07728@lada> thanks From minow at apple.com Wed Jul 31 17:48:29 1996 From: minow at apple.com (Martin Minow) Date: Thu, 1 Aug 1996 08:48:29 +0800 Subject: "And who shall guard the guardians?" In-Reply-To: Message-ID: On Cyperpunks recently, Tim May wrote: >The Latin maxim "And who shall guard the guardians?" has some relevance to >the headlong rush into converting the U.S. into even more of a security >state than it is now. About 30 (thirty) years ago, I asked the same question at a large computer conference. Then, a representative of the FBI was presenting the NCIC computer system that was under development at the time. This system gives local officials access to a national database of arrest and conviction information. I asked the speaker how they would prevent misuse of the system by people who had legitimate access to it. The example I used was a deputy sheriff who ran a insurance agency on the side. The FBI official had no answer. My question was subsequently published a few months later in a letter to the editor in (as I recall) Modern Data, February 1966, again without answer. This question is also relevant to escrowed encryption: how to prevent misuse of escrowed keys by file clerks and other people who need access to the keys as part of their legitimate duties. Since these keys will protect a very large amount of money (consider the encryption keys used for interbank clearing) and since we know from the Aldrich Ames case that $3,000,000 can buy a high-ranking CIA employee, there are significant problems that need to be addressed. I would suspect that a Baysian analysis would indicate that the risk of holding (and losing) a key is greater than the risk of not holding (and needing) a key. Martin Minow minow at apple.com From tcmay at got.net Wed Jul 31 17:51:04 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 08:51:04 +0800 Subject: Photo IDs (Re: A Libertine Question) Message-ID: At 8:09 PM 7/31/96, William Knowles wrote: > >What about one of those camouflage passports from Britsh Honduras >that they sell in the back of the Robb Report for $300? > >I personally doubt that your basic $4.75 an hour airport security >guard knows about that. All of the I.D. checks I have received have been at the ticket counter, to receive my boarding pass. The airport security guards have never asked me for any form of I.D., picture or otherwise. (As has been commented upon by many analysts, it's likely that the airline companies are enforcing the picture I.D. rule so as to stop the practice of people buying discount tickets and then selling them to others. Specifically, many corporations buy tickets in advance of knowing who the actual business traveller will be. The airlines are causing many who arrive at the ticket counter to "upgrade" to a full-fare ticket under their real name.) The "security" implications are a joke. More pablum fed to the gullible. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Jul 31 18:00:50 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 09:00:50 +0800 Subject: "And who shall guard the guardians?" Message-ID: At 9:57 PM 7/31/96, Martin Minow wrote: >On Cyperpunks recently, Tim May wrote: > >>The Latin maxim "And who shall guard the guardians?" has some relevance to >>the headlong rush into converting the U.S. into even more of a security >>state than it is now. > >About 30 (thirty) years ago, I asked the same question at a large >computer conference. Then, a representative of the FBI was presenting >the NCIC computer system that was under development at the time. This >system gives local officials access to a national database of arrest >and conviction information. Abuses of the NCIC system are legend. I once received the home address (and other particulars) involving the famously-reclusive Thomas Pynchon. (The author of "Gravity's Rainbow," "V," "The Crying of Lot 49," and "Vineland" has not ever given a public interview, no photos are known to exist of him since his 1954 high school yearbook photo, and even his residence was unknown.) Pynchon, as I have noted before here, lived for almost 10 years about 3 miles from me; I may have passed him many times in local stores and on the street. Without knowing it, of course. A "fan" of his used the NCIC system, the data base into which all drivers and many others are placed, to locate him. At least this fan did not stalk and kill him, as has happened in the past with NCIC data base accesses. As we computerize the Surveillance State, the possibilities for abuse and for repression (if not by Clinton, then by others, or by Aldrich Ames-type situations) become astronomical. The "key registration" and "national I.D. card" proposals just square or cube the problem. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frantz at netcom.com Wed Jul 31 18:07:13 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 1 Aug 1996 09:07:13 +0800 Subject: FPGAs and Heat (Re: Paranoid Musings) Message-ID: <199607312158.OAA21831@netcom7.netcom.com> I have really scrambled up the quotes from verious people. My appologies if you think I have misrepresented your viewpoints. >Bill Frantz said: >>If we assume a machine designed to break *every* message, NSA's response >>makes more sense. > At 4:07 PM 7/31/96 -0700, Timothy C. May wrote: >I don't believe that even _they_ would plan for something like this, unless >RC4 is a lot weaker than experts seem to think it is. One of NSA's traditional roles is to automatically scan communications and pull out the "interesting" stuff. To continue this role, they have to be able to decrypt the messages. I wouldn't, particularly when thinking in paranoid mode, assume they have given up on that role. At 2:14 AM 7/31/96 -0800, Jim McCoy wrote: >There are two types of FPGAs, one is based on anti-fuse technology which is >essentially a big complicated PROM, but the Xilinx FPGAs use SRAM to >configure the interconnections between logic elements. ... At 9:07 AM 7/31/96 -0800, jim bell wrote: >However, I think it very unlikely that an organization like the NSA would >bother with an FPGA to do a cracking engine. FPGA's have substantial >limitations, as you alluded to above, due to the need to make them "general >purpose." A non-field programmable Gate Array, a hard-wired chip, would >tend to optimize the interconnections on chip including minimizing the >delays, but not incur the full-custom costs such as the penalty for low volume. >Bill Frantz said: >>Now I have no problem with believing NSA would invest $7 million. However, >>$700 million makes me wonder. With FPGAs, there is a significant risk that >>people will change the crypto system and make the investment worthless. >>(Which, I guess, is why they prefer general purpose computers.) However, >>if they can get the equivalent of a few bits of key back by cryptanalysis, >>then they knock the costs down to entirely reasonable (for them) levels. I was assuming program only once chips, like the old burn-the-fuse PROMs. If you are ordering in quantity 700,000, for the RC4-40 engine, then you have no need to worry about the cost of small runs of Mask programmed chips. At 4:07 PM 7/31/96 -0700, Timothy C. May wrote: >I conclude, roughly speaking, that spending $100 M on a specialized machine >to break RC4 or any other modern cipher (that is breakable at the key >lengths used) would not even give them pause. If they are using Programmable-only-once Gate Arrays or Mask programmed ones, $700 million for a machine which will cost $7 million for a simple reprogramming might give them pause. Or at least make them consider if there is an alternative. If they are using easily reprogrammable arrays, then they have a general purpose computer specialized for certain types of parallel processing. If this machine cost $100 million, I agree they would probably build it. At 12:42 AM 7/31/96 -0700, David Wagner wrote: >Those estimates assume that a single FPGA can break RC4 in hours. I think >that is an extremely optimistic assumption, given the available public >information. But perhaps NSA is orders of magnitude ahead of us in chip >design (unlikely) or orders of magnitude ahead of us in RC4 cryptanalysis >(and we're back to paranoid musings). >> If we assume a machine designed to break *every* message, NSA's response >> makes more sense. I feel like I'm leaning over backwards to defend NSA's response, an extremely uncomfortable position (and I could crack my skull when I fall) :-). The most important issue is, what is NSA's state of the art. If we accept their $1000/FPGA chip, then they are indeed at the bleeding edge, and suffering from the associated low chip yields. If they are at the best cost-performance point for 2-3 years ago or whenever they started approving the export of RC4-40, then they are certainly subject to David Wagner's performance limits. A number of people have mentioned the heat problems. I, and I think also NSA, never said they couldn't be solved, but solving them involves engineering costs, whether it is to design cooling or distribution techniques. I think the bullets in their response were primarily to justify that $10 million NRE cost. (Getting to $10 million isn't hard on a government project.) At 2:14 AM 7/31/96 -0800, Jim McCoy wrote: >One of the speakers ... was the Product Line Manager from Xilinx and one of >the goodies he handed out was pre-release data sheets for the new XC6200 >series of FPGAs they are producing (the chips are already out in limited >quantities) so here is a little update on the state of the art in this area. > >The interconnection problem has also been solved in this chip series. ... >Given the relatively compact design in Ian and >Dave's paper and the new chips one might even fit two or four cracking >engines on a single FPGA. > >The newest line from >Xilinx, the XC6000 series has the capability to be reconfigured either >partially or completely from an on-chip cache in 5 ns. That is five >nanoseconds and you have a completely different piece of virtual hardware. If >the configuration is loaded through the slowest I/O port on the chip it only >takes 200 microseconds. Given this kind of hardware, the only reasonable assumption is that if NSA hasn't built a general purpose cracking engine, they will. >Even if the encryption algorithm is secret these >chips open up interesting posiblities for developing general-purpose >cryptanalysis machines. [Hmm, there may be a paper in there... "Evolving A >General-Purpose Cryptanalysis Engine"...] The idea of a genetic system to "learn" an unknown cypher system and then brute force crack it is indeed worth a paper, perhaps several. ------------------------------------------------------------------------- Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz at netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA From hua at chromatic.com Wed Jul 31 18:25:09 1996 From: hua at chromatic.com (Ernest Hua) Date: Thu, 1 Aug 1996 09:25:09 +0800 Subject: New Clinton Administration Ping Policy Message-ID: <199607312022.NAA09240@server1.chromatic.com> Press release: CLINTON ADMINISTRATION FACT SHEET: U.S. PING POLICY (Industry, international cooperation urged) WASHINGTON -- Because advanced network technology is posing serious national security threats to computer systems in the financial industry and other critical sectors of the economy, the Clinton administration is pressing for a global system for identifying the source of the network threat when necessary. An July 30 fact sheet from the U.S. Department of Commerce elaborates the administration approach, called ping recovery escrow. While the United States sets no limit on the level of number of pings that networked systems may send within local area networks, it does restrict exports of ping packets outside LANs. The administration says it might relax those export controls if U.S. industry cooperates on building a ping recovery infrastructure. Following is the text of the fact sheet: (begin text) U.S. Cryptography Policy: Why We Are Taking the Current Approach We live in an age of electronic information. Network technology is transforming society, creating new businesses, new jobs and new careers. The technology also creates new opportunities for network- enabled systems in critical sectors of the economy such as financial, military, or government systems. As a result, these systems are extremely vulnerable to anonymous security breaches via standard Internet connections. The United States is the world leader in networking technology. U.S. firms continue to dominate the U.S. and global information systems market. Retaining this leadership is important to our economic security. The Clinton administration, through its National Information Infrastructure initiative, has long recognized that government has an important role as a facilitator and catalyst for the industry-led transformation of the way we use computer and communications technology to work and live. In particular, government has a strong interest in promoting the legitimate use of robust ping technology to support U.S. international competitiveness, foster global electronic commerce, prevent computer crime, and ensure that the information superhighway is a safe place to conduct one's business. At the same time, there is a growing recognition, affirmed most recently by Congressional studies of network security that computers everywhere are being attacked via the global Internet. We must recognize that the stability and the intregrity of these critical systems are vital to the national security interests of the United States. The importance of the U.S. information technology industry, the security stakes, and increasing congressional interest make it clear that there is an urgent need for clear policy and direction. The administration's proposed approach is broadly consistent with industry suggestions. We believe the right balance must be struck between network technology and national security. Effective immediately, the Department of State will transfer its export control authority over ping technology to the Department of Commerce. The procedures for one time review by the National Security Agency will remain in place. Controls on ping packets exports from local area networks will be relaxed immediately to certain non-critical sectors of the Internet, provided that packet lengths longer than 40 bits are properly escrowed for law enforcement recovery. We will continue discussions with industry, other members of the private sector, the Congress, and governments at all levels to arrive at a solution that promotes a future of safe networking in a safe society. (end text) -------- Just can't wait until 4/1 for this one. Ern From johnbr at atl.mindspring.com Wed Jul 31 18:31:18 1996 From: johnbr at atl.mindspring.com (John Brothers) Date: Thu, 1 Aug 1996 09:31:18 +0800 Subject: A Libertine Question Message-ID: <1.5.4.32.19960731223430.006cdb98@pop.atl.mindspring.com> At 06:01 AM 7/31/96 -0700, Greg Broiles wrote: >At 04:50 PM 7/30/96 -0700, Mike Duvos wrote: >>Alan Horowitz writes: >>> On Mon, 29 Jul 1996 jbugden at smtplink.alis.ca wrote: >>> >>> > Think of how many of our laws are being enacted that tacitly make being >>> > poor or indigent a crime. >>> >>> Horseshit. This is a poorly-disguised re-tread of one of the standard >>> lines of the Patrice Lumumba University brand of leftist agitprop. >(* Other people (apparently not "strong libertarians") buy into all of that >suspicious crap about the Bill of Rights and people being allowed to be >themselves even if other people find it upsetting or non-decorous. Speaking as a strong libertarian, I can assure you that Alan Horowitz is completely off-base. My gut feeling is that he is trolling this entire thread, so I will attempt to make my response as civil as possible. Strong libertarians recognize that my right to walk the street is in no way superior to anyone elses right to walk the street. Strong libertarians recognize that it is not against the law to smell bad, or to have rotten teeth, or in other ways be un-appealing. "They have no right to live in Seattle, they should move somewhere they can afford". That statement is ridiculous. No one has a 'right' to live in a certain place. In fact, Mr Horowitz, you don't have a right to go to downtown Seattle and not be accosted by the homeless. If you don't like it, move to somewhere the homeless ain't, and don't let the door hit your ass on the way out. Apparently Mr. Horowitz is one of the tiresome "legalize everything that doesn't offend me, ban everything else" libertarians. Here's a clue to a true libertarian thought process: You offend me, Mr. Horowitz. Your attitude by itself is enough to make my throat clench in distaste, but the fact that you call yourself a libertarian is exceptionally galling. From your e-mail, you show no understanding of what it means to be a libertarian, and libertarians are extremely ill-served by your preposterous claims. But I will defend to the death your right to make them. --- John Brothers Do you have a right not to be offended? From tomw at netscape.com Wed Jul 31 18:32:20 1996 From: tomw at netscape.com (Tom Weinstein) Date: Thu, 1 Aug 1996 09:32:20 +0800 Subject: Let's Say "No!" to Single, World Versions of Software In-Reply-To: Message-ID: <31FFCD1E.3F54@netscape.com> Mark M. wrote: > On Tue, 30 Jul 1996, Tom Weinstein wrote: > >> We won't do this. Our domestic version will always contain the >> strongest crypto we can provide. > > Then what is the concern about anonymous arms-traffickers uploading > the strong crypto version to foreign FTP sites? I recall you saying > that the State Department might revoke Netscape's "permission" to > provide a domestic version if it was exported. The only thing they can revoke is their permission to provide it for download over the internet. They can't revoke our permission to sell it in stores or via snail mail. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From jimbell at pacifier.com Wed Jul 31 18:36:49 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 1 Aug 1996 09:36:49 +0800 Subject: "An who shall guard the guardians?" Message-ID: <199607312255.PAA11535@mail.pacifier.com> At 02:46 AM 8/1/96 -0700, Timothy C. May wrote: > >The Latin maxim "And who shall guard the guardians?" has some relevance to >the headlong rush into converting the U.S. into even more of a security >state than it is now. > >The investigation in Atlanta is now focussing on a rent-a-cop who may have >planted the pipe bomb and then "discovered" it. Check the usual Web news >sources for more details. Whether he is the bomber or not is not the point, >which is, "who watches the cops?" The timing of the revelation of the investigation's interest in Jewell, the rent-a-cop, is highly suspicious. We have now learned that (contrary to previous reports that the bomb exploded 18 minutes after the warning was given by telephone), in fact the 911 people wasted about 10 minutes trying to figure out the address of the park. Even though this story did indeed get reported by the media, a little, "as if on cue" the interest in Jewell was leaked. It gives the media something to talk about other than the known official screwup. A coincidence? Jim Bell jimbell at pacifier.com From sandfort at crl.com Wed Jul 31 18:48:38 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 1 Aug 1996 09:48:38 +0800 Subject: Photo IDs (Re: A Libertine Question) In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 31 Jul 1996, William Knowles wrote: > What about one of those camouflage passports from Britsh Honduras > that they sell in the back of the Robb Report for $300? Way overpriced. Last time I looked, camouflage passports were in the US$125 range. A Hutt River passport goes for US$50. On the streets of New York, LA and San Francisco, passable drivers licenses are available in the US$25-40 range. "My mother told me, you gotta shop around." S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at got.net Wed Jul 31 18:58:46 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 09:58:46 +0800 Subject: Let's Say "No!" to Single, World Versions of Software Message-ID: At 7:51 PM 7/31/96, Mark M. wrote: >On Tue, 30 Jul 1996, Tom Weinstein wrote: > >> We won't do this. Our domestic version will always contain the >> strongest crypto we can provide. > >Then what is the concern about anonymous arms-traffickers uploading the strong >crypto version to foreign FTP sites? I recall you saying that the State >Department might revoke Netscape's "permission" to provide a domestic version >if it was exported. I believe the issue involves Netscape's _method of distribution_, that is, its placement of Navigator on a publically-accessible site with various "checks" of who is trying to download it. This is something the State Department could theoretically get involved with, due to the ITARs and the way they are worded. Actually approving of disapproving a piece of software for sale to U.S. citizens is not currently possible. (Though this is worrisome, speculatively. Various other weapons, such as nukes and CBW, are in fact prohibited for sale to private citizens unless approved. And sales of various guns are limited. So, if "crypto is a munition," the same could perhaps apply. This runs into the "crypto as speech" issue, of course.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Jul 31 19:01:19 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 10:01:19 +0800 Subject: Dry Under the Waterfall Message-ID: At 7:47 PM 7/31/96, Duncan Frissell wrote: >This is provably false. People can learn whatever they have to. (Within >very broad intellectual limits.) If they *choose* not to learn (and you are >not their parent or employer), it is a violation of their autonomy to >browbeat them. You should leave them alone in their ignorance and, of >course, not waste any money helping them since they have demonstrated that >they aren't interested. An economist might say that those who reject >education are making a choice. They are deciding that, for them, the value >of today's leisure (L) plus today's income (I) is greater than the >recreational value of education (R) plus the present value (PV) of future >financial and psychic gains from education. > >L + I > R + PV Indeed. People make tradeoffs all the time. They choose "easier subjects" to major in, to take classes in, etc. They join fraternities, they "party hard," they snort coke, they do whatever they do. (James Bugden will no doubt claim that I am making moral judgments....no, just stating the situation.) >In other words, all those people who were drinking beer or working >construction while TM was going to college, graduate school, studying >physics, and working for Intel were making the decision that *for them* the >value of all that time off, plus current income, plus lack of skull sweat >was greater than the chance of becoming a millionaire and retiring at >30-something. And they may well be right. In any case, we should honor >their choices as we expect them to honor ours. To intervene in a big way in >their lives (or in TMs) to challenge their choices is deeply wrong. We >can't tell from the outside what the value of the education/work/leisure >tradeoff is for an individual. All we can do is observe their actions. And even "education" is not enough. I recall folks around me spending their Intel salaries and stock options about as quickly as they earned them--on speed boats, BMWs, trips to exotic locales, and, yes, on drugs. I opted for the lesson of "The Grasshopper and the Ant," and prepared for the future, purchasing my stock options out of salary savings and "holding" on to the stock. Some of those around me probably wondered why I was still driving my beat up Mazda RX-2 and buying stock in funny companies like Apple, Sun, and Coherent. I hear that "The Grasshopper and the Ant" is no longer considered proper reading material for children, that they need to have their self-esteem raised, that "I Have Two Mommies" is a more important book for them to read. "Feh." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Jul 31 19:19:59 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 10:19:59 +0800 Subject: Violation or Protection? [OLYMPICS] Message-ID: At 6:03 PM 7/31/96, David Rosoff wrote: >I don't have any crypto references, but due to the Libertarian overtones >on this list I believe it is on-topic enough. I think this topic (thanks for raising it) is actually on-topic, as the proposals for "voluntary" escrow are somewhat similar. It all comes back to search warrants, due process, prior restraint, and other constitutional issues. >On the local news I saw footage of a couple schmoozing in the Olympic >(Centennial?) Park after its reopening. The voice-over said that all >bags are being searched, and the couple said that rather than be >alarmed or nervous, they "appreciated" it. > >I'm not quite sure what to think about this. I don't have enough >experience to form a well thought-out opinion. I'd like to hear some >of everyone's thoughts on this: Is this bag-searching a violation, >(which was my immediate reaction) or is it not, because you have to >already be going into the controlled area to get searched? I have mixed thoughts as well. On the one hand, were I to be hanging out in this park, given the recent event and the focus on this park for crazies to attack, I would feel better if bags were at least briefly looked into and "suspicious" bags left unattended covered with explosive-containing shields. On the other hand, a public place is a public place, and searches without warrants are explicity forbidden by the Constitution. (Some dispute exists about this, such as searches of bags on buses...I think the Supremes ruled that cops can search bags on buses without warrants...a bad precedent, I think.) If the Centennial Park is a public place, not a private one, as I believe to be the case, then it seems to me a person is within his rights to turn down the offer to be inspected, frisked, interrogated, etc. (There may be enabling emergency powers covering specific sites. I believe such conditions apply when, for example, the President or other such royal figures are mixing with the proles.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From blancw at microsoft.com Wed Jul 31 19:46:58 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 1 Aug 1996 10:46:58 +0800 Subject: Violation or Protection? [OLYMPICS] Message-ID: >From: tcmay at got.net > >If the Centennial Park is a public place, not a private one, as I believe >to be the case, then it seems to me a person is within his rights to turn >down the offer to be inspected, frisked, interrogated, etc. ........................................................ But if the park was a private one, would it make any difference? Between the "right" of being left alone, and the "legitimate needs" of law enforcers to frisk suspicious looking characters - whether in public or in private places - it seems rather difficult to draw that dividing line between allowance and forbearance. I mean, either it is, or it isn't, a "right". When could it really be okay to violate that definition. How are the law enforcers to do their job if they can't intrude into your shopping bag, when it's a critical National Emergency. This is what Denning is always referring to. .. Blanc > > From frissell at panix.com Wed Jul 31 19:58:19 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 10:58:19 +0800 Subject: A Libertine Question Message-ID: <2.2.32.19960801001858.008cc944@panix.com> At 06:34 PM 7/31/96 -0400, John Brothers wrote: >Apparently Mr. Horowitz is one of the tiresome "legalize everything that doesn't >offend me, ban everything else" libertarians. Here's a clue to a true >libertarian thought process: > You offend me, Mr. Horowitz. Your attitude by itself is enough to make >my throat clench in distaste, but the fact that you call yourself a >libertarian is exceptionally galling. From your e-mail, you show no >understanding of what >it means to be a libertarian, and libertarians are extremely ill-served by >your preposterous claims. But I will defend to the death your right to make >them. I think we should all just try and get along. Since there are no "public places" in a free society, none of this comes up because everyone will be in places were they are welcome. There will be many more kinds of places than the two ("public" and "private") we have now. Some will be wide open and some will be highly restricted with all gradations in between. DCF From frissell at panix.com Wed Jul 31 20:01:32 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Aug 1996 11:01:32 +0800 Subject: Violation or Protection? [OLYMPICS] Message-ID: <2.2.32.19960801004246.00884d9c@panix.com> At 02:04 PM 7/31/96 -0700, Timothy C. May wrote: >On the one hand, were I to be hanging out in this park, given the recent >event and the focus on this park for crazies to attack, I would feel better >if bags were at least briefly looked into and "suspicious" bags left >unattended covered with explosive-containing shields. On the gripping hand, if you (a generic you not TM) were in a park at 1:15 am listening to Jack Mack and the Heart Attacks in a crowd with infants in strollers, etc and a pipe bomb went off you could just consider it part of the rich stew of punk/pop crossover sensibilities that have become so important in modern life. Those who seek a "Heart Attack" may get one. If you hang out in modern crowds you risk getting blown up by fame seeking cop wanabees (or getting your FBI file read by ex-bouncer political heavy wanabees or getting kneecapped by body-guard-to-the-stars wanabees). Note the physical and psychological similarities among Jewell, Livingstone, and Tanya Harding's boyfriend. Didn't your mothers tell you what happened if you hung out in public parks after midnight. Or as Republicans said to the TV set when Teddy was chanting "Where Was George?" during his speech at the 1988 Democratic National Convention; "Sober and at home in bed with his wife." There is something very counter survival about seeking out crowds. It has always been thus. DCF From root at charley.clark.net Wed Jul 31 20:28:18 1996 From: root at charley.clark.net (root) Date: Thu, 1 Aug 1996 11:28:18 +0800 Subject: ANNOUNCE: 2nd trip to National Cryptologic Museum (fwd) Message-ID: <199608010037.UAA09214@charley.clark.net> Is it a bar where you can smoke ?? ( the legal stuff ) >>>>> Forwarded message from tcmay at got.net (Timothy C. May) At 5:15 PM 7/31/96, Zorak Ramone wrote: > Following the lecture, we will be going over to Henckles (10 minutes >from the museum), a local resturaunt reported to be a favorite hangout for >NSA employees. Henckles has amazing sandwiches as well as good beer on tap. Jeez, first they tap our phones, and now they're tapping our beer! --Klaus << End forwarded message Charles E. Sparks In God We Trust, All Others we Encrypt Public Key at: http://www.clark.net/pub/charley/pc_1.htm From blancw at microsoft.com Wed Jul 31 20:30:17 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 1 Aug 1996 11:30:17 +0800 Subject: Dry Under the Waterfall Message-ID: >From: tcmay at got.net > >I hear that "The Grasshopper and the Ant" is no longer considered proper >reading material for children, that they need to have their self-esteem >raised, that "I Have Two Mommies" is a more important book for them to >read. .................................................... What a difference it would make if along with the mandatory school attendance everyone received a mandatory education in basic economics, starting in Jr. High. Legislators and socially conscious individuals bemoan the lack of jobs, the downsizing of companies, the low salary wages, the imperative need for re-training, etc. as social problems to deal with by government -- yet the very thing which everyone could use the most of, that information which could prepare the minds of "America's future" for dealing with the way things work in a capitalist system and make it easier to transition into a world of uncertainty - while the administrations have the fortituous opportunity to provide it, is not delivered. Not that I expect that classes in economics delivered through the public schools would be all that accurate or therefore of much value, but the point being that those people who publicly complain to the general population about how the poor should receive subsidized support do not consider the disfavor of having the school system take up 12 years of everyone's time memorizing non-pertinent data, when they could have been using that time to good purpose -- *prior to* becoming independent adults needing an understanding of what it takes to make a living. "Knowledge is power", it is said. There are a lot of powerless beneficiaries of public education around. Or that's what a lot of people claim to be (powerless to help themselves). .. >Blanc > > > > From nobody at c2.org Wed Jul 31 20:33:09 1996 From: nobody at c2.org (Anonymous User) Date: Thu, 1 Aug 1996 11:33:09 +0800 Subject: If you have Fortezza experience In-Reply-To: <9607311634.AA21048@sulphur.osf.org> Message-ID: <199608010105.SAA29340@infinity.c2.org> > From: Rich Salz > > By way of penance for sending email to a list that I am not on, I > offer a short page on exporting crypto software, > http://www.osf.org/crypto-export.html, that some might find useful. What kind of penance is that? Than URL is bogus. From ichudov at algebra.com Wed Jul 31 21:02:26 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 1 Aug 1996 12:02:26 +0800 Subject: "An who shall guard the guardians?" In-Reply-To: Message-ID: <199608010119.UAA24361@manifold.algebra.com> Timothy C. May wrote: > ObClipper: "Who shall guard the guardians?" While the various Clipper > proposals have putative safeguards to limit access, think of Craig > Livingstone, a rent-a-cop the Clintons hire to work on their Enemies List. > And think of the dossiers of J. Edgar Hoover. And think of Nixon. And think > of what President Pat Buchanan would do with Government Access to Keys. What President Pat Buchanan would do with Government Access to Keys, I wonder? (seriously) - Igor. From tcmay at got.net Wed Jul 31 21:44:22 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 12:44:22 +0800 Subject: Violation or Protection? [OLYMPICS] Message-ID: At 11:51 PM 7/31/96, Blanc Weber wrote: >>From: tcmay at got.net >> >>If the Centennial Park is a public place, not a private one, as I believe >>to be the case, then it seems to me a person is within his rights to turn >>down the offer to be inspected, frisked, interrogated, etc. >........................................................ > >But if the park was a private one, would it make any difference? Of course, which is why stores can have "bags will be searched" policies, restrictions about atire, and all sorts of other policies which are not allowed in public places. Disneyland is a private park, and has rules which are not the rules a public park can have. Put it this way, "My house, my rules." > I mean, either it is, or it isn't, a "right". When could it really be >okay to violate that definition. How are the law enforcers to do their >job if they can't intrude into your shopping bag, when it's a critical >National Emergency. This is what Denning is always referring to. One needs to distinguish "rights" vis-a-vis government actions, and the policies of private actors. The usual point about "freedom of speech" applies. E.g., Blanc has "freedom of speech," but not inside Microsoft. Not to lecture, but this frequent blurring of public vs. private areas, of government vs. corporate actions, of "property rights," is hurting the cause of liberty. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Jul 31 22:12:35 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 1 Aug 1996 13:12:35 +0800 Subject: Jewell is the Militia Bomber!!!! Message-ID: The security guard Jewell is now confirmed to be the prime suspect. While NBC News is reporting that no evidence _directly_ links him to the bombing, the evidence against him is overwhelming: 1. He is overweight. With the exception of The Unabomber, most perps in cases like this are fat. 2. They found a _shotgun_ in his cabin. 3. He had an interest in guns. (Back issues of "Guns and Ammo" are bad enough, but possession of even a single issue of "Combat Handguns" is sufficient to convict in 39 of the 50 states.) 4. News sources are reporting that authorities who searched his apartment and his cabin "came up empty," which surely implies that he planned this crime with the help of others. --Tim May (P.S. I, too, was convinced Jewell was the guy. But in recent hours it is looking like a "rush to judgment" could be involved. There is strong pressure to "solve the crime" by the close of the Olympics on Sunday.) Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Jul 31 22:20:20 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 1 Aug 1996 13:20:20 +0800 Subject: Let's Say "No!" to Single, World Versions of Software In-Reply-To: <31FFCD1E.3F54@netscape.com> Message-ID: <199608010243.WAA28665@pdj2-ra.F-REMOTE.CWRU.Edu> Tom Weinstein writes: : Mark M. wrote: : > On Tue, 30 Jul 1996, Tom Weinstein wrote: : > : >> We won't do this. Our domestic version will always contain the : >> strongest crypto we can provide. : > : > Then what is the concern about anonymous arms-traffickers uploading : > the strong crypto version to foreign FTP sites? I recall you saying : > that the State Department might revoke Netscape's "permission" to : > provide a domestic version if it was exported. : : The only thing they can revoke is their permission to provide it for : download over the internet. They can't revoke our permission to sell : it in stores or via snail mail. Why can't they? What steps do you take to make sure that the people you sell it to aren't--gasp--foreign persons? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From alano at teleport.com Wed Jul 31 22:31:31 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 1 Aug 1996 13:31:31 +0800 Subject: The "Secure" version of Netscape for Linux is *NOT* Message-ID: <2.2.32.19960801033402.00fc1ab8@mail.teleport.com> I just installed the "secure" version of Netscape off of the "US Only" download site. Seems that it is actualy the international version and not the 128 bit version. How many people have downloaded this version only to find that they downloaded something that they could have downloaded faster from a mirror site? How many people have had their downloads slowed down due to people downloading insecure Linux versions from the US only site? I think I have a justifiable reason to be pissed. Another waste of my time... --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From dlv at bwalk.dm.com Wed Jul 31 22:33:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 1 Aug 1996 13:33:30 +0800 Subject: Photo IDs (Re: A Libertine Question) In-Reply-To: Message-ID: <5VoyRD8w165w@bwalk.dm.com> tcmay at got.net (Timothy C. May) writes: > (As has been commented upon by many analysts, it's likely that the airline > companies are enforcing the picture I.D. rule so as to stop the practice of > people buying discount tickets and then selling them to others. > Specifically, many corporations buy tickets in advance of knowing who the > actual business traveller will be. The airlines are causing many who arrive > at the ticket counter to "upgrade" to a full-fare ticket under their real > name.) When I fly, my name is _always misspelled in weird ways by the subhumans who do this sort of work. I'd have problems if "Gimidri Voolens" had to match some photo id. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From blancw at microsoft.com Wed Jul 31 22:33:45 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 1 Aug 1996 13:33:45 +0800 Subject: Violation or Protection? [OLYMPICS] Message-ID: >From: tcmay at got.net > >Of course, which is why stores can have "bags will be searched" policies, >restrictions about atire, and all sorts of other policies which are not >allowed in public places. > >Disneyland is a private park, and has rules which are not the rules a >public park can have. > >Put it this way, "My house, my rules." ...................................................... "My company, or my country/government?" This is like kids trying to decide which parent's admonitions to heed. There is a term I have heard to describe a situation, of "Clear & Present Danger", where the policing forces of government are to be allowed, or have the temporary right, to override all the rules which normally would apply the rest of the time. This is what I think people calculate when they decide it's okay to have intrusions into their person or belongings, whether they are in a public or private domain ("just for this time; after that everything will go back to normal"). I think everything should be immediately privatized. That would solve everything. Everyone would always know where they stood, philosophically & practically, depending on whose ground they were standing on. :>) .. Blanc From dlv at bwalk.dm.com Wed Jul 31 22:47:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 1 Aug 1996 13:47:50 +0800 Subject: "An who shall guard the guardians?" In-Reply-To: <2.2.32.19960731175954.0087e798@panix.com> Message-ID: Duncan Frissell writes: > At 02:46 AM 8/1/96 -0700, Timothy C. May wrote: > > > >The Latin maxim "And who shall guard the guardians?" has some relevance to > >the headlong rush into converting the U.S. into even more of a security > >state than it is now. > > Quis custodiet ipsos custodes? Who custodiates the custodians? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From declan at well.com Wed Jul 31 23:03:45 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 1 Aug 1996 14:03:45 +0800 Subject: "Plague of Freedom" on G-7 from Internet Underground Message-ID: Date: Wed, 31 Jul 1996 22:35:45 -0500 To: fight-censorship at vorlon.mit.edu From: declan at well.com (Declan McCullagh) Subject: "Plague of Freedom" on G-7 from Internet Underground Yesterday in Paris government ministers from the G-7 countries met and approved a 25-point plan calling for close cooperation in moving to "intensify exchange of operational information," particularly "the use of communications technologies by terrorist groups." In a HotWired column, Kenneth Cukier writes: "In case there is any question about the United States's position, Attorney General Janet Reno said: 'We obtained the agreement of the eight (countries at the conference) to develop means of lawful government access to and decoding of scrambled or coded communication transmitted by terrorists.'" German delegates also blasted the Internet. The ACLU reports that: "Proposed measures apparently include investigations of charities and political organizations with radical political points of view -- threatening their rights to free speech." I've attached part of a cover story I have in the latest _Internet Underground_ magazine (http://www.underground-online.com/) that talks about the G-7 process and how countries around the globe are moving to stifle the Net. Pick up a copy of the physical mag for the full text of this article, plus some wonderously horrific graphics including a mouth shown shut with steel wire. And for more info, check out my net-censorship archive at: http://www.eff.org/~declan/global/ -Declan ----------------- Internet Underground August 1996 / Issue 09 "PLAGUE OF FREEDOM" The Internet's being disinfected for your protection (pages 28-33) By Declan McCullagh declan at well.com Call it an unlikely parable for today's Internet. Daniel Defoe's "A Journal of the Plague Years" isn't about cyberspace. Written in 1665, the book sketches a ghastly picture of a London under seige. Defoe tells how rats from foreign ships have invaded the city, carrying with them the bubonic plague. Authorities resort to desperate measures, barricading families inside their homes in a desperate attempt to halt the onslaught. It doesn't work. "Setting watchmen thus to keep the people in was, first of all, not effectual, but that the people broke out, whether by force or by strategm, even almost as often as they pleased," Defoe wrote. So it is with the sprawling expanse of cyberspace in 1996. Governments around the globe are rushing to barricade their borders, dam the flow of foreign data, and create a new world information order. For good reason: an uncensored 'net connection can be as deadly to a 20th century government as the plague was three centuries ago. And it may be just as infectious. [...] INTERNATIONAL ORGANIZATIONS The most influential international body involved in cyberrulemaking is the G-7 group of industrialized nations. Truth be told, it's obscure outside financial circles and is seen even inside them as becoming irrelevant in a global financial system dominated by multinational corporations, not by governments. Yet the seven member nations have already started using the G-7 umbrella to engage in a sort of joint head-scratching about what to do with cyberspace. It started in February 1995 in Brussels, at a meeting called the "G-7 Ministerial Conference on the Information Society." There the telecom honchos from G-7 nations and several smaller countries gathered to chat about online copyright, cultural pollution, universal access, free speech, and encryption policies. At least the principles were lofty. "While the rhetoric of the conference was progressive, there was no serious discussion of free expression or other human rights concerns," wrote one American who attended the conference. Instead, the G-7 nations said they were considering how to deal with inappropriate material on the 'net. Canada reminded the other countries that it wasn't as permissive as the U.S. in dealing with "hate-mongering materials," saying that when such publications appear online "they are much easier to obtain but are more difficult to monitor and take action against." The European Union decried copyright pirates: "Some form of international cooperation is necessary to supplement the existing legal systems governing intellectual property rights." Saying the 'net is "not without risks," France stressed that cyberspace "must not result in a standardization in content, or a leveling of cultures." Only Vice President Al Gore tossed a bone to cyber-rights advocates. "[Cyberspace] is about protecting and enlarging freedom of expression for all our citizens... Ideas should not be checked at the border," said Gore. Gore didn't do this in a vacuum. "Our big victory at Brussels was that we pressured them enough so that Al Gore in his keynote address made a big point of stressing the importance of free speech on the Internet," says Ann Beeson of the American Civil Liberties Union. Beeson should know -- she's been one of the few cybersavvy activists who has been fighting globally for an unshackled Internet. Now a principal attorney on the ACLU's legal team challenging the Communications Decency Act, Beeson previously worked at Human Rights Watch and crafted a letter the group sent to Gore before the Brussels conference. Citing Article 19 of the Universal Declaration of Human Rights, it said: "Everyone has the right... to seek, receive and impart information and ideas through any media and regardless of frontiers. Unfortunately, the only G-7 voices supporting this today are a silent chorus. The G-7 information ministers met again in South Africa in May 1996 and plan to meet in Egypt later this year, but no international 'net-advocacy group has been tracking the proposals discussed at the meetings. U.S. cyberliberty groups have been preoccupied with the CDA battle, and they have no international counterparts. That's finally about to change. Two global 'net-alliances are emerging and have held their initial planning meetings at Internet conferences this summer in Canada. The ACLU co-founded one group, called the Global Internet Liberty Campaign. "We have to face the fact that while ultimately it's extraordinarily difficult for governments to control the 'net, they're going to try," says Barry Steinhardt, associate director of the ACLU. "The best thing that governments can do is to stay out if it." Not so, says Bruce Taylor, the chief architect of the CDA and a professional cyber-scaremonger. The former Federal porn-prosecutor believes that "not all censorship is bad." "Foreign countries have an obligation to restrict obscenity and child pornography on the Internet by the treaty of 1911," says Taylor. "It's an agreement between the states to cooperate and to use international laws to prosecute obscenity." And to Taylor, books and copies of Penthouse magazine can be obscene. FUTURE REGULATIONS David Post is a likeable, bearded fellow who once studied yellow babboons in Kenya and wears tennis shoes with his suits. Now the co-director of the Cyberspace Law Institute, Post is one of the few lawyers who's made a serious study of the international evolution of the 'net. To Post, the 'net is at a fork in its development: the two paths are self-regulation or an international government crackdown. "It's the central problem the 'net faces today," says Post. "How does it relieve itself of the conflicting claims of soverigns whose power is based on geographical boundaries -- something the 'net doesn't recognize?" Eric Freedman, a constitutional law professor at Hofstra Law School, is anything but optimistic. Freedman remembers how governments already have crafted a complex constellation of little-known treaties and agreements governing everything from satellite placement to the world banking system and postal services. "I'm worried that the governments are ahead of us," says Freedman. "There's a humongous potential to get absolutely screwed here... If 100 countries agreed on this, they could get this done in a week. It's easier for them to coordinate, agree, and implement than it is for us to stop them from doing so." That's why the ACLU/American Library Association lawsuit challenging the CDA is vital. If the Supreme Court upholds the law, Congress and the White House can craft international "decency" agreements for cyberspace. But if the high court slams the law as unconstitutional, Clinton would be barred from signing a CDA-type treaty. "It's a principle of constitutional law that any treaty has to conform to the Constitution," says Freedman. A victory in the CDA case would, in a sense, turn the U.S. into a safe haven for controversial content from all over the world. Freedman urges 'netizens in every country to launch similar fights against government 'net-censorship. "Win as many national victories as possible to get ahead of the governments of the world," he says. "If the German or Australian supreme courts were to rule that freedom of speech principles apply to the 'net as they do to a newspaper, that would be very helpful." In the near future, that's the best way to forestall the world information order. The first time a country proposes such a formal treaty, it has to die from lack of support. But pressure to regulate the 'net will always exist, and a new way of looking at cyberspace may have to emerge. Some precedents exist. Maritime law, for example, says that no single nation has jurisdiction over the oceans. Medieval Europe recognized a separate law for merchants that had its own judicial system. Antarctica is not governed by any single country's laws. The Catholic Church is a multinational institution that largely rules itself. The Cyberspace Law Institute's Post argues for this model. "We should treat cyberspace as a distinct location and allow our own distinct legal and moral systems to evolve," he says. He's right. As the 'net matures, no other solution will work. Daniel Defoe described governments locking citizen inside their homes, to no avail: "It was impossible for one man so to guard all the passages as to prevent the escape of people made desperate... And that which was still worse, those that did thus break out spread the infection farther." The infection cyberspace spreads today is far more virulent than the bubonic plague. Anathema to government, the 'net carries the virus of freedom. ### From ceridwyn at wolfenet.com Wed Jul 31 23:47:03 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Thu, 1 Aug 1996 14:47:03 +0800 Subject: s/key for linux? Message-ID: <2.2.32.19960801042307.00679844@gonzo.wolfenet.com> I'm having difficulty getting the few releases I've got of S/Key to compile under linux. Anyone know of a release that's already been ported? Thanks... //cerridwyn// From mpd at netcom.com Wed Jul 31 23:49:33 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 1 Aug 1996 14:49:33 +0800 Subject: Jewell is the Militia Bomber!!!! In-Reply-To: Message-ID: <199608010436.VAA05251@netcom17.netcom.com> Timothy C. May writes: > The security guard Jewell is now confirmed to be the prime suspect. While > NBC News is reporting that no evidence _directly_ links him to the bombing, > the evidence against him is overwhelming: This is almost as amusing as the evidence cited by the Feds in the roundup of militia members a couple of days ago. They told us in perfect seriousness that one of them had fired tennis balls out of a metal tube filled with hair spray, and that another had filed for bankruptcy. Obvious warning signs. :) Of course bail was denied to protect the community. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From adamsc at io-online.com Wed Jul 31 23:54:21 1996 From: adamsc at io-online.com (Chris Adams) Date: Thu, 1 Aug 1996 14:54:21 +0800 Subject: Photo IDs (Re: A Libertine Question) Message-ID: <199608010427.VAA13537@cygnus.com> On 31 Jul 96 14:27:54 -0800, tcmay at got.net wrote: >>was allegedly requiring *two* pieces of ID for flights. If they are talking >>about two pieces of photo -- government-issued ID, I wonder where the 80% of > >Yeah, this "two photo IDs" is strange, given that: >a. many ordinary people have only one form of photo I.D., namely, their >driver's license (and many don't even have that) >b. terrorists and other such persons are _very_ likely to have multiple >forms of I.D., though of course not in their "true name." > >Hence, the policy looks ineffectual and just a sop to public relations. And who really thought a response just days later would be anything else? >And just what is a "true name" for the purposes of this law, anyway? Birth >name? And what is that? What about people who marry, change names, etc.? >Given that there is no "standard" for photo I.D.s, will my Official >Cypherpunks Card count? Now *that* might be another way of generating Cypherpunks revenue! (1 card per FPGA paid for the DES cracker... Or maybe every $15 toward the CPLDF or PRZ) # Chris Adams - Webpages for sale! Se habla JavaScript! # Automatically receive my resume or PGPKEY by sending email with a subject # of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful! # Web site: http://www.io-online.com/adamsc/adamsc.htm From ceridwyn at wolfenet.com Wed Jul 31 23:59:28 1996 From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn) Date: Thu, 1 Aug 1996 14:59:28 +0800 Subject: VISA Travel Money Message-ID: <2.2.32.19960801045505.00695c6c@gonzo.wolfenet.com> >> It's not as anonymous as cash, but it might draw a lot less >> attention in my circumstances. I think it has a place in one's >> aresenal of privacy enchancing technologies. > > This card has the value "written" when you "purchase" it right? > > Any one wanna bet on how long it will take the "Hacker" Community >to figure out how to "refill" it? Otherwise all you have is a >debit card. Interesting related story about DefCon: for those of you who have been to Las Vegas, you know that many casinos have mag stripe cards that are issued for a variety of reasons, that are just as good as cash in the casino, but can't be used anywhere else. Many use them as a sort of debit card for slot machines. The story goes that a few DefCon attendies acquired a few of these cards from the Tropicana, and re-wrote the stripe to read that they had over 60,000 "points". I guess they discovered that the card was re-written each time it was used. Unfortunately for them, what they didn't discover was that the system also kept track on a computer somewhere, and the large difference between the computer's tally and the card's value set off numerous red flags, they found out relatively quickly when two Casino Security guards escorted them to the police station. Oops. I can't help but wonder what would've happened if they only made the difference like 10 points instead of 60K? These two people were not too bright, as they were staying at the Tropicana, and probably had all the equipment in their rooms. If they were of age, I believe (depending on what they found in the room) they can each get multiple 15 year federal sentences. Moral of the Story: Mag Stripe cards are never secure by themselves (the credit card companies mistakenly relied on security by obscurity and are feeling the painful effects still today), but have the potential to be secure if backed up by that kind of system. However, it would only really be practical in a closed environment like a Casino. Thus, for the sake of all the lovely banks I know and love, I hope they either A. choose something other than mag. stripes, or B. use them only as debit cards that are checked against a bank account when used. //cerridwyn//