Queries from a Cyper-newbie?

Chris Avery cavery at ccnet.com
Mon Jul 28 18:43:26 PDT 1997



1. Thanks for the comments. I indeed meant "crackable" when I said "unencryptable", as you surmised. I'll learn.

2. I don't precisely know what it means to "change hashes" on RSA keys, though I get the drift. Where can I go for details?

3. I'll do the www.crypto.com thing, thanks for the pointer. This may be a critical last stand on the privacy of communications issue. What gets me is the blind arrogance with which govt "servants" assume that their (even if legitimate) pursuit of crime somehow excuses or justifies diminishing privacy rights for everyone else. There must be some kind of ratio: 1,000,000 rights diminished for  1 criminal activity detected?  Doesn't make sense. 

Thnks.


----------
From: 	bennett_t1 at popmail.firn.edu[SMTP:bennett_t1 at popmail.firn.edu]
Sent: 	Monday, July 28, 1997 5:35 PM
To: 	Chris Avery
Cc: 	cypherpunks at toad.com
Subject: 	Re: Queries from a Cyper-newbie?

-----BEGIN PGP SIGNED MESSAGE-----

At 03:45 PM 7/28/97 -0700, you wrote:
>Anybody willing to offer a bit of help to a cypher-newbie?  I'm 
trying to sort out a few of the basics:

Well as long as you ask like that instead of what most newbies do, 
such as try and subscribe by sending "Add me to the mailing list" to 
the list.

>1. PGP 5.0 -- good software?

It's better integrated for Mac Lusers and Windows 95ers.  It is, 
however, flawed in some respects.

>If not, what problems?  Why to use DSS vs/ RSA keys?  How is 5.0 
different than 2.6.3i ?  Which is better?

2.6.3i cannot use CAST, or (who would want to , it's DES!) Triple-
DES.  It does however, can use other hashes with RSA, thanks to 
someone's discovery on PGP-USERS.  2.6.3i is dos native, and complex. 
 A shell integrates nicely, but it's still not the same.

>2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i 
(and vice versa?)  Using RSA keys? 

ONLY using RSA keys.  DSS/Diffie-Hellman support is being added to 
old PGP's.  RSAREF is used in PGP 5.0 .  MPILIB, Phil Zimmermann's 
original PGP RSA algorithm implementation is used in international 
versions.  It's becuase of RSA's patent stuff.

>3. I understand certain encryption s/w cannot be legally exported, I 
am aware that such s/w is nevertheless being used (and built) abroad. 
 My queries:  Is purely domestic use being threatened by the pending 
legislation?  Is it already illegal to send an encrypted msg out of 
the US? If so, is it illegal to receive an encrypted msg from outside 
the US?

Unless it is the "shitty 40 bit" type.  It can be built abroad, for 
example, IDEA was made in switzerland, or something like that..., PGP 
2.6.3i was made legally, I think.  Domestic use is being threatened 
by Nazi Motherfuckers like Billy-Bob Clinton [spit], The FBI, and the 
NSA.  Oppose them.  Go to www.crypto.com and do some of the stuff 
there.  Sending and recieving mail from the outside of the US *is 
legal*.

>4. How strong is strong?  My MS Explorer has the 128 bit encryption 
scheme to secure domestic financial transactions (such as credit 
cards). How "un-encryptable" is this? I read some recent postings 
here re difficulty of breaking 128 bit keys -- but this had reference 
to stronger methods of encryption than MS Explorer uses, right? So 
128 bits is hard to break (umptyump years, terrawatts, etc.)? Then 
why does my PGP 5.0 software offer keys that are 768, 1024, etc. up 
to 4096 bits in length? Are these numbers on the same scale? 

Unencryptable?  What the fuck are you talking about?  If you mean 
crackable, let's just say it'd take several time the age of the 
Universe to crack it.  The RSA keys are weaker than symmetric 
cyphers, unless we're talking about DSS/Diffie-Hellman keys with 
4096bits.  They are not on the same scale.

>Any "strength" differences between RSA, DSS, and Diffie-Hellman? IS 
there some layman-understandable difference between these? 

Well, RSA's are patented and RSA is really anal with their patents.  
DSS/Diffie-Hellman keys are unpatented.  You can change hashes on RSA 
keys (RIPEM160, MD5 [was broken already], and SHA-1).  But to use 
those RSA's with older PGP's, use only MD5.

>5. Is international data traffic somehow monitored (or monitorable) 
to detect encrypted traffic?

It can be detected that you're using encryption.  Breaking PGP is 
another thing.

If any other cypherpunks want to correct me here, do so.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBM9065B0+FhmmTrSJAQEdsgQAmRAJR7CxQCy4Wfny8YM6oJ3chLKnJCnA
E45EElRsAVS8zyAWy06/ZJFG8XjInjgAzmx+fRvGoN0qHvObyFfrDMPML0w+405s
cddgcApc0DfbjP8narKHVBQnbOhwuSjdDbwTbFF9F+EG0OkXewgYKXS/QnS11ov/
ofr4ooPGcr0=
=rowH
-----END PGP SIGNATURE-----











More information about the cypherpunks-legacy mailing list