1155 lines
63 KiB
Markdown
1155 lines
63 KiB
Markdown
|
19. Appendices
|
||
|
|
||
|
19.1. copyright
|
||
|
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
|
||
|
1994-09-10, Copyright Timothy C. May. All rights reserved.
|
||
|
See the detailed disclaimer. Use short sections under "fair
|
||
|
use" provisions, with appropriate credit, but don't put your
|
||
|
name on my words.
|
||
|
|
||
|
19.2. SUMMARY: Appendices
|
||
|
19.2.1. Main Points
|
||
|
19.2.2. Connections to Other Sections
|
||
|
19.2.3. Where to Find Additional Information
|
||
|
19.2.4. Miscellaneous Comments
|
||
|
- This is still under construction
|
||
|
- Disorganized!!!
|
||
|
- URLs need to be checked
|
||
|
|
||
|
19.3. Appendix -- Sites, Addresses, URL/Web Sites, Etc.
|
||
|
19.3.1. be sure to get soda address straight!!! [use clones]
|
||
|
- I received mine from soda.csua.berkeley.edu
|
||
|
the menus are: /pub/cypherpunks/pgp/pgp26
|
||
|
|
||
|
19.3.2. How to use this section
|
||
|
+ comment on URLs being only a snapshot...
|
||
|
- use reply to Sherry Mayo here
|
||
|
19.3.3. General Crypto and Cypherpunks Sites
|
||
|
- sci.crypt archive: anon ftp to ftp.wimsey.bc.ca:/pub/crypto
|
||
|
[Mark Henderson]
|
||
|
+ ftp://soda.berkeley.edu/pub/cypherpunks/Home.html [has
|
||
|
probably been changed to soda.csua.edu site]
|
||
|
- ftp://ftp.u.washington.edu/public/phantom/cpunk/README.ht
|
||
|
ml
|
||
|
- ftp://furmint.nectar.cs.cmu.edu/security/cypheressay/what-
|
||
|
is-cypherpunk.html [Vincent Cate, 1994-07-03]
|
||
|
- ftp://wiretap.spies.com/Gov/World/usa.con
|
||
|
- http://www.quadralay.com/www/Crypt/Crypt.html
|
||
|
- http://cs.indiana.edu/ripem/dir.html
|
||
|
- misc. article on crypto:
|
||
|
http://www.quadralay.com/www/Crypt/Crypt.html
|
||
|
- ftp.wimsey.bc.ca:/pub/crypto has REDOC III, Loki91, SHS and
|
||
|
HAVAL (Mark Henderson, markh@vanbc.wimsey.com, 4-17-94,
|
||
|
sci.crypt>
|
||
|
+ Some misc. ftp sites to check:
|
||
|
- soda.berkeley.edu
|
||
|
- ftp.informatik.uni-hamburg.de
|
||
|
- ripem.msu.edu
|
||
|
- garbo.uwasa.fi
|
||
|
- wimsey.bc.ca
|
||
|
- ghost.dsi.unimi.it
|
||
|
- http://rsa.com
|
||
|
- PC Expo disk package to ftp.wimsey.bc.ca [Arsen Ray
|
||
|
Arachelian, 1994-07-05]
|
||
|
+ PC Expo disk
|
||
|
- ftp.wimsey.bc.ca
|
||
|
/pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/pcxp
|
||
|
o/pcxpo.zip
|
||
|
- "The FTP site ripem.msu.edu has a bunch of crypto stuff."
|
||
|
[Mark Riordan, 1994-07-08]
|
||
|
+ URL for "Applied Cryptography"-related files
|
||
|
- http://www.openmarket.com/info/cryptography/applied_crypt
|
||
|
ography.html
|
||
|
19.3.4. PGP Information and Sites
|
||
|
+ http://www.mantis.co.uk/pgp/pgp.html
|
||
|
- information on where to find PGP
|
||
|
+ pgpinfo@mantis.co.uk
|
||
|
- send any mail to this site and receive a list back of PGP
|
||
|
sites
|
||
|
- PGP info: ftp.netcom.com, in /pub/gbe and in /pub/qwerty
|
||
|
- more PGP:
|
||
|
ftp:csn.org//mpj/I_will_not_export/crypto_???????/pgp
|
||
|
<Michael Paul Johnson, mpj@csn.org, Colorado Catacombs, 4-8-
|
||
|
94>
|
||
|
- For non-U.S. sources of PGP: send blank mail to
|
||
|
pgpinfo@mantis.co.uk
|
||
|
+ Sherry Mayo, a crypto researcher in Australia, is also
|
||
|
making versions available:
|
||
|
- "PGP2.6ui is available (I hope!) on my experimental WWW
|
||
|
server, aim your browser at
|
||
|
http://rschp2.anu.edu.au:8080/crypt.html I am new to
|
||
|
this WWW thing so let me know if you have any probs
|
||
|
downloading. Available on the server is:
|
||
|
PGP2.6ui source for unix machines
|
||
|
Executable for the PC version of PGP 2.6ui
|
||
|
Executable for MacPGP 2.3" [Sherry Mayo,
|
||
|
talk.politics.crypto, 1994-09-06]
|
||
|
19.3.5. Key Servers
|
||
|
+ pgp-public-keys@demon.co.uk
|
||
|
- HELP in the subject line for more information about how
|
||
|
to use
|
||
|
- pgp-public-keys@jpunix.com
|
||
|
+ pgp-public-keys@pgp.iastate.edu
|
||
|
- ``help'' as the subject, to get a list of keyservers
|
||
|
[Michael Graff <explorer@iastate.edu>, alt.security.pgp,
|
||
|
1994-07-04]
|
||
|
19.3.6. Remailer Sites
|
||
|
- To show active remailers: finger remailer@soda.berkeley.edu
|
||
|
19.3.7. Mail-to-Usenet gateways:
|
||
|
+ group.name@paris.ics.uci.edu
|
||
|
- group.name@cs.dal.ca
|
||
|
- group.name@ug.cs.dal.ca
|
||
|
- <compiled by Matthew J. Ghio, 4-18-94>
|
||
|
19.3.8. Government Information
|
||
|
+ California Legislative Information
|
||
|
- "You are invited to browse the new edition of my list of
|
||
|
Internet and direct dial sources of California government
|
||
|
information at URL:
|
||
|
www.cpsr.org/cpsr/states/california/cal_gov_info_FAQ.html
|
||
|
" [Chris Mays, comp.org.cpsr.talk, 1994-07-01]
|
||
|
|
||
|
+ NSA Information
|
||
|
- Can get on NSA/NCSC/NIST mailing list by sending to:
|
||
|
- csrc.nist.gov:/pub/nistpubs
|
||
|
19.3.9. Clipper Info
|
||
|
+ http://www.mantis.co.uk/~mathew/
|
||
|
- some good Clipper articles and testimony
|
||
|
19.3.10. Other
|
||
|
+ ftp://furmint.nectar.cs.cmu.edu/security/README.html#taxes
|
||
|
- Vincent Cate
|
||
|
- http://www.acns.nwu.edu/surfpunk/
|
||
|
+ Export Laws
|
||
|
- "EFF Board member and Cygnus Support co-founder John
|
||
|
Gilmore has set up a World Wide Web page on cryptography
|
||
|
export issues, including information on how to apply for
|
||
|
export clearance, exchages with Commerce Dept. on export
|
||
|
licensing, legal documents on networking issues in
|
||
|
relation to export of technology and crypto, and more.
|
||
|
The URL is: http://www.cygnus.com/~gnu/export.html"
|
||
|
[Stanton McCandlish, mech@eff.org, 1994-04-21]
|
||
|
+ Large integer math libraries
|
||
|
- ripem.msu.edu <Mark Riordan, mrr@scss3.cl.msu.edu, 4-8-
|
||
|
94, sci.crypt>
|
||
|
- ftp:csn.org//mpj <Michael Paul Johnson, 4-8-94,
|
||
|
sci.crypt>
|
||
|
+ Phrack
|
||
|
- archived at ftp.netsys.com
|
||
|
+ Bruce Sterling's comments at CFP
|
||
|
+ Bruce Sterling's remarks delivered at the "Computers,
|
||
|
Freedom and Privacy IV"
|
||
|
- conference , Mar. 26 1994 in Chicago, are now online at
|
||
|
EFF:
|
||
|
- ftp://ftp.eff.org/pub/Publications/Bruce_Sterling/cfp_9
|
||
|
4_sterling.speech
|
||
|
- http://www.eff.org/pub/Publications/Bruce_Sterling/cfp_
|
||
|
94_sterling.speech
|
||
|
- gopher://gopher.eff.org/11/Publications/Bruce_Sterling/
|
||
|
cfp_94_sterling.speech
|
||
|
- gopher.eff.org, 1/Publications/Bruce_Sterling,
|
||
|
cfp_94_sterling.speech
|
||
|
- (source: Stanton McCandlish * mech@eff.org, 3-31-94)
|
||
|
19.3.11. Crypto papers
|
||
|
- ftp.cs.uow.edu.au
|
||
|
pub/papers
|
||
|
- (quantum, other, Siberry, etc.)
|
||
|
19.3.12. CPSR URL
|
||
|
- CPSR URL: http://www.cpsr.org/home
|
||
|
|
||
|
19.4. Appendix -- Glossary
|
||
|
19.4.1. **Comments**
|
||
|
- Release Note: I regret that I haven't had time to add many
|
||
|
new entries here. There are a lot of specialized terms, and
|
||
|
I probably could have doubled the number of entries here.
|
||
|
- Much more work is needed here. In fact, I debated at one
|
||
|
point making the FAQ instead into a kind of "Encycopedia
|
||
|
Cypherpunkia," with a mix of short and long articles on
|
||
|
each of hundreds of topics. Such an organization would
|
||
|
suffer the disadvantages found in nearly all
|
||
|
lexicographically-organized works: confusion of the
|
||
|
concepts.
|
||
|
- Many of the these entries were compiled for a long handout
|
||
|
at the first Cypherpunks meeting, September, 1992. Errors
|
||
|
are obviously present. I'll try to keep correcting them
|
||
|
when I can.
|
||
|
- Schneier's "Applied Cryptography" is of course an excellent
|
||
|
place to browse for terms, special uses, etc.
|
||
|
19.4.2. agoric systems -- open, free market systems in which
|
||
|
voluntary transactions are central.
|
||
|
19.4.3. Alice and Bob -- crypographic protocols are often made
|
||
|
clearer by considering parties A and B, or Alice and Bob,
|
||
|
performing some protocol. Eve the eavesdropper, Paul the
|
||
|
prover, and Vic the verifier are other common stand-in names.
|
||
|
19.4.4. ANDOS -- all or nothing disclosure of secrets.
|
||
|
19.4.5. anonymous credential -- a credential which asserts some right
|
||
|
or privelege or fact without revealing the identity of the
|
||
|
holder. This is unlike CA driver's licenses.
|
||
|
19.4.6. assymmetric cipher -- same as public key cryptosystem.
|
||
|
19.4.7. authentication -- the process of verifying an identity or
|
||
|
credential, to ensure you are who you said you were.
|
||
|
19.4.8. biometric security -- a type of authentication using
|
||
|
fingerprints, retinal scans, palm prints, or other
|
||
|
physical/biological signatures of an individual.
|
||
|
19.4.9. bit commitment -- e.g., tossing a coin and then committing to
|
||
|
the value without being able to change the outcome. The blob
|
||
|
is a cryptographic primitive for this.
|
||
|
19.4.10. BlackNet -- an experimental scheme devised by T. May to
|
||
|
underscore the nature of anonymous information markets. "Any
|
||
|
and all" secrets can be offered for sale via anonymous
|
||
|
mailers and message pools. The experiment was leaked via
|
||
|
remailer to the Cypherpunks list (not by May) and thence to
|
||
|
several dozen Usenet groups by Detweiler. The authorities are
|
||
|
said to be investigating it.
|
||
|
19.4.11. blinding, blinded signatures -- A signature that the signer
|
||
|
does not remember having made. A blind signature is always a
|
||
|
cooperative protocol and the receiver of the signature
|
||
|
provides the signer with the blinding information.
|
||
|
19.4.12. blob -- the crypto equivalent of a locked box. A
|
||
|
cryptographic primitive for bit commitment, with the
|
||
|
properties that a blobs can represent a 0 or a 1, that others
|
||
|
cannot tell be looking whether it's a 0 or a 1, that the
|
||
|
creator of the blob can "open" the blob to reveal the
|
||
|
contents, and that no blob can be both a 1 and a 0. An
|
||
|
example of this is a flipped coin covered by a hand.
|
||
|
19.4.13. BnD --
|
||
|
19.4.14. Capstone --
|
||
|
19.4.15. channel -- the path over which messages are transmitted.
|
||
|
Channels may be secure or insecure, and may have
|
||
|
eavesdroppers (or enemies, or disrupters, etc.) who alter
|
||
|
messages, insert and delete messages, etc. Cryptography is
|
||
|
the means by which communications over insecure channels are
|
||
|
protected.
|
||
|
19.4.16. chosen plaintext attack -- an attack where the cryptanalyst
|
||
|
gets to choose the plaintext to be enciphered, e.g., when
|
||
|
possession of an enciphering machine or algorithm is in the
|
||
|
possession of the cryptanalyst.
|
||
|
19.4.17. cipher -- a secret form of writing, using substitution or
|
||
|
transposition of characters or symbols. (From Arabic "sifr,"
|
||
|
meaning "nothing.")
|
||
|
19.4.18. ciphertext -- the plaintext after it has been encrypted.
|
||
|
19.4.19. Clipper -- the infamous Clipper chip
|
||
|
19.4.20. code -- a restricted cryptosystem where words or letters of a
|
||
|
message are replaced by other words chosen from a codebook.
|
||
|
Not part of modern cryptology, but still useful.
|
||
|
19.4.21. coin flippping -- an important crypto primitive, or protocol,
|
||
|
in which the equivalent of flipping a fair coin is possible.
|
||
|
Implemented with blobs.
|
||
|
19.4.22. collusion -- wherein several participants cooperate to deduce
|
||
|
the identity of a sender or receiver, or to break a cipher.
|
||
|
Most cryptosystems are sensitive to some forms of collusion.
|
||
|
Much of the work on implementing DC Nets, for example,
|
||
|
involves ensuring that colluders cannot isolate message
|
||
|
senders and thereby trace origins and destinations of mail.
|
||
|
19.4.23. COMINT --
|
||
|
19.4.24. computationally secure -- where a cipher cannot be broken
|
||
|
with available computer resources, but in theory can be
|
||
|
broken with enough computer resources. Contrast with
|
||
|
unconditionally secure.
|
||
|
19.4.25. countermeasure -- something you do to thwart an attacker
|
||
|
19.4.26. credential -- facts or assertions about some entity. For
|
||
|
example, credit ratings, passports, reputations, tax status,
|
||
|
insurance records, etc. Under the current system, these
|
||
|
credentials are increasingly being cross-linked. Blind
|
||
|
signatures may be used to create anonymous credentials.
|
||
|
19.4.27. credential clearinghouse -- banks, credit agencies,
|
||
|
insurance companies, police departments, etc., that correlate
|
||
|
records and decide the status of records.
|
||
|
19.4.28. cryptanalysis -- methods for attacking and breaking ciphers
|
||
|
and related cryptographic systems. Ciphers may be broken,
|
||
|
traffic may be analyzed, and passwords may be cracked.
|
||
|
Computers are of course essential.
|
||
|
19.4.29. crypto anarchy -- the economic and political system after the
|
||
|
deployment of encryption, untraceable e-mail, digital
|
||
|
pseudonyms, cryptographic voting, and digital cash. A pun on
|
||
|
"crypto," meaning "hidden," and as when Gore Vidal called
|
||
|
William F. Buckley a "crypto fascist."
|
||
|
19.4.30. cryptography -- another name for cryptology.
|
||
|
19.4.31. cryptology -- the science and study of writing, sending,
|
||
|
receiving, and deciphering secret messages. Includes
|
||
|
authentication, digital signatures, the hiding of messages
|
||
|
(steganography), cryptanalysis, and several other fields.
|
||
|
19.4.32. cyberspace -- the electronic domain, the Nets, and computer-
|
||
|
generated spaces. Some say it is the "consensual reality"
|
||
|
described in "Neuromancer." Others say it is the phone
|
||
|
system. Others have work to do.
|
||
|
19.4.33. DC protocol, or DC-Net -- the dining cryptographers protocol.
|
||
|
DC-Nets use multiple participants communicating with the DC
|
||
|
protocol.
|
||
|
19.4.34. DES -- the Data Encryption Standard, proposed in 1977 by the
|
||
|
National Bureau of Standards (now NIST), with assistance from
|
||
|
the National Security Agency. Based on the "Lucifer" cipher
|
||
|
developed by Horst Feistel at IBM, DES is a secret key
|
||
|
cryptosystem that cycles 64-bit blocks of data through
|
||
|
multiple permutations with a 56-bit key controlling the
|
||
|
routing. "Diffusion" and "confusion" are combined to form a
|
||
|
cipher that has not yet been cryptanalyzed (see "DES,
|
||
|
Security of"). DES is in use for interbank transfers, as a
|
||
|
cipher inside of several RSA-based systems, and is available
|
||
|
for PCs.
|
||
|
19.4.35. DES, Security of -- many have speculated that the NSA placed
|
||
|
a trapdoor (or backdoor) in DES to allow it to read DES-
|
||
|
encrypted messages. This has not been proved. It is known
|
||
|
that the original Lucifer algorithm used a 128-bit key and
|
||
|
that this key length was shortened to 64 bits (56 bits plus 8
|
||
|
parity bits), ths making exhaustive search much easier (so
|
||
|
far as is known, brute-force search has not been done, though
|
||
|
it should be feasible today). Shamir and Bihan have used a
|
||
|
technique called "differential cryptanalysis" to reduce the
|
||
|
exhaustive search needed for chosen plaintext attacks (but
|
||
|
with no import for ordinary DES).
|
||
|
19.4.36. differential cryptanalysis -- the Shamir-Biham technique for
|
||
|
cryptanalyzing DES. With a chosen plaintext attack, they've
|
||
|
reduced the number of DES keys that must be tried from about
|
||
|
2^56 to about 2^47 or less. Note, however, that rarely can an
|
||
|
attacker mount a chosen plaintext attack on DES systems.
|
||
|
19.4.37. digital cash, digital money -- Protocols for transferring
|
||
|
value, monetary or otherwise, electronically. Digital cash
|
||
|
usually refers to systems that are anonymous. Digital money
|
||
|
systems can be used to implement any quantity that is
|
||
|
conserved, such as points, mass, dollars, etc. There are
|
||
|
many variations of digital money systems, ranging from VISA
|
||
|
numbers to blinded signed digital coins. A topic too large
|
||
|
for a single glossary entry.
|
||
|
19.4.38. digital pseudonym -- basically, a "crypto identity." A way
|
||
|
for individuals to set up accounts with various organizations
|
||
|
without revealing more information than they wish. Users may
|
||
|
have several digital pseudonyms, some used only once, some
|
||
|
used over the course of many years. Ideally, the pseudonyms
|
||
|
can be linked only at the will of the holder. In the simplest
|
||
|
form, a public key can serve as a digital pseudonym and need
|
||
|
not be linked to a physical identity.
|
||
|
19.4.39. digital signature -- Analogous to a written signature on a
|
||
|
document. A modification to a message that only the signer
|
||
|
can make but that everyone can recognize. Can be used
|
||
|
legally to contract at a distance.
|
||
|
19.4.40. digital timestamping -- one function of a digital notary
|
||
|
public, in which some message (a song, screenplay, lab
|
||
|
notebook, contract, etc.) is stamped with a time that cannot
|
||
|
(easily) be forged.
|
||
|
19.4.41. dining cryptographers protocol (aka DC protocol, DC nets) --
|
||
|
the untraceable message sending system invented by David
|
||
|
Chaum. Named after the "dining philosophers" problem in
|
||
|
computer science, participants form circuits and pass
|
||
|
messages in such a way that the origin cannot be deduced,
|
||
|
barring collusion. At the simplest level, two participants
|
||
|
share a key between them. One of them sends some actual
|
||
|
message by bitwise exclusive-ORing the message with the key,
|
||
|
while the other one just sends the key itself. The actual
|
||
|
message from this pair of participants is obtained by XORing
|
||
|
the two outputs. However, since nobody but the pair knows the
|
||
|
original key, the actual message cannot be traced to either
|
||
|
one of the participants.
|
||
|
19.4.42. discrete logarithm problem -- given integers a, n, and x,
|
||
|
find some integer m such that a^m mod n = x, if m exists.
|
||
|
Modular exponentiation, the a^m mod n part, is
|
||
|
straightforward (and special purpose chips are available),
|
||
|
but the inverse problem is believed to be very hard, in
|
||
|
general. Thus it is conjectured that modular exponentiation
|
||
|
is a one-way function.
|
||
|
19.4.43. DSS, Digital Signature Standard -- the latest NIST (National
|
||
|
Institute of Standards and Technology, successor to NBS)
|
||
|
standard for digital signatures. Based on the El Gamal
|
||
|
cipher, some consider it weak and poor substitute for RSA-
|
||
|
based signature schemes.
|
||
|
19.4.44. eavesdropping, or passive wiretapping -- intercepting
|
||
|
messages without detection. Radio waves may be intercepted,
|
||
|
phone lines may be tapped, and computers may have RF
|
||
|
emissions detected. Even fiber optic lines can be tapped.
|
||
|
19.4.45. Escrowed Encryption Standard (EES) -- current name for the
|
||
|
key escrow system known variously as Clipper, Capstone,
|
||
|
Skipjack, etc.
|
||
|
19.4.46. factoring -- Some large numbers are difficult to factor. It
|
||
|
is conjectured that there are no feasible--i.e."easy," less
|
||
|
than exponential in size of number-- factoring methods. It is
|
||
|
also an open problem whether RSA may be broken more easily
|
||
|
than by factoring the modulus (e.g., the public key might
|
||
|
reveal information which simplifies the problem).
|
||
|
Interestingly, though factoring is believed to be "hard", it
|
||
|
is not known to be in the class of NP-hard problems.
|
||
|
Professor Janek invented a factoring device, but he is
|
||
|
believed to be fictional.
|
||
|
19.4.47. HUMINT --
|
||
|
19.4.48. information-theoretic security -- "unbreakable" security, in
|
||
|
which no amount of cryptanalysis can break a cipher or
|
||
|
system. One time pads are an example (providing the pads are
|
||
|
not lost nor stolen nor used more than once, of course). Same
|
||
|
as unconditionally secure.
|
||
|
19.4.49. key -- a piece of information needed to encipher or decipher
|
||
|
a message. Keys may be stolen, bought, lost, etc., just as
|
||
|
with physical keys.
|
||
|
19.4.50. key exchange, or key distribution -- the process of sharing a
|
||
|
key with some other party, in the case of symmetric ciphers,
|
||
|
or of distributing a public key in an asymmetric cipher. A
|
||
|
major issue is that the keys be exchanged reliably and
|
||
|
without compromise. Diffie and Hellman devised one such
|
||
|
scheme, based on the discrete logarithm problem.
|
||
|
19.4.51. known-plaintext attack -- a cryptanalysis of a cipher where
|
||
|
plaintext-ciphertext pairs are known. This attack searches
|
||
|
for an unknown key. Contrast with the chosen plaintext
|
||
|
attack, where the cryptanalyst can also choose the plaintext
|
||
|
to be enciphered.
|
||
|
19.4.52. listening posts -- the NSA and other intelligence agencies
|
||
|
maintain sites for the interception of radio, telephone, and
|
||
|
satellite communications. And so on. Many sites have been
|
||
|
identified (cf. Bamford), and many more sites are suspected.
|
||
|
19.4.53. mail, untraceable -- a system for sending and receiving mail
|
||
|
without traceability or observability. Receiving mail
|
||
|
anonymously can be done with broadcast of the mail in
|
||
|
encrypted form. Only the intended recipient (whose identity,
|
||
|
or true name, may be unknown to the sender) may able to
|
||
|
decipher the message. Sending mail anonymously apparently
|
||
|
requires mixes or use of the dining cryptographers (DC)
|
||
|
protocol.
|
||
|
19.4.54. Message Pool
|
||
|
19.4.55. minimum disclosure proofs -- another name for zero knowledge
|
||
|
proofs, favored by Chaum.
|
||
|
19.4.56. mixes -- David Chaum's term for a box which performs the
|
||
|
function of mixing, or decorrelating, incoming and outgoing
|
||
|
electronic mail messages. The box also strips off the outer
|
||
|
envelope (i.e., decrypts with its private key) and remails
|
||
|
the message to the address on the inner envelope. Tamper-
|
||
|
resistant modules may be used to prevent cheating and forced
|
||
|
disclosure of the mapping between incoming and outgoing mail.
|
||
|
A sequence of many remailings effectively makes tracing
|
||
|
sending and receiving impossible. Contrast this with the
|
||
|
software version, the DC protocol. The "remailers" developed
|
||
|
by Cypherpunks are an approximation of a Chaumian mix.
|
||
|
19.4.57. modular exponentiation -- raising an integer to the power of
|
||
|
another integer, modulo some integer. For integers a, n, and
|
||
|
m, a^m mod n. For example, 5^3 mod 100 = 25. Modular
|
||
|
exponentiation can be done fairly quickly with a sequence of
|
||
|
bit shifts and adds, and special purpose chips have been
|
||
|
designed. See also discrete logarithm.
|
||
|
19.4.58. National Security Agency (NSA) -- the largest intelligence
|
||
|
agency, responsible for making and breaking ciphers, for
|
||
|
intercepting communications, and for ensuring the security of
|
||
|
U.S. computers. Headquartered in Fort Meade, Maryland, with
|
||
|
many listening posts around the world. The NSA funds
|
||
|
cryptographic research and advises other agencies about
|
||
|
cryptographic matters. The NSA once obviously had the world's
|
||
|
leading cryptologists, but this may no longer be the case.
|
||
|
19.4.59. negative credential -- a credential that you possess that you
|
||
|
don't want any one else to know, for example, a bankruptcy
|
||
|
filing. A formal version of a negative reputation.
|
||
|
19.4.60. NP-complete -- a large class of difficult problems. "NP"
|
||
|
stands for nondeterministic polynomial time, a class of
|
||
|
problems thought in general not to have feasible algorithms
|
||
|
for their solution. A problem is "complete" if any other
|
||
|
NP problem may be reduced to that problem. Many important
|
||
|
combinatorial and algebraic problems are NP-complete: the
|
||
|
travelling salesman problem, the Hamiltonian cycle problem,
|
||
|
the graph isomorphism problem, the word problem, and on and
|
||
|
on.
|
||
|
19.4.61. oblivious transfer -- a cryptographic primitive that involves
|
||
|
the probablistic transmission of bits. The sender does not
|
||
|
know if the bits were received.
|
||
|
19.4.62. one-time pad -- a string of randomly-selected bits or symbols
|
||
|
which is combined with a plaintext message to produce the
|
||
|
ciphertext. This combination may be shifting letters some
|
||
|
amount, bitwise exclusive-ORed, etc.). The recipient, who
|
||
|
also has a copy of the one time pad, can easily recover the
|
||
|
plaintext. Provided the pad is only used once and then
|
||
|
destroyed, and is not available to an eavesdropper, the
|
||
|
system is perfectly secure, i.e., it is information-
|
||
|
theoretically secure. Key distribution (the pad) is
|
||
|
obviously a practical concern, but consider CD-ROM's.
|
||
|
19.4.63. one-way function -- a function which is easy to compute in
|
||
|
one direction but hard to find any inverse for, e.g. modular
|
||
|
exponentiation, where the inverse problem is known as the
|
||
|
discrete logarithm problem. Compare the special case of trap
|
||
|
door one-way functions. An example of a one-way operation
|
||
|
is multiplication: it is easy to multiply two prime numbers
|
||
|
of 100 digits to produce a 200-digit number, but hard to
|
||
|
factor that 200-digit number.
|
||
|
19.4.64. P ?=? NP -- Certainly the most important unsolved problem
|
||
|
in complexity theory. If P = NP, then cryptography as we know
|
||
|
it today does not exist. If P = NP, all NP problems are
|
||
|
"easy."
|
||
|
19.4.65. padding -- sending extra messages to confuse eavesdroppers
|
||
|
and to defeat traffic analysis. Also adding random bits to
|
||
|
a message to be enciphered.
|
||
|
19.4.66. PGP
|
||
|
19.4.67. plaintext -- also called cleartext, the text that is to be
|
||
|
enciphered.
|
||
|
19.4.68. Pool
|
||
|
19.4.69. Pretty Good Privacy (PGP) -- Phillip Zimmerman's
|
||
|
implementation of RSA, recently upgraded to version 2.0, with
|
||
|
more robust components and several new features. RSA Data
|
||
|
Security has threatened PZ so he no longer works on it.
|
||
|
Version 2.0 was written by a consortium of non-U.S. hackers.
|
||
|
19.4.70. prime numbers -- integers with no factors other than
|
||
|
themselves and 1. The number of primes is unbounded. About
|
||
|
1% of the 100 decimal digit numbers are prime. Since there
|
||
|
are about 10^70 particles in the universe, there are about
|
||
|
10^23 100 digit primes for each and every particle in the
|
||
|
universe!
|
||
|
19.4.71. probabalistic encryption -- a scheme by Goldwasser, Micali,
|
||
|
and Blum that allows multiple ciphertexts for the same
|
||
|
plaintext, i.e., any given plaintext may have many
|
||
|
ciphertexts if the ciphering is repeated. This protects
|
||
|
against certain types of known ciphertext attacks on RSA.
|
||
|
19.4.72. proofs of identity -- proving who you are, either your true
|
||
|
name, or your digital identity. Generally, possession of the
|
||
|
right key is sufficient proof (guard your key!). Some work
|
||
|
has been done on "is-a-person" credentialling agencies, using
|
||
|
the so-called Fiat-Shamir protocol...think of this as a way
|
||
|
to issue unforgeable digital passports. Physical proof of
|
||
|
identity may be done with biometric security methods. Zero
|
||
|
knowledge proofs of identity reveal nothing beyond the fact
|
||
|
that the identity is as claimed. This has obvious uses for
|
||
|
computer access, passwords, etc.
|
||
|
19.4.73. protocol -- a formal procedure for solving some problem.
|
||
|
Modern cryptology is mostly about the study of protocols for
|
||
|
many problems, such as coin-flipping, bit commitment (blobs),
|
||
|
zero knowledge proofs, dining cryptographers, and so on.
|
||
|
19.4.74. public key -- the key distributed publicly to potential
|
||
|
message-senders. It may be published in a phonebook-like
|
||
|
directory or otherwise sent. A major concern is the validity
|
||
|
of this public key to guard against spoofing or
|
||
|
impersonation.
|
||
|
19.4.75. public key cryptosystem -- the modern breakthrough in
|
||
|
cryptology, designed by Diffie and Hellman, with
|
||
|
contributions from several others. Uses trap door one-way
|
||
|
functions so that encryption may be done by anyone with
|
||
|
access to the "public key" but decryption may be done only by
|
||
|
the holder of the "private key." Encompasses public key
|
||
|
encryption, digital signatures, digital cash, and many other
|
||
|
protocols and applications.
|
||
|
19.4.76. public key encryption -- the use of modern cryptologic
|
||
|
methods to provided message security and authentication. The
|
||
|
RSA algorithm is the most widely used form of public key
|
||
|
encryption, although other systems exist. A public key may be
|
||
|
freely published, e.g., in phonebook-like directories, while
|
||
|
the corresponding private key is closely guarded.
|
||
|
19.4.77. public key patents -- M.I.T. and Stanford, due to the work
|
||
|
of Rivest, Shamir, Adleman, Diffie, Hellman, and Merkle,
|
||
|
formed Public Key Partners to license the various public key,
|
||
|
digital signature, and RSA patents. These patents, granted in
|
||
|
the early 1980s, expire in the between 1998 and 2002. PKP has
|
||
|
licensed RSA Data Security Inc., of Redwood City, CA, which
|
||
|
handles the sales, etc.
|
||
|
19.4.78. quantum cryptography -- a system based on quantum-mechanical
|
||
|
principles. Eavesdroppers alter the quantum state of the
|
||
|
system and so are detected. Developed by Brassard and
|
||
|
Bennett, only small laboratory demonstrations have been made.
|
||
|
19.4.79. remailers -- software versions of Chaum's "mixes," for the
|
||
|
sending of untraceable mail. Various features are needed to
|
||
|
do this: randomized order of resending, encryption at each
|
||
|
stage (picked in advance by the sender, knowing the chain of
|
||
|
remailers), padding of message sizes. The first remailer was
|
||
|
written by E. Hughes in perl, and about a dozen or so are
|
||
|
active now, with varying feature sets.
|
||
|
19.4.80. reputations -- the trail of positive and negative
|
||
|
associations and judgments that some entity accrues. Credit
|
||
|
ratings, academic credentials, and trustworthiness are all
|
||
|
examples. A digital pseudonym will accrue these reputation
|
||
|
credentials based on actions, opinions of others, etc. In
|
||
|
crypto anarchy, reputations and agoric systems will be of
|
||
|
paramount importance. There are many fascinating issues of
|
||
|
how reputation-based systems work, how credentials can be
|
||
|
bought and sold, and so forth.
|
||
|
19.4.81. RSA -- the main public key encryption algorithm, developed by
|
||
|
Ron Rivest, Adi Shamir, and Kenneth Adleman. It exploits the
|
||
|
difficulty of factoring large numbers to create a private key
|
||
|
and public key. First invented in 1978, it remains the core
|
||
|
of modern public key systems. It is usually much slower than
|
||
|
DES, but special-purpose modular exponentiation chips will
|
||
|
likely speed it up. A popular scheme for speed is to use RSA
|
||
|
to transmit session keys and then a high-speed cipher like
|
||
|
DES for the actual message text.
|
||
|
- Description -- Let p and q be large primes, typically with
|
||
|
more than 100 digits. Let n = pq and find some e such that
|
||
|
e is relatively prime to (p - 1)(q - 1). The set of numbers
|
||
|
p, q, and e is the private key for RSA. The set of numbers
|
||
|
n and e forms the public key (recall that knowing n is not
|
||
|
sufficient to easily find p and q...the factoring problem).
|
||
|
A message M is encrypted by computing M^e mod n. The owner
|
||
|
of the private key can decrypt the encrypted message by
|
||
|
exploiting number theory results, as follows. An integer d
|
||
|
is computed such that ed =1 (mod (p - 1)(q - 1)). Euler
|
||
|
proved a theorem that M^(ed) = M mod n and so M^(ed) mod n
|
||
|
= M. This means that in some sense the integers e and d are
|
||
|
"inverses" of each other. [If this is unclear, please see
|
||
|
one of the many texts and articles on public key
|
||
|
encryption.]
|
||
|
19.4.82. secret key cryptosystem -- A system which uses the same key
|
||
|
to encrypt and decrypt traffic at each end of a communication
|
||
|
link. Also called a symmetric or one-key system. Contrast
|
||
|
with public key cryptosystem.
|
||
|
19.4.83. SIGINT --
|
||
|
19.4.84. smart cards -- a computer chip embedded in credit card. They
|
||
|
can hold cash, credentials, cryptographic keys, etc. Usually
|
||
|
these are built with some degree of tamper-resistance. Smart
|
||
|
cards may perform part of a crypto transaction, or all of it.
|
||
|
Performing part of it may mean checking the computations of a
|
||
|
more powerful computer, e.g., one in an ATM.
|
||
|
19.4.85. spoofing, or masquerading -- posing as another user. Used for
|
||
|
stealing passwords, modifying files, and stealing cash.
|
||
|
Digital signatures and other authentication methods are
|
||
|
useful to prevent this. Public keys must be validated and
|
||
|
protected to ensure that others don't subsititute their own
|
||
|
public keys which users may then unwittingly use.
|
||
|
19.4.86. steganography -- a part of cryptology dealing with hiding
|
||
|
messages and obscuring who is sending and receiving messages.
|
||
|
Message traffic is often padded to reduce the signals that
|
||
|
would otherwise come from a sudden beginning of messages.
|
||
|
"Covered writing."
|
||
|
19.4.87. symmetric cipher -- same as private key cryptosystem.
|
||
|
19.4.88. tamper-responding modules, tamper-resistant modules (TRMs) --
|
||
|
sealed boxes or modules which are hard to open, requiring
|
||
|
extensive probing and usually leaving ample evidence that the
|
||
|
tampering has occurred. Various protective techniques are
|
||
|
used, such as special metal or oxide layers on chips, armored
|
||
|
coatings, embedded optical fibers, and other measures to
|
||
|
thwart analysis. Popularly called "tamper-proof boxes." Uses
|
||
|
include: smart cards, nuclear weapon initiators,
|
||
|
cryptographic key holders, ATMs, etc.
|
||
|
19.4.89. tampering, or active wiretapping -- intefering with messages
|
||
|
and possibly modifying them. This may compromise data
|
||
|
security, help to break ciphers, etc. See also spoofing.
|
||
|
19.4.90. Tessera
|
||
|
19.4.91. token -- some representation, such as ID cards, subway
|
||
|
tokens, money, etc., that indicates possession of some
|
||
|
property or value.
|
||
|
19.4.92. traffic analysis -- determining who is sending or receiving
|
||
|
messages by analyzing packets, frequency of packets, etc. A
|
||
|
part of steganography. Usually handled with traffic padding.
|
||
|
19.4.93. traffic analysis -- identifying characteristics of a message
|
||
|
(such as sender, or destination) by watching traffic.
|
||
|
Remailers and encryption help to foil traffic analysys.
|
||
|
19.4.94. transmission rules -- the protocols for determining who can
|
||
|
send messages in a DC protocol, and when. These rules are
|
||
|
needed to prevent collision and deliberate jamming of the
|
||
|
channels.
|
||
|
19.4.95. trap messages -- dummy messages in DC Nets which are used to
|
||
|
catch jammers and disrupters. The messages contain no private
|
||
|
information and are published in a blob beforehand so that
|
||
|
the trap message can later be opened to reveal the disrupter.
|
||
|
(There are many strategies to explore here.)
|
||
|
19.4.96. trap-door -- In cryptography, a piece of secret information
|
||
|
that allows the holder of a private key to invert a normally
|
||
|
hard to invert function.
|
||
|
19.4.97. trap-door one way functions -- functions which are easy to
|
||
|
compute in both the forward and reverse direction but for
|
||
|
which the disclosure of an algorithm to compute the function
|
||
|
in the forward direction does not provide information on how
|
||
|
to compute the function in the reverse direction. More simply
|
||
|
put, trap-door one way functions are one way for all but the
|
||
|
holder of the secret information. The RSA algorithm is the
|
||
|
best-known example of such a function.
|
||
|
19.4.98. unconditional security -- same as information-theoretic
|
||
|
security, that is, unbreakable except by loss or theft of the
|
||
|
key.
|
||
|
19.4.99. unconditionally secure -- where no amount of intercepted
|
||
|
ciphertext is enough to allow the cipher to be broken, as
|
||
|
with the use of a one-time pad cipher. Contrast with
|
||
|
computationally secure.
|
||
|
19.4.100. URLs
|
||
|
19.4.101. voting, cryptographic -- Various schemes have been devised
|
||
|
for anonymous, untraceable voting. Voting schemes should have
|
||
|
several properties: privacy of the vote, security of the vote
|
||
|
(no multiple votes), robustness against disruption by jammers
|
||
|
or disrupters, verifiability (voter has confidence in the
|
||
|
results), and efficiency.
|
||
|
19.4.102. Whistleblowers
|
||
|
19.4.103. zero knowledge proofs -- proofs in which no knowledge of the
|
||
|
actual proof is conveyed. Peggy the Prover demonstrates to
|
||
|
Sid the Skeptic that she is indeed in possession of some
|
||
|
piece of knowledge without actually revealing any of that
|
||
|
knowledge. This is useful for access to computers, because
|
||
|
eavesdroppers or dishonest sysops cannot steal the knowledge
|
||
|
given. Also called minimum disclosure proofs. Useful for
|
||
|
proving possession of some property, or credential, such as
|
||
|
age or voting status, without revealing personal information.
|
||
|
|
||
|
19.5. Appendix -- Summary of Crypto Versions
|
||
|
19.5.1. DOS and Windows
|
||
|
- SecureDevice
|
||
|
+ SecureDrive
|
||
|
- "Secdrv13d is the latest version. There was an unupdated
|
||
|
.exe file in the package that had to be fixed. From the
|
||
|
readme file: If you found this file inside FPART13D.ZIP,
|
||
|
this is an update and bug fix for the FPART utility of
|
||
|
SecureDrive Release 1.3d,
|
||
|
- Edgar Swank involved?
|
||
|
+ SecureDevice
|
||
|
- Major Versions:
|
||
|
- Functions:
|
||
|
- Principal Authors:
|
||
|
- Major Platforms:
|
||
|
+ Where to Find:
|
||
|
- ftp://ftp.csn.org/mpj/I_will_not_export/crypto_???????/
|
||
|
secdrv/secdev.arj
|
||
|
See ftp://ftp.csn.org/mpj/README.MPJ for the ???????
|
||
|
- Strengths:
|
||
|
- Weaknesses:
|
||
|
+ Notes:
|
||
|
- By the way, I'm not the only one who gets SecureDrive
|
||
|
and SecureDevice confused. Watch out for this.
|
||
|
+ SFS
|
||
|
- "A MS-DOS-based package for hard disk encryption. It is
|
||
|
implemented as a device driver and encrypts a whole
|
||
|
partition (i.e., not a file or a directory). It uses the
|
||
|
MDC/SHA cipher. ... It is available from Grabo
|
||
|
(garbo.uwasa.fi:/pc/crypt/sfs110.zip, I think), and also
|
||
|
from our ftp site: ftp.informatik.uni-
|
||
|
hamburg.de:/pub/virus/crypt/disk/sfs110.zip I would
|
||
|
recommend the Garbo site, because ours is a bit slow."
|
||
|
[Vesselin Bontchev, alt.security.pgp, 1994-09-05]
|
||
|
- Compared to SecureDrive, users report it to be faster,
|
||
|
better-featured, has a Windows interface, is a device
|
||
|
driver, and is robust. The disadvantages are that it
|
||
|
currently does not ship with source code and uses a more
|
||
|
obscure cipher.
|
||
|
- "SFS (Secure FileSystem) is a set of programs which
|
||
|
create and manage a number of encrypted disk volumes, and
|
||
|
runs under both DOS and Windows. Each volume appears as
|
||
|
a normal DOS drive, but all data stored on it is encryped
|
||
|
at the individual-sector level....SFS 1.1 is a
|
||
|
maintenance release which fixes a few minor problems in
|
||
|
1.0, and adds a number of features suggested by users.
|
||
|
More details on changes are given in in the README file."
|
||
|
[Peter Gutmann, sci.crypt, 1994-08-25]
|
||
|
- "from garbo.uwasa.fi and all its mirror sites worldwide
|
||
|
as /pc/crypt/sfs110.zip."
|
||
|
+ WinCrypt.
|
||
|
- "WinCrypt is pretty good IF you keep your encrypted text
|
||
|
to less than the length of your password, AND IF you
|
||
|
generate your password randomly, AND IF you only use each
|
||
|
password ONCE. :-)" [Michael Paul Johnson, sci.crypt,
|
||
|
1994-07-08]
|
||
|
+ Win PGP
|
||
|
+ there seem to be two identically-named programs:
|
||
|
- WinPGP, by Christopher w. Geib
|
||
|
+ WinPGP, by Timothy M. Janke and Geoffrey C. Grabow
|
||
|
- ftp WinPGP 1.0 from
|
||
|
oak.oakland.edu//pub/msdos/windows3/WinPGP10.ZIP
|
||
|
- Until this is clarified...
|
||
|
+ PGPShell
|
||
|
- "PGPShell v3.2 has been released and is available at
|
||
|
these sites: (U.S.)
|
||
|
oak.oakland.edu:/pub/msdos/security/pgpshe32.zip
|
||
|
(Euro)
|
||
|
ftp.demon.co.uk:/simtel20/msdos/security/pgpshe32.zip
|
||
|
[still@rintintin.Colorado.EDU (Johannes Kepler), 1994-07-
|
||
|
07]
|
||
|
+ PGS
|
||
|
- ftp.informatik.uni-
|
||
|
hamburg.de:/pub/virus/crypt/pgp/shells/pgs099b.zip
|
||
|
- "I just uploaded the bug fix of PGS (v0.99b) on some FTP-
|
||
|
sites:
|
||
|
wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099b.zip
|
||
|
rzsun2.informatik.uni-hamburg.de:/pub/virus/crypt/pgp/...
|
||
|
(Just uploaded it, should be on in a few days)
|
||
|
oak.oakland.edu:/SimTel/msdos/security/pgs099b.zip (Just
|
||
|
uploaded it, should be on in a few days)
|
||
|
|
||
|
[Eelco Cramer <crame001@hio.tem.nhl.nl>, 1994-06-27]
|
||
|
+ DOS disk encryption utilities
|
||
|
+ Several free or nearly free utilities are available:
|
||
|
- ftp.informatik.uni-hamburg.de:/pub/virus/crypt/disk/
|
||
|
[Vesselin Vladimirov Bontchev, as of 1994-08]
|
||
|
+ Norton's "Diskreet" is weak and essentially useless
|
||
|
- uses DES in weak (ECB) mode...is probably the "snake
|
||
|
oil" that Zimmermann writes about in his docs. SFS docs
|
||
|
say it is even worse than that.
|
||
|
+ PGS
|
||
|
- "PGS v0.99c is out there!
|
||
|
|
||
|
This new version of PGS supports 8 bytes keyid's.
|
||
|
This version will be able to run in a OS/2 DOS box.
|
||
|
|
||
|
PGS v0.99c is available on the following site:
|
||
|
wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099c.zip"
|
||
|
[ER CRAMER <crame001@hio.tem.nhl.nl>, 1994-07-08]
|
||
|
|
||
|
|
||
|
+ Program:
|
||
|
- Major Versions:
|
||
|
- Functions:
|
||
|
- Principal Authors:
|
||
|
- Major Platforms:
|
||
|
- Where to Find:
|
||
|
- Strengths:
|
||
|
- Weaknesses:
|
||
|
- Notes:
|
||
|
19.5.2. OS/2
|
||
|
19.5.3. Amiga
|
||
|
+ Program: PGPAmiga, Amiga PGP
|
||
|
+ Major Versions: 2.3a.4, PGP 2.6
|
||
|
- "The Amiga equivalent of PGP 2.6ui is called PGP
|
||
|
2.3a.3" [unknown commenter]
|
||
|
- Functions:
|
||
|
- Principal Authors:
|
||
|
- Major Platforms:
|
||
|
- Where to Find:
|
||
|
- Strengths:
|
||
|
- Weaknesses:
|
||
|
- Notes: Situation is confusing. 2.3a.3 is not equivalent
|
||
|
to PGP 2.6ui.
|
||
|
19.5.4. Unix
|
||
|
- NeXTStep
|
||
|
- Sun 4.3
|
||
|
- Solaris
|
||
|
- HP
|
||
|
- SGI
|
||
|
+ swIPe
|
||
|
- Metzger: It was John Ioannidis' swIPe package, and it was
|
||
|
not merely announced
|
||
|
but released. Phil has done a similar package for KA9Q
|
||
|
and was one of
|
||
|
19.5.5. SFS ?
|
||
|
- "A MS-DOS-based package for hard disk encryption. It is
|
||
|
implemented as a device driver and encrypts a whole
|
||
|
partition (i.e., not a file or a directory). It uses the
|
||
|
MDC/SHA cipher. ... It is available from Grabo
|
||
|
(garbo.uwasa.fi:/pc/crypt/sfs110.zip, I think), and also
|
||
|
from our ftp site: ftp.informatik.uni-
|
||
|
hamburg.de:/pub/virus/crypt/disk/sfs110.zip I would
|
||
|
recommend the Garbo site, because ours is a bit slow."
|
||
|
[Vesselin Bontchev, alt.security.pgp, 1994-09-05]
|
||
|
19.5.6. Macintosh
|
||
|
+ more on MacPGP
|
||
|
- From: phinely@uhunix.uhcc.Hawaii.Edu (Peter Hinely)
|
||
|
Subject: Re: MacPGP 2.6ui doesn't actually work
|
||
|
Message-ID: <CsI3wr.I3B@news.Hawaii.Edu>
|
||
|
Sender: news@news.Hawaii.Edu
|
||
|
Organization: University of Hawaii
|
||
|
References: <m0qJqLD-001JKsC@sunforest.mantis.co.uk>
|
||
|
Date: Wed, 6 Jul 1994 04:17:15 GMT
|
||
|
Lines: 9
|
||
|
|
||
|
In article <m0qJqLD-001JKsC@sunforest.mantis.co.uk>
|
||
|
mathew@stallman.mantis.co.uk (mathew at home) writes:
|
||
|
>Well, I downloaded the rumoured MacPGP 2.6ui, but sadly
|
||
|
it bombs out
|
||
|
>immediately with an address error when I try to run it.
|
||
|
|
||
|
MacPGP 2.6ui works on my Quadra 605.
|
||
|
The MacBinary process cannot handle pathnames >63
|
||
|
characters, but as long
|
||
|
an you encrypt files on the desktop, it's not too much of
|
||
|
a problem.
|
||
|
- From: warlord@MIT.EDU (Derek Atkins)
|
||
|
Newsgroups: alt.security.pgp
|
||
|
Subject: Re: When will there be a bug fix for MacPGP?
|
||
|
Followup-To: alt.security.pgp
|
||
|
Date: 6 Jul 1994 10:19:13 GMT
|
||
|
Organization: Massachusetts Institute of Technology
|
||
|
Lines: 19
|
||
|
Message-ID: <WARLORD.94Jul6061917@toxicwaste.mit.edu>
|
||
|
References: <AWILSON-020794082446@ts7-57.upenn.edu>
|
||
|
NNTP-Posting-Host: toxicwaste.media.mit.edu
|
||
|
In-reply-to: AWILSON@DRUNIVAC.DREW.EDU's message of 2 Jul
|
||
|
1994 12:25:14 GMT
|
||
|
|
||
|
In article <AWILSON-020794082446@ts7-57.upenn.edu>
|
||
|
AWILSON@DRUNIVAC.DREW.EDU (AL WILSON) writes:
|
||
|
|
||
|
When will there be a bug fix for MacPGP (1.1.1)? I am
|
||
|
not complaining, I
|
||
|
know that the software is free. I just want to start
|
||
|
utilizing it for
|
||
|
communications at the earliest possible time.
|
||
|
|
||
|
There are still a number of outstanding bugs that need to
|
||
|
be
|
||
|
fixed, but the hope is to make a bugfix release in the
|
||
|
near
|
||
|
future. I don't know when that is going to be, but
|
||
|
hopefully
|
||
|
it will be Real Soon Now (TM).
|
||
|
- Date: Wed, 6 Jul 1994 10:42:08 -0700
|
||
|
From: tcmay (Timothy C. May)
|
||
|
To: tcmay
|
||
|
Subject: (fwd) Re: What is the difference between 2.6 &
|
||
|
2.6ui?
|
||
|
Newsgroups: alt.security.pgp
|
||
|
Organization: NETCOM On-line Communication Services (408
|
||
|
261-4700 guest)
|
||
|
Status: O
|
||
|
|
||
|
Xref: netcom.com alt.security.pgp:16979
|
||
|
Path: netcom.com!netcomsv!decwrl!lll-
|
||
|
winken.llnl.gov!sol.ctr.columbia.edu!howland.reston.ans.n
|
||
|
et!pipex!lyra.csx.cam.ac.uk!iwj10
|
||
|
From: iwj10@cus.cam.ac.uk (Ian Jackson)
|
||
|
Newsgroups: alt.security.pgp
|
||
|
Subject: Re: What is the difference between 2.6 & 2.6ui?
|
||
|
Date: Wed, 6 Jul 1994 10:14:24 GMT
|
||
|
Organization: Linux Unlimited
|
||
|
Lines: 55
|
||
|
Message-ID:
|
||
|
<1994Jul6.101424.9203.chiark.ijackson@nyx.cs.du.edu>
|
||
|
References: <CsE3CC.Gqz@crash.cts.com>
|
||
|
<RATINOX.94Jul3221136@delphi.ccs.neu.edu>
|
||
|
NNTP-Posting-Host: bootes.cus.cam.ac.uk
|
||
|
Summary: Use 2.6ui :-).
|
||
|
Originator: iwj10@bootes.cus.cam.ac.uk
|
||
|
|
||
|
-----BEGIN PGP SIGNED MESSAGE-----
|
||
|
|
||
|
In article <RATINOX.94Jul3221136@delphi.ccs.neu.edu>,
|
||
|
Stainless Steel Rat <ratinox@ccs.neu.edu> wrote:
|
||
|
>Ed Dantes <edantes@crash.cts.com> writes [quoting
|
||
|
normalised - iwj]:
|
||
|
>> subject line says it all.
|
||
|
>
|
||
|
>PGP 2.6 is distributed from MIT and is legally available
|
||
|
to US and Canadian
|
||
|
>residents. It uses the RSAREF library. It has code that
|
||
|
will prevent
|
||
|
>interoperation with earlier versions of PGP.
|
||
|
>
|
||
|
>PGP 2.6ui is a modified version of PGP 2.3a which
|
||
|
functions almost
|
||
|
>identically to MIT PGP 2.6, without the "cripple code"
|
||
|
of MIT PGP 2.6. It
|
||
|
>is legally available outside the US and Canada only.
|
||
|
|
||
|
This is false. PGP 2.6ui is available to US and Canadian
|
||
|
residents.
|
||
|
It is definitely legal for such people to download PGP
|
||
|
2.6ui and study
|
||
|
it.
|
||
|
|
||
|
However, RSADSI claim that *using* PGP 2.6ui in the US
|
||
|
and Canada
|
||
|
violates their patents on the RSA algorithm and on public
|
||
|
key
|
||
|
cryptography in general. Other people (like myself)
|
||
|
believe that
|
||
|
these patents wouldn't stand up if tested in court, and
|
||
|
that in any
|
||
|
case the damages recoverable would be zero.
|
||
|
|
||
|
You might also like to know that the output formats
|
||
|
generated by 2.6ui
|
||
|
and MIT-2.6 are identical, so that if you choose to use
|
||
|
2.6ui in North
|
||
|
America noone will be able to tell the difference anyway.
|
||
|
|
||
|
Unfortunately these patent problems have caused many
|
||
|
North American
|
||
|
FTP sites to stop carrying 2.3a and 2.6ui, for fear of
|
||
|
committing
|
||
|
contributory infringement.
|
||
|
|
||
|
If you would like to examine PGP 2.3a or 2.6ui, they are
|
||
|
available on
|
||
|
many FTP sites. Try
|
||
|
black.ox.ac.uk:/src/security
|
||
|
ftp.demon.co.uk:/pub/pgp
|
||
|
ftp.dsi.unimi.it:/pub/security/crypt/PGP
|
||
|
ftp.funet.fi:/pub/crypt
|
||
|
for starters. Look out for the regular postings here in
|
||
|
alt.security.pgp for other sites.
|
||
|
|
||
|
-----BEGIN PGP SIGNATURE-----
|
||
|
Version: 2.6
|
||
|
|
||
|
iQCVAgUBLhqD48MWjroj9a3bAQH9VgQAqOvCVXqJLhnFvsKfr82M5808h
|
||
|
6GKY5RW
|
||
|
SZ1/YLmshlDEMgeab4pSLSz+lDvsox2KFxQkP7O3oWYnswXcdr4FdLBu/
|
||
|
TXU+IQw
|
||
|
E4r/jY/IXSupP97Lxj9BB73TkJIHVmrqgoPQG2Nszj60cbE/LsiGs5uMn
|
||
|
CSESypH
|
||
|
c0Y8FnR64gc=
|
||
|
=Pejo
|
||
|
-----END PGP SIGNATURE-----
|
||
|
--
|
||
|
Ian Jackson, at home <ijackson@nyx.cs.du.edu> or
|
||
|
<iwj10@cus.cam.ac.uk>
|
||
|
+44 223 575512 Escoerea on IRC.
|
||
|
http://www.cl.cam.ac.uk/users/iwj10/
|
||
|
2 Lexington Close, Cambridge, CB4 3LS, England. Urgent:
|
||
|
<iwj@cam-orl.co.uk>
|
||
|
|
||
|
--
|
||
|
.........................................................
|
||
|
.................
|
||
|
Timothy C. May | Crypto Anarchy: encryption,
|
||
|
digital money,
|
||
|
tcmay@netcom.com | anonymous networks, digital
|
||
|
pseudonyms, zero
|
||
|
408-688-5409 | knowledge, reputations,
|
||
|
information markets,
|
||
|
W.A.S.T.E.: Aptos, CA | black markets, collapse of
|
||
|
governments.
|
||
|
Higher Power: 2^859433 | Public Key: PGP and MailSafe
|
||
|
available.
|
||
|
"National borders are just speed bumps on the information
|
||
|
superhighway."
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
+ CurveEncrypt, for Mac
|
||
|
- "Curve Encrypt 1.1, IDEA encryption for the Macintosh is
|
||
|
now available.....Curve Encrypt is a freeware drag-and-
|
||
|
drop encryption application for the Macintosh. It uses
|
||
|
IDEA cipher-feedback mode with a 255 character pass
|
||
|
phrase, encrypts both the data and resource forks of
|
||
|
files, and will encrypt the contents of a folder or
|
||
|
volume in a single operation. Source code is provided,
|
||
|
natch. CE is System 7 only....(Note that this program has
|
||
|
nothing whatsoever to do with elliptic curve
|
||
|
encryption methods, just so nobody gets confused...)" [
|
||
|
"W. Kinney" <kinney@bogart.Colorado.EDU>, 1994-07-08]
|
||
|
- "Ftp Sites:
|
||
|
|
||
|
ripem.msu.edu:pub/crypt/other/curve-encrypt-idea-for-mac/
|
||
|
This is an export controlled ftp site: read
|
||
|
pub/crypt/GETTING_ACCESS for
|
||
|
information.
|
||
|
|
||
|
ftp.csn.org:/mpj/I_will_not_export/crypto_???????/curve_e
|
||
|
ncrypt/
|
||
|
csn.org is also export-controlled: read /mpj/README for
|
||
|
the characters
|
||
|
to replace ???????." [ "W. Kinney"
|
||
|
<kinney@bogart.Colorado.EDU>, 1994-07-08]
|
||
|
+ RIPEM on Macintosh
|
||
|
- Carl Ellison says "I've only used RIPEM on AOL -- but it
|
||
|
should be the same....I run on a Mac, generating the
|
||
|
armored file, and then use AOL's "paste from file" option
|
||
|
in the File menu to include the encrypted file in the
|
||
|
body of my message.....In the other direction, I have to
|
||
|
use Select All and Copy to get it out of AOL mail, Paste
|
||
|
to get it into an editor. From there I can file it and
|
||
|
give that file to PGP or RIPEM.....BBEDIT on the Mac has
|
||
|
good support for RIPEM. I wish I knew how to write
|
||
|
BBEDIT extensions for Mac PGP as well." [C.E., 1994-07-
|
||
|
06]
|
||
|
+ URL for Stego (Macintosh)
|
||
|
- http://www.nitv.net/~mech/Romana/stego.html
|
||
|
19.5.7. Newton
|
||
|
19.5.8. Atari
|
||
|
19.5.9. VMS
|
||
|
19.5.10. IBM VM/etc.
|
||
|
19.5.11. Miscellaneous
|
||
|
19.5.12. File-splitting utilities
|
||
|
+ Several exist.
|
||
|
- XSPLIT
|
||
|
- cryptosplit, Ray Cromwell
|
||
|
- shade
|
||
|
|
||
|
19.6. Appendix -- References
|
||
|
19.6.1. the importance of libraries
|
||
|
- "Use a library. That's a place with lots of paper
|
||
|
periodicals and paper books. Library materials not online,
|
||
|
mostly, but it is still where most of the world's encoded
|
||
|
knowledge is stored. If you don't like paper, tough.
|
||
|
That's the way the world is right now." [Eric Hughes, 1994-
|
||
|
04-07]
|
||
|
19.6.2. Books
|
||
|
- Bamford, James, "The Puzzle Palace," 1982. The seminal
|
||
|
reference on the NSA.
|
||
|
- N. Koblitz, "A course in number theory and cryptography",
|
||
|
QA3.G7NO.114. Very technical, with an emphasis on elliptic
|
||
|
functions.
|
||
|
+ D. Welsh, "Codes and Cryptography", Oxford Science
|
||
|
Publications, 1988, Eric Hughes especially
|
||
|
recommends this.
|
||
|
- Z103.W461988
|
||
|
- D.E. Denning, "Cryptography and Data Security", 1982,
|
||
|
Addison-Wesley, 1982, QA76.9.A25D46. A classic, if a bit
|
||
|
dated, introduction by the woman who later became the chief
|
||
|
supporter of Clipper.
|
||
|
+ G. Brassard, "Modern Cryptology: a tutorial", Lecture Notes
|
||
|
in Computer
|
||
|
- Science 325, Springer 1988, QA76.L4V.325 A slim little
|
||
|
book that's a gem. Sections by David Chaum.
|
||
|
- Vinge, V., "True Names," 1981. A novel about digital
|
||
|
pseudonyms and cyberspace.
|
||
|
- Card, Orson Scott, "Ender's Game," 1985-6. Novel about kids
|
||
|
who adopt digital pseudonyms for political debate.
|
||
|
- G.J. Simmons,"Contemporary Cryptology", IEEE Press, 1992,
|
||
|
QA76.9.A25C6678. A collection of articles by well-known
|
||
|
experts. Surprisingly, no discussion of digital money. Gus
|
||
|
Simmons designed "Permissive Action Links" for nukes, at
|
||
|
Sandia.
|
||
|
19.6.3. sci.crypt
|
||
|
- archived at ripem.msu.edu and rpub.cl.msu.edu
|
||
|
-
|
||
|
+ The cryptography anon ftp archive at
|
||
|
wimsey.bc.ca:/pub/crypto
|
||
|
- has been moved to ftp.wimsey.bc.ca
|
||
|
19.6.4. cryptography-faq
|
||
|
- in about 10 parts, put out by Crypt Cabal (several
|
||
|
Cypherpunks on it)
|
||
|
- rtfm.mit.edu, in /pub/usenet/news.answers/cryptography-
|
||
|
faq/part[xx]
|
||
|
+ posted every 21 days to sci.crypt, talk.politics.crypto,
|
||
|
- sci.answers, news.answers
|
||
|
19.6.5. RSA FAQ
|
||
|
- Paul Fahn, RSA Laboratories
|
||
|
- anonymous FTP to rsa.com:/pub/faq
|
||
|
- rtfm.mit.edu, /pub/usenet/news.answers/cryptography-faq/rsa
|
||
|
19.6.6. Computers, Freedom and Privacy Conference
|
||
|
- next Computers, Freedom and Privacy Conference will be
|
||
|
March 1995, San Francisco
|
||
|
19.6.7. Various computer security papers, publications, and programs
|
||
|
can be found at cert.org.
|
||
|
- anonymous ftp to it and look in /pub. /pub/info even has
|
||
|
the NSA "Orange Book." (Not a secret, obviously. Anyone can
|
||
|
get on the NSA/NCSC's mailing list and get a huge pile of
|
||
|
documents sent to them, with new ones arriving every
|
||
|
several weeks.)
|
||
|
- or try ftp.win.tue.nl /pub/security
|
||
|
19.6.8. Clipper information by Internet
|
||
|
- ftp.cpsr.org
|
||
|
- ftp.eff.org
|
||
|
|
||
|
19.7. Glossary Items
|
||
|
19.7.1. message pools --
|
||
|
19.7.2. pools -- see "message pools."
|
||
|
19.7.3. cover traffic --
|
||
|
19.7.4. padding -- see "message padding."
|
||
|
19.7.5. message padding --
|
||
|
19.7.6. latency --
|
||
|
19.7.7. BlackNet -- an experiment in information markets, using
|
||
|
anonymous message pools for exchange of instructions and
|
||
|
items. Tim May's experiment in guerilla ontology.
|
||
|
19.7.8. ILF -- Information Liberation Front. Distributes copyrighted
|
||
|
material via remailers, anonymously. Another experiment in
|
||
|
guerilla ontology.
|
||
|
19.7.9. digital mix --
|
||
|
19.7.10. FinCEN -- Financial Crimes Enforcement Network.
|
||
|
19.7.11. true name -- one's actual, physical name. Taken from Vernor
|
||
|
Vinge's novel of the same name.
|
||
|
19.7.12. mix --
|
||
|
19.7.13. TEMPEST --
|
||
|
19.7.14. OTP --
|
||
|
19.7.15. Vernam cipher --
|
||
|
19.7.16. detweiler -- verb, to rant and rave about tentacles that are
|
||
|
destroying one's sanity through crypto anarchist thought
|
||
|
control. Named after L. Detweiler. "He's just detweilering."
|
||
|
19.7.17. remailer --
|
||
|
19.7.18. Stego --
|
||
|
19.7.19. incipits -- message indicators or tags (relates to stego)
|
||
|
19.7.20. duress code -- a second key which can decrypt a message to
|
||
|
something harmless. Could be useful for bank cards, as well
|
||
|
as for avoiding incrimination. A form of security through
|
||
|
obscurity, and not widely used.
|
||
|
|
||
|
19.8. A comment on software versions, ftp sites, instructions, etc.
|
||
|
19.8.1. I regret that I can't be complete in all versions, platforms
|
||
|
supported, sites for obtaining, instructions,
|
||
|
incompatibilities, etc. Frankly, I'm drowning in reports of
|
||
|
new versions, questions about use, etc. Most of these
|
||
|
versions I have no direct knowledge of, have no experience
|
||
|
with, and no appreciation of subtle incompatibilites
|
||
|
involved.
|
||
|
19.8.2. There are others who have concentrated on providing up-to-
|
||
|
date reports on what is available. Some of them are"
|
||
|
- site
|
||
|
19.8.3. Reading sci.crypt, alt.security.pgp, and related groups for a
|
||
|
few weeks and looking for programs of interest to one's own
|
||
|
situation should give the most recent and current results.
|
||
|
Things are moving quickly, so if one is interested in
|
||
|
"AmigaPGP," for example, then the right place to look for the
|
||
|
latest versions is in the groups just mentioned, or in groups
|
||
|
and ftp sites specific to the Amiga. (Be careful that
|
||
|
sabotaged or spoofed versions are not used, as in all crypto.
|
||
|
"Joe's AmigaPGP" might need a closer look.)
|