diff --git a/19-Appendices/19-Appendices.md b/19-Appendices/19-Appendices.md new file mode 100644 index 0000000..2ac6e0a --- /dev/null +++ b/19-Appendices/19-Appendices.md @@ -0,0 +1,1154 @@ +19. Appendices + + 19.1. copyright + THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, + 1994-09-10, Copyright Timothy C. May. All rights reserved. + See the detailed disclaimer. Use short sections under "fair + use" provisions, with appropriate credit, but don't put your + name on my words. + + 19.2. SUMMARY: Appendices + 19.2.1. Main Points + 19.2.2. Connections to Other Sections + 19.2.3. Where to Find Additional Information + 19.2.4. Miscellaneous Comments + - This is still under construction + - Disorganized!!! + - URLs need to be checked + + 19.3. Appendix -- Sites, Addresses, URL/Web Sites, Etc. + 19.3.1. be sure to get soda address straight!!! [use clones] + - I received mine from soda.csua.berkeley.edu + the menus are: /pub/cypherpunks/pgp/pgp26 + + 19.3.2. How to use this section + + comment on URLs being only a snapshot... + - use reply to Sherry Mayo here + 19.3.3. General Crypto and Cypherpunks Sites + - sci.crypt archive: anon ftp to ftp.wimsey.bc.ca:/pub/crypto + [Mark Henderson] + + ftp://soda.berkeley.edu/pub/cypherpunks/Home.html [has + probably been changed to soda.csua.edu site] + - ftp://ftp.u.washington.edu/public/phantom/cpunk/README.ht + ml + - ftp://furmint.nectar.cs.cmu.edu/security/cypheressay/what- + is-cypherpunk.html [Vincent Cate, 1994-07-03] + - ftp://wiretap.spies.com/Gov/World/usa.con + - http://www.quadralay.com/www/Crypt/Crypt.html + - http://cs.indiana.edu/ripem/dir.html + - misc. article on crypto: + http://www.quadralay.com/www/Crypt/Crypt.html + - ftp.wimsey.bc.ca:/pub/crypto has REDOC III, Loki91, SHS and + HAVAL (Mark Henderson, markh@vanbc.wimsey.com, 4-17-94, + sci.crypt> + + Some misc. ftp sites to check: + - soda.berkeley.edu + - ftp.informatik.uni-hamburg.de + - ripem.msu.edu + - garbo.uwasa.fi + - wimsey.bc.ca + - ghost.dsi.unimi.it + - http://rsa.com + - PC Expo disk package to ftp.wimsey.bc.ca [Arsen Ray + Arachelian, 1994-07-05] + + PC Expo disk + - ftp.wimsey.bc.ca + /pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/pcxp + o/pcxpo.zip + - "The FTP site ripem.msu.edu has a bunch of crypto stuff." + [Mark Riordan, 1994-07-08] + + URL for "Applied Cryptography"-related files + - http://www.openmarket.com/info/cryptography/applied_crypt + ography.html + 19.3.4. PGP Information and Sites + + http://www.mantis.co.uk/pgp/pgp.html + - information on where to find PGP + + pgpinfo@mantis.co.uk + - send any mail to this site and receive a list back of PGP + sites + - PGP info: ftp.netcom.com, in /pub/gbe and in /pub/qwerty + - more PGP: + ftp:csn.org//mpj/I_will_not_export/crypto_???????/pgp + + - For non-U.S. sources of PGP: send blank mail to + pgpinfo@mantis.co.uk + + Sherry Mayo, a crypto researcher in Australia, is also + making versions available: + - "PGP2.6ui is available (I hope!) on my experimental WWW + server, aim your browser at + http://rschp2.anu.edu.au:8080/crypt.html I am new to + this WWW thing so let me know if you have any probs + downloading. Available on the server is: + PGP2.6ui source for unix machines + Executable for the PC version of PGP 2.6ui + Executable for MacPGP 2.3" [Sherry Mayo, + talk.politics.crypto, 1994-09-06] + 19.3.5. Key Servers + + pgp-public-keys@demon.co.uk + - HELP in the subject line for more information about how + to use + - pgp-public-keys@jpunix.com + + pgp-public-keys@pgp.iastate.edu + - ``help'' as the subject, to get a list of keyservers + [Michael Graff , alt.security.pgp, + 1994-07-04] + 19.3.6. Remailer Sites + - To show active remailers: finger remailer@soda.berkeley.edu + 19.3.7. Mail-to-Usenet gateways: + + group.name@paris.ics.uci.edu + - group.name@cs.dal.ca + - group.name@ug.cs.dal.ca + - + 19.3.8. Government Information + + California Legislative Information + - "You are invited to browse the new edition of my list of + Internet and direct dial sources of California government + information at URL: + www.cpsr.org/cpsr/states/california/cal_gov_info_FAQ.html + " [Chris Mays, comp.org.cpsr.talk, 1994-07-01] + + + NSA Information + - Can get on NSA/NCSC/NIST mailing list by sending to: + - csrc.nist.gov:/pub/nistpubs + 19.3.9. Clipper Info + + http://www.mantis.co.uk/~mathew/ + - some good Clipper articles and testimony + 19.3.10. Other + + ftp://furmint.nectar.cs.cmu.edu/security/README.html#taxes + - Vincent Cate + - http://www.acns.nwu.edu/surfpunk/ + + Export Laws + - "EFF Board member and Cygnus Support co-founder John + Gilmore has set up a World Wide Web page on cryptography + export issues, including information on how to apply for + export clearance, exchages with Commerce Dept. on export + licensing, legal documents on networking issues in + relation to export of technology and crypto, and more. + The URL is: http://www.cygnus.com/~gnu/export.html" + [Stanton McCandlish, mech@eff.org, 1994-04-21] + + Large integer math libraries + - ripem.msu.edu + - ftp:csn.org//mpj + + Phrack + - archived at ftp.netsys.com + + Bruce Sterling's comments at CFP + + Bruce Sterling's remarks delivered at the "Computers, + Freedom and Privacy IV" + - conference , Mar. 26 1994 in Chicago, are now online at + EFF: + - ftp://ftp.eff.org/pub/Publications/Bruce_Sterling/cfp_9 + 4_sterling.speech + - http://www.eff.org/pub/Publications/Bruce_Sterling/cfp_ + 94_sterling.speech + - gopher://gopher.eff.org/11/Publications/Bruce_Sterling/ + cfp_94_sterling.speech + - gopher.eff.org, 1/Publications/Bruce_Sterling, + cfp_94_sterling.speech + - (source: Stanton McCandlish * mech@eff.org, 3-31-94) + 19.3.11. Crypto papers + - ftp.cs.uow.edu.au + pub/papers + - (quantum, other, Siberry, etc.) + 19.3.12. CPSR URL + - CPSR URL: http://www.cpsr.org/home + + 19.4. Appendix -- Glossary + 19.4.1. **Comments** + - Release Note: I regret that I haven't had time to add many + new entries here. There are a lot of specialized terms, and + I probably could have doubled the number of entries here. + - Much more work is needed here. In fact, I debated at one + point making the FAQ instead into a kind of "Encycopedia + Cypherpunkia," with a mix of short and long articles on + each of hundreds of topics. Such an organization would + suffer the disadvantages found in nearly all + lexicographically-organized works: confusion of the + concepts. + - Many of the these entries were compiled for a long handout + at the first Cypherpunks meeting, September, 1992. Errors + are obviously present. I'll try to keep correcting them + when I can. + - Schneier's "Applied Cryptography" is of course an excellent + place to browse for terms, special uses, etc. + 19.4.2. agoric systems -- open, free market systems in which + voluntary transactions are central. + 19.4.3. Alice and Bob -- crypographic protocols are often made + clearer by considering parties A and B, or Alice and Bob, + performing some protocol. Eve the eavesdropper, Paul the + prover, and Vic the verifier are other common stand-in names. + 19.4.4. ANDOS -- all or nothing disclosure of secrets. + 19.4.5. anonymous credential -- a credential which asserts some right + or privelege or fact without revealing the identity of the + holder. This is unlike CA driver's licenses. + 19.4.6. assymmetric cipher -- same as public key cryptosystem. + 19.4.7. authentication -- the process of verifying an identity or + credential, to ensure you are who you said you were. + 19.4.8. biometric security -- a type of authentication using + fingerprints, retinal scans, palm prints, or other + physical/biological signatures of an individual. + 19.4.9. bit commitment -- e.g., tossing a coin and then committing to + the value without being able to change the outcome. The blob + is a cryptographic primitive for this. + 19.4.10. BlackNet -- an experimental scheme devised by T. May to + underscore the nature of anonymous information markets. "Any + and all" secrets can be offered for sale via anonymous + mailers and message pools. The experiment was leaked via + remailer to the Cypherpunks list (not by May) and thence to + several dozen Usenet groups by Detweiler. The authorities are + said to be investigating it. + 19.4.11. blinding, blinded signatures -- A signature that the signer + does not remember having made. A blind signature is always a + cooperative protocol and the receiver of the signature + provides the signer with the blinding information. + 19.4.12. blob -- the crypto equivalent of a locked box. A + cryptographic primitive for bit commitment, with the + properties that a blobs can represent a 0 or a 1, that others + cannot tell be looking whether it's a 0 or a 1, that the + creator of the blob can "open" the blob to reveal the + contents, and that no blob can be both a 1 and a 0. An + example of this is a flipped coin covered by a hand. + 19.4.13. BnD -- + 19.4.14. Capstone -- + 19.4.15. channel -- the path over which messages are transmitted. + Channels may be secure or insecure, and may have + eavesdroppers (or enemies, or disrupters, etc.) who alter + messages, insert and delete messages, etc. Cryptography is + the means by which communications over insecure channels are + protected. + 19.4.16. chosen plaintext attack -- an attack where the cryptanalyst + gets to choose the plaintext to be enciphered, e.g., when + possession of an enciphering machine or algorithm is in the + possession of the cryptanalyst. + 19.4.17. cipher -- a secret form of writing, using substitution or + transposition of characters or symbols. (From Arabic "sifr," + meaning "nothing.") + 19.4.18. ciphertext -- the plaintext after it has been encrypted. + 19.4.19. Clipper -- the infamous Clipper chip + 19.4.20. code -- a restricted cryptosystem where words or letters of a + message are replaced by other words chosen from a codebook. + Not part of modern cryptology, but still useful. + 19.4.21. coin flippping -- an important crypto primitive, or protocol, + in which the equivalent of flipping a fair coin is possible. + Implemented with blobs. + 19.4.22. collusion -- wherein several participants cooperate to deduce + the identity of a sender or receiver, or to break a cipher. + Most cryptosystems are sensitive to some forms of collusion. + Much of the work on implementing DC Nets, for example, + involves ensuring that colluders cannot isolate message + senders and thereby trace origins and destinations of mail. + 19.4.23. COMINT -- + 19.4.24. computationally secure -- where a cipher cannot be broken + with available computer resources, but in theory can be + broken with enough computer resources. Contrast with + unconditionally secure. + 19.4.25. countermeasure -- something you do to thwart an attacker + 19.4.26. credential -- facts or assertions about some entity. For + example, credit ratings, passports, reputations, tax status, + insurance records, etc. Under the current system, these + credentials are increasingly being cross-linked. Blind + signatures may be used to create anonymous credentials. + 19.4.27. credential clearinghouse -- banks, credit agencies, + insurance companies, police departments, etc., that correlate + records and decide the status of records. + 19.4.28. cryptanalysis -- methods for attacking and breaking ciphers + and related cryptographic systems. Ciphers may be broken, + traffic may be analyzed, and passwords may be cracked. + Computers are of course essential. + 19.4.29. crypto anarchy -- the economic and political system after the + deployment of encryption, untraceable e-mail, digital + pseudonyms, cryptographic voting, and digital cash. A pun on + "crypto," meaning "hidden," and as when Gore Vidal called + William F. Buckley a "crypto fascist." + 19.4.30. cryptography -- another name for cryptology. + 19.4.31. cryptology -- the science and study of writing, sending, + receiving, and deciphering secret messages. Includes + authentication, digital signatures, the hiding of messages + (steganography), cryptanalysis, and several other fields. + 19.4.32. cyberspace -- the electronic domain, the Nets, and computer- + generated spaces. Some say it is the "consensual reality" + described in "Neuromancer." Others say it is the phone + system. Others have work to do. + 19.4.33. DC protocol, or DC-Net -- the dining cryptographers protocol. + DC-Nets use multiple participants communicating with the DC + protocol. + 19.4.34. DES -- the Data Encryption Standard, proposed in 1977 by the + National Bureau of Standards (now NIST), with assistance from + the National Security Agency. Based on the "Lucifer" cipher + developed by Horst Feistel at IBM, DES is a secret key + cryptosystem that cycles 64-bit blocks of data through + multiple permutations with a 56-bit key controlling the + routing. "Diffusion" and "confusion" are combined to form a + cipher that has not yet been cryptanalyzed (see "DES, + Security of"). DES is in use for interbank transfers, as a + cipher inside of several RSA-based systems, and is available + for PCs. + 19.4.35. DES, Security of -- many have speculated that the NSA placed + a trapdoor (or backdoor) in DES to allow it to read DES- + encrypted messages. This has not been proved. It is known + that the original Lucifer algorithm used a 128-bit key and + that this key length was shortened to 64 bits (56 bits plus 8 + parity bits), ths making exhaustive search much easier (so + far as is known, brute-force search has not been done, though + it should be feasible today). Shamir and Bihan have used a + technique called "differential cryptanalysis" to reduce the + exhaustive search needed for chosen plaintext attacks (but + with no import for ordinary DES). + 19.4.36. differential cryptanalysis -- the Shamir-Biham technique for + cryptanalyzing DES. With a chosen plaintext attack, they've + reduced the number of DES keys that must be tried from about + 2^56 to about 2^47 or less. Note, however, that rarely can an + attacker mount a chosen plaintext attack on DES systems. + 19.4.37. digital cash, digital money -- Protocols for transferring + value, monetary or otherwise, electronically. Digital cash + usually refers to systems that are anonymous. Digital money + systems can be used to implement any quantity that is + conserved, such as points, mass, dollars, etc. There are + many variations of digital money systems, ranging from VISA + numbers to blinded signed digital coins. A topic too large + for a single glossary entry. + 19.4.38. digital pseudonym -- basically, a "crypto identity." A way + for individuals to set up accounts with various organizations + without revealing more information than they wish. Users may + have several digital pseudonyms, some used only once, some + used over the course of many years. Ideally, the pseudonyms + can be linked only at the will of the holder. In the simplest + form, a public key can serve as a digital pseudonym and need + not be linked to a physical identity. + 19.4.39. digital signature -- Analogous to a written signature on a + document. A modification to a message that only the signer + can make but that everyone can recognize. Can be used + legally to contract at a distance. + 19.4.40. digital timestamping -- one function of a digital notary + public, in which some message (a song, screenplay, lab + notebook, contract, etc.) is stamped with a time that cannot + (easily) be forged. + 19.4.41. dining cryptographers protocol (aka DC protocol, DC nets) -- + the untraceable message sending system invented by David + Chaum. Named after the "dining philosophers" problem in + computer science, participants form circuits and pass + messages in such a way that the origin cannot be deduced, + barring collusion. At the simplest level, two participants + share a key between them. One of them sends some actual + message by bitwise exclusive-ORing the message with the key, + while the other one just sends the key itself. The actual + message from this pair of participants is obtained by XORing + the two outputs. However, since nobody but the pair knows the + original key, the actual message cannot be traced to either + one of the participants. + 19.4.42. discrete logarithm problem -- given integers a, n, and x, + find some integer m such that a^m mod n = x, if m exists. + Modular exponentiation, the a^m mod n part, is + straightforward (and special purpose chips are available), + but the inverse problem is believed to be very hard, in + general. Thus it is conjectured that modular exponentiation + is a one-way function. + 19.4.43. DSS, Digital Signature Standard -- the latest NIST (National + Institute of Standards and Technology, successor to NBS) + standard for digital signatures. Based on the El Gamal + cipher, some consider it weak and poor substitute for RSA- + based signature schemes. + 19.4.44. eavesdropping, or passive wiretapping -- intercepting + messages without detection. Radio waves may be intercepted, + phone lines may be tapped, and computers may have RF + emissions detected. Even fiber optic lines can be tapped. + 19.4.45. Escrowed Encryption Standard (EES) -- current name for the + key escrow system known variously as Clipper, Capstone, + Skipjack, etc. + 19.4.46. factoring -- Some large numbers are difficult to factor. It + is conjectured that there are no feasible--i.e."easy," less + than exponential in size of number-- factoring methods. It is + also an open problem whether RSA may be broken more easily + than by factoring the modulus (e.g., the public key might + reveal information which simplifies the problem). + Interestingly, though factoring is believed to be "hard", it + is not known to be in the class of NP-hard problems. + Professor Janek invented a factoring device, but he is + believed to be fictional. + 19.4.47. HUMINT -- + 19.4.48. information-theoretic security -- "unbreakable" security, in + which no amount of cryptanalysis can break a cipher or + system. One time pads are an example (providing the pads are + not lost nor stolen nor used more than once, of course). Same + as unconditionally secure. + 19.4.49. key -- a piece of information needed to encipher or decipher + a message. Keys may be stolen, bought, lost, etc., just as + with physical keys. + 19.4.50. key exchange, or key distribution -- the process of sharing a + key with some other party, in the case of symmetric ciphers, + or of distributing a public key in an asymmetric cipher. A + major issue is that the keys be exchanged reliably and + without compromise. Diffie and Hellman devised one such + scheme, based on the discrete logarithm problem. + 19.4.51. known-plaintext attack -- a cryptanalysis of a cipher where + plaintext-ciphertext pairs are known. This attack searches + for an unknown key. Contrast with the chosen plaintext + attack, where the cryptanalyst can also choose the plaintext + to be enciphered. + 19.4.52. listening posts -- the NSA and other intelligence agencies + maintain sites for the interception of radio, telephone, and + satellite communications. And so on. Many sites have been + identified (cf. Bamford), and many more sites are suspected. + 19.4.53. mail, untraceable -- a system for sending and receiving mail + without traceability or observability. Receiving mail + anonymously can be done with broadcast of the mail in + encrypted form. Only the intended recipient (whose identity, + or true name, may be unknown to the sender) may able to + decipher the message. Sending mail anonymously apparently + requires mixes or use of the dining cryptographers (DC) + protocol. + 19.4.54. Message Pool + 19.4.55. minimum disclosure proofs -- another name for zero knowledge + proofs, favored by Chaum. + 19.4.56. mixes -- David Chaum's term for a box which performs the + function of mixing, or decorrelating, incoming and outgoing + electronic mail messages. The box also strips off the outer + envelope (i.e., decrypts with its private key) and remails + the message to the address on the inner envelope. Tamper- + resistant modules may be used to prevent cheating and forced + disclosure of the mapping between incoming and outgoing mail. + A sequence of many remailings effectively makes tracing + sending and receiving impossible. Contrast this with the + software version, the DC protocol. The "remailers" developed + by Cypherpunks are an approximation of a Chaumian mix. + 19.4.57. modular exponentiation -- raising an integer to the power of + another integer, modulo some integer. For integers a, n, and + m, a^m mod n. For example, 5^3 mod 100 = 25. Modular + exponentiation can be done fairly quickly with a sequence of + bit shifts and adds, and special purpose chips have been + designed. See also discrete logarithm. + 19.4.58. National Security Agency (NSA) -- the largest intelligence + agency, responsible for making and breaking ciphers, for + intercepting communications, and for ensuring the security of + U.S. computers. Headquartered in Fort Meade, Maryland, with + many listening posts around the world. The NSA funds + cryptographic research and advises other agencies about + cryptographic matters. The NSA once obviously had the world's + leading cryptologists, but this may no longer be the case. + 19.4.59. negative credential -- a credential that you possess that you + don't want any one else to know, for example, a bankruptcy + filing. A formal version of a negative reputation. + 19.4.60. NP-complete -- a large class of difficult problems. "NP" + stands for nondeterministic polynomial time, a class of + problems thought in general not to have feasible algorithms + for their solution. A problem is "complete" if any other + NP problem may be reduced to that problem. Many important + combinatorial and algebraic problems are NP-complete: the + travelling salesman problem, the Hamiltonian cycle problem, + the graph isomorphism problem, the word problem, and on and + on. + 19.4.61. oblivious transfer -- a cryptographic primitive that involves + the probablistic transmission of bits. The sender does not + know if the bits were received. + 19.4.62. one-time pad -- a string of randomly-selected bits or symbols + which is combined with a plaintext message to produce the + ciphertext. This combination may be shifting letters some + amount, bitwise exclusive-ORed, etc.). The recipient, who + also has a copy of the one time pad, can easily recover the + plaintext. Provided the pad is only used once and then + destroyed, and is not available to an eavesdropper, the + system is perfectly secure, i.e., it is information- + theoretically secure. Key distribution (the pad) is + obviously a practical concern, but consider CD-ROM's. + 19.4.63. one-way function -- a function which is easy to compute in + one direction but hard to find any inverse for, e.g. modular + exponentiation, where the inverse problem is known as the + discrete logarithm problem. Compare the special case of trap + door one-way functions. An example of a one-way operation + is multiplication: it is easy to multiply two prime numbers + of 100 digits to produce a 200-digit number, but hard to + factor that 200-digit number. + 19.4.64. P ?=? NP -- Certainly the most important unsolved problem + in complexity theory. If P = NP, then cryptography as we know + it today does not exist. If P = NP, all NP problems are + "easy." + 19.4.65. padding -- sending extra messages to confuse eavesdroppers + and to defeat traffic analysis. Also adding random bits to + a message to be enciphered. + 19.4.66. PGP + 19.4.67. plaintext -- also called cleartext, the text that is to be + enciphered. + 19.4.68. Pool + 19.4.69. Pretty Good Privacy (PGP) -- Phillip Zimmerman's + implementation of RSA, recently upgraded to version 2.0, with + more robust components and several new features. RSA Data + Security has threatened PZ so he no longer works on it. + Version 2.0 was written by a consortium of non-U.S. hackers. + 19.4.70. prime numbers -- integers with no factors other than + themselves and 1. The number of primes is unbounded. About + 1% of the 100 decimal digit numbers are prime. Since there + are about 10^70 particles in the universe, there are about + 10^23 100 digit primes for each and every particle in the + universe! + 19.4.71. probabalistic encryption -- a scheme by Goldwasser, Micali, + and Blum that allows multiple ciphertexts for the same + plaintext, i.e., any given plaintext may have many + ciphertexts if the ciphering is repeated. This protects + against certain types of known ciphertext attacks on RSA. + 19.4.72. proofs of identity -- proving who you are, either your true + name, or your digital identity. Generally, possession of the + right key is sufficient proof (guard your key!). Some work + has been done on "is-a-person" credentialling agencies, using + the so-called Fiat-Shamir protocol...think of this as a way + to issue unforgeable digital passports. Physical proof of + identity may be done with biometric security methods. Zero + knowledge proofs of identity reveal nothing beyond the fact + that the identity is as claimed. This has obvious uses for + computer access, passwords, etc. + 19.4.73. protocol -- a formal procedure for solving some problem. + Modern cryptology is mostly about the study of protocols for + many problems, such as coin-flipping, bit commitment (blobs), + zero knowledge proofs, dining cryptographers, and so on. + 19.4.74. public key -- the key distributed publicly to potential + message-senders. It may be published in a phonebook-like + directory or otherwise sent. A major concern is the validity + of this public key to guard against spoofing or + impersonation. + 19.4.75. public key cryptosystem -- the modern breakthrough in + cryptology, designed by Diffie and Hellman, with + contributions from several others. Uses trap door one-way + functions so that encryption may be done by anyone with + access to the "public key" but decryption may be done only by + the holder of the "private key." Encompasses public key + encryption, digital signatures, digital cash, and many other + protocols and applications. + 19.4.76. public key encryption -- the use of modern cryptologic + methods to provided message security and authentication. The + RSA algorithm is the most widely used form of public key + encryption, although other systems exist. A public key may be + freely published, e.g., in phonebook-like directories, while + the corresponding private key is closely guarded. + 19.4.77. public key patents -- M.I.T. and Stanford, due to the work + of Rivest, Shamir, Adleman, Diffie, Hellman, and Merkle, + formed Public Key Partners to license the various public key, + digital signature, and RSA patents. These patents, granted in + the early 1980s, expire in the between 1998 and 2002. PKP has + licensed RSA Data Security Inc., of Redwood City, CA, which + handles the sales, etc. + 19.4.78. quantum cryptography -- a system based on quantum-mechanical + principles. Eavesdroppers alter the quantum state of the + system and so are detected. Developed by Brassard and + Bennett, only small laboratory demonstrations have been made. + 19.4.79. remailers -- software versions of Chaum's "mixes," for the + sending of untraceable mail. Various features are needed to + do this: randomized order of resending, encryption at each + stage (picked in advance by the sender, knowing the chain of + remailers), padding of message sizes. The first remailer was + written by E. Hughes in perl, and about a dozen or so are + active now, with varying feature sets. + 19.4.80. reputations -- the trail of positive and negative + associations and judgments that some entity accrues. Credit + ratings, academic credentials, and trustworthiness are all + examples. A digital pseudonym will accrue these reputation + credentials based on actions, opinions of others, etc. In + crypto anarchy, reputations and agoric systems will be of + paramount importance. There are many fascinating issues of + how reputation-based systems work, how credentials can be + bought and sold, and so forth. + 19.4.81. RSA -- the main public key encryption algorithm, developed by + Ron Rivest, Adi Shamir, and Kenneth Adleman. It exploits the + difficulty of factoring large numbers to create a private key + and public key. First invented in 1978, it remains the core + of modern public key systems. It is usually much slower than + DES, but special-purpose modular exponentiation chips will + likely speed it up. A popular scheme for speed is to use RSA + to transmit session keys and then a high-speed cipher like + DES for the actual message text. + - Description -- Let p and q be large primes, typically with + more than 100 digits. Let n = pq and find some e such that + e is relatively prime to (p - 1)(q - 1). The set of numbers + p, q, and e is the private key for RSA. The set of numbers + n and e forms the public key (recall that knowing n is not + sufficient to easily find p and q...the factoring problem). + A message M is encrypted by computing M^e mod n. The owner + of the private key can decrypt the encrypted message by + exploiting number theory results, as follows. An integer d + is computed such that ed =1 (mod (p - 1)(q - 1)). Euler + proved a theorem that M^(ed) = M mod n and so M^(ed) mod n + = M. This means that in some sense the integers e and d are + "inverses" of each other. [If this is unclear, please see + one of the many texts and articles on public key + encryption.] + 19.4.82. secret key cryptosystem -- A system which uses the same key + to encrypt and decrypt traffic at each end of a communication + link. Also called a symmetric or one-key system. Contrast + with public key cryptosystem. + 19.4.83. SIGINT -- + 19.4.84. smart cards -- a computer chip embedded in credit card. They + can hold cash, credentials, cryptographic keys, etc. Usually + these are built with some degree of tamper-resistance. Smart + cards may perform part of a crypto transaction, or all of it. + Performing part of it may mean checking the computations of a + more powerful computer, e.g., one in an ATM. + 19.4.85. spoofing, or masquerading -- posing as another user. Used for + stealing passwords, modifying files, and stealing cash. + Digital signatures and other authentication methods are + useful to prevent this. Public keys must be validated and + protected to ensure that others don't subsititute their own + public keys which users may then unwittingly use. + 19.4.86. steganography -- a part of cryptology dealing with hiding + messages and obscuring who is sending and receiving messages. + Message traffic is often padded to reduce the signals that + would otherwise come from a sudden beginning of messages. + "Covered writing." + 19.4.87. symmetric cipher -- same as private key cryptosystem. + 19.4.88. tamper-responding modules, tamper-resistant modules (TRMs) -- + sealed boxes or modules which are hard to open, requiring + extensive probing and usually leaving ample evidence that the + tampering has occurred. Various protective techniques are + used, such as special metal or oxide layers on chips, armored + coatings, embedded optical fibers, and other measures to + thwart analysis. Popularly called "tamper-proof boxes." Uses + include: smart cards, nuclear weapon initiators, + cryptographic key holders, ATMs, etc. + 19.4.89. tampering, or active wiretapping -- intefering with messages + and possibly modifying them. This may compromise data + security, help to break ciphers, etc. See also spoofing. + 19.4.90. Tessera + 19.4.91. token -- some representation, such as ID cards, subway + tokens, money, etc., that indicates possession of some + property or value. + 19.4.92. traffic analysis -- determining who is sending or receiving + messages by analyzing packets, frequency of packets, etc. A + part of steganography. Usually handled with traffic padding. + 19.4.93. traffic analysis -- identifying characteristics of a message + (such as sender, or destination) by watching traffic. + Remailers and encryption help to foil traffic analysys. + 19.4.94. transmission rules -- the protocols for determining who can + send messages in a DC protocol, and when. These rules are + needed to prevent collision and deliberate jamming of the + channels. + 19.4.95. trap messages -- dummy messages in DC Nets which are used to + catch jammers and disrupters. The messages contain no private + information and are published in a blob beforehand so that + the trap message can later be opened to reveal the disrupter. + (There are many strategies to explore here.) + 19.4.96. trap-door -- In cryptography, a piece of secret information + that allows the holder of a private key to invert a normally + hard to invert function. + 19.4.97. trap-door one way functions -- functions which are easy to + compute in both the forward and reverse direction but for + which the disclosure of an algorithm to compute the function + in the forward direction does not provide information on how + to compute the function in the reverse direction. More simply + put, trap-door one way functions are one way for all but the + holder of the secret information. The RSA algorithm is the + best-known example of such a function. + 19.4.98. unconditional security -- same as information-theoretic + security, that is, unbreakable except by loss or theft of the + key. + 19.4.99. unconditionally secure -- where no amount of intercepted + ciphertext is enough to allow the cipher to be broken, as + with the use of a one-time pad cipher. Contrast with + computationally secure. + 19.4.100. URLs + 19.4.101. voting, cryptographic -- Various schemes have been devised + for anonymous, untraceable voting. Voting schemes should have + several properties: privacy of the vote, security of the vote + (no multiple votes), robustness against disruption by jammers + or disrupters, verifiability (voter has confidence in the + results), and efficiency. + 19.4.102. Whistleblowers + 19.4.103. zero knowledge proofs -- proofs in which no knowledge of the + actual proof is conveyed. Peggy the Prover demonstrates to + Sid the Skeptic that she is indeed in possession of some + piece of knowledge without actually revealing any of that + knowledge. This is useful for access to computers, because + eavesdroppers or dishonest sysops cannot steal the knowledge + given. Also called minimum disclosure proofs. Useful for + proving possession of some property, or credential, such as + age or voting status, without revealing personal information. + + 19.5. Appendix -- Summary of Crypto Versions + 19.5.1. DOS and Windows + - SecureDevice + + SecureDrive + - "Secdrv13d is the latest version. There was an unupdated + .exe file in the package that had to be fixed. From the + readme file: If you found this file inside FPART13D.ZIP, + this is an update and bug fix for the FPART utility of + SecureDrive Release 1.3d, + - Edgar Swank involved? + + SecureDevice + - Major Versions: + - Functions: + - Principal Authors: + - Major Platforms: + + Where to Find: + - ftp://ftp.csn.org/mpj/I_will_not_export/crypto_???????/ + secdrv/secdev.arj + See ftp://ftp.csn.org/mpj/README.MPJ for the ??????? + - Strengths: + - Weaknesses: + + Notes: + - By the way, I'm not the only one who gets SecureDrive + and SecureDevice confused. Watch out for this. + + SFS + - "A MS-DOS-based package for hard disk encryption. It is + implemented as a device driver and encrypts a whole + partition (i.e., not a file or a directory). It uses the + MDC/SHA cipher. ... It is available from Grabo + (garbo.uwasa.fi:/pc/crypt/sfs110.zip, I think), and also + from our ftp site: ftp.informatik.uni- + hamburg.de:/pub/virus/crypt/disk/sfs110.zip I would + recommend the Garbo site, because ours is a bit slow." + [Vesselin Bontchev, alt.security.pgp, 1994-09-05] + - Compared to SecureDrive, users report it to be faster, + better-featured, has a Windows interface, is a device + driver, and is robust. The disadvantages are that it + currently does not ship with source code and uses a more + obscure cipher. + - "SFS (Secure FileSystem) is a set of programs which + create and manage a number of encrypted disk volumes, and + runs under both DOS and Windows. Each volume appears as + a normal DOS drive, but all data stored on it is encryped + at the individual-sector level....SFS 1.1 is a + maintenance release which fixes a few minor problems in + 1.0, and adds a number of features suggested by users. + More details on changes are given in in the README file." + [Peter Gutmann, sci.crypt, 1994-08-25] + - "from garbo.uwasa.fi and all its mirror sites worldwide + as /pc/crypt/sfs110.zip." + + WinCrypt. + - "WinCrypt is pretty good IF you keep your encrypted text + to less than the length of your password, AND IF you + generate your password randomly, AND IF you only use each + password ONCE. :-)" [Michael Paul Johnson, sci.crypt, + 1994-07-08] + + Win PGP + + there seem to be two identically-named programs: + - WinPGP, by Christopher w. Geib + + WinPGP, by Timothy M. Janke and Geoffrey C. Grabow + - ftp WinPGP 1.0 from + oak.oakland.edu//pub/msdos/windows3/WinPGP10.ZIP + - Until this is clarified... + + PGPShell + - "PGPShell v3.2 has been released and is available at + these sites: (U.S.) + oak.oakland.edu:/pub/msdos/security/pgpshe32.zip + (Euro) + ftp.demon.co.uk:/simtel20/msdos/security/pgpshe32.zip + [still@rintintin.Colorado.EDU (Johannes Kepler), 1994-07- + 07] + + PGS + - ftp.informatik.uni- + hamburg.de:/pub/virus/crypt/pgp/shells/pgs099b.zip + - "I just uploaded the bug fix of PGS (v0.99b) on some FTP- + sites: + wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099b.zip + rzsun2.informatik.uni-hamburg.de:/pub/virus/crypt/pgp/... + (Just uploaded it, should be on in a few days) + oak.oakland.edu:/SimTel/msdos/security/pgs099b.zip (Just + uploaded it, should be on in a few days) + + [Eelco Cramer , 1994-06-27] + + DOS disk encryption utilities + + Several free or nearly free utilities are available: + - ftp.informatik.uni-hamburg.de:/pub/virus/crypt/disk/ + [Vesselin Vladimirov Bontchev, as of 1994-08] + + Norton's "Diskreet" is weak and essentially useless + - uses DES in weak (ECB) mode...is probably the "snake + oil" that Zimmermann writes about in his docs. SFS docs + say it is even worse than that. + + PGS + - "PGS v0.99c is out there! + + This new version of PGS supports 8 bytes keyid's. + This version will be able to run in a OS/2 DOS box. + + PGS v0.99c is available on the following site: + wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099c.zip" + [ER CRAMER , 1994-07-08] + + + + Program: + - Major Versions: + - Functions: + - Principal Authors: + - Major Platforms: + - Where to Find: + - Strengths: + - Weaknesses: + - Notes: + 19.5.2. OS/2 + 19.5.3. Amiga + + Program: PGPAmiga, Amiga PGP + + Major Versions: 2.3a.4, PGP 2.6 + - "The Amiga equivalent of PGP 2.6ui is called PGP + 2.3a.3" [unknown commenter] + - Functions: + - Principal Authors: + - Major Platforms: + - Where to Find: + - Strengths: + - Weaknesses: + - Notes: Situation is confusing. 2.3a.3 is not equivalent + to PGP 2.6ui. + 19.5.4. Unix + - NeXTStep + - Sun 4.3 + - Solaris + - HP + - SGI + + swIPe + - Metzger: It was John Ioannidis' swIPe package, and it was + not merely announced + but released. Phil has done a similar package for KA9Q + and was one of + 19.5.5. SFS ? + - "A MS-DOS-based package for hard disk encryption. It is + implemented as a device driver and encrypts a whole + partition (i.e., not a file or a directory). It uses the + MDC/SHA cipher. ... It is available from Grabo + (garbo.uwasa.fi:/pc/crypt/sfs110.zip, I think), and also + from our ftp site: ftp.informatik.uni- + hamburg.de:/pub/virus/crypt/disk/sfs110.zip I would + recommend the Garbo site, because ours is a bit slow." + [Vesselin Bontchev, alt.security.pgp, 1994-09-05] + 19.5.6. Macintosh + + more on MacPGP + - From: phinely@uhunix.uhcc.Hawaii.Edu (Peter Hinely) + Subject: Re: MacPGP 2.6ui doesn't actually work + Message-ID: + Sender: news@news.Hawaii.Edu + Organization: University of Hawaii + References: + Date: Wed, 6 Jul 1994 04:17:15 GMT + Lines: 9 + + In article + mathew@stallman.mantis.co.uk (mathew at home) writes: + >Well, I downloaded the rumoured MacPGP 2.6ui, but sadly + it bombs out + >immediately with an address error when I try to run it. + + MacPGP 2.6ui works on my Quadra 605. + The MacBinary process cannot handle pathnames >63 + characters, but as long + an you encrypt files on the desktop, it's not too much of + a problem. + - From: warlord@MIT.EDU (Derek Atkins) + Newsgroups: alt.security.pgp + Subject: Re: When will there be a bug fix for MacPGP? + Followup-To: alt.security.pgp + Date: 6 Jul 1994 10:19:13 GMT + Organization: Massachusetts Institute of Technology + Lines: 19 + Message-ID: + References: + NNTP-Posting-Host: toxicwaste.media.mit.edu + In-reply-to: AWILSON@DRUNIVAC.DREW.EDU's message of 2 Jul + 1994 12:25:14 GMT + + In article + AWILSON@DRUNIVAC.DREW.EDU (AL WILSON) writes: + + When will there be a bug fix for MacPGP (1.1.1)? I am + not complaining, I + know that the software is free. I just want to start + utilizing it for + communications at the earliest possible time. + + There are still a number of outstanding bugs that need to + be + fixed, but the hope is to make a bugfix release in the + near + future. I don't know when that is going to be, but + hopefully + it will be Real Soon Now (TM). + - Date: Wed, 6 Jul 1994 10:42:08 -0700 + From: tcmay (Timothy C. May) + To: tcmay + Subject: (fwd) Re: What is the difference between 2.6 & + 2.6ui? + Newsgroups: alt.security.pgp + Organization: NETCOM On-line Communication Services (408 + 261-4700 guest) + Status: O + + Xref: netcom.com alt.security.pgp:16979 + Path: netcom.com!netcomsv!decwrl!lll- + winken.llnl.gov!sol.ctr.columbia.edu!howland.reston.ans.n + et!pipex!lyra.csx.cam.ac.uk!iwj10 + From: iwj10@cus.cam.ac.uk (Ian Jackson) + Newsgroups: alt.security.pgp + Subject: Re: What is the difference between 2.6 & 2.6ui? + Date: Wed, 6 Jul 1994 10:14:24 GMT + Organization: Linux Unlimited + Lines: 55 + Message-ID: + <1994Jul6.101424.9203.chiark.ijackson@nyx.cs.du.edu> + References: + + NNTP-Posting-Host: bootes.cus.cam.ac.uk + Summary: Use 2.6ui :-). + Originator: iwj10@bootes.cus.cam.ac.uk + + -----BEGIN PGP SIGNED MESSAGE----- + + In article , + Stainless Steel Rat wrote: + >Ed Dantes writes [quoting + normalised - iwj]: + >> subject line says it all. + > + >PGP 2.6 is distributed from MIT and is legally available + to US and Canadian + >residents. It uses the RSAREF library. It has code that + will prevent + >interoperation with earlier versions of PGP. + > + >PGP 2.6ui is a modified version of PGP 2.3a which + functions almost + >identically to MIT PGP 2.6, without the "cripple code" + of MIT PGP 2.6. It + >is legally available outside the US and Canada only. + + This is false. PGP 2.6ui is available to US and Canadian + residents. + It is definitely legal for such people to download PGP + 2.6ui and study + it. + + However, RSADSI claim that *using* PGP 2.6ui in the US + and Canada + violates their patents on the RSA algorithm and on public + key + cryptography in general. Other people (like myself) + believe that + these patents wouldn't stand up if tested in court, and + that in any + case the damages recoverable would be zero. + + You might also like to know that the output formats + generated by 2.6ui + and MIT-2.6 are identical, so that if you choose to use + 2.6ui in North + America noone will be able to tell the difference anyway. + + Unfortunately these patent problems have caused many + North American + FTP sites to stop carrying 2.3a and 2.6ui, for fear of + committing + contributory infringement. + + If you would like to examine PGP 2.3a or 2.6ui, they are + available on + many FTP sites. Try + black.ox.ac.uk:/src/security + ftp.demon.co.uk:/pub/pgp + ftp.dsi.unimi.it:/pub/security/crypt/PGP + ftp.funet.fi:/pub/crypt + for starters. Look out for the regular postings here in + alt.security.pgp for other sites. + + -----BEGIN PGP SIGNATURE----- + Version: 2.6 + + iQCVAgUBLhqD48MWjroj9a3bAQH9VgQAqOvCVXqJLhnFvsKfr82M5808h + 6GKY5RW + SZ1/YLmshlDEMgeab4pSLSz+lDvsox2KFxQkP7O3oWYnswXcdr4FdLBu/ + TXU+IQw + E4r/jY/IXSupP97Lxj9BB73TkJIHVmrqgoPQG2Nszj60cbE/LsiGs5uMn + CSESypH + c0Y8FnR64gc= + =Pejo + -----END PGP SIGNATURE----- + -- + Ian Jackson, at home or + + +44 223 575512 Escoerea on IRC. + http://www.cl.cam.ac.uk/users/iwj10/ + 2 Lexington Close, Cambridge, CB4 3LS, England. Urgent: + + + -- + ......................................................... + ................. + Timothy C. May | Crypto Anarchy: encryption, + digital money, + tcmay@netcom.com | anonymous networks, digital + pseudonyms, zero + 408-688-5409 | knowledge, reputations, + information markets, + W.A.S.T.E.: Aptos, CA | black markets, collapse of + governments. + Higher Power: 2^859433 | Public Key: PGP and MailSafe + available. + "National borders are just speed bumps on the information + superhighway." + + + + + + CurveEncrypt, for Mac + - "Curve Encrypt 1.1, IDEA encryption for the Macintosh is + now available.....Curve Encrypt is a freeware drag-and- + drop encryption application for the Macintosh. It uses + IDEA cipher-feedback mode with a 255 character pass + phrase, encrypts both the data and resource forks of + files, and will encrypt the contents of a folder or + volume in a single operation. Source code is provided, + natch. CE is System 7 only....(Note that this program has + nothing whatsoever to do with elliptic curve + encryption methods, just so nobody gets confused...)" [ + "W. Kinney" , 1994-07-08] + - "Ftp Sites: + + ripem.msu.edu:pub/crypt/other/curve-encrypt-idea-for-mac/ + This is an export controlled ftp site: read + pub/crypt/GETTING_ACCESS for + information. + + ftp.csn.org:/mpj/I_will_not_export/crypto_???????/curve_e + ncrypt/ + csn.org is also export-controlled: read /mpj/README for + the characters + to replace ???????." [ "W. Kinney" + , 1994-07-08] + + RIPEM on Macintosh + - Carl Ellison says "I've only used RIPEM on AOL -- but it + should be the same....I run on a Mac, generating the + armored file, and then use AOL's "paste from file" option + in the File menu to include the encrypted file in the + body of my message.....In the other direction, I have to + use Select All and Copy to get it out of AOL mail, Paste + to get it into an editor. From there I can file it and + give that file to PGP or RIPEM.....BBEDIT on the Mac has + good support for RIPEM. I wish I knew how to write + BBEDIT extensions for Mac PGP as well." [C.E., 1994-07- + 06] + + URL for Stego (Macintosh) + - http://www.nitv.net/~mech/Romana/stego.html + 19.5.7. Newton + 19.5.8. Atari + 19.5.9. VMS + 19.5.10. IBM VM/etc. + 19.5.11. Miscellaneous + 19.5.12. File-splitting utilities + + Several exist. + - XSPLIT + - cryptosplit, Ray Cromwell + - shade + + 19.6. Appendix -- References + 19.6.1. the importance of libraries + - "Use a library. That's a place with lots of paper + periodicals and paper books. Library materials not online, + mostly, but it is still where most of the world's encoded + knowledge is stored. If you don't like paper, tough. + That's the way the world is right now." [Eric Hughes, 1994- + 04-07] + 19.6.2. Books + - Bamford, James, "The Puzzle Palace," 1982. The seminal + reference on the NSA. + - N. Koblitz, "A course in number theory and cryptography", + QA3.G7NO.114. Very technical, with an emphasis on elliptic + functions. + + D. Welsh, "Codes and Cryptography", Oxford Science + Publications, 1988, Eric Hughes especially + recommends this. + - Z103.W461988 + - D.E. Denning, "Cryptography and Data Security", 1982, + Addison-Wesley, 1982, QA76.9.A25D46. A classic, if a bit + dated, introduction by the woman who later became the chief + supporter of Clipper. + + G. Brassard, "Modern Cryptology: a tutorial", Lecture Notes + in Computer + - Science 325, Springer 1988, QA76.L4V.325 A slim little + book that's a gem. Sections by David Chaum. + - Vinge, V., "True Names," 1981. A novel about digital + pseudonyms and cyberspace. + - Card, Orson Scott, "Ender's Game," 1985-6. Novel about kids + who adopt digital pseudonyms for political debate. + - G.J. Simmons,"Contemporary Cryptology", IEEE Press, 1992, + QA76.9.A25C6678. A collection of articles by well-known + experts. Surprisingly, no discussion of digital money. Gus + Simmons designed "Permissive Action Links" for nukes, at + Sandia. + 19.6.3. sci.crypt + - archived at ripem.msu.edu and rpub.cl.msu.edu + - + + The cryptography anon ftp archive at + wimsey.bc.ca:/pub/crypto + - has been moved to ftp.wimsey.bc.ca + 19.6.4. cryptography-faq + - in about 10 parts, put out by Crypt Cabal (several + Cypherpunks on it) + - rtfm.mit.edu, in /pub/usenet/news.answers/cryptography- + faq/part[xx] + + posted every 21 days to sci.crypt, talk.politics.crypto, + - sci.answers, news.answers + 19.6.5. RSA FAQ + - Paul Fahn, RSA Laboratories + - anonymous FTP to rsa.com:/pub/faq + - rtfm.mit.edu, /pub/usenet/news.answers/cryptography-faq/rsa + 19.6.6. Computers, Freedom and Privacy Conference + - next Computers, Freedom and Privacy Conference will be + March 1995, San Francisco + 19.6.7. Various computer security papers, publications, and programs + can be found at cert.org. + - anonymous ftp to it and look in /pub. /pub/info even has + the NSA "Orange Book." (Not a secret, obviously. Anyone can + get on the NSA/NCSC's mailing list and get a huge pile of + documents sent to them, with new ones arriving every + several weeks.) + - or try ftp.win.tue.nl /pub/security + 19.6.8. Clipper information by Internet + - ftp.cpsr.org + - ftp.eff.org + + 19.7. Glossary Items + 19.7.1. message pools -- + 19.7.2. pools -- see "message pools." + 19.7.3. cover traffic -- + 19.7.4. padding -- see "message padding." + 19.7.5. message padding -- + 19.7.6. latency -- + 19.7.7. BlackNet -- an experiment in information markets, using + anonymous message pools for exchange of instructions and + items. Tim May's experiment in guerilla ontology. + 19.7.8. ILF -- Information Liberation Front. Distributes copyrighted + material via remailers, anonymously. Another experiment in + guerilla ontology. + 19.7.9. digital mix -- + 19.7.10. FinCEN -- Financial Crimes Enforcement Network. + 19.7.11. true name -- one's actual, physical name. Taken from Vernor + Vinge's novel of the same name. + 19.7.12. mix -- + 19.7.13. TEMPEST -- + 19.7.14. OTP -- + 19.7.15. Vernam cipher -- + 19.7.16. detweiler -- verb, to rant and rave about tentacles that are + destroying one's sanity through crypto anarchist thought + control. Named after L. Detweiler. "He's just detweilering." + 19.7.17. remailer -- + 19.7.18. Stego -- + 19.7.19. incipits -- message indicators or tags (relates to stego) + 19.7.20. duress code -- a second key which can decrypt a message to + something harmless. Could be useful for bank cards, as well + as for avoiding incrimination. A form of security through + obscurity, and not widely used. + + 19.8. A comment on software versions, ftp sites, instructions, etc. + 19.8.1. I regret that I can't be complete in all versions, platforms + supported, sites for obtaining, instructions, + incompatibilities, etc. Frankly, I'm drowning in reports of + new versions, questions about use, etc. Most of these + versions I have no direct knowledge of, have no experience + with, and no appreciation of subtle incompatibilites + involved. + 19.8.2. There are others who have concentrated on providing up-to- + date reports on what is available. Some of them are" + - site + 19.8.3. Reading sci.crypt, alt.security.pgp, and related groups for a + few weeks and looking for programs of interest to one's own + situation should give the most recent and current results. + Things are moving quickly, so if one is interested in + "AmigaPGP," for example, then the right place to look for the + latest versions is in the groups just mentioned, or in groups + and ftp sites specific to the Amiga. (Be careful that + sabotaged or spoofed versions are not used, as in all crypto. + "Joe's AmigaPGP" might need a closer look.)