From: “Gary Jeffers” <CCGARY@MIZZOU1.missouri.edu>
To: cypherpunks@toad.com
Message Hash: 02f79c40ba82c78b0f9f3cf30b6362a55ab514c751aebc2f9464764506efde9a
Message ID: <9409062257.AA16925@toad.com>
Reply To: N/A
UTC Datetime: 1994-09-06 22:57:16 UTC
Raw Date: Tue, 6 Sep 94 15:57:16 PDT
From: "Gary Jeffers" <CCGARY@MIZZOU1.missouri.edu>
Date: Tue, 6 Sep 94 15:57:16 PDT
To: cypherpunks@toad.com
Subject: CEB1B PREMEIERE ISSUE
Message-ID: <9409062257.AA16925@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
* _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.sig
* _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.zip
MacIntosh:
* _DE:_
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/mac
/MacPGP2.6ui_beta.sit.hqx
* _IT:_
ftp://ftp.dsi.unimi.it/pub/security/PGP/MacPGP2.6ui_V1.2sources.cpt.hqx
Other sites to look for the above mentioned files at:
ftp.informatik.uni-hamburg.de
/pub/virus/crypt/pgp
This site has most, if not all, of the current PGP files.
ftp.wimsey.bc.ca
/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/PGP
(U. S. and Canadian users only)
See /pub/crypto/software/README for the characters for XXXXXXXX
This site has all public releases of the freeware PGP from 1.0 through
2.6 and
2.6ui.
black.ox.ac.uk (129.67.1.165)
/src/security/pgp26uix.zip (MS-DOS executables & docs)
/src/security/pgp26uis.zip (Unix, MS-DOS, VMS, Amiga sources,
docs, info on building PGP into
mailers, editors, etc.)
There are several other versions of PGP
here, including the MIT release.
ftp.csn.net
/mpj/public/pgp/ contains PGP shells, faq documentation, language kits.
ftp.netcom.com
/pub/dcosenza -- Some crypto stuff, sometimes includes PGP.
/pub/gbe/pgpfaq.asc -- frequently asked questions answered.
/pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as
well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
Steganograpy software list. MacUtilites for use with
MacPGP. Stealth1.1 + other steganography programs.
Send mail to qwerty@netcom.com with the subject
"Bomb me!" to get the PGP FAQ and MacPGP guide if you
don't have ftp access.
ftp.ee.und.ac.za
/pub/crypto/pgp
soda.berkeley.edu
/pub/cypherpunks/pgp (DOS, MAC)
ftp.demon.co.uk
/pub/amiga/pgp
/pub/archimedes
/pub/pgp
/pub/mac/MacPGP
ftp.informatik.tu-muenchen.de
ftp.funet.fi
ftp.dsi.unimi.it
/pub/security/crypt/PGP
ftp.tu-clausthal.de (139.174.2.10)
wuarchive.wustl.edu
/pub/aminet/util/crypt
src.doc.ic.ac.uk (Amiga)
/aminet
/amiga-boing
ftp.informatik.tu-muenchen.de
/pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
iswuarchive.wustl.edu
pub/aminet/util/crypt (Amiga)
nic.funet.fi (128.214.6.100)
/pub/crypt/pgp23A.zip
/pub/crypt/pgp23srcA.zip
/pub/crypt/pgp23A.tar.Z
ftp.uni-kl.de (131.246.9.95)
qiclab.scn.rain.com (147.28.0.97)
pc.usl.edu (130.70.40.3)
leif.thep.lu.se (130.235.92.55)
goya.dit.upm.es (138.4.2.2)
tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
ftp.etsu.edu (192.43.199.20)
princeton.edu (128.112.228.1)
pencil.cs.missouri.edu (128.206.100.207)
StealthPGP:
The Amiga version can be FTP'ed from the Aminet in
/pub/aminet/util/crypt/ as StealthPGP1_0.lha.
Also, try an archie search for PGP using the command:
archie -s pgp26 (DOS & Unix Versions)
archie -s pgp2.6 (MAC Versions)
ftpmail:
For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you. For information on
this service, send a message saying "Help" to ftpmail@decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.
Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv@nic.funet.fi:
ENCODER uuencode
SEND pub/crypt/pgp23srcA.zip
SEND pub/crypt/pgp23A.zip
This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours. Save and uudecode.
For the ftp sites on netcom, send mail to ftp-request@netcom.com containing
the word HELP in the body of the message.
World Wide Web URLs:
(Thanks to mathew@mantis.co.uk)
_________________________________________________________________
MACPGP 2.3
Program
* _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx
* _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx
* _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx
* _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3.cpt.hqx
* _FI:_
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx
* _US:_
ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz
Source code
Requires Think C.
* _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx --
version 2.2 only
* _IT:_
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3src.sea.hqx.pgp
* _FI:_
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h
qx.pgp
Documentation
PGP is rather counter-intuitive to a Mac user. Luckily, there's a
guide to using MacPGP in
ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP.
_________________________________________________________________
OS/2 PGP
You can, of course, run the DOS version of PGP under OS/2.
* _DE:_
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/2.6ui/pgp26ui-os2.zip
* _US:_
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip
ftp://ftp.csn.net/mpj/README.MPJ for the ???????
_________________________________________________________________
AMIGA PGP 2.3
* _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_3.lha
* _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_3.lha
Source
* _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a3_src.lha
* _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a3_src.lha
_________________________________________________________________
ARCHIMEDES PGP
* _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a
_________________________________________________________________
DOCUMENTATION ONLY
* _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip
* _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip
* _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip
* _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip
_________________________________________________________________
LANGUAGE MODULES
These are suitable for most PGP versions. I am not aware of any
export/import restrictions on these files.
German
* _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha
Italian
* _IT:_
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz
* _FI:_
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz
Japanese
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz
Lithuanian
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip
Russian
* _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version)
* _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version)
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip
Spanish
* _IT:_
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz
* _FI:_
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz
Swedish
* _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt
* _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt
_________________________________________________________________
OTHER SITES
Some cryptographic software is available from
ftp://van-bc.wimsey.bc.ca/pub/crypto/software/.
Read the README file and proceed from there.
BBS sites:
Colorado Catacombs BBS
(See also the entry above for PGP 2.6)
(303) 772-1062 Longmont, Colorado (2 lines)
(303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line)
For free access: log in with your own name, answer the questions, then
select [Q]uestionaire 3 from the [M]ain menu.
Verified: This morning.
Hieroglyphics Voodoo Machine (Colorado)
Jim Still (aka Johannes Keppler), sysop.
DOS, OS2, and Mac versions.
(303) 443-2457
Verified: 5-2-94
For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO"
with the password "NEW" (good for 30 minutes access to free files).
Exec-Net (New York)
Host BBS for the ILink net.
(914) 667-4567
The Ferret BBS (North Little Rock, Arkansas)
(501) 791-0124 also (501) 791-0125
Special PGP users account:
login name: PGP USER
password: PGP
This information from: Jim Wenzel <jim.wenzel@grapevine.lrk.ar.us>
If you find a version of the PGP package on a BBS or FTP site and it does not
include the PGP User's Guide, something is wrong. The manual should always
be included in the package. If it isn't, the package is suspect and should
not be used or distributed. The site you found it on should remove it so
that it does no further harm to others.
ARCHIE WHO?
There are many more sites. You can use archie and/or other "net-surfing"
tools to find a more up-to-date listing, if desired.
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7
mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei
jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe
ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR
tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu
G3chZXmEuMepZt0BAZtAA/0Rw5mintlUDgHycNbeoyIiMHoLu8jWaCSaiGSt+dDU
1A/bUCo+gorv5TYxOClRf3XHjD6zSooWyUz3ehotrzPYLunhVOE2YBxPU+OvKFOc
37mcZrnXGBlF5NblnSYxp0186tGaTm7WMWx7NDlHT4GvhzHJQSOoo48ykDkKm/mk
LIkAlQIFEC4PWbs/ZwY8hTPrxQEBKyMD/A7kv91C1ZZIRtkbC9k9lsWOgOnO8wG8
bGMajaco465Z5llWD+Y8QCMdSWcowtOBGfW0Wv1bZ1uebeCpg1L66pJ7C+BOExrk
gPqRVCstLLiVerKGeSOZo3yXtxYKYX7mHQPrHp98ef7fUG4IiKS+S+znmGxpJwrV
sHZRlhJ3hXUsiQCVAgUQLg9ZefX0zg8FAL9FAQFBTAQAh4u4Vun7WhPuL6fsXiXm
paaGfeLtd3biRj/aOMAG1eHuhVdWejx71ormyKTdNB2YV56bpsE3JQ/KhBuYDo0N
SkRnqeM2S+Ef7aZEg6Q44uXG52pqCZUldtCeYfOs3aLCR9SMlc6Y3zmpSwB1wKP0
5+tN9zruNYVKKBLWEIFAY7W0K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9o
bnNvbkBpZWVlLm9yZz60IE1pY2hhZWwgSm9obnNvbiA8bXBqQG5ldGNvbS5jb20+
tChNaWtlIEpvaG5zb24gPDcxMzMxLjIzMzJAY29tcHVzZXJ2ZS5jb20+tCtNaWNo
YWVsIFAuIEpvaG5zb24gPG1wam9obnNvQG55eC5jcy5kdS5lZHU+tC1EbyBub3Qg
dXNlIGZvciBlbmNyeXB0aW9uIGFmdGVyIDI3IEp1bmUgMTk5Ni4=
=rR4q
- -----END PGP PUBLIC KEY BLOCK-----
___________________________________________________________
|\ /| | | |
| \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 |
| | | / _ | mpj@csn.org aka mpj@netcom.com m.p.johnson@ieee.org |
| |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 |
| |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....|
| ||| \ \_/ |___________________________________________________________|
-----BEGIN PGP SIGNATURE-----
Version: 2.7
iQCVAgUBLkq2xfX0zg8FAL9FAQFTNgP+MRZEelkRWavsKsLKgTpZEXix++Bhk8CW
s1jgJkyFEgEjS5EDPsKUOZKT+peohlfSmMO1dvO4125b+g+jg3rI/BQQOnWA65PT
8ylmelaoQSrzPhbYvPCk/a7zzOqoGnfa3x4C3ECJBRKFvofaZOgo1pzzCxwwa/wW
PtYKpgCtp34=
=H24Y
-----END PGP SIGNATURE-----
Section 3: Michael Johnson's PGP bomb contribution.
From: Michael Johnson <mpj@csn.org>
Subject: PGP Time Bomb FAQ
-----BEGIN PGP SIGNED MESSAGE-----
PGP TIME BOMB FAQ
There has been some confusion about the annoying "Time Bomb" in MIT PGP 2.6,
as well as some other PGP version compatibility issues. This is an attempt to
clear up some of that confusion.
WHY IS THERE A TIME BOMB IN MIT PGP 2.6?
In the process of negotiating for the right to distribute a fully legal
version of PGP that the patent assignees agree doesn't infring upon their
patents, MIT agreed to include an inducement for people to upgrade from the
alledgedly infringing freeware PGP 2.3a to the clearly legal freeware MIT PGP
2.6 or the also clearly legal Viacrypt PGP 2.7.
Folks, you may not realize it, but the RSADSI/PKP concession to allow a
freeware PGP in the USA is BIG TIME GOOD NEWS! To induce a small
incompatibility with a downlevel version of PGP with several bugs in it is a
small annoyance by comparison.
WHAT IS THE NATURE OF THE TIME BOMB?
On 1 September 1994 UT, by your system clock, MIT PGP 2.6 will start
generating encrypted message and signature packets with a version byte
(offset 3) of 2 instead of 3. It will accept either 2 or 3 as valid. This
means that messages from PGP 2.3a and old messages from MIT PGP 2.6 can be
read by MIT PGP 2.6, but new messages from MIT PGP 2.6 cannot be read by PGP
2.3a. See pgformat.doc in the MIT PGP 2.6 distribution for the location and
use of these bytes. This time bomb is activated by code in pgp.c that looks
like this:
#define VERSION_BYTE_OLD 2 /* PGP2 */
#define VERSION_BYTE_KLUDGE 3
...
boolean legal_kludge;
int version_byte = VERSION_BYTE_OLD;
...
/* Turn on incompatibility as of 1 September 1994 (GMT) */
legal_kludge = (get_timestamp(NULL) >= 0x2e651980);
...
if (legal_kludge)
version_byte = VERSION_BYTE_KLUDGE;
Although a method for disarming the time bomb is obvious to the casual C
programmer, disabling this feature invalidates the RSA license to use the
program, and really doesn't gain you much for reasons that will become
obvious below.
HOW DOES THIS TIME BOMB AFFECT COMPATIBILITY WITH OTHER VERSIONS?
The bottom line is that PGP 2.3a and before (as well as Viacrypt PGP 2.4)
cannot read all of the latest PGP version formats, starting on 1 September
1994. Here is a summary of the version bytes generated and understood:
Format
generated Formats
before/after understood
Version 1 Sep 94 (all times)
- ---------------------------- ----- ---- -----------
2.3 2 2 2
2.3a 2 2 2
Amiga 2.3a.4 2 2 2,3
Viacrypt 2.4 2 2 2
2.6ui 2 2 2,3
MIT 2.6 2 3 2,3
Viacrypt 2.7, pkcs_compat=1 2 3 2,3
Viacrypt 2.7, pkcs_compat=2 2 2 2,3
Viacrypt 2.7, pkcs_compat=3 3 3 2,3
(Not mentioned above is MIT PGP 2.5, which was a buggy beta, nor several
other versions that are outside the mainstream PGP project).
If you are using one of the versions above that cannot understand version
byte 3 messages, you should upgrade to one that does. The upgrade from
Viacrypt PGP 2.4 to Viacrypt PGP 2.7 is only US$10, and also provides several
other enhancements.
As you can see, people with downlevel versions of PGP will not be able to
read all PGP messages directed at them, nor will they be able to verify all
of the signed messages they might wish to verify.
It is also worth noting that none of the new versions have any trouble
reading the old format messages.
WHAT IS THE RSA KEY MODULUS LENGTH LIMIT?
The RSA key modulus length limit for compatibility with all mainstream PGP
versions is 1024 bits (military grade). I recommend the use of this length,
at least for now.
PGP 2.3a, running on some platforms (but not others), use to be able to
generate and use 1264 bit keys. In addition, some people have hacked their
own copies of PGP to generate and use longer keys (up to 8192 bits or some
such crazy number). Distribution of these hacked versions under the "Pretty
Good Privacy" trademarked name is not recommended, since it upsets the trade
mark owner (Philip Zimmermann) and interferes with some of his long term
plans to support longer keys in a more organized fashion.
IS 1024 BITS LONG ENOUGH?
Conservative estimates of increasing computing power, advancing mathematical
knowledge, and the propensity of certain spy organizations to spend lots of
money on these things say that 1024 bit keys are strong enough for at least
20 years or so. Less paranoid prognosticators say that such keys are good
for hundreds of years. More paranoid prognosticators think that someone has
already broken RSA and not told us about it, so no RSA key is safe. My
opinion is that RSA keys with a modulus of about 1024 bits in length is more
than adequate to protect most electronic mail and financial transactions.
What do you think?
HOW DOES THE STRENGTH OF RSA AND IDEA COMPARE?
As implemented in PGP, the IDEA cipher used for bulk encryption appears to be
stronger than the RSA cipher. In fact, to strengthen the RSA to the same
level as the IDEA cipher (assuming a brute force attack), it would take an
RSA modulus of about 3100 bits.
WHY NOT ALLOW LONGER RSA KEYS, ANYWAY?
OK, so you are more paranoid than me, and want the RSA key to be at least as
strong as the IDEA cipher. Why isn't there a higher limit to the RSA key
size?
First, there is the minor problem that RSAREF and BSAFE (which are tied to
the RSA patent license for the freeware and some commercial versions of PGP)
have a key length limit of 1024 bits. Changing this involves negotiations
with RSADSI/PKP, and could take some time. Second, allowing longer key sizes
could create a Tower of Babel problem of incompatible PGP versions, since not
all versions could handle these long keys. Third, the implementation of
longer keys needs to be done in an orderly manner such that all mainstream
PGP versions (Viacrypt, MIT freeware, BSAFE-based commercial, and possibly a
non-USA variant) are first upgraded to accept, but not generate, the longer
keys. After all PGP users can accept the longer keys, then PGP versions can
start generating the longer keys with no interruption in service.
It still makes sense to have a length limit for compatibility reasons. I
have asked Philip Zimmermann to increase that to at least 4096 bits when he
can, and I think that he will do that in an orderly manner if there isn't too
much in the way of hassles with RSAREF and BSAFE licensing.
If this isn't secure enough for you, shift to conventional encryption and
manual (direct person-to-person) key exchange, making sure that your keys
have at least 128 bits of entropy. This can be done with pgp -c or another
private key encryption program called dlock that has the virtues of (1) NO
patent problems, and (2) very strong encryption. (DLOCK is not nearly as user
friendly as PGP, but what do you want for free?)
HOW DOES PKCS BYTE ORDERING IN KEYS AFFECT COMPATIBILITY?
PGP versions 2.2 and before generated key and signature block formats with a
different byte order than derived from the PKCS standards. PGP 2.3 also
generated this old format if you specified +pkcs_compat=0 in config.txt or on
the command line. This old format is now obsolete. Unfortunately, the old
format cannot be parsed by RSAREF or BSAFE, so PGP versions based on these
crypto engines (like MIT PGP 2.6) cannot read those packets. Viacrypt PGP,
Return to September 1994
Return to ““Gary Jeffers” <CCGARY@MIZZOU1.missouri.edu>”
1994-09-06 (Tue, 6 Sep 94 15:57:16 PDT) - CEB1B PREMEIERE ISSUE - “Gary Jeffers” <CCGARY@MIZZOU1.missouri.edu>