1994-11-18 - CEB6 part 2 of 2

Header Data

From: “Gary Jeffers” <CCGARY@MIZZOU1.missouri.edu>
To: cypherpunks@toad.com
Message Hash: 48bec4cac54b83add95d9659d5053973779107883a046eaf6b1c6ca0cb27b0c8
Message ID: <9411180334.AB24644@toad.com>
Reply To: N/A
UTC Datetime: 1994-11-18 03:34:40 UTC
Raw Date: Thu, 17 Nov 94 19:34:40 PST

Raw message

From: "Gary Jeffers" <CCGARY@MIZZOU1.missouri.edu>
Date: Thu, 17 Nov 94 19:34:40 PST
To: cypherpunks@toad.com
Subject: CEB6 part 2 of 2
Message-ID: <9411180334.AB24644@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Hunt around & read his read file.

Files in this directory are not for export from the USA and Canada.

secdev13.arj -- Secure Device file hosted device driver by Artur Helwig
                of the Netherlands.
sfs110.zip   -- Secure File system by Peter Gutman of New Zealand
secdr13e.zip -- Secure Drive by Mike Ingle and Edgar Swank of the USA
*/

Chapter 6. Remailers & chained remailers.


From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Message-Id: <9408300753.AA22369@anchor.ho.att.com>
To: CCGARY@MIZZOU1.missouri.edu
Subject: Re:  Using remailers, chained remailers?

There's somebody who posts a remailer summary to the list about monthly.

/*  Text correction follows from  Zarr

--
     Admin@anon.penet.fi (Admin of The Anonymous Contact Service)

*   There are three or four sets of remailers out there:
*   - anon.penet.fi, which gives you an account anNUMBER@anon.penet.fi
*   which people can reply to.  Please, send a message to
*   ping@anon.penet.fi to receive an anon ID.  You probably also want
*   to send a message to help@anon.penet.fi to receive the help file.
*   Its big use is for anonymous Usenet posting with working replies.
   end of text correction. */


some also support Usenet posting.  Soda is pretty typical.

- The cypherpunks remailers, which are mostly one-way no-reply mailers;
- Various enhanced cypherpunks remailers, which have features like
encrypted reply addresses you can attach at the end.

You can get information on using the soda remailer by sending email
to remailer@csua.berkeley.edu, with "help" somewhere in the posting;
I'm not sure if it wants it in the Subject: or in the body.
That's the remailer that posts from "Tommy the Tourist" with
random NSA-bait at the bottom of postings.

Here's a recent posting on getting status of remailers.
Note that some really only remail once per day, so they may be
working fine even if it says they're not.

----
Date: Mon, 15 Aug 1994 13:39:33 -0700
From: Raph Levien <raph@kiwi.CS.Berkeley.EDU>
To: cypherpunks@toad.com
Subject: "finger remailer-list@kiwi.cs.berkeley.edu" now operational

Hi all,

   I have written and installed a remailer pinging script which
collects detailed information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, at
http://http.cs.berkeley.edu/~raph/remailer-list.html

   Please do not take the uptime figures too seriously, at least for
another week or so. The script has only been running reliably for a
few days.

   Please let me know about any other remailers which I missed. I've
only included remailers which can mail to arbitrary addresses, so I
already know chop and twwells are missing.

   If you've got a Web page, please feel free to include a link to
this page. If you think your Web page is relevant to the subject of
remailers, let me know and I'll link it in.

   Comments and suggestions welcome!

Raph Levien


-------
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465


Chapter 7. Current problems in Crypt.

1. We need an Internet Chat PGP system for conversations in real time.
    /* HEY! ITS LOOKS LIKE WE'VE GOT IT! SEE CHAPTER 10. */
2. Has Arsen Arachelian really solved the problem of discovery of crypt
   in steganograpy by statistical examination of the least significant
   bits in his WNSTROM? I have seen no debate on this.
3. If the Feds capture the internet & put their anti-privacy hardware
   & protocols in place & outlaw remailers, does anyone have any idea
   how to build secure & effective remailers? A "Fortress remailer"?
4. If the above possibility happens & Cyperpunks' list is outlawed,
   does anyone have ideas how to make a "Fortress list"?

/* Currently, we have Fortress Cryptography & State Sufferance
remailers, mailing lists & newsgroups. We must have Fortress:
remailers, mailing lists & newsgroups!  */



Chapter 8. Text sources.
Section 1. Books.

    Part 1. Simson Garfinkel's PGP book.

From: Stanton McCandlish <mech@eff.org>
Subject: O'Reilly PGP book
Date: Wed, 7 Sep 1994 13:38:58 -0400 (EDT)

coming soon, PGP hits the mainstream:


   PGP: Pretty Good Privacy
   by Simson Garfinkel
   1st Edition November 1994 (est.)
   250 pages (est),ISBN: 1-56592-098-8, $17.95 (est)

     PGP is a freely available encryption program that protects the
privacy of files and electronic mail.  It uses powerful public key
cryptography and works on virtually every platform.  PGP: Pretty Good
Privacy by Simson Garfinkel is both a readable technical users guide and
a fascinating behind-the-scenes look at cryptography and privacy.  Part I
of the book describes how to use PGP:  protecting files and email,
creating and using keys, signing messages, certifying and distributing
keys, and using key servers.  Part II provides background on cryptography,
battles against public key patents and U.S. government export restrictions,
and other aspects of the ongoing public debates about privacy and free
speech.
--
<A HREF="http://www.eff.org/~mech/mech.html">       Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">              mech@eff.org
</A><P><A HREF="http://www.eff.org/">               Electronic Frontier Fndtn.
</A><P>   Online Activist       


    Part 2. Bruce Schneier's cryptography book.


   The best book in cryptography is:
APPLIED CRYPTOGRAPHY  Protocols, Algorithms, and Source Code in C
by Bruce Schneier
Loompanics advertising copy follows:
 In Applied Cryptography, data security expert Bruce Schneier details
how programmers can use cryptography - the technique of enciphering
messages - to maintain the privacy of computer data. Covering the latest
developments in practical cryptographic techniques, the book shows
programmers who design computer software and systems we use every day.
   Along with more than 100 pages of actual C source code of working
cryptographic algorithms, this pratical handbook:

* Explains data encryption protocols and techniques currently in use
and likely to be used in the future.
* Offers numerous present day applications - from secure correspondence
to anonymous messaging.
* Includes numerous source code fragments and shows how to incorporate
them into larger programs.
* Discusses related issues like patents, export laws, and legal rulings.
  And much more!

1994, 7 1/2 x 9, 636 pp, Illustrated, indexed, soft cover.
APPLIED CRYPTOGRAPHY: $44.95
(order number 10062)
$4.00 for shipping and handling. UPS ground. Additional $7.50 if you
want UPS w day air(blue)- that would be $11.50.

Loompanics Unlimited
PO Box 1197
Port Townsend, WA 98368

/*
    Part 3. William Stallings PGP book.

From: William Stallings <ws@shore.net>
   William Stallings says that his new book will be out in a few weeks. d
The book's foreword is by Phil Zimmerman who highly praises the book &  e
states that he prefers it to his own documentation when he needs to look
something up! The book's table of contents, then the foreword follows:


| Bill Stallings       | PGP key available at    | also from Stable
| Comp-Comm Consulting | gopher.shore.net        | Large Email Database
| P. O. Box 2405       | in members/ws           | contact
| Brewster, MA 02631   |                         | key@Four11.com

                Protect Your Privacy: The PGP User's Guide

                            William Stallings

                    (Prentice-Hall, ISBN 0-13-185596-4)

                            Table of Contents

Foreword by Phil Zimmermann

Acknowledgments

Reader's Guide to the PGP User's Guide

Chapter 1    Protect Your Privacy!
    1.1  What is PGP?
    1.2  PGP Versions

                         Part I    HOW PGP WORKS

Chapter 2    Basic Principles of PGP
    2.1  Conventional Encryption
    2.2  Public Key Encryption
    2.3  Secure Hash Functions

Chapter 3    Sending and Receiving PGP Messages
    3.1  PGP: The Big Picture
    3.2  PGP is Not E-Mail
    3.3  Public Keys and Private Keys
    3.4  Digital Signatures
    3.5  Compression
    3.6  Message Encryption
    3.7  E-Mail Compatibility
    3.8  The Order of Operations in PGP

Chapter 4    PGP Features
    4.1  Multiple Recipients
    4.2  Encrypting Local Files
    4.3  The Display-Only Option
    4.4  Wiping
    4.5  Protecting Text Files
    4.6  Signature Options

Chapter 5    Key Generation and Secret Key Management
    5.1  Creating Public/Secret Key Pairs
    5.2  Secret Key Management

Chapter 6    Public Key Management
    6.1  Exchanging Public Keys
    6.2  Certifying Public Keys
    6.3  Owner Trust and Key Legitimacy

                        Part II    USING PGP

Chapter 7    DOS PGP: Getting Started
    7.1  Getting Started
    7.2  Key Generation
    7.3  Signing Your Key
    7.4  Extracting Your Key
    7.5  Preparing a Message for Transmission
    7.6  Processing a Received Message
    7.7  Adding Keys to Your Public Key Ring
    7.8  Certifying PGP

Chapter 8    DOS PGP Reference
    8.1  Message/File Processing
    8.2  Key Management
    8.3  Miscellaneous Commands and Options
    8.4  The config.txt File
    8.5  Using a DOS Shell

Chapter 9    Macintosh PGP: Getting Started
    9.1  Getting Started
    9.2  Key Generation
    9.3  Signing Your Key
    9.4  Extracting Your Key
    9.5  Preparing a Message for Transmission
    9.6  Processing a Received Message
    9.7  Adding Keys to Your Public Key Ring
    9.8  Certifying MacPGP

Chapter 10    Macintosh PGP Reference
    10.1  PGP Messages Window
    10.2  Help Menu
    10.3  File Menu
    10.4  Key Menu
    10.5  Options Menu

Chapter 11    Windows PGP
    11.1  WinPGP
    11.2  PGP WinFront

                 PART III  Supplemental Information

Chapter 12    The Building Blocks of PGP
    12.1  Conventional Encryption: IDEA
    12.2  Public Key Encryption: RSA
    12.3  Secure Hash Function: MD5

Chapter 13    Choosing Your Passphrase
    13.1  How to Guess a Passphrase
    13.2  How to Choose an Unguessable Passphrase

Chapter 14  Where to Get PGP

Chapter 15    Public Key Servers
    15.1  How to Use Public Key Servers
    15.2  Where to Find Public Key Servers
    15.3  Stable Large EMail Database (SLED)

Chapter 16    PGP 3.0

Foreword by Philip Zimmermann

This book is about Pretty Good Privacy, a program I created to encrypt e-
mail using public key cryptography. PGP was electronically published as
free software in 1991. Little did I realize what this project would lead to.
PGP has become the worldwide de facto standard for e-mail encryption.
        I've admired Bill Stallings's writings in computer science for some
years before PGP, and here he is writing a book about my program. How
can I talk about how great his book is, without, by implication, talking
about how great PGP is? It's hard to write a foreword for his book about
PGP without sliding into some measure of self-indulgence.
        I've been so close to this project for so long that I sometimes lose
sight of the scope of what PGP provides. I got the manuscript for Bill's book
in the mail the other day -- the book you are holding. Sitting down with it,
flipping through it, endless pages of diagrams, the formal treatment of it,
services provided by PGP. It wasn't till I saw his book on PGP that I could
step back and see PGP as others see it. The breadth of it. As a software
engineer, I'm used to either documenting my own software, or having a
random company tech writer document it. All software engineers get that.
But having William Stallings do the manual for your software -- it's sort of
like having your portrait done by a world-class artist.
        There are a very small number of software packages that have far-
reaching political implications. Most software that fits in such an influential
category has negative effects on our civil liberties. For example,
government intelligence agencies use a software package called PROMIS,
which is a powerful tool of governments to track people's activities,
movements, spending, political affiliations, et cetera. Now that is a piece of
software with far-reaching political implications. Mostly bad ones. Then
there is the software that the Medical Information Bureau uses to classify
people who file medical insurance claims, to put them on a medical "black
list", so that they cannot purchase any medical insurance ever again. That
software has far-reaching political implications -- enough to raise a large-
scale backlash in our society to do something about it. In most cases, it
seems that software that has powerful political effects is software designed
to strengthen the strong and weaken the weak.
        But PGP also has far-reaching political implications. Mostly good ones.
In the Information Age, cryptography affects the power relationship
between government and its people. The Government knows this all too
well, as evidenced by their recent policy initiatives for the Clipper chip,
which would give the Government a back door into all our private
communications -- an Orwellian "wiretap chip" built into all our
telephones, fax machines and computer networks. PGP strikes a blow
against such dark trends, and has become a crystal nucleus for the growth
of the Crypto Revolution, a new political movement for privacy and civil
liberties in the Information Age.  This government has done all they can to
stop the emergence of a worldwide encryption standard that they don't
have a back door into. And that same government has placed me under
criminal investigation for unleashing this free software on the world. If
indicted and convicted, I would face 41 to 51 months in a federal prison.
        Despite the pressure the Government has brought to bear against
PGP (or perhaps because of it), PGP has become the most widely used
software in the world for e-mail encryption, used by a variety of activists,
and anyone else needing protection from the powerful. It's also used by
ordinary people to protect their personal and business communications
from prying eyes.
        PGP may have a future as an official Internet standard, as the
Internet Engineering Task Force develops an interest in it. No one who
wants to work in the area of Internet e-mail privacy should neglect
studying PGP. Because of the "fax machine effect", more people who want
to encrypt their e-mail are getting PGP because everyone else who
encrypts their e-mail is already using it.
        Naturally, I want people to read the Official PGP User's Guide, which
comes with the electronic distribution package of PGP (also in book form
from MIT Press), because I wrote it. Also, I'm more entertaining and
personable in my book. And more political. But Bill Stallings' book is more
comprehensive than mine, more thorough, covering more detail, with a lot
more diagrams. He's really good at completely nailing it down in a book. In
fact, I'll probably use his book myself as my preferred reference to PGP.

Philip Zimmermann
Boulder, Colorado
PGP Fingerprint:
9E 94 45 13 39 83 5F 70
7B E7 D8 ED C4 BE 5A A6
*/


Section 2. Rants.


For good rants FTP to soda.berkeley.edu   /pub/cypherpunks/rants

Section 3. CYPHERNOMICON - Tim May's "official" Cypherpunks' FAQ.
   This is a giant (1.3MB uncompressed) faq by Tim May.

To get it by anonymous ftp:
ftp to ftp.netcom.com /pub/tcmay  - This directory has it & its
associated files.


Chapter 9. Cypherpunks' mailing list. getting on etc..

>>>> help
This is Brent Chapman's "Majordomo" mailing list manager, version 1.92.

In the description below items contained in []'s are optional. When
providing the item, do not include the []'s around it.

It understands the following commands:

    subscribe <list> [<address>]
        Subscribe yourself (or <address> if specified) to the named <list>.

    unsubscribe <list> [<address>]
        Unsubscribe yourself (or <address> if specified) from the named <list>.

    get <list> <filename>
        Get a file related to <list>.

    index <list>
        Return an index of files you can "get" for <list>.

    which [<address>]
        Find out which lists you (or <address> if specified) are on.

    who <list>
        Find out who is on the named <list>.

    info <list>
        Retrieve the general introductory information for the named <list>.

    lists
        Show the lists served by this Majordomo server.

    help
        Retrieve this message.

    end
        Stop processing commands (useful if your mailer adds a signature).

Commands should be sent in the body of an email message to
"Majordomo@toad.com".

Commands in the "Subject:" line NOT processed.

If you have any questions or problems, please contact
"Majordomo-Owner@toad.com".


Chapter 10. IRC chat strong encryption?

Section 1. prig (cryptical)'s  contribution.


   Do we really have this capability now? According to following post we
do! This info has not been verified yet. You may want to experiment
for yourself.

Section 1. prig(cryptical)'s offering.

From: prig0011@gold.tc.umn.edu
Subject: IRC Encryption

There was a thread a while back about encrypted conversations on channel
#freedom on irc. I came across the software I believe they are using. Its
a package called Circ, and it is available from archives of
comp.sources.misc volume 38 issue 10. It is interesting in that it uses
RSA for key exchange, and triple DES for the encryption. The Circ package
includes an earlier implementation "socks" which is a stand alone
encrypted irc client. I think this is what they use on #freedom. This is
an interesting tool for a couple of reasons. irc can be as anonymous as
you want to make it. There are ways of hiding what site you're coming
from, your real username, you can change your nick often as you want, and
it's got a high enough usage that you can lose yourself in a crowd.
It supports background file transfers. You can create a channel and lock
it to uninvited people. It is supported pretty much net-wide, if you can
telnet, you can irc. Interesting stuff, and I'll be playing more with it
in the near future.

BTW: my nick is cryptical on irc. :)

/*
Section 2. Ed Carp's offer.

   According to Ed Carp, the package has been around for a long time &
he's had it on his system for monthes. Ed says: "If anyone wants it,
they can email me and I'll send it to them, tarred, gripped, and
uuencoded."
Ed Carp is ecarp@netcom.com
*/



                                       PUSH EM BACK! PUSH EM BACK!
                                       WWWAAAYYYY  BBBAAACCCK!
                                       BBBEEEAAATTTT  STATE!





Thread