From: alan.pugh@internetmci.com (Alan Pugh)
To: cypherpunks@toad.com
Message Hash: 5de48c45930d8b18bc9787cefe9784a0cc7ee2ff3dc4d36f6bd71289d788d57e
Message ID: <01HSV0ZF4V7M937K02@MAILSRV1.PCY.MCI.NET>
Reply To: N/A
UTC Datetime: 1995-07-14 17:14:35 UTC
Raw Date: Fri, 14 Jul 95 10:14:35 PDT
From: alan.pugh@internetmci.com (Alan Pugh)
Date: Fri, 14 Jul 95 10:14:35 PDT
To: cypherpunks@toad.com
Subject: pgp mention
Message-ID: <01HSV0ZF4V7M937K02@MAILSRV1.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
hello all,
nothing new here. there are some obvious errors in this article, most
notably that it claims phil z. uploaded pgp to the internet, while
phil claims this is not so.
anyhow, i figure mention in the mass press is reason enough to post
here...
===begin===
Date: Thursday, 13-Jul-95 05:12 AM
Encryption software keeps unauthorized readers out of your e-mail
I think you've known me long enough to trust me. So I hope you won't
mind letting me read your mail.
What's that? You object to my reading your mail? You say that your
private correspondence is none of my business?
Fair enough. I feel the same way about my mail. That's why I put my
letters in envelopes. But what about the messages we exchange over
computer networks?
Any computer is a profoundly insecure place for storing private
information. As more people communicate over computer networks, they
expose themselves to severe embarrassment, or worse. A determined
government agency or corporation could tap the Internet or other data
networks, and gather all manner of financial, political or personal
information.
But the same technology that makes this snooping possible is making it
possible for people to make communications virtually unreadable by
anyone except the people they're meant for.
It's done using software that encrypts information _ turns it into a
collection of gibberish. But this mishmash of symbols can be read by
someone who possesses the key, a kind of electronic letter-opener.
Encryption has been around quite awhile. The first coded messages we
know about were sent by the soldiers and diplomats of Sparta about
2,400 years ago. But few private citizens have ever bothered to
write in code. Most of us don't have many secrets. And the few we do
have aren't important enough to justify the immense complexity of a
really good code system.
But when you have millions of people swapping E-mail on easily tapped
computer networks, attitudes start to change. Especially when the
computer itself can encode your messages in a form that's nearly
unbreakable.
The idea is to apply an algorithm, or mathematical formula, that can
be used to code and decode any message. By the way, you don't have to
keep the formula secret. If the algorithm is really good, it won't
matter if a potential code-breaker knows it by heart. Run a message
through the algorithm, and even an expert code-breaker will need the
key to read it.
Traditionally, going for the key has been the best way to break a
code. British and American researchers during World War II figured
out the keys to the German Enigma coding machine, and read Hitler's
mail.
But in 1971, Whitfield Diffle and Martin Hellman came up with a much
tougher coding scheme, called public key cryptography. It relies on
two keys. One, the public key, is used only to encode messages. You
give this key to everybody who wants to send you a coded message.
But the public key can't be used to read messages. For that, you use a
second, private key. When you receive a coded message, you run it
through your coding program along with your private key.
Each key is a collection of letters and numbers generated by the
coding program. The longer the keys, the tougher it is to break the
code. But even a state-of-the-art public key system can be broken.
All you'll need is a supercomputer and several million years _ the
time it'll take to work through every possible solution.
It also takes a fair amount of computing power to use a public key
system. When Diffle and Hellman came up with the idea, only
corporations and governments had computers capable of the job. Now,
millions of us do.
In addition, we now link these machines together over worldwide
networks. Millions of us use computer networks to make credit-card
purchases, exchange business data, or write love letters. All of
which means we need a way to ensure that information we send can be
read only by those it's aimed at _ cryptography for the masses.
And now we have it, thanks to Philip Zimmermann, anti-nuclear
activist, software engineer and author of Pretty Good Privacy (PGP).
It's a program many cryptography experts consider well-nigh
unbreakable.
You can order a commercial version of PGP from ViaCrypt, an Arizona
company. You pay $100 for the DOS version, $125 for Windows or Mac.
Call 1-602-944-0773, 10-7 weekdays.
But the original PGP program is freeware. You can download it at no
charge from the Massachusetts Institute of Technology's FTP site
(net-dist.mit.edu, in the pub/PGP directory) or from the National
Computer Security Association Forum on CompuServe. The latest version
is called PGP262.ZIP.
When you try to download PGP, you'll be asked whether you're a U.S.
citizen. If you don't answer yes, you won't get the program.
MIT and CompuServe don't care if you're phoning in from Jupiter.
They're just trying to protect themselves. They don't want to end up
like Zimmermann, who has spent the last three years trying to keep
out of jail.
It all began in 1991, when Zimmermann was designing PGP. He heard
Congress was considering a law to ban the use of encryption software.
His left-wing instincts roused, Zimmermann quickly finished his
program, and then uploaded it to an Internet site. Once unleashed, no
government would be able to restrict PGP.
Sure enough, PGP was soon being used by people all over the United
States. No problem _ the bill never passed. But when Internet users
outside the U.S. started downloading it, the federal government put
the Zimmermann case in front of a grand jury.
It seems that selling encryption software to foreigners is a federal
crime, on the same scale with peddling plutonium. The fact that
Zimmermann didn't sell PGP may or may not help him. The grand jury
has been at work since 1992, trying to decide whether to issue an
indictment. Zimmermann could get up to four years in prison.
It's easy to denounce this assault on freedom, but the authorities
have a point. Most PGP users are honest citizens with a taste for
privacy. But the coding and encoding software works just as well for
terrorists, mobsters or child molesters. Cheap, powerful encryption
software will make life a lot tougher for the people who work to keep
us all safe.
But then, the cops would also have an easier job if we all just agreed
to let them open everybody's mail. How about it?
X X X
(You can send electronic mail to Hiawatha Bray. If you're on the
Internet, send it to: watha(at)det-freepress.com; On Compuserve,
write to: 72662,2521; America Online users, write to: WathaB.)
KNIGHT-RIDDER-WASHINGTON--07-12-95 0914EDT
-0- By Hiawatha Bray Knight-Ridder Newspapers
*** End of story ***
-----BEGIN PGP SIGNATURE-----
Version: 2.61
iQEVAwUBMAZbCigP1O9KJoPBAQHe+wf/bICqNHngGDGaK6ECIOy39OhHPdHxzdMw
zlU3ptgGrFpSmKyb1PqXSK3U41QfPCC2WDTLcxtxZHfE7J1DHkiptBvcwB5Sm6wJ
4i6PnCgCoot9EX4I8iG+WwAoujIUsDg2/7xoO6ba5daykFTBeeSw8iGac4O6j4aX
bz2JSpr3DsSQK7neB2HdeXp3Ovp7/qwM8Hx0nKn5ml/otFl6DUk6+7khLo5CvRG7
ei+aRMxn3H0B6EsFqB5s///RA3MuM1327ZzqAubIBaXpCU0VNK6M462oDDh8cTu1
u6gCnGKS5pT8imFBID8vu0S2P8ME8opl937B/aGrYhgzvoI2oZ0NKA==
=I6XV
-----END PGP SIGNATURE-----
*********************************************
* / Only God can see the whole *
* O[%\%\%{<>===========================- *
* \ Mandlebrot Set at Once! *
* amp *
* <0003701548@mcimail.com> *
* <alan.pugh@internetmci.com> *
*********************************************
Key fingerprint = A7 97 70 0F E2 5B 95 7C DB 7C 2B BF 0F E1 69 1D
Return to July 1995
Return to “alan.pugh@internetmci.com (Alan Pugh)”
1995-07-14 (Fri, 14 Jul 95 10:14:35 PDT) - pgp mention - alan.pugh@internetmci.com (Alan Pugh)