From: Jim Cannell Area: Public Key Encryption To: John Nieder 19 Sep 94 20:47:28 Subject: Who's This Ashworth? UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a msg on , John Nieder of 1:125/33 writes: JN> He uses PGP extensively in his Fidonet netmail, which usually is JN> being sent to one of the GUUCP gates to Internet. He has JN> been using PGP for well over a year with no problems. A JN> couple of weeks ago, he sent a PGPed message to a Fidonet JN> user and received a message from someone named RICK ASHWORTH JN> who had intercepted the correspondence and threatened an JN> "annoying behavior" complaint against the BBS my friend uses JN> if he ever saw PGPed messages from him again. Mr. Ashworth is a long time FidoNet sysop who has let the authority of his position go to his head. Your best bet is to ignore him and any of the other control phreaks who mistakenly believe that they can prevent encrypted traffic from flowing through their systems. JN> Naturally, my friend has no control over the routing of his JN> messages. It is our understanding that nodes that do not wish JN> PGPed traffic run a program (PGP-Toss?) that reroutes the JN> communications to a system of pro-PGP nodes (Securenet?) who JN> then carry the encrypted traffic. JN> My friend's sysop is no help in any of this, BTW, as he doesn't JN> consider either the issue or my friend worth any hassle JN> whatsoever on his part. What node does your friend post from? We can have the nearest SecureMail host contact his sysop, so that the NetMail to/from there can be routed through SecureMail, where privacy is a paramount concern. For complete info on SecureMail, freq SECUREMAIL from here. Most of the other SMHs also have it available. BTW, the system that you are posting from is the Net 125 SecureMail host. JN> What's going on here? Is Ashworth just some crank on a jihad or JN> has PGP policy changed that substantially on Fidonet since I JN> last looked? Policy has not changed. The control phreaks correctly see that PGP threatens their power. Just ignore them, and route your traffic around them. Jim - International SecureMail Host (ISMH) PGP key 1024/B7822B3D fingerprint = 0F F4 79 06 3B 33 99 D1 07 36 66 66 80 85 76 B3 Protect your right to privacy. Say no to GAK. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLn5niyWTIMO3gis9AQGbPQQAq3CVM4hbIqdl9066Az1QsnXxIv+5PJqW T8Cb7Hf/dVc0cfzNXmbxMpM5Y9wq6Qyq8jYguMrjDaEaYfG3NN4q2xytqXy0Nd4K dAInSlZ72TmHDGivD1Ts2TT8XDppEhFNAnH75ABU6dIYlmMBFvLqRMtNBOna/94Q CF9VMM/l9qw= =VhwH -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Bill Bishop Area: Public Key Encryption To: Leroy Ang 17 Sep 94 21:53:04 Subject: New To Pgp UpdReq -=>Leroy Ang unabashedly said to John Schofield... LA> Do you mind teaching me how to use PGP with BlueWave? I tried using LA> batch files to sign my mails but not very successful and my knowledge LA> on batch programming is very limited. So can you help suggest any LA> solution? Why don't you freq PGPBLU30 from FIDO 366/515. It's a seamless interface with auto-decryption and a real neat program. Also a version for O/S 2. Bill ... SLEEP: that fleeting moment just before the alarm. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Brad Ems 21 Sep 94 00:38:14 Subject: Getting Started w/PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- Despite the stern warnings of the tribal elders, Brad Ems said this to All: BE> 1: I have both PGP 2.3 and 2.6. I have learned that after a BE> certain date, PGP 2.6 will not work with keys generated by 2.3. BE> Am I correct in thinking this? No. PGP 2.6 currently writes output that 2.3 can't read. That's it. BTW, not everybody's copy of 2.6 writes that output. :-) BE> 3. I have heard that give that MIT worked on PGP to legalize BE> it in the eyes of the Washington bureaucrats, it may not BE> be entirely robust. has anyone any info on 2.6's BE> integrity? Phillip Zimmerman, the original PGP author, says it's fine. BE> How much here is cryptographic finery that a bumpkin like BE> me does not need to know, and how much is critical stuff BE> that will have Janet Reno knocking on my door if I don't? PGP 2.6 and up are totally legal to use in the US. Even if you screw up, Janet Reno won't be knocking on your door. Unless you had information in that message that incriminates you, and your screwup causes it to be readable by somebody untrustworthy. :-) In the long run, you can never be 100% certain of your security. For practical purposes, if you trust PGP at all then all you need to know is whether or not your messages are indeed being encrypted when you think they're being encrypted. Oh, and two other things that you should be certain to get right: 1) Never sign anything, especially somebody else's key, unless you're damn certain it's for real and that you want your name signed to it. Digital sigs will probably hold up in court, so it's at least as bad as putting your paper signature on something. When asked to sign someone's key, ask yourself "would I be willing to testify in court, under penalty of perjury, that I'm certain this key belongs to Joe Blow?" If not, then don't sign it. 2) Never, ever, for any reason, let anybody have your SECRET key. Spread your public key far and wide, cast it upon the four winds, but there's no reason whatsoever that anybody could ever need your secret key. Anybody who tells you he needs your key for any reason is lying. BTW, make a backup of your keyrings on floppy. Right now. Put it somewhere safe. If you accidently lose them in a hard drive crash, you're screwed without a backup. If you've chosen a good passphrase for protecting it, letting a copy of your secret keyring exist on floppy is OK, because people still can't access the key without that passphrase. Note the word "passphrase." If you're using something better described as a passWORD, your key isn't stored securely. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: Privacy is a basic human right. iQCVAwUBLn/GvObJC2KuabptAQH3mAQAiUGQyGvJmoqGakZgiAsbfI/UiP7jeePV zdDPcVlogLTxxzbSSuiaoXrIvQ4Uc5Ph/1aAj6Q38UAl0enlfi9hPwUqCUCQsigQ OaQPLY+L/Y6mThXBSgqC3gd11qlDNolZ/35A3NJwieAUbXg9UwOKAhZLx0KKnVv0 60CSKCQqvM4= =wX7I -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: John Nieder 21 Sep 94 00:43:30 Subject: Who's This Ashworth? UpdReq Despite the stern warnings of the tribal elders, John Nieder said this to All: JN> been using PGP for well over a year with no problems. A JN> couple of weeks ago, he sent a PGPed message to a Fidonet JN> user and received a message from someone named RICK ASHWORTH JN> who had intercepted the correspondence and threatened an JN> "annoying behavior" complaint against the BBS my friend uses JN> if he ever saw PGPed messages from him again. Rick had to commit a felony to even see that message. If he wants to file a Policy complaint over it, he'll have to send a copy of the message to someone other than it's intended recipient, so he'll be violating Policy as well. Do with this information what you will. JN> This node does not guarantee any privacy of any mail passing JN> though this system regarding sysop review. Fortunately, federal law supersedes individual system policies. Just as you can't set a rule making it legal to kill someone in your house, you can't set a rule that makes it legal to violate the ECPA. I'd contact a lawyer. 201434369420143436942014343694201434369420143436942014343694718 From: Reed Darsey Area: Public Key Encryption To: All 20 Sep 94 04:21:04 Subject: overseas e-mail interception UpdReq The September 15, 1994 issue of CIO, page 58, near the end of the article "The Quest for Corporate Smarts," had this to say about international email: . . . "Anyone traveling or communicating overseas should be aware that faxes, phone calls and E-mail are routinely intercepted," says William DeGenaro, former director of strategic countermeasures planning for the Defense Department and now a Futures Group director. In speeches he gives to the business community, DeGenaro cites a ring of thieves that makes about $10,000 for every laptop computer it steals. "They're making far more than the laptop is worth becuase they're miking the hard disk and shopping the information," says DeGenaro. 201434369420143436942014343694201434369420143436942014343694718 From: Tom Almy Area: Public Key Encryption To: gk pace 19 Sep 94 22:22:00 Subject: Re: PGP 2.61 alternate and source UpdReq -=> Quoting gk pace to Tom Almy <=- TA> OK, what's *wasn't* fixed in 2.61? gp> ^^^^ gp> The "official" release is "2.6.1", the Alternative is "2.61". Which also brings up another point. Version confusion. We now have in common use 2.6.1, 2.6, 2.3a, 2.3a (patched to accept 2.6 messages and keys), 2.6ui (which is a hacked 2.3a, not a hacked 2.6), 2.6a, 2.61, and a bunch of impostors using bogus IDs. Quite a mess! However, from the pgpdoc2.txt in 2.6.1 (and I believe is new): pz>I place no restraints on your modifying the source code for your own pz>use. However, do not distribute a modified version of PGP under the pz>name "PGP" without first getting permission from me. Please respect pz>this restriction. PGP's reputation for cryptographic integrity pz>depends on maintaining strict quality control on PGP's cryptographic pz>algorithms and protocols. Beyond that, ad hoc "improvements" to PGP pz>can affect interoperability, which creates user confusion and pz>compatability problems that could damage PGP's (and my own) pz>reputation and undermine the good will earned by the PGP trademark. pz>This has already started to happen, which is why I'm making a point pz>of it here. This creates technical support headaches, and I get pz>phone calls from confused users who run into problems either because pz>they have a mutant strain of PGP, or are trying to process a key, pz>signature, or message that came from an incompatible mutant strain of pz>PGP. The source code to PGP was not published to help spawn these pz>mutant strains. pz>If you want to distribute a modified version of PGP, or use a modified pz>version to send messages to other people, you should name the program pz>in such a way that no one could mistake it for PGP. The messages, pz>signatures, and keys it produces must also be labeled in such a way pz>that no one could mistake them for material produced by PGP. If you pz>feel you must modify your copy of PGP, and there is any chance that pz>the modified version could escape into the environment, please contact pz>me first to discuss some easy methods for how to prevent people from pz>confusing your version with the standard PGP. Perhaps we'll even pz>decide that your changes are appropriate for incorporating into the pz>standard PGP release. Anyway, back to the question at hand. gp> It is all listed in the README.261 contained in PGP261AS.ZIP (the gp> source code). One significant item is that PGP 2.6.1 claims to handle gp> 2048 bit keys, but won't. I guess it is hard for those who use 2.6.1 gp> to prove tho, since it won't generate a key larger than 1024 bits. A quick perusal through the source showed that indeed there are limits for key generation, but I could find none for key use. Perhaps they are going to a new version number field value for these? Or the format will be slightly different? Anyway, my search wasn't completely thorough. gp> PGP 2.61 (the alternative) will handle the larger keys, AND generate gp> them. It is also issued for the OS2 platform as well as DOS, so those gp> of us who use OS2 don't have to run it in a DOS session. I'll probably FREQ a copy of the OS2 version. That seems to be missing from the standard release. Tom 201434369420143436942014343694201434369420143436942014343694718 From: Mike Destro Area: Public Key Encryption To: Jeff Hancock 16 Sep 94 13:54:32 Subject: There goes more freedom! UpdReq Hello Jeff! Answering a msg of <12 Sep 94>, from Jeff Hancock to *.*: In reference to yyour message about the FCC regulating the internet, don't worry it ain't gonna happen. The FCC is over worked and understaffed as it is they can ill afford anymore duties. As for slowing down computers you dont just change out a crystal (which are soldered in not put in a socket). 2400 is virtually unusable way to slow. and finally a typing test? no chance. Bottom line, if we eventually see regulation of the internet it won't be like the article stated. Now what does all this got to do with PGP?!? Apologies to Chris and everyone else. Mike 201434369420143436942014343694201434369420143436942014343694718 From: Ron Pritchett Area: Public Key Encryption To: gk pace 20 Sep 94 20:50:24 Subject: Re: PGP 2.61 alternate and source UpdReq -----BEGIN PGP SIGNED MESSAGE----- On Fri Sep 16 1994 @ 16:10 Re: Re: PGP 2.61 alternate and source gk pace (1:374/26.0) wrote to Tom Almy: gp> The "official" release is "2.6.1", the Alternative is gp> "2.61". Oh lord this is getting complex! I'm sticking with 2.6ui... or am I? ha ha ha.. My tagline will never tell! :) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLn+Dkq5NX2w997N9AQFVzwIAwd4yNDycA1QcwjP7am2C71kQV0y/k2gh nP0PSaapNl/YAHMsIfM1Lbh+GK3FRduBu27w/BN0cGWFXrR+BijOdg== =gctj -----END PGP SIGNATURE----- Ron Pritchett - 512/3DF7B37D Team OS/2 FingerPrint = D6 29 03 7A 26 3E 98 42 E7 5E CB F2 D6 7B BE 79 201434369420143436942014343694201434369420143436942014343694718 From: Gordon Campbell Area: Public Key Encryption To: Frits Spieker 19 Sep 94 11:41:30 Subject: PGP 2.6.1 hatched UpdReq G'day Frits! On (17 Sep 94), Frits Spieker of 2:286/115 was heard to bellow forth: FS> exporting it further. After all, afaik, US-law is NOT applicable FS> in Canada. As far as we're concerned, it's not applicable here, either. ;-) Cheers, .....G 201434369420143436942014343694201434369420143436942014343694718 From: Jess Williams Area: Public Key Encryption To: Scott Mills 17 Sep 94 00:12:00 Subject: ENCRYPTION... UpdReq SM> Some versions will make keys much larger than 1024. SM> Scott Thanks for the info, I've been looking for a version that will allow you to make the key size anything you want. My favorite PGP version is 2.6uix I have the source for it. If I knew how to make the Key size capability bigger I would. I can make a 1264 bit key but that is the biggest I can make right now. Some people will say there is no need to make keys that big at this time and that may be true but A bigger key is better than a smaller one in my book :) Also I've been trying to find a way to increase the size of the IDEA portion of the code also. I'm not much of a programmer (at least in C anyway) I think the IDEA portion uses key sizes of 128 bits? is that correct? That is very large compared to the 56 bits of DES. I would like to double it to 256 bits though. Well thanks again Jess Williams ... The most intelligent people we know are those who ask advice. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Jess Williams Area: Public Key Encryption To: George Hannah 17 Sep 94 19:39:00 Subject: ENCRYPTION... UpdReq GH> No ones going to spend 6 months cracking my GH> key - it's just not worth it. Thanks for the reply. It is true could you imagine the government spending millions of dollars worth of computing power to crack a message just to find out that it was a recipe for Chili :) _____________________________________________________________ |When encryption is outlawed, bayl bhgynjf jvyy unir cevinpl| |Jess Williams on the beautiful island of Oahu! | |jess.williams@hol.com He aha ka mea hou? | |-----------------------------------------------------------| 201434369420143436942014343694201434369420143436942014343694718 From: Jess Williams Area: Public Key Encryption To: Jim Bell 17 Sep 94 19:46:00 Subject: ENCRYPTION... UpdReq JB> However, if such keys are eventually crackable, it will probably be JB> because of an algorithmic breakthrough, not an increase in CPU JB> capability. JB> And obviously, long before such keys become crackable, people will go JB> to 2048 bit keys, etc, making it useless to attempt to "brute force" JB> them. I agree 100% I hope they don't find a way to easily crack RSA. I don't think there is an alternative right now. Martin Hellmans Trap Door Scheme was broken by the RSA group. And I don't know of another type of public key system that is secure right now. Jess Williams ... Dogs come when you call. Cats have answering machines. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: all 20 Sep 94 09:31:36 Subject: PGPSORT UpdReq Anybody have a copy of this for FREQ? jason ... Beware of Geeks Bearing .GIF's... 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Tim Devore 20 Sep 94 09:32:14 Subject: Key Revocation UpdReq Tim Devore wrote in a message to All: TD> I had a mega loss of files and Info on my HD some of which TD> were my PGP Keys that I had posted a little while back. I TD> have no way to create a Key Revocation Set of keys so Please TD> Concider this as My Key Revocation. I don't even have a way TD> to give you the Finger Prints of the keys either. :( Ouch! Sorry to hear about the HD crash. Just last week I did the generate-a-revocation-and-extract-it-then-delete-it-and-re-add-the-original-key thing and saved it to a floppy. After seeing what can happen, I think it may be cheap insurance.... jason ... I am he as you are me and we are all together 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: John Nieder 20 Sep 94 09:46:08 Subject: Who's This Ashworth? UpdReq John Nieder wrote in a message to All: JN> RICK ASHWORTH who had intercepted the correspondence and JN> threatened an "annoying behavior" complaint against the BBS JN> my friend uses if he ever saw PGPed messages from him again. Not so. He just doesn't want to route encrypted netmail. JN> Naturally, my friend has no control over the routing of his JN> messages. It is our understanding that nodes that do not Sure he does. Send it direct, or through a securenet host. JN> wish PGPed traffic run a program (PGP-Toss?) that reroutes JN> the communications to a system of pro-PGP nodes (Securenet?) JN> who then carry the encrypted traffic. Nope. It usually just gets bounced back. JN> What's going on here? Is Ashworth just some crank on a JN> jihad or has PGP policy changed that substantially on JN> Fidonet since I last looked? Fido policy remains the same. Ashworth is, as he says, EC for Region 11, and NEC for 108. He also moderates a coupla echos, I think. And, no, he's not a crank. He's reasonable and fair, from what I've seen. JN> Correspondence follows (note that Fidonet policy quoted JN> seems a clear violation of Federal ECPA): If that was Netmail you just quoted =you= may have just opened up a nasty can of ECPA worms. IN> If this is not the case, please explain by what mechanism private PGP IN> mail is to sent on the net. JN> I have no idea how it is sent, as I have no interest in JN> routing encrypted mail. This is the bottom line. You can't route encrypted mail through someone who doesn't want to move it. Send it direct. JN> I assume to dictate policy to you, as a node routing mail at JN> my own expense for the convenience of the nodes in my JN> region, and with the sanction of Policy 4, section 2.1.4. He's right. JN> I would appreciate the courtesy of a reply that you have JN> read this msg, understand it, and will not route any further JN> encrypted mail though it. At this point, I think your friend would be most wise to send unencrypted, apologetic netmail to Rick, and start sending his NM direct. He might also deserve one from you for dumping his netmail into an echo. YMMV, of course. jason ... I give it 95 for the beat and 98 for the lyrics... 201434369420143436942014343694201434369420143436942014343694718 From: Tom Almy Area: Public Key Encryption To: Jim Bell 20 Sep 94 12:14:00 Subject: RC4 Revealed! UpdReq -=> Once upon a time, Jim Bell said to All <=- JB> Disclosure of the formula does not necessarily allow eavesdroppers to JB> intercept and unscramble coded messages sent with the RSA encryption JB> software. But widespread dissemination could compromise the long-term JB> effectiveness of the system, software experts said. If dissemination could comprimise it, then it isn't very good in the first place. That would mean that your encrypted data could be more easily decrypted by anyone knowing the algorithm by legal means or otherwise. Tom 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 19 Sep 94 21:32:00 Subject: Re: signing my own key. UpdReq On 09-16-94 (16:49), Shawn Mcmahon, in a message to Bert Byfield about "RE: SIGNING MY OWN KEY.", stated the following: SM>IDEA is the least-tested portion, and even it has had quite a bit of >attack. It's not "proven" by any means, but it DOES withstand the same >attacks that other popular algorithms fail. SM>Does this mean the NSA can't have cracked it? No, it doesn't. However, >understand something; the considered opinion of a whole bunch of >cryptographers is that cracking it will require a breakthrough in the >factoring of really really large numbers. Said breakthrough is one of You must mean the RSA portion of PGP. The IDEA portion has nothing to do with factoring numbers. There are other possible attacks on RSA as well; it's just that they're no easier than factoring. SM>The odds are in our favor. Especially if you consider that any such >breakthrough would render all alternative encryption methods weak as >well, meaning you don't have a better alternative. Actually, it would affect only public key methods, and not all of them. It would have no effect on most of the conventional (single key) methods, none of which involve prime factors, raising numbers to powers, or any of the other features where factoring might matter. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Listserv@Expressnet.Org 19 Sep 94 22:57:00 Subject: Subscribe UpdReq SUBSCRIBE Keep-Out SUBSCRIBE Keep-Out David Chessler ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 19 Sep 94 23:14:00 Subject: Need recommendations UpdReq On 09-16-94 (16:22), Shawn Mcmahon, in a message to All about "NEED RECOMMENDATIONS", stated the following: SM>A client needs to secure a computer against intrusion from a >computer-knowledgable (but not encryption-knowledgable) attacker with >hours of uncontrolled physical access time. Only certain data needs to >be protected, and the attacker is more computer-knowledgable than the >user of that computer. Securing the computer physically is always a better idea. Think again about why it can't be done in this case. SM>My instinct is to use SFS (no need to mess with SecureDrive, since >there's no need to protect this information from the NSA) to encrypt the Actually, SFS may be more secure than SecureDrive, if the docs can be beleived. >drive upon which the data is stored, since the client has a second hard >drive dedicated to output from the program in question and has no >problem with paying the $25 license fee. I should hope not. Can this drive be a removeable and just put it in the safe at night? That's what the Pentagon does. SM>Secondary security will be a CMOS password, which will of course just >slow the intruder down while he hunts for a screwdriver. Yeah. That's why physical security is the *first* thing to think of, not the last. All the attacker has to do is copy the disk, and then work on it at his leisure. Effectively, you are relying on encryption, with no effective backup. Can you rely on your client to use a good passphrase (at least 30 characters for IDEA, maybe 50 Characters for SFS, which has a longer key)? One that is not easily vulnerable to dictionary or other attack. Look at black.ox.uk to see the kinds of dictionaries already available for the dictionary attack. Look at project guttenburg and the internet commonplace book projects to see the possible attacks on passphrases that are quotations. The program Rawdsk11.zip will allow any encrypted partition to be streamed to a tape for attack at leisure. Will the client put the passphrase on paper? In his desk? On a post it note on the monitor? Most clients are lousy about passwords. And is the client one person or a staff? How many people have to have access? Re-think the whole physical security issue. Unless you get some *very* good answers about your client's willingness to engage in some inconvenient procedures with pass phrases, why do you think the client will be better with them than he is with physical security. So the first question is, why not lock it in the safe? Unless you get *very* good answers for that, go no further. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Tom Almy 18 Sep 94 15:13:58 Subject: There goes more freedom! UpdReq -----BEGIN PGP SIGNED MESSAGE----- *** Quote: Tom Almy to Jeff Hancock on 15 Sep 94 10:35:02 *** Subject: There goes more freedom! JH> - (UPI) WASHINGTON, DC. The White House confirmed today that the FCC JH> will become the Federal agency to assume responsibility for regulating JH> the so-called "Information Super Highway." [...] TA> I hope nobody is taking this post seriously. It is obviously a joke TA> (but a good one!) It came from UPI (or at least appears to have) and you think it's a JOKE?! Come on... When you're denied access to Internet or limited to 5 MHz or 2400 bps, THEN tell me it is a joke. SKQ -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Can't read it? Then it's NOYB! iQCVAwUBLnyfgDzG+cClnFb5AQE3vwQAq2nhibRJSCO6YIWfbliGJcmyToLe99gm ZG6Q+FJreSmkKRVDpQsut38Q+AYksis5Fpk2P26s0R9NqJy6S8pGQ9+Dlh5COz/P GEQplVvGZjwveMDmetNI3iQ6no3QyrPnYFBmFufDCULPLPt0Eq6GNSzMc3+vw8Kg c0jcvFRtZIM= =p9o3 -----END PGP SIGNATURE----- ... The seven dwarfs were feeling happy in the bath - so he got out 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Reed Darsey 20 Sep 94 04:14:26 Subject: Re: There goes more freedom! UpdReq -----BEGIN PGP SIGNED MESSAGE----- === Quote: Reed Darsey to Jeff Hancock === Subject: Re: There goes more freedom! === Date: 16 Sep 94 04:46:13 JH> + This message was written by CAPTAIN BLADE to ALL JH> + + and forwarded from area CHAOS RD> Chaos_Landing is a humor oriented echo. RD> This spoof sound similar to one John Dvorak pulled a while ago. Then it should have been _clearly marked as a spoof_. The ability of such a post to mislead is otherwise difficult to control. This may sound stupid to the rest of you folks who knew all along that it was a spoof, but sometimes it is difficult to tell jokes from the real thing. Of course, as a few found out, I thought it was real. As a result, thanks to someone not clearly marking it as a spoof, there's no telling what I've set in motion. I don't think this joke is very funny. I think it's about as sickening as a baby's behind going into volcano mode without a diaper. To Jeff Hancock and anyone else wanting to post a sick joke: Make sure you mark your spoofs as spoofs before the rest of us think they're acutally real and thus make themselves look like fools. Now back to your regularly scheduled *!@@z-{/# NO CARRIER SKQ -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Can't read it? Then it's NOYB! iQCVAwUBLn6o6DzG+cClnFb5AQFMRgP+Pv/8SZoUrjvU2rpWFC8Q/YePd6kf3Nu2 NsbB6ldb+4dw+mXcGUSTOLwkg+KSfsvVS0f/EYqOR5Rj0zizhDNeii0oUCSH0e2e 1TvoOl+zo1chu6nsEkbskn4ZLlRE5hVfNQ27Ow2ovW8mjM6kpMgmdaW2WiuwXqY0 QrqAQ2VPu9M= =JdP/ -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Leroy Ang 20 Sep 94 04:21:38 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- === Quote: John Schofield to Leroy Ang === Subject: New To Pgp === Date: 18 Sep 94 09:13:43 JS> PGPBLUE is another good program--it works only with Bluewave, where JS> EZ-PGP works with any off-line mail-reader. PGPBLUE is much more JS> popular with Bluewave users than EZ-PGP is. However, I just tested out JS> the latest version, and found many problems with it--I couldn't get all JS> features to work right. JS> EZ-PGP is free for everyone to use, while PGPBLUE costs $10 to JS> register. JS> You should probably download both, and see which suits you best. It's JS> a very personal choice. But in the end, if you're anything like I am, you'll recognize how good a programmer John is, and end up using EZ-PGP. It's simple, yet very handy. I could (almost) do the same thing with a set of macros for Boxer--in fact, I almost tried it, but I quit after finding EZ-PGP. SKQ -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Can't read it? Then it's NOYB! iQCVAwUBLn6pnDzG+cClnFb5AQHkAAQAuuCkvfTSU+eimD5NCi+995Lblhtr+O1I DZt03pQk4HxiEK3NXEhvhFqhU1fmXZ8mLYzfaljvcGdUGoUQKpFRn1ZeW6h0IBNp mWVbsbCnXYXh0+CYpYucCssshQLKj4amHlL9YsUD8y1+V+ZfUQzeg++Pq/Cbx1PA RSLooxJr0Bg= =6w2X -----END PGP SIGNATURE----- ... $636.95 - Number of the Beast at Sam's Wholesale Club. 201434369420143436942014343694201434369420143436942014343694718 From: Ross Lonstein Area: Public Key Encryption To: Jeff Hancock 20 Sep 94 11:29:36 Subject: Re: There goes more freedom! UpdReq >>A reliable message poster left this on my system. Thought I would >share it with you. > [much bullshit deleted] >>The practice portion of the examination is likely to be the most >controversial. Reportedly, all candidates must pass a typing skills >examination and achieve no less than 40 words per minute to obtain a >(temporary) novice license. This must be raised to 80 words per >minute before a regular-status license will be issued. Novices will >restricted to operating networked computers having speeds of less >than 5 Mhz or operation of SLIP or dial-up connections of no greater >than 2400 baud. (It is rumored that the FCC will make 5 Mhz >replacement crystals available at a nominal charge to temporarily slow >computers of novice operators). >>The FCC also recognizes that there are conditions when terminal >emulators are not available. Therefore, an expert class will be >established for communication using only numeric keypads and bi-digit >numeric displays. Although needing a minimum of equipment, this mode >will require sending, receiving and manual translation of raw ASCII >codes. Guidelines for minimum communication rates for this mode have [still more bullshit deleted] Chris and anyone who read this serious: YOU HAVE BEEN TROLLED! RLONSTEIN PGP key upon request or via Key servers ... Unauthorized damage of regulation book is strictly against regulations. --- * TLX v4.00 * 201434369420143436942014343694201434369420143436942014343694718 From: Ross Lonstein Area: Public Key Encryption To: All 20 Sep 94 11:29:38 Subject: RE: Net 106 (Richard Walker vs. to private email or another echo? The thread started out interesting but has burned itself out with 'I'm right, you're wrong' volleys. RLONSTEIN PGP key upon request or via Key servers --- TLX v4.00 I'm just needling you about the thread. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Jim Bell 21 Sep 94 14:11:38 Subject: RC4 Revealed! UpdReq Despite the stern warnings of the tribal elders, Jim Bell said this to All: JB> Disclosure of the formula does not necessarily allow JB> eavesdroppers to intercept and unscramble coded messages sent JB> with the RSA encryption software. But widespread JB> dissemination could compromise the long-term effectiveness of JB> the system, software experts said. Now we're gonna have a few months of people misconstruing this to mean the RSA algorithm, when "the RSA encryption software" means "this particular piece of software from RSA Data Security, Inc." BTW, here's Bruce Schneier's take on RC2 and RC4: "They are proprietary, and their details have not been published. Don't think for a minute that this helps security. These algorithms have already appeared in commercial products; I am sure that they have been disassembled by someone. As far as I know, these algorithms have not been patented." That means, if you snag the algorithm off the 'net, you can't be stopped from using it in domestic applications. BTW, it only uses a 40-bit key. That's 10^12 possible keys. RSADI claims that rapid checking of the keyspace isn't possible because "a significant amount of time is spent setting up the key schedule." While that may or may not be true, remember that if the attacker can have any idea what might be in your message (a header with "from:" and "to:" in it always, for example) then he can generate all possible encryptions of this block, then run through 'em and compare 'till he finds matches. Won't be many of 'em. Then try those keys, and voila; cracked message. One more quote from Schneier, about this attack: "The storage requirement for a 64-bit plaintext block encrypted with all 10^12 possible keys is 8 terabytes - certainly possible." Last but not least, there's the rumor that the NSA allows export of RC2 and RC4 with a 48-bit key. That implies, by Schneier's logic, that they've got a machine that can check 1 millions keys per second, and they're running 256 of them in parallel. If you happen to see the algorithm yourself, I'd like a copy. Since it isn't patented, there isn't a blessed thing RSADI can do about it. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Raymond Paquin 21 Sep 94 14:14:14 Subject: RSA Broken UpdReq Despite the stern warnings of the tribal elders, Raymond Paquin said this to Jim Bell: RP> Um ... not quite. But you are right: there is such a thing as a RP> weak prime number: i.e. not all prime numbers are created RP> equal.Unfortunately, PGP does not check for weak prime RP> numbers. Pity ... PGP relies upon the fact that the odds of actually generating a weak prime with it's algorithm are significantly less than the odds of getting hit by a meteor while generating your key. :-) 201434369420143436942014343694201434369420143436942014343694718