From: Scott Redd Area: Public Key Encryption To: Shawn McMahon 21 Sep 94 22:06:36 Subject: Need recommendations UpdReq Friday September 16 1994 16:22, Shawn McMahon wrote to All: SM> A client needs to secure a computer against intrusion from a SM> computer-knowledgable (but not encryption-knowledgable) attacker with SM> hours of uncontrolled physical access time. Only certain data needs to be SM> protected, and the attacker is more computer-knowledgable than the user of SM> that computer. SM> Secondary security will be a CMOS password, which will of course just slow SM> the intruder down while he hunts for a screwdriver. SM> Anybody got any other recommendations? It sounds to me like you, or your client, already know who this person is. Why not simply get rid of him or subject him to severe disciplinary action if he persists after a warning? # Origin: Orifice -- portable [Omaha, NE] (1:285/5.47) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694718 From: Wes Perkhiser Area: Public Key Encryption To: Ron Pritchett 23 Sep 94 02:30:14 Subject: Key Change? UpdReq In a message of , Ron Pritchett (1:376/74@fidonet.org) writes: RP>I just added a new User ID to my trusty old key & was wondering RP>it RP>that would cause problems if someone happened to encode something RP>on my "old" public key.... No problem at all. Your new User ID was just tacked on to the "old" public key anyway. PGP can't even tell which User ID the sender picked for encryption. Wes 201434369420143436942014343694201434369420143436942014343694718 From: Leroy Ang Area: Public Key Encryption To: Carl Forester 18 Sep 94 01:05:10 Subject: File Announce:Pgpblu UpdReq On 11 Sep 94 09:48am, Carl Forester wrote to All: CF> FILE NAMES: CF> PGPBLU30.ZIP (DOS) Where can i get a copy of PGPBLU30.zip? +----------------------------------------------------------------+ | Leroy Ang. | Sending greetings to Everyone. || Internet : Leroy.Ang%oconn@csah.com || May all beings be always well and happy. +----------------------------------------------------------------+ ... 2B|~2B * Evaluation copy of Silver Xpress. Day # 0 * Silver Xpress V4.01 --- Maximus/2 2.01wb 201434369420143436942014343694201434369420143436942014343694718 From: Peter Tan Area: Public Key Encryption To: Frits Spieker 17 Sep 94 13:53:10 Subject: Pgp 2.6.1 Hatched UpdReq -----BEGIN PGP SIGNED MESSAGE----- Frits Spieker said to Christopher Baker (14 Sep 94 00:19): FS> Besides, if these files may not be exported outside the US, how do you FS> handle Canadian freqs? The point is moot, methinks. It's already here in Zone 6.. ;-) _____ |____) - PGP 2.6 public key available! |eter - FREQ "PETER.KEY" from 6:600/403 -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: peter.tan%elite%oconn@csah.com iQCVAwUBLnqEV3R8S6dJmEqdAQHeBAP/cm8WQCUo/YpqWwjfimNzaIsBHJWkZX3+ 5A9Shi3j1BbWMltnhJNsEXwtD6ndBV/eLHrcXXHCZEz0jb7YM3bbV08KElxxeJD0 2FPMtlabU56ZPvUu8cPRsUmFefNx6QtMUy9kB5BP6HTMAvY2UgDQcAM9mFpXuAVv 8f9IQJ7p/so= =hyus -----END PGP SIGNATURE----- ... Save our virgin forests - buy a tree a chastity belt. --- RemoteAccess 2.02+ 201434369420143436942014343694201434369420143436942014343694718 From: Edwin Teh Area: Public Key Encryption To: Shawn Mcmahon 21 Sep 94 00:43:10 Subject: Need Recommendations UpdReq > A client needs to secure a computer against intrusion from a > computer-knowledgable (but not encryption-knowledgable) attacker > with hours of uncontrolled physical access time. Only certain data > needs to be protected, and the attacker is more > computer-knowledgable than the user of that computer. You forget to mention the most important : How is this intrusion going to take place? Over a network? Over the Internet? Direct physical access? Perhaps blackmail, or kidnapping the owner of the terminal, and forcing him to reveal his passwords? I might seem a little silly right now, but I still feel the method of intrusion is a big issue... 73s! --- Maximus/2 2.01wb 201434369420143436942014343694201434369420143436942014343694718 From: Edwin Teh Area: Public Key Encryption To: Jim Warren 21 Sep 94 00:47:10 Subject: Armored & Zipped Unencryp UpdReq > PGP -a SOURCE.EXE > makes UN compressed UN encrypted files totaling MORE bytes than > SOURCE.EXE It _does_ compress the file - just not as well as you wish it would. Add a "compress = off" into your CONFIG.TXT and find that SOURCE.ASC will be _larger_ than what you did earlier on... The reason is simple - you're translating it into a '7-bit' enviroment, capable of being squeezed down an email channel - that's what makes the file bigger. (eg something like 3 8-bit chars = 4 7-bit chars thus a dramatic of possibly over 20% increase in size). The above command line (PGP -a ) simply Radix-64's the file, similar to UUENCODing it, but a little more efficent than UUENCODE itself... 73s! --- Maximus/2 2.01wb 201434369420143436942014343694201434369420143436942014343694718 From: Leroy Ang Area: Public Key Encryption To: John Schofield 23 Sep 94 01:24:10 Subject: New To Pgp UpdReq JS| LA> Do you mind teaching me how to use PGP with BlueWave? I tried using JS| JS| I use EZ-PGP a program I wrote to allow signing and/or encrypting of e-mail JS| posting of keys, etc. It seems quite popular, but it does not support JS| decrypting or checking signatures. JS| JS| PGPBLUE is another good program--it works only with Bluewave, where EZ-PGP Not available on myy side yet. :( JS| EZ-PGP is free for everyone to use, while PGPBLUE costs $10 to register. Hmmm...Hope some one can bring those s/w in here. JS| You should probably download both, and see which suits you best. It's a ve JS| personal choice. JS| You can download them both on the first call at the Sprawl BBS (818) 342-51 Hmm..Overseas call...That's too expensive for me. Anyway, thanks for the info. :) BTW, do you think it's safe to xchange public keys through such PGP conf.? ___ X JABBER v1.2 X Look its a babble fish: ><> o..<>< ><>.o --- Maximus/2 2.01wb 201434369420143436942014343694201434369420143436942014343694718 From: Leroy Ang Area: Public Key Encryption To: Bill Bishop 23 Sep 94 01:29:10 Subject: New To Pgp UpdReq BB| LA> Do you mind teaching me how to use PGP with BlueWave? I tried using BB| LA> batch files to sign my mails but not very successful and my knowledge BB| LA> on batch programming is very limited. So can you help suggest any BB| LA> solution? BB| BB| Why don't you freq PGPBLU30 from FIDO 366/515. It's a seamless interface BB| with auto-decryption and a real neat program. Also a version for O/S 2. Only those who have FidoNet addr. can FREQ files right? Well i don't have one so *Boom!* :( I like PGP. Now i can leave my source codes in my school lab, encrypted, and don't have to worry others copying my projects. There was once i left codes in the lab and the next few days, it spread like hell in school! As it's for my programming project, and originality counts, i had to re-code everything again and had to crack my head for more features to incorporate into my project to make it look more "original". Just imagine the time wasted. I can hand in my project anytime already if not for this incident. Anyway, the problem is solved! At least temporary for the time being. Thanks to PGP and the great guy who code it! :) ___ X JABBER v1.2 X The JABBER crisis: "But it worked in Beta testing!" --- Maximus/2 2.01wb 201434369420143436942014343694201434369420143436942014343694718 From: Leroy Ang Area: Public Key Encryption To: Shawn K. Quinn 23 Sep 94 01:39:10 Subject: New To Pgp UpdReq SK| JS> PGPBLUE is another good program--it works only with Bluewave, where SK| JS> EZ-PGP works with any off-line mail-reader. PGPBLUE is much more SK| JS> popular with Bluewave users than EZ-PGP is. However, I just tested ou SK| JS> the latest version, and found many problems with it--I couldn't get al SK| JS> features to work right. SK| JS> EZ-PGP is free for everyone to use, while PGPBLUE costs $10 to SK| JS> register. SK| JS> You should probably download both, and see which suits you best. It's SK| JS> a very personal choice. SK| SK| But in the end, if you're anything like I am, you'll recognize how good a SK| programmer John is, and end up using EZ-PGP. It's simple, yet very handy. I SK| could (almost) do the same thing with a set of macros for Boxer--in fact, I SK| almost tried it, but I quit after finding EZ-PGP. Is it really that good? Then i think i must "spend" a little to get it and try for myself. ___ X JABBER v1.2 X If at first you don't succeed, then skydiving isn't for you --- Maximus/2 2.01wb 201434369420143436942014343694201434369420143436942014343694718 From: Gary Mirkin Area: Public Key Encryption To: Jim Gorges 23 Sep 94 00:33:00 Subject: Keep Out Maillist UpdReq ::: On 09-21-94, JIM typed to JOHN, JG>John: There has been no response from the Expressnet listserver. Is JG>Keep-Out's mailing list active and operating? I received a response as well as the first issue via e-mail. Gary M. on LI 73223,402-CI$ baby.doc@pcinfo.com PGP key available --- * CMPQwk 1.4 #426 * Once you've seen one nuclear war, you've seen them all. 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Brad Ems 21 Sep 94 20:45:00 Subject: Getting started w/pgp UpdReq On 09-18-94 (16:57), Brad Ems, in a message to All about "GETTING STARTED W/PGP", stated the following: BE>1: I have both PGP 2.3 and 2.6. I have learned that after a certain >date, PGP 2.6 will not work with keys generated by 2.3. Am I correct >in thinking this? No. Backwards. After 9/1/94, 2.3 will not read messages encrypted by 2.6. >2. I have a number of friends that have PGP and we'd like to begin using >it for private e-mail. Where is a good message clearing house where >we can post (if there is one)? The internet, or a local BBS with a compliant Sysop. I've got at least 2 local BBSs whose sysops don't object. >3. I have heard that give that MIT worked on PGP to legalize it in the >eyes of the Washington bureaucrats, it may not be entirely robust. Not the Bureaucrats, the patent holders. > has anyone any info on 2.6's integrity? All reports are that it is as strong as ever. No one who has looked at the code says otherwise. The only people who say it's weak are speculating, and just blowing smoke. >4. I have read and re-read the manuals that come with PGP, and I believe >I have a good idea of how it works and how to effectively use it, but >in reading the posts in this sub, I realize that I may not know as >much as I think. How much here is cryptographic finery that a bumpkin >like me does not need to know, and how much is critical stuff that >will have Janet Reno knocking on my door if I don't? Use 2.6, so Bidzos of Public Key Partners can't bother you, and no one else will. Most of what gets discussed here is minor detail, bug fixes, politics, or other issues that won't affect your private use of PGP for fun. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Carl Hudkins Area: Public Key Encryption To: Christopher Baker 22 Sep 94 10:18:30 Subject: Key? What key? :) UpdReq On (20 Sep 94) Christopher Baker wrote to Carl Hudkins... CB> it was a signed msg and the key wasn't in my keyring. i thought i had CB> obtained your public-key but maybe i haven't. CB> did you ever get your Bossnode to make it available for freq? i may have CB> been waiting for that. I will ask him if he's up to trying that. He recently switched to PCBoard, so maybe he'll do it just to show off. When/if he decides to mess with PGP himself (I have petitioned him to join the SecureMail subset), he'll probably want to do so anyway. In the meantime, I posted my key to PKEY_DROP yesterday. carl Boca Chica, Florida carl.hudkins@lunatic.com RIME ->1282 PGP: 2D1E1E39 Fido: 1:124/2113; 1:135/808 ... TimeTag * "Can I get you something? A beverage?" --Data 201434369420143436942014343694201434369420143436942014343694718 From: Carl Hudkins Area: Public Key Encryption To: Christopher Baker 22 Sep 94 10:21:08 Subject: Getting Started w/PGP UpdReq On (20 Sep 94) Christopher Baker wrote to Brad Ems... CB> you have to know how to make and use a public-key. you have to know that CB> your secret-key should never be anywhere it may be compromised. [...] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Just for the humorous value, I thought you might like to know that today I ran PGPSORT on a big Internet keyring I got by mistake a few months back (don't you love unattended FREQs?) and it found three =secret= keys in there! One was from a Steve Jackson. carl Boca Chica, Florida carl.hudkins@lunatic.com RIME ->1282 PGP: 2D1E1E39 Fido: 1:124/2113; 1:135/808 ... "Can you open that QWK packet, Marvin?" Here I am, brain the size... 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Jim Grubs, W8GRT 23 Sep 94 10:32:58 Subject: UUE messages UpdReq -----BEGIN PGP SIGNED MESSAGE----- - --> Note: Reply to a message in PKEY_DROP. > I read somewhere that there is a util to sort keys on > yer ring... do you > know anything about it? JGW> I have it and don't use it. I tend to mistrust using JGW> anything but descending time sort, which is more or less JGW> what you started with. Is there a security risk involved? Or a risk of grunging the keyring or what? jason ... Share your knowledge. It's a way to achieve immortality. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLoMRf0jhGzlN9lCZAQFg0gP/TL2wUrYMgZf5MBLL3GrG3VrXCbO6eOtE MPCNqsp8CFDKvrT1fylCqsjlOD7/Mrco12CyOg4vCxKp/a8aUVHeKqJn5lYQ43UG K/3JvnqEOxMfG4VJiV9qTsSDsK0hWFrN4EhWaV/AFH/VbnnDB+Ekzp1bSghoop4j y7TlP+XQHsQ= =M+QK -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Brad Ems Area: Public Key Encryption To: Alan Pugh 23 Sep 94 21:44:42 Subject: PGPointers UpdReq Thanks, Alan, and all others who answered my cry for help. I've regenerated my key pair with PGP 2.6 (a 1024 bit key) and have begun disseminating it amongst my friends. As for finding a securenet node, I'll keep looking. A couple of BBSs I log onto locally are a bit sheepish about providing an area for encrypted files to be up/downloaded lest Janet's Jackboot Revue make a goosestepping courtesy call. Libertarian ***** LEGALIZE FREEDOM ***** 201434369420143436942014343694201434369420143436942014343694718 From: John Nieder Area: Public Key Encryption To: jason carr 23 Sep 94 14:57:08 Subject: How to Handle PGPmail UpdReq -=> Quoting jason carr to John Nieder <=- JN> Naturally, my friend has no control over the routing of his JN> messages. jc> Sure he does. Send it direct, or through a securenet host. I don't follow, nor does my friend. Please explain what's wrong with this picture: To send Fidonet netmail to a user, the only form I've seen is to mail to, as an example, His Name at 1:222/333. That seems "direct" to me. I see no way to alter that. jc> If that was Netmail you just quoted =you= may have just opened up a jc> nasty can of ECPA worms. Nope. The mail was sent with the explicit proviso that any reply from Ashworth was explicitly for republication. jc> This is the bottom line. You can't route encrypted mail through jc> someone who doesn't want to move it. Send it direct. "Direct"? See above. I'm lost. 201434369420143436942014343694201434369420143436942014343694718 From: John Nieder Area: Public Key Encryption To: Jim Cannell 23 Sep 94 15:10:46 Subject: Who's This Ashworth? UpdReq -=> Quoting Jim Cannell to John Nieder <=- JC> Mr. Ashworth is a long time FidoNet sysop who has let the authority of JC> his position go to his head. Your best bet is to ignore him and any JC> of the other control phreaks who mistakenly believe that they can JC> prevent encrypted traffic from flowing through their systems. I seem to have received varying opinions of this fellow. 8-) JC> What node does your friend post from? 1:125/217 JC> We can have the nearest JC> SecureMail host contact his sysop, so that the NetMail to/from there JC> can be routed through SecureMail, where privacy is a paramount concern. Fidonet is such a total mess in this area right now that I doubt he'd want to chance making mail any worse, but you can try. JC> For complete info on SecureMail, freq SECUREMAIL from here. Most of JC> the other SMHs also have it available. I'm pretty sure it's on this BBS. JC> BTW, the system that you are posting from is the Net 125 SecureMail JC> host. Yeah, Barry's pretty pro-privacy. I'd taken all this for granted until I got the message about Ashworth. I'm still pretty much in the dark about this alternative routing on Fidonet as I usually use Internet, where there's more freedom generally. Internet seems to be subject to less interference by netnazis, but I may have just been lucky so far. Tyrannical netgods and martinet moderators prompted me to leave the hobbyist nets a long time ago. I just don't have time for them. 201434369420143436942014343694201434369420143436942014343694718 From: John Nieder Area: Public Key Encryption To: Shawn McMahon 23 Sep 94 15:17:12 Subject: Who's This Ashworth? UpdReq -=> Quoting Shawn McMahon to John Nieder <=- JN> "This node does not guarantee any privacy of any mail passing JN> though this system regarding sysop review." SM> Fortunately, federal law supersedes individual system policies. Just SM> as you can't set a rule making it legal to kill someone in your house, SM> you can't set a rule that makes it legal to violate the ECPA. Yes, I know. Unfortunately, the ECPA isn't worth the paper it's printed on as far as I can tell - at least not as regards the conduct of Fidonet operators. I've been away from the net for about a year and there still hasn't been any decisive resolution of the conflict between Fidonet policy and Federal law. Fidonet sysops still screw around with non-public mail with complete impunity, as though the ECPA doesn't exist. 201434369420143436942014343694201434369420143436942014343694718 From: John Nieder Area: Public Key Encryption To: Christopher Baker 23 Sep 94 15:43:08 Subject: Re: Who's This Ashworth? UpdReq -=> Quoting Christopher Baker to John Nieder <=- CB> please advise your friend to find the nearest SecureMail Routing Host CB> and send all his encrypted traffic there. it will be routed without CB> further incident. CB> freq SECUREML.ZIP for the SecureMail Routing docs and topography map. Not at all sure how one would do this (see prior message), but I'll take a look at the docs and pass them along to my friend. One problem in the initial dust-up was that the original person who had solicited PGPed mail from my friend was on a non-PGP node - according to Ashworth - but I am not sure about terminology here; is a"node" the individual BBS, or the next level up - the first grouping of local BBSs? Thanks for any clarification. 201434369420143436942014343694201434369420143436942014343694718