From: Jim Grubs, W8GRT Area: Public Key Encryption To: Ian Hebert 5 Jan 95 17:50:00 Subject: January meeting with Zimm UpdReq > PP> The following is a message from my lawyer, Phil Dubois. He posted it > PP> to alt.security.pgp, and I thought I should post it here as well. The > PP> message is signed with his key. > PP> --Philip Zimmermann > Don't know if anyone else bothered to check this out, but I get a "bad > signature" message when I attempted to verify the signature. Notified > Phil Dubois already, but have had no answer. It's legit. Word wrap or someything must have altered the text. Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Area: Public Key Encryption To: 1 Jan 128 00:00:00 Subject: UpdReq --- WILDMAIL!/WC v4.11 # Origin: "WILDThang" BBS! (303)493-3711 Fort Collins, CO (1:306/60.0) 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: Brian Giroux 4 Jan 95 18:23:10 Subject: KEY REVOKE UpdReq >'pubkey.bak' and 'secring.bak' to *.pgp BG>*Making the .bak files was going to be my next step :( I had one goof with PGP a few months ago. Now I have PGP 2.3a on one computer, 2.6.2 on another. Both are backed up to a floppy which I keep nearby, one which I keep in another room, and another which is at work. No matter what happens, I can copy all the keys, docs and executables from one source or other. * 1st 2.00b #567 * "Did anyone get the number of that elephant?" -- Tom Foley 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: Brian Giroux 5 Jan 95 08:45:08 Subject: KEY REVOKE UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message to Rich Veraa, Brian Giroux wrote: RV>Only if you saved a copy of your keyring from _before_ issuing the >revocation; in which case, just replace the newly-created one with the old. BG> Do you mean the ASCII file like this: BG> ~-----BEGIN PGP PUBLIC KEY BLOCK----- [key deleted] BG> Anyway, this is the file that I created on November 7 for BG> the purpose of posting it to the PKEY_DROP echo. Can I BG> just add this key to my keyring to effectively unrevoke the BG> key? No... that's just the _public_ key that goes with the secret key that you've apparently revoked irrevocably... you should've kept a copy of your SECRING.PGP And PUBRING.PGP files. Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: rveraa@907.sunshine.com iQCVAwUBLwvO0Z80iJ+tnwVVAQEuKAP9HO7KcXcxC3peZUm6H994ssQJx2GVT5Yj GuSf77HXe8gSw4YFJulaUk6naLWhA0ZPQV98eytvTIM4Q1ixeuIW6BvD/NQGVGqn /MMjjA/bKvxOnFFoCf/5Xe+9LP3EOUwVKg2syPuhr484XYMaMSDLoOkmmHYQKOBW B43HRUTOkJA= =jl/i -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: Glen Todd 5 Jan 95 09:04:48 Subject: Technical questions UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message to All, Glen Todd wrote: GT> I have a couple of questions that I can't seem to find GT> the answers to in the PGP docs. First, what are the GT> meanings of the exit codes (errorlevels) returned by the PGP GT> executable. /* Possible error exit codes - not all of these are used. Note that we don't use the ANSI EXIT_SUCCESS and EXIT_FAILURE. To make things easier for compilers which don't support enum we use #defines */ #define EXIT_OK 0 #define INVALID_FILE_ERROR 1 #define FILE_NOT_FOUND_ERROR 2 #define UNKNOWN_FILE_ERROR 3 #define NO_BATCH 4 #define BAD_ARG_ERROR 5 #define INTERRUPT 6 #define OUT_OF_MEM 7 /* Keyring errors: Base value = 10 */ #define KEYGEN_ERROR 10 #define NONEXIST_KEY_ERROR 11 #define KEYRING_ADD_ERROR 12 #define KEYRING_EXTRACT_ERROR 13 #define KEYRING_EDIT_ERROR 14 #define KEYRING_VIEW_ERROR 15 #define KEYRING_REMOVE_ERROR 16 #define KEYRING_CHECK_ERROR 17 #define KEY_SIGNATURE_ERROR 18 #define KEYSIG_REMOVE_ERROR 19 /* Encode errors: Base value = 20 */ #define SIGNATURE_ERROR 20 #define RSA_ENCR_ERROR 21 #define ENCR_ERROR 22 #define COMPRESS_ERROR 23 /* Decode errors: Base value = 30 */ #define SIGNATURE_CHECK_ERROR 30 #define RSA_DECR_ERROR 31 #define DECR_ERROR 32 #define DECOMPRESS_ERROR 33 GT> Second, is it possible to instruct PGP to GT> verify not only that a file contains a valid signature, but GT> that that signature matches a particular key ID? Not sure what you mean here... when it finds a valid signature, it _gives_ you the KeyID of that signature... Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: rveraa@907.sunshine.com iQCVAwUBLwvTv580iJ+tnwVVAQHLEAP/ZIHDs57kFt1Qsu2lrbIC4xz9hiE4Ulo6 PJ+UTXaXMblmkqssoFbTE56+9gxn89riub4ot8+rtOQwA9CAZ4iH7XQQGDTrOiBg KZvAT8u04mZx2DjeumlR7d+tCriz8ykOP/HYS5UmUOQq0bznNgsSjVluogpUmSCh Sp1m5B7VKsg= =xtmd -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: John Goerzen 6 Jan 95 09:07:00 Subject: Can I Freq Pgp? UpdReq -----BEGIN PGP SIGNED MESSAGE----- Despite the advice of tribal elders, John Goerzen said Can I Freq Pgp? to TODD JG> International users need PGP 2.xx UI (it will always have UI after JG> it). JG> BBS operators can be indicted on criminal charges if somebody from JG> outside the US downloads or FREQs PGP. Short of having Caller ID that will identify international calls, which does not to my knowlege (and I work for MCI Systems Engineering) exist and blocking ALL non-US nodes (including those which do not have distinctive zone numbers) from your front end, how do you propose to support this? Also, can you cite US code chapter and section numbers on this, or is it just your opinion? Ves thu heil und Gut Jul, // Glen PGP F2F935C1 ... New Mail not found. Start whine-pout sequence? (Y/N) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The right of the people to be secure in their persons and papers iQEVAwUBLw1c8ksDfAvy+TXBAQGYswf8C5wyA4VoLylr1vwPu7dSoSNKcaFyF04L Zp4DR6wzjT321iEMeUvzl8Ins3g3hrA5PDlDyJdaNBmn+deVih8Zhmz5yVtxQGLr ozDyF3Vbf/rpEzgqKr5Ibi9myaNEUYbKdxjHM6LxKZNLWCzqgsYttEn7DTO8jqhG yGvJ6Dp3jkuWk6vOXpCdO2GR6TJsrjUeO7XCKmhVSKR7n/Z8forUamTIjRyY9vWz agn4ihIPy+/Zf2dmGaCrgT+MDLrzGJ6A6ej3qXGAfE5JaXKjzrIaeK2EHASylHcu fcksskqMpaNUTdwZzyzTLdEIt7jzIqsfbHAXDMCFjIcdt7Us2GdRjA== =PiY9 -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.5 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Richard Dale 6 Jan 95 02:35:00 Subject: Re: key revoke UpdReq On 01-02-95 (21:00), Richard Dale, in a message to David Chessler about "RE: KEY REVOKE", stated the following: RD> Missouri has gone to using SSNs as the license number, but up until > then, the format was LLNN-NNNN-NNNN-NNNN (L=letter, N=Number). > Since my father and I have the same name, we each had five Ns on the > end. I would consider that to be a fairly secure pass phrase, > though it's not the one I use because it would be too obvious to > anyone who remembers the old license method. Still, it has 19 Which means that it's not secure. If your father and you both had similar numbers, it means it was based on Soundex of your name, and is easy to guess (the soundex algorithms are well known). It's also possibly short enough (19 characters) to brute-force. Moreover, since it's a number that is publicly associated with you, people might consider trying it, putting it in the dictionary file. If added to a conventional passphrase it would strengthen it, Hickory dickory dock LLNN-NNNN-NNNN-NNNN but if people add it to the dictionary file, it helps no more than any other word or phrase of similar length. > although it's nothing like "Now is the time for all good men". I > feel fairly secure in the 25-30 place range, heh. You want something that has about 128 bits of freedom. Plain text has about a bit per word, according to information theory, but you strengthen that by adding punctuation, numbers, and upper case. This gives you an alphabet of about 90 characters, which is about 1/3 of 256, so you need 390 bits (or about 50 bytes) in your pass phrase so that it's hash will make all 2**128 possible values of the hash possible. Possibly, you need a few bytes more, because not all the 90 characters you can use can appear together. (On the other hand, I did a bit of rounding, so 40 *random* bytes might be all you need to get all 2**128 possible hashes). Still, assuming there is no unknown regularity in MD5, so that No Such Agency "knows" that certain values won't appear with a short passphrase, all printable, 30 or more bytes is probably strong enough. A dozen random bytes can probably be done in a few days on a 486, assuming that the character set is limited to ascii 32 to 127 (and possibly assuming that some characters, like ` ~ and \ are unlikely in a passphrase. Now, if you fool them by, for example, using <196> in place of - <045>, all bets are off (they will keep on wandering off in longer and longer pass phrases, until they find the 100 character one that hashes the same as your 30 character one. (There is at least one cracker for PKzip that guesses random strings, you determine the length and the character set.) You don't need more than 128 bits of entropy, because then there is a shorter passphrase that will produce the same hash as the longer one. ___ __ chessler@trinitydc.edu d_)--/d chessler@capaccess.org * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Marshall Votta 6 Jan 95 18:00:00 Subject: January meeting with Zimmermann's prosecutorUpdReq > pr> -----BEGIN PGP SIGNATURE----- > pr> Version: 2.7 > I love being intrigued. > What's this? Viacrypt, the commercial version of PGP.. Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Chris Adams Area: Public Key Encryption To: Brian Giroux 5 Jan 95 22:44:24 Subject: Name that phone UpdReq On (31 Dec 94) Brian Giroux wrote to Prz@acm.org... BG> How about "Pretty Good Phone Privacy (PGPP)"? How about "Tap It and Weep!" TIAW? ... "It is pronounced DAY-ta. One is my name, the other is not." 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: Jerome Greene 6 Jan 95 18:16:10 Subject: Re: 2047-bit keys UpdReq RD> Maybe not. Everyone should be able to decrypt it if I have done RD> it right. JG>*There are a lot of users in the echos, who did you encrypt it to? Everyone. Everyone should be able to decrypt it if I have done it right. * 1st 2.00b #567 * Stick your head in the sand and you get shot in the ass. 201434369420143436942014343694201434369420143436942014343694718 From: Aaron Goldblatt Area: Public Key Encryption To: John Goerzen 5 Jan 95 23:41:20 Subject: Can I Freq Pgp? UpdReq JG> BBS operators can be indicted on criminal charges if somebody JG> from outside the US downloads or FREQs PGP. Like I can control that. D'Artagnon ... I didn't quit -- I surrendered! 201434369420143436942014343694201434369420143436942014343694718 From: Aaron Goldblatt Area: Public Key Encryption To: Scott Mills 5 Jan 95 23:41:36 Subject: January meeting with Zimmermann's prosecutorUpdReq p>> Phil Zimmermann and his defense team are heartened by the p>> substantial outpouring of support that has been demonstrated SM> Do you get a good sig on this? I'm getting a bad sig warning and SM> was wondering if it got mangled after you crossposted or before. I got a bad sig, and I got a bad sig in a newsgroup (gated to echomail) as well. D'Artagnon ... Why don't you come with me, little girl, on a magic carpet ride? 201434369420143436942014343694201434369420143436942014343694718 From: Robert D Purnell Area: Public Key Encryption To: All 30 Dec 94 00:21:48 Subject: Public Key from Purnell UpdReq Hello All! Here is my certified public key.... -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy7yyEAAAAEEAOwsHoDrs/vUgFVo2qkzPWHWDMWNCazkrdpVGHz2tKtsP0PF AULRRHpWHIPauM2y1XQjeoF/vwt8a+spdxm25fpp8N9nz4bRRw/raVWaA7yyOLkG P3Y2wAbZx5mMhRckfvpa5tVRbe491NJolQe65oEPcedELeTXgqUkq042JVlZAAUR tHJSb2JlcnQgRCBQdXJuZWxsIEpyIDxNSEZYLU5FVCA5MDoxMjAyLzA7UE9ETkVU IDkzOjk2MDkvMCBUTEwtTkVUIDk1OjEwMDAvNDtUUkVLS0VSLU5FVCA3MTQ6MzA1 LzY7IFdhaGlhd2EsIEhhd2FpaT60RlJvYmVydCBEIFB1cm5lbGwgSnIgPEhlcm5l J3MgSG9sbG93IEJCUywgV2FoaWF3YSwgSGF3YWlpICg4MDgpNjI0MzQ3NT6JAJUD BRAu8+tY+cKsRnGcckEBAUTmBAC4D4QDpy/YvAk4nZhDTpcT491/wc1GOsJeEdfB 07WA3qbg1FumeFQ3b5qNAhVZdzzH3j7DtkGrTGS4Mv7qjQEfo5IIFzoLflzOWcI8 1IUBf0hZW/GS2ayCJz4LoTbMiD0rVQPfXTG9qMsZtHGk9n+UKz2EwHejfuyw9aR7 TYjvRA== =EGkQ -----END PGP PUBLIC KEY BLOCK----- 201434369420143436942014343694201434369420143436942014343694718 From: Robert D Purnell Area: Public Key Encryption To: Phillip Barker 31 Dec 94 02:52:02 Subject: Freq Latest Ver of PGP? UpdReq -----BEGIN PGP SIGNED MESSAGE----- Phillip Barker wrote in a message to All: PB> Thanks in advance!...Phil You may freq PGP 2.6.2 from My mailer by magic name "PGP" Bob Herne's Hollow (808) 624-3475 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwN2e6Ukq042JVlZAQGixwQApmh9uADNo9RWwRDt/pN1NVER+LBcnVvM 3+s5MPQC3Lrzcw0EernZubZCvjJhmr+0mB21lhAYEYDhMz/8FCFA+5kJu0F8jzzi 1azDaHLWT66LNSxSNYAZto0SDU5KtHbaNnCDCxuvLn8XuxEREDnIjuP+jDpsA4z7 4lynTMzshYA= =l8OX -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Robert D Purnell Area: Public Key Encryption To: Mark Drew 5 Jan 95 05:13:52 Subject: Problem UpdReq -----BEGIN PGP SIGNED MESSAGE----- MD> THE question is what's happening here? Never had any MD> trouble before and only occurs somehow associated with PGP. MD> Could PGP be sending out any sort of code that PKSFANSI MD> might think is some kind of an ANSI-bomb (obviously not a MD> techie here folks). MD> Any ideas out there? MD> Thanks MD> ... "I drank WHAT!?" - Socrates MD> ___ Blue Wave/QWK v2.12 MD> --- QScan v1.14b / 01-0163 MD> # Origin: Computer Support Hot-Line BBS, Des Moines Iowa Hi Mark, Sounds like you just might be having some sort of interrupt conflict. You might want to check to see if PGP or your shell is hooking the same vector that is supposed to be for your floppy drive. Hope this helps! Bob -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwovV6Ukq042JVlZAQFQNAP+NQnljfsHCclpV7LHSIgnwb8fFKkrtgz+ hJMhQKzNggl8aDVjsTmEqTbyaQMrpnYFpUweglFlLo/7dcr5EsJrxJvlWTrgNids A3jA/S0XFMQyDVOjeAfI1v+pytCaxkuJUHXEIf0LUU8dAQ3kVqABY7EUNtSIFZsV c7yEPciyYPo= =69Es -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718