From: Jim Bell Area: Public Key Encryption To: David Chessler 26 Jan 95 22:02:00 Subject: Clipper collapsing UpdReq -=> Quoting David Chessler to Jim Bell <=- DC> On 01-19-95 (01:02), Jim Bell, in a message to All about DC> "CLIPPER COLLAPSING", stated the following: JB>VLSI Technology Inc. Last week moved to expand its data encryption >offerings as it licensed the RC4 Symmetric Stream Cipher security >technology from RSA Data Security Inc. VLSI said it plans to offer the >RSA data security technology as part of its Functional SYstem Block ASIC >core library. The company now offers ASICs that implement the Clipper JB>+++++++++++++++ end of article +++++++++++++++++ JB>This news is good, because it indicates that the actual manufacturer of >the Clipper Chip is apparently branching out into other types of >encryption, apparently those without the flaw that Clipper included. DC> Not so great. RC4 is the encryption which is allowed for DC> export in Lotus Notes, etc, because it's possible to "dumb" DC> it down, by reducing the length of the key. The Export DC> version of Notes has a 40-bit key. DC> So, will VLSI implement a variable length key, secure for DC> domestic use and only 40 bits for export? Or will they DC> simply implement the dumbed down 40 bit key for everything. Well, we really ought to find this out. It'll tell us how loyal VLSI Technology is to the government. DC> Presumably, No Such Agency can crack the 40 bit key any DC> time it wishes. But if they can, who else can? For DC> business users, this is *less* valuable than clipper, since DC> Clipper (with an 80 bit key) was presumably secure against DC> brute-force attack, while RC4 (with a 40 bit key) is not. DC> RC4 is the algorithm that PKP (the people who license RSA) DC> was trying to keep secret. It was released on the internet DC> a few months ago, I recall that! DC> and it has since been confirmed that DC> apparently it was reverse-engineered. Interesting. At the time, there were suggestions that something illegal had happened to accomplish this. It sounds like that was not true, after all. ... The rest of this tagline is encryp*&l#1E0+=|>fcd}85^7@jowxz*7"[=- ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Jim Bell Area: Public Key Encryption To: Chris Adams 26 Jan 95 22:15:02 Subject: PGP News 2 UpdReq -=> Quoting Chris Adams to Jim Bell <=- CA> On (21 Jan 95) Jim Bell wrote to All... JB> Contrary to popular belief, the NSA can decrypt public keys of most JB> practical key sizes. However, the computer resources needed to decrypt JB> public-key-encrypted messages make it difficult for the NSA to perform Please note: The above is a part of an article that appeared in EETimes newspaper. CA> Does anyone know what they consider practical size? Many months ago, there was news that using about 8000 MIPS-years of CPU time, a 428-bit RSA key was cracked. Depending on who you listen to, an increase in 10 bits doubles the effort required. This would make a 512-bit key 2**8.4, or about 300 times more difficult. I think it's fair to suppose that the NSA is capable of cracking 512-bit keys with some significant effort. It seems unlikely that they can touch 1024-bit keys. CA> Also, has anyone CA> considered moding the PGP code for, say, 32kb keys? (Sure, it's a CA> LITTLE slower, but most of it is done in IDEA anyway. It would be pointless, I think. From what I understand, a 128-bit IDEA key is roughly equivalent in "difficulty" to a 3000-bit RSA key. If you had an RSA key substantially longer than 3000 bits, it would be computationally easier to attack the IDEA directly. CA> BTW, has anyone CA> increased the complexity of IDEA (ie, larger sizes, etc)?) Wouldn't CA> hurt to use the added capacity of these expensive computers... Nah, it wouldn't be necessary. With 128-bit keys for IDEA, there are 256 trillion trillion trillion combinations. Not doable with brute-force techniques for decades. However, if IDEA had a flaw... JB> broadband intercept and decryption if many end users use public-key JB> encryption. Long before it becomes practical to brute-force RSA or IDEA, so many people will use such techniques on a regular basis that NSA won't have a prayer of following ANYBODY! And naturally, it will be possible to simply increase the number of bits to whatever is then thought necessary to stump NSA. ... The rest of this tagline is encryp*&l#1E0+=|>fcd}85^7@jowxz*7"[=- ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Jim Bell Area: Public Key Encryption To: Rich Veraa 26 Jan 95 22:18:04 Subject: PGP News UpdReq -=> Quoting Rich Veraa to Jim Bell <=- RV> Quoting an article, Jim Bell wrote: JB> Last week, Philip Dubois, Zimmermann's lead counsel, met JB> with U.S. assistant attorney William Keane, the government JB> lawyer handling the case. Dubois sought to persuade Keane JB> not to proceed toward an indictment that could result in JB> sactions of up to 10 years in prison and $1 million in JB> fines. JB> [JB note: Somebody ought to find William Keane's _home_ JB> address and post it on the Internet. After a few hundred JB> nasty-grams have arrived, maybe this numbskull will get the JB> picture.] RV> You'd only make him mad. Any such outburst would only convince him RV> that we represent a real danger, and put Phil's neck in a noose sure as RV> hell. Well, I agree that maybe we ought to wait a month or two to see if an indictment is produced. ... Horiuchi: "Drop that baby, or I'll shoot!" ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Rob Szarka Area: Public Key Encryption To: Jim Bell 23 Jan 95 23:10:44 Subject: PGP News UpdReq -=> Jim Bell spake unto All, saying <=- JB> [JB note: Somebody ought to find William Keane's _home_ address and JB> post it on the Internet. After a few hundred nasty-grams have JB> arrived, maybe this numbskull will get the picture.] That would only confirm his belief that PGP users are a bunch of lawless buttheads. Bad idea. ... Aw, come on guys, can't you take a #@%#^*%NO CARRIER 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Jeff Trowbridge 26 Jan 95 19:05:00 Subject: pgp problems UpdReq -----BEGIN PGP SIGNED MESSAGE----- JT>> JT> BTW, when you encrypt a file with the ascii armour (.asc JT>> AG> extension) JT>> JT> is it just as secure as one encrypted by binary (.pgp extension)? JT>> AG> Yes. Ummmmm... You *are* talking about encrypting with the '-ea' switches in unison... not just '-a' right?? Sorry if I missed something, but on the ODD chance you're not aware of it, '-a' doesn't really encrypt. It's PGP's form of UUENCODE. I'd really hate for ya' to be sending that million-dollar tax return to your accountant thinking it was private, while ANYONE could read it. ;-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBLyg4mukStfMM4BMZAQGPSgQAkpskCNamA9wAuCTkKiMp69bM6DaSV393 gS04BwAbsAkFu4nUR/RtoPF7hsWTwrAbKS1r+87QAG3qIKHxhs/SrWU4H/uTFV+R vd3orZCLP6tq+yuh5OyMnIJooAY8pTuQm5M61MOC3UUJPlfgJhmOPaEf3/Q8MW7F es6JOFNkkRw= =vrh9 -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Michael Babcock 27 Jan 95 11:52:00 Subject: January meeting with UpdReq > Can I get this signed? Sorry, my archive only goes back to the 10th. Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: David McIntyre Area: Public Key Encryption To: Ryan Shaw 24 Jan 95 06:53:50 Subject: Re: PassPhrase UpdReq -=> Quoting Ryan Shaw to All <=- RS> Is there a way with PGP to change your passphrase without RS> changing one's public key? PGP -ke Your_user_ID RTFM :) ~~~ PGPBLUE 2.0 201434369420143436942014343694201434369420143436942014343694718 From: Jim Bell Area: Public Key Encryption To: FLOYD DRENNON 28 Jan 95 01:01:00 Subject: PGP News UpdReq JB> [JB note: Somebody ought to find William Keane's _home_ address and JB> post it on the Internet. After a few hundred nasty-grams have arrived, JB> maybe this numbskull will get the picture.] FD>Nothing like good old vigilante action when we don't agree with something, huh FD>Jim? First, I did not mention "vigilante action," you did. (What I did suggest was a little peer pressure, a little "friendly persuasion.") A check of a dictionary defines "vigilante" as a member of a "vigiliance committee," and it further defines that committee as: "a group of persons organized without legal authorization professedly to keep order and punish crime when ordinary law enforcement agencies apparently fail to do so." However, that is, essentially, what Keane is doing with respect to Zimmermann. But not quite: the difference is that even "vigilante action" professes to punish crime. Zimmermann did something (writing PGP) the government doesn't like, but isn't illegal, so its representatives aren't even rising to the level of engaging in legitimate "vigiliante action" to use your words. In Zimmermann's actions, there is simply no "crime" to punish. They are engaging in threats, extortion, abuse of their offices, and probably plenty of black-letter-law crimes, but naturally they will never be punished, because that's not the way this country works, unfortunately. ... Bill of Rights: Void where Prohibited by Law ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Tim Witteveen Area: Public Key Encryption To: All 26 Jan 95 18:25:00 Subject: Thanks for the tips! UpdReq -----BEGIN PGP SIGNED MESSAGE----- Thanks! I really appreciate all the tips. Espicially from Jason Carr, Christopher Baker, Mark Drew, and Shawn McMahon. I am still playing with different setups, but the info was really helpful! I have used (so far) the batch file (thanks Jason) and PGPBlue. PGP- Blue was slick and easy. I have a few more to try out too. Thanks for the help. tim ~~~ PGPBLUE 3.0 ___ Blue Wave/QWK v2.12 ___--BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyg95Yuohp8d36IVAQEB+wP/T1svF2l6qJhpKF0OxyZqtsO6DW+6+VYc H6RBo7PMy+yniXPcvmzTsunfOlbGDGwyrO+TJ78aVkIIGHTE1wNHYAphUizQFV5S 00AVg9fN8aXUbL8SdkfR6uxrqi+wF9GMogN+BLn2ukoPO8D2HK9uRkLT+H0QmYJp AoKoY2UJYvY= =D/Xf ___--END PGP SIGNATURE----- ~~~ PGPBLUE 3.0 201434369420143436942014343694201434369420143436942014343694718 From: Nolan Lee Area: Public Key Encryption To: All 28 Jan 95 00:28:54 Subject: version for Linux UpdReq Has anyone ported PGP 2.6.2 to Linux? If so, where can I find a copy? Thanks in advance, Nolan 201434369420143436942014343694201434369420143436942014343694718 From: L P Area: Public Key Encryption To: Shawn Mcmahon 27 Jan 95 10:29:00 Subject: Re: Pgp News 2 UpdReq SM>The weak point in PGP is the RSA encryption Is this something that you could explain here (if so, please do) or do I need some background to understand? Does this have anything to do with the difference (if any) between the encryption used in pgp23a as opposed to the MIT versions? This question no doubt displays my ignorance, but there's no such thing as a dumb question, right? Thanks 201434369420143436942014343694201434369420143436942014343694718 From: L P Area: Public Key Encryption To: All 27 Jan 95 10:50:00 Subject: Pgp 2.6.I UpdReq A friend of mine was talking with someone outside of the U.S. who uses pgp 2.6.i. The person who lives in a country in the "free world" had a question regarding pgp 2.6.i that we could not answer, and I was hoping that someone here could help. Here it is: =====Begin quote====== The README.1ST file for PGP2.6.i says: "If you must change the version number of your keys and messages, you can do so in the language.txt file instead." I reviewed the language.txt file, and there is no reference in it to the version number to be displayed when the program is run. There is no line like: Version: 2.6.i. In fact, there is no reference to the term "Version" or "2.6.i" that would suggest a possible location for changing the displayed version number. How does the language.txt need to be modified so that the program would display a different version number? =======End quote======== Thanks for any help. 201434369420143436942014343694201434369420143436942014343694718