From: David Chessler Area: Public Key Encryption To: Jim Bell 9 Feb 95 10:38:00 Subject: Pgp news UpdReq On 02-07-95 (16:25), Jim Bell, in a message to Jeffrey Bloss about "PGP NEWS", stated the following: JB> JBl> That's all Philip Zimmermann needs... a bunch of intimidating >letters > JBl> sent to the prosecutor. :( JB>That assumes that the letters are "intimidating." What about a few >dozen "NICE" letters... mailed to his house? Give up. You're wrong. Dangerously wrong. Even "nice" letters to the house would be taken as "we know where you live," and as a threat. You would have the FBI on you in a flash, and Zimmermann in the worst maximum security hell-hole in the federal system: Joliet, I guess. JB>Acting like sheeple (you _do_ know what a "sheeple" is, don't you?!?) >only encourages the thugs to continue their previous abuse. Cheap threats are worse. The militias in Michigan and elsewhere have the feds shitting bricks (pardon the expression), but they don't threaten a thing. They just say they're to defend against tyranny--and then give examples of armed raids on the house of someone. But they never mention individual prosecutors, or BATF agents, or anyone else. If they did that, they would be put away and the key lost. Unless you have a militia, you are just a pest, and they will squash you--and PRZ--like a cockroach. -- ___ __ david.chessler@neteast.com d_)--/d chessler@capaccess.org chessler@trinitydc.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Scott Mills Area: Public Key Encryption To: Christopher Baker 10 Feb 95 13:24:38 Subject: unauthorized info gathering instead? [Was: Unauthorized Entry]UpdReq -----BEGIN PGP SIGNED MESSAGE----- Tuesday February 07 1995, Christopher Baker writes to Armando Ortiz: AO>> o - Your FULL NAME (F, M, & L) CB> okay. why the middle? rarely does anyone use the middle in e-mail. Why do you assume that? I've always used my middle name in email. What I don't use is my first. I get your point about this guy though. It sounds more like a scheme to gather names for a junk mail list than a beta test. Scott Keep Clinton warm this winter, he hates the draft. Scott Mills 1024/26CD5D03 For my PGP key freq PGPKEY sm@f119.n265.z1.fidonet.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLzuwFCP6qSQmzV0DAQEM9AP+Jul0/q3JMncieouwo+ZgiR1fRkE96Tqh wgHM6qz/4OyNs/DbD0sCZHocxt2CFrfLAFJ2DRQ3gJnGf9w8lIxFHh19I618q9dy c3QbXDd+xIX4f7zwL5pxFezLlLTnnRiXlbUC6D/CfVy5kU2JiiKWLH8UB8wY5Hb9 n3MnGCs3x6E= =5XHE -----END PGP SIGNATURE----- --- 201434369420143436942014343694201434369420143436942014343694718 From: Scott Mills Area: Public Key Encryption To: All 10 Feb 95 13:42:12 Subject: Golded @enc: PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- I noticed that Golded is now putting an extra kludge in my messages. Everything that has a PGP sig has @ENC: PGP as a kludge line. A quick look through the docs of the latest gamma gave the following excerpt. Finally, if the string "-----BEGIN PGP " is found as the first 15 characters in a reloaded message, GoldED will now automatically add the FSC-0073 kludge "^aENC: PGP" to indicate that the message is encrypted. Does anyone have any further info on this kludge? Is this just to make it easier for sysops to bounce PGPed traffic or is there another use for it? Scott New Opcode #4: HCF - Halt and Catch Fire Scott Mills 1024/26CD5D03 For my PGP key freq PGPKEY sm@f119.n265.z1.fidonet.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLzu0yCP6qSQmzV0DAQEsQQQAhphFcM+bOThRAHqvWYrwxpvpgVYcdOS3 tC/4Df6rjmtwVaJm45TpEdjv0RqADiYHQiQzptJSKwr8Wn+a4Xb4cAP0epxp16+Y 8yrj/HjkzxwL2DvF4laQmrOwuevzJ06wKpY5cgDFaxbYqzJLC8uGnbEiW0/mqPkB QjfsW/ZCIYA= =avAL -----END PGP SIGNATURE----- --- 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Scott Mills 10 Feb 95 17:09:00 Subject: Can I Freq Pgp? UpdReq > Not even close to the worst case. Go over to DR_DEBUG and post a > message with > even a PGP fingerprint in it and see what happens. The co-mod there > wanted my > access yanked because I kept posting "encrypted" messages. I've come to the conclusion that a lot of people ENJOY being stupid and pigheaded. Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Bill Brown Area: Public Key Encryption To: Alan Pugh 9 Feb 95 15:51:06 Subject: inquiry UpdReq Hello Alan, Sunday February 05 1995 10:00, Alan Pugh wrote to Shawn McMahon: AP> the spook would see the beginning of, say, the constitution and AP> say "oh, that rag again" and delete it. There's certainly something poetic about that image ;) but I would suspect there'd be automated AnythingChangedInThis? programs to check for messages "hidden" a page or two from the top. Bill Brown 201434369420143436942014343694201434369420143436942014343694718 From: Bill Brown Area: Public Key Encryption To: All 9 Feb 95 17:25:06 Subject: Revocation authenticity question UpdReq *** Answering a msg posted in area PKEY_DROP (Public key distribution echo). Hello All, Here's an excerpt from a "unique" situation which brought up a question for me. Thursday February 09 1995 16:49, Bill Brown wrote: GC>> Somehow, I actually managed to get a 2048 bit key 'stead of 2047 GC>> and PGP didn't much like it. Anyway, in the process of fooling GC>> with it, my secret ring got eaten. BB> The moral of the story seems to be keep backups beefore playing with BB> new things. I'll agree with that one. :) I'd be quite curious to BB> hear (over in the main echo) how you managed to get a 2048-bit key. And I WOULD like to hear that too, but my question is below. :) GC>> If you have the old 1024 bit key (KeyID D0B18F11) and haven't GC>> received the revocation, please disable it also. BB> Would it help for me to provide you with the copy of the revocation I BB> have? If so, here it is: BB> -+---BEGIN PGP PUBLIC KEY BLOCK-+--- [deleted for space considerations] BB> -+---END PGP PUBLIC KEY BLOCK-+--- BB> Ask a trusted source to verify it on his/her system and perhaps you BB> can add your current (7AD2A93D) signature to it. I'm not really sure BB> how one goes about dealing with authenticity issues in a case like BB> this. It might make an interesting thread over in the main echo BB> though. How DOES one go about verifying a revocation certificate, in a case where the original secret keyring has been lost or damaged? In this case, the revocation has a signature from the original owner. (Presumably this happened BEFORE the seecret keyring was eaten.) Is this adequate to ensure that the revocation is genuine? Yes, *I* am certain it was actually revoked, but how do OTHERS determine the authenticity of the revocation which I excerpted from my public keyring? Specifically, how does the original owner determine that the revocation certificate *I* provide is not a forgery, especially in the absence of his original keyrings? The presence of a trusted friend who ALSO has an identical copy of the revocation would be handy, but what if that's not available to the original user? AND, an additional question, IF the original owner is satisfied that the revocation is indeed genuine, is there a means that he can "sign" the revocation certificate which I provide, with his new key, to indicate this satisfaction? (Can one sign "another's" revocation certificate? ... Apparently not.) This (unanticipated?) circumstance is certainly NOT addressed in the docs and probably can only be determined by "playing with" the program to see how it does and doesn't perform. I fully believe that the best way to learn a given piece of software inside-out is to "play with it" but ... in light of the "fun" that some of us here have had with revocation certificates lately, ... I really would rather not attempt ANYTHING relating to generating my own revocation certificates, especially in the absence of need. Can anyone here shed any light on this for us? Bill Brown 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: William Hattenhauer 9 Feb 95 18:25:10 Subject: Re: PGP Forever !!! UpdReq -----BEGIN PGP SIGNED MESSAGE----- WH>*!1st w/o 2nd Can NOT stand! 2nd w/o 1st is =ly bad! Food 4 Media Types! Am I the only one who sees Bill Clinton asking for 100,000 more police, adds it to the "warrantless" search legislation the House passed today, and gets a VERY COLD CHILL down my back? Of course, last year's "crime" bill had provisions that would allow for property confiscation "as the result of investigation." Not conviction, mind you, but merely investigation. I think we're going to see repression happen very quickly in this country. Half the Bill of Rights has been nulled, and the other half doesn't matter anymore. Of course, since the House excluded the BATF from the warrantless searches (thanks to one of my Missouri Representatives), that means that relatively few of my family members will die flaming deaths should a raid occur. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLzqyWZ5xs6E4H32JAQF7Swf+IFn0RsNT8FdiCOJneIG9PTJxznyKjmkU mblfuzS099mxO/v8imzUW11Dyf7ezwBxI3+Fa45pa6PeDsI2K1+xU/GSu72prMvI DWEJ3Ky2HOQsIH71d8oYoJ1zdAQuCT2pFk91V7meZBLhDfUc+JzjxAxuI2ExMC8H tWT1mujAYAASmojFkPdjxPgAeKjnKJUpYMhRo8wOfWdbyhrWeX02uEMajBQ+zNFB ZuyoMBptuQkNGKSLAtwg0Aasv1+k+hAwNW+OSAXMuwq9/2/1dl417bWmQ3Xd0Hpa Eo1Dgd4BPDybHHfPcSqp32PhlcVNnyZ8p8cI7/ygF815xUoiDnKhoA== =wBDo -----END PGP SIGNATURE----- * 1st 2.00b #567 * If not for politicians, we wouldn't NEED assault rifles. 201434369420143436942014343694201434369420143436942014343694718 From: Bruce Davis Area: Public Key Encryption To: David Mcintyre 10 Feb 95 06:56:10 Subject: PGP and BWave UpdReq -----BEGIN PGP SIGNED MESSAGE----- JC> David McIntyre wrote in a message to Bruce Davis: DM> messages. So I just use EZ-PGP. But for another odd DM> reason, QEdit loses its cursor if I just go from Blue Wave DM> to the editor, so I use PGPBlue to edit the message. Go DM> figger. :) I had the same problem with the missing cursor in QEdit. I went back to the QEdit configuration utility and changed from a solid cursor to a blinking cursor, it fixed the problem. By the way, I HIGHLY recommend PGPBLUE as a BlueWave/PGP Interface. I've been using it for approximately 6 months...and it's a good solid program. - -- ******** Bruce Davis ******** bruce.davis@mercopus.com ******** Tampa, FL ******** 70214.2670@compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Bruce Davis iQCVAwUBLztRGnPGy9VvHHfxAQH22wP/RCbCWyV9Q2Ybbab3xedDNMHxoMke8YF9 JvPlAn4VsWmKa4sBMmZ1ANGOs36Nlx8WXPhcWSuGTkg2+Pz+2N1Pt0uaUXwl3JZt 8zByv9IakVromxVhw2xdf81I7CIZBh1FlYNbWZGiGVv1DyKMvP8UhSBlJ7mdqDoK /sQeTpKOCLI= =CF2M -----END PGP SIGNATURE----- ~~~ PGPBLUE 3.0 ___ Blue Wave/QWK v2.20l Beta 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Alan Pugh 10 Feb 95 20:12:10 Subject: Can I Freq Pgp? UpdReq AP> AP> i really like fido and related nets, which is why i read and post AP> AP> here and in more areas than i can sanely keep up with, but as a AP> AP> network, fido needs to grow up a little. AP> MB> Had to beg my local sysop to let me 'sign' my messages, and got AP> MB> removed from fidonet for two weeks because someone sent ME an AP> MB> encrypted message via netmail...as if. AP> i used to understand their paranoia until i started posting to the AP> internet. i send a _lot_ of private encrypted e-mail across the net, AP> and never have anyone raise an eyebrow unless it has to pass through AP> fido. it's a shame because it is pushing me away from fido and i've AP> been posting in various places on fido since before we had offline AP> readers widely available. I can identify with your feelings on this one. I too, have been tending to move away from Fido, Rime, Intelec, and the other 'hobbyist' networks that severely restrict or ban encryption outright. I've said in the past that this eventually will be the death knell for Fidonet (and the other networks), if it doesn't change. I find Fidonet netmail slow and unreliable, in addition to being vulnerable. With the exception of a tiny handful of echoes (like this one), I've been finding Fidonet less and less useful over time. The supreme irony here is that, according to what I've read, Fidonet founder Tom Jennings is an avid PGP user, and privacy activist.... Ian Hebert London, Ontario, Canada RIME: HOMEBASE (5508) Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B 201434369420143436942014343694201434369420143436942014343694718 From: Donald Rose Area: Public Key Encryption To: Alan Pugh 11 Feb 95 00:52:00 Subject: Re: Inquiry UpdReq AP> i like to send random messages across the internet with zero content AP> to give the spooks in the nsa something to do. let them try to AP> decrypt a message that is nothing more than random characters AP> hopefully they will waste a significant amount of time doing so. i've Better yet, take a .gif file and crypt it about 60 times (the same file), so when they finally get it open they see Bill the Cat looking at them with his tounge out. THBBBT!! ... Friends, Romans, countrymen, lend me your goats! ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Nolan Lee 10 Feb 95 09:34:04 Subject: Unauthorized Entry UpdReq -----BEGIN PGP SIGNED MESSAGE----- Despite the advice of tribal elders, Nolan Lee said Unauthorized Entry to Richard AO>>* o - Your FULL NAME (F, M, & L) AO>>* o - Your mailing address AO>>* (Sorry, no P.O. Boxes accepted, please include AO>>City, * State, Zip, and if any, Apartment #'s) AO>>* o - Your home phone number (Car phones or pagers not AO>>accepted) * o - Your birthday AO>>* o - Current job description AO>>* o - Internet mail address AO>>* o - Your public key AO>>* o - How long you've been using PGP with or without an AO>>interface RD> Sounds interesting, but what does some of this stuff have RD> to do with the price of beans in China? I use a PO Box, RD> period. This may put me out of the running, but that's the RD> way it is. Sounds a wee bit fishy to me. NL> Could be spies for the gov't trying to compile statistics. :-) NL> I've beta tested a lot of software and never had to answer any NL> *any* of those questions, other than a voice phone number. I'd have to agree here. This sounds exactly lie the kind of information (especially the demands for _home_ addresses and phone numbers) that government spies would find extremely useful in harassment campaigns and that nobody else would have any real use for. (My home address would be of no use for mail delivery, as I live in rural Colorado, in a region where mail delivery to individual residences is not provided. My mailing address is a P.O. box in town.) I would certainly refuse to answer this interrogation. I'm surprised that they didn't ask for SSAN. // Glen PGP F2F935C1 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The right of the people to be secure in their persons and papers iQCVAwUBLzt/2h1IzyRmn+dFAQHZwAP+OQgh2BC3eZBXFsuULKgxxRPgB44uBQNt IC45ppk472lOFInS1gFQHEtSVSjG8NKqdAMB+oV53VPSrGPbL52Jia1yB9lWk8EZ ule/GKRhoUoUzpoI9R9x1KWWfVxyQ2Djr1EsFqTolMIv2B/ak0gh8kDnJgm2PGTY yNhu018eNj0= =oyg4 -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.5 ... Back up my hard disk? I can't find the reverse switch! 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Scott Mills 10 Feb 95 16:08:10 Subject: Can I Freq Pgp? UpdReq -----BEGIN PGP SIGNED MESSAGE----- Despite the advice of tribal elders, Scott Mills said Can I Freq Pgp? to Alan SM> Friday February 03 1995, Alan Pugh writes to Richard Dale: AP>> *it. in the rtkba echo, you can't even send a signed message because AP>> *the moderator is paranoid that there may be some kind of message AP>> *hidden in the key. Waitaminnit! Reality check here... This guy's running RTKBA, and he's worried about there being something the _government_ can't read. Sounds more like he's working _for_ the government. Not to mention being technically illiterate, if he can't understand the difference between an encrytpted message and a signature. SM> Not even close to the worst case. Go over to DR_DEBUG and post a SM> message with even a PGP fingerprint in it and see what happens. The SM> co-mod there wanted my access yanked because I kept posting "encrypted" SM> messages. Yeeesh! Where do they get all these clowns? Not familiar with the echo named, but the guy sounds totally bananas. Maybe we ought to consider going over there en masse and flooding the guy with clearsigned messages suggesting that he get a life -- or at least a little knowlege of computers.{grin} // Glen PGP F2F935C1 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The right of the people to be secure in their persons and papers iQCVAwUBLzvDlx1IzyRmn+dFAQFzowQAjG6SDt/ncUWhj/GO3Dm3+KENM92LBSvp 2WYYEcgdBiJ3am2wRY8XKoYwVHNQWsd1cdMXi9mfNOrjfb/uQYaticfjJEHKaIc8 i1bSp8UZc7QJUoU8GKMPqAI/vJG2zrCzs1sDVsaHoi7rYQdODsR16Oig1Q1atPd8 QULRFx/shs8= =bwuS -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.5 ... Redneck Menu Conundrums #1: What wine goes with Moon Pies? 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Scott Mills 10 Feb 95 17:11:14 Subject: Can I Freq Pgp? UpdReq -----BEGIN PGP SIGNED MESSAGE----- Bright the day, Scott! Wednesday February 08 1995 03:26, Scott Mills wrote to Alan Pugh: AP>> you got it. worst paranoia of encryption i've ever seen. SM> Not even close to the worst case. Go over to DR_DEBUG and post a message SM> with even a PGP fingerprint in it and see what happens. The co-mod there SM> wanted my access yanked because I kept posting "encrypted" messages. BTW, PGP is _encouraged_ on my board (High Reaches CyberSchool) and in the echoes that I moderate. Wind to thy wings, Glen ... Beware of strong drink. It can make you shoot at Fascists - and miss! - --- GoldED/386 2.50.B1016+ Gamma -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip. iQEVAwUBLzwA9UsDfAvy+TXBAQHV0wf/VRg36E8ZNk19KMb7UVWTq5c3RPJzDrGQ T+O8XX5sUJjr9J36XIb1SLnVxvL/8PQn5vlSA6pumYaugsa1lanS4I8BBCGxMp5D ubMg4MXSNyO02gXLNAfB9X/B/SuM0JOMrzaZhQmplBhh06voePVUGgGpuDqsh7ZG 1EXnRAxB9RlURFZxNp/nEMYjpFF6wdp60ZZ781YCJHdutGuokDJrwj336eKPnO2c aiwVfPWMWPaxsNglZvlMAtqHisAFfFSr2f0zBXmNjrqJtRI4T+6TibcR2vNLOgdR KlFcThRwn09Xt8VgULhT/hJOLO0hKB9UxqvwjxG4iHinZyyz5wWs7g== =XGFA -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Christopher Baker 10 Feb 95 16:12:00 Subject: comment line [Was: Re: Pa UpdReq -----BEGIN PGP SIGNED MESSAGE----- CB>> i find no reference anywhere in any of the docs to the comment line CB>> parameters where quotes accomplish anything. Probably not there... CB>> JB> The quotes aren't necessary unless you want to "right justify" your CB>> JB> comment like I do. Without them, the leading spaces are ignored CB>> your comment line is in the same place as mine. are you sure about this? Absolutely. CB>> have you tried double quotes? where did you pick up this info? Figured it out all on my lonesome. ;) I was trying to add a high ASCII comment... just to see if I could. Putting the comment in quotes was something that occurred to me while trying to "contain" the effects of the high ASCII characters. I'm not absolutely sure if it occurs in EVERY case, but with clearsigs at least, high ASCII mucks up the signature. :(( FWIW, those quotes can come in REAL handy... like working with keys. Typing: pgp -kxa jeffrey bloss tries to find a key for the first occurrence of 'jeffrey' and outputs the key to BLOSS.ASC. If there's another 'jeffrey' in the pubring before me, HIS key get's exported. Typing: pgp -kxa "jeffrey bloss" finds my key just fine. :)) You can even type it: pgp -kxa "jeffrey bloss without the close quote and get the same effect. And you're right... I don't see anything in the docs to tell you this. CB>> JB> Comment: -=[ Privacy Through Random Acts Of Encryption ]=- CB>> your previous one did not move over. weird. Could be I messed up the reconfigure when I swapped hard drives. Went from 2x40meg to 40+420. :)) Couldn't get new drive to co-exist with PGP drive. Had my keys backed up of course... but not the CONFIG file. Duh! :) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBLzvWoOkStfMM4BMZAQGvDgQAtZNooKm9nzn912EeNn4qyF0JuhfQoPWb sy2k2fkv1ywTqC4XkjUiIm6d6kpqFhPpSMI8qFBm5j+KoT4XOyE30aSmhV3bhr7Q MkwQAbRMo1Yc5GdQdJX6NTaBDho/B0qoe57hx8WkviCIoE93I6NnuADK8LFnDVBE 3FWY5H2Ff/k= =yqJc -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Jason Carr 10 Feb 95 16:23:00 Subject: Re: PassPhrase UpdReq -----BEGIN PGP SIGNED MESSAGE----- JC>> JB> Comment: -=[ Privacy Through Random Acts Of Encryption JC>> Nicely done, BTW. Although my editor ate it, the justification to the JC>> right side of the sig block looks very clean. I may have to adopt that Many thanks... I appreciate the compliment. :)) Now if I can just get the sucker to STAY there. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBLzvZO+kStfMM4BMZAQFtiQP/S+cyBzP7lOuZWYyQsB6yADCY+xqubOYq 6hgDRFISOM52dU7GZYepImn5TMIyaA5ZfBW/HXz7Mr7ntx2Ma58rCxUZpJtovysN eaGQrwTb23zU3yyUJSzb5TrKBwT80Vuwt+Z8pu24mFtnqgh5M3vRI0Ll7KiCO1i4 fBySdY5Z8zI= =CtAl -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Chris Adams 29 Jan 95 20:32:00 Subject: Pgp news 2 UpdReq On 01-25-95 (11:20), Shawn Mcmahon, in a message to Chris Adams about "PGP NEWS 2", stated the following: SM>Despite the stern warnings of the tribal elders, Chris Adams said this >to Jim Bell: SM> CA> Does anyone know what they consider practical size? Also, has >anyone > CA> considered moding the PGP code for, say, 32kb keys? (Sure, it's a >LITTLE > CA> slower, but most of it is done in IDEA anyway. SM>A LITTLE slower? If you consider "takes the rest of your life to >process one key" to be "a little," I suppose... :-) Right now, the RSA public key is the weak link in PGP. The best estimate is that at 2500-3000 bits, the RSA public key becomes as strong as the IDEA symetric key algorithm. SM> CA> BTW, has anyone increased the complexity of IDEA (ie, > CA> larger sizes, etc)?) Wouldn't hurt to use the added capacity > CA> of these expensive computers... There is still no known attack to IDEA. There are some discussions of replacing it with triple DES, but that would be 3 times slower (IDEA, with 128 bits, is about as fast in software as single DES, with 56 bits; triple DES is said to have 112 bits, but that may reflect the implementation). It is not certain that triple DES would be more secure than IDEA. Someone has proposed DES-IDEA-DES, which would be nice, but still would be 3 times slower than single IDEA. SM>The weak point in PGP is the RSA encryption, and that is more than >secure enough for now. 1024-bit keys probably won't be factorable for a >few more years, and 2048-bit keys may very well *NEVER* be factorable in >your lifetime. (This last is all IMO, but I'll be glad to dig out >Schneier again if you need an opinion from somebody qualified.) Well, that depends on the advances in factoring. Reportedly, there have been significant advances in the past year, and the 6000 mips/years used to factor the 129 digit (430 bit) key could now be done in 2000 mips/years. Anyhow, if you increases the size of your public key, who will you communicate with? One reason I haven't expanded my public key is that 2048 bits is still in beta on some important platforms, including the MAC (my son has a MAC). And if your just encrypting for yourself, why bother with PGP? Just use IDEA (SECDEV or SECDRV), or another strong algorithm (SFS). ___ __ chessler@trinitydc.edu d_)--/d chessler@capaccess.org * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Chris Adams Area: Public Key Encryption To: David McIntyre 9 Feb 95 23:29:14 Subject: PGP News 2 UpdReq On (29 Jan 95) David McIntyre wrote to Brian Mitchell... CA> JB> Contrary to popular belief, the NSA can decrypt public keys of DM> most CA> JB> practical key sizes. However, the computer resources needed to DM> decr CA> JB> public-key-encrypted messages make it difficult for the NSA to DM> perfo CA> CA> Does anyone know what they consider practical size? Also, has anyone CA> considered moding the PGP code for, say, 32kb keys? (Sure, it's a DM> Hmm... It would make it slow, but probably put the time-to-crack at DM> about a billion or so years, instead of the thousands that it would take DM> to crack a 2048-bit key. :) My numbers are probably off, but they are DM> to illustrate a point, rather than to be accurate. Notice what I was replying to: a message which said that the NSA could crack public keys NOW. In other words, not thousands, but much less... ... I'm coming Dear, I only have 437 more messages to read! 201434369420143436942014343694201434369420143436942014343694718 From: Chris Adams Area: Public Key Encryption To: David Chessler 9 Feb 95 23:31:50 Subject: quotes as passphrase UpdReq On (31 Jan 95) David Chessler wrote to David Mcintyre... DC> In any event, if you're under surveillance, now that PGP is available, and DC> SECDRV and SECDEV and SFS, you can figure that the surveillance will DC> include a Tempest attack (monitoring what you type and what appears on your DC> screen. Putting the cover back on your PC will help :-), as will switching DC> to a portable, but you're really going to have to line your room with DC> aluminum foil and do other strange things to really defeat a Tempest How about just having about 4 different computers at the same clock rate right next to each other? Just have the other 3 running Windows to burn those clock cycles... ;) Someone suggested a tesla coil, but I think that would be dangerous, unless it drained COMPLETELY through the case into the ground cable, at which point it would probably be very effective... Also, an RFI generator would help. ... The worst thing about political jokes is, they get elected. 201434369420143436942014343694201434369420143436942014343694718 From: Chris Adams Area: Public Key Encryption To: Alan Pugh 9 Feb 95 23:43:00 Subject: inquiry UpdReq On (05 Feb 95) Alan Pugh wrote to Shawn McMahon... SM> Our custom is to give innocuous messages, even trivial ones like "gee, SM> Mr. G-Man, you decrypted this! I feel safer already!" subject lines SM> like "cocaine shipment schedules" or "that package for Saddam" or "the SM> crow flies by moonlight." SM> If both sides were running the proper software, I'd encrypt my AREAFIX SM> messages. :-) AP> neat idea. i also like sending copies of the 1st ten amendments to AP> the us constitution, (otherwise known as the bill of rights), as well AP> as the declaration of independance and whole constitution. How about setting some old XT to work generating random PGP keys and using different ones for things like Areafix, etc, that way the NSA would have to crack many different keys, even though nothing important would ever go through them? ... Remember, the paper is always strongest at the perforations. 201434369420143436942014343694201434369420143436942014343694718