From: Lowell Barger Area: Public Key Encryption To: All 13 Mar 95 23:12:32 Subject: PGP or RSA for CP/M computers? UpdReq All my computers are CP/M, and I'd like to know if PGP or RSA is available for CP/M computers. If so, I'd like to know where I can get them. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: John Moser 12 Mar 95 13:55:28 Subject: PGP/PGPBLUE UpdReq JM> In running PGPBLUE (Yes), and bringing up the Main Menu, the JM> following functions work as indicated: JM> JM> (M) Message Editor ....... works OK JM> (D) Decrypt/Reply to Msg.. works OK JM> (S) Sign & Encrypt Msg.... works OK JM> (A) Add Public Key........ not tried JM> (P) Post Public Key....... not tried JM> * (1) Sign a Msg ........... doesn't work JM> (PGP error msg. "file [pgptemp.txt] does not exist]") JM> JM> (C) Check Spelling ........ works OK JM> (E) Encrypt Msg............ doesn't work JM> (Error Msg. "pgpblue.tmp" not found") JM> (L) List/Remove Public Key.. works OK JM> (Q) Quit & Save Msg......... works OK JM> (K) Kill Msg. & Exit........ works OK JM> (2) Screen Pausing.......... works OK JM> same situation here... JM> * Oddly, this function works ok in a similar installation on my JM> 386DX40. The only real difference is that the swap and work JM> directories are NOT on a RAM disk. i'm running a ram disk as well. maybe the program has some kind of problem with them. i'll try to test this hypothesis. i don't think the cpu is it. im on a 486/25 running dos 6.3. (soon to be 7.0 - i can't wait to implement some of my os/2 rexx scripts on my dos machine) i forgot to look. are oyou running registered version of bluewave or pgpblue? amp <0003701548@mcimail.com> March 12, 1995 13:54 ... "Who is John Galt?" 201434369420143436942014343694201434369420143436942014343694718 From: Bruce Davis Area: Public Key Encryption To: John Stephenson 15 Mar 95 13:36:10 Subject: pgpblue problem UpdReq -=> Quoting John Stephenson to Alan Pugh on 03-12-95 12:23 EST <=- JS> If I can take a second to push on of my little products, try taking JS> a look at "PGPWAVE" available under the below origin under that FREQ JS> magic name, also available on a guest account login to the board. JS> ! Origin: The Serpent's Egg II (1:249/126) OK, where can I gate PGPBWAVE. I was a REGISTERED user of PGPBLUE and am unable to get 3.0 to work NOR will the author support the product! -- Bruce Davis bruce.davis@mercopus.com Tampa, FL bldavis@gate.net PGP Key Available on Request ___ Blue Wave/QWK v2.20p Beta 201434369420143436942014343694201434369420143436942014343694718 From: Lowell Barger Area: Public Key Encryption To: All 13 Mar 95 23:13:02 Subject: RSA inquiry ... UpdReq What is the difference between RSA and PGP? Is PGP much better than RSA? 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Brian Giroux 11 Mar 95 23:55:10 Subject: PGPDOC FORMAT UpdReq BG> I'm planing on reformatting the PGPDOC?.TXT file for WordPerfect 6.0, BG> so I can print them out in booklet format. I was wondering if I BG> could then distribute (at no charge) the .WP6 files. This is along BG> the same line as the people who port the source code to other BG> platforms, or people who translate the error messages to other BG> languages. BG> If it's ok to distribute the .WP6 files, would anyone be interested in BG> a copy? BG> Brian Giroux Why don't you mail Phil Zimmermann (prz@acm.org) and ask him for his permission? If you're not charging anything, I can't see how he'd object... although he might get annoyed if you tried doing this without asking first.... Ian Hebert London, Ontario, Canada RIME: HOMEBASE (5508) Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: Jeffrey Bloss 13 Mar 95 22:10:16 Subject: Quotes as passphrase UpdReq i'll take a stab at some of your questions, sir. just for fun. JB> But *why* is it necessary to measure the interval between keystrokes? JB> What is it about that interval that can't be automagically produced by JB> the box in front of you without your intervention?? Do you know what JB> it is that's being measured, what's being done with the results of JB> this measurement, and how is it being used to generate seeds? it is necessary to measure the interval between keystrokes to generate a string of fairly non-reproducable numbers. this method isn't perfect due to the resolution of time on computers, but is _far_ superior to just about any deterministic system where the computer is supposed to generate its own 'random' strings. SM>> computers can't produce random numbers, then be aware that by the same SM>> logic, hammers can't drive nails. JB> They can not... it requires human intervention. exactly. in the same manner, a (well made) firearm is inert without human effort to wield same. =snip= JB> But what everyone has been trying to tell you, is that it can, and JB> *IS* done... right now, today. Even as early as 1980, when I was a JB> fresh-outta-basic-training Air Force "pinger" working on secure voice JB> lines there were very REAL attacks being made against the equipment JB> that provided the encryption services. Not against the algorithms or JB> the cyphertext Shawn, but against the equipment and it's "side JB> effects". tempest and other attacks against most modern electronic equipment is pretty difficult with the exception of monitoring the output of a poorly shielded crt. i think your point is a matter of a threat model. securing such communications against joe blow is many orders of magnitude easier than securing against, say, the nsa. the nsa has a budget bigger than the cia & fbi from sources i know of that are reasonably trustworthy. they just took posession of the first of the latest model cray to hit the market. this is a pretty hefty supplement to their already formidable computational abilities. i recognise that i can't afford to guard against a determined attack by the nsa. hopefully this won't be necessary, but there is no way to know one way or the other unless you have compromised the nsa itself. in brief, low-level threat models aren't much a threat. they aren't the folks i would be concerned about anyway. JB> Strangely enough, in 1981 I was working in a building that also housed JB> a group of Japanese technicians. The first successful attack against JB> *our* secure systems came from a local... using a home-brew machine JB> and a coat hanger. ;) This not only lead to a complete rework of our JB> system, but more immediately to changes in SOP... we now answered our JB> previously thought to be secure phones with "Blue Eagle com JB> maintenance. This is an insecure line." imo no line is truely secure. (two tin cans and a string might qualify under certain circumstances though) =snip= JB> You seem to be confusing the cryptographic/computational world with JB> what you perceive as "practical". If you want to argue that you and I JB> lack the ability to extract data from specific "secure" methods, JB> you'll hear no rebuttal from me. OTOH, even this degree of JB> practicality is relative when you consider we probably don't have JB> identical resources. ;) threat model again. SM>> random, as opposed to indetectable from randomness) I think you'd be more SM>> comfortable in PHYSICS or SCIENCE. JB> My comfort has no real bearing on the subject Shawn. OTOH, physics JB> and science have a GREAT deal of bearing on cryptography. :) no doubt. with the right equipment, you can make use of physics to produce exceptional encryption. i really wish i had access to a good geiger counter and a =very small= radioactive sample to generate one-time pads. JB> And it *is* this "indetectable" quality I'm questioning BTW. i wonder how much processing it takes to determine the difference between truely random data and real good pseudorandom byte streams. do you have any insights on this? amp <0003701548@mcimail.com> March 13, 1995 22:10 ... Damn it! Now they're burning the Constitution!Put it OUT! 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: all 16 Mar 95 00:15:22 Subject: a new rant UpdReq --> Note: Copied (from: PGP_ECHO) by jason carr using timEd. -----BEGIN PGP SIGNED MESSAGE----- Ok. By now everyone's heard my slavering rant about fully encrypted echos (and, by extension, networks). These echos work because PGP will accept multiple targets for encryption. To make life easier I proposed SETting an environmental variable that defines the core group of recipients: =====from PGP_ECHO.FAQ==== | It would still be a PITA to write in all of those IDs like this when you want to encrypt to the whole echo: PGP -ea 0x12345 0xqwert 0xasdfg 0xzxcvb 0x11223 What to do? :) Define all the echo participants in an environmental variable. Then you can call PGP from a .bat and have all the echo participants included automagically (PGP -ea %echo%). SET ECHO=0x12345 0xqwert 0xasdfg 0xzxcvb 0x11223 Don't forget to put your own ID in there, or you won't be able to read the posts you send out... :) =========================== Et Cetera. The main drawback is that the [unencrypted] header grows with each target. This can result in a largish message even when sending to relatively few people. EPIPHANY!!! [Note: to preserve what's left of my reputation, I will refrain from admitting that this epiphany occurring while attending the premiere of Joe Christ's new documentary/film short "Sex, Blood, and Mutilation."] What if the echo participants were to all have copies of the same secret key? It could have the User ID of Group_Key or something, to make sure you remembered what was what. An infinite number of people could use that key in the echo. They could even change the password to fit their own preference. The header would stay the same size because there would only be one target (the Group_Key persona). Everyone in the loop could read the msgs. You could even have different keys for more closely controlled echos. Of course the more people that are in any group the greater the risk of compromise, but hey. The same problem would occur in the multiple recipient scenario, too. Questions? Comments? Rotten vegetables? jason ... Backup not found: I might as well kill myself now... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP_ECHO: CypherEcho to the gods... iQCVAwUBL2f2d0jhGzlN9lCZAQFeCwQAhYAbBQA4KrtH0Jv8IXSEIPkyFKb0rKfh +KPKhef3Htq3u6XewH5Yf3uhhPvRS3bScOr4Gdriqdp+Z5q3ERfSiVx/hqUJNLYO 0HKxrE+C2+Q7D5WQaRRMEGh0ILhAIU/pVrxX6PXpbsKnzdExiXY84AlL0Qb/NKwA gXpRLwYUX7o= =Yosr -----END PGP SIGNATURE----- ... Key fingerprint = 60 97 B2 AE 7D 90 11 2F 05 1C 35 98 E9 B9 83 61 201434369420143436942014343694201434369420143436942014343694718 From: Nolan Lee Area: Public Key Encryption To: Ronald Downs 16 Mar 95 01:30:22 Subject: ENCRYPTION UpdReq On Mar 14 11:10 95, Ronald Downs of 1:261/1116@FIDONET.ORG wrote: NL>> Sure, it states that 2 kilos of plutonium and 2 triggers NL>> will arrive at San Franciso California on the 21st of March RD> BAD PUPPY!!!!... BAD! BAD! BAD! RD> Otherwise, **extremely funny**! Funny? Hell, it was true. thanks, Nolan 201434369420143436942014343694201434369420143436942014343694718 From: Nolan Lee Area: Public Key Encryption To: Lowell Barger 16 Mar 95 01:31:10 Subject: PGP or RSA for CP/M computers? UpdReq On Mar 13 23:12 95, Lowell Barger of 1:343/40 wrote: LB> All my computers are CP/M, and I'd like to know if PGP or LB> RSA is available for CP/M computers. If so, I'd like to LB> know where I can get them. I haven't seen or heard of it being ported to CP/M. I still have a couple of CP/M boxes sitting around here. If you happen to find it anywhere, I'd really appreciate it if you'd let me know. thanks, Nolan 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Gordon Campbell 15 Mar 95 13:59:52 Subject: PGP w/GoldEd UpdReq -----BEGIN PGP SIGNED MESSAGE----- GC> Much appreciated, Bill. I'll give it a shot. If I follow GoldEd's GC> directions and use the suggested command line to sign the message, I GC> wind up with a blank, signed message. :-( That's because the instructions shipped with GoldED through 2.42 (which I see that you're using) are wrong. They've been corrected in 2.50B5, and have been posted here a couple of times recently. Bring back the snakes! // Glen PGP F2F935C1 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip iQCVAwUBL2c3aR1IzyRmn+dFAQF7CgP/dkjCBq1hHeqU5HtFCyv9hzhyrXpGMp6s KqsmdhBKzrjSLDMFznSw7juMp+IpUmqXEsdyWuLzJWvrhtGxxksZ1sFDb1qPFad6 z9bl4TJug8IooXeL6qtZZGUJEfJRPxgMBiS2ONkYVggJ4vpj37XIR8ksw7RZiV9I 7oiD7k7SagA= =GUzj -----END PGP SIGNATURE----- ... Those who give up liberty for security, deserve neither. B Franklin 201434369420143436942014343694201434369420143436942014343694718 From: Peter Bradie Area: Public Key Encryption To: Jerome Greene 13 Mar 95 20:50:06 Subject: Bluewave & PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- -=> Quoting Jerome Greene to Tom Barcellona <=- JG> If problems still pursist, try any of the PGP shells that work with JG> Bluewave. I use EZPGP which is freeware, it does what I want it to do, JG> post my key(s) and sign my messages. And then there's PGP Blue which is shareware written specificly to work with BlueWave and PGP. Only had the program up and running a few days, but I'll have this baby registered in short order. ___--BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBL2UEVISYnLg9ADyZAQE46AP9FMIQ3sHy2L0jJEQIig5JgyTK8NbM8WqF LK5jCD159Akhm4zrVT+PDbmTQsxYz5nMTmm+k7LF0C1y3XTwJ0nUlZeuRjBK41VA DQMvjJTlRNO3JLfT/9iR8a+HaEWC07nJiPXTJHPuJe/vwTI5bIRpr5orVBbEKnOm orpT/36GR1A= =HDG3 ___--END PGP SIGNATURE----- ~~~ PGPBLUE 3.0 ... For every complex problem there's a quick, easy and wrong answer! ___ Blue Wave/QWK v2.10 201434369420143436942014343694201434369420143436942014343694718 From: John Moser Area: Public Key Encryption To: Alan Pugh 15 Mar 95 13:34:54 Subject: Re: pgpblue problem UpdReq AP> i'm getting the following error message when attempting to clearsign AP> with pgpblue 3.0... AP> File [pgptemp.txt] does not exist. AP> does anyone know how to fix this? Alan, I had a similar problem which gave me real gas for awhile. I finally discovered that using a RAM drive for my BlueWave "work" directory was the problem. When I changed the BlueWave "work" directory to a sub-directory on my hard drive, everything worked perfectly. Using a RAM drive for the "swap" directory was OK. And, yes..., I DID try manually creating the appropriate sub-directories on the RAM drive before running BlueWave ... and it didn't help. ~~~ PGPBLUE 3.0 ... O Lord, protect me from those to whom You speak directly... 201434369420143436942014343694201434369420143436942014343694718 From: Forrest Lamont Area: Public Key Encryption To: Nolan Lee 14 Mar 95 06:08:02 Subject: Uh Oh! UpdReq -=> It was said by Nolan Lee to Dave Macpheat <=-03-12-95 23:51 DM> The text below contains a coded message. It is not PGP DM> encrypted! Can you tell me what it says? DM> +6\i.LGy9$>AWk+6\i.LGy9$>AWk+6\i.LGy9$>AWk+6\i.LGy9$>AWk+6\ DM> i.LGy9$>AWk DM> LS04/Vk9ZOcFa@LS/Vk9ZOcFa@LSs*/Vk9ZFa@LSs*/Vkz;9ZFa@s*/Vkz; DM> 9ZFa@s*#]/V DM> lvp2g96@:.H;e>l2g96@:.H;e>l2ORg96@H;e>l2ORg96@JtH;e>ORg96@J DM> tH;e>OR|Wg9 DM> ,JFk*\P23VvTeg,k*\PRO23VvTeg,k*\P23VvT>9eg*\P23`#VvT>9eg*23 DM> `#:0VvT>9eg NL> Sure, it states that 2 kilos of plutonium and 2 triggers will NL> arrive at San Franciso California on the 21st of March of this NL> year. Paymet is to be made in US dollars in the amount of NL> 6 million dollars to a previously mentioned bank account in the NL> Britsh Virgin Islands. NOW you've done it! You just know there's some brain-dysfunctional Fed out there that's going to BELIEVE this. ... Civil servant .... a sentient rutabaga! ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Zorch Frezberg Area: Public Key Encryption To: Ian Hebert 14 Mar 95 23:20:12 Subject: Fight Scientologist Censo UpdReq In a msg on , Ian Hebert of 1:2401/114@fidonet.org writes to Zorch Frezberg: ZF>> -zf- Ask a Scientologist about Rule 45... IH> Lemme guess, is that the one about "fair game"? Close enough to show me you have a _real_ good idea... -zf- 201434369420143436942014343694201434369420143436942014343694718 From: Zorch Frezberg Area: Public Key Encryption To: Ian Hebert 14 Mar 95 23:20:48 Subject: In response to bye!/1 UpdReq Please bear with me...this really *does* have a point... -zf- ========================================================== In a msg on , Ian Hebert of 1:2401/114@fidonet.org writes to Jim Grubs, W8grt: JW>> I resign from Fidonet. The Internet resource makes Fidonet so JW>> trivial in its value as a souurce of information that the IH> Sadly, however, I must agree with your comments regarding IH> Fidonet. The time is rapidly coming when Fidonet (and the IH> other hobbyist networks, for that matter) are going to go the IH> way of the buggy whip. As Internet access becomes IH> increasingly available to the public, this is what the public IH> will use--they hardly know about Fidonet and the other IH> hobbyist networks, and probably care even less. IH> I for one, would be very surprised if Fidonet even exists 5 years IH> from now, except in third-world countries with little or no IH> net access. It's real interesting to note this sudden clamor of the "death of Fidonet" when it really isn't. If for no other reason than to provide security and protection in the coming days of InterNet crackdowns, FidoNet needs to be maintained as an alternative service...a service which is not and will not be under governmental controls because it receives no governmental funding. I fully expect that encrypted messaging in the InterNet to be shut down soon; it's a 'smell' in the political air that I'm tasting, one that isn't very pleasant. I have no doubts that eventually there will _be_ some form of governmental intervention into FidoNet and its ilk shortly thereafter, but one that will take a lot longer to form. As sysops, we have a lot more leeway than the InterNet because of our non-affiliation. We determine our operating hours; we can go to APS...Absolute Point Status, where the only way to access our systems is if you are a point. This prevents governmental agencies from perusing your system; it limits public access as well, however. The present governmental structures, both here in the US and abroad, are truly frightened by the presence of telecommunications. I noted to a co-worker that our _local_ media has made an exceptional effort to include at least one story EVERY DAY about how someone, somewhere, has done something illegal on-line, whether in Prodigy, the InterNet...or even FidoNet. Looking in other papers, I notice the same pattern developing. I cover the local City Council and County Board for a public broadcaster here; today, I paid attention to something I had noticed a long time ago. In California, we have the Brown Act, legislation which makes government more accessible by forcing governing boards to set aside a specific time for unscheduled comments by the public. All actions by a governing board are to be conducted in public, from an agenda published a minimum of 48 hours in advance...no closed sessions can be held except with regard to personnel matters or pending litigation, and even then, if a vote is taken, it must be publicly announced at the next meeting. What I had noticed was that the City Council was scheduling the Public portion after its closed sessions...which last an indeterminate amount of time. As I gathered my broadcast gear, it dawned on me that I had not seen *anyone* give a presentaion per the Brown Act. I went to the City Clerk, checked the Council minutes, and found that for nearly two years, the Mayor had moved the Public portion to the 'backside', because the normal procedure is to have the closed session *after* the public portion...that way, everyone has their say, and can go home while the agency deliberates. Armed with that, I contemplated my next action, when it was suddenly announced the Council was finished, and was coming back into session. I tried to get into the chamber along with two other people... ...and the doors were locked. Only after we pounded on the doors, and FIVE MINUTES INTO THE SESSION, were we let in. I used the public portion to explain what I had discovered, leaving out the portion about the Mayor's directive. The mayor walked out on the presentation. Flat out said that my statement was going to be taken 'under advisement', then admonished me for making imputations of his character...even though I hadn't said a word about his being responsible. It's an amazing thing when the remaining six council members, the City Clerk, City Attorney *and* City Manager apologize and ask for suggestions on what needs to be done, then spend an hour discussing it (Brown Act forbids legislative action on non-scheduled, non-emergency items). << continued >> 201434369420143436942014343694201434369420143436942014343694718 From: Zorch Frezberg Area: Public Key Encryption To: Ian Hebert 14 Mar 95 23:20:48 Subject: In response to bye!/2 UpdReq << continued from previous >> Action is intended on the next agenda; I've got four council members already placing it on so it will be discussed in an open setting...and against the Mayor's wishes. So what? Big deal? But you do see the point? That one person can make that difference? That's not it. It's the denial of access. It's on the local/grass-roots level. The same level as FidoNet. InterNet access is a gee-whiz technical phenomenon, but the growing trend is towards a technology that Joe Average cannot afford. InterNet access is becoming elitist. I've just upgraded my personal system to a 386. My local InterNet access does not provide SLIP. To get it, I have to pay an outrageous sum for an extremely small amount of time from a different provider, or call exclusively long-distance. Sure, local competition is going to drive prices down...someday. In order to use Windows now, the major InterNet access methodology, you need a 386. Despite the hype and media play, it still costs money to upgrade from anything less to anything more...and there are quite a few 286s and less down there below our lofty perches. The InterNet is an elitist playing field. FidoNet is not. Again, I refer you to our local City Council. None of them is accessible through the InterNet, though one member is part of the local Fido net...we've even set up an area for him to moderate and take questions, comments and suggestions. I've heard rumors from City staff that the Mayor has shot down InterNet access for the Council...it opens the door to too much public access. FidoNet is and will be grass-roots. It can survive without InterNet, though it should not. It may well be time for a new and clearer vision of what FidoNet should be in the future...perhaps a new symposium on a new FTSC. But it cannot, nor should it be allowed to die. FidoNet is our backstop against government intervention. We represent a smaller community than the InterNet, but there aren't many on-line services that can match us for numbers of sysops and users, nor for coverage of the planet. We post here, in the interests of exploring the issues of encryption as it relates to privacy and security...but we also do it because we can. Look at my origin line. It's "Because We Can". I'll tell you in NetMail about why...just consider it a poke in the eye of local authorities. Just as we should consider FidoNet a poke in the eye of those in government who want to control free speech and expression. FidoNet is more flexible in terms of equipment and platforms; it's more grass-roots as well as global; it's far more political, for better or worse, internally and externally; and it's got a more secure short-term future than the InterNet if pending legislation gets through the US Congress...even if it doesn't, the existance of the votes in a future version of the legislation will force the InterNet and major pay-services to tighten up and clamp down on 'questionable' behavior, just to avoid the legislation from returning. We face a future not unlike that described by Heinlein, when religious mania overcomes logic and freedom of thought, and takes the reins of government from the people and gives them to God...or at least, some minister's version of what his moral values says is God's Will. I prefer to keep my freedom...keep my freedom of speech, freedom of thought, freedom of expression, and freedom of choice. Like any good citizen of freedom, I also choose to keep my avenues open as much as possible...even those avenues of electronic communications, encryption and access. I think of it as...God's Will... I'll miss Jim as well. -zf- 201434369420143436942014343694201434369420143436942014343694718