From: Alan Pugh Area: Public Key Encryption To: gk pace 4 Oct 94 22:14:50 Subject: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- gp> This reported problem is expected to be fixed, with the release of gp> 2.6.2, which is anticipated to be available within two weeks. There gp> will be some additional enhancements as well. gp> Look for the release sometime after this coming thursday. gp> gp> -gk uh, is there any word when it will settle down? this _release a week_ stuff is confusing to many. myself included. i'm sitting on 2.3a until a relatively bug-free, stable and verified version comes out. i'm beginning to get a mite suspecious of the myriad of versions floating around. btw: i'm using version 0.03 of pgpshell and like it as it is small, fast, and performs those functions i need it to perform quickly and painlessly. the copy i got didn't have docs with it. i'm assuming that you are the author. if so, is it shareware or freeware? amp -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCxAgUBLpIaDdQ9obngT6LhAQH3PQTgkG5zQCXhlJot9+wqwNUmLT5b73q6zrYf LFB6U/JovpqWVoKhtWjANeKR81x4y1Y4tZz8C8e8+MnT4wG5mTMqtitiDg2WjaP8 SPV0blwanHB7teEOAJ5rPhva/XU4+/cH2X3s1qPyH2MNGqK4XY9cSDM4/+XmWTIq H5Z5fuD92mJcZpTv47PnzY/gwsnYUkCNt1idEm1HUHVBwdt7 =2u+D -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.5 ... Want my ammunition? You can have them one bullet at a tim --- Blue Wave/Max v2.12 [NR] # Origin: The Soapbox BBS - "Your Infotainment Specialist" (1:151/142) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Eric Nystrom Area: Public Key Encryption To: Shawn McMahon 6 Oct 94 18:51:00 Subject: Bug in PGP signatures UpdReq In a message of , Shawn McMahon (1:19/34) writes: >Despite the stern warnings of the tribal elders, John Schofield said this >to All: JS> Hello, all. I just wanted to report a bug in PGP I've found out JS> about on ALT.SECURITY.PGP. I verified it, and it really JS> works. >Works with RG's OS/2 compile of 2.61. Easily noticeable, however, even >BEFORE you attempt to check the sig, since PGP always puts a blank line. However, a "blank" line could have a single space character, or a tab. Both of those, verified by tests, work, so you could have a perfectly fine-LOOKING message and still be getting fooled. -Eric --- msged 2.07 # Origin: The Palace Flophouse - 28.8Kbps! - 702/265-7674 (1:213/780) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Christopher Baker Area: Public Key Encryption To: George Hannah 6 Oct 94 23:35:50 Subject: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 03 Oct 94, George Hannah was quoted as saying: GH> Can someone tell me who the authors of these two programs are, and GH> where they are available (if shareware)? I'd like to try them out. here's the author info from their various docs: SECUREDEVICE VERSION 1.2 Copyright (C) 1994 by Max Loewenthal and Arthur Helwig - see chapter 6 April 30th 1994 SecureDrive V1.3d Documentation | Edgar Swank | S e c u r e F i l e S y s t e m Copyright Peter C.Gutmann 1993, 1994 these are available here as: SECDEV12.ZIP SECDR13D.ZIP SFS100.ZIP for file request or download [407-383-1372] for first-time callers. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpTCGssQPBL4miT5AQG78AP/YCSIkpBqnfA1fqrCeDlOpmNWBIp0hZlR hjCYSCEggv3Cm/gppJKTiiwjkrj3VdqPRdsJcYUlEn0zMGUpbh3Vcvf+p7Ag8jWX kle2lf5mi1W4ZCkYL9gs447zICq22NYTpe4Jy4NEway52/dO1K/jMInj059JCt/l 6prJi1xrJVw= =eU/S -----END PGP SIGNATURE----- --- GenMsg [0002] (cbak.rights@opus.global.org) # Origin: Rights On! for Privacy! It's a Right not a privilege! (1:374/14) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: John Schofield Area: Public Key Encryption To: Shawn McMahon 5 Oct 94 15:40:36 Subject: Bug in PGP signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- JS> Hello, all. I just wanted to report a bug in PGP I've found out JS> about on ALT.SECURITY.PGP. I verified it, and it really JS> works. SM> Works with RG's OS/2 compile of 2.61. Easily noticeable, however, SM> even BEFORE you attempt to check the sig, since PGP always puts a SM> blank line. It's possible to have a tab or space on the first line. It is non-blank, and PGP will act the same as if it had text on it, but it will appear to be blank to human eyes. The only way with current versions of PGP is to check the output file. JMS ... He who gives up freedom for security deserves neither. -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLpMqjGj9fvT+ukJdAQF6owP9Fh1CqGQpyxt1n9Ea8/0a4ZOad2Gz6EGh 4nBWLkuPQzxLufubOKhHskZyCHhztl95AguffNNPnqZku8xg2zmq1yVttyGKdusT RVVIE6ZZRkdaHTZF8CnrT1hdeH+T20LKpHrTec1HZW+WwooSUtAO53n0QLIlZTsY w7hBFpFi1GI= =evOL -----END PGP SIGNATURE----- **EZ-PGP v1.07 --- Blue Wave/RA v2.12 # Origin: The Sprawl -- 818-342-5127 -- Tarzana, California, USA (1:102/903) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Shawn McMahon Area: Public Key Encryption To: Eric Nystrom 8 Oct 94 11:40:18 Subject: Bug in PGP signatures UpdReq Despite the stern warnings of the tribal elders, Eric Nystrom said this to Shawn McMahon: EN> However, a "blank" line could have a single space character, or a EN> tab. Both of those, verified by tests, work, so you could have a EN> perfectly fine-LOOKING message and still be getting fooled. However, Eric, it's highly unlikely that you're going to look at the message, and get false information because it had a character you couldn't see up on the first line. Remember, the ONLY problem this "bug" causes is if you look at the message before stripping the sig, and think those first text lines are signed by the person who wrote the message. When you check the sig, those lines get stripped with the sig. --- # Origin: Void Where Prohibited/2 (1:19/34) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: John Ross Area: Public Key Encryption To: Shawn Mcmahon 4 Oct 94 23:06:08 Subject: Where or Where is pgp2.6 UpdReq Where and How can I get a copy of the latest release of PGP? Is it pgp2.6 or pgp2.6.1 or pgp 2.6.1a? or something else? None of the bbs in my area have anything newer than pgp2.6 I realize that this may be an involved question to ask of all of you, but of all the echos this seemed most appropriate. ___ * SLMR 2.0 * Government is the only known enemy of intelligent life. --- Maximus 2.01wb # Origin: Access Information Services --> FIDONet (1:108/155) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Brian McMurry Area: Public Key Encryption To: Alan Pugh 5 Oct 94 16:19:16 Subject: Re: Key Change? UpdReq -----BEGIN PGP SIGNED MESSAGE----- On Sat 24-Sep-1994 8:17a, Alan Pugh wrote: AP> wes is correct. one way to clarify this a littl might be this... AP> pgp doesn't really care what your 'name' is. it uses the key id, AP> which in my case is 4fa2e1 as seen below with the -kvv switch. AP> Type bits/keyID Date User ID AP> pub 1248/4FA2E1 1994/05/13 Alan M. Pugh <0003701548@mcimail.com> AP> sig 751CC1 Benjamin T. Moore, Jr. <1:231/110> AP> sig D17C47 Al Thompson <1:231/110> AP> sig 4FA2E1 Alan M. Pugh <0003701548@mcimail.com> It can/does make a difference if you have multiple user id's and sigs since the sigs do not automatically attach themselve to all of your AKA id's even though they have the same keyID. My own case as an example: (My config.txt has MyName = "The Paladin") pgp -kvv "The Paladin" Type bits/keyID Date User ID pub 1024/96B258DD 1993/07/01 The Paladin sig 96B258DD Brian McMurry The sigs do not carry over. The -ke switch only has two options: add new ID, and change pass phrase. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpJjHd2dg1OWsljdAQGRogQA8XxcHhMHBnZKMNXThjl7UVTPw1P1xvxA t8oWKqf0N1USugmbLArdPsHdUUt5cLUJIOP2qTyuWgUQbtUNp0kyu5HkjENSmIwG sg7y8d1oZ3u0fW8e7ztXeCmhOlQm3mt/el5uo8njyMel1PVWIBu4j5hPD1Fukz95 CMVFX4eh9+o= =1i9e -----END PGP SIGNATURE----- Above sig was generated with pgp -s "Brian McMurry". Below was performed on the same text leaving out "Brian McMurry" ("The Paladin" used as default). It generates a different and often unverifiable sig. I see this as a failing in PGP since AKAs are not being treated as transparent. :-( -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpJjiN2dg1OWsljdAQH6NQP7BlbnCi2bBbGDKKl3aGYrlq00X8WQKM/s gaTnomCg0CSG+ERY6/0sDgsb7ETeEgqNBw9CSUwzeHqu08zKqa3b7HUjzOX7Pchq hnW6+Vjr8H7S1SAi/HKvGw04Ih+L0pgljHqzoReeNNyfQJRf77bx4fL/nrOZHfow 4wFVGlnEa/4= =RL7F -----END PGP SIGNATURE----- --- # Origin: *AACHEN* 818-972-9440 Burbank, CA FIDONET (1:102/844) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Brian McMurry Area: Public Key Encryption To: Jim Cannell 5 Oct 94 17:52:40 Subject: Re: Bug in PGP signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- On Fri 30-Sep-1994 6:27p, Jim Cannell wrote: JS> When checking a signature, If the first line after the JS> "-----BEGIN PGP SIGNED MESSAGE-----" line is NOT BLANK, PGP JS> will ignore everything UP TO the first blank line. This is JS> NOT an error in the way PGP checks a signature--only an error JS> in the way PGP decides what to check in the signature. JC> It looks like a work around would be to always make sure that the first JC> line in any PGP signed plaintext is blank. Don't trust anything in JC> which the first line is nonblank. Another option is to allow only one or two lines of header to be skipped. 90% through armor.c is: /* Skip header lines until a blank is hit */ do { ++infile_line; status = skipline(in); } while (status != 0); Which could be changed to: /* Skip up to two header lines */ infile_line++; if(skipline(in)) { infile_line++; skipline(in); } -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpJ3F92dg1OWsljdAQGDAQP/Xu92WmY5KG3nSTw2Y9/dNVl8giVtjaKu SSAp98uO/3BULiZPy/0s+xf+/S609dzV+G+6Biev/W564xt/PYjbilR3seePOERl VkEBhKvUL2Hye2SCO8XSlpEXwtnUwlhqJxsPPg1EWRa4E0+EjZ4ecQAUn9Wi2VXk bHrcy/u8g48= =Dx42 -----END PGP SIGNATURE----- --- # Origin: *AACHEN* 818-972-9440 Burbank, CA FIDONET (1:102/844) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Brian McMurry Area: Public Key Encryption To: Jackson Harding 5 Oct 94 20:03:08 Subject: Re: PGP Signatures UpdReq On Sat 24-Sep-1994 6:07p, Jackson Harding wrote: JH> I allow signatures, I don't see that encrypted echomail serves any JH> purpose, if you want to send encrypted mail why not send it direct to the JH> recipient via netmail? What about encrypting to multiple recipients? The only 'bad thing' I see about this is that even a one line message gets greatly expanded. Example, the text reads "You're on my key ring!", but look at the resulting size: -----BEGIN PGP MESSAGE----- Version: 2.6.1 hIwDqBMDr1ghTDcBBACZmvLB1yEQmOLXanLXySEcZkguDOHqYcONKwmEUazGnlyy WMGXvTMjn+lEJvcbiWkguSXoiklkhZhtRfr1BtMOqsWUeBw4d5WXAYaBojdMRIkD Ti+6clrjZD6l/offd6MD3VuR1xW2/iQ1g1L7d6vd7XlViWvE1B9WpRRHymp1LISM A8UThsUodI4FAQP/WUfeKTwmhGkazkRhOJulyN43frRb9k+Elqazx03F2TtkzK8y mcFGtAclg6ZVVaBS5ojXGTvdJ0K5VCHKRYKomb+ytDl5mL3QUqr/x3DNiN3Wmdwc Kr3jKjvWApVEcFSFvyUWY9oMVPT8dd0/PdP0tpaW4+WgG4kueoOSmpq7xsyEjANw JMbjq3efcQEEAJesbIOwVzLmNHBN6AN0FiZguIDq4h3YFGfWe0cvhW5CzSf35m9f hOC+1UunN+DX2MgRlaHMJy8W+1ANXWsTDRcszn3XhgHb1ddYQh+eDUThRl41oUcR CY/TdkhfiCHaRK1spInspPdRRueEGfqNOETH/lDItZ+glYzxqahChIauhEwD5r3J WiZFxb8BAgCRaFkZHYP44F91OQ3uTpSqIT3LkQFojBAtfYYATPUKx7pmjcaweDT0 HJYeTRmUGVdeRI2dPRUOtkKARToyRwd2hIwDQpXHCNz8KyUBA/9p5RZ+BoqB0vCK 9wiJpbKTckPqBai2ZHiRXcx1toc9R3S1idQp0Rr+4gY2RQyN4KJRG0tSILYgwkB/ sPQHoIL5scpeu+QId7L9gskG2ZYAGbdxzyT90thzAI8lArwjRSlpk6mjcJ43LLuk k8PVwlzLGHeVAwqQG4wvjlTistQB/oSMA7rdt/10TGt3AQP/fFYanR1kxPsPTncb vxQWp1ZslpdZeO5g47vqI9UR7aGO65aquQMxohbZd5ELbc7TpX0hBPjhwu10OLqN dtSjmcBgaAqKxXJtePTwKW8mrQVl8b10FpO3zYf4VJQaPd6gesSFLSI7MNkU/6GR xX5lna1DV+3nmaJbtOKI5pXhb7SEjANWwg/gIOVH9QED/1AqT3LsTzj/wXOuT8ro IQDzZlhElhzUH1lAHzPBl2o4wIb5GFqLnrZ3ozK1iWxYrswn2KkuV4+Hkz63Bm83 QECNucqS5tFOUeCdS7gZE00UHq7E6umV6vavt331urfZZQeEQClGm/SGewwQCQqL XNjIRfcggCTUwLMNuoAsTtXphIwD3Z2DU5ayWN0BBADZk+4Zan9yZdrq1HJbXgRD 8x6VKM7onJYEwztSfa84WDfqJig/Cog5xE8Ts/tPNRZ/c17DBcRL+fnRT2a5SVco X28Zrj0JdyOJ67s/7t0IHULMcpvf86iw0Q+EMq4qnYNNFXYCyCGrE7l5RU3gLP0x p0jpMRu7cQrX1tsHGyANDoSMA9e9Wes4viRZAQP/TUIG/ns8lP1kXVnSc7hxS1a0 Evpy4uxUBhiEtIZcvSIDilsIYv07GJst4GlmhSD9wpdTqRlUnf7BApIX+HfhmZZZ /TqFrRG6Mhu0UQ5Oc/NfRAAkpGW84h5om7KKSOKfD6OIUKVBxlKIIqrJQfghJWLq ItoehA5jGzM8wPG8cwCEjAM5baSRgStjrwED+wZMwG1FRdsZOEznctTuz7nOhuGx ya313Z2v8SIG3ZtYmpXPMmcySROU7DA0G5MVSAeeY7THcbbe1mg26Mdkpil1hpNT llwQ9xVg91Bg73COjwDvNcNOvWQiPLOKFXIbkCKasYXIRMzC13mvC4b/K+WOv+03 7J2o3HhTmGWzxp/XhIwDzrhG5VWC+1EBBACwEmt3Zg8dV83Tj7DlZgtXqse8WgT+ 2gNBwoi6WCI1rjlTbk9On7Lj7vc3LSnLoHQf+YsJyaUNCIfBM8WAFSW934vpGdgl gGae9k+MqgZ0XxLm73Bbr2zpMcRXYXlyf03nGX1VPYh/pE49G4sWBAZk/HeWkQ82 wa60bxkRde3CJoSMA1mu02M4sgFbAQP/cAXqdbhWdqNPshQVcfLYx+tv4oNsJj99 aXAhljDRZL8wMUje2/NAoedGnBVlMDELC9Wnc/M6Ta/xhsknYMWUS4i0pQKaaFFb DweBUZyaEHHae7L5BmrfbBP6D9b30fE1KgdDnxJNTu5RLhWFIjLikrGM0+6QFFGf ktEgk/jjMtKEjAPZMwnfTfImiwEEANKj+4kHQyU4eEYCpBp/uVyfSXHmPxnK5zWC lcY9TH5C+rQOIie15TPMQhd0B2tLAy+jF3NCiN/1sBmWF8CwzH9XTcXMMuJ2YFQh urcTAIpfcCAo2kQhaNO8x5dgYm+Yg4fkN/vPwOqHA4LmtR4UkKvfcwGFqL/GCUk4 QimsvyFtpgAAADD6dV5mRZdlgnfXQ0ejSP1YLjVwTwdRb2KrpOPJiZMEC3ux1yYl YiwY6OPCOJsNa/0= =rGqo -----END PGP MESSAGE----- --- # Origin: *AACHEN* 818-972-9440 Burbank, CA FIDONET (1:102/844) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Casey Cady Area: Public Key Encryption To: Shawn McMahon 5 Oct 94 13:33:40 Subject: New To Pgp UpdReq Shawn McMahon wrote in a message to John Schofield: SM> However, since most of them rely on an external editor SM> anyway, putting the PGP support into the reader instead of SM> in an external program would reduce flexibility at worst and SM> needlessly complicate the author's job at best. SM> Why do it? Leave it external, and you don't have the code SM> for it taking up memory for people who don't need it. That is true, but the problem is when you have to decrypt a message. As it stands you must manually export the encrypted mail, run PGP on it, read it with a text editor, then go back to the reader to reply to the message. TTYL, Casey --- # Origin: The Generic Point * Dayton, OR * (1:105/290.43) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Jim Grubs, W8GRT Area: Public Key Encryption To: David Chessler 7 Oct 94 19:13:00 Subject: Key revocation UpdReq > Also, there are a couple of false keys claiming to be > from Philip R. Zimmermann. You have to check > signatures. From columbine.cgd.ucar.EDU!uucp Fri Oct 7 15:45:46 1994 remote from voxbox Received: by voxbox.norden1.com (1.65/waf) via UUCP; Fri, 07 Oct 94 18:41:15 EDT for jgrubs Received: from ncar.UCAR.EDU (ncar.ucar.edu [192.52.106.6]) by norden1.com (8.6.9/8.6.9) with ESMTP id PAA05702 for ; Fri, 7 Oct 1994 15:45:39 -0400 Received: from sage.cgd.ucar.EDU by ncar.ucar.EDU (NCAR-local/ NCAR Central Post Office 03/11/93) id NAA14732; Fri, 7 Oct 1994 13:46:04 -0600 Received: from columbine.cgd.ucar.EDU by sage.cgd.ucar.EDU (8.6.4/ NCAR Mail Server 04/10/90) id NAA02042; Fri, 7 Oct 1994 13:45:46 -0600 Received: by columbine.cgd.ucar.EDU (4.1/ NCAR Mail Server 04/10/90) id AA06750; Fri, 7 Oct 94 13:45:51 MDT Message-Id: Subject: Re: Your keys To: jgrubs@voxbox.norden1.com Date: Fri, 7 Oct 1994 13:46:04 -0700 (MDT) In-Reply-To: from "Jim Grubs, W8GRT" at Oct 7, 94 10:48:35 am From: Philip Zimmermann Reply-To: Philip Zimmermann X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 11519 Hello. Thanks for your email. I hope you don't mind getting a form letter reply. I get so much mail these days. Let me give you some rubber-stamp answers to some frequently asked questions about PGP-- 1) The currently released freeware version of PGP is version 2.6.1 from MIT, which, for reasons of US State Department export controls, is for US and Canadian distribution only. MIT carries it on their Internet FTP site net-dist.mit.edu, in the /pub/PGP directory. An earlier version, 2.3a, was released outside the US and is available on overseas FTP sites. MIT's version is licensed under the RSAREF license from RSADSI, and may be used for noncommercial use in the US or Canada. For a list of Internet sites and BBS systems that have PGP, send a note to Mike Johnson at mpj@csn.org. If you have an older version of PGP, you really should get updated. There is a version for MSDOS (but not Windows), various Unixes, OS/2, Macintosh, Amiga, Atari ST, VAX/VMS, and IBM mainframes. The source code is also available from public sources. There are Internet FTP sites and many BBS systems that carry PGP. For other PGP news, see the Internet Usenet newsgroups alt.security.pgp, talk.politics.crypto, and sci.crypt. These newsgroups are also a good place to find out where to get PGP. In many cases, there are ways to access these newsgroups via email channels. If you don't know how to get access to these newsgroups, ask your local Unix or Internet expert for help. Don't ask me to send you a copy of PGP. 2) If you get a copy of the current freeware version of PGP, make sure it has the PGP User's Guide included in the compressed released package. Under no circumstances should PGP ever be distributed without the user documentation. If you find someone distributing PGP without the manual, please tell me how to contact them, so I can ask them to stop distributing it without the manual before too many others get their hands on it. Any version of PGP found in a release package with no manual is not to be trusted. The software may have been tampered with, and even if the software is OK, no one should use PGP without understanding some of the security concepts explained in the manual, and no one should use or distribute PGP without reading the legal issues explained in the manual. Also, I would recommend that you stick with the official MIT release version of PGP, and stay away from mutant strains. MIT's version comes from me. 3) Often people ask me for a copy of my PGP public key, because they aren't sure if the one they have is really my key. Well, it almost certainly is. I've checked my public key countless times with people who call me up, and it's always correct. My key is so widespread that if someone tampered with it, I would surely have heard about it by now and would issue announcements to Internet newsgroups and electronic Bulletin Board Systems. My key in included in the PGP distribution package, in the file "keys.asc". 4) Often people ask me to sign their key with mine. I can't do that either, because I don't know those people and it would be inappropriate for me to sign a key whose owner I didn't positively identify. This topic is fully explained in the PGP manual. 5) My new email address is prz@acm.org. My old email addresses at NCAR may not be any good soon, so please use the new one. And if you must encrypt any mail to me, please use my newer key (from May 93) that bears the new email address in the user ID field, and not the older key that bears the old email address in the user ID. 6) A fully licensed commercial version of PGP is available from ViaCrypt, for any users in the USA or Canada. It's a really nice product, and has made absolutely no compromises in PGP's security. If you have been reluctant to use PGP because of legal questions, ViaCrypt PGP is just what you need. ViaCrypt has obtained all patent licenses needed to sell PGP. ViaCrypt can be reached in Phoenix, Arizona, at phone 1-602-944-0773, email . 7) I will read your mail much sooner if it's not encrypted. If it really should be encrypted because it is of a sensitive nature, then go ahead and encrypt it, and mark it as something I should read promptly. 8) For those of you who want to donate money to my legal defense fund, please make checks payable to my lead defense attorney: Philip L. Dubois, Attorney Trust Account. Mail them to to Philip Dubois, 2305 Broadway, Boulder, Colorado, 80304 USA. Since I am now the target of a US Customs criminal investigation that has progressed to the level to a Federal grand jury, I need contributions for my legal defense. The subject matter of the investigation relates to PGP and the export control laws on cryptographic software. If you care politically about these matters, that would be a good way to show it. Thanks for your support. If you want to read some press stories to find out why this is an important case, see the following references: 1) William Bulkeley, "Cipher Probe", Wall Street Journal, Thursday 28 April 1994, front page. 2) John Cary, "Spy vs. Computer Nerd: The Fight Over Data Security", Business Week, 4 Oct 1993, page 43. 3) Jon Erickson, "Cryptography Fires Up the Feds", Dr. Dobb's Journal, December 1993, page 6. 4) John Markoff, "Federal Inquiry on Software Examines Privacy Programs", New York Times, Tuesday 21 Sep 1993, page C1. 5) Kurt Kleiner, "Punks and Privacy", Mother Jones Magazine, Jan/Feb 1994, page 17. 6) Steven Levy, "Battle of the Clipper Chip", New York Times Magazine, Sunday 12 Jun 1994, page 44. 7) Steven Levy, "Crypto Rebels", WIRED, May/Jun 1993, page 54. 8) John Markoff, "Cyberspace Under Lock and Key", New York Times, Sunday 13 Feb 1994. 9) Philip Elmer-DeWitt, "Who Should Keep the Keys", Time, 14 Mar 1994, page 90. 9) It has been widely reported in the press that a famous RSA key, known as RSA-129, has been factored. This is an impressive achievement in factoring. Of the four principal workers on that project, three of them were involved with PGP development. RSA-129 is a 129-digit composite number that was factored into two primes, after 5000 MIP-years of computing effort by 600 people in 20 countries over eight months time using a couple thousand workstations. Many people have asked me if this means PGP is doomed because it uses RSA. PGP typically uses RSA keys that are about 307 digits long, far far out of reach of these factoring techniques. I'm told that adding 3 digits to the length of a key causes the factoring workload to double. Three more digits added doubles it again. And so on. Now figure out what that means for adding 178 digits to bring up the key size to 307 digits. PGP is safe from these kinds of factoring attacks for a long time to come. 10) I am available on a consulting basis to help you develop cryptographic products. That is how I make my living. If you need help in this area, feel free to call me at 303 541-0140, from 10am-7pm Mountain Time. I hope that helps. Philip Zimmermann prz@acm.org -------------------------------------------------------------------------- Date: Fri, 24 Sep 1993 02:41:31 -0600 (CDT) From: hmiller@orion.it.luc.edu (Hugh Miller) Subject: PGP defense fund As you may already know, on September 14, 1993, LEMCOM Systems (ViaCrypt) in Phoenix, Arizona was served with a subpoena issued by the US District Court of Northern California to testify before a grand jury and produce documents related to "ViaCrypt, PGP, Philip Zimmermann, and anyone or any entity acting on behalf of Philip Zimmermann for the time period June 1, 1991 to the present." Phil Zimmermann has been explicitly told that he is the primary target of the investigation being mounted from the San Jose office of U.S. Customs. It is not known if there are other targets. Whether or not an indictment is returned in this case, the legal bills will be astronomical. If this case comes to trial, it will be one of the most important cases in recent times dealing with cryptography, effective communications privacy, and the free flow of information and ideas in cyberspace in the post-Cold War political order. The stakes are high, both for those of us who support the idea of effective personal communications privacy and for Phil, who risks jail for his selfless and successful effort to bring to birth "cryptography for the masses," a.k.a. PGP. Export controls are being used as a means to curtail domestic access to effective cryptographic tools: Customs is taking the position that posting cryptographic code to the Internet is equivalent to exporting it. Phil has assumed the burden and risk of being the first to develop truly effective tools with which we all might secure our communications against prying eyes, in a political environment increasingly hostile to such an idea -- an environment in which Clipper chips and Digital Telephony bills are our own government's answer to our concerns. Now is the time for us all to step forward and help shoulder that burden with him. Phil is assembling a legal defense team to prepare for the possibility of a trial, and he needs your help. This will be an expensive affair, and the meter is already ticking. I call on all of us, both here in the U.S. and abroad, to help defend Phil and perhaps establish a groundbreaking legal precedent. A legal trust fund has been established with Phil's attorney in Boulder. Donations will be accepted in any reliable form, check, money order, or wire transfer, and in any currency. Here are the details: To send a check or money order by mail, make it payable, NOT to Phil Zimmermann, but to Phil's attorney, Philip Dubois. Mail the check or money order to the following address: Philip Dubois 2305 Broadway Boulder, CO USA 80304 (Phone #: 303-444-3885) To send a wire transfer, your bank will need the following information: Bank: VectraBank Routing #: 107004365 Account #: 0113830 Account Name: "Philip L. Dubois, Attorney Trust Account" Any funds remaining after the end of legal action will be returned to named donors in proportion to the size of their donations. You may give anonymously or not, but PLEASE - give generously. If you admire PGP, what it was intended to do and the ideals which animated its creation, express your support with a contribution to this fund. ----------------------------------------------------------------------- Posted to: alt.security.pgp; sci.crypt; talk.politics.crypto; comp.org.eff.talk; comp.society.cu-digest; comp.society; alt.sci.sociology; alt.security.index; alt.security.keydist; alt.security; alt.society.civil-liberty; alt.society.civil-disob; alt.society.futures -- Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu PGP 2.3A Key fingerprint: FF 67 57 CC 0C 91 12 7D 89 21 C7 12 F7 CF C5 7E --- FMail/386 0.98a # Origin: jgrubs@voxbox.norden1.com (1:234/1) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Wes Landaker Area: Public Key Encryption To: Eric Nystrom 7 Oct 94 19:46:44 Subject: Bug in PGP signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Anything above this line is invalid. Hello Eric! 06 Oct 94 18:51, Eric Nystrom wrote to Shawn McMahon: EN> However, a "blank" line could have a single space character, or a EN> tab. Both of those, verified by tests, work, so you could have a EN> perfectly fine-LOOKING message and still be getting fooled. You could always do something like what I did at the top of this message. :) Or, the way I do it, just run PGP on signed messages, and look at the output. That works 100% of the time, and takes only a second longer than reading the message normally. =) wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpYIi8lPrmStIlSlAQGquAP/cLgPjF6S8ntaP8MJqmONefXMByCFwjtF kW8esjWxceBm1K0Ie1ynAhBp/Pu679QO/+mJn5tw5kNZACDDpxBbZa7dKVImjJYV 0MOmLSIhgqwcmAN2AoCN4yLYsC4JTX0vFNxGgL6IANJLOXkPVH6Qbak/n0l4/BzB tw16Bi/KZ8M= =vacS -----END PGP SIGNATURE----- --- GoldED/2 2.42.G0615 # Origin: The DayStorm/2 BBS Bishop, CA 619-872-4767 (1:202/322) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Wes Landaker Area: Public Key Encryption To: Christopher Baker 7 Oct 94 20:18:50 Subject: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Christopher! 06 Oct 94 23:35, Christopher Baker wrote to George Hannah: CB> these are available here as: CB> SECDEV12.ZIP CB> SECDR13D.ZIP CB> SFS100.ZIP Do you know if any of these will work under OS/2, if there is an OS/2 version of these programs, or if there is something of similiar functionality for use with OS/2? =) wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpYPpMlPrmStIlSlAQFCxQP+MRN+2idzb4YR0TPFe7Xwnpumd+PQksgp 8KqyOitcGDPQy4BIe89Js8x6x4XsCrWfB7H5PVcPGec/zUWkkNojw13kXeWHY5+d Z/cKjqh9UWQMEPdONO+J2an55u09JHP3FYbd2NShyoQAnubobHgC1nCEJ2jD62nv wdy7W1UsLKs= =qjw1 -----END PGP SIGNATURE----- --- GoldED/2 2.42.G0615 # Origin: The DayStorm/2 BBS Bishop, CA 619-872-4767 (1:202/322) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Mike Riddle Area: Public Key Encryption To: jason carr 26 Sep 94 20:18:26 Subject: Re: PGP Signatures UpdReq In a message to all on Sep 24 94 at 12:24, jason carr wrote: jc> Reply to a message in MODERATOR. >> I suggested to one PGP-booster that they should put the >> signature in kludge lines. If they did that, most readers >> would never see it and I would have no objection. However, >> it appears that PGP is pretty inflexible about the format of >> the signature, so this wasn't possible. jc> What do you guys think about this idea? I don't think it will change the nay-sayers minds a bit, the bandwidth is still the same, and we lose visibility in the process. 0 for 3. --- Msgedsq 2.2e # Origin: inns.omahug.org +1 402 593-1192 (1:285/27) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: David Chessler Area: Public Key Encryption To: Raymond Paquin 5 Oct 94 10:39:00 Subject: Rsa broken UpdReq On 10-01-94 (18:30), Raymond Paquin, in a message to David Chessler about "RSA BROKEN", stated the following: RP> DC> According to the RSA FAQ, recent methods of > DC> factoring do not distinguish between strong and > DC> weak primes, so it is no longer necessary or > DC> helpful to test for strong primes. RP>Have you read Bruce Schneier's new book, 'Applied Cryptography'. >If not, you *should*. Schneier speculates that another method of factoring may be developed so that "weak primes" are again weak. A new method of factoring may indeed work for only a particular class of primes, but there is no reason to suspect that that class will be the "weak primes" previously identified--at least I've seen no informed speculation that the class of weak primes will be the weak class for future attack methods. In other words, you can do the test if you want, but there's no reason to suspect it will be helpful in the future, and we know it isn't helpful now. We do know that key sizes should increase from time to time as brute force attacks become more practical with increasing hardware speed, with a limit of about 3100 bits, after which it is easier to attack the Idea key. Factoring times are thought to double for every additional 15 bits in the key. When PGP 3.0 comes out, we will all migrate to larger keys. There are more important weaknesses in PGP's algorithm for selecting and validating primes. In particular, there are several classes of numbers which PGP will accept as "probably prime" which are not. This is due to PGP's use of the Fermat test, rather than certain more recent tests. According to messages on sci.crypt and alt.privacy.pgp, this weakness in PGP will be corrected in version 3.0 ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com --- Squish v1.10 # Origin: NETWORK East (1:109/459) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 6 Oct 94 10:56:00 Subject: Need recommendations UpdReq On 10-01-94 (21:00), Shawn Mcmahon, in a message to David Chessler about "NEED RECOMMENDATIONS", stated the following: SM> DC> Then you must use SFS which won't let him use a weak passphrase. SM>That was a major part of my decision, yes. Depends upon your definition >of "weak" but it darn sure won't let him use as weak a password as he >wanted to. He grumbled, but I gave him the "I can refer you to a 10 characters, minimum. There are some unix logon password programs that require a digit or punctuation mark (but enforce only about 4 or 6 characters). Gutmann should install similar code. But even mixed case helps a lot, since you can't tell whether you are one bit from the correct password or completely wrong. A 10 character password, if put two words, and especially if mixed case, is not especially vulnerable to dictionary attack, though it can be done. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com --- Squish v1.10 # Origin: NETWORK East (1:109/459) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 6 Oct 94 16:05:00 Subject: Bug in pgp signatures UpdReq On 10-01-94 (21:01), Shawn Mcmahon, in a message to All about "BUG IN PGP SIGNATURES", stated the following: SM>Despite the stern warnings of the tribal elders, John Schofield said >this to All: SM> JS> Hello, all. I just wanted to report a bug in PGP I've found out > JS> about on ALT.SECURITY.PGP. I verified it, and it really > JS> works. SM>Works with RG's OS/2 compile of 2.61. Easily noticeable, however, even >BEFORE you attempt to check the sig, since PGP always puts a blank line. Not exactly. PGP's idea of a blank line and your idea of a blank line may be different. Is the next line blank? It contains ascii 255. what about the next line? It contains ^I (if my editor let me do it). PGP does not see these as blank. The workaround for the time being is to put as your first line something like: ===first line of message; anything above this line is not part of the message=== ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com --- Squish v1.10 # Origin: NETWORK East (1:109/459) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 6 Oct 94 13:46:00 Subject: Re: signing my own key. UpdReq On 10-01-94 (20:55), Shawn Mcmahon, in a message to David Chessler about "RE: SIGNING MY OWN KEY.", stated the following: > DC> IDEA does, get the article that ran last December in Dr. > DC> Dobbs. SM>I did start with the docs. I'll see if my local libraries have back >issues of DDJ. There is plenty of IDEA source code on the internet, apart from what's in PGP source. I don't recall seeing a FAQ, however. SM> DC> BTW, get SFS110, and read the documentation. It's very good, and > DC> you will learn a lot, again, without a bunch of math. SM>Didn't know about 110. I've only seen 1.0. Read those docs twice, >though. So far. The documentation isn't changed significantly for 1.10. The main differences are things like support for SCSI. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com --- Squish v1.10 # Origin: NETWORK East (1:109/459) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: gk pace Area: Public Key Encryption To: Alan Pugh 8 Oct 94 16:23:28 Subject: Re: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 04 Oct 94, you were quoted as saying: AP> gp> This reported problem is expected to be fixed, with the release of AP> gp> 2.6.2, which is anticipated to be available within two weeks. There AP> gp> will be some additional enhancements as well. AP> uh, is there any word when it will settle down? this _release a week_ AP> stuff is confusing to many. myself included. i'm sitting on 2.3a until AP> a relatively bug-free, stable and verified version comes out. For the most part, the bugs you've heard of were either problems with "new features", or bugs that existed in 2.3a as well. For example the problem of the claim to handle 2048 bit keys but not being able to... 2.3a can't either. The Characteristic of PGP which allows one to add text to a Clear-Signed message immediately after the "-----Begin" but before the first blank line, exists in 2.3a as well... in fact all versions from at least 2.0 would pass such messages. This really isn't a compromise of the integrity of PGP. The added text is removed from the message as if it didn't exist, it doesn't effect the output at all. Only the text contained in PGP's output has been validated. Altho this isn't a serious bug, it is a problem which can cause confusion, and must be rectified. I've been promised that the next release will have this quirk fixed. AP> i'm beginning to get a mite suspecious of the myriad of versions AP> floating around. btw: i'm using version 0.03 of pgpshell and like it AP> as it is small, fast, and performs those functions i need it to perform AP> quickly and painlessly. the copy i got didn't have docs with it. i'm AP> assuming that you are the author. if so, is it shareware or freeware? The official releases come from MIT. I review them very extensively each time they are released. Altho I've found bugs, and recommended changes, I haven't found any compromises to the security of it. The "versions" issued by the Rebellious Guerrilla have proven to be solid, but are not official releases. I issued the original PGPShell, and it can be considered freeware at this time. I haven't decieded to update it yet. I believe that someone else also released something they called pgpshell, but I haven't seen it. -gk -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: Fight to keep the Basic Human Right of Privacy! iQCVAwUBLpb/uY9JNB7uOPtBAQGgGwP9GInOueb0ypxnsBmAdkl54Ur0n3fGWoy/ qrRDMPilbfR4zKVWgLDIurTbPIZOFM8Q2PtuF7fa+ySsPGa8KVV+n2sbCAGAtrKp m3n0/khfCfiuVvZF6lMPrOzktxVgF6JLlxNXLTWnwhEmkKqQwRaeliEfMbrNlUFN plBPzeDceF8= =CVfc -----END PGP SIGNATURE----- --- GenMsg/OS2 [0001] (gkp@f26.n374.z1.fidonet.org) # Origin: Privacy - Fight for it, or lose it forever! (1:374/26) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Christopher Baker Area: Public Key Encryption To: John Ross 8 Oct 94 20:13:46 Subject: Re: Where or Where is pgp2.6 UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 04 Oct 94, John Ross was quoted as saying: JR> Where and How can I get a copy of the latest release of PGP? Is JR> it pgp2.6 or pgp2.6.1 or pgp 2.6.1a? or something else? JR> None of the bbs in my area have anything newer than pgp2.6 2.6.1 is the current, official, M.I.T. release. it is available here for file-request as PGP or download as PGP261.ZIP. you should know that MIT will be releasing 2.6.2 in the next week. so you might want to hold off until then. to download, call the system at 407-383-1372. to freq PGP use Node 1:374/14. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpc1vcsQPBL4miT5AQHxTgP+OEwDvv3spTRCJjBWhae2PvqIzzwNzum7 j5FTuzB4YJPWWByBAUWxzt4sfz22eLDdU9gMu1aPYOWoV83eetOl8hCOOxg3jXNQ VJLtQSH3GGOA0FDrKX3OT54ijLlZc2vYxiKIiIBB5lAmqI9M6PA3EhbwFKAOJinF knRcrGkeOB8= =yIn0 -----END PGP SIGNATURE----- --- GenMsg [0002] (cbak.rights@opus.global.org) # Origin: Rights On! for Privacy! It's a Right not a privilege! (1:374/14) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Christopher Baker Area: Public Key Encryption To: Brian Mcmurry 8 Oct 94 20:16:08 Subject: Re: Re: making a point? [Was: Who's This AshwortUpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 05 Oct 94, Brian Mcmurry was quoted as saying: CB> a point is nothing more than a User with a mailer. BM> Though there ARE some full BBS's running as points... my comment was in relation to FidoNet. it doesn't matter what they run under their point. if they are not a FidoNet Node, they are merely a User as far as FidoNet Policy is concerned. a lot of Nodes start out as points. it's a good training ground. it should not be overestimated in importance in Policy, however. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpc2SssQPBL4miT5AQE7sgQAj8j/5OM/hKgJl1Psg3N0n5/3C4lsrU8K uaASHg8a+i4Neb14UP/SnYUlICEE21EUn3N3MlpJo7kr+XyoPp6w1yMktBJjCZvk 5WpgrjM9NgNjBr8esQwz0tusWuH9ZfkSwVGiCRbJ9wbn8A0kYAIF2U8y2YSzPbfH ZKp1cpHK5Ts= =PCCB -----END PGP SIGNATURE----- --- GenMsg [0002] (cbak.rights@opus.global.org) # Origin: Rights On! for Privacy! It's a Right not a privilege! (1:374/14) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Christopher Baker Area: Public Key Encryption To: Wes Landaker 8 Oct 94 20:22:22 Subject: Re: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 07 Oct 94, Wes Landaker was quoted as saying: WL> Do you know if any of these will work under OS/2, if there is an WL> OS/2 version of these programs, or if there is something of similiar WL> functionality for use with OS/2? =) no, i don't. but someone here will. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpc3wMsQPBL4miT5AQGXYAP/bmT3b23yDcIhh+kh+htb1Zk6v1yH39uq YQ6obXqERsRjy/yo1X44Y49grgTiUXGvEwCA2tKEvWhfwlGBqRYxYpGGaO9nswN1 v7nsIrKz9Ys+GUEG7QBD1X2n5+qYMCkeHhb6zAjavmgDlsw+XWRv3TguiJ5a3akR 2taiBxRV8V0= =Mek1 -----END PGP SIGNATURE----- --- GenMsg [0002] (cbak.rights@opus.global.org) # Origin: Rights On! for Privacy! It's a Right not a privilege! (1:374/14) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Dave Hodgins Area: Public Key Encryption To: Casey Cady 8 Oct 94 21:52:00 Subject: New To Pgp UpdReq CC> That is true, but the problem is when you have to decrypt a message. As it CC> stands you must manually export the encrypted mail, run PGP on it, read it w CC> a text editor, then go back to the reader to reply to the message. If your reader supports an external viewer, then you can use a batch file to view signed/encrypted mail. Here's the batch file I use for viewing such messages... REM ======== begin pgpview.bat echo off REM edit the file first, to allow pcboard extended headers to be REM manually removed (they cause pgp to ignore the message) e %1 REM ramd is a variable that points to my ram drive (with a :) erase %ramd%\pgptemp.out > NUL Find "-----BEGIN PGP " %1 if errorlevel 1 goto nopgp call pgp %1 -o %ramd%\pgptemp.out if errorlevel 1 goto Nopgp goto List :Nopgp copy %1 %ramd%\pgptemp.out :List REM pause to allow viewer to see result msgs from pgp pause list %ramd%\pgptemp.out exit --- * RM 1.3 00820 * Internet:Dave.Hodgins@Canrem.com Rime->118 Fido(1:229/15) --- QScan v1.12b / 01-0348 # Origin: FidoNet: CRS Online, Toronto, Ontario (1:229/15) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Shawn McMahon Area: Public Key Encryption To: John Ross 9 Oct 94 20:23:42 Subject: Where or Where is pgp2.6 UpdReq Despite the stern warnings of the tribal elders, John Ross said this to Shawn Mcmahon: JR> Where and How can I get a copy of the latest release of PGP? Is JR> it pgp2.6 or pgp2.6.1 or pgp 2.6.1a? or something else? JR> None of the bbs in my area have anything newer than pgp2.6 Best place to check in Fidonet is always 1:374/14. He always has the latest MSDOS version, and Rebellious Guerilla's OS/2 compiles get there pretty quickly. Magic name PGPFILES gets you a list. --- # Origin: Void Where Prohibited/2 (1:19/34) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Shawn McMahon Area: Public Key Encryption To: Casey Cady 9 Oct 94 20:29:56 Subject: New To Pgp UpdReq Despite the stern warnings of the tribal elders, Casey Cady said this to Shawn McMahon: CC> That is true, but the problem is when you have to decrypt a CC> message. As it stands you must manually export the encrypted CC> mail, run PGP on it, read it with a text editor, then go back to CC> the reader to reply to the message. Depends upon your reader, Casey. With mine, I just hit "change", then right-click to bring up the tools, then select "decrypt". Then hit "save", and then "reply." No big deal. With a reader that uses an external editor, just hack together a quick little program to strip the quotes and re-apply them (couple dozen lines of C or REXX) and you can just use the "reply" option. If the reader authors would put in message-based user-defined tools menus, like SQED has, you could skip the part about writing a program. --- # Origin: Void Where Prohibited/2 (1:19/34) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Wes Landaker Area: Public Key Encryption To: Casey Cady 8 Oct 94 22:16:14 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Casey! 05 Oct 94 13:33, Casey Cady wrote to Shawn McMahon: CC> @PID: timEd 1.00 CC> That is true, but the problem is when you have to decrypt a CC> message. As it stands you must manually export the encrypted CC> mail, run PGP on it, read it with a text editor, then go back to CC> the reader to reply to the message. Doesn't timEd have the capability to run anything external, like a spellchecker? If so, then you don't need to exit your mail reader, ever. :) I use GoldED, and I never need to exit it for any reason when using PGP. I can sign, encrypt, and decrypt through the use of macros and batch files, which really aren't all that complex. =) wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpd8q8lPrmStIlSlAQGCeQP/Qwz3pCHUGzJgsJBi2YsckhLVyWGyHQKg 2h10ZU0KjA2bjM6zQGoZLUOsPRTbtNZQK2ASioG0oLoQCXcAN/usnFzc6D+f6e80 sEU4zcxgU1+CZFx+cX4ZGnN3MUFz+ULXSOlbibNE9JcV6qQs//KQGHGDpTID9BJd nOVxAHbUEUI= =uIeX -----END PGP SIGNATURE----- --- GoldED/2 2.42.G0615 # Origin: The DayStorm/2 BBS Bishop, CA 619-872-4767 (1:202/322) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: jason carr Area: Public Key Encryption To: Brian McMurry 8 Oct 94 11:19:14 Subject: Re: PGP Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Brian McMurry wrote in a message to Jackson Harding: BM> What about encrypting to multiple recipients? The only 'bad BM> thing' I see about this is that even a one line message gets BM> greatly expanded. Example, the text reads "You're on my key BM> ring!", but look at the resulting size: BM> -----BEGIN PGP MESSAGE----- BM> Version: 2.6.1 Jeez Louise, how many recipients were encoded in there? I regularly encrypt to 6-7 people and my msgs are not noticeably longer. jason ... I'm not an actor, but I play one on TV. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpbkFkjhGzlN9lCZAQEvwQP/RxF4TfF8yxDaek5hwCXEYtUuSlUvAFBX jLnohcpim+jOD9KvVqm5YwhE5lcN2wtztJhU6R5Cp3TLSpKULdjMRqA8iyDKEHHj DyI2ya9UkJRgMiMBzTlj+0tTzvZZJyuKQiX3nvPoPM/cKOU0XzYJ7JAUMUwMG6ax bSGjVyrv5Xo= =NctS -----END PGP SIGNATURE----- --- CALLQ.BAT / PGP 2.61 / timEd 9 # Origin: FREQ JASONKEY.ASC 214.650.0382 (1:124/3208) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: jason carr Area: Public Key Encryption To: gk pace 8 Oct 94 11:28:12 Subject: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- following up a message from Alan Pugh to gk pace: gp> This reported problem is expected to be fixed, with the release of gp> 2.6.2, which is anticipated to be available within two weeks. There gp> will be some additional enhancements as well. gp> Look for the release sometime after this coming thursday. AP> uh, is there any word when it will settle down? this AP> _release a week_ stuff is confusing to many. myself Well, I'm grateful you guys are out there poring over the code and doing what you can to improve the software. I'm just now starting to learn C, so it'll be a long while before I'll be able to make any meaningful changes on my own... :) Thanks again... jason ... Don't drink and park, accidents cause people. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpblOUjhGzlN9lCZAQFYlgQAi9NfCbQpEUcnDCFls4fIYmyHnBtdl2aU 18LJ0zuhVZIYrKsCrPMYPDD/rA9oXAklocKA+xfBOmdkZvj9Lq0mm1uFS6PvaZkc 25Yoes8wRHju7Rs2Aik4JThAGtRUwB+rUHH93nJg1HYNNAcpacN3xvOp79CsvMR/ l8hxubcasSE= =z+C6 -----END PGP SIGNATURE----- --- CALLQ.BAT / PGP 2.61 / timEd 9 # Origin: FREQ JASONKEY.ASC 214.650.0382 (1:124/3208) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Ross Lonstein Area: Public Key Encryption To: Jim Bell 28 Sep 94 09:53:50 Subject: Re: RC4 Revealed! UpdReq >>"Private computer code revealed." >by John Markoff >New York Times News Service. >San Francisco-- In an act of business espionage whose effects are nto >yet clear, someone has anonymously circulated the underlying formula >of one of the most popular coding systems used to protect information >sent over computer networks. >>The formula, which has been a closely guarded trade secret, belongs to >RSA Data Security Inc. a small, privately held software company in [snip] >Executives from RSA said in a statemet released Friday: "RSA >considers this misappropriation to be most serious. Not only is this >act a violation of the law, but its publication is a gross abuse of the >Internet." [snip] >The formula, which is known as RC4, has become the de facto coding >standard for many popular software programs. [snip] This is probably another example of a mis-informed writer delivering verbatim what his sources told him. Cryptographic formulae are published in journals so that they can be examined by the experts for defects. The general release of the formula can't harm the security of the scheme unless it was already insecure. Neither will it enable an experienced programmer to write a cryptography routine since there are relatively few who can understand the workings sufficiently well to code it. >It is also the only software-based formula that the National Security >Agency, the govenrment's electronic spy agency, will permit to be >easily exported under and agreement the agency reached two years ago >with the Software Publishers Association, an industry trade >association. And there is the proof that it is insecure, the NSA likes it. This garbage about RC4 cropped up over a year ago when Apple and Lotus alpha-ed their 'secure' network protocols. Seems they used unapproved schemes and the NSA didn't like it. They substituted an approved scheme rather than regulate native and foreign sales. Anyone remember this? RLONSTEIN PGP key upon request or via Key servers ... Chicken Little was right. --- * TLX v4.00 * --- # Origin: Falconetti's (1:267/156) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Ross Lonstein Area: Public Key Encryption To: Shawn K. Quinn 28 Sep 94 09:53:50 Subject: Re: There goes more freedom! UpdReq >>I hope nobody is taking this post seriously. It is obviously a joke >(but a good one!) >>> It came from UPI (or at least appears to have) and you think it's a >> JOKE?! >> Come on... >>> When you're denied access to Internet or limited to 5 MHz or 2400 bps, >> THEN tell me it is a joke. Yes. It is a joke, adapted from the licensing structure for ham radio operators. Lighten up, folks! RLONSTEIN PGP key upon request or via Key servers ... Seriousness is the very next step to being dull. --- * TLX v4.00 * --- # Origin: Falconetti's (1:267/156) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: jason carr Area: Public Key Encryption To: Shawn McMahon 10 Oct 94 00:23:32 Subject: Re: PGP Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Shawn McMahon wrote in a message to jason carr: jc> Maybe it could be generated as a detached sig, but pasted back jc> into the kludgeline. That way it's physical location wouldn't jc> matter? SM> Then you run into problems like: SM> Was the tagline part of the signed message, or added after SM> the sig? Hmmm, i've never made a detached sig, but I would think that problem would hinge on whether or not the certified msg is 'trapped' inside the hyphens-that-demarcate-the-msg. If the txt is demarcated like that, one could add a translation of the Qu'uran or Talmud to the msg and it wouldn't make a difference. Except your mailer might puke. :) If there are no nifty borders on the msg then you are certainly correct, and any added txt would goober things up nicely. jason ... And tomorrow will be like today, only more so. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpjszkjhGzlN9lCZAQH1MAP/Wx6bzcOeNw18P3Y9fp63YsySzMACxDZV ctpSmxBAFK6S8MaSDwApwXjOKdllq7O4Kxu6AaJVASrw219YYf4RID+Ly9T4bQgW 2ygTJYFkHj16EIDz6Orr1CAt+ELblOYbJwP/PsfM2Dt8RFjF4h/z0y0CHifPY/Kv w4ogYNJJV6Q= =7XIk -----END PGP SIGNATURE----- --- CALLQ.BAT / PGP 2.61 / timEd 9 # Origin: FREQ JASONKEY.ASC 214.650.0382 (1:124/3208) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: jason carr Area: Public Key Encryption To: Mike Riddle 10 Oct 94 00:28:30 Subject: Re: PGP Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Mike Riddle wrote in a message to jason carr: jc> What do you guys think about this idea? MR> I don't think it will change the nay-sayers minds a bit, the MR> bandwidth is still the same, and we lose visibility in the MR> process. 0 for 3. Damn. jason ... Oh, you ALWAYS get to be Jesus. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpjtPUjhGzlN9lCZAQHP3QP+Kzok0UKmQ0dB1PzUdkek1vD/u15vz0Sg ohDzO1T37tXQA5Xe2JAwuykvCQ7EU9gcDC8yJyhWUfkCTEkcSHQCADNZ16rJ5jcE IfX6S2uY6+YcQDXLmO911l1RdooPwmFffOszV0CPBtIO6M9SN6bI4YMA+fDfAm3Q inIzop7QrTc= =dcsw -----END PGP SIGNATURE----- --- CALLQ.BAT / PGP 2.61 / timEd 9 # Origin: FREQ JASONKEY.ASC 214.650.0382 (1:124/3208) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Brad Stiles Area: Public Key Encryption To: Wes Landaker 10 Oct 94 08:21:00 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Wes! WL> :) I use GoldED, and I never need to exit it for any reason when using WL> PGP. I can sign, encrypt, and decrypt through the use of macros and batch WL> files, which really aren't all that complex. =) Do you know how to decrypt a message in GoldEd without editing it first? I haven't seen any way to do this when just looking at the message, which is what I'd like to do. Brad CIS: 76450,3637 Internet: Fido: 1:280/119 tyb30n@mqg1.usmc.mil PGP public key available - FReq PGPKEY or PUBLIC_KEY -----BEGIN PGP SIGNATURE----- Version: 2.7b iQCVAgUBLpkyOzYWOrD6dBJxAQGJggP9EtdLtVSew6gY9ZiC/LrRfQ/MNSb+F7d+ CA+JUGMximHW1rbq6fWuG0N493pxpAuXXDtmUMAD8ZktWZ+mAUy6b3sz7i6lKGCo 7u8C0UdxmYz5qn7Y76MA7dm/iqSoYDHYa29vQMD1Qt1LVtjByQgOCqNz/jQBFVLG jYLlMrw1xPM= =tcc4 -----END PGP SIGNATURE----- --- GEcho 1.10+ # Origin: The Blue Event Horizon, Belton MO. (1:280/119) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Alan Pugh 8 Oct 94 14:26:00 Subject: Clear-Signed "Hole" UpdReq > -----BEGIN PGP SIGNED MESSAGE----- > gp> This reported problem is expected to be fixed, with the release of > gp> 2.6.2, which is anticipated to be available within two weeks. There > gp> will be some additional enhancements as well. > gp> Look for the release sometime after this coming thursday. > gp> > gp> -gk > uh, is there any word when it will settle down? this > _release a week_ > stuff is confusing to many. myself included. i'm > sitting on 2.3a until > a relatively bug-free, stable and verified version > comes out. > i'm beginning to get a mite suspecious of the myriad > of versions > floating around. The MIT version is written by Phil Zimmerman. What the hell more do you want? Sincerely, Jim Grubs, W8GRT --- FMail/386 0.98a # Origin: jgrubs@voxbox.norden1.com (1:234/1) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Shawn McMahon Area: Public Key Encryption To: David Chessler 11 Oct 94 15:11:40 Subject: Need recommendations UpdReq Despite the stern warnings of the tribal elders, David Chessler said this to Shawn Mcmahon: DC> 10 characters, minimum. There are some unix logon password DC> programs that require a digit or punctuation mark (but enforce DC> only about 4 or 6 characters). Gutmann should install similar DC> code. Already in there, sort of. SFS requires 10 characters or more, and there has to be a space or punctuation character in there. --- # Origin: Void Where Prohibited/2 (1:19/34) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Wes Landaker Area: Public Key Encryption To: David Chessler 10 Oct 94 07:57:22 Subject: Bug in pgp signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello David! 06 Oct 94 16:05, David Chessler wrote to Shawn Mcmahon: DC> The workaround for the time being is to put as your first line DC> something like: ===first line of message; anything above this DC> line is not part of the message=== Actually, I said the same thing, but then I just thought about something . . . if you DON'T add that, but you trust it when you see it, someone could do something like this: PGP Header Fake Blank Line Fake Text Fake Blank Line Anything above this line is not really part of the message _MORE_ Fake Text Blank Line Message Text PGP Sig You could still cause a lot of havoc! ;) I think the best way, until it's fixed, is just to run PGP and look at the output. wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLplWXclPrmStIlSlAQHqRAP/bVOT0XFQK8Z7URewvX0+mYlRF+ws4CZI OmiIgXe7hW9/jluAlq5ZET3NM96aF7ETSooifEOAldjqdk/z4Fkr6VPcT0FV3Hir F2X14l7wuYozrmNBsz9Osr6rhNn6aovZQYob+iHmPbAfdIVevFgTmWgjtXa3EGuD V93gbb9HkgE= =CTUs -----END PGP SIGNATURE----- --- GoldED/2 2.42.G0615 # Origin: The DayStorm/2 BBS Bishop, CA 619-872-4767 (1:202/322) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Wes Landaker Area: Public Key Encryption To: Christopher Baker 10 Oct 94 07:56:34 Subject: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Christopher! 08 Oct 94 20:22, Christopher Baker wrote to Wes Landaker: WL> Do you know if any of these will work under OS/2, if there is WL> an OS/2 version of these programs, or if there is something WL> of similiar functionality for use with OS/2? =) CB> no, i don't. but someone here will. [grin] Perhaps, then, I'll receive a response from someone else, eh? :) wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLplWSclPrmStIlSlAQFOzQQAqG9GsrynFC4GjQ7BvkP69zhb8FbDwJeO ftghi+Juzmh/88MJidfehmtlHhcmxgQqilYwYeUdfHLyL+aSzep2lWA0+pEIDM2s KqinzSUGLaInGsZt4QJHekRUMjfch/6P6JQMn2cVvKbVEAwPA307KpAG5przYqRL PR7b3UdPe0U= =nDLB -----END PGP SIGNATURE----- --- GoldED/2 2.42.G0615 # Origin: The DayStorm/2 BBS Bishop, CA 619-872-4767 (1:202/322) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: jason carr Area: Public Key Encryption To: Casey Cady 10 Oct 94 10:45:42 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- following up a message from Wes Landaker to Casey Cady: CC> @PID: timEd 1.00 WL> Doesn't timEd have the capability to run anything external, WL> like a spellchecker? If so, then you don't need to exit your Here's how I do it. It's a little sloppy now, but it works and may give you some ideas. @ECHO OFF cls :: ----------------------------------------------------- :: CALLQ.BAT, a way to make timEd call PGP for encryption, :: decryption, clearsigning, and viewing. jason carr 1:124/3208 :: This .bat requires the following: :: 1) Dos 6.XX, b/c of the CHOICE command, or GET or something :: 2) TILDE, a file with two tildes in it :: 3) TEARLINE, like so, named differently for each network :: ===TEARLINE=== :: --- pgp .bat :: * Origin: FREQ JASONKEY.ASC 214.650.0382 (1:124/3208) :: ============== :: 4) The "editor" defined in timed.cfg must call this .bat :: "Editor d:\squish\callq.bat" :: 5) If PGP is invoked for a given msg, it must first be (W)ritten :: as TIMED.PGP in the directory where timEd is. This can be made :: the default in TIMED.CFG by using, for example: :: "WriteName d:\squish\timed.pgp" :: ----------------------------------------------------- :: ------------------------------------------------------------- :: Sets echo respondents in one variable (multiple recipients) :: 4df65099=me! :: 79410d5d=ls :: 98cbe9bd=th :: 01dd44a9=dh :: 08c756dd=ak :: ------------------------------------------------------------- set echo=0x4df6 0x7941 0x98cb 0x01dd 0x08c7 :: ------------------------------------------------------------- :: Needs to know whether to look for TIMED.PGP or TIMED.MSG :: because TIMED.MSG has indented quotes that choke PGP :: ------------------------------------------------------------- if exist timed.pgp goto unpack goto edit :view :: ------------------------------------------------------------- :: Simply views the signed or encrypted msg, and returns to timEd. :: Msg reply is aborted. :: ------------------------------------------------------------- if not exist timed.pgp goto duhhh pgp -m timed.pgp pause del timed.pgp del timed.msg goto end :unpack if not exist timed.pgp goto duhhh del timed.msg pgp timed.pgp -o timed.msg :: ------------------------------------------------------------- :: If the decrypt fails (sig or post), CALLQ goes to edit it :: TIMED.MSG, as the sig could've just gotten grunged. Of course, :: if you can't decrypt an encrypted post, this .bat won't do you :: any good, anyhow. :: ------------------------------------------------------------- if errorlevel 1 goto fail goto edit :fail cls echo PGP sig failed! Returning to original msg. pause goto edit :edit :: ------------------------------------------------------------- :: TIMETAG is a tagline util written by Richard Coffee. :: ------------------------------------------------------------- if exist timed.pgp goto edit2 timedtag d:\fd\tag /l25 if errorlevel 1 pause :: ------------------------------------------------------------- :: Actual editing happens here. :: ------------------------------------------------------------- :edit2 q.exe timed.msg cls :: ------------------------------------------------------------- :: Poor Speller? :: ------------------------------------------------------------- get c "Spellcheck?" yn if "%get%" == "N" goto pgptest if "%get%" == "Y" goto spell :spell d:\spell\ss timed.msg :pgptest :: ------------------------------------------------------------- :: Ahhh, the goodies! :: The [e] choice invokes the %echo% environmental variable :: ------------------------------------------------------------- cls echo C == Clearsign echo E == encrypt to the trusted participants in pgp_Echo echo N == No pgp echo Y == encrypt - specifY user id or key id when prompted echo. get c "Choice? " ynec if "%get%" == "C" goto sign if "%get%" == "E" goto group if "%get%" == "N" goto end if "%get%" == "Y" goto show :show :: ------------------------------------------------------------- :: Displays keys on keyring, in case you can't remember. :: ------------------------------------------------------------- cls pgp -kvm :: ------------------------------------------------------------- :: Radix-64 encryption :: ------------------------------------------------------------- pgp timed.msg -ea -o timed.msg goto switch :sign :: ------------------------------------------------------------- :: I can't seem to get the -o switch to work while clearsigning, :: hence all the file renaming excitement. :: ------------------------------------------------------------- pgp -sta +clearsig=on timed.msg del timed.msg ren timed.asc timed.msg del timed.asc goto switch :group :: ------------------------------------------------------------- :: This will encrypt the msg with all the hex IDs in %ECHO% :: ------------------------------------------------------------- pgp timed.msg %echo% -ea -o timed.msg goto switch :switch :: ------------------------------------------------------------- :: Now THIS is where it gets weird. TimEd puts the origin and tear :: in the post =before= you edit, so if you encrypt it'll be :: hidden. TEARLINE contains a tearline (surprise) and an origin. :: tilde contains two consecutive tildes, or timEd will wrap your :: block and decrypt/sig-verification will fail. :: :: You can go straight to :fido if you are not running PGP in any :: othernets :: ------------------------------------------------------------- cls get c "{F}ido {D}hy or {C}IA origin?" fdc if "%get%" == "C" goto cia if "%get%" == "D" goto dhy if "%get%" == "F" goto fido :: ------------------------------------------------------------- :: Appends CIA origin :: ------------------------------------------------------------- :cia copy tilde + timed.msg + tearline.cia + tilde fini del timed.msg ren fini timed.msg goto end :: ------------------------------------------------------------- :: Appends DhY origin :: ------------------------------------------------------------- :dhy copy tilde + timed.msg + tearline.dhy + tilde fini del timed.msg ren fini timed.msg goto end :: ------------------------------------------------------------- :: Appends Fido origin :: ------------------------------------------------------------- :fido copy tilde + timed.msg + tearline + tilde fini del timed.msg ren fini timed.msg goto end :duhhh :: ------------------------------------------------------------- :: Duhhhhhh.... Forgot to save the non-quoted ver. No problem, :: will just recycle back to timEd so you can try again. :: ------------------------------------------------------------- cls echo. echo You forgot to (W)rite timEd.pgp!!! echo. pause goto end :end if exist *.bak del *.bak if exist Timed.pgp del timed.pgp if exist timed.asc del timed.asc set echo= :: Have a beer. jason ... There are some who call me . . . Tim . . . -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpl+ZkjhGzlN9lCZAQH/QQP/Q6PYsoJiHbvN5ltrUXtFhpLLjPUkledt tF6eYd/s5KU8DIgfcDbe1FuOR0+vOHuDdALshBKyNAvc1U6M5DdQ7SPACZrqNRPq Vf3JHoNuub8BctDILhmHKsyH244t6zHo2vzSHPMw1KkUVDlLYXhjGT7Uy0wb/+jL kFSy/mqbGIg= =vk8M -----END PGP SIGNATURE----- --- CALLQ.BAT / PGP 2.61 / timEd 9 # Origin: FREQ JASONKEY.ASC 214.650.0382 (1:124/3208) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Ryan Adams Area: Public Key Encryption To: All 11 Oct 94 20:21:16 Subject: PGP & Golded UpdReq Hello All! I am having some problems using GoldEd 2.42 for OS/2 and PGP 2.6 UI for OS/2. Quite simply, they don't seem to work together using the files and instructions that are included in Golded. I think there might be some incombatible commands, but I am not sure. I really have not too much interest or knowledge in PGP, I simply want to send and recieve fairly secure mail. I'll leave the paranoia to the security freaks who think the CIA is watching them . Thanks Ryan --- GoldED/2 2.42.G0615 # Origin: Canadian Security Intelligence Service (1:247/302.7) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Ross Lonstein Area: Public Key Encryption To: Shawn K. Quinn 11 Oct 94 12:53:58 Subject: Re: There goes more freedom! UpdReq >>I hope nobody is taking this post seriously. It is obviously a joke >(but a good one!) >>> It came from UPI (or at least appears to have) and you think it's a >> JOKE?! >> Come on... >>> When you're denied access to Internet or limited to 5 MHz or 2400 bps, >> THEN tell me it is a joke. Yes. It is a joke, adapted from the licensing structure for ham radio operators. Lighten up, folks! RLONSTEIN PGP key upon request or via Key servers ... Seriousness is the very next step to being dull. --- * TLX v4.00 * --- # Origin: Falconetti's (1:267/156) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Alan Pugh Area: Public Key Encryption To: Jim Cannell 7 Oct 94 23:54:02 Subject: Bug in PGP signatures UpdReq JS> When checking a signature, If the first line after the JS> "-----BEGIN PGP SIGNED MESSAGE-----" line is NOT BLANK, PGP JS> will ignore everything UP TO the first blank line. This is JS> NOT an error in the way PGP checks a signature--only an error JS> in the way PGP decides what to check in the signature. JS> The mathematical methods PGP uses to check signatures (the MD5 JS> algorithm) are not affected by this bug, and are apparently JS> still strong. JC> It looks like a work around would be to always make sure that the JC> first line in any PGP signed plaintext is blank. Don't trust anything JC> in which the first line is nonblank. JC> I'll play with this idea to see if it works. jim, i posted the following to a friend, but figured i'd post it here to you to see what you think as well. -----BEGIN PGP SIGNED MESSAGE----- this is a quick and dirty message to show the true extent of the weakness of pgp clear signed messages. until the bug described below is fixed, don't trust them. amp hello james, you posted a message pointing out the fact that pgp does not barf on clear signed messages that have been altered. my adding lines immediately after the =begin= line and then putting a blank line in to fake pgp out into thinking that that is where the message begins. i've got some bad news for ya. if this message is transferred correctly, the signature will check o.k. now i would like for you to delete the 1st 5 lines of this message, then check it again. it will still be o.k. clearsigning is dead imo until this 'feature' is fixed. how did i do this? simple. the line immediately after the =begin= is not blank even though it appears to be. i inserted a -255, which appears to be a space, but is not. then i added the bogus information to the message. this sucks. it is a SERIOUS bug. i no longer trus clear signed messages at all in echomail. later, amp -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCxAgUBLpYkEdQ9obngT6LhAQHwOQTgixD2xz6CaRk/F2YNTvJaXgNcNc43PP+B FBf3zDy5rlJyiZTCOdsd/uJhcQbfbTOE07vxFplLIgEtB8YrtmpNrZxLyyzildaV mAMNqwmxOi9YojOqR1eZSprrkr2K1xjvx52aU04srBT0EqSC71VvoH9J359qCCtJ 79YueDeSpxeJrseTQreZwLsCOVQ3BF5Gy6zfr/J8vR7PBhi1 =HBk6 -----END PGP SIGNATURE----- ... A DOLLAR is a weight of silver. --- Blue Wave/Max v2.12 [NR] # Origin: The Soapbox BBS - "Your Infotainment Specialist" (1:151/142) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Joe Eversole Area: Public Key Encryption To: Brian Mcmurry 9 Oct 94 20:57:00 Subject: Pgp Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- BM> What about encrypting to multiple recipients? The only 'bad thing' I s BM> this is that even a one line message gets greatly expanded. Example, t BM> reads "You're on my key ring!", but look at the resulting size: Wow! BM> The following message can only be read by: BM> 0x58214C37 BM> 0x28748E05 BM> 0xAB779F71 BM> 0x2645C5BF BM> 0xDCFC2B25 BM> 0x744C6B77 BM> 0x20E547F5 BM> 0x96B258DD (Brian Mcmurry) BM> 0x38BE2459 BM> 0x812B63AF BM> 0x5582FB51 BM> 0x38B2015B BM> 0x4DF2268B You're the only person I have a key for that you sent this to... Where do you find your keys? I usually add most keys I find in the PKEY_DROP echo... Joe Eversole -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: SecureMail Net Hub, Route PGP mail for Net 231 through 1:231/1400! iQCVAgUBLphkzOFwJfuHmTMdAQHbXgQAgL3d5OkamvIYFY1uzorGNDvtHTQERZeT vps1MF8t8Pg3iIVMAto+fXBQogx1hfSk9tdPyoozRi7y0sDduoL3JEpVYE/FVBen TBnnegohkVZ5vQ1X5EM5SiGjANNn5S729JMizsO9y2Qmz88ZjHXZqpwW4DlUDS7k Yu4io2AfpqA= =b6Ag -----END PGP SIGNATURE----- * RM 1.4 B1371 * while(math_teacher() == talk) fall_asleep(); --- QScan v1.12b / 01-0081 # Origin: HearthStone * Mooresville, IN * 317-831-9227 * USR V.3 (1:231/1400) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Shawn McMahon Area: Public Key Encryption To: jason carr 12 Oct 94 09:51:18 Subject: Re: PGP Signatures UpdReq Despite the stern warnings of the tribal elders, jason carr said this to Shawn McMahon: jc> Hmmm, i've never made a detached sig, but I would think that jc> problem would hinge on whether or not the certified msg is jc> 'trapped' inside the hyphens-that-demarcate-the-msg. Yes, but if you hide those hyphens behind control-As, mail tossers are free to add and delete things from between those hyphens. It was a good idea, but unworkable in practice at the present time. --- # Origin: Void Where Prohibited/2 (1:19/34) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Wes Landaker Area: Public Key Encryption To: Brad Stiles 11 Oct 94 20:40:58 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Brad! 10 Oct 94 08:21, Brad Stiles wrote to Wes Landaker: WL> :) I use GoldED, and I never need to exit it for any reason WL> when using PGP. I can sign, encrypt, and decrypt through the WL> use of macros and batch files, which really aren't all that WL> complex. =) BS> Do you know how to decrypt a message in GoldEd without BS> editing it first? I haven't seen any way to do this when just BS> looking at the message, which is what I'd like to do. Sure! :) Set it to a function key: (out of GOLDKEYS.CFG) F12 ExternUtil03 So I just press F12 to decrypt. =) You can set it to whatever you want, of course. (then in GOLDED.CFG) EXTERNUTIL 1 PGP -sat +clearsig=on @file "@dname" -u "@oname" -o @file EXTERNUTIL 2 PGP -seat @file "@dname" -u "@oname" -o @file EXTERNUTIL 3 PGP @file -o @file Of course, I run it a bit differently, as I have written a fairly complex REXX command script that handles everything for me under OS/2, and gives me the choices of encrypting to multiple people, etc. =) Nothing you can't do under DOS, though. :) If you're interested, I can send it to ya, or post it here. =) Oh, also: check out the EDITSAVEUTIL function. I have PGP Sign and PGP Encrypt right on my save menu, so I never have to exit GoldED at all. =) (out of GOLDED.CFG) EDITSAVEUTIL 1 "1 1 PGP Sign" EDITSAVEUTIL 2 "2 2 PGP Encrypt" EDITSAVEUTIL 3 "3 3 PGP Decrypt" The numbers correspond with which EXTERNUTIL to run. =) The first character inside the quote is the "hotkey" and the rest of it is what is put on your menu. =) wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpta18lPrmStIlSlAQGBBQP/d7jqhPYNqJ8q2N9Z7a7JXNuefZqFJk7H KH6cc5i5qcNJvCjH6BhE/u3pRbCwME2cvc36DKiE0wlpTD8v0ZPi/SX5kjQL04pF dqPtTleBooyHB9pjXgJLmpep62uXPmXLhtQiuIbeUE74HwNHu/TXzky2KV1Fn/LJ cr0c9yo2RP4= =Sv4C -----END PGP SIGNATURE----- --- GoldED/2 2.42.G0615 # Origin: The DayStorm/2 BBS Bishop, CA 619-872-4767 (1:202/322) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Glen Todd Area: Public Key Encryption To: Wes Landaker 12 Oct 94 13:32:00 Subject: Re: Bug in pgp signatures UpdReq Wes Landaker mumbled indistinctly to David Chessler something about Bug in pgp signatures --- DC> The workaround for the time being is to put as your first line DC> something like: ===first line of message; anything above this DC> line is not part of the message=== WL> Actually, I said the same thing, but then I just thought about WL> something . . . if you DON'T add that, but you trust it when you see WL> it, someone could do something like this: WL> PGP Header WL> Fake Blank Line WL> Fake Text WL> Fake Blank Line WL> Anything above this line is not really part of the message WL> _MORE_ Fake Text WL> Blank Line WL> Message Text WL> PGP Sig WL> You could still cause a lot of havoc! ;) I think the best way, until WL> it's fixed, is just to run PGP and look at the output. One possible work-around for this would be to add as the last line of the _real_ message test something on the order of: === This is the last line of a xxx line message === with xxx, of course, representing the line count. A simple-and-stupid utility could automatically compute and add the line _just_ before PGP was run. BTW, if you're wondering why this is in clear, it's because I haven't set up PGP yet. I just started reading here. Will f'req the next release when it comes out (supposedly next week.) // Glen ... ARRRRRGGGHHH!!!! ... Tension breaker, had to be done. --- Blue Wave/RA v2.12 [NR] # Origin: High Reaches CyberSchool BBS (1:128/203) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: gk pace Area: Public Key Encryption To: Jim Grubs, W8grt 12 Oct 94 17:46:10 Subject: Re: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 08 Oct 94, you were quoted as saying: JGW> The MIT version is written by Phil Zimmerman. What the hell more do you JGW> want? No more than those issued by the Rebel. JGW> Sincerely, JGW> Jim Grubs, W8GRT Just being honest... -gk -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: Fight to keep the Basic Human Right of Privacy! iQCVAwUBLpxZHI9JNB7uOPtBAQGfcQP/UrnHA7zpXBYAMs4IBKkRFSFyhetCfiBM vtK4MzUHfs6abjbgNMPsaACwjp2zWKOlfIfLW9ni2PchmWzctyzbb4lI72q1CD7p ab9L4tWpvff37Nj2o//CMm4mL7YekfyLsk2e/qzDOQoPTD+CjgfTLRvWfql9xI6l Oo4nucdDGjM= =ATGo -----END PGP SIGNATURE----- --- GenMsg/OS2 [0001] (gkp@f26.n374.z1.fidonet.org) # Origin: Privacy - Fight for it, or lose it forever! (1:374/26) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201 From: Alan Pugh Area: Public Key Encryption To: gk pace 10 Oct 94 10:21:04 Subject: Re: Clear-Signed "Hole" UpdReq AP> uh, is there any word when it will settle down? this _release a week_ AP> stuff is confusing to many. myself included. i'm sitting on 2.3a until AP> a relatively bug-free, stable and verified version comes out. gp> For the most part, the bugs you've heard of were either problems gp> with "new features", or bugs that existed in 2.3a as well. gp> For example the problem of the claim to handle 2048 bit keys but not gp> being able to... 2.3a can't either. The Characteristic of PGP which gp> allows one to add text to a Clear-Signed message immediately after the gp> "-----Begin" but before the first blank line, exists in 2.3a as gp> well... in fact all versions from at least 2.0 would pass such gp> messages. i've played with this to see how much of a bug it is, and i think it is a pretty serious bug to those not _thouroughly_ conversant with the workings of pgp. many wouldn't think to check the output with a messages if it checks out as o.k. i know that i didn't initially until i performed some rather extensive tests. gp> This really isn't a compromise of the integrity of PGP. The added gp> text is removed from the message as if it didn't exist, it doesn't gp> effect the output at all. Only the text contained in PGP's output has gp> been validated. Altho this isn't a serious bug, it is a problem which gp> can cause confusion, and must be rectified. gp> I've been promised that the next release will have this quirk fixed. AP> i'm beginning to get a mite suspecious of the myriad of versions AP> floating around. btw: i'm using version 0.03 of pgpshell and like it AP> as it is small, fast, and performs those functions i need it to perform AP> quickly and painlessly. the copy i got didn't have docs with it. i'm AP> assuming that you are the author. if so, is it shareware or freeware? gp> The official releases come from MIT. I review them very extensively gp> each time they are released. Altho I've found bugs, and recommended gp> changes, I haven't found any compromises to the security of it. The gp> "versions" issued by the Rebellious Guerrilla have proven to be solid, gp> but are not official releases. i'm _hoping_ nothing has been compromised. i don't have the expertise in 'c' or the algorythms involved. however, i figure that anyone who _does_ find a hole will make a name for him/herself. this is a pretty good incentive for those looking into it imo. of course, if someone at the nsa finds it we can be assured they'll never mention it. gp> I issued the original PGPShell, and it can be considered freeware at gp> this time. I haven't decieded to update it yet. I believe that gp> someone else also released something they called pgpshell, but I gp> haven't seen it. that's good to hear. if you decide to release a new ver. i'll definitely check it out. it's one of the few programs i use a _lot_. like i said, i really like the size of the file and speed of execution. of course, i still may not upgrade, but i'd probably register for it anyhoo. heck, i still use a 5 year old editor for 90% of my text. 8*) amp <0003701548@mcimail.com> October 10, 1994 11:20 ... "Free men have arms; slaves do not." - Wm Blackstone --- Blue Wave/Max v2.12 [NR] # Origin: The Soapbox BBS - "Your Infotainment Specialist" (1:151/142) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694201