From: Jess Williams Area: Public Key Encryption To: Scott Miller 31 Jul 94 11:23:08 Subject: PGP VOICE Hey Scott thanks for the reply. I agree a sound card could work if you could have your sound card Digitize the info and send it to the modem. The only problem I see with that is the amount of data they produce it is quite a lot. Right now I currently dont own a soundcard myslef but I have seen some of my friends cards. It wold be good to just have a card that has a somewhat narrow bandwidth (3khz) or so. That way there would be less data to produce and you could do it with the lower speed modems 9600 for example. Motorla makes a phone that does this. Maybe I should read up on soundcards a little bit. I sure hope it happens though, no matter how it is done. :) Jess Williams 201434369420143436942014343694201434369420143436942014343694718 From: Jess Williams Area: Public Key Encryption To: Jason Carr 1 Aug 94 08:06:08 Subject: PGP VOICE Thanks for the Reply :). I've never got a chance to talk to Phil myself, thanks for the info. Jess Williams 201434369420143436942014343694201434369420143436942014343694718 From: Jason Levine Area: Public Key Encryption To: Christopher Baker 30 Jul 94 22:52:00 Subject: Re: Re: Re: CPD hatches i CB>JL> Um...okay. Netmail to whom? What are session/Tick passwords? What CB>JL> areas do they have? :-) CB>see previous to Tim Bradley. if you're not a Sysop, you can't use this CB>info. I'm co-sysop, but I handle programming and remote testing; Ted knows all the session/FREQing/hub-hopping stuff. :-) So it's like a subscription to a distribution list? How often do they come out? How large are they? Who do we netmail? (Need to know these three to talk him into it :). *** OLX 2.1 TD Never trust a man who can count to 1023 on his fingers. 201434369420143436942014343694201434369420143436942014343694718 From: Gary Mirkin Area: Public Key Encryption To: All 1 Aug 94 23:11:00 Subject: PGP Legal_Kludge! --------------------------------------- FORWARDED MESSAGE Subject: #Kludge foiler! - Msg Number #20488 From: Alan M Dunsmuir 100016,1251 To: All Forum: EFFSIG Section: 03 - Digital Privacy --------------------------------------- The following message has just appeared on sci.crypt and alt.security.pgp. It explains how any user of MIT's PGPv2.6 can - completely legally - circumvent its in-built 'legal kludge'. (This kludge was foisted on the writers by PKP, who insisted that they include code to 'drop the portcullis' on September 1st, and start issuing encryptions then unreadable by earlier versions of PGP.) It incidentally shows the problems inherent where, for reasons of establishing trust, the writers of software feel obliged to publish source code, and the embarrassment which can arise when the quality of the coding is thus exposed to scrutiny. -----------------------------%---cut here---%---------------------------- How to legally circumvent the PGP 2.6 Legal Kludge. According to the pgpdoc2.txt that comes with PGP 2.6: >PGP version 2.6 can read anything produced by versions 2.3, 2.3a, 2.4, >or 2.5. However, because of a negotiated agreement between MIT and >RSA Data Security, PGP 2.6 will change its behavior slightly on 1 >September 1994, triggered by a built-in software timer. On that date, >version 2.6 will start producing a new and slightly different data >format for messages, signatures and keys. PGP 2.6 will still be able >to read and process messages, signatures, and keys produced under the >old format, but it will generate the new format. This incompatible >change is intended to discourage people from continuing to use the >older (2.3a and earlier) versions of PGP, which Public Key Partners >contends infringes its RSA patent (see the section on Legal Issues). This is the "legal kludge". However there is an undocumented PGP parameter in PGP 2.6 which appears to be intended to allow the PGP user to disable this "feature". This parameter may only be specified on the command line using the "+" syntax. It is thought that it was intended that one could disable this feature using a command like the following: pgp +legal_kludge=off -e file However this does not work. In the source file config.c we find: case LEGAL_KLUDGE: legal_kludge = value; break; Since legal_kludge is a Boolean variable, the specified value "=off" is in the variable "flag". Value usually has the wrong number, since it is not set for Boolean values. Thus due to what appears to be a bug, we can not use the "legal_kludge" parameter to disable the kludge. Perhaps the bug is not really a bug at all, but a feature. After all it does limit the interpretability of pgp 2.6 with earlier versions. We can not fix this bug without violating MIT's licensing requirements. >2. Software included in this compilation includes a feature that >causes the format of messages generated by it to change on September >1, 1994. Modification to this software to disable this feature is not >authorized and will make this license, and the license in the >underlying software, null and void. If we were hell-bent to frustrate RSA and MIT, we would simply use pgp26ui and not tell them about it rather than hack their sacred kludge. It would seem to be an impasse. Or is it? Note that value is declared statically: >static int value; Every time a numeric parameter is parsed the variable value is used to hold the number. So all we have to do is specify a numeric parameter of zero before we specifying "legal_kludge"! We can then set that parameter back to the desired value if zero is not desired. That is the following works ! >pgp +cert_depth=0 +legal_kludge=off +cert_depth=4 -e file The above assumes that we wish to use 4 as the value of cert_depth. We set cert_depth to zero only to get the value of "value" to 0. The the legal_kludge parameter will set the value of "legal_kludge" to be =value=0, then we set cert_depth to the real desired value. This trick is legal, because we have not modified pgp 2.6 in any way. We are simply exploiting a bug or feature in the way PGP 2.6 is written. This kludge may seem to be too kludgy! It is asking a lot to ask users to type such a thing! But is this really a problem? Most users do not invoke PGP directly. They usually invoke PGP thru a mail program or some (Continued next message...) Gary M. on LI baby.doc@pcinfo.com 73223,402-CI$ --- * CMPQwk 1.4 #426 * I'm not schizophrenic, I'm "multi-faceted"! 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Jerome Greene 3 Aug 94 12:09:16 Subject: New to PGP Despite the stern warnings of the tribal elders, Jerome Greene said this to Ryan Shaw: JG> It seems to me IMO, that most, if not all echoes present excepted JG> :-) view digital signatures as a waste of band-width. If you see someone say that in an echo, send a message impersonating him. At the very end of it, put a little bit in parenthesis saying "(I could have just let you all think it was Mr. Doe that sent this message, but this is actually Jerome Greene, proving a point. If Mr. Doe used digital signatures, I couldn't have pulled this off.)" 201434369420143436942014343694201434369420143436942014343694718