From: Jason Carr Area: Public Key Encryption To: Jim Bell 6 Nov 94 15:34:56 Subject: ] UpdReq -----BEGIN PGP SIGNED MESSAGE----- JB> Does that mean that PGP could be exported, in source code form, if it JB> was written on paper? Or, UUENCODE on paper. Does that include 1 and JB> 2-dimensional bar codes? ^^^^^^^^^ :) Good thinking! Or we could print the books on perforated pages that are punch cards when pulled out. :P Heh heh. We'll figger out a way to get around 'em... BTW, let me know if this clearsign makes it out intact. I've never u-loaded anything from BWAVE through my BBS... jc -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP_ECHO: CypherEcho to the gods... iQCVAwUBLr1nu0jhGzlN9lCZAQEaCwQAnP4HVRbleC8LBitZF8nBLdJavfStYG2z /5nLBCpnxjyJtsczRnySwLvmwBCNZJNN93aviVjCpNg1U9cKpVPBk2pxv396fNW4 JUhzJMHOgof9nBJwRFuan9PcjIEGQSONrmZ2XP//xUKvIwAE4tu6bGJCOIw8jMk6 qkPS+HHAo+A= =1gPo -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Michael Johnson Area: Public Key Encryption To: John Mudge 6 Nov 94 01:59:02 Subject: A proposal... UpdReq //> John Mudge wrote in a message to All: <\\ JM> Author : John Mudge JM> Fido : 1:352/111 JM> Date : 02NOV1994 JM> IFNA KLUDGE LINES: JM> FORMAT OF A MESSAGE ID - MANDATORY: JM> The mandatory portion of the ^AFILTER line shall consist of JM> the Ascii SOH character immediately followed by the JM> uppercase characters FILTER and a colon and one space. JM> EXAMPLE: JM> ^AFILTER: NOBOGUS134 1:352/111.0@fidonet.org Just curious... where did you happen upon this idea? Michael Johnson michael@osuokc.okstate.edu 1:147/3006 NET147 NEC 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: Christopher Baker 5 Nov 94 12:41:20 Subject: legal PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- CB> there is no reason to continue to use 2.3a unless you just want to CB> stay behind the advancing technology. there are also people who refuse CB> to upgrade from ZIP 1.10. go figure. I'd rather stick with 2.3a. It seems a lot of people are. ___--BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLrvDxPHeH6k/x9gdAQHf3wQAmiAioIwC4nchsYVPZJBey6zx0Z+Zh2wM xCU6jL6DpMLgcSO911cz9v5Eo5RGqy7ziOk3VUnW/vFBJoKJgw6n9VOiZvJ14Nj2 M9HWkYb22I7TeCaF10r1QYxqkEt8TK2flHyHE9d29yOpKah6D6cxY34GMtaRG5cA W1WMMoWzIWo= =zIyF ___--END PGP SIGNATURE----- ... Assassin Technologies--We BUILD [9400+ line] nightmares. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Jim Bell 21 Oct 94 00:24:00 Subject: Need recommendations UpdReq On 10-11-94 (17:47), Jim Bell, in a message to David Chessler about "NEED RECOMMENDATIONS", stated the following: JB> DC> A 10 character password, if put two words, and especially if mixed > DC> case, is not especially vulnerable to dictionary attack, though it >can > DC> be done. JB>Oh really? "Not especially vulnerable?" Assuming we're talking about >two words commonly selected from a group of 10,000, we're only talking >about 100 million combinations. At a combination per millisecond you've >found the solution in a day. Where do you get 10,000? There are 20,000 words in spell on unix, and 100,000 words or more in most dictionaries. Even a paperback dictionary (pocket book size) will have 25,000 words). And I specified Mixed case. Mixed case .ne. mixed case .ne. MIXED case .ne. "mixed" case .ne. ... Two words is weak, but not that weak. Besides, the second word might be a number... Some varieties of Unix passwd, which is weak, require that you have mixed case and a number or punctuation mark. I usually use a control character (^I or ^T or almost anything except ^J or ^M) as well. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: Shawn Mcmahon 5 Nov 94 12:45:24 Subject: PGP 2.6.2 Official M.I.T UpdReq SM> Any particular reason that you'll use ONE version that SM> isn't written by Phil Zimmerman, but won't use another one? I'm using 2.3a, what IS made by Phil. I'll use 2.6ui only when needed. I find it works for checking signatures so that's fine with me. ... I am McMahon of Borg. You may already be assimilated! ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Jim Bell 29 Oct 94 12:59:00 Subject: Pgp 2.6.2 official m.i.t. UpdReq On 10-26-94 (21:51), Jim Bell, in a message to Christopher Baker about "PGP 2.6.2 OFFICIAL M.I.T.", stated the following: JB>Is there any reason to believe that source code (or even equations, >explanation, etc) can be legitimately restricted? JB>It's not as if I'd be surprised if the government were to take such a >foolish position; however I haven't heard that one yet. Have you heard of the Moby Turbo case? Most of the issues were discussed here about 18 months ago, with reposts of Grady Ward's messages. The book with source code was exportable. They came down on him and demanded he get a license to export the disk witht he source code. JB>Also: The government currently approves certain (weak) encryption >programs for export. What if somebody slightly modified a version of >PGP to include a single line EQUate that sets the maximum number of bits >in the key to, say, 40. JB>Exported legally, the number would then simply be changed to 2048 and >recompiled, returning the program to full functionality. Do you think the Government is that stupid? They allow such exports only if it can't be reconverted easily, and only if it's exported in object code only. There is a report that PGP 2.7 was permitted to be exported for a particular client. It's not clear why this was permitted, however. IT could have been a weakened version, or it might have been for the use of an american financial institution or other american citizen abroad. I just reposted a message (and see below) that makes it appear as if the feds have decided to allow licensed temporary export of strong encryption for personal use (with free licenses). --------------------------------------------------------------------------- @FROM :seanmd@rice.edu N @SUBJECT:Re: Commercial+International? N @UMSGID :<388ul7$21s@larry.rice.edu> N @UNEWSGR:01alt.security.pgp N Path: planet!isdnlin.mtsu.edu!darwin.sura.net!spool.mu.edu!howland.reston.ans.n et!cs.utexas.edu!newsfeed.rice.edu!rice!ruf.rice.edu!seanmd From: seanmd@rice.edu (Sean Michael Dougherty) Newsgroups: alt.security.pgp Subject: Re: Commercial+International? Message-ID: <388ul7$21s@larry.rice.edu> Date: 21 Oct 1994 17:44:07 GMT References: <387q8n$2ia@gap.cco.caltech.edu> Organization: Rice University, Houston, Texas Lines: 21 NNTP-Posting-Host: ruf.rice.edu X-Newsreader: TIN [version 1.2 PL2] Jonah Michaud (jonah@wrath.ugcs.caltech.edu) wrote: : My company needs to send sensitive data to another country (not : Canada) on a regular basis. I understand there is no version : of pgp I can use legally. What are my options? Is there a : popular commercial exportable product using, say, triple des? You can, in fact, get a license to use PGP (ViaCrypt) abroad LEGALLY from the NSA Encryption Licensing Office, which can be reached at 301-688-7834. People I have talked to say they react favorably toward such use. The State Deptment Office of Defense Trade Controls is working on a statement in the Federal Register to allow US Citizens to use encryption technology abroad for personal and commercial use. Call Karen Hopkinson at 703-875-6644 for more information. You can use the international version of PGP, but you may risk violating the PGP RSA license, which you may want to be careful of considering your connections to the US (and the rivalry between MIT and CalTech!). ------------ ------------ Sean M. Dougherty e-mail: seanmd@rice.edu Rice University phone: 713-523-5163 Department of Political Science fax: 713-521-9828 ------------ ------------ ---------------------------------------------------------------------------- ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: All 24 Oct 94 15:54:00 Subject: Pgp abroad UpdReq This message was from SEAN MICHAEL DOUGHERTY to ALL, originally in conference alt.securi and was forwarded to you by DAVID CHESSLER. ------------------------- @FROM :seanmd@rice.edu N @SUBJECT:Re: Commercial+International? N @UMSGID :<388ul7$21s@larry.rice.edu> N @UNEWSGR:01alt.security.pgp N Path: planet!isdnlin.mtsu.edu!darwin.sura.net!spool.mu.edu!howland.reston.ans.n et!cs.utexas.edu!newsfeed.rice.edu!rice!ruf.rice.edu!seanmd From: seanmd@rice.edu (Sean Michael Dougherty) Newsgroups: alt.security.pgp Subject: Re: Commercial+International? Message-ID: <388ul7$21s@larry.rice.edu> Date: 21 Oct 1994 17:44:07 GMT References: <387q8n$2ia@gap.cco.caltech.edu> Organization: Rice University, Houston, Texas Lines: 21 NNTP-Posting-Host: ruf.rice.edu X-Newsreader: TIN [version 1.2 PL2] Jonah Michaud (jonah@wrath.ugcs.caltech.edu) wrote: : My company needs to send sensitive data to another country (not : Canada) on a regular basis. I understand there is no version of pgp I : can use legally. What are my options? Is there a popular commercial : exportable product using, say, triple des? You can, in fact, get a license to use PGP (ViaCrypt) abroad LEGALLY from the NSA Encryption Licensing Office, which can be reached at 301-688-7834. People I have talked to say they react favorably toward such use. The State Deptment Office of Defense Trade Controls is working on a statement in the Federal Register to allow US Citizens to use encryption technology abroad for personal and commercial use. Call Karen Hopkinson at 703-875-6644 for more information. You can use the international version of PGP, but you may risk violating the PGP RSA license, which you may want to be careful of considering your connections to the US (and the rivalry between MIT and CalTech!). ------------ ------------ Sean M. Dougherty e-mail: seanmd@rice.edu Rice University phone: 713-523-5163 Department of Political Science fax: 713-521-9828 ------------ ------------ * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: All 4 Nov 94 22:01:00 Subject: PGP and GoldEd UpdReq Bright the day, All! I've been having trouble trying to set up PGP 2.62 with GoldED. The format given in the GOLD_PGP.DOC file doesn't seem to work for me: EXTERNUTIL 1 c:\pgp\pgp.exe +force -sat @file "@dname" "@oname" -u "@oname" -o @file <---Wrapped This seems to cause the GoldEd message file to be overwritten with a null length file _before_ PGP starts, resulting in a message containing a PGP signature but no message text. I've tried various batch file configurations, but haven't been able to figure out how to pass whitespace-containing user IDs in the batch files. Any suggestions out there? Wind to thy wings, Glen ... Constants aren't; variables don't. 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: John Mudge 29 Oct 94 13:01:00 Subject: Pgp embedded in .gif's ? UpdReq On 10-26-94 (20:45), John Mudge, in a message to All about "PGP EMBEDDED IN .GIF'S ?", stated the following: >Anyone have the source file for placing pgp encrypted messages in a .gif >for distribution over the net ? The only such program is for the Macintosh. JM>Anyone know where to access such a program for DOS based machines ?? No. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Marshall Votta Area: Public Key Encryption To: John Mudge 6 Nov 94 09:20:44 Subject: Re: PGP embedded in .gif's ? UpdReq JM> Internet site! I had managed to get a copy, but your information JM> made it a bit clearer. It sort of looks like the sort of thing JM> that would be really nice to have a shell for in order to use PGP JM> with it and avoid having to remember all the steps :-) No problem. Actually, I'm considering releasing one of my 4dos batch files that I use in conjunction with Stego. -ls 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: Christopher Baker 5 Nov 94 12:49:22 Subject: PGP versions UpdReq CB> why? not still nursing that grudge against Phil because he upgraded CB> the software are you? [grin] No, I don't trust anything beyond 2.3a. I never nursed a grudge against Phil. I don't trust MIT's involvement. CB> please let your key off in PKEY_DROP Echo where it belongs. I can't get that echo. I'll ask the sysop if he'll get it. ... Roses are red, violets are blue, some poems rhyme, but not this one. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: John Roman Area: Public Key Encryption To: Ian Lin 6 Nov 94 11:01:50 Subject: Re: PGP versions UpdReq On 3 Nov 94 08:45pm, Ian Lin wrote to David Mcintyre: IL> ___--BEGIN PGP SIGNATURE----- IL> ___--END PGP SIGNATURE----- IL> --- Maximus 2.01 You need to quit using the Maximus QWK door, it's screwing up your sig block. John. ... If voting changed anything it'd be illegal. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Ian Lin 7 Nov 94 11:27:12 Subject: PGP versions UpdReq Despite the stern warnings of the tribal elders, Ian Lin said this to David Mcintyre: IL> And how do you feel about PGP 2.3a? That's what I use. I don't IL> trust the 2.6+ versions but I do have 2.6ui to pretend it's IL> any version. I'm curious; how come you trust Phil Zimmerman's word about 2.3a, but you don't trust his word about later versions? 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Jim Bell 21 Oct 94 00:32:00 Subject: Rsa broken UpdReq On 10-11-94 (17:48), Jim Bell, in a message to David Chessler about "RSA BROKEN", stated the following: > DC> force attacks become more practical with increasing hardware speed, > DC> with a limit of about 3100 bits, after which it is easier to attack >the > DC> Idea key. JB>Even then, probably not. Remember, finding the IDEA key is only >valuable for that particular message, not any others. Presumably, >finding the public key is useful for far longer, in many other messages. True. It depends on how important the message is, and how easy the attack on IDEA becomes. If IDEA ever becomes as susceptable to brute force attack as DES now is, then no one would consider attacking the RSA. JB> DC> Factoring times are thought to double for every additional > DC> 15 bits in the key. JB>I thought the difficulty doubled for each extra 10 bits. Depends on which "expert" wrote the last FAQ you read. > DC> and validating primes. In particular, there are several classes of > DC> numbers which PGP will accept as "probably prime" which are not. JB>I've heard of one type, called "Carmichael numbers." What are the >others? PGP uses a probabalistic approach to testing for prime numbers, but it tests exhaustively for all simple primes up to some number (the table is built in). This list will be extended, I expect. JB>Question: why can't they do a far more extensive test on the numbers? >I mean, the program could issue a preliminary key, then request the user >to run a program overnight that would do a far better job weeding out >the non-primes. Presumably, this would only rarely generate a "hit" but >it could be done when nobody is using the computer. If a weakness were >discovered, the "worst" that would happen is that the key would be >revoked, etc. I have an implementation of RSA that does test more exhaustively. It takes (according to the docs as I recall them) about 30 hours to generate a 256 bit key pair on a 286. A 1024 bit pair would take about 8 times as long, I guess. JB>Another question: Do these numbers REALLY have to be prime? Let's >suppose I select a 1024-bit key, which is the product of two 512-bit >numbers. One of those numbers is prime; the other is actually the >product of two 256-bit numbers and thus it isn't prime. JB>How much of a flaw is this, really? Admittedly, if you were somehow >doing a brute force search you'd "only" have to check an average of >(2**256)/4 combinations, rather than 2**512 combinations. The keys we get are almost certainly *not* prime. However, if the smallest prime factor is "large enough", and if other conditions are met (they pass the tests) then it will take a very long time to get the prime factors. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Jim Bell 24 Oct 94 12:42:00 Subject: Rsa broken UpdReq On 10-21-94 (18:21), Jim Bell, in a message to Raymond Paquin about "RSA BROKEN", stated the following: JB> -=> Quoting Raymond Paquin@1:163/318. to Jim Bell <=- JB> JB> What is a "strong prime"? Definition, please. Please go into as >much > JB> detail as you need. JB> RP> I can't possibly answer this right now. The answer would take >about > RP> 50-60 lines of dense text. > RP> I will, but later. > RP> Which do you prefer: > RP> - An 'article' composed by me > RP> - A list of references where you would find all relevant details ? JB>I don't mind a list of references, but I can't yet FREQ. I do have a >local library, but their collection of cryptography stuff is abysmal at >best. They did buy that new book by whats-is-name, on my suggestion. =========================================================================== BBS: NETWORK East Date: 10-19-94 (19:52) Number: 2279 From: PLANAR Refer#: NONE To: ALL Recvd: NO Subj: Primality testing: Fermat Conf: (2051) alt.securi --------------------------------------------------------------------------- @FROM :Damien.Doligez@inria.fr N @SUBJECT:Primality testing: Fermat vs. Miller-Rabin N @UMSGID :<383tdp$dr0@news-rocq.inria.fr> N @UNEWSGR:01alt.security.pgp N Path: planet!isdnlin.mtsu.edu!darwin.sura.net!convex!cs.utexas.edu!math.ohio-st ate.edu!jussieu.fr!univ-lyon1.fr!news-rocq.inria.fr!couchey.inria.fr!doligez From: Planar Newsgroups: alt.security.pgp Subject: Primality testing: Fermat vs. Miller-Rabin Message-ID: <383tdp$dr0@news-rocq.inria.fr> Date: 19 Oct 1994 19:52:25 GMT Organization: in-R-ia Lines: 87 NNTP-Posting-Host: couchey.inria.fr Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-PGP-fp: 999/69B8A1 F749 6C9A E066 BCBF 90C1 9770 C2AE 401C -----BEGIN PGP SIGNED MESSAGE----- Primality testing: some experimental results Abstract I hacked a little program to compare the precision of Fermat and Miller-Rabin primality tests. This article presents the results I got so far. (The program is still running.) Primality testing in PGP In order to generate a Private/Public key pair, PGP needs two large random primes. For a 1024-bit key, these primes will be 512 bits each. Finding such large primes is possible, but not easy, so PGP takes a shortcut. It chooses two random numbers that are probably prime, and it tries to make sure that the probability is very high. To this purpose, PGP uses two techniques: a sieve and Fermat's test [1]. PGP takes a random odd number and divides it by all primes less than 2004. If the number is divisible by any of these, then it is obviously not prime. Then PGP uses Fermat's test. Fermat's test has a parameter b; it consists of computing b**(n-1) mod n. If this is not 1 then n is certainly not prime. If it is 1 then n is probably prime. PGP uses Fermat's test with b = 2, 3, 5, and 7. Any number that passes the sieve and the 4 Fermat tests is assumed by PGP to be prime. I will call such numbers "PGP pseudo-primes". The Miller-Rabin test The Miller-Rabin test (as described by John McGowan [2]) is the same as Fermat's test, except that each time you compute a square modulo n (in the process of computing b**(n-1) mod n), you look at the argument and the result of the square operation. If the argument is neither 1 nor n-1 and the result is 1 then you have found a non-trivial square root of 1 modulo n and you know for sure that n is not prime. This test is both faster and more accurate than Fermat's (it terminates earlier and it eliminates more non-primes.) The question is: "how many more non-primes does it eliminate ?", or in other words: "how much is gained by replacing Fermat with Miller-Rabin in PGP ?". Experiment I wrote a little program (heavily based on PGP source) that takes consecutive 512-bit odd numbers (starting from a random number), runs them through the sieve, runs the remaining numbers through Fermat with b = 2, 3, 5, and 7, and then through Miller-Rabin with b = 2, 3, 5, and 7. It keeps a count of the number of numbers that failed each test. (The numbers that fail a test are not put through further tests.) Results My program has been running for a week now. Odd numbers tested: 18 339 300 Failed sieve: 15 638 892 passed: 2 700 408 Failed Fermat (b=2): 2 590 346 passed: 110 062 Failed Fermat (b=3,5,7): 0 passed: 110 062 These 110 062 numbers are PGP pseudo-primes. All these PGP pseudo-primes passed all four Miller-Rabin tests. This is roughly equivalent to generating 55000 PGP keys and finding not even one that the better test would reject. References [1] genprimes.c (PGP sources) [2] Newsgroups: alt.security.pgp Message-ID: <34adid$fam@eis.calstate.edu> Date: 3 Sep 1994 10:59:41 -0700 From: jomcgow@eis.calstate.edu (John S. McGowan) Disclaimer: Of course there could be a bug in my program. -----BEGIN PGP SIGNATURE----- iQCSAgUBLqRaF1NZwSQVabihAQGEZQPmI3eTvs827rg2/+sp/02FsQY1SpjTDr0x hdQwRbfQ47F+V9sFJDdeZAjNGyo9yQB/hTelGkmM5zjE+TSxNFa1KG+haUPO7b+p 0dEwVfCldDYsm4Oj2iVyZWRSpDc2JPYhSnDnSqmxWLK+xXMt6+osx/5WKBKwoIf0 NKUJ4Mk= =70rt -----END PGP SIGNATURE----- ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Jim Cunningham Area: Public Key Encryption To: John Mudge 7 Nov 94 07:27:00 Subject: CRYPTOGRAMS UpdReq JM>Do you have a copy of CRPTGRAM available for FREQ? If so, what is the JM>filename? John, I am not sure what FREQ means as you use it but I quote here the help screen from the program so you can get it direct. I have forgot who or where I first got it. If you enjoyed this program, a registration of $8 would be appreciated. Send to: Paul McGuire 50 Market Street #1A, Box 316 South Portland, ME 04106 I will send you an additional data file of cryptograms, if you will send $2.50 to defray media and postage costs. Please specify 3/" or 5/" disk. It was probably CRYPTOSW.ZIP from a local BBS CD-ROM. --- * SLMR 2.1 * Thesaurus: ancient reptile with an excellent vocabulary. 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Jim Gorges 6 Nov 94 02:51:04 Subject: Embedding in Gifs UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- JG> Regarding the list of program on The Sprawl for embedding files in JG> GIFs (which has already been purged from the message base...darn), JG> have you used some of them? If so, are there some you would rate as JG> superior to or more capable than others? Sorry, Jim. The only one of the group I've used is White Noise Storm, which was one of the first stego programs. It's supposed to be excellent, but I couldn't get it to extract the file from the image correctly. Others may have more luck. JMS -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLry0Fmj9fvT+ukJdAQELAAP+MNECM3O4R1mSkWwzxyfTD5ulyWXKjwRQ yu229qkiv6Txd0/r1m8QsFdq41fdxyr6F/nWcW0ShyQie9AzIFpdOuVsyivW3uTu UQLVEyVamaZOfscsqX2B+qOrNjdEX+836fFrut2vYez0dSk5+xKrOdO0GeUI+4kI Pd6aTIlXWEA= =Z793 -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... "Press to test." "Release to detonate." "Uh-oh." 201434369420143436942014343694201434369420143436942014343694718 From: Jerry Boggs Area: Public Key Encryption To: All 6 Nov 94 19:06:22 Subject: HPACK UpdReq Has anyone else been able to get the '-B' option to work with the OS/2 version of HPACK79? Everytime I try to use the -B option I get an error message "Error: Unknown option ''. Jerry Boggs 1024/F7983445 Key fingerprint = D1 A1 41 39 04 66 AA 2E 8D 88 C5 26 06 46 38 CB HAL 9000: Dave. Put down those Windows disks, Dave. DAVE! --- GoldED 2.50.B1006+ 1626US3 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Ian Lin 7 Nov 94 17:27:16 Subject: Re: legal PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 05 Nov 94, Ian Lin was quoted as saying: IL> I'd rather stick with 2.3a. It seems a lot of people are. nobody will twist your arm to stay current. [grin] IL> ___--BEGIN PGP SIGNATURE----- IL> ___--END PGP SIGNATURE----- your PGP blocks are being scrambled. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLr6px8sQPBL4miT5AQEdHQP+LxLjEpS5lnNhrohEGDEyivTwQ7i6mZ/4 gT9NLwKVgX8XtUILplI3FcywycK78PCm9+TWytsBxp1g5JGldCfrdIxvfBGMsDHy 7Vxf/nxoleyQ7l0eft/iRwlEtC6+GXVEmCVxxD2zDo+IFYebFqQ4jSbqxitwqwic F1s+hH8WlMc= =WeGF -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: David Rye Area: Public Key Encryption To: Glen Todd 7 Nov 94 22:40:42 Subject: PGP and GoldEd UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Glen... Friday November 04 1994, Glen Todd wrote to All: GT> This seems to cause the GoldEd message file to be overwritten with a GT> null length file _before_ PGP starts, resulting in a message containing GT> a PGP signature but no message text. I've tried various batch file GT> configurations, but haven't been able to figure out how to pass GT> whitespace-containing user IDs in the batch files. Any suggestions GT> out there? I was having the same problem with ged/2 and pgp when trying to sign a message. Here is what I did: In my golded.cfg I have this: EXTERNUTIL 1 c:\bink2\golded2\test.cmd @file "@dname" "@oname" EDITSAVEMENU Yes EDITSAVEUTIL 1 "S PGP Leave as Ascii & Sign the msg" I created a batch (cmd) file as such: @echo off pgp32 +force -sta %1 %2 -u %3 -o david.txt move david.txt %1 Works fine now. L8er Dave dr94cb@badger.ac.brocku.ca Team OS/2 ... Gather 'round like cattle and ye shall be herd. - --- GoldED/2 2.50.B1006+ -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: dr94cb@badger.ac.brocku.ca iQCVAwUBLr710GABZnP6BSBBAQHPdgP+MV/3VGLiiLJ5JjjOnDKaYy0SQD/merdS soajfHmdQdKbKZ7A0oDdO1XmqHbqcL7UI+2sQLVdekxS+9OAbZuFx1XbcmBX7Uw8 ugyAOgJ+Rld3eMIKUGOFS2+7iaCor9fRyfxiIbaVJFtZpeudWuSM+X0tHGdA0WjQ tibtgZSrwh0= =VNT6 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Robert Nelson Area: Public Key Encryption To: Brian Ehrler 6 Nov 94 17:42:40 Subject: Re: PGP Load UpdReq -=> Quoting Brian Ehrler to All <=- BE> I am having some problems with PGP load finding the pubring.pgp file. BE> It doesn't happen on Get sig. I have been noticing some trouble myself. I use PGPBLUE which you can get from my BBS at (904)-836-5143. Works GREAT!!!! ~~~ PGPBLUE 3.2 ... Paul Haigh-It's a wonder how such a big head holds such a little mind 201434369420143436942014343694201434369420143436942014343694718 From: Peter Bradie Area: Public Key Encryption To: Dan Mlodecki 5 Nov 94 20:34:00 Subject: Pgp signatures UpdReq -=> Quoting Dan Mlodecki to Peter Bradie <=- DM> Question: If no one here can certify that a user is actually that DM> user, then how can anyone trust anyone else at all? There has to be a DM> limit imposed on paranoia, for sanity reasons! There's the Web of Trust situation where you've received keys from people you know and trust, and will accept keys from them for others that they will vouch for. Then there's the Web of Usefulness, where having keys from everybody is virtually useless because there's no reason to send encrypted info to everybody... ... Sometimes you gotta THINK about it... ... Blue Wave/QWK v2.10 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Ian Lin 6 Nov 94 23:30:10 Subject: PGP versions UpdReq -----BEGIN PGP SIGNED MESSAGE----- IL> DM> My feeling is that PGP distribution is fine the way the 2.6 was IL> DM> distributed. That is, making sure that the primary distribution site IL> And how do you feel about PGP 2.3a? That's what I use. I don't trust the IL> 2.6+ versions but I do have 2.6ui to pretend it's any version. Why don't you trust the MIT versions? Enough people have gone over the source code independently that any deliberate weakening should have shown up. If it's the RSAREF nonsense that you don't like, then why not try Stale Schumacher's PGP 2.6.i? He's kept all the bug-fixes (and fixed the clearsig bug) as well as keeping compatibility with earlier versions. His version even will handle key signatures made by versions prior to 2.3a, which the MIT version won't. Perhaps you believe the (totally unsubstantiated) allegations that have been floating around the net about a "back door" in PGP 2.6? Absolutely no one has demonstrated the existence of such a back door. According to these allegations, Phil has somehow cut a deal with the Feds; in return for weakening PGP, the Feds will go easy on him or drop the case against him for allegedly violating the ITAR regulations. Well, first of all, no charges have yet been filed against Phil. Even if there was a deal, how long do you think that it could be kept secret? Please remember Phil's business is as a programmer/security consultant; if it could ever be demonstrated that he knuckled under to pressure and weakened a product, he'd be finished. His reputation would be toast! In the worst case scenario, if he were charged, convicted, and sentenced to the maximum jail time, he's looking at some 4.5 years. The 4.5 years would not be fun, but when he comes out, he would be in the same position as a newspaper reporter who goes to jail for refusing to reveal a source. I've seen statements by reporters who've gone to jail, and they said it only enhanced their reputation--that people knew they could be trusted. I believe it would be the same with Phil; in the eyes of many, his trustworthiness would only be enhanced. So basically, if he cuts a deal, and it gets out (and it WOULD get out eventually) then he's dead in the water.... FOREVER. This would follow him the rest of his life. Phil has to know this, and it's simply not in his best interest. Phil is not a fool, I'm sure he knows this, and is governing himself accordingly. Ian Hebert London, Ontario, Canada RIME: HOMEBASE Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B -----BEGIN PGP SIGNATURE----- Version: 2.6.i iQCVAgUBLr22LN+oQ+cHei9/AQHFoAP8CkxduBXizgFl6rsAzwNVlbmOc3OOOVlp bDdSmhdSZjN6kUQFkW0++6Fv3YvQFo6Gj1nBL7HND+gpPSidB9fUEPJTUw1nbyur tVGAimSyaGCvtxcf5HhN9fzi3iA2IR+7DzKvRZSGiLmQ1DzOxq2xK/USrjHxyDz/ wCPDvHDSb1w= =gFfu -----END PGP SIGNATURE----- * RM 1.3 * Eval Day 261 * Orwell was an optimist.... 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Ian Lin 7 Nov 94 00:47:10 Subject: PGP versions UpdReq IL> DM> yet, as I don't really have a way to send Netmail yet, and I haven't IL> DM> gotten a version of PGP that I feel comfortable with yet. The 2.6 I IL> DM> have now won't read all the keys that have come through the normal IL> DM> distribution channels. I'll eventually find the 2.6ui that I'm looking IL> DM> for, but I no longer have Internet access, and I'm not really into IL> DM> calling LD. Oh, well. I'll be at a comfortable point eventually. IL> Calling LD that once will not necessarily hurt. I recommend 2.3a above IL> all others but to have 2.6ui at your side is also valuable since it can IL> process 2.6 MIT and 2.6.1 files. I don't know what else it can handle, IL> however. It can fake versions. PGP23A.ARJ and PGP26UIX.ZIP are online at IL> Black IC in 613 547 6756 in Kingston, Ontario, Canada. PGP23A5E.LHA for IL> the Amiga is also online. NO VALIDATION, NO RATIOS, NO REAL NAME REQUIRED. Had a look around, they also have Stale Schumacher's PGP 2.6.i as well. In my view, this is the best all-round version; it handles keys up to 2048 bits, will generate them after December 1st, and doesn't choke on key signatures produced by earlier versions of PGP than 2.3a. It also doesn't use RSAREF, but Phil's original routines which are faster and more efficient. Ian Hebert London, Ontario, Canada RIME: HOMEBASE Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B * RM 1.3 * Eval Day 262 * Orwell was an optimist.... 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Ian Lin 7 Nov 94 17:28:18 Subject: Re: PGP versions UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 05 Nov 94, Ian Lin was quoted as saying: CB> please let your key off in PKEY_DROP Echo where it belongs. IL> I can't get that echo. I'll ask the sysop if he'll get it. same source as this one. just have him ask for it by that tag. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLr6qBcsQPBL4miT5AQEJmQP/cPbFEZvqlkJJnyZzUa6ytIkK1thP6rnW BHRkRq4KjOf+DamPX4BI8ruX265gGN3fcIdcihM+OR0FZHuUlMxRuM5BYyeoXRGA eQSVYTbcH0PCMOzUO4+FGpx0QeH525zmcTzzoMUivKds0jIKJhNzn5rH4gXjJyDR sP6cmn+MsSA= =YqwA -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: David Rye Area: Public Key Encryption To: Christopher Baker 7 Nov 94 22:57:36 Subject: pgp262 for os2 UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Christopher... Has the MIT 262 version of pgp been compiled for os2 yet? Haven't seen anything as yet. L8er Dave dr94cb@badger.ac.brocku.ca Team OS/2 ... Dishonest Person -- One who farts & blames the dog! - --- GoldED/2 2.50.B1006+ -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: dr94cb@badger.ac.brocku.ca iQCVAwUBLr73jGABZnP6BSBBAQEPwQP/a4SkqJ2o5N6uUpV4UITRx3JWFiowQlX8 N0Z5HGBAodVSog7PFgZKWPtRA3k3/9PFg0vZrCvWCKOe5Gy20OTu5Ogz6wKvd/6B nZ56xMju9W/BwrH24DvXwyQutzS/F6JDOkUWNoz/U19MwL2B89pViblmptjQS5Li o5nSoaJMhM0= =fUA2 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Ross Lonstein Area: Public Key Encryption To: Carl Forester 7 Nov 94 15:53:42 Subject: Re: PGPLoad 1.2 UpdReq CF> * Reply to msg originally in FIDO-PGP Key drop CF> I gave it a try, I could not add keys or decrypt messages. When I CF> tried it went to the editor and gave me a blank screen. CF> I also tried to sign this message and it didn't do it. When I tried CF> to post my it went back to bluewave and gave me an error message. I had the same problem with PGPLOAD. I am using Tagline Express and the Aurora editor with Bluewave. If your setup is similar, make the following changes: BLUEWAVE + In the setup options, change the automatic quote to OFF. PGP cannot interpret a file if all the lines have the 'xx>' stuff in them. + DO NOT change the editor filename from the TLX batchfile TLX + Set the filename for the editor to PGPLOAD.EXE + DO NOT change the batchfile made by TLX! + Set TLX to automatically guess for quote this will style and perform quoting save you an hour of PGPLOAD frustration! + Set the filename for the editor to whatever editor you use. In my case that's A3.EXE Using this arrangement, PGPLOAD's menu will appear anytime you reply to a message and your taglines will appear at the end of the PGP-ed message rather than inside it. Of course, for encrypted messages you will have to manually assign a tagline since TLX will read only gibberish. RLONSTEIN PGP key upon request or via Key servers --- TLX v4.00 I read banned books and messages. 201434369420143436942014343694201434369420143436942014343694718 From: Marc Stuart Area: Public Key Encryption To: Scott Miller 6 Nov 94 20:12:00 Subject: Signing keys (or anything) UpdReq -----BEGIN PGP SIGNED MESSAGE----- SM> I was told not to burst a blood vessel by Christopher baker, however SM> the reason is that it is not necessary. It does nothing to verify that SM> the key is from you, and it is a wasted step in decoding a key. 1) Christopher gave you good advice. 2) I believe he covered the most plausible reason for it, which happened to be accurate in that case. 3) I'll attempt to resist the automatic urge in the future. I'll assume you'll do the same. 4) That's absolutely no way to introduce yourself. I sincerely doubt that you would have EVER acted that way in a face-to-face meeting. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLr1+8p0oU3J5RriBAQH6VwP7BjICJ4aiTMCmBhtdxAQ0M8bHGRHj21hM y1dWp+WHI0JUVI0PbFyF0rXz2t6+DH02smxHxjzQmE0YC19uaUBxffrDybnvPluL lcEVCaP04fPYAOloT9GOCGN9x4gXuQzhJhnQhPeMgppqpEZ3PImkM51Jhb0vB0lU STdcKUz5leY= =ArYQ -----END PGP SIGNATURE----- ~~~ PGPBLUE 3.0 ... The body of a dead enemy always smells sweet. 201434369420143436942014343694201434369420143436942014343694718