From: Dennis Eshelman Area: Public Key Encryption To: Christopher Baker 8 Nov 94 17:29:00 Subject: legal PGP UpdReq Hello Christopher! -= As I remember it, Christopher Baker stated to Ian Lin: =- CB> nobody will twist your arm to stay current. [grin] Being new to this echo, I know I'm probably rehashing a subject that has been covered here before, but here goes. :) I just acquired PGP 2.6.2, and it is now installed, interfaced thru GoldED, and everything is ready to go. However, there seems to be some concern about this version not being compatible with the older ones, and I am wondering if this is going to be causing a lot of keys to be re-generated? I guess what I'm trying to say, is what is the future of public-key encryption? Should I go ahead and post my public key, in PKEY_DROP, from 2.6.2? I'm a little confused here. -=>Dennis<=- 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Scott Miller 10 Nov 94 11:00:00 Subject: Pgp embedded in .gif's ? UpdReq On 11-08-94 (18:15), Scott Miller, in a message to David Chessler about "PGP EMBEDDED IN .GIF'S ?", stated the following: SM>DC> >Anyone have the source file for placing pgp encrypted messages in >A bit hasty there David, the only such program is NOT only for >Macintosh. >There happens to be a perfectly good Windows program I use called >S-Tools, >and it can place any file within a GIF, BMP, or WAV file. So I have seen. When I checked the usual crypto ftp sites a couple of months ago, I found only the Mac program, so availability of the Dos and windows programs may be a problem. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: Dan Mlodecki 10 Nov 94 00:22:30 Subject: security UpdReq DM> You raise a very good point here. PGP covers only one area of DM> security. There are an infinite number of other places in the chain DM> that can be broken into easier and cheaper. As for trust of others, Do not let that convince you to let other links in the chain be weaker. The chain's as weak as the weakest link but a weak link can be fixed or replaced so don't let the rest rust away in lieu of advancement for one or a few others. DM> especially over a mail net, I believe it's a good practice to write in DM> encryption only what you would feel mildly nervous about posting I feel it's a good practice to make sure you get the right keys and then I stop worrying about it. DM> openly. That way, if there's no sensitive information being exchanged, DM> nothing can get out. No pain, no gain. No productivity either, defeating the need for encryption. ... It's all fun and games until someone gets hurt. Then it's just fun. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: John Roman 10 Nov 94 00:22:32 Subject: max messing with blocks UpdReq JR> You need to quit using the Maximus QWK door, it's screwing up your JR> sig block. I know what it does. I may switch. I usually pay it no mind and convert ___-- to ----- before message processing, a mere 1 second task. ... Prosecutors will be violated. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: Brian Ehrler 10 Nov 94 00:51:00 Subject: PGP Load UpdReq BE> I am having some problems with PGP load finding the pubring.pgp file. BE> It doesn't happen on Get sig. Do you have PGPPATH=C:\PGP or whatever path you use? Make sure you type SET PGPPATH=C:\PGP or specify your directory if it's not that. You can do that in a batch file too and need do it but once per boot up so it can easily go into the AUTOEXEC.BAT. ... Handcuffs are for a truly binding relationship ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: Mike Riddle 10 Nov 94 14:13:02 Subject: 02/H.R. 5199 2/2 UpdReq MR> `(E) shall preserve the functional ability of the MR> government to decipher, in a timely manner, MR> electronic information that has been obtained MR> pursuant to an Right here. This is where the proposition is entirely unreasonable. How can this be stopped? ... The "C" in Rap is silent. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: Mike Riddle 10 Nov 94 15:45:12 Subject: PGP availablility UpdReq MR> And remember that PGP seems to find its way overseas, quickly, after MR> each new release. I believe that Phil and MIT are doing their best MR> not to violate the law, but there apparently are folks out MR> there who don't seem to mind too much. And we thank them for it every day here in Canada! ... I had my car's alignment checked; it's chaotic evil. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Ian Lin Area: Public Key Encryption To: David Chessler 10 Nov 94 15:54:14 Subject: Pgp abroad UpdReq DC> Jonah Michaud (jonah@wrath.ugcs.caltech.edu) wrote: : My DC> company needs to send sensitive data to another country DC> (not : Canada) on a regular basis. I understand there is DC> no version of pgp I : can use legally. What are my DC> options? Is there a popular commercial : exportable DC> product using, say, triple des? This is my plan. You may want to use a weaker DES that won't take too long to encrypt or decrypt. I would use PGP under that, and any damn version (2.3a) I please. ... Borg spread sheet: Locutus 1-2-3. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Raymond Paquin Area: Public Key Encryption To: David Chessler 11 Nov 94 13:51:00 Subject: Rsa broken UpdReq DC> I hacked a little program to compare the precision DC> of Fermat and Miller-Rabin primality tests. This DC> article presents the results I got so far. (The DC> program is still running.) DC> Primality testing in PGP I loved your post ! If I interpreted it correctly, it confirms what I have always sort of 'known'. Throughout the years, I must have generated a few million large candidates for primacy. *NOT ONCE* has the simple Fermat test passed a candidate which was later rejected by more powerful tests, such as Miller-Rabin or Solovay-Strassen. In other words, the Fermat test, in practice, seems to be sufficient. I think, however, that this thread started on the subject of *weak* prime numbers, not pseudo prime numbers. There are such 'animals' as *truly* prime numbers which, when used to obtain a product of two prime numbers, give you a product that is 'easy' to factor. Ciao... 201434369420143436942014343694201434369420143436942014343694718 From: Michael Johnson Area: Public Key Encryption To: All 11 Nov 94 18:18:56 Subject: Internet sites. UpdReq Hello All: Can anyone tell me of a place on internet (FTP) where I can get the different versions of PGP? If possible I would like all versions commonly in use today, so I can try them all and offer them to be downloaded by users. Thanks michael@osuokc.okstate.edu 1:147/3006 201434369420143436942014343694201434369420143436942014343694718 From: Rob Stewart Area: Public Key Encryption To: All 9 Nov 94 00:43:00 Subject: Help UpdReq Hi Everyone. Just a short letter of inquiry. I live in Toronto, Canada so anyone not from this area can disregard the following. I am currently enrolled in an Electronics Technology Program full time, and I finish at 1:30pm. I am looking for a part-time postion in the field of electronics. To be honest, up until this past trimester (5th), I had a GPA of 3.29 . Unfortunatly I went through a serious crisis with my wife and my GPA dropped to 2.93. I am a hardworking individual, and I learn very quickly. My skills include the use of test equiptment such as scopes and DMM's. I also have experience in reading schematics, and testing circuits. My strongest interest is in the field of microprocessors, and computers. I have done some assembly language programming on the 8085, and I am currently studying the 8086/88 family. I have a lot of PC experience as well. I have done both hardware, and software installation and trouble shooting. My PC experience also includes setting up OS/2, DOS/Windows, A Windows for workgroups Peer to peer network, and Linux. I also spent 5 years in the Canadian Forces Reserves. I aquired working as a member of a team, and as a team leader. If you happen to be looking for a young, energetic electronics student for your company, (or know someone who is) please contact me at (416) 742-5398 day or night. Thank you for your time. Rob Stewart P.S. Sorry for the cross posting but I am really quite desperate. ... He who dies with the most TAGLINES wins! ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Rob Perelman 11 Nov 94 03:40:00 Subject: Pgp embedded in .gif's ? UpdReq On 11-07-94 (20:38), Rob Perelman, in a message to David Chessler about "PGP EMBEDDED IN .GIF'S ?", stated the following: RP>DC> >Anyone have the source file for placing pgp encrypted messages in > > >a .gif for distribution over the net ? RP>DC>The only such program is for the Macintosh. RP>Uhh...no. I just got a program for DOS... So I'm told. I checked a *lot* of the crypto ftp sites on the internet in late august and early september and didn't find anything. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Jim Bell 11 Nov 94 11:48:00 Subject: Pgp 2.6.2 official m.i.t. UpdReq On 11-09-94 (18:13), Jim Bell, in a message to David Chessler about "PGP 2.6.2 OFFICIAL M.I.T.", stated the following: JB>They, themselves, may not be "stupid." However, they may be required to >express their rules for making the decision in writing. Once written >down, it is generally possible to find an exception to the rules to >achieve the desired result. No. There are no rules in writing. They make decisions on a case by case basis. Since it's a national security issue they don't have to. JB>If, for example, the "rules" said that source code written on paper is >legal, the "simple" solution is to print out that source code and export >the paper, scanning the paper outside the country and re-generating the >source elsewhere. Legal. Paper and books are protected speech, Amendment 1. See the story of the Schneider book/ JB>Or, if the "rules" merely prohibit sending source code out on magnetic >tape or disk, find some program that writes one- or (even better) >two-dimensional bar codes on paper. It would make the re-generation of >the code even easier. Nope. There are no rules. Any export has to be passed. They might even refuse export of Schneider's book if the appendix were in the OCR-B font. They might have required that it be done in dot matrix and a small font (difficult to OCR). They didn't, because it was a major publisher and they thought that they can't be to arbitrary or they lose on appeal. The ITAR people at state ruled individually on Schneider's book, and did not give reasons for saying it could be exported. No precedent was set. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Carl Hudkins 11 Nov 94 10:38:26 Subject: GOP vs. Clipper...? UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- CH> Even though I would rather have seen my party keep control of CH> the legislative branch (home-team kind of thing :) I am hoping that CH> since the Republicans say they are against "big government" they will CH> help put Clipper in the pine box where it belongs. CH> Does anybody have any educated info on this? Clipper was started under the Bush administration. JMS -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLsOcw2j9fvT+ukJdAQHalwP9E4JSQLgIIbyNehRGuLZd3Rjv/fvgajT9 0KflyPCsiHSxfVefGVO3cZ76nJPBKiMwC3viaHd9Xo9N/HnJ9qw+WmGUNcIgAV+W IhJ7K7dOMNAoA/ZV9LBzqmimdVE4CExRpRd75FwkohDM3HZIjQcbpbwXWw6/eHx2 L352inZYQkQ= =k7Uj -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... I tried an internal modem, but it hurt when I walked. 201434369420143436942014343694201434369420143436942014343694718 From: Carl Forester Area: Public Key Encryption To: Ross Lonstein 9 Nov 94 21:03:36 Subject: Re: PGPLoad 1.2 UpdReq -=> Quoting Ross Lonstein to Carl Forester <=- CF> * Reply to msg originally in FIDO-PGP Key drop RL> I had the same problem with PGPLOAD. I am using Tagline Express and RL> the Aurora editor with Bluewave. If your setup is similar, make the RL> following changes: RL> BLUEWAVE RL> + In the setup options, change the automatic quote RL> to OFF. PGP cannot interpret a file if all the RL> lines have the 'xx>' stuff in them. Try PGPBLUE it doesn't matter wether the "xx>" are in or not it takes them out automatically. RL> Using this arrangement, PGPLOAD's menu will appear anytime you reply PGPBLUE has an automatic mode that you can set so you don't have to see the menu unless there is an encrypted message, key, or signature in the message. Or you can use standard mode where it asks you if you want to use pgpblue or not. PGPBLUE is currently in version 3.0. Give it a try, it's a superior program. Not really trying to trash pgpload, but it lacking. Maybe after a few more revisions it will be a decent program. -Carl- ~~~ PGPBLUE 3.2 ... "Could you continue your petty bickering? I find it most intriguing." 201434369420143436942014343694201434369420143436942014343694718 From: Michael Bauser Area: Public Key Encryption To: John Stephenson 13 Nov 94 01:24:36 Subject: PGP versions UpdReq -----BEGIN PGP SIGNED MESSAGE----- Who: John Stephenson What: PGP versions When: 10 Nov 94 16:19:40 JS> I'm curious about something.. I've heard that RSAREF is simply another JS> method of using RSA, but it's a slower alogrythm.. It didn't kick in JS> for a while but whoever said that is wrong, or else RSAREF could JS> decode, and encode to RSA -- which of course is false. So, what truely JS> IS the difference between RSA & RSAREF? I know that RSAREF has been JS> tested less throughly, but what about the actual alog.? YOU ARE BEING PARANOID. STOP THAT. I HATE PARANOIA. Now that I've got that out of my system.... No, it *is* the same algorythm, it's the actual code that different. RSA involves math significantly more complex than 2+2=4. Even in BASIC there are different ways of calculating multiple-step formulae. Furthermore, the RSAREF module includes more than "just" the RSA algorhythm--it's got all sorts of details about packet formats, for instance. The incompatibilities between MIT-PGP and previous versions have NOTHING to do with how the RSA algorhythm works. They have to do with how other parts of RSAREF work. RSAREF uses the PKCS format for signatures--PGP only started using PKCS in version 2.3--that's why MIT-PGP can't handle signatures made by the older versions. As the 1 Sep 94 timebomb, that's even simpler. For messages generated after 30 Aug 94, PGP is labeling its packets (in the binary part humans can't read) as coming from "PGP 3.0", so the older version's error-checking routines are rejecting the new messages, the same way PGP 1.0 rejects all PGP 2.0 messages. A very simple trick (and simple to defeat, apparently). Hope this explains it. If it doesn't, feel free to ask more. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The legal_kludge is dead! Upgrade, already! iQCVAwUBLsWwI8RHZFQbZSuZAQGk2AP+K707l2YfL0xo0k7mxKKzxNYoTvGgBDRG 394cpMlR11hxhCzzZA5dgHCXm2PzGP+/t4LwQwupYeAnk3A+mhkQUpoII3c7pmyv 3mE3SbVspkDnonulYMX4JmOzwJU1VM99TXKDbH7SImvEcc6wO+EfylsLeZhTFdZM hCZgTCsnfKY= =Cjik -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... We stand today on the brink of a revolution in cryptography. 201434369420143436942014343694201434369420143436942014343694718 From: Michael Bauser Area: Public Key Encryption To: Dennis Eshelman 13 Nov 94 01:33:28 Subject: legal PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- Who: Dennis Eshelman What: legal PGP When: 08 Nov 94 17:29:00 DE> GoldED, and everything is ready to go. However, there seems to be DE> some concern about this version not being compatible with the older DE> ones, and I am wondering if this is going to be causing a lot of keys DE> to be re-generated? I guess what I'm trying to say, is what is the A few people on this echo have reported some problems with old keys and the newer versions but it seems to be very, very rare. Generally speaking, you DON'T have to generate a new keypair if you're upgrading. Do be aware, however, that any signatures on your key made with really old versions (one's before 2.3) will be unreadable, so you might have to re-sign it (or hunt down some of your old signers to re-sign it). -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The legal_kludge is dead! Upgrade, already! iQCVAwUBLsWyRMRHZFQbZSuZAQHO4wP/cxYupIs9xJpepc8mXi5SI5wYuUomek7A dpj5S5Z4q2S0CvgV7o/YFhytaO07Oia/gUlCV1KISpJgWh0zqbCwCbMLTZkplfdH BhUdDxeKXff9h8SwflFCcsMiSdfNyJDRdU1QNsudewYfJUA0dtZ/BX4HQLOmoSce 1q1A6yFcmPg= =DM1i -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... Cypherpunks write code. 201434369420143436942014343694201434369420143436942014343694718 From: Jim Cannell Area: Public Key Encryption To: All 12 Nov 94 09:52:54 Subject: PKZIP security UpdReq -----BEGIN PGP SIGNED MESSAGE----- Does anyone know about a method for cracking PKZIP passwords? Is there a program (or a least an algorithm) available for this? If so, where can I get a copy. Thanks. Jim - International SecureMail Host (ISMH) PGP key 1024/B7822B3D fingerprint = 0F F4 79 06 3B 33 99 D1 07 36 66 66 80 85 76 B3 Protect your right to privacy. Say no to GAK. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLsUBbCWTIMO3gis9AQGA6AQAhN7VaTcabfi9EgRWJoVQ3GhQFVLbuTlE psxwToPYW2fssC1rHZ38w2k2heaUvkjnsGl1G1DGXQbCehB2UdeabLkhHMmjo7tN ca6VVsvntHJwjUNMUv21WDhe8qu6a64uJE0E4I3Lu4eu8v0cMVnMZ/R7nZtkJmG2 909b9SBVOSI= =XnTa -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Rob Perelman Area: Public Key Encryption To: Keith Schincke 11 Nov 94 16:24:00 Subject: Re: Pgp embedded in .gif UpdReq KS> RP> Uhh...no. I just got a program for DOS... KS>I am curious about the program you mentioned. >What is it called?, where can I get it?, Can I request it from >somewhere? and How good does it work? Unfortunately, I don't remember. They are all over the FTP sites, and a nice archie search should work... ___ X QMPro 1.53 X MONEY TALKS ... but all mine ever says is GOODBYE! 201434369420143436942014343694201434369420143436942014343694718 From: Wes Perkhiser Area: Public Key Encryption To: Shawn McMahon 10 Nov 94 12:31:16 Subject: Hpack KEYCVT UpdReq In a message of , Shawn McMahon (1:19/34@fidonet.org) writes: SM>Has anybody actually gotten KEYCVT to work on your 1024-bit PGP SM>keys? MS-DOS version .79 worked on my 1024-bit key. I think it works better if you have all three files (secring.pgp, hpack.exe, and randseed.bin) in the same directory. Wes 201434369420143436942014343694201434369420143436942014343694718 From: John Mudge Area: Public Key Encryption To: Christopher Baker 12 Nov 94 03:48:00 Subject: PGP 2.6.2 Official M.I.T. UpdReq Hello Christopher! Thursday November 03 1994, Christopher Baker writes to John Mudge: JM>> Are you aware of any Court Rulings defining BBS's as "Press" under JM>> the First Amendment? Actually, the entire First Amendment would JM>> seem to cover BBS operation! CB> good questions and i have taken the liberty of cross-posting your msg to CB> the BBSLAW Echo where it might have wider audience. Thanks! I appreciate it and hope you will forward replies to here. I cut my feed to that echo due to the low signal to noise ratio at that time. John Mudge jmudge@wln.com 201434369420143436942014343694201434369420143436942014343694718 From: John Mudge Area: Public Key Encryption To: David Chessler 12 Nov 94 04:07:02 Subject: Pgp embedded in .gif's ? UpdReq Hello David! Saturday October 29 1994, David Chessler writes to John Mudge: DC> On 10-26-94 (20:45), John Mudge, in a message to All about "PGP EMBEDDED DC> IN .GIF'S ?", stated the following: >> Anyone have the source file for placing pgp encrypted messages in a .gif >> for distribution over the net ? DC> The only such program is for the Macintosh. John Schofield led me to quite a number of them. John Mudge jmudge@wln.com 201434369420143436942014343694201434369420143436942014343694718 From: John Mudge Area: Public Key Encryption To: Michael Johnson 12 Nov 94 04:07:02 Subject: A proposal... UpdReq Hello Michael! Sunday November 06 1994, Michael Johnson writes to John Mudge: JM>> ^AFILTER: NOBOGUS134 1:352/111.0@fidonet.org MJ> Just curious... where did you happen upon this idea? Made it up myself :-) The wording is stolen from FSC-0073 (also written by me). The reason for it is that Planet Connect is currently filtering mail. My RC refuses to hear policy complaintsa involving echomail, so something needs to be done. Alteration or removal of mail are privacy issues in a rather negative sense...in that privacy and open communications are related issues. Any movement to restrict one often involves restricting the other. I am at this time going to suggest that we move this to netmail as I have already been warned on the ZEC echo that echomail related topics off off-topic :-) and I would hate to have Christopher mad at me also... For a more direct FSC on encryption, though, see FSC-0073. The wording is very similar. John Mudge jmudge@wln.com 201434369420143436942014343694201434369420143436942014343694718 From: John Mudge Area: Public Key Encryption To: Jim Cunningham 12 Nov 94 04:22:06 Subject: CRYPTOGRAMS UpdReq Hello Jim! Monday November 07 1994, Jim Cunningham writes to John Mudge: JM>> Do you have a copy of CRPTGRAM available for FREQ? If so, what is the JM>> filename? JC> John, I am not sure what FREQ means as you use it OK...it means "File REQuest" and is a method that Fido system operators use for automated file transfers. If the file exists on a Fido BBS, I just need to know the filename and the Fido address to get a copy. JC> but I quote here the JC> help screen from the program so you can get it direct. I have forgot who JC> or where I first got it. JC> If you enjoyed this program, a registration of $8 would JC> be appreciated. Send to: JC> Paul McGuire JC> 50 Market Street #1A, Box 316 JC> South Portland, ME 04106 JC> I will send you an additional data file of cryptograms, JC> if you will send $2.50 to defray media and postage costs. JC> Please specify 3/" or 5/" disk. JC> It was probably CRYPTOSW.ZIP from a local BBS CD-ROM. I will look around under this name. Thanks! John Mudge jmudge@wln.com 201434369420143436942014343694201434369420143436942014343694718 From: John Mudge Area: Public Key Encryption To: Marshall Votta 12 Nov 94 04:25:06 Subject: PGP embedded in .gif's ? UpdReq Hello Marshall! Sunday November 06 1994, Marshall Votta writes to John Mudge: JM>> Internet site! I had managed to get a copy, but your information JM>> made it a bit clearer. It sort of looks like the sort of thing JM>> that would be really nice to have a shell for in order to use PGP JM>> with it and avoid having to remember all the steps :-) MV> No problem. MV> Actually, I'm considering releasing one of my 4dos batch files that I use MV> in conjunction with Stego. Hmmm....if you would, I am willing to rewrite them in pure DOS batch file format for free distribution. BTW, I do highly recommend free public distribution of various sorts of tools in order to assist as many folks as possible to get involved. John Mudge jmudge@wln.com 201434369420143436942014343694201434369420143436942014343694718