From: Reed Darsey Area: Public Key Encryption To: John Schofield 14 Nov 94 02:10:20 Subject: Keep Out *FREE* magazine offer UpdReq }Quoting John Schofield to All on 31 Aug 94{ > [ . . . ] we are offering a *FREE* sample issue to anyone who > requests one. Just send your name and mailing address to us, > and you'll soon receive an issue, with no strings attached. Did this take place? I received an e-mail confirmation that my address had been added to that list, but so far haven't gotten anything. I'm 99% ready to subscribe, but would like to see a sample issue first. (I never got the e-mail version either, but that might be due to my Internet connection's intermittency.) ... PGP 512/AE5BEFB5 [26 D3 A0 FB FB E2 D2 35 B5 26 4A E1 A1 FB CD B8] 201434369420143436942014343694201434369420143436942014343694718 From: David McIntyre Area: Public Key Encryption To: Ian Lin 13 Nov 94 04:42:00 Subject: Re: PGP versions UpdReq -=> Quoting Ian Lin to David Mcintyre <=- IL> -----BEGIN PGP SIGNED MESSAGE----- DM> My feeling is that PGP distribution is fine the way the 2.6 was DM> distributed. That is, making sure that the primary distribution site IL> And how do you feel about PGP 2.3a? That's what I use. I don't trust IL> the 2.6+ versions but I do have 2.6ui to pretend it's any version. I always liked 2.3a. It worked fine, and had no bugs that I could find. From what people have said, there should be no distrust over 2.6 and up. People have had plenty of opportunity to grill over the source code, and nobody's turned up any possible security holes. 201434369420143436942014343694201434369420143436942014343694718 From: David McIntyre Area: Public Key Encryption To: Ian Lin 13 Nov 94 04:43:44 Subject: Re: PGP versions UpdReq -=> Quoting Ian Lin to David Mcintyre <=- IL> Calling LD that once will not necessarily hurt. I recommend 2.3a above Actually, it will. I don't pay the phone bill. :) 201434369420143436942014343694201434369420143436942014343694718 From: Ross Lonstein Area: Public Key Encryption To: Carl Forester 13 Nov 94 12:50:00 Subject: Re: PGPLoad 1.2 UpdReq > PGPBLUE has an automatic mode that you can set so you don't > have to see > the menu unless there is an encrypted message, key, or > signature in the > message. Or you can use standard mode where it asks you if > you want to > use pgpblue or not. PGPBLUE is currently in version 3.0. > Give it a > try, it's a superior program. Not really trying to trash > pgpload, but > it lacking. Maybe after a few more revisions it will be a I agree. I am trying PGPBLUE now. ROSS 201434369420143436942014343694201434369420143436942014343694718 From: Bill Brown Area: Public Key Encryption To: John Mudge 13 Nov 94 18:44:06 Subject: A proposal... UpdReq Hello John, Saturday November 12 1994 04:07, John Mudge wrote to Michael Johnson: JM> I am at this time going to suggest that we move this to netmail as I JM> have already been warned on the ZEC echo that echomail related topics JM> off off-topic :-) and I would hate to have Christopher mad at me JM> also... I just thought I'd mention I enjoyed reading the proposal, and the subsequent discussion, but certainly am not the moderator here. :) It did seem on-topic to me when I read them, or at least in the same genre as encryption issues. JM> For a more direct FSC on encryption, though, see FSC-0073. The JM> wording is very similar. I'll have to check my uplinks for it. Thanks. Bill Brown 201434369420143436942014343694201434369420143436942014343694718 From: Mark Carter Area: Public Key Encryption To: John Stephenson 15 Nov 94 01:20:12 Subject: PGP versions UpdReq In a msg on , John Stephenson of 1:249/146 wrote: JS> I'm curious about something.. I've heard that RSAREF is simply JS> another method of using RSA, but it's a slower alogrythm.. It Wrong. RSAREF is simply a source code toolkit for implementing RSA in software. JS> didn't kick in for a while but whoever said that is wrong, or JS> else RSAREF could decode, and encode to RSA -- which of course is JS> false. Well, in relation to above, RSAREF obviously en/decodes RSA. The difference between RSA and RSAREF is that RSA is the actual encryption algorithm, while RSAREF is a software implementation of RSA. The encryption used in PGP 2.3a is another software implementation of RSA(and contrary to popular opinion, it's not appreciably faster). RSAREF is a source code toolkit for putting RSA encryption into a product. It's made available by RSA Data Security Inc. It's free for experimental use and can be used for products which are free and for personal(non-commercial) use only(like PGP). RSA Data Security Inc.(RSADSI) also sells toolkits to programmers which can be used in commercial programs. Mark 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: David Rye 14 Nov 94 23:34:52 Subject: Re: pgp262 for os2 UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 12 Nov 94, David Rye was quoted as saying: CB> it is being checked. DR> I'll wait for your announcement. :-) and we're still waiting. [sigh] i'll ask again. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLsg6cMsQPBL4miT5AQGgDQQAlbyD0vbPojpi4lVJFu0jIjhzQYfLJ31x X2gWh/Dlhg+xmrPBheZZ3CwYwO1TY9w8eAPYYvE88igcKxJ8YgXL0JgqUHaXBDlC 6OuHKjjvmia7bG8n8qwYp3IJH912H6FLcngbsmtPUSkISM0LQAf2ja9cR4Ezx0zP LSlUZwigHUk= =xoRu -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Wes Landaker 14 Nov 94 08:46:00 Subject: Re: PGP and GoldEd UpdReq * Reply to msg originally in Sysop personal mail Wes Landaker mumbled indistinctly to Glen Todd something about PGP and GoldEd --- GT> message containing a PGP signature but no message text. I've GT> tried various batch file configurations, but haven't been able to GT> figure out how to pass whitespace-containing user IDs in the GT> batch files. Any suggestions out there? WL> You have to output to a different file (pgp.tmp or something arbitrary WL> like that), then copy that file back to whatever @file is. :) That's about what I figured I needed -- I just haven't managed to get a setup that will _do_ it yet. // Glen ... We now return to our regularly scheduled flame-throwing. 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Ian Lin 14 Nov 94 10:41:00 Subject: Pgp abroad UpdReq On 11-10-94 (15:54), Ian Lin, in a message to David Chessler about "PGP ABROAD", stated the following: IL> DC> Jonah Michaud (jonah@wrath.ugcs.caltech.edu) wrote: : My > DC> company needs to send sensitive data to another country > DC> (not : Canada) on a regular basis. I understand there is > DC> no version of pgp I : can use legally. What are my > DC> options? Is there a popular commercial : exportable > DC> product using, say, triple des? IL>This is my plan. You may want to use a weaker DES that won't take too >long to encrypt or decrypt. I would use PGP under that, and any damn Weaker DES? Why weaken it? It's weak enough already. Anyhow, with a single recipient, why use public key encryption: conventional encryption will work just fine. See below. >version (2.3a) I please. Michaud may legally use PGP 2.7 to encrypt. The party in the other country may legally use 2.6ui or 2.6i, which are compatible, but must separately license IDEA. They don't have to use the same version. There is no *exportable* product that is safe. Lotus notes has a method that is commecially secure, in the sense that it takes a lot of resources to crack, but it is not secure against well-financed attack, since the method of encryption has been compromised. PEM (privacy enhanced mail) is not readily available outside the US. It uses RSA to encrypt session keys for triple-DES conventional encryption. Where there is only one recipient, who is personally known to the other party, it is easy to exchange keys, and then use any secure method of conventional encryption, transferring the conventionally encrypted files. There are many public domain implementations of DES and triple DES, or there are implementations of IDEA, which may have to be licensed for commercial use (which is cheap enough). Moreover, there is no prohibition on IMPORTING secure encryption, so have the foreign party buy an extra copy of whatever is commerically available (probably triple DES), and send you the floppy. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Raymond Paquin 14 Nov 94 10:46:00 Subject: Rsa broken UpdReq On 11-11-94 (13:51), Raymond Paquin, in a message to David Chessler about "RSA BROKEN", stated the following: RP> DC> Primality testing in PGP RP>I loved your post ! Not mine, actually; just a repost. >I think, however, that this thread started on the subject of *weak* >prime numbers, not pseudo prime numbers. >There are such 'animals' as *truly* prime numbers which, when used to >obtain a product of two prime numbers, give you a product that is 'easy' >to factor. The current algorithms do not distinguish between weak and strong primes. The concept of weak primes is related to other algorithms which are now obsolete because they are slower than the quadratic sieve, which I believe to be the method now in use. While new methods of factoring are being developed, I don't know of any reason to assume that the class of primes formerly described as "weak" will again be weak under the new method. But, I don't know everything. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Jim Cannell 14 Nov 94 12:16:00 Subject: Pkzip security UpdReq On 11-12-94 (09:52), Jim Cannell, in a message to All about "PKZIP SECURITY", stated the following: JC>Does anyone know about a method for cracking PKZIP passwords? Is there >a program (or a least an algorithm) available for this? If so, where >can I get a copy. Thanks. There are 3 or 4 such programs. Some work with dictionaries, some by guessing arbitrary strings. Try the cypherpunks directory at ftp.cusa.berkeley.edu I got most of them there. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Albert Tanone Area: Public Key Encryption To: All 12 Nov 94 16:48:28 Subject: PGP UpdReq I just saw a file floating around PGP 2.6 or such. Is this a true release or is this a hack? And, if that bill the gov't.'s talking about passes, would it be illegal to use PGP? I mean, I use it once in a while to communicate with my friends up north regarding stuff that I wouldn't exactly say in public (teen matters). ...Pascal --- FusEd 0.18 201434369420143436942014343694201434369420143436942014343694718 From: Hulett S. Durrough Area: Public Key Encryption To: All 12 Nov 94 15:33:06 Subject: PGP HELP-INFO UpdReq Hello, I am a new user to this board but belong to quite a few,mostly satellite related boards,throughout the USA and Canada. I am using PGP262 with PGPBLU30 inside Bluwave212.The problem I am having is that when I encrypt a message to someone else( I have only tried the sysop of another BBS in Canada) he has to save the message to disk,and go out of Bluewave to command line to decrypt and read.ie PGP filename.He then has to encrypt reply and save as amessage for Bluewave. On the other hand,I can decrypt his messages inside Bwave using the PGPblue decrypt command,reply to his message,encrypt using the e command, Quit and save with no problem.I can then go in to the closed packet menu enter View,Edit,Kill,go in to edit my reply,enter my pass phrase decrypt what I wrote for a reply add to or not and encrypt again. I have also been able to pull the public keys from a message on two different occasions but was unable to on a third one. I will be enclosing my public key when I upload this message. Any thoughts or suggestions would be appreciated.I would call anyone that wouldn't mind helping as I have invested a lot of time in trying to solve this problem. Thanks in advance Hulett S.Durrough ~~~ PGPBLUE 3.0 ... All I need is a Wave and a board to surf it on. 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Jim Cannell 14 Nov 94 01:03:10 Subject: PKZIP brute force cracker UpdReq JC> Does anyone know about a method for cracking PKZIP passwords? Is there JC> a program (or a least an algorithm) available for this? If so, where JC> can I get a copy. Thanks. Hi Jim! There is a program called zipcrack, which according the Pascal source code, is a brute-force cracker for PKZIP files. There is also the program Phil mentions in the PGP documentation sold by AccessData. If you can provide me with an Internet address, I can mail you an PGP ascii-armoured file, or with Chris's permission, I can post it here as a multi-part message. (It would take about 500 lines of PGP armoured text, or about 5 messages for the file.) Ian Hebert London, Ontario, Canada RIME: HOMEBASE Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B * RM 1.3 * Eval Day 269 * New tagline only. 100% text. Hand-woven. Made in Canada. 201434369420143436942014343694201434369420143436942014343694718 From: Jim Bell Area: Public Key Encryption To: DAVID CHESSLER 13 Nov 94 22:09:00 Subject: Pgp 2.6.2 official m.i.t. UpdReq -=> Quoting David Chessler@1:109/459 to Jim Bell <=- DC> On 11-09-94 (18:13), Jim Bell, in a message to David Chessler about DC> "PGP 2.6.2 OFFICIAL M.I.T.", stated the following: JB>They, themselves, may not be "stupid." However, they may be required to >express their rules for making the decision in writing. Once written >down, it is generally possible to find an exception to the rules to >achieve the desired result. DC> No. There are no rules in writing. They make decisions on a case by DC> case basis. Since it's a national security issue they don't have to. Are you sure? Maybe it's true that they DO "make decisions on a case-by-case basis, but I seriously doubt that there are NO regulations concerning such things. JB>If, for example, the "rules" said that source code written on paper is >legal, the "simple" solution is to print out that source code and export >the paper, scanning the paper outside the country and re-generating the >source elsewhere. DC> Legal. Paper and books are protected speech, Amendment 1. See the DC> story of the Schneider book/ JB>Or, if the "rules" merely prohibit sending source code out on magnetic >tape or disk, find some program that writes one- or (even better) >two-dimensional bar codes on paper. It would make the re-generation of >the code even easier. DC> Nope. There are no rules. Any export has to be passed. They might DC> even refuse export of Schneider's book if the appendix were in the DC> OCR-B font. They might have required that it be done in dot matrix and DC> a small font (difficult to OCR). They didn't, because it was a major DC> publisher and they thought that they can't be to arbitrary or they lose DC> on appeal. If there's an appeal, that appeal should be exercised, if necessary. DC> The ITAR people at state ruled individually on Schneider's book, and DC> did not give reasons for saying it could be exported. No precedent was DC> set. Why should they have to give reasons for saying it "could be exported." ... On what conclusion do you base your facts? ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Brian Giroux 15 Nov 94 11:39:28 Subject: MULTIPLE QUESTIONS... UpdReq Despite the stern warnings of the tribal elders, Brian Giroux said this to All: BG> I have noticed that some people use multiple IDs on a single key. BG> What are the pros and cons of doing this instead of issuing a BG> separate key for each ID? Keys take up disk space, slow down PGP processing, and take time to generate. BG> Is there a reason for signing a specific ID? Because if John Smith has you sign his key, then he comes along and adds the ID Bill Clinton to his key, you don't want your signature certifying that he's Bill Clinton. BG> What happens if I certify someone's key, and they turn out to be BG> someone who just certifies people's keys without checking them BG> out? Then you change his trust parameters on your keychain, to show that you don't trust him to act as an introducer. Signing someone's key mostly indicates that you're certain he's who he says he is. Trust as an introducer is a seperate issue. BG> In my "CONFIG.TXT" file, I changed the following settings: BG> COMPLETES_NEEDED=2 BG> Does this look overly cautious to anyone? That part does. That means that if you absolutely and completely trust someone to introduce other keys for you, you still don't trust him. :-) 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Ian Hebert 15 Nov 94 11:40:10 Subject: GOP vs. Clipper...? UpdReq Despite the stern warnings of the tribal elders, Ian Hebert said this to Carl Hudkins: IH> Wasn't it President Bush who started the whole Clipper nonsense? No, it was the NSA and FBI. But Bush let it happen. 201434369420143436942014343694201434369420143436942014343694718