From: Ian Hebert Area: Public Key Encryption To: C.john Zammit 23 Nov 94 11:49:10 Subject: Encryption UpdReq CZ> Hi, I'm new to this conference and would like to have someone CZ> respond. Sometime ago I wrote a program to encrypt messages, one CZ> at a time. The program generates a key for each message and each CZ> character of the message has its own code. What you're describing sounds like a pseudo-one-time pad. A one time pad is both practically and theoretically unbreakable, if used properly. The problem that immediately comes to mind is that if your program uses a pseudo-random number generator to generate the keys, rather than a truly random source, then this provides a significant weakness of the program. CZ> To my mind, it's virtually impossible to decipher a message CZ> encrypted with this program; I would like to meet with an expert CZ> who can test the validity of what I think the program can do. CZ> Would appreciate all replies. Why don't you try posting the source code, if it's not too long, and maybe we can convince someone over at sci.crypt to look at it. Ian Hebert London, Ontario, Canada RIME: HOMEBASE Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B * RM 1.3 * Eval Day 278 * New tagline only. 100% text. Hand-woven. Made in Canada. 201434369420143436942014343694201434369420143436942014343694718 From: Frank Hicinbothem Area: Public Key Encryption To: Scott Mills 24 Nov 94 01:22:02 Subject: PKZIP security UpdReq > FH> I attempted to do so about forty-five minutes ago. Instead of the > FH> file, I got one called ABOUT.DOC, which reads: > Hopefully that is fixed now. I installed a new OS and > repartitioned my drives this weekend. Some of my paths > are still not set to what they should be. Please don't take this as a flame; it isn't meant as one.... bt when I screw up and someone doesn't get a file that I've told the whole world that I have available, I deliver it, plus an apology on MY dime. It keeps me from becoming known as "unreliable." 201434369420143436942014343694201434369420143436942014343694718 From: Marc Stuart Area: Public Key Encryption To: Ian Lin 22 Nov 94 15:30:08 Subject: PGP embedded binaries UpdReq -----BEGIN PGP SIGNED MESSAGE----- IL> I don't know what stegonography is. My point is that embedding data IL> into other data isn't all that hard. Agreed. That's what stegonography is about. ... History repeats the old conceits, the quick replies, the same defeats. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLtJVB50oU3J5RriBAQF+jAP+PvQN+xWIcNcYmIk8vRbyisVQqD7bMnRm C85hTdEG0AO110bgv6NeaTKhoOxZ2+2VPcdbWxfCaa9bXXowWzaAGGdWlrf+Mn99 KycX71x7up2AXLZyNA/klgOrIX0mL/b61kpBMLErGzLK2nFFJoONEBTcxAzNeYtp Y7o7jtlkT8g= =MVyf -----END PGP SIGNATURE----- ~~~ PGPBLUE 3.3 beta 201434369420143436942014343694201434369420143436942014343694718 From: Tim Lee Area: Public Key Encryption To: All 23 Nov 94 14:53:00 Subject: A PGP paradox. UpdReq The other day an acquaintance and I were discussing computer security, privacy, and encryption. During the discussion we developed a hypothetical situation in the usage of PGP that neither of us could resolve with any level of confidence. I would now like to appeal to the readers of this conference help resolve it. The situation is: A person is planning to use PGP for a clearly commercial purpose and in order to avoid a potential legal entanglements has made arrangements purchase a copy of PGP 2.7. At this point his is legal. Unfortunately, PGP 2.7 does not support his platform and he requires some major alterations in the operations of the basic PGP package. The alterations would not affect any of the operations of the PGP's encryption engine. To solve this problem, he purchases a copy of PGP 2.7 for the DOS platform and puts it on the shelf. He then acquires a copy of the source code of a freeware version of PGP. --not any of MIT's versions since their license prohibits commercial use. He then make the required alterations and compiles the source code to produce an executable of his platform. At this point has paid for a commercially licensed version of PGP does not use. He has his own version derived from a freeware version which he uses as a proxy for the version 2.7. Question: at this point is he still legal? If not, who has been hurt by his actions--and how? At this point the system is working smoothly and he is ready of "open his doors for business". But there is a small detail that he only now notices. His working version of PGP stamps the freeware version identification on all out going packets. To correct this is considering either, creating a shell script, or batch file to alter the outgoing packets version stamps as version 2.7, or alter the source code to stamp packets with version 2.7 and recompiles it. Question: at this point is he still legal? If not, who has been hurt by his actions--and how? * QMPro 1.52 * "Let us open our checkbooks and pray..." 201434369420143436942014343694201434369420143436942014343694718 From: John Nieder Area: Public Key Encryption To: David Chessler 23 Nov 94 16:29:00 Subject: Nukes Abroad UpdReq -=> Quoting David Chessler to Shawn Mcmahon <=- DC> New Zealand does not permit our nuclear-armed naval vessels to use its DC> ports. Minor off-topic correction: No _nuclear-capable_ vessels go into NZ ports. NZ forbids nuclear-armed vessels and US military policy does not permit of disclosing the armed or unarmed status of nuclear-capable warships. JN ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: John Mudge Area: Public Key Encryption To: Jason Carr 24 Nov 94 08:46:10 Subject: PKZIP Crack UpdReq Hello Jason! Monday November 21 1994, Jason Carr writes to John Mudge: JM>> due to these discrepancies. CAREFULLY scan them for viruses, etc. I JM>> have not unarchived either one and have not tried using them. JM>> I cannot vouch for either and do suspect tampering. JC> My AV routine unpacked Scott's archive and both SCAN and F-PROT said the JC> coast was clear. Good. I have still not tested either. JC> I messed around with CRACK and it schiz'ed out (didn't recognize PK2.?? JC> maybe?). I gave a test archive a one-letter pass and pkzcrack couldn't JC> figger it out. :( I suspect it won't. The file date indicates it predates PKZ 2.xx JC> There are a coupla names in the nodelist similar to the stated name in JC> the PKZCRACK internal documentation; I'll drop 'em some netmail and see JC> if that's the author. Sounds good. Let us know what you find out. John Mudge jmudge@wln.com 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Shawn McMahon 25 Nov 94 21:42:54 Subject: legal PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- Shawn McMahon wrote in a message to Ian Lin: JE>> Excuse me, but what's the point in encryping a public message? IL> Maybe netmail isn't available to that person. It's not available IL> to a lot of people. SM> That doesn't entitle him to force the rest of us to pay to SM> import his private messages in the echo, Ian. Same could be said about morons and twits, though, except those msgs are generally not flagged PVT. jason ... Help stamp out mental illness, or I'll kill you. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP_ECHO: CypherEcho to the gods... iQCVAwUBLtbLKUjhGzlN9lCZAQF8vQQAmZygXTWzYy6AbtEzqc5zAcAHvsL9Txdx jaKCf5idBz7+EGRb2rqveyMoPGsvtu20/dGrxOgDZtGrjS06UPunvKm+2jFykOgT 32vfdxABd7S/evlRoZyD+kC6I6kylCeksGNGtqLp+sfX65L3qalRmTDOXn+7ucSc 9uQuiXvijP8= =tAid -----END PGP SIGNATURE----- ... Key fingerprint = 60 97 B2 AE 7D 90 11 2F 05 1C 35 98 E9 B9 83 61 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Alan Pugh 25 Nov 94 09:59:16 Subject: cypherpunks UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- AP> does anyone know how to get on the cypherpunks mailing list? cypherpunks-request@toad.com It's also available as a FTSC-format echo from my system. John -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLtYlkWj9fvT+ukJdAQG4xwQAmfB3nXA1ljH+7cDwouLHZWKe/6vRF6km ZRCe9fmAM4LLBCq8Oas5HcYutPj+C2UvNFOL5eIBzM6fuyouBpTUvtBmj7+vGZg5 Qyt1CXCOtfQv9ORz43WLgPukrhaUzFwe+dV/RCEqCXmmlL31FTKSK0BZ4ZV0d9HT n+GTm9FCPT8= =CfjW -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... I think therefore I am...dangerous. 201434369420143436942014343694201434369420143436942014343694718 From: Mark Carter Area: Public Key Encryption To: Brian Giroux 25 Nov 94 11:26:46 Subject: GETTING KEYS FROM SERVERS UpdReq In a msg on , Brian Giroux of 1:225/330 wrote: BG> I have sent "private" net mail to an InterNet address through BG> 1:1/31 but that's about all. Same procedure to use the Internet keyservers. They'll return mail via the gateway. Mark 201434369420143436942014343694201434369420143436942014343694718 From: Mark Carter Area: Public Key Encryption To: Alan Pugh 25 Nov 94 11:28:06 Subject: cypherpunks UpdReq In a msg on , Alan Pugh of 1:151/142 wrote: AP> does anyone know how to get on the cypherpunks mailing list? Send mail to majordomo@toad.com with Subscribe Cypherpunks as your message. At least, that's how it was done a couple months ago. The address may have changed since. Mark 201434369420143436942014343694201434369420143436942014343694718 From: Brian Giroux Area: Public Key Encryption To: Jim Gillispie 24 Nov 94 19:46:00 Subject: LAWYER UpdReq JIM GILLISPIE pounded out random words to BASIL HOYL, and it looked something like this: JS>> I have no qualms with someone putting JS>> as their user ID "John Smith (Lisp JS>> programmer)" I would have had no problem with you JS>> putting "(Tax Lawyer)" after your ID. JG>I have mixed feelings on this. I'm not opposed to advertising, I could put When Basil sends a type-writen document to a client, I'm sure he signs the document like this: Basil Hoyle Tax Lawyer It only makes sense that if he should send an electronic document to a client, he should sign it with an ID that says that he's a tax lawyer. Brian Giroux PGP public key available * 1st 1.11 #1757 * Copy from another: plagiarism. Copy from many: research. 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Jim Cannell 25 Nov 94 10:20:00 Subject: SecureMail UpdReq -----BEGIN PGP SIGNED MESSAGE----- Bright the day, Jim! 23 Nov 94 20:28, Jim Cannell wrote to Glen Todd: JC> Dave Munhollon is Region 15 SecureMail hub - 1:128/86 Thanks -- He's already gotten in touch with me. Wind to thy wings, Glen - --- GoldED 2.42.G0615 ... Brigid made me do it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLtYdKB1IzyRmn+dFAQF0OAP9HrNAU+cdmm4y15G7I26myLH2icQYiYER 3ctlXNca67gVTAGILMN9vxeEt4BLtLOSilzgEXgrLWxgZ7PvITZcrBccA27iZJIK HU81vkAWPGnvXzRTcZzdLK8bf5Qrq1aBFMijJ4saZhN03JfZkmDjP+6T93fClP4a bY+FzsaZrmk= =uxDo -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718