From: Jeff Trowbridge Area: Public Key Encryption To: Shawn McMahon 3 Feb 95 00:10:06 Subject: PGP News 2 UpdReq On (29 Jan 95) Shawn McMahon wrote to John Schofield... SM> Despite the stern warnings of the tribal elders, John Schofield said SM> this to Chris Adams: JS> ways--such as bugging your computer, using Tempest equipment, or SM> beating the JS> password out of you. SM> I don't know about anybody else, but I personally would *RATHER* my SM> passphrase be easy enough to crack that it's worth their while to do SM> so instead of beating it out of me. Aw Shawn, you're already ticking them off by using pgp, why not go all the way by picking a difficult passphrase. ;) -JT ... One finger is all a real American needs. 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: David Brooks 30 Jan 95 22:40:00 Subject: PassPhrase UpdReq -----BEGIN PGP SIGNED MESSAGE----- DB>> So tell me, how did you get the comment added to your sig? I have In the CONFIG.TXT file, add the line: comment=" YOUR COMMENT HERE " The comment must be in quotes, and I'm not sure of the specifics of the thing, but I've had some really bad luck with high ASCII characters. Keep it "normal" text and you're ok. :) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBLy2xK+kStfMM4BMZAQEwcAP+JDlqlDsQCHYupN+7AdIbcY5X641S5Ixi We4Jj5/nGJoLDWNjmsiUj2su6tACoxb6WLyTrSfKvi/G87SO0uMF8GpTF8T8RBv3 U/Keea/DNP6Hc3QYBNL4MRyREee4wcC2eMFbRjq1ZHZs8O/2+yYjdMzo9M/C28o/ DVxdsiYa3wE= =k3eA -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Jim Bell 30 Jan 95 23:04:00 Subject: PGP NEWS UpdReq -----BEGIN PGP SIGNED MESSAGE----- JB>> I want that turkey to think: JB>> "They all know where I live and they don't like the fact that I'm JB>> harassing one of them. If I actually file charges who knows what'll That's all Philip Zimmermann needs... a bunch of intimidating letters sent to the prosecutor. :( Think how YOU would feel if YOU went to the mail box every day and found several dozen "We know who you are, and we saw what you did" type letters?? Bet you'd be looking to have at LEAST one pair of pickled scrotum decorating your mantle. :(( If you feel the urge to do something, send a fiver to Philip's attorney, or send a NICE letter to a congress-critter type person. You can also support PGP by simply using it responsibly. Don't make a big "thing" about it when you're told it's not welcome in a conference, or on a particular SysOp's BBS, but use and enjoy the freedom of the few places you can use it. In time, more and more people will accept it. They'll almost have to in the end... for the same reasons *we* support it already. :) The whole crux to the government's argument against encryption for the masses is the "fear" of what we'll do with it. Acting like spanked babies only gives credibility to that position. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBLy220ekStfMM4BMZAQGTjQQArY2Yy1rM6/zJTaIpidsVW3Powes5TQzQ zc5/ebPH2OSGDJFTitYdTEm8fwKxwhN2P/DaxY1/U08bVRnJVVW5uccVHPeqT5z/ sjlTinJT9O6BCZz57a9s72FAdE82/pUjUzyKQl/7S/SqNBgS8KmSTKMgHMBdq9Dy Qepg7ocvCe8= =QpZA -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Jeff Trowbridge 1 Feb 95 15:44:00 Subject: pgp problems UpdReq -----BEGIN PGP SIGNED MESSAGE----- JT>> I wish I had to worry about keeping a million dollar tax return Don't we all. ;) JT>> secure. :) I have the ascii amour =on in my config.txt file so when I JT>> sign a message I still just use the -s switch and ecrypting I use the -e You're safe as can be. :) ASCII armor only means the encrypted data or PGP signature is converted to text suitable for transmission via message. It has no effect on the security of PGP encrypted data when using the -e switch. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBLy/yPukStfMM4BMZAQFQ3gQArbEr/a11gJ4mEF0+NRp9W8/e4LQLowsX uQwaZlzeMYMVL4c7hUWeALkh9hD6NR6HasH/6TemJ3BWRIglonlmESrv1ddg/sqK TwlqapXx6aPIR5gSEN+BNF6u4BULuRRJPVmeUueo2fuHjcGN/5xhDqCQ9jvgPzpm 6NuuBuLi3zs= =q2ka -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Mark West 3 Feb 95 00:10:04 Subject: Bbs Chat Encryption UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- MW> Does EZ-PGP work in a similar fashion to AutoPGP? MW> What I need is something to scan thru a large ASCII, find PGP MW> signatures and encyrpted text, process it and put the processed MW> message in the same place where the encrypted and/or signed one was. MW> And not add an EOF marker as well. MW> Can EZ-PGP handle this sort of task? I'm afraid not. EZ-PGP will work with almost any mail reader, but it has a limited number of functions. EZ-PGP will 1) sign a message 2) sign and encrypt a message 3) post a key However, what it does it does very well. Take care, Mark. John -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLzHi/mj9fvT+ukJdAQHCDgP/dR5S3qkYJde0rGTYaYL99s4P3f3fAa5l ssUgSz3xLVFjH8ZmjS+Qk2Y4ePP+p+ffluBVr6QfaBaCj6juG9mnD6OYokCUSAeK ZU0rpXU63bqGn0QfHoI7psx+ctqNScRX9PZ/7FO2jdDHpoIDkWHloJXLYeUrFwxI 4bOGkYLxky0= =sRZs -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... What's the speed of dark? 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: Jeff Trowbridge 2 Feb 95 19:21:10 Subject: pgp problems UpdReq JT> pgp. Then I'll do the big key for public consumption. BTW, JT> when you encrypt a file with the ascii armour (.asc extension) is it JT> just as secure as one encrypted by binary (.pgp extension)? No. Anyone with PGP can retrieve the original file. When you use the -ea switch, it converts a file to the encrypted file using the receipient's public key. The -a switch uses a similar process, but produces armor ASCII. It's "encrypted" but not secure. It's more like UUENCODE than actual encryption, but is safe from casual viewing. There is no practical difference between the .ASC and the .PGP output if you use the -ea switch. The ASC output makes it easy to send through a message base. I use it to encrypt all my naughty lady GIF files. I don't know if there's any difference in size between the .ASC and .PGP files. Frankly, I've only output one or two .PGP files because I prefer the .ASC file. Some people say that the armor ASCII file isn't encryption but rather encoding. From my reading encoding a message is generally a substitution process -- A=Z, B=Y, etc. There are several types such as Vignerre, Rail Fence, Playfair, etc. You may have even used them in school. They're not *too* hard to figure out, but are useful for passing messages that can stand up to deciphering long enough so that they won't be useful by the time someone has cracked them. Of course, programs like PGP have rendered those useless for the computer. They're still handy to know for paper messages or things that have to go by hand. PGP isn't substitution, so it's definitely not enciphering. It's encryption, and that's why I call the -a armor ASCII output file "encrypted". I couldn't sit down with a pen and paper and figure it out. If it were "encoded" I might be able to, because I could possibly find a pattern or repetition. That's the downfall of those grade school codes. Besides the fact that they're widely known, with many of them there are patterns. With the A=Z code, there is still letter repetition. You'll still see the frequency of ETAOINSHRDLU. * 1st 2.00b #567 * "I love my government, but fear my Kountry." -- Hillbillary 201434369420143436942014343694201434369420143436942014343694718 From: L P Area: Public Key Encryption To: Gordon Campbell 1 Feb 95 23:14:00 Subject: Re: Pgp 2.6.I UpdReq GC> > How does the language.txt need to be modified so that the GC>program GC> > would GC> > display a different version number? GC> > =======End quote======== GC> GC>I'm also using 2.6.i and couldn't find any mention in the language GC>file. Staale Schumacher gives his e-mail address in the archive, why GC>not ask him? I finally did. He said to add the following lines to language.txt: "2.6.i" xx: "Your new version number" Next, add the following line to your config.txt: Language = xx That's all. Whatever you put between the quotes after xx: will appear after the word "Version:" in the files and signatures you create. GC>Why does your friend feel the need to hide the version? I'm curious. GC>He's not in the US, so why not flaunt it? ;-) Dunno. Someone talks. Another person overhears. And a fellow on down the line with an insatiable curiosity about how things work just has to know! Take care, L P 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Ian Hebert 2 Feb 95 20:29:30 Subject: leave the defense to the defender [Was: PGP NEWS]UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 01 Feb 95, Ian Hebert was quoted as saying: IH> If anything, harassing the prosecutor will only strengthen his IH> resolve, convince him that he is right, that PGP and the people IH> behind it arelawless and dangerous. Such harassment will also cause IH> his fellows to close ranks behind him, and support him. and Philip DuBois, PRZ's attorney, has already requested NO external action be taken that might negatively influence the outcome of having the entire matter simply dropped. if they want our help, they know where to find us. i have spoken to PRZ personally. he knows we are here. while such restraint may not be emotionally satisfying, it is consistent with reality in the workaday world of government ops. you are right on the money and so was Rob and all others who urge freedom fighters to stay off the e-mail barrage. thanks. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLzGG/ssQPBL4miT5AQF4jAQAtMpT34TzyjVZJxCUCGD0n3tpyZlJVzBr d7N3k38J455cofoWbfwB6Qlg9KimyFIlYMlX7L322Zu36wq0RfL0v7ONFdhvmv6S CkKyXgj2xz21D/ZtJh2KdfOUflBLGaiOySvF/rumFrmf1Fxyr7kXOn7sEI/1Iz9K +ILlWdHjaa4= =y9eR -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Peter Bradie 3 Feb 95 19:12:10 Subject: Re: Enola Gay UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 30 Jan 95, Peter Bradie was quoted as saying: PB> Looks like the revisionist Billy-Whizbangs at the Smithsonian have PB> finally seen the light; the new, Republican Congress would look PB> with disfavor on funding an anti-American exhibit that portrays the you appear to be in the wrong Echo. we do encryption and privacy issues here. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLzLGXcsQPBL4miT5AQG7mQP/enFzGf568jxMdoSOMMAO/Dnd/IOZ+Kuz x2Dwwp4P/RERMwV2KH8L0K2RMTziimdsa1YjmWxDeHcyxg7/dxZJ7gPL9QFuogA2 +G9JeKLycnjRKt3+tdmfURg8xj9kTrqGGPiAKu3hgZMxGaIyQOfKw+k1PjG08555 9b6HW3VClqw= =Xoqa -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Jim Bell Area: Public Key Encryption To: David Chessler 2 Feb 95 14:29:00 Subject: QUOTES AS PASSPHRASE UpdReq -=> Quoting David Chessler to Chris Adams <=- CA> CA>Which is why it would be neat if PGP had a FAKE password that, when > >entered, would "accidently" reformat the harddrive after wiping the >key! CA> DC> That would be more appropriate for a program like SECDRV, SECDEV, >or SFS > DC> (or the forthcoming CryptDisk for the Mac), which set up an >encrypted > DC> partition. CA>Okay, how about something which deletes the message AND the key? Would >complicate their job a bit. DC> A bit. By analog means they can read an erased and overwritten DC> sector, depending on your disk technology (it's harder on modern disks; DC> certain caching schemes and intelligent controllers make it easier). I think that these days, it would be almost impossible to recover once-overwritten data. (Even using "analog" techniques.) That's because disk-drive progress has been defined by dramatically increasing the data storage capacity, and one of the main things you do to accomplish this is to increase the data rate. Due to the physical limitations of the heads, this means that you must design the read-system to be more tolerant of "sloppy" signals. This is certainly do-able, of course, but it means that it'll be that much harder to distinguish between the renants old data and various limitations of the system. There is a new disk-drive read-channel technique called "PRML," or "Partial Response Maximum Likelihood" which does not detect bits individually, but in fact looks at a number of points in the waveform to determine what it's "best guess" is for the data. In fact, it uses very similar techniques to what WOULD HAVE BEEN used to find overwritten data! But the "problem" (for the snoops, at least) is that the moment disk drive manufacturers start using PRML, they take advantage of its superior characteristics and increase by 30-40% the number of bits (and, thus, data rate) that can be put on the track. One way of looking at this would be to say that in development, they "red-line" the drive to see just how much faster the data rate can be set before it fails, and then when it does they back off the rate somewhat and put the drive into mass production. The result is a read-data stream which is as close as practicable to an unreadable set of data, but not quite getting there! You can well imagine that if even the most recently written data is so close to the limit, getting back previously-recorded data would be damn near hopeless. Another problem for the snoops is that there are so many different types hard-disk drives sold, it would be almost impossible for any organization (like the NSA or CIA) to justify the kind of investment needed to engineer a straightforward ability to recover old data from each of them, except on a case-by-case basis. Floppies would probably be a different story, I suppose. ... The rest of this tagline is encryp*&l#1E0+=|>fcd}85^7@jowxz*7"[=- ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Aaron Goldblatt Area: Public Key Encryption To: DAVID BROOKS 1 Feb 95 02:50:48 Subject: PassPhrase UpdReq -----BEGIN PGP SIGNED MESSAGE----- DB> So tell me, how did you get the comment added to your sig? I DB> have not seen any mention of it in the PGP docs nor have I DB> seen any mention of it anywhere in the program itself... how do DB> you do it? In your PGP.INI (or other PGP config file): comment = [comment goes here] Mine says: comment = 43 6C 69 70 70 65 72 20 73 75 63 6B 73 21 That gives the comment on the signature below. D'Artagnon - --- GoldED v2.50.Beta4+/1111 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: 43 6C 69 70 70 65 72 20 73 75 63 6B 73 21 iQCVAwUBLy8hiL8aRv3HpI1RAQHFhQQAoqUBFQIl9L6keC2GwVKGaxlh1eR1GevU Cn3+EkVW/ZKeiiywpWsLKC0BW/kHRxZvwihVujlG8wFqOFBL8ohMTnt/pFFTun+e ctWypcGsk6zy2WZQdZBJ5s65oKN93dTM3zMjPeJScDdEvD8r9sSaLVnugMsdfikm dGnt6BXYAmQ= =7nfx -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Shawn McMahon 3 Feb 95 18:12:00 Subject: PGP NEWS UpdReq > I can always get a post-office box for important mail." You're kidding, right? Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Glen Todd 4 Feb 95 14:55:40 Subject: PGP Forever !!! UpdReq Despite the stern warnings of the tribal elders, Glen Todd said this to Lawrence Garvin: GT> Which seems to matter not one whit to our government -- and GT> it looks like the new Republican (aka religious reich) GT> congress is going to make things worse for the First GT> Amendment rather than better. Got any support for that statement, Glen? 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Michael Babcock 3 Feb 95 04:00:10 Subject: Re: Can I Freq Pgp? UpdReq -=> Quoting Michael Babcock to Alan Pugh <=- AP> =-lots of reasoned discourse snipped= AP> indeed. there is strength in numbers. however, if you are going to AP> use encryption, it is important to make encrypted mail acceptable in MB> ... AP> i really like fido and related nets, which is why i read and post AP> here and in more areas than i can sanely keep up with, but as a AP> network, fido needs to grow up a little. MB> Had to beg my local sysop to let me 'sign' my messages, and got MB> removed from fidonet for two weeks because someone sent ME an MB> encrypted message via netmail...as if. That's interesting.... a friend of mine in Sudbury led me to believe tht Fido in Sudbury area was pretty relaxed, when it came to encryption... I guess they're as bad as the rest... Ian Hebert London, Ontario, Canada RIME: HOMEBASE (5508) Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B ... Catch the Blue Wave! ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Jeffrey Bloss 4 Feb 95 19:16:40 Subject: Re: PassPhrase UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 30 Jan 95, Jeffrey Bloss was quoted as saying: JB> In the CONFIG.TXT file, add the line: JB> comment=" YOUR COMMENT HERE " JB> The comment must be in quotes, and I'm not sure of the specifics of quotes are not required unless you want quote marks to appear in your comment. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLzQY68sQPBL4miT5AQE3hQQAmCOA98k+RaQloWUXLD0inY/zq3pKZZNP cpqtFSyWhQa7QKe3T5FNN3NVdE+BVtj7NF+rH4GML16S+zNWm34ZuLms/+F+Nxpp zidbtLa81lvbThWTncgY3+FFRUahZgMPHNQbvf6IlWn8x9a1nsBqHoZiLU/YiEQh p85TQ0R5f9A= =BLCe -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Shawn McMahon 3 Feb 95 19:27:46 Subject: PGP NEWS UpdReq -----BEGIN PGP SIGNED MESSAGE----- Bright the day, Shawn! Tuesday January 31 1995 11:43, Shawn McMahon wrote to Jim Bell: SM> "Screw with me, huh? I'm not afraid of a bunch of pocket-protector SM> wearing, Star-Trek-watching geeks. I'll just see to it that Mr. Zimmerman SM> gets charged with everything I can come up with, including mopery, dopery, SM> and barratry, to show those bastards. I can always get a post-office box SM> for important mail." There's nothing more dangerous than a little man with power in his hands. Wind to thy wings, Glen ... I am Barney of Borg. You will be Baby Bopped now. - --- GoldED/386 2.50.B1016+ Gamma -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip. iQEVAwUBLzLmaUsDfAvy+TXBAQFX5Qf/QX+IP1no1A5jMK0WLdi6IJP5D93u0N03 5/0F6s8p776UYEJj4cdeyk3Kl9iGp4rqeVnCmE64Fta/n5XjWMUeXzpGJA5EJBHa 0iyvXde+RFvgU/yzQNWjlSNrbu7+EddMwSHxDPjx24kaY0lqk9D+QlZxkkShKoqe FU0HVqLihNhmQBf6YvqHUHdTrbq6IN6s0VOYhkvKWWSAwWuATmKdJtyvrdE8eh7Y SYl+c8LkIxWfi++iwEZ3yu4xTw6Zn+/xgUS+XT7P5u3TcoVtrqnHVZKh3mGtdH3+ E2krO0wGRKPQjHF6baOStQwcTTMiza5CpPoYd0YlbLB37oEDBDd2Cg== =/rHM -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Chris Adams 4 Feb 95 14:08:34 Subject: Quotes as passphrase UpdReq -----BEGIN PGP SIGNED MESSAGE----- Chris Adams wrote in a message to jason carr: CA> Well, would you like them to have everything on your PC? CA> That's why it would be good to have the ability to pick a CA> back-door key that would wipe the keyfile at least, CA> possibly even zapping the HD! If there's anything sensitive on your HD, just "PGP -c" it. Easier than accidentally trashing your HD periodically. YMMV, of course. jason ... Why is there a watermelon in here? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP_ECHO: CypherEcho to the gods... iQCVAwUBLzP7QUjhGzlN9lCZAQHqZgP9G2IAdnPO2kveGL/5rmKawGSPhtWPyqdF Puqal/Nv9cLJuNTFjfJ6wefmA26cIE4SDiHi/X0eEATNsac1Ahj/zziuoGtAu8AY 7GwL+REisjLVppCO0Us4ll42m164nw0WDISzqx/8kffxHeE145s2IwStzL+gA8lB zqQTyKWgR2g= =nex6 -----END PGP SIGNATURE----- ... Key fingerprint = 60 97 B2 AE 7D 90 11 2F 05 1C 35 98 E9 B9 83 61 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Tim Witteveen 4 Feb 95 14:13:58 Subject: Thanks for the tips! UpdReq -----BEGIN PGP SIGNED MESSAGE----- Tim Witteveen wrote in a message to All: TW> I really appreciate all the tips. Espicially from Glad to help. That's what's cool about echomail: someone, somewhere has the info you need. Or at least they can point you in the right direction. :) jason ... Anything good is either illegal, immoral, or fattening. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP_ECHO: CypherEcho to the gods... iQCVAwUBLzP8gkjhGzlN9lCZAQEhsAQAuBflOAVguoRb0wKRnpbbLyV+K1RWjuFi QKAUc9zOiNuAP3i8VculzcKCN0jC0NoINHphXNXtZ8H2Rt9gsu2VcPhIufRVL4UN sUA+hlLbUGs04GR7Qht7VbUGqe/Tc9bKWG/19/fbZ4QPVphKayTdBGZc2gyKaDC0 wb5VTXQG0iU= =Aqd7 -----END PGP SIGNATURE----- ... Key fingerprint = 60 97 B2 AE 7D 90 11 2F 05 1C 35 98 E9 B9 83 61 201434369420143436942014343694201434369420143436942014343694718 From: JIM BELL Area: Public Key Encryption To: DAVID CHESSLER 2 Feb 95 09:03:00 Subject: Pgp news UpdReq -=> Quoting David Chessler to Jim Bell <=- JB> JB> [JB note: Somebody ought to find William Keane's _home_ address >and > JB> post it on the Internet. After a few hundred nasty-grams have >arrived, > JB> maybe this numbskull will get the picture.] FD>Nothing like good old vigilante action when we don't agree with FD>something, huh Jim? JB>First, I did not mention "vigilante action," you did. (What I did JB>suggest was a little peer pressure, a little "friendly persuasion.") DC> It's still a dumb idea. Nothing like mailbombing literally or DC> figuratively a prosecutor to get him really pissed off. And then he ^^^^ DC> can prosecute even if he thinks he doesn't have a case. "then"? What do you mean, "then"? He can do this _already_. And he will, if he thinks he can get away with it. But he won't think he can get away with it if he is aware he's been located and a substantial fraction of the population are pissed of at what he's doing. JB>However, that is, essentially, what Keane is doing with respect to >Zimmermann. But not quite: the difference is that even "vigilante >action" professes to punish crime. Zimmermann did something (writing >PGP) the government doesn't like, but isn't illegal, so its >representatives aren't even rising to the level of engaging in >legitimate "vigiliante action" to use your words. In Zimmermann's >actions, there is simply no "crime" to punish. DC> That's your view, but you're not a lawyer. In Zimmermans's case, I don't think "being a lawyer" changes anything. Even lawyers who have no reason to be biased one way or another are mystified as to what justification the prosecutor could use to harass Phil, let alone proceed with the case. DC> So the prosecutor isn't DC> going to pay any attention to you. But if his mailbox fills up with DC> nastygrams or worse, he may take it out on Phil just to spite you. Then maybe we'll just have to return the favor! See, being a "sheeple" is so "comfortable", isn't it?!? You just allow everything to happen to you and everybody else, hoping the bad wolves will leave you alone and go away. And mostly they do, although occasionally they eat one of your flock. Bummer. ... On what conclusion do you base your facts? ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: JIM BELL Area: Public Key Encryption To: ALAN PUGH 2 Feb 95 09:34:00 Subject: PGP News 2 UpdReq -=> Quoting Alan Pugh to Chris Adams <=- CA> I was exagerating. I'd just like, say, 16k bits, or 8 times more. It CA> would be slow, but most of the public key stuff is used to encrypt the CA> IDEA session key, and IDEA carries the load, so it would need to be CA> augmented as well. Also, if the source code is designed right, it CA> would be relatively simple to add support for larger keys. Also, as PCs CA> increase in speed, PGP can take advantage of it. Someone with, say, a CA> Pentium 90 isn't going to notice the wait for a small key, so let them CA> wait a little for a larger one. AP> from what i've read on this, a 2048-bit rsa key is pretty much AP> equivalent in difficulty to break using brute force as a 128-bit idea AP> key. therefore, you can increase the key size of the rsa portion all AP> you want and it won't help you any, because it will simply become AP> easier to crack the idea key rather than the rsa key. Although, finding the IDEA key for that particular message ONLY gives "them" that particular message. Finding your RSA key gives them access to every message you have ever received that used that key, assuming they have managed to intercept it in the meantime. Even so, I see little reason to use an RSA key of above 1024 bits. The NSA can certainly do 384-bit keys, probably 512-bit keys with substantial effort (1 year of compute using all of NSA's computers?), but a 1024-bit key is about a million billion times harder. Even a major breakthrough would be hard-pressed to shave a factor of 1000 off that. AP> all of the above is predicated on the belief that the nsa has not AP> discovered a novel way to factor numbers that we peasants aren't AP> allowed to know about. they also may have discovered an inherrent AP> weakness of pgp. in general, i operate on the assumption that they AP> can read my mail no matter what i do because anything else is AP> foolhardy imnsho. remember: the nsa has a bigger (black) budget than AP> the fbi & cia combined, and encryption is their thing. I've previously commented that a more complex dynamic begins to operate here. If the government can secretly decode, say, 1024 bit keys with substantial effort, that would be an EXTREMELY precious piece of knowledge. And they would never want to reveal their capability, since to do so would simply cause people to start using even longer keys. Therefore, they could not possibly use the knowledge gained from such a "crack" for routine police-type purposes. Even solving incidents such as the bombing of the World Trade Center wouldn't be important enough to justify revealing their capability. For this reason, it is likely that we can consider 1024-bit keys "safe" even if, hypothetically, some day they might be compromised. ... The rest of this tagline is encryp*&l#1E0+=|>fcd}85^7@jowxz*7"[=- ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: JIM BELL Area: Public Key Encryption To: RICHARD DALE 4 Feb 95 00:47:00 Subject: PGP NEWS UpdReq -=> Quoting Richard Dale to Jim Bell <=- JB>*I want that turkey to think: JB>*"They all know where I live and they don't like the fact that I'm JB>*harassing one of them. If I actually file charges who knows what'll JB>*happen. I think I'll drop the whole thing." RD> Then you may think: "Gee, I wish I hadn't sent off a letter that RD> could have been considered to be threatening or which implied some RD> sort of future action. Now I've got 10 years in Leavenworth to RD> think about it." Obviously, everyone who sends a letter will be responsible for its own content. And somehow I suspect that anybody who intends to send a truly threatening letter isn't going to put a (correct) return address on it. In any case, as worrisome as the letters he receives may be, his worry will probably be greatest about the letter he DOESN'T receive! And it is that one which will tear his conscience apart. ... Horiuchi: "Drop that baby, or I'll shoot!" ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718