From: John Stephenson Area: Public Key Encryption To: John Schofield 26 Mar 95 02:26:38 Subject: Bluewave & pgp UpdReq JS> I recommend EZ-PGP. (But then, I wrote it.) I recommend PGPWave. (But then, I wrote it.) JS> It has very few bells and whistles It has quite a few bells and whistles. :) JS> It's free It's that too :) JS> and so is support. That too :) JS> John Yup. It even has an author who's name is John. ;-) Check it out, it might give you a few ideas for your own program, as always it's available via FREQ as "PGPWAVE" from the below origin, note that Serpents Egg II <> Serpents Egg I. :) - John Stephenson ... YOU can help wipe out COBOL in our lifetime. 201434369420143436942014343694201434369420143436942014343694718 From: Jerome Greene Area: Public Key Encryption To: John Stephenson 27 Mar 95 15:00:28 Subject: Bluewave & pgp UpdReq ->Did you hear John Stephenson to Bruce Davis about Bluewave & pgp <- Hi John! BD> filename is something like pgpw107a.zip, however you should be able to JS> the magic name however (pgpwave). I freq'ed this gem of a program last weekend, the magic name didn't work. :-( But the filename as Bruce had above did the trick. Regards, -= Jerome Greene =- ... ABCDEFGHIJKLMN PQRSTUVWXYZ - Hole in the "O" zone. ___Messenger 1.2a [Reg] 201434369420143436942014343694201434369420143436942014343694718 From: Jerome Greene Area: Public Key Encryption To: Peter Bradie 27 Mar 95 16:54:06 Subject: Bluewave & pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- - ->Did you hear Peter Bradie to John Schofield about Bluewave & pgp <- Hi Peter! JS> I recommend EZ-PGP. (But then, I wrote it.) It has very few bells PB> It's nice to see an unbiased testimonial>;-D I recall that I gave an unbiased testimonial for EZ-PGP. John does have a good program. It's no-frills, gets the job done. It has what a lot of users want when they are using PGP with their OLMR. John Stephenson's PGPWave also is a good program, a little more (bells and whistles) You can add keys while in Bluewave, Decrypt messages while in BW etc... Both programs are worth the price of a phone call to check out. I haven't seen any problems at my system with either of them. I have with PGPBlue though. And this recent lack of support problem for it should concern you. If for no other reason, then as a prospective customer. Regards, -= Jerome Greene =- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freq PGPKEY from 1:282/76 for my key iQCVAwUBL3dBynF52VfebiBFAQGQFgQAj6eWPQtcVYGNM1PKyK8DREP4zyf/lQ2a uTZLXxqZLsh5D1xshAVVX7yQYm8wBLSsOSCBWGmKaqi2EUgpXkCO0jZ1mVkXDtCZ 3tx/jBCrjbEx+dN3v44IIpZKerhlN2VNZJ1SlnhokG5DaF8tXPKN7gHhSi01FTqI 5SkVHviKMgk= =aHBc -----END PGP SIGNATURE----- ... Some days it's not worth chewing through the restraints. 201434369420143436942014343694201434369420143436942014343694718 From: John Stephenson Area: Public Key Encryption To: Donald Rose 26 Mar 95 02:27:52 Subject: Inquiry UpdReq DR> What's the newest version of PGP? I think: 2.7mit - Uses RSAREF, illegal in the states. 2.6.i - Uses the real RSA, legal in other places. - John ... "Girl who is wallflower at party is dandelion in bed." 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: L P 27 Mar 95 07:32:20 Subject: Bluewave & Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Bright the day, L! Saturday March 25 1995 10:24, L P wrote to Bruce Davis: BD>> Try PGPWave, available from 613-354-4295. I believe that the BD>> actual filename is something like pgpw107a.zip LP> Is this FREQable anywhere? F'req PGPWAVE from 1:128/203. Wind to thy wings, Glen Bring back the snakes -- Ireland was better off Pagan! - --- GoldED/386 2.50.Beta5+ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip iQEVAwUBL3cg+0sDfAvy+TXBAQHYlAf/SJyGag9hss/WEpMr/MkjF61U2H73AapE 9Qz/bY5KcWMKRUCWe0h3M2eqy5GvY6xG/2d2CXJf/JdtaFeVN1l5bFLm8KevdtKH +ZeG6SdVT48AxO6RoAt4tn/wojvsgvJcth2u8C1QT+IPd/kueFb1UzPmGLA1kLMi 097FOPiqsKXWksNdRdjj2EyzwG0LvzpvmdsJCKh4kS01O6CwG4Zj0STfx37YUc95 qwVQVem9JA2gKfPF030j5VCxsWj706fbi+T8zUHK4iDg1BJzhAbtHrjw/+mBzVfy NNJBkEglMKPWsre0Ka0wv1V88aA5LALkJ4qes2YuPVmCUFXKrYDtyg== =vMYI -----END PGP SIGNATURE----- ... "Only a fool tells the bald truth on social occasions." -- RAH 201434369420143436942014343694201434369420143436942014343694718 From: Richard Dale Area: Public Key Encryption To: Michael Babcock 25 Mar 95 07:44:10 Subject: Quotes as passphrase UpdReq MB>* Hmm, the fact that he DID this isn't good enough? I say we quit, this MB>* guy's a radical and won't admit defeat... Is he still at it? Sheesh! I put his name in the twit filter weeks ago. You can't convince someone who won't accept facts. He claims I didn't give him any sources. I told him to write to Consumertronics. That's a source from which he can get docs, examples, and the ability to do it himself. I don't know what else to do. I don't know how much simpler I can make it for him. You can lead a jackass to water. . . * 1st 2.00d #567 * Sieg Heillary! Sieg Heillary! Sieg Heillary! 201434369420143436942014343694201434369420143436942014343694718 From: Scott Mills Area: Public Key Encryption To: Zorch Frezberg 27 Mar 95 07:45:18 Subject: In response to bye!/2 UpdReq Saturday March 25 1995, Zorch Frezberg writes to Scott Mills: SM>> I just helped a friend of mine put together a system. We had a ZF> ^^^^^^^^^^^^^ ZF> Thank you for proving my point. ZF> If you had not helped your friend, where would he have gotten a computer ZF> at that price? Two blocks from his work? There's a computer consignment store that has PC's divided into rows of "under $300" "300-500" etc. Then only reason we pieced it together was that he wanted to learn more about the hardware. Learning about computers was his reason for buying one in the first place. SM>> WWW session open, an file FTPing in, and have a telnet SM>> session open with no problems. That was on 8 meg of ram SM>> instead of 4. But that would just add another $160 to the machine ZF> ^^^^^^^^^^^^^^^^^^^^^ ZF> So how much are you making an hour that tossing in an additional $160 is ZF> not a problem? ZF> Is my point that unclear? Yes it is. My point was that for a very low price he had a machine that would give him a full tcpip internet connection. What do you consider to be affordable? If you can't afford to pay that low a price for a inet capable machine then you definately can't afford the connect charges anyway. The parts I listed even without the additional memory will get you online. And it would cost you less than what you'd pay for access for a year. You want to double that cost and you could almost buy a full Pentium system these days. Best Buys has full Pentium 75's with 1g drive 4xCD 8M ram for under $2,000. Network capable systems are relatively cheap and getting cheaper every day. Scott Death is Murphy's way of dropping Carrier on your life. Scott Mills 1024/26CD5D03 For my PGP key freq PGPKEY sm@f119.n265.z1.fidonet.org --- 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Jeffrey Bloss 26 Mar 95 20:50:08 Subject: Poker? UpdReq *** Quote: Jeffrey Bloss to All *** Subject: Poker? *** Date: 07 Mar 95 11:54:00 JB> I had a thought yesterday... second one this month. JB> Would anyone be interested in somehow working out a "mental-poker" JB> protocol, in such a way that it complies with this echo's rules, and JB> play a couple hands... just for fun. ;) I'm thinking that it's JB> do-able using signed messages and MD5 hash values (or detached PGP JB> signatures) of the individual "cards". Might go something like JB> this... I might be interested. Let me know if this materializes. SKQ 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Peter Bradie 27 Mar 95 12:52:08 Subject: Bluewave & pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- PB> -----BEGIN PGP SIGNED MESSAGE----- PB> ___--BEGIN PGP SIGNATURE----- PB> Version: 2.6.2 PB> ___--END PGP SIGNATURE----- PB> ~~~ PGPBLUE 3.0 PB> ___ Blue Wave/QWK v2.10 PB> -!- Maximus 2.02 PB> ! Origin: Aardvark Park (1:106/7799) Something ate your sig lines. Perhaps the aardvark got hungry. EZ-PGP is available for FREQ from 1:102/903 (14.4k bps) and 1:102/904 (28.8k bps). Magic file name is EZ-PGP. John -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: The Sprawl BBS at +1-818-342-5127 -- your privacy source! iQCVAwUBL3cWKGj9fvT+ukJdAQGsIQP/R6KpmREO8D33/3VMWJHdVv26TiV8HDi2 NxjOBvD4pU62/zxaJXInP49J2R3iAPovF3RbMEl5fQuiTC5k2Pqb0riKAimFvQPA j5i0hDI9Xw0ZoBioNjO8u5ZKg3gSiF02OnHuBXUL3RJIy1p97T5rYDXvs5JvzdIi r2wMZp1zKtU= =Tcqg -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... A day without sunshine is like night. 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Jeffrey Bloss 27 Mar 95 12:52:08 Subject: Poker? UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- JB> The whole idea behind "mental poker" is to allow one party to JB> participate as a dealer and still maintain a secure protocol. Yes, but that dealer shouldn't be trusted--as I assumed from your messages he was. If I misunderstood you, I'm sorry. JB> My idea was to try and develop a mental poker protocol that did not JB> lean on session keys and/or encrypted messages, yet reduced or JB> eliminated the need for a trusted dealer. I wanted to play with JB> something that could be implemented within the confines of this JB> conference, and I chose mental poker because it's namesake is a bit JB> more familiar than something like "Graph Isomorphic Proofs". 8-O If your protocol does not lean on (does not use?) encrypted messages, it probably does not belong on this echo--and as a side note, if it does not use encryption, I don't believe it could work. What exactly do you mean by "lean on" encryption? JS>> Reinventing the wheel may be fun, but it isn't very useful. JB> Do you believe *everything* must be mind-numbingly useful? JB> Why do you assume everyone is familiar with mental poker in the first JB> place... or that working out even a flawed version has no value? One JB> of the first things you'll learn about crypto... dissecting your JB> mistakes is the best way to learn the craft, and picking apart another JB> person's mistakes is even better. OTOH, if you do think it's a JB> frivolous exercise, you can *always* move on to the next message... On the contrary, I am posting on this thread because I think playing around with a mental poker protocol could be very interesting and useful. But there are enough very interesting unsolved problems out there that solving an already solved one bothers me. What also bothers me is that previous messages on this topic showed no awareness at all that anyone else had even attempted such a protocol. Inventing such a protocol without looking at what other people in the field have done would probably be a waste of time. If all you're interested in is setting up a mental poker game, let's figure out the protocols in Applied Cryptography and start using them. Instead of trying to duplicate other people's work, we could start playing with it and have some fun with it. JS>> 3) The reference for this (and for just about every other crypto issue) JS>> Bruce Schneier's _Applied Cryptography_, copyright 1994 by John Wiley an JB> Applied Cryptography is *a* reference, not *THE* reference. It's a JB> fine text if your a C programmer wanting a general overview of crypto JB> and some source code building blocks, but it's scope makes it JB> necessarily limited. It's no "mathematical authority". What do you JB> think all those numbers in the square thingies are for anyway? :) Actually, it is "the" reference. If you could only have one, that is the one you should have. {grin} But what I meant in my original message by "the reference for this" was "the reference I used for the stuff I just talked about." Here's a description of mental poker with three players, although it could be easily extended to n players. I get this from Applied Cryptography, page 78. The cryptographic algorithm must be commutative. 1) Alice, Bob, and Carol all generate a secret key, or a public/private key pair. 2) Alice generates 52 messages, one for each card in the deck. These messages should contain some unique random string, so that she can verify their authenticity later in the protocol. Alice encrypts all the messages with her key and sends them to Bob. 3) Bob, who cannot read any of the messages, chooses five at random. He encrypts them with his key and sends them back to Alice. 4) Bob sends the other 47 messages to Carol. 5) Carol, who cannot read any of the messages, chooses five at random. She encrypts them with her key and sends them to Alice. 6) Alice, who cannot read any of the messages sent back to her, decrypts them with her key and then sends them back to Bob or Carol (depending on where they came from). 7) Bob and Carol decrypt the messages with their keys to reveal their hands. 8) Carol chooses five more messages at random from the remaining 42. She sends them to Alice. 9) Alice decrypts the messages to reveal her hand. 10) Whoever won reveals his hand and all keys used. Additional cards can be dealt in the same manner. If either Bob or Carol wants a card, they take the encrypted deck and go through the protocol with Alice. If Alice wants a card, whoever currently has the deck sends her a random card. In poker one is only interested in whether or not the winner cheated. Everyone else can cheat as much as they want, as long as they still lose. You only need to check the winner's hand and keys. -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: The Sprawl BBS at +1-818-342-5127 -- your privacy source! iQCVAwUBL3clLmj9fvT+ukJdAQF9mwP/USBYXU9wkp0p8aSBKUfgR2ptL5IVzzGk 9ApEFYdTFOjuQe33fJ7T5Rkg183Reo8nTIe5i9BJcNPXiR63bhDt45JWYlB+DPBj kPChte5Ly4/cE0brQRuOKvXqTxYCYskZWOplgwePTlGEjwdGqmw+jd3Bf6Sb7CnL W5+SrICGEls= =CYJ3 -----END PGP SIGNATURE----- **EZ-PGP v1.07 201434369420143436942014343694201434369420143436942014343694718 From: L P Area: Public Key Encryption To: David Chessler 27 Mar 95 00:00:00 Subject: Re: Internet Gateway & Fi UpdReq LP>According to docs from FidoNet and node 1:1/31, I may not send >encrypted mail to or receive encrypted mail from the Internet by >way of the 1:1/31 gateway without prior permission. I wrote a >letter to "Postmaster" at 1:1/31 about getting permission, but >never got a response. >Is there somewhere or some addressee better to write in order to >get an answer? Is there a gateway through which I can send and >receive encrypted mail? DC> DC>The other gateway is 1:109/42 DC>... DC>Send a letter to JOE KEENAN at 1:109/42 and ask. DC> Thanks for the suggestion, but it didn't help. I netmailed Joe Keenan at 1:109/42 about the details and rules regarding gateway access, encryption, clear-signing, and mailing lists almost two weeks ago, and have not gotten any response by either direct or routed netmail. I guess that he and Postmaster at 1:1/31 are busy enough with "normal" stuff that they don't want to deal with the ominous spectre of a special case. It's just that if they let privacy and message certification fall in the "normal" category, there would be no special case to have to deal with. I really don't have a clue about the big problem with privacy. It seems to me that everyone should take it for granted and be outraged at the thought of having it invaded. Instead, it seems that there is a massive voluntary movement to take it to the dump and be rid of it. So it goes. 201434369420143436942014343694201434369420143436942014343694718 From: Jeff Trowbridge Area: Public Key Encryption To: Michael Babcock 28 Mar 95 14:19:12 Subject: pgp -ew switch UpdReq -----BEGIN PGP SIGNED MESSAGE----- On (20 Mar 95) Michael Babcock wrote to JEFF TROWBRIDGE... JT> Ok, thanks for the clarification. Now that brings up another JT> question. If I defrag occasionally, does that overwrite any JT> sectors that were deleted and are now available? MB> Most of them, and if you're running SD (from Norton), you can turn MB> on MB> "wipe empty sectors" to completely clear the erased files. Thanks for the info Mike. I've since added a nice little sharware program called "Terminator" which has "quick delete" (one pass to overwrite) and DOD delete (7 passes). Anyone who wants a copy of that one can freq it from 1:215/705. Regards, Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: encryption means never having to say you're sorry iQCVAwUBL3iLP3Pq8B1oZhD9AQFV7gP+J/9PLL4qJrX6wH0bPy6cMPy5vcZ0Ae6R kY5+zBXBYUffVO0CXq8JfHMhW1ualH0I+9PCfOxPsb0i6DjRCzpb0fToqpvYh0w3 PMcB91FHD1y/+wuufPvW+UGhFGAVoXA0neBvxWqMY2MnwLa5JI1QtT92ooyAwDDM MQxr7W9IPGQ= =TeeU -----END PGP SIGNATURE----- ... Fight crime... impeach the bastards. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: Eddie Benson 26 Mar 95 21:33:44 Subject: Re: In response to bye!/1 UpdReq EB> Actually, with the software available, mini-nets can, and I suspect EB> will, be put up and provide secure telecommunications. I would be EB> simple to create your own nodelist for your business or organization EB> and keep it private. PGP should be able to be used on these private EB> lines without much trouble at all. i've actually recommended this for small businesses if they a want reliable, cheap, and secure email and file transfer system. if they don't mind the delay between getting and receiving mail i think it is an excellent business solution. amp <0003701548@mcimail.com> March 26, 1995 21:33 ... BATF: Burn All Toddlers First 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: Jeffrey Bloss 25 Mar 95 21:50:08 Subject: Quotes as passphrase UpdReq AP>> isn't perfect due to the resolution of time on computers, but is JB> Well... the keystrokes are far enough apart (in computer terms) that JB> the LSb pattern actually produces nearly perfectly random sequences. JB> The length of time between keystrokes allows the "remainder", if you JB> want to call it that, fall randomly on either side of the timing JB> resolution line. OTOH, the seed gets permuted a couple times to JB> make a "key", and looses a bit of randomness in the translation. Not JB> enough to make the beast loose it's cryptographic randomness though... JB> not enough to make it unusable for practical purposes. an excellent description of the process. this is not something that i've looked at too terribly closely, although it probably bears closer inspection since the randomness (and primeness) of the generated key is critical. when i've got the time i'll dig through some rather excellent docs i have on pgp (apart from the docs shipped with it) and see what the authors have to say about it. AP>> tempest and other attacks against most modern electronic equipment AP>> is pretty difficult with the exception of monitoring the output of a JB> But "difficult" has different meanings to different people. My JB> newborn daughter finds it "difficult" to hold her head up for more JB> than a few seconds at a time too. :) The point is... it's do-able. JB> That was the question... indeed. it _is_ doable. it's something i've thought about, but attempting to combat it isn't really a high priority for me at this time. it may very well become important to me in the future though, which is why i like to read informed articles about it. JB> another set of events. I'll stretch it a bit and say this is why a JB> one-time-pad with a random key equal in size to the plaintext is JB> considered "perfect" in cryptographic terms... there *is* no JB> mechanized attack against such a critter. yup. in order to make one-time pads work, you need 3 things. 1. a truly random number generator like the aformentioned geiger counter. 2 a secure methods of transferring the pads and 3. someone who understands the extreme importance of protecting the pads. it is indeed the best form of encryption wish i could do it for some of the encryption i do on occasion of a personal nature. JB> To be honest, I'm guessing a bit... but as soon as I can, I'll do the JB> research. Shannon is probably the best source of computer randomness JB> theory... maybe we can find some of his work translated to a usable JB> algorithm and test it. I do have some 0-order entropy code that tests JB> compressibility... a good _indication_ of randomness. :) sounds to me like you know this stuff better than i do. i still consider myself a novice at this as i really don't understand some of the mathematical underpinnings of pgp and the possible attacks against it (or any other cypher ftm). it's one of those things i wished i'd learned about when in school. i'm trying to teach myself some of it now, but it is slow going as i don't have the time to dedicate to it that i'd like to. JB> The problem with truly testing randomness though, is testing the JB> possibility of duplicating of a "random" series. The inability of a JB> processor to generate randomness would skew this sorta test I JB> think...?? You may have a "less than random" series labeled as random JB> by a machine because it can not mathematically duplicate the series. i understand that there are algorythms that were designed as test projects to check for periodicity of numbers similar to pi or e. JB> May be some work-arounds though... I dunno. :) yeah, but it probably requires a lot of cycles and masses of memory. amp <0003701548@mcimail.com> March 25, 1995 21:50 ... Gun Control: A Logic-Free Philosophy. 201434369420143436942014343694201434369420143436942014343694718