[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP in UK - snooped as unSTEALTHed?



>Received: by toad.com id AA16930; Sun, 10 Sep 95 02:10:05 PDT
>From: [email protected]
>Subject: PGP in UK

>-----BEGIN PGP SIGNED MESSAGE-----

>I heard something rather disturbing the other day from someone I do
>business with.  I've been telling this company for 18 months or so
>about the advantages of PGP and email rather than faxes, and they
>finally tried it, liked it, and decided to use it a month or so ago.
>Last week they got a visit from the Department of Trade of Industry
>and MI5 (or is it MI6?) telling them to stop using PGP or they might
>find difficulties getting export licences for their products in
>future.  The visitors wouldn't say how they knew this company had
>been using it.

                    PGP IS MARKED!

   Well, I just used MIT's PGP 2.6.2 with 3 different users' public
keys to encrypt 3 different files. In all 3 files, the first 3
characters were the same (an umlauted A, then an i with an up arrow
over it, and then a heart). This beginning 3 character string is
apparently the infamous PGP RSA signature. The signature that says
to spooks' programmed encryption sniffers - "HEY! I'M PGP -  GIVE ME
A LOOK!."

   When are the PGP designers and coders going to get serious and de-
velope STEALTH PGP inside PGP itself!? I think that it would take the
states at least many thousands of times the computing cycles to spot
PGP encrypted files without the RSA signature. - IF it were practical to
look for STEALTH PGP at all when snooping communications networks.

  So what, -that "only a few companies" will be discovered to be using PGP
through the RSA signature!? Those few companies are the seeds for the
vast numbers of companies that would follow them in using PGP over the
Internet. The RSA signature is the flag that allows the spooks to easily
net the bold first companies. The RSA signature is greatly impeding the
spread of PGP use over the Internet. PGP MUST BE STEALTHED!!

             ENCRYPTION METHODS' "RANDOM" SIGNATURE

   PGP files are, of course, compressed to remove redundancy and thus make
the method stronger. This, along with the algorithm, produces a "random"
bit file. I believe that most files on the Internet are not compressed
and thus would show order on statistical sniffing programs. Of the files
that are compressed, by PKZIP for example, I believe they would probably
have a compression string signature particular to that compression met-
hod. Otherwise, compressed files show more randomness. I don't know if
compressed programs show an order throughout the file. If they do, then,
possibly, PGP could have a function added to it to duplicate this order.

   This suggests that PGP should also have a function that makes a phoney
compression method signature. This would allow PGP'ed files to hide
amoung compressed files on the Net.

                   -----------

   With the removal of the PGP RSA signature and the addition of phony
compression signatures, PGP'ed files would travel the Net without draw-
ing attention to themselves. This would greatly facilitate the growth
of PGP traffic by organizations.


         MICROSOFT VERSUS BORLAND FOR COMPILING/ASSEMBLING PGP

   Oftentimes, Borland C and Assembler can be bought at prices that
are a fraction of the price of Microsoft C and Assembler. This suggests
that PGP should be programmed with Borland instead of with Microsoft. I
think that this would be a step in making PGP a real peoples' encryption
method. It is more practical for people to get Borland programming soft-
ware than Microsoft programming software. This change from Microsoft to
Borland might encourage a lot of experimentation and innovation by a lot
of individual and small group programmers.


>The person who told me about this also said something about a
>Department of Trade & Industry paper which mentioned that the British
>Government was going to insist on key escrow for encryption.  I had
>hoped to get a copy of this, but he can't find it at the moment.
>I'll post the text when I get it if anyone's interested.

>Anyone else in the UK heard anything about this?

>- -- B.

>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.i

>iQEVAgUBMFGPfeHVHXeXphJJAQFJ0Af/Svh0ifULgpEuauSBPFreDDJoa/a1gcPe
>ya3CjOde9kVuN0IkBHFubO18MrAO6WbwlhVa/X/pjG4vbSahonpzmgHHfkVW20Gh
>qlhBwFLElTmOgspSjHJ74sYNUM2YZ+AKOyNwW4ix6woJ0WL0NP+cV8CZv4tdEH4l
>EI3/FuoFccbkKMk7QYoRPOyj5FI4GiFxVsg1GFOU3r83bxfJDfU2yZdImEBx/Nlc
>gteizqFTF/QiKckl6f5NzCBzaoIcMw0VLN8dAGLqzDycJtFqGdOPgvgSt1LwXKBs
>+zJM5Z/laubYm5SiEPy4oVz9N3lT4EOzEtdMEoiSC6IiSDSaURkEAA==
>=GiY0
>-----END PGP SIGNATURE-----


>-----BEGIN PGP PUBLIC KEY BLOCK-----
>Version: 2.6.i

>mQENAi8KzVoAAAEH/2gPfD2Xdw1nDAXtMH/F5iCMrwdXHXolEfOjRP59QP1Yodhb
>L+NGSNls67+H1us5PP5EpHDbHRy66ExgRK7XdZ/2qz0SsbTG+R6pRIILmMfgd3Nj
>M6uq1DehdxWPdp4PMC9LNrG2V9QrRGPgpHhr3iDfy+p6JTjW8XCYUXn5POt0wBs2
>n/vlowjLf9dVYwUKP58V9gokNsFlGcB08gEbxKa9Y2X7zB3BAlywPVdKVh+BOTCK
>z1Sofx9Wup0MEXEDEESLDSq/634hzzVx6Kt54cZBbi5nAdPHWlGHZl5vU93A3jPE
>fh59JXsCZmWKLXMjZtjcIJYkC4hC4dUdd5emEkkABRG0DEIuIERlIExhIFBheokB
>FQIFEC8g7yzh1R13l6YSSQEBD+4H/ir8R4iw1tWLUuxz6etmV99OhMUYoI5lQnxz
>9KARQf4eD3xHPoMw6tHLKOUR8xYS9i2RmkhJrPRzCfD5OKSOBEHuIQEt/+dcbCuw
>0fxn9NrU7NjFWwWKQ+0jYikN3hfIWcPmGtyhQ0KSrGfUDo5+rJr5Cy4U6eOooepv
>gYniecNNVAzQ2KDiWTOZ5zqG3zBAYj6uw8LHvBR1qol2YcJ4s02c4GdAZmzEq49s
>nDBortKfWUAxZkESBt2tMx8gYq6b38evYJBLXOqEN5Lt/5zf0nG1u0BEWBLaCj55
>y8lh1KolVOu808tX9blOrjqwEB12vngjXzf7hHWohrGrrQVT2N4=
>=5qEt
>-----END PGP PUBLIC KEY BLOCK-----



THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY.
The United States "Federal" Government - We'll be even more American
without it.

                                           PUSH EM BACK! PUSH EM BACK!
                                           WWWAAAYYYY  BBBAAACCCCK!
                                           BBBEEEAAATTTT  STATE!