[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CEB PREMEIER ISSUE PART 2



however, can still read both formats.

Although this is annoying if you have a really old key that has lots of old
signatures on it, the fact is that the older the key, the more likely someone
has captured both it and the passphrase used to protect it.  Therefore, I
strongly recommend generating a new key and getting at least one other person
to sign it.


ARE MY OLD KEYS COMPATIBLE WITH MIT PGP 2.6?

Unless they were created with the old, non-PKCS standard (i.e., created with
PGP 2.2 or earlier, or created with PGP 2.3a with pkcs_compat set to 0), and
unless they were created with a modulus of more than 1024 bits, then they are
compatible.  If a compatible key has an incompatible signature certificate,
then the incompatible signature certificate will simply be stripped off by
PGP 2.6.  Otherwise, you can keep using your old key.  In fact, if you just
copy your key ring files to your new PGP 2.6 directory, then extract your old
key with ASCII armor, it will be indistinguishable from a PGP 2.6 key, but
have the same value, id, and signatures (assuming they were all in the PKCS
format).


WHY DOESN'T THE MIT KEY SERVER ACCEPT KEYS FROM PGP VERSIONS < 2.4?

They don't want to be accused of contributing to the possibly infringing use
of PGP 2.3a.


WHY IS MY PGP 2.3a KEY ON THE MIT KEY SERVER?

Because the MIT key server synchronizes with several non-USA key servers that
run PGP 2.6ui or MIT PGP 2.6, and which accept keys from PGP 2.3a.  When keys
are extracted from those servers to synchronize with the MIT server, they
appear to be coming from PGP 2.6, so they are accepted.


WHY SHOULD I UPGRADE TO MIT PGP 2.6 FROM PGP 2.3a (BESIDES THE TIME BOMB)?

First of all, if you are in the USA, the patent-legal status of MIT PGP 2.6
is good for your conscience.  Second of all, there are a lot of bug fixes and
features:

Fixed a bug with the -z <passphrase> option.  If no passphrase was given,
PGP used to crash.

When using -c, the IV is generated properly now, and the randseed.bin
postwash is done.  (This bug could have resulted in the same ciphertext
being generated for the same plaintext, if the same passphrase is used.)

Memory allocated with halloc() is now freed with hfree() in ztrees.c and
zdeflate.c.  (MS-DOS only.)

The decompression code now detects end of input reliably, fixing a
bug that used to have it produce infinite amounts of output on come
corrputed input.  Decompression has also been sped up.

PGP -m won't try to write its final output to the current directory.
This makes it less efficent if you want to save the text to a file, but
more secure if you don't.

If the line
        comment=<string>
appears in the config file, the line "Comment: <string>" appears in
ASCII armor output.  Of course, you can also use this from the
command line, e.g. to include a filename in the ASCII armor, do
"pgp -eat +comment=filename filename recipient".

PGP now enables clearsig by default.  If you sign and ascii-armor a
text file, and do not encrypt it, it is clearsigned unless you ask
for this not to be done.

The now enables textmode.  Textmode detects non-text files and
automatically turns itself off, so it's quite safe to leave on all
the time.  If you haven't got these defaults yourself, you might
want to enable them.

All prompts and progress messages are now printed to stderr, to make them
easier to find and ensure they don't get confused with data on standard
output such as pgp -m output.

PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random
data in an attempt to force disk compressors to overwrite as much data as
possible.

On Unix, if the directory /usr/local/lib/pgp exists, it is searched
fror help files, language translations, and the PGP documentation.  On
VMS, the equivalent is PGP$LIBRARY:.  (This is PGP_SYSTEM_DIR, defined
in fileio.h, if you need to change it for your site.)

Also, it is searched for a default global config.txt.  This file may
be overridden by a local config.txt, and it may not set pubring,
secring, randseed or myname (which should be strictly personal)

The normal help files (pgp -h) are pgp.hlp or <language>.hlp, such as
fr.hlp.  Now, there is a separate help file for pgp -k, called pgpkey.hlp,
or <language>key.hlp.  No file is provided by default; PGP will use
its one-page internal help by default, but you can create such a file
at your site.

On Unix systems, $PGPPATH defaults to $HOME/.pgp.

PGP used to get confused if you had a keyring containing signatures from
you, but not your public key.  (PGP can't use the signatures in this case.
Only signatures from keys in the keyring are counted.)
PGP still can't use the signatures, but prints better warning messages.
Also, adding a key on your secret key ring to your public keyring
now asks if the key should be considered ultimately-trusted.
Prviously, you had to run pgp -ke to force this check, which was
non-obvious.

On Unix, PGP now figures out the resolution of the system clock at run
time for the purpose of computing the amount of entropy in keystroke
timings.  This means that on many Unix machines, less typing should be
required to generate keys.  (SunOS and Linux especially.)

The small prime table used in generating keys has been enlarged, which
should speed up key generation somewhat.

There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!)
when generating primes 2 bits over a multiple of the unit size (16 bits
on PC's, 32 bits on most larger computers), if the processor doesn't deal
with expressions like "1<<32" by producing a result of 1.  In practice,
that corresponds to a key size of 64*x+4 bits.

At the request of Windows programmers, the PSTR() macro used to translate
string has been renamed to LANG().

The random-number code has been *thoroughly* cleaned up.  So has the
IDEA code and the MD5 code.  The MD5 code was developed from scratch and
is available for public use.

Versions prior to 2.6 would not permit a new signature to be added to a key
if there was an already existing signature from the same signer. Starting
with version 2.6 newer signatures will override older ones *as long as the
newer signature verifies*. This change is important because many keys have
signatures on them that were created by PGP version 2.2 or earlier. These
signatures can not be verified by PGP 2.5 or higher. Owners of keys with
these obsolete signatures should attempt to gather new signatures and
add them to their key.


WHY SHOULD I UPGRADE TO MIT PGP 2.6 FROM PGP 2.6ui?

If you are in the USA, PGP 2.6ui suffers from the same alledged patent
infringement problems as PGP 2.3a.  PGP 2.6ui also lacks most of the bug
fixes and enhancements listed above since PGP 2.3a, since PGP 2.6ui is
essentially just PGP 2.3a modified to accept both new and old packet version
bytes (2 and 3).

On the other hand, if you are outside of the USA and Canada, you should be
careful not to offend the U. S. Department of State, Office of Defense Trade
Controls, by exporting MIT PGP 2.6 from the USA or Canada.  I suppose that
you wouldn't break U. S. law if you got a copy of MIT PGP 2.6 that someone
else exported, or you could get a copy of the PGP 2.6ui (that originated in
Great Britain) if you don't care about the enhancements listed above, or if
you want to be able to use 1264-bit keys.  Note that if you use MIT PGP 2.6
in most countries, you are still bound by the RSAREF license because of the
copyright law, and you are still limited in some countries to noncommercial
use of PGP by the IDEA patent (unless you get a license from ETH Zurich).


IS THERE AN EVIL PLOT, BACK DOOR, OR INTENTIONAL WEAKNESS IN MIT PGP 2.6?

Not that I am aware of.  It ships with source code, and I didn't see any way
to hide such a thing in the source code that I looked at.  Besides, if you
really knew Phil Zimmermann, you would know just how repugnant such an idea
is to him.


IS THERE A LEGAL VERSION OF PGP FOR COMMERCIAL USE IN EUROPE?

Not yet.  To do that, you would have to (1) arrange to license the use of
IDEA from ETH Zurich or wait for the coming triple-DES option in PGP, and (2)
use the original (PGP 2.3a or 2.6ui) RSA code linked in with the new PGP (to
avoid restrictions on the copyrighted RSAREF code).  There is also the
possibility of other local laws, such as those in France, restricting use of
strong cryptography.


IS THERE A LEGAL VERSION OF PGP FOR COMMERCIAL USE IN THE USA & CANADA?

Yes.  Use Viacrypt PGP for any commercial or personal use in the USA and
Canada.  I understand that there are some BSAFE-based PGP versions for
commercial use in the USA, too, but you need to check with Philip Zimmermann
on that to make sure that all of the copyright and licensing issues are
handled properly.


WHAT EXACTLY IS COMMERCIAL USE?

I don't have an exact definition.  Use some common sense.  Are you encrypting
sales reports, business plans, contract bidding information, and proprietary
designs?  Are your money making operations aided by the use of PGP?  If so,
and if one is available to you, you should buy the fully licensed commercial
version.


SINCE VIACRYPT PGP SHIPS WITH NO SOURCE, HOW DO I KNOW IT IS OK?

Philip Zimmermann wrote or examined all of the source code.  He says it is
OK, so I trust him.  I guess you have to decide for yourself.


IS IT OK TO BUY VIACRYPT PGP, THEN USE MIT PGP FOR COMMERCIAL USE?

RSADSI/PKP says it is not.  On the other hand, since their only recourse is
to sue you for damages, and since such a plan results in exactly the same
revenue they would have if you did what they wanted, there are no damages to
sue for.  Personally, I use Viacrypt PGP except when beta testing PGP.


IS THERE AN INTERCHANGE PROBLEM WITH THE DIFFERENT RSA ENGINES IN PGP?

Fortunately, there is no problem interchanging RSA encrypted packets between
original PGP, Viacrypt Digi-Sig, RSAREF, and BSAFE versions.  They all do the
same RSA computations.  They are all different implementations of the same
basic algorithm with a different legal status for each of them, which changes
depending on what country you are in.  The only annoyance is that unmodified
copies of RSAREF and BSAFE can't handle more than 1024 bit RSA keys, but that
isn't much of a problem (IMHO).


HOW DO I UPGRADE FROM VIACRYPT PGP 2.4 TO VIACRYPT PGP 2.7

Call 800-536-2664 with your registration number, name, address, and credit
card number handy.  Hey, it is only US$10.  No, I don't work for Viacrypt,
nor do I get a commission on sales -- I just use Viacrypt PGP.


WHERE DO I GET MIT PGP 2.6?

By ftp:
  ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt
  ftp://ftp.csn.net/mpj/README.MPJ
  ftp://ftp.wimsey.bc.ca/pub/crypto/software/README
  ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/

  Look for the files pgp26.zip, pgp26src.zip, and pgp26src.tar.gz.

BBS:
  Colorado Catacombs BBS 303-772-1062 (free -- log in with your name)
  Hieroglyphics Voodoo Machine 303-443-2457 (log in as VOO DOO, password NEW)

  Download PGP26.ZIP, and for source, PGP26SRC.ZIP.

Compuserve:
  Use IBMFF to look for PGP26.ZIP and PGP26S.ZIP.

For a longer list, see the daily and montly postings on alt.security.pgp, or
get ftp://ftp.csn.net/mpj/getpgp.asc


WHAT KNOWN BUGS ARE IN MIT PGP 2.6?

The function xorbytes doesn't.  Replace the = with ^= to fix it.  The effect
of this bug is that RSA keys aren't quite as random as they should be --
probably not a practical problem, but worth fixing if you are going to
compile the code yourself.

DON'T SET PGPPASS when editing your keys, because if you do, and if you don't
change your pass phrase, the key is lost.  (If this happens, rename your
backup keyring files to the primary files before you do anything else).

These bugs have been fixed in the master source code, and will be corrected
in the next release of MIT PGP.


WHAT IS COMING IN FUTURE VERSIONS OF PGP?

I won't steal the thunder from Philip Zimmermann, Jeff Schiller, Colin Plumb,
and the rest of the team, but there is some neat stuff that they are working
on.  Transition from MIT PGP 2.6 and Viacrypt PGP 2.7 to the newer versions
will be easier than transitions from other versions.

If you have enhancements and suggestions for the PGP team, I suggest you
coordinate with them so that your ideas can be integrated with the main PGP
project.


WHERE DO I REPORT BUGS IN PGP?

Please send bug reports, bug fixes, ports to new platforms, and suggestions
to [email protected].


WHERE DO I SEND OR FIND LANGUAGE KITS?

If you have a language kit to share, you can also send it to me at
[email protected] for me to post on ftp.csn.net/mpj/public/pgp/, as well as sending
it to some of the other PGP sites.


IS PHILIP ZIMMERMANN STILL THE SUBJECT OF AN INVESTIGATION?

Yes.  He is still paying a lawyer lots of money to represent him, too.  If you
like PGP, then I would strongly suggest sending a donation to his defense
fund at:

   Philip Zimmermann defense fund
   c/o Philip Dubois
   2305 Broadway
   Boulder, Colorado 80304
   USA


CAN I REDISTRIBUTE THIS FILE?

Permission is hereby granted to freely redistribute unmodified copies of this
PGP signed file.

                  ___________________________________________________________
                 |                                                           |
 |\  /| |        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 | \/ |o|        | PO Box 1151, Longmont CO 80502-1151 USA   Jesus is alive! |
 |    | | /  _   | [email protected] aka [email protected] [email protected]       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ          CIS: 71331,2332 |
 |    |||\  (    | ftp://ftp.netcom.com/pub/mpj/README.MPJ  -. --- ----- ....|
 |    ||| \ \_/  | PGPprint=F2 5E A1 C1 A6 CF EF 71  12 1F 91 92 6A ED AE A9 |
                 |___________________________________________________________|


-----BEGIN PGP SIGNATURE-----
Version: 2.7

iQCVAgUBLlDhNvX0zg8FAL9FAQHoZAP8C+XgqMzs1y0x1SHM45lzPzD8XK9JjjPk
lHUSDlQ6uo5lRnBXxUVPpPlTmLW4E2AHvCM+mke4bsVbvNJnNK513tUELWDkGLf4
6rexV0wiZJ9VdnQW3HyN44Sug8/5W7mxmgbdIOwv4A+OOWwAqm/chOLXsFAVn1mP
TLQSBl8sb3E=
=Wq3r
-----END PGP SIGNATURE-----





 Chapter 2. Steganography "A picture is worth a thousand words."

                   =============================================
    %%             =             !I                            =
   %% %%%          =           !!!                 BB          =
  %%%* *%%%%       =        **!!**                &            =
  *** @**          =       u   \  x!             ) <           =
   *  ***          +   m              )         c   $          =
    **             =   #               k        }    �         =
    �              =    $%-            &         u    =        =
 -------           =     @!p        +e$            ~    #      =
    �              =       h      �6&                ;    |    =
    �              =         =,#                       {{      =
    �              =                                           =
  �   �            =                                           =
  �    �           =                                           =
 �      �          =============================================
�        �                 STILL LIFE WITH CRYPT
                   +++++++++++++++++++++++++++++++++++++++++++++

Steganography is the craft of hiding messages in pictures. The text is,
of course, encrypted text rather than plain text.


The current best steganography program has been done by Arsen Arachelian
Below, follows his text contribution:


From: [email protected] (Arsen Ray Arachelian)

WNSTORM is available from:
ftp.wimsey.bc.ca:/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/Steg

Usual routine to get it. i.e. cd /pub/crypto/software, get the README
file, and if you agree to the terms then follow the instructions.

Short description off the top of my head (I wrote the beastie)  Another
info scrap should be in the same directory as WNSTORM.


WNSTORM is a data encryption/steganography utility which is pretty secure for
most uses.  Unlike some stego systems WNSTORM is expandible, all you have to
do is write your own LSB injector/extractor for whatever data format you wish
to hide information into.

WNSTORM doesn't require the recipient of the host picture, sound, movie, etc.
to have the original un-stormed picture.  Unlike primitive stego programs,
WNSTORM doesn't compare an stormed picture with an unstormed picture.

WNSTORM will cover its tracks statistically.  If it changes a 0 bit in the
LSB data stream to a zero, or a 1 bit to a 1, it does nothing.  If it changes
a 1 bit to a zero, it will balance itself by changing an unused adjacent 0
bit to a 1.  Ditto for a 0->1 transform.

WNSTORM will NOT change every bit of the LSB in order to prevent detection.
It will use a passkey along with a probabilistic algorithm to decide which
bits it will change.  The algorithm for picking bits depends on the previous
succesfully encoded/decoded cyphertext AND the passkey.

Internally WNSTORM works by picking "windows" or "packets" of bytes out of
either a random number stream or an LSB stream extracted from a picture,
sound, movie, etc.  It then injects eight bits of cyphertext into this window.
Each window is of variable size.  The bit locations where the bits are inserted
are randomly exchanged for each pass.  The bit values are also randomly
exchanged for each pass.

WNSTORM includes an injector/extractor for PCX images, however I will write
more injecotr/extractor programs for it in the future, and OTHERS can do so
as well.



Chapter 3. Shells for PGP.

Section 1. David Merriman's WinPGP26.ZIP

From: "David K. Merriman" <[email protected]>
Subject: Windows PGP shell

I've just finished making an ftp deposit to soda in the cypherpunks/
 incoming directory of WinPGP26.ZIP; it's the latest version of the
 Windows PGP shell Shareware, and understands 2.6/2.6ui/2.7.

Dave Merriman


Section 2. Ross Barclay's WinFront 3.0

From: Ross Barclay <[email protected]>
Subject: PGP WinFront 3.0 Now Available! (New Windows front end for PGP)
To: [email protected], [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

Announcing PGP WinFront 3.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~

A freeware Windows front end for PGP 2.3a and 2.6
Copyright 1994 Ross Barclay ([email protected])

WHAT IT IS:

        - PGP WinFront is the most fully featured free (or
        otherwise) Windows front end available. It will make
        using PGP easy for beginners, and it will drastically
        increase the speed at which experts use it too.

        PGP WinFront is now into is third revision and I have
        tried to implement as many of the suggestions that I
        received as possible. PGP WinFront was designed by
        its users, but was coded by me.

        Features:

        - Supports secret key ring placement on floppy drive
        - Support en/decryption to/from clipboard
        - Move / Copy / Delete files
        - Online hypertext help
        - Online hypertext PGP help
        - Keyring reader to pick names, view key characteristics
        - Keyring reader supports less-often used "huge" keyrings
        - Signature Checker
        - Very configurable - over 25 user-definable settings
        - more . . .

        This program does too much to list here. And it's free!

        This version is a complete rewrite of the popular
        PGP WinFront 2.0. The feature-set has largely been
        set by users who sent in suggestions.

        Please read the file README.TXT and peruse the help
        files. Please send me your comments.

HOW TO GET IT:

        At the moment, there are 2 ways to get this program:

        1) Via FTP

        - The PGP WinFront 3.0 filename is called PWF30.ZIP.

        - It has been uploaded to the incoming directories of
        the following FTP sites:

                ftp.cica.indiana.edu
                ftp.eff.org
                ftp.wimsey.bc.ca
                black.ox.ac.uk
                soda.berkeley.edu
                ftp.informatik.uni-hamburg.de
                ftp.ee.und.ac.za
                ftp.demon.co.uk

        - Hopefully, they will be slotted into the PGP directories
        soon. On CICA, it will be placed into \pub\pc\win3\utils.
        That is where PWF20.ZIP was placed.

        - Once you get the program, please upload it to other
        FTP sites!

        2) From Colorado Catacombs BBS

        - dial (303)772-1062. The file is called PWF30.ZIP

        - once you get the program, please upload it to other
        BBSs.

        *** The mail access system I had was discontinued. This is
        because the file was too big to fit into my account.
        However, you can still register PWF and request certain
        PGP and PWF related items using my mail access system.
        Details of these are on the "About" screen of PWF 30.

- --Ross Barclay


- -------------------------------------------------------------------------
Ross Barclay ([email protected]), Assistant Editor | To receive my PGP
                                                    | public key,  send
PC NEWS Review: Windows Edition                     | me e-mail with the
Bellevue, WA  (206) 399-8700                        | subject: GET KEY
- -------------------------------------------------------------------------
To receive PC NEWS Review, send me e-mail with the subject: GET PNR.
- -------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBLmZ7fdgpRteEZ9JhAQFeXgIAxIpvJQeMsx7YecNgtusBDMqL662XFeX2
qL0qF8HcN4ReZ9MYjtn9t8N1zWGxkPOXQEI3KfM7uk8JTzxjZ5LG2g==
=gSYT
-----END PGP SIGNATURE-----

Chapter 4. Generally cool things.

Section 1. Loompanics sources.
Something cool from Vincent:

Most of the Loompanics Unlimited catalog is online as:

       gopher://gopher.well.sf.ca.us/00/Business/catalog.asc

And you can send mail to them at:

       [email protected]

   You can also get their catalog at:
Loompanics Unlimited
PO box 1197                                                              33
Port Townsend, Wa.
98368                                                                   P id

Send $5.00 for their general catalog - free with any order.

Section 2. Viruses sources.


          AMERICAN EAGLE PUBLICATIONS

Cypherpunks,
   I have found a source of info. that I just must share!

American Eagle Publications, Inc.
P. O. Box 41401
Tucson, AZ 85717

   I'm sure they will send you a catalog just for the asking.

   So, what are they about? They are about VIRUSES! They don't just
carry a couple of virus things - they are the VIRUSES-ARE-US of the
virus world! They have a journal: Computer Virus Developments Quarterly.
They have books on viruses, virus protection, cryptanalysis, the science
fiction book "Heiland", a CD-ROM for $99.95 of several thousand live
viruses, disks of viruses with source code, executable & utilities,
programs & cards for boot protection, & even a virus IDEA computer
system protector.

   Copy follows for two items of particular interest to Cypherpunks:

POTASSIUM HYDROXIDE, KOH
 By the "King of Hearts"
   A sophisticated piece of software which uses ideas first developed by
computer virus writers to secure your computer system against those who
would like to get their hands on the information in it. You give KOH a
pass phrase, & it uses state of the art IDEA data encryption algorithm
to encrypt all of the information on your hard disk & your floppies. It
is, for all intents & purposes, unbreakable, & works well with DOS &
Windows. Many encryption programs offered commercially are easily
cracked, but this one is not.
   Some people call this program a virus, come say it is not. In ways,
it acts like a virus to do some of your security housekeeping for you.
Yet at worst it is a friendly virus that lets you choose when & how
it will replicate.
   program & manual on disk, $10
program, full source, & manual on disk, $20
(Overseas customers add $12: KOH cannot be exported from the US, but
since it was not developed in the US, we will forward your order to the
overseas distributor. Please allow 6 weeks for delivery)


HEILAND
By Franklin Sanders
276 pages, Paperback, 1986

   Here's an entertaining book about America in the year 2020. If you
wonder if it's proper to use viruses in wartime or if such a virus could
be termed "good", this book will give you some food for thought. Sanders
makes use of computer "worms" when the oppressed people of the US attack
the federal government in an all-out war against tyranny. Sanders uses
his worms right too - not as some all-powerful monster. Rather, they are
deployed as part of a larger military strategy. For a book written in
1986, that's not bad!
   And if you're fed up with the government, this book is sure to give
you a vision for the future. Sanders has been part of the mounting tax
protest in this country. He's fought the IRS in court for years & won
some important battles. Unfortunately the government seems to be con-
firming some of his worst suspensions about them. Now you can get a good
dose of his philosophy & his ideas about remedying our problems. And if
you work for the government, don't be offended - this book is doubly
recommended for you!
Book, $8.00

for shipping add $2 per book. 5% sales tax for AZ. residents.

   It is my belief that in the next few years more uses for viruses
than just being a vandal will be found. Also, they may find a place
in protecting our electronic freedom. - for instance virus remailers.
Also see my previous post - The FREEDOM DEAMON. Also, they have a place
in my CHATTERBOX concept(a remailer for chat mode or commands).
"Viruses aren't just for Sociopaths anymore!"
   Also, I suspect the state may start cracking down on virus tech-
nology. Incidentally, did you all know that crypt has a place in modern
viruses? Encryption is used to hide "nasty" code & virus signatures
until they get into the system & decrypt.
                                         Yours Truly,
                                         Gary Jeffers

                                         PUSH EM BACK!  PUSH EM BACK!
                                         WWWAAAYYY  BBBAAACCCKK!
                                         BBBEEEAAATTTTT  STATE  !

Chapter 5. Getting the Cypherpunks' archived & indexed list.

Vincent also tells us about the complete Cypherpunk's text on line
& indexed with fast access times:

Eric Johnson has put one together as:

   http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src


Please don't think that you used to be safe doing something illegal on
this list and that you no longer are.  That would be foolish.

  -- Vince


The "http" is for "Hyper-Text Transport Protocol".  This is not FTP,
though it is a protocol similar in function to FTP.  It is used by
"WWW" (World Wide Web) of which Mosaic is the most popular
implementation.  If you have Mosaic, you can just give the above path.
If you do not have mosaic, you should spend some time trying to get it.
Mosaic makes it really easy to quickly move through lots of information
on the net.  Mosaic is a point and click hypertext interface.  You
can FTP to ftp.ncsa.uiuc.edu and go into Mosaic.


WWW has a simple language for writting your own hypertext documents -
"HTML" (Hyper Text Markup Language).  You can think of this as sort of
like Troff, LaTeX or Postscript, but for hypertext documents.  One page
of HTML can make dozens of normal files easy to access. For example, my
README.html security page points to many normal files:

     ftp://furmint.nectar.cs.cmu.edu/security/README.html

It turns out that the mail database is really in "WAIS" (Wide Area
Information Server).  You can use WAIS directly, though I think it is
easier to use through mosaic.  To use WAIS you would do:

 ws -h pmip.maricopa.edu -d cpindex/Cypherpunks <keyword>

The "ws" may be "waissearch" on your system.  You can get lots of info
on WAIS from ftp://wais.think.com/comp.infosystems.wais-FAQ

As someone pointed out, this "http" method does not yet work with
"lynx" (a text only implementation of WWW) on the cypherpunks mail
database.  It seems it will take a new version of lynx or WAIS for this
to work.  But the Unix "xmosaic" works fine. :-)

This form of global filename starting with something like "ftp://",
"http://", "gopher://" etc is also part of the WWW architecture.
These names are called "URLs" for Universal Resource Locator.

Well, that is probably enough acronyms for today.  :-)

   -- Vince

From: [email protected]
To: [email protected]
Subject: WWW Acronyms (was Re: Cypherpunks' mail database does exist)

Gary Jeffers:
>   Vincent, you  state that a fully archived, indexed cypherpunks
>mailing list exists as:
>http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src
>Ok, so I ftp'ed to pmip.maricopa.edu & tried to get to cypherpunks.src,
>but even the subdirectories weren't there.

The "http" is for "Hyper-Text Transport Protocol".  This is not FTP,
though it is a protocol similar in function to FTP.  It is used by
"WWW" (World Wide Web) of which Mosaic is the most popular
implementation.  If you have Mosaic, you can just give the above path.
If you do not have mosaic, you should spend some time trying to get it.
Mosaic makes it really easy to quickly move through lots of information
on the net.  Mosaic is a point and click hypertext interface.  You
can FTP to ftp.ncsa.uiuc.edu and go into Mosaic.

You also have a typo, it is "Cypherpunks.src" with a capital C.

WWW has a simple language for writting your own hypertext documents -
"HTML" (Hyper Text Markup Language).  You can think of this as sort of
like Troff, LaTeX or Postscript, but for hypertext documents.  One page
of HTML can make dozens of normal files easy to access. For example, my
README.html security page points to many normal files:

     ftp://furmint.nectar.cs.cmu.edu/security/README.html

It turns out that the mail database is really in "WAIS" (Wide Area
Information Server).  You can use WAIS directly, though I think it is
easier to use through mosaic.  To use WAIS you would do:

 ws -h pmip.maricopa.edu -d cpindex/Cypherpunks <keyword>

The "ws" may be "waissearch" on your system.  You can get lots of info
on WAIS from ftp://wais.think.com/comp.infosystems.wais-FAQ

As someone pointed out, this "http" method does not yet work with
"lynx" (a text only implementation of WWW) on the cypherpunks mail
database.  It seems it will take a new version of lynx or WAIS for this
to work.  But the Unix "xmosaic" works fine. :-)

This form of global filename starting with something like "ftp://",
"http://", "gopher://" etc is also part of the WWW architecture.
These names are called "URLs" for Universal Resource Locator.

Well, that is probably enough acronyms for today.  :-)

   -- Vince

PS  I only read cypherpunks once a day, some time after midnight when my
    collection for the day is done.





From: [email protected]
Subject: Accessing the Cpunk WAIS archive

"Gary Jeffers" <[email protected]>
> http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src
> is the location of all the Cypherpunks' posts with index. I can
> get to this place by placing a "www" in front of this instruction.

Do an archie search for lynx or mosaic or some other decent browser.
This is a WAIS indexed archive; no hyper links; you type in a keyword,
and get a list of matching articles, and select one (or more) of them to
look at.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
[email protected]                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA


Chapter 6. Remailers & chained remailers.


From: [email protected] ([email protected] +1-510-484-6204)
Message-Id: <[email protected]>
To: [email protected]
Subject: Re:  Using remailers, chained remailers?

There's somebody who posts a remailer summary to the list about monthly.

There are three or four sets of remailers out there:
- anon.penet.fi, which gives you an account [email protected]
which people can reply to.  Send "Subject: help" to [email protected]
and it'll probably give you a useful reply.  Its big use is for
anonymous Usenet posting with working replies.

- The cypherpunks remailers, which are mostly one-way no-reply mailers;
some also support Usenet posting.  Soda is pretty typical.

- Various enhanced cypherpunks remailers, which have features like
encrypted reply addresses you can attach at the end.

You can get information on using the soda remailer by sending email
to [email protected], with "help" somewhere in the posting;
I'm not sure if it wants it in the Subject: or in the body.
That's the remailer that posts from "Tommy the Tourist" with
random NSA-bait at the bottom of postings.

Here's a recent posting on getting status of remailers.
Note that some really only remail once per day, so they may be
working fine even if it says they're not.

----
Date: Mon, 15 Aug 1994 13:39:33 -0700
From: Raph Levien <[email protected]>
To: [email protected]
Subject: "finger [email protected]" now operational

Hi all,

   I have written and installed a remailer pinging script which
collects detailed information about remailer features and reliability.

   To use it, just finger [email protected]

   There is also a Web version of the same information, at
http://http.cs.berkeley.edu/~raph/remailer-list.html

   Please do not take the uptime figures too seriously, at least for
another week or so. The script has only been running reliably for a
few days.

   Please let me know about any other remailers which I missed. I've
only included remailers which can mail to arbitrary addresses, so I
already know chop and twwells are missing.

   If you've got a Web page, please feel free to include a link to
this page. If you think your Web page is relevant to the subject of
remailers, let me know and I'll link it in.

   Comments and suggestions welcome!

Raph Levien


-------
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email [email protected] [email protected]
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465


Chapter 7. Current problems in Crypt.

1. We need an Internet Chat PGP system for conversations in real time.
   Note: #Freedom channel on the Internet Chat system has carried out
   fast encrypted conversations for years. When a Cypherpunk contacted
   one of their members (Sargent someone), he was politely told that
   their system was private. Sargent was unwilling to disclose method.
   Is their system some kind of security by obscurity code that
   cannot be varied (like by a drop in crypt/decrypt algorithm)? Or
   maybe the crypt method could be a drop in variable method & Sarge
   was unaware of it? Possibly other #Freedom members would be more
   knowledgeable? Possibly, a knowledgeable & diplomatic Cypherpunk
   could hit paydirt by pursuing this.
2. Has Stealth PGP been done yet?
3. Has Arsen Arachelian really solved the problem of discovery of crypt
   in steganograpy by statistical examination of the least significant
   bits in his WNSTROM? I have seen no debate on this.
4. If the Feds capture the internet & put their anti-privacy hardware
   & protocols in place & outlaw remailers, does anyone have any idea
   how to build secure & effective remailers? A "Fortress remailer"?
5. If the above possibility happens & Cyperpunks' list is outlawed,
   does anyone have ideas how to make a "Fortress list"?

                                       PUSH EM BACK! PUSH EM BACK!
                                       WWWAAAYYYY  BBBAAACCCK!
                                       BBBEEEAAATTTT  STATE!