From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cornpop@glia.biostr.washington.edu (Dan Lieberman) Date: Sat, 1 Jan 94 01:48:39 PST To: cypherpunks@toad.com Subject: All of this Death Threat Shit. Message-ID: <9401010953.AA09462@glia.biostr.washington.edu> MIME-Version: 1.0 Content-Type: text/plain Hello Fellow CypherPunks.... I've never posted to this list before, but I've been reading for quite some time. My name is Dan ieberman, and I am a high-school student in the Seattle area. I got interested in Cryptography, after my sister enrolled in a cryptography seminar at the local University. I have been published in Internet World Magazine, and that is my only professional citation. I don't think my little message will hold much water, but I was under the impression, when I joined this list, that the Cypherpunks list was a place for casual conversation about a common hobby, and maybe a place to make alliances and advancements in the cryptography field. For me, it was a place to learn about cryptology. But when it came to this 'Tentacles' and 'Medusa' stuff, I thought that it was getting a little close to the edge, but not too far. Not death threats? Come on guys! I'm 15 years old, and even I'm beyond death threats about senseless matters. I don't think that any of this should have gotten this far. I think people took Mr. L. Detweiler's posts as anything to be serious about. I dismissed them when I saw them, yet some people took them personally. I think L. Detweiler made that clear in some of his last postings. Something to the effect of: If you would have ignored me, I would have gone away. That's how it should have gone. All that's left now is to forgive and forget. ------------------------------------------------------------------------------- From the Virtual Desktop of: -_____ _-_- ,, ' | -, _ /, ' || _ /| | |` < \, \\/\\ || \\ _-_ ||/|, _-_ ,._-_ \\/\\/\\ < \, \\/\\ || |==|| /-|| || || ~|| || || \\ || || || \\ || || || || /-|| || || ~|| | |, (( || || || || || ||/ || |' ||/ || || || || (( || || || ~-____, \/\\ \\ \\ ( -__, \\ \\,/ \\/ \\,/ \\, \\ \\ \\ \/\\ \\ \\ ( ------------------------------------------------------------------------------- Dan Lieberman Internet: cornpop@glia.biostr.washington.edu DBL Technology Services 17031 37th AVE NE Seattle, WA 98155-5426 (206)364-9088 ------------------------------------------------------------------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ferguson@icm1.icp.net (Paul Ferguson) Date: Sat, 1 Jan 94 08:54:22 PST To: cornpop@glia.biostr.washington.edu (Dan Lieberman) Subject: Re: All of this Death Threat Shit. In-Reply-To: <9401010953.AA09462@glia.biostr.washington.edu> Message-ID: <9401011651.AA22931@icm1.icp.net> MIME-Version: 1.0 Content-Type: text Dan Lieberman wrote - > That's how it should have gone. All that's left now is to forgive > and forget. Lighten up, Dan. There's still many of us who don't take this entire fiasco very seriously, so take it with a grain of salt, amigo. Happy New Year, - Paul From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Sat, 1 Jan 94 09:19:02 PST To: Jim_Miller@bilbo.suite.com Subject: Re: Anonymous Video on Demand In-Reply-To: <9312312259.AA25911@bilbo.suite.com> Message-ID: <199401011716.MAA28882@snark> MIME-Version: 1.0 Content-Type: text/plain Jim Miller says: > The Customer and the Video Provider engage in a protocol so that the > Customer ends up receiving 100 compressed and encrypted videos, only one > of which the Customer can successfully decrypt (and uncompress). Can't work. As a mental proof of this, consider -- if such an algorithm did exist, the customer could record the 100 inputs and feed them to the algorithm 100 times, thus getting all 100 videos. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Sat, 1 Jan 94 09:28:49 PST To: Jim_Miller@bilbo.suite.com Subject: Re: Anonymous Video on Demand In-Reply-To: <9401010055.AA27523@bilbo.suite.com> Message-ID: <199401011723.MAA28889@snark> MIME-Version: 1.0 Content-Type: text/plain Jim Miller says: > As I think about it more, the "anonymous video on demand" problem can be > solved with an oblivious transfer protocol. I thought this was impossible, but you've shown a really neat trick for doing it -- congratulations. I'll go off and eat my hat now -- I never thought about the possibility of the vendor not knowing which of 100 keys would actually work! Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Blaze Date: Sat, 1 Jan 94 10:38:53 PST To: cypherpunks@toad.com Subject: Re: Anonymous Video on Demand In-Reply-To: <9401010055.AA27523@bilbo.suite.com> Message-ID: <9401011821.AA24360@crypto.com> MIME-Version: 1.0 Content-Type: text/plain In cypherpunks you write: ... >(The following is adapted from the oblivious transfer protocol described >in "Applied Cryptography" on page 98.) >Say Alice is the Video Vendor and Bob is the customer... >Alice generates a public/private key pair for each movie in her video >database and publishes the public keys in an electronic catalog. Each >public key would be paired with a movie description and a catalog index >number. >Bob downloads Alice's catalog and browses through it offline. Bob makes a >selection, and also randomly picks 99 (or any large number) other catalog >numbers >Bob generates a random DES key and encrypts this key with the public key >associated with his selection. >Bob sends the encrypted DES key and the list of 100 catalog numbers to >Alice. >Alice decrypts the DES key with the private key associated each catalog >number received from Bob. In only one case will Alice successfully >recover Bob's DES key, only she doesn't know which case. >Alice encrypts each movie selection with the resulting DES keys from the >previous step and sends all 100 encrypted movies to Bob. >Bob will only be able to decrypt and view the movie he selected and Alice >wont know which of the 100 movies Bob selected. >Ta Da! .... It just occured to me that when this protocol is implemented with RSA, it is subject to a minor (and unlikely) failure that can allow Alice to determine which video Bob has selected (or at least eliminate some of them). If each video keypair has a different modulus and the one Bob selects has a larger modulus than some of the "dummy" videos, then if the encryption of Bob's session key with his selected video public key results in a message that is close to the modulus itself, the keypairs with moduli that are smaller than Bob's message can be trivially eliminated as candidates. Of course, Bob can easily test for this condition and simply select a new key (or diddle a random confounder in the message) until the encrypted message is smaller than the modulus of any dummy keypairs. -matt From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Sat, 1 Jan 94 13:08:50 PST To: cypherpunks@toad.com Subject: _The Hacker Crackdown_ on-line Message-ID: <9401012109.AA05592@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain Excuse the repost, but this is interesting stuff. From: kadie@cs.uiuc.edu (Carl M Kadie) Subject: _The Hacker Crackdown_ on-line Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL Date: Sat, 1 Jan 1994 20:40:43 GMT The short of it: To access Bruce Sterling's _The hacker crackdown: law and disorder on the electronic frontier_, try gopher -p1/Publications/authors/Sterling/hc gopher.well.sf.ca.us 70 The long of it: I've directed followup to this article to comp.org.eff.talk. I found _The Hacker Crackdown_ with the CAF/WELL whatsnew server (gopher gopher.eff.org 5070). You can access the book via email. For details, send email to archive-server@eff.org. Include the line: send acad-freedom/admin access The electronic version of the book is being released as "literary freeware". Here is the library entry for the paper version of the book. Sterling, Bruce. The hacker crackdown : law and disorder on the electronic frontier / Bruce Sterling. New York : Bantam Books, c1992. xiv, 328 p. ; 24 cm. Includes index. Published simultaneously in the United States and Canada. ISBN 055308058X : $$23.00 ($$28.00 Can.) 1. Computer crimes--United States. 2. Programming (Electronic computers)--Corrupt practices. 3. Telephone--United States--Corrupt practices. I. Title. ocm25-914955 - Carl -- Carl Kadie -- I do not represent any organization; this is just me. = kadie@cs.uiuc.edu = From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: smb@research.att.com Date: Sat, 1 Jan 94 14:04:13 PST To: Anonymous Subject: Re: _The Hacker Crackdown_ on-line Message-ID: <9401012204.AA16135@toad.com> MIME-Version: 1.0 Content-Type: text/plain It's also out in paperback now -- I picked up a copy yesterday. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@shell.portal.com Date: Sat, 1 Jan 94 19:14:08 PST To: cypherpunks@toad.com Subject: anonymous mail Message-ID: <199401020314.TAA19217@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain Testing. 1/1/94 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: doug@netcom.com (Doug Merritt) Date: Sat, 1 Jan 94 20:43:53 PST To: cypherpunks@toad.com Subject: Re: Radiation experiments & not trusting gov In-Reply-To: Message-ID: <199401020443.UAA26974@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Mike Ingle said: >I was disgusted but not particularly surprised to read about these >experiments. It's been known for many years that they deliberately >exposed troops to atomic fallout and chemical weapons to determine >their effects. They also tested LSD, mind control, and truth drugs >on unsuspecting human lab rats. I agree with Perry, and even more with what Mike there. Considering that such *has* been well known for so many years, I was a little bit startled at the current media reaction to the radiation experiments. Did they only just wake up or something? Or more likely, it's just been a few years since the media has had the opportunity to make a fuss over such things, so now it's "fresh news" again, as if that category of things had never happened before. BTW on the subject of how much was known about the long term effects of low level radiation exposure 4 or 5 decades ago: *LOTS*! Let us not forget that the nuclear age was not ushered in during WWII; decades prior to that it was well known that prolonged exposure to low level radiation could cause hideous cases of cancer. Remember the radium elixer cases? The luminous watchdial painters? (I think the latter came up twice; once early on with radium-based pigments, and again later with tritium.) What did Madame Curie die of? Even Roentgen got cancer from x-raying his hand so much. That's a bit of a digression, but people seem to forget, so there it is for the record. >Unfortunately, these people are exactly the type who seek power, and >the culture of militarism and secrecy helps them to ignore any small >amount of humanity they might otherwise have. True enough, but that doesn't really explain why the participating *physicians* did it. Probably 50% callousness and 50% willful ignorance, I would guess. >If you want to change the world, don't protest. Write code! I've been quiet here the last few months because that's what I mainly do. :-) Doug Merritt From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Sat, 1 Jan 94 18:23:50 PST To: cypherpunks@toad.com Subject: radiation experiments and trusting the government Message-ID: <199401020221.VAA29971@snark> MIME-Version: 1.0 Content-Type: text/plain I find the recent disclosures concerning U.S. Government testing of the effects of radiation on unknowing human subjects to be yet more evidence that you simply cannot trust the government with your own personal safety. Some people, given positions of power, will naturally abuse those positions, often even if such abuse could cause severe injury or death. I see little reason, therefore, to simply "trust" the U.S. government -- and given that the U.S. government is about as good as they get, its obvious that NO government deserves the blind trust of its citizens. "Trust us, we will protect you" rings quite hollow in the face of historical evidence. Citizens must protect and preserve their own privacy -- the government and its centralized cryptographic schemes emphatically cannot be trusted. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brad Dolan Date: Sat, 1 Jan 94 21:43:40 PST To: cypherpunks@toad.com Subject: trust your government Message-ID: <199401020538.VAA25128@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain Re. government radiation experiments, radium dial painters, & Marie Curie. Many of the radium dial painters received _stupendous_ doses. So, I surmise, did Marie Curie. Marie Curie, unlike many of the dial painters, lived to a relatively ripe old age. She might done better if she hadn't added the dose of a zillion X-rays to the dose from her internal radium burden. Interestingly, her husband was killed when he was run over by a horse-drawn cart. Anyway, the recent revelations should remind anyone who needs it how much trust should be accorded government. I'll stop preaching to the converted. Regards, bdolan@well.sf.ca.us From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Sat, 1 Jan 94 19:29:12 PST To: cypherpunks@toad.com Subject: Radiation experiments & not trusting gov Message-ID: <01H76NC8VW6G94NAZL@delphi.com> MIME-Version: 1.0 Content-Type: text/plain >I find the recent disclosures concerning U.S. Government testing of >the effects of radiation on unknowing human subjects to be yet more >evidence that you simply cannot trust the government with your own >personal safety. I was disgusted but not particularly surprised to read about these experiments. It's been known for many years that they deliberately exposed troops to atomic fallout and chemical weapons to determine their effects. They also tested LSD, mind control, and truth drugs on unsuspecting human lab rats. >Some people, given positions of power, will naturally >abuse those positions, often even if such abuse could cause severe >injury or death. Unfortunately, these people are exactly the type who seek power, and the culture of militarism and secrecy helps them to ignore any small amount of humanity they might otherwise have. >I see little reason, therefore, to simply "trust" the >U.S. government -- and given that the U.S. government is about as good >as they get, its obvious that NO government deserves the blind trust >of its citizens. What country has ever fallen because of too little oppression, too few prisoners, too little espionage on the people, or too much freedom? >"Trust us, we will protect you" rings quite hollow in >the face of historical evidence. Citizens must protect and preserve >their own privacy -- the government and its centralized cryptographic >schemes emphatically cannot be trusted. Most people know that; they just don't know what to do about it. I have the Time magazine from 1985 announcing Gorbachev's rise to power in the Soviet Union. They interviewed several Russians. Their attitudes were very much like Americans' today: yes, we know it is screwed up, but what can anyone do about it? Public anger grows quietly and explodes suddenly. T.C. May's "phase change" may be closer than we think. Nobody in Russia in 1985 really thought the country would fall apart in 6 years. Politics has never given anyone lasting freedom, and it never will. Anything gained through politics will be lost again as soon as the society feels threatened. If most Americans have never been oppressed by the government (aside from an annual mugging) it is because most of them have never done anything to threaten the government's interests. For example, much of the progress that's been made against media censorship is in danger of being lost in the hysteria over violence. But could the government ban a book today? Of course not, at least not after one person typed it or scanned it into a computer. Technological gains are permanent. The political approach is only useful as a tactical weapon, to hold them off until technological solutions are in place. If you want to change the world, don't protest. Write code! --- Mike From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Blaze Date: Sat, 1 Jan 94 21:14:19 PST To: cypherpunks@toad.com Subject: CFS source code available January 12 Message-ID: <9401020505.AA29673@big.l1135.att.com> MIME-Version: 1.0 Content-Type: text/plain Source code for version 1.0 of CFS, the Cryptographic File System, will be distributed upon request in the United States starting on January 12, 1994. CFS pushes encryption services into the Unix(tm) file system. CFS supports secure storage at the system level through a standard Unix file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. CFS employs a novel combination of DES stream and codebook cipher modes to provide high security with good performance on a modern workstation. CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. CFS runs under SunOS and several other BSD-derived systems with NFS. It is implemented entirely at user level, as a local NFS server running on the client machine's "loopback" interface. It consists of about 5000 lines of code and supporting documentation. CFS was first mentioned at the work-in-progress session at the Winter '93 USENIX Conference and was more fully detailed in: Matt Blaze, "A Cryptographic File System for Unix", Proc. 1st ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993. (PostScript available by anonymous ftp from research.att.com in the file dist/mab/cfs.ps. The version being released differs from the version described in the paper in a few ways: * The encryption scheme has been strengthened, and now provides approximately the security of 3-DES with the online latency of only single-DES. * Support for the smartcard-based key management system is not included. * A few of the tools are not included (in particular, cname and ccat). * The performance has been improved. * The security of the system against certain non-cryptanalytic attacks has been improved somewhat. CFS is being distributed as COMPLETELY UNSUPPORTED software. No warranty of any kind is provided. We will not be responsible if it deletes all your files and emails the cleartext directly to the NSA or your mother. Also, we do not have the resources to port the software to other platforms, although you are welcome to do this yourself. (Note in particular that CFS has not been tested on either Solaris or Linux, and we have no plans ourselves to support either of these systems.) We really can't promise to provide any technical support at all, beyond the source code itself. Because of export restrictions on cryptographic software, we are only able to make the software available within the US to US citizens and permanent residents. Unfortunately, we cannot make it available for general anonymous ftp or other uncontrolled access, nor can we allow others to do so. Sorry. Legal stuff from the README file: * Copyright (c) 1992, 1993, 1994 by AT&T. * Permission to use, copy, and modify this software without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software and in all copies of the supporting * documentation for such software. * * This software is subject to United States export controls. You may * not export it, in whole or in part, or cause or allow such export, * through act or omission, without prior authorization from the United * States government and written permission from AT&T. In particular, * you may not make any part of this software available for general or * unrestricted distribution to others, nor may you disclose this software * to persons other than citizens and permanent residents of the United * States. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED * WARRANTY. IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. If you would like a copy of the CFS source code, please send email to: cfs@research.att.com DO NOT REPLY TO DIRECTLY TO THIS MESSAGE. Be sure to include a statement that you are in the United States, are a citizen or permanent resident of the US, and have read and understand the license conditions stated above. Also include an email address in a US-registered domain, and say whether you'd also like to be included on a developer/user mailing list that is being set up. For a number of reasons, I am unable actually send out code until January 12, 1994. Unless you specify some other format, you'll get a uuencoded compressed tarfile. I'll be at the January USENIX conference in San Francisco, and will announce CFS at the WIP session there. -matt From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ferguson@icm1.icp.net (Paul Ferguson) Date: Sun, 2 Jan 94 07:08:43 PST To: cypherpunks@toad.com Subject: _The_Hacker_Crackdown_, _Three_Years_Later_ Message-ID: <9401021506.AA14149@icm1.icp.net> MIME-Version: 1.0 Content-Type: text/plain I bought Bruce Sterling's book, _The_Hacker_Crackdown_ when it was first published in November 1992. A lot of us followed along with the events outlined in the book in real time, so it was genuinely refreshing to see Bruce author an afterward, "...Three Years Later", in the electronic freeware release, which made its debut on The Well's gopher yesterday. The remainder of the book is available via gopher: gopher.well.sf.ca.us 70 follow the menu options to: /Publications/authors/Sterling/hc Cheers. 8<--------------------- cut here -------------------------- Bruce Sterling bruces@well.sf.ca.us Literary Freeware: Not for Commercial Use THE HACKER CRACKDOWN Law and Disorder on the Electronic Frontier Afterword: The Hacker Crackdown Three Years Later Three years in cyberspace is like thirty years anyplace real. It feels as if a generation has passed since I wrote this book. In terms of the generations of computing machinery involved, that's pretty much the case. The basic shape of cyberspace has changed drastically since 1990. A new U.S. Administration is in power whose personnel are, if anything, only too aware of the nature and potential of electronic networks. It's now clear to all players concerned that the status quo is dead-and-gone in American media and telecommunications, and almost any territory on the electronic frontier is up for grabs. Interactive multimedia, cable-phone alliances, the Information Superhighway, fiber- to-the-curb, laptops and palmtops, the explosive growth of cellular and the Internet -- the earth trembles visibly. The year 1990 was not a pleasant one for AT&T. By 1993, however, AT&T had successfully devoured the computer company NCR in an unfriendly takeover, finally giving the pole-climbers a major piece of the digital action. AT&T managed to rid itself of ownership of the troublesome UNIX operating system, selling it to Novell, a netware company, which was itself preparing for a savage market dust-up with operating-system titan Microsoft. Furthermore, AT&T acquired McCaw Cellular in a gigantic merger, giving AT&T a potential wireless whip-hand over its former progeny, the RBOCs. The RBOCs themselves were now AT&T's clearest potential rivals, as the Chinese firewalls between regulated monopoly and frenzied digital entrepreneurism began to melt and collapse headlong. AT&T, mocked by industry analysts in 1990, was reaping awestruck praise by commentators in 1993. AT&T had managed to avoid any more major software crashes in its switching stations. AT&T's newfound reputation as "the nimble giant" was all the sweeter, since AT&T's traditional rival giant in the world of multinational computing, IBM, was almost prostrate by 1993. IBM's vision of the commercial computer-network of the future, "Prodigy," had managed to spend $900 million without a whole heck of a lot to show for it, while AT&T, by contrast, was boldly speculating on the possibilities of personal communicators and hedging its bets with investments in handwritten interfaces. In 1990 AT&T had looked bad; but in 1993 AT&T looked like the future. At least, AT&T's *advertising* looked like the future. Similar public attention was riveted on the massive $22 billion megamerger between RBOC Bell Atlantic and cable-TV giant Tele-Communications Inc. Nynex was buying into cable company Viacom International. BellSouth was buying stock in Prime Management, Southwestern Bell acquiring a cable company in Washington DC, and so forth. By stark contrast, the Internet, a noncommercial entity which officially did not even exist, had no advertising budget at all. And yet, almost below the level of governmental and corporate awareness, the Internet was stealthily devouring everything in its path, growing at a rate that defied comprehension. Kids who might have been eager computer-intruders a mere five years earlier were now surfing the Internet, where their natural urge to explore led them into cyberspace landscapes of such mindboggling vastness that the very idea of hacking passwords seemed rather a waste of time. By 1993, there had not been a solid, knock 'em down, panic-striking, teenage-hacker computer-intrusion scandal in many long months. There had, of course, been some striking and well-publicized acts of illicit computer access, but they had been committed by adult white-collar industry insiders in clear pursuit of personal or commercial advantage. The kids, by contrast, all seemed to be on IRC, Internet Relay Chat. Or, perhaps, frolicking out in the endless glass-roots network of personal bulletin board systems. In 1993, there were an estimated 60,000 boards in America; the population of boards had fully doubled since Operation Sundevil in 1990. The hobby was transmuting fitfully into a genuine industry. The board community were no longer obscure hobbyists; many were still hobbyists and proud of it, but board sysops and advanced board users had become a far more cohesive and politically aware community, no longer allowing themselves to be obscure. The specter of cyberspace in the late 1980s, of outwitted authorities trembling in fear before teenage hacker whiz- kids, seemed downright antiquated by 1993. Law enforcement emphasis had changed, and the favorite electronic villain of 1993 was not the vandal child, but the victimizer of children, the digital child pornographer. "Operation Longarm," a child-pornography computer raid carried out by the previously little-known cyberspace rangers of the U.S. Customs Service, was almost the size of Operation Sundevil, but received very little notice by comparison. The huge and well-organized "Operation Disconnect," an FBI strike against telephone rip-off con-artists, was actually larger than Sundevil. "Operation Disconnect" had its brief moment in the sun of publicity, and then vanished utterly. It was unfortunate that a law-enforcement affair as apparently well-conducted as Operation Disconnect, which pursued telecom adult career criminals a hundred times more morally repugnant than teenage hackers, should have received so little attention and fanfare, especially compared to the abortive Sundevil and the basically disastrous efforts of the Chicago Computer Fraud and Abuse Task Force. But the life of an electronic policeman is seldom easy. If any law enforcement event truly deserved full-scale press coverage (while somehow managing to escape it), it was the amazing saga of New York State Police Senior Investigator Don Delaney Versus the Orchard Street Finger- Hackers. This story probably represents the real future of professional telecommunications crime in America. The finger-hackers sold, and still sell, stolen long-distance phone service to a captive clientele of illegal aliens in New York City. This clientele is desperate to call home, yet as a group, illegal aliens have few legal means of obtaining standard phone service, since their very presence in the United States is against the law. The finger-hackers of Orchard Street were very unusual "hackers," with an astonishing lack of any kind of genuine technological knowledge. And yet these New York call-sell thieves showed a street-level ingenuity appalling in its single-minded sense of larceny. There was no dissident-hacker rhetoric about freedom- of-information among the finger-hackers. Most of them came out of the cocaine-dealing fraternity, and they retailed stolen calls with the same street-crime techniques of lookouts and bagholders that a crack gang would employ. This was down- and-dirty, urban, ethnic, organized crime, carried out by crime families every day, for cash on the barrelhead, in the harsh world of the streets. The finger-hackers dominated certain payphones in certain strikingly unsavory neighborhoods. They provided a service no one else would give to a clientele with little to lose. With such a vast supply of electronic crime at hand, Don Delaney rocketed from a background in homicide to teaching telecom crime at FLETC in less than three years. Few can rival Delaney's hands-on, street-level experience in phone fraud. Anyone in 1993 who still believes telecommunications crime to be something rare and arcane should have a few words with Mr Delaney. Don Delaney has also written two fine essays, on telecom fraud and computer crime, in Joseph Grau's *Criminal and Civil Investigations Handbook* (McGraw Hill 1993). *Phrack* was still publishing in 1993, now under the able editorship of Erik Bloodaxe. Bloodaxe made a determined attempt to get law enforcement and corporate security to pay real money for their electronic copies of *Phrack,* but, as usual, these stalwart defenders of intellectual property preferred to pirate the magazine. Bloodaxe has still not gotten back any of his property from the seizure raids of March 1, 1990. Neither has the Mentor, who is still the managing editor of Steve Jackson Games. Nor has Robert Izenberg, who has suspended his court struggle to get his machinery back. Mr Izenberg has calculated that his $20,000 of equipment seized in 1990 is, in 1993, worth $4,000 at most. The missing software, also gone out his door, was long ago replaced. He might, he says, sue for the sake of principle, but he feels that the people who seized his machinery have already been discredited, and won't be doing any more seizures. And even if his machinery were returned -- and in good repair, which is doubtful -- it will be essentially worthless by 1995. Robert Izenberg no longer works for IBM, but has a job programming for a major telecommunications company in Austin. Steve Jackson won his case against the Secret Service on March 12, 1993, just over three years after the federal raid on his enterprise. Thanks to the delaying tactics available through the legal doctrine of "qualified immunity," Jackson was tactically forced to drop his suit against the individuals William Cook, Tim Foley, Barbara Golden and Henry Kluepfel. (Cook, Foley, Golden and Kluepfel did, however, testify during the trial.) The Secret Service fought vigorously in the case, battling Jackson's lawyers right down the line, on the (mostly previously untried) legal turf of the Electronic Communications Privacy Act and the Privacy Protection Act of 1980. The Secret Service denied they were legally or morally responsible for seizing the work of a publisher. They claimed that (1) Jackson's gaming "books" weren't real books anyhow, and (2) the Secret Service didn't realize SJG Inc was a "publisher" when they raided his offices, and (3) the books only vanished by accident because they merely happened to be inside the computers the agents were appropriating. The Secret Service also denied any wrongdoing in reading and erasing all the supposedly "private" e-mail inside Jackson's seized board, Illuminati. The USSS attorneys claimed the seizure did not violate the Electronic Communications Privacy Act, because they weren't actually "intercepting" electronic mail that was moving on a wire, but only electronic mail that was quietly sitting on a disk inside Jackson's computer. They also claimed that USSS agents hadn't read any of the private mail on Illuminati; and anyway, even supposing that they had, they were allowed to do that by the subpoena. The Jackson case became even more peculiar when the Secret Service attorneys went so far as to allege that the federal raid against the gaming company had actually *improved Jackson's business* thanks to the ensuing nationwide publicity. It was a long and rather involved trial. The judge seemed most perturbed, not by the arcane matters of electronic law, but by the fact that the Secret Service could have avoided almost all the consequent trouble simply by giving Jackson his computers back in short order. The Secret Service easily could have looked at everything in Jackson's computers, recorded everything, and given the machinery back, and there would have been no major scandal or federal court suit. On the contrary, everybody simply would have had a good laugh. Unfortunately, it appeared that this idea had never entered the heads of the Chicago-based investigators. They seemed to have concluded unilaterally, and without due course of law, that the world would be better off if Steve Jackson didn't have computers. Golden and Foley claimed that they had both never even heard of the Privacy Protection Act. Cook had heard of the Act, but he'd decided on his own that the Privacy Protection Act had nothing to do with Steve Jackson. The Jackson case was also a very politicized trial, both sides deliberately angling for a long-term legal precedent that would stake-out big claims for their interests in cyberspace. Jackson and his EFF advisors tried hard to establish that the least e-mail remark of the lonely electronic pamphleteer deserves the same somber civil-rights protection as that afforded *The New York Times.* By stark contrast, the Secret Service's attorneys argued boldly that the contents of an electronic bulletin board have no more expectation of privacy than a heap of postcards. In the final analysis, very little was firmly nailed down. Formally, the legal rulings in the Jackson case apply only in the federal Western District of Texas. It was, however, established that these were real civil- liberties issues that powerful people were prepared to go to the courthouse over; the seizure of bulletin board systems, though it still goes on, can be a perilous act for the seizer. The Secret Service owes Steve Jackson $50,000 in damages, and a thousand dollars each to three of Jackson's angry and offended board users. And Steve Jackson, rather than owning the single-line bulletin board system "Illuminati" seized in 1990, now rejoices in possession of a huge privately-owned Internet node, "io.com," with dozens of phone-lines on its own T-1 trunk. Jackson has made the entire blow-by-blow narrative of his case available electronically, for interested parties. And yet, the Jackson case may still not be over; a Secret Service appeal seems likely and the EFF is also gravely dissatisfied with the ruling on electronic interception. The WELL, home of the American electronic civil libertarian movement, added two thousand more users and dropped its aging Sequent computer in favor of a snappy new Sun Sparcstation. Search-and-seizure dicussions on the WELL are now taking a decided back-seat to the current hot topic in digital civil liberties, unbreakable public-key encryption for private citizens. The Electronic Frontier Foundation left its modest home in Boston to move inside the Washington Beltway of the Clinton Administration. Its new executive director, ECPA pioneer and longtime ACLU activist Jerry Berman, gained a reputation of a man adept as dining with tigers, as the EFF devoted its attention to networking at the highest levels of the computer and telecommunications industry. EFF's pro- encryption lobby and anti-wiretapping initiative were especially impressive, successfully assembling a herd of highly variegated industry camels under the same EFF tent, in open and powerful opposition to the electronic ambitions of the FBI and the NSA. EFF had transmuted at light-speed from an insurrection to an institution. EFF Co-Founder Mitch Kapor once again sidestepped the bureaucratic consequences of his own success, by remaining in Boston and adapting the role of EFF guru and gray eminence. John Perry Barlow, for his part, left Wyoming, quit the Republican Party, and moved to New York City, accompanied by his swarm of cellular phones. Mike Godwin left Boston for Washington as EFF's official legal adviser to the electronically afflicted. After the Neidorf trial, Dorothy Denning further proved her firm scholastic independence-of-mind by speaking up boldly on the usefulness and social value of federal wiretapping. Many civil libertarians, who regarded the practice of wiretapping with deep occult horror, were crestfallen to the point of comedy when nationally known "hacker sympathizer" Dorothy Denning sternly defended police and public interests in official eavesdropping. However, no amount of public uproar seemed to swerve the "quaint" Dr. Denning in the slightest. She not only made up her own mind, she made it up in public and then stuck to her guns. In 1993, the stalwarts of the Masters of Deception, Phiber Optik, Acid Phreak and Scorpion, finally fell afoul of the machineries of legal prosecution. Acid Phreak and Scorpion were sent to prison for six months, six months of home detention, 750 hours of community service, and, oddly, a $50 fine for conspiracy to commit computer crime. Phiber Optik, the computer intruder with perhaps the highest public profile in the entire world, took the longest to plead guilty, but, facing the possibility of ten years in jail, he finally did so. He was sentenced to a year and a day in prison. As for the Atlanta wing of the Legion of Doom, Prophet, Leftist and Urvile... Urvile now works for a software company in Atlanta. He is still on probation and still repaying his enormous fine. In fifteen months, he will once again be allowed to own a personal computer. He is still a convicted federal felon, but has not had any legal difficulties since leaving prison. He has lost contact with Prophet and Leftist. Unfortunately, so have I, though not through lack of honest effort. Knight Lightning, now 24, is a technical writer for the federal government in Washington DC. He has still not been accepted into law school, but having spent more than his share of time in the company of attorneys, he's come to think that maybe an MBA would be more to the point. He still owes his attorneys $30,000, but the sum is dwindling steadily since he is manfully working two jobs. Knight Lightning customarily wears a suit and tie and carries a valise. He has a federal security clearance. Unindicted *Phrack* co-editor Taran King is also a technical writer in Washington DC, and recently got married. Terminus did his time, got out of prison, and currently lives in Silicon Valley where he is running a full-scale Internet node, "netsys.com." He programs professionally for a company specializing in satellite links for the Internet. Carlton Fitzpatrick still teaches at the Federal Law Enforcement Training Center, but FLETC found that the issues involved in sponsoring and running a bulletin board system are rather more complex than they at first appear to be. Gail Thackeray briefly considered going into private security, but then changed tack, and joined the Maricopa County District Attorney's Office (with a salary). She is still vigorously prosecuting electronic racketeering in Phoenix, Arizona. The fourth consecutive Computers, Freedom and Privacy Conference will take place in March 1994 in Chicago. As for Bruce Sterling... well *8-). I thankfully abandoned my brief career as a true-crime journalist and wrote a new science fiction novel, *Heavy Weather,* and assembled a new collection of short stories, *Globalhead.* I also write nonfiction regularly, for the popular-science column in *The Magazine of Fantasy and Science Fiction.* I like life better on the far side of the boundary between fantasy and reality; but I've come to recognize that reality has an unfortunate way of annexing fantasy for its own purposes. That's why I'm on the Police Liaison Committee for EFF- Austin, a local electronic civil liberties group (eff- austin@tic.com). I don't think I will ever get over my experience of the Hacker Crackdown, and I expect to be involved in electronic civil liberties activism for the rest of my life. It wouldn't be hard to find material for another book on computer crime and civil liberties issues. I truly believe that I could write another book much like this one, every year. Cyberspace is very big. There's a lot going on out there, far more than can be adequately covered by the tiny, though growing, cadre of network-literate reporters. I do wish I could do more work on this topic, because the various people of cyberspace are an element of our society that definitely requires sustained study and attention. But there's only one of me, and I have a lot on my mind, and, like most science fiction writers, I have a lot more imagination than discipline. Having done my stint as an electronic-frontier reporter, my hat is off to those stalwart few who do it every day. I may return to this topic some day, but I have no real plans to do so. However, I didn't have any real plans to write "Hacker Crackdown," either. Things happen, nowadays. There are landslides in cyberspace. I'll just have to try and stay alert and on my feet. The electronic landscape changes with astounding speed. We are living through the fastest technological transformation in human history. I was glad to have a chance to document cyberspace during one moment in its long mutation; a kind of strobe-flash of the maelstrom. This book is already out-of- date, though, and it will be quite obsolete in another five years. It seems a pity. However, in about fifty years, I think this book might seem quite interesting. And in a hundred years, this book should seem mind-bogglingly archaic and bizarre, and will probably seem far weirder to an audience in 2092 than it ever seemed to the contemporary readership. Keeping up in cyberspace requires a great deal of sustained attention. Personally, I keep tabs with the milieu by reading the invaluable electronic magazine Computer underground Digest (tk0jut2@mvs.cso.niu.edu with the subject header: SUB CuD and a message that says: SUB CuD your name your.full.internet@address). I also read Jack Rickard's bracingly iconoclastic *Boardwatch Magazine* for print news of the BBS and online community. And, needless to say, I read *Wired,* the first magazine of the 1990s that actually looks and acts like it really belongs in this decade. There are other ways to learn, of course, but these three outlets will guide your efforts very well. When I myself want to publish something electronically, which I'm doing with increasing frequency, I generally put it on the gopher at Texas Internet Consulting, who are my, well, Texan Internet consultants (tic.com). This book can be found there. I think it is a worthwhile act to let this work go free. From thence, one's bread floats out onto the dark waters of cyberspace, only to return someday, tenfold. And of course, thoroughly soggy, and riddled with an entire amazing ecosystem of bizarre and gnawingly hungry cybermarine life- forms. For this author at least, that's all that really counts. Thanks for your attention *8-) Bruce Sterling bruces@well.sf.ca.us -- New Years' Day 1994, Austin Texas 8<----------------- cut here --------------------------------- ________________________________________________________________________ Paul Ferguson Sprint Managed Router Network Engineering tel: 703.904.2437 Herndon, Virginia USA internet: ferguson@icp.net From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Sun, 2 Jan 94 10:58:40 PST To: cypherpunks@toad.com Subject: POLI: Politics vs Technology Message-ID: <199401021857.KAA16654@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain From: Mike Ingle > But could the government ban a book today? Of course not, at least not > after one person typed it or scanned it into a computer. Technological > gains are permanent. The political approach is only useful as a > tactical weapon, to hold them off until technological solutions are > in place. If you want to change the world, don't protest. Write code! This position seems to be fast becoming cypherpunks dogma, but I don't agree. The notion that we can just fade into cypherspace and ignore the unpleasant political realities is unrealistic, in my view. Have people forgotten the Clipper proposal, with the possible follow-on to make non-Clipper encryption illegal? To the extent this proposal has been or will be defeated, it will happen through political maneuvering, not technology. Have people forgotten the PGP export investigation? Phil Zimmermann hasn't. He and others may be facing the prospect of ten years in prison if they were found guilty of illegal export. If anyone has any suggestions for how to escape from jail into cyberspace I'd like to hear about them. Mike's SecureDrive is a terrific program for protecting privacy. But if we want to keep keys secret from politically-motivated investigations, we have to rely on the very political and non-technological Fifth Amendment (an amendment which Mike Godwin of EFF and others contend does not actually protect disclosure of cryptographic keys). Again, we need to win political, not technological, victories in order to protect our privacy. I even question Mike's point about the government's inability to ban books. Look at the difficulty in keeping PGP available in this country even though it is legal. Not only have FTP sites been steadily closed down, even the key servers have as well. And this is legal software. Sure, this software is currently available overseas, but that is because PGP's only legal limitations are the U.S. patent issues. Imagine how much worse it would be if non-escrowed encryption were made illegal in a broad range of countries, with stringent limits on net access to countries which promote illegal software? Here again, these kinds of decisions will be made in the political realm. Fundamentally, I believe we will have the kind of society that most people want. If we want freedom and privacy, we must persuade others that these are worth having. There are no shortcuts. Withdrawing into technology is like pulling the blankets over your head. It feels good for a while, until reality catches up. The next Clipper or Digital Telephony proposal will provide a rude awakening. Hal Finney hfinney@shell.portal.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Sun, 2 Jan 94 08:53:46 PST To: cypherpunks@toad.com Subject: The Internet Code Ring Message-ID: <9401021652.AA00785@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain THE INTERNET CODE RING! An Interview with Phil Zimmerman, creator of PGP We were sitting in a circle on the floor at the Computers, Freedom, and Privacy conference, March '93 in San Francisco, St. Jude and I with Tom Jennings, Fen La Balme, et al, discussing encryption and other neophiliac rants when a dapper fellow wandered by with a beard on his face and a tie hanging from his neck. He picked up Jude's copy of bOING-bOING number 10 and glanced through it, clearly interested. I later learned that this was Phil Zimmerman, creator of PGP ("Pretty Good Privacy"), so I tracked him down and we talked for the record. Jon: I'm fairly nontechnical, and I'm also new to encryption. I spent some time recently on the cypherpunks' list, and I have a pretty good sense of what's going on, but maybe you can tell me in your own words how you came to write PGP, and what your philosophy is, especially with distribution. Phil: Well, okay. PGP, which means "Pretty Good Privacy" is a public key encryption program, it uses a public key encryption algorithm, which means that you can encrypt messages and you can send them to people that you've never met, that you've never had a chance to exchange keys with over a secure channel. With regular encryption, the kind that everybody has heard about, you encrypt a message, it scrambles it up, renders it unintelligible, and then you send it to someone else, and they can descramble it, decrypting it. They have to use the same key to decrypt it as you used to encrypt it. Well, this is a problem, this is inconvenient, because how are you going to tell them what that key is, what're you going to do, tell them over the telephone? If someone can intercept the message, they can intercept the key. So this has been the central problem in cryptography for the past couple of millenia. There's been a lots of different ways of encrypting information, but they all have this problem. If you had a secure channel for exchanging keys, why do you need any cryptography at all? So, in the late 1970s, somebody came up with an idea for encrypting information with two keys. The two keys are mathematically related. You use one of the keys to encrypt the message, and use the other key to decrpyt the message. As a matter of fact, the keys have a kind of yin-yang relationship, so that either one of them can decrypt what the other one can encrypt. So everybody randomly generates a pair of these keys, the keys are mathematically related, and they can be split apart like cracking a coin in half, and the jagged edges stick together just right. They can publish one of the keys, and keep the other one secret. Now, unlike cracking the coin in half, you can't look at the jagged edge, and figure out what the other jagged edge is going to look like. In fact, you can't look at the published key and figure out what the secret key is without spending centuries of supercomputer time to do it. This means that any time anybody wants to send you a message, they can encrypt that message with your public key, and then you can decrypt the message with your secret key. If you want to send them a message, then you can encrypt the message with their public key, and then they can decrypt it with their secret key. Everybody who wants to participate in this system can generate a pair of these keys, publish one of them, and keep the other one secret. Everybody's published key can end up in a big public key directory, like a phone book, or an electronic bulletin board, or something like that. You can look up somebody's public key, encrypt a message to them, and send it to them. They're the only ones that can read it, because they're the only ones that have the corresponding secret key. J: Are there any such directories now? P: Well, actually, there are starting to be directories like that. For PGP, there are some public key directories on Internet. You can just send an electronic inquiry saying "Give me the key for [somebody]," and it'll send you their key back, their public key. J: The convention I've seen has been the inclusion of the public key in an email message posted to a mailing list. P: You can do that, you can include your own public key when you send a message to someone, so that when they send you a reply, they'll know what public key to use to send the reply. But the problem...there is an achilles heel with public key cryptography, and I'll get to that in a minute. But first, let me explain authentication. If I want to send you a message, and prove that it came from me, I can do that by encrypting it with my own secret key, and then I can send you the message, and you can decrypt it with my public key. Remember I said that the keys are in this yin-yang relationship, so that either one can decrypt what the other one encrypts. If I don't care about secrecy, if I only cared about authentication, if I only wanted to prove to you that the message came from me, I could encrypt the message with my own secret key and send it to you, and you could decrypt it with your public key. Well, anyone else could decrypt it to, because everyone has my public key. If I want to combine the features of secrecy and authentication, I can do both steps: I can encrypt the message first with my own secret key, thereby creating a signature, and then encrypt it again with your public key. I then send you the message. You reverse those steps: first you decrypt it with your own secret key, and then you decrypt that with my public key. That's a message that only you can read and only I could have sent. We have secrecy and authentication. So you get authentication by using your own secret key to decrypt a message, thereby signing the message. You can also convince third parties like a judge that the message came from me. That means that I could send you a financial instrument, a legal contract or some kind of binding agreement. The judge will believe that the message did come from me, because I am the only person with the secret key, that could have created that message. Now, public key cryptography has an achilles heel, and that achilles heel is that, suppose you want to send a message to someone, and you look up their public key, on a bulletin board, for example. You take their public key and you encrypt the message and then send it to them, and presumably only they can read it. Well, what if Ollie North broke into that BBS system? And he subsituted his own public key for the public key of your friend. And left your friend's name on it, so that it would look like it belonged to your friend. But it really wasn't your friend's public key, it was Ollie's public key that he had created just for this purpose. You send a message, you get the bulletin board to tell you your friend's public key, but it isn't your friend's public key, it's Ollie's public key. You encrypt a message with that. You send it, possibly through the same bulletin board, to your friend. Ollie intercepts it, and he can read it because he knows the secret key that goes with it. If you were particularly clever, which Ollie North isn't because we all know that he forgot to get those White House backup tapes deleted...but suppose he were clever, he would then re-encrypt the decrypted message, using the stolen key of your friend, and send it to your friend so that he wouldn't suspect that anything was amiss. This is the achilles' heel of public key cryptography, and all public key encryption packages that are worth anything invest a tremendous amount of effort in solving this one problem. Probably half the lines of code in the program are dedicated to solving this one problem. PGP solves this problem by allowing third parties, mutually trusted friends, to sign keys. That proves that they came from who they said they came from. Suppose you wanted to send me a message, and you didn't know my public key, but you know George's public key over here, because George have you his public key on a floppy disk. I publish my public key on a bulletin board, but before I do, I have George sign it, just like he signs any other message. I have him sign my public key, and I put that on a bulletin board. If you download my key, and it has George's signature on it, that constitutes a promise by George that that key really belongs to me. He says that my name and my key got together. He signs the whole shootin' match. If you get that, you can check his signature, because you have his public key to check. If you trust him not to lie, you can believe that really is my public key, and if Ollie North breaks into the bulletin board, he can't make it look like his key is my key, because he doesn't know how to forge a signature from George. This is how public key encryption solves the problem, and in particular, PGP solves it by allowing you to designate anyone as a trusted introducer. In this case, this third party is a trusted introducer, you trust him to introduce my key to you. There are public key encryption packages currently being promoted by the U.S. Government based on a standard called Privacy Enhanced Mail, or PEM. PEM's architecture has a central certification authority that signs everybody's public key. If everyone trusts the central authority to sign everyone's key, and not to lie, then everyone can trust that they key they have is a good key. The key actually belongs to the name that's attached to it. But a lot of people, especially people who are libertarian-minded, would not feel comfortable with an approach that requires them to trust a central authority. PGP allows grassroots distributed trust, where you get to choose who you trust. It more closely follows the social structures that people are used to. You tend to believe your friends. J: Did you make a conscious decision up front, before you started programming PGP, that you were going to create something that would be distributed in this grassroots way, free through the Internet. P: Well, there were some software parts of PGP that I developed some years ago, as far back as 1986, that I developed with the intention of developing commercial products with it someday. Over the years that followed, I developed a few more pieces that I hoped someday to turn into a commercial product. But, when it finally came down to it, I realized that it would be more politically effective to distribute PGP this way. Besides that, there is a patent on the RSA public key encryption algorithm that PGP is based on. I wrote all of the software from scratch. I didn't steal any software from the RSA patent holders. But patent law is different from copyright law. While I didn't steal any software from them, I did use the algorithm, the mathematical formulas that were published in academic journals, describing how to do public key cryptography. I turned those mathematical formulas into lines of computer code, and developed it independently. J: Did you originally intend to license that? P: When I first wrote the parts of it back in 1986, I did. But I began in earnest on PGP in December of 1990. At that time, I had decided that I was going to go ahead and publish it for free. I thought that it was politically a useful thing to do, considering the war on drugs and the government's attitude toward privacy. Shortly after I stared on the development, I learned of Senate Bill 266, which was the Omnibus Anticrime Bill. It had a provision tucked away in it, a sense of Congress provision, that would, if it had become real hard law, have required manufacturers of secure communications gear, and presumably cryptographic software, to put back doors in their products to allow the government to obtain the plain text contents of the traffic. I felt that it would be a good idea to try to get PGP out before this became law. As it turned out, it never did pass. It was defeated after a lot of protest from civil liberties groups and industry groups. J: But if they could get away with passing it, they would still take the initiative and try. P: Well, yeah, actually...it started out as a sense of Congress bill, which means that it wasn't binding law. But those things are usually set to deploy the political groundwork to make it possible later to make it into hard law. Within a week or so after publishing PGP, Senate Bill 266 went down in defeat, at least that provision was taken out, and that was entirely due to the efforts of others, I had nothing to do with that. PGP didn't have any impact, it turned out, at all. So that's why I published PGP. J: Several of my friends are involved in cypherpunks, and I've been on their mailing list...are you affiliated in any way with cypherpunks? Are you getting their mailing list? P: I was on their mailing list for a couple of days, but I found that the density of traffic was high enough that I couldn't get any work done, so I had them take me off the list. J: The reason I bring cypherpunks up is that they seem to have almost a religious fervor about encryption . I was wondering if you share that. P: I don't think of my own interest in cryptography as a religious fervor. I did miss some mortgage payments while I was working on PGP. In fact, I missed five mortgage payments during the development of PGP, so I came pretty close to losing my house. So I must have enough fervor to stay with the project long enough to miss five mortgage payments . But I don't think it's a religious fervor. J: I'm impressed with the way encryption in general and PGP in particular have caught on with the press, how it's become within the last year. P: Well, PGP 1.0 was released in June of '91. It only ran on MS DOS, and it didn't have a lot of the features necessary to do really good key certification, which is that achilles' heel that I told you about. Theoretically, you could use it in a manual mode to do that, but it wasn't automatic like it is in PGP 2.0 and above. The current release of PGP is 2.2. It's a lot smoother and more polished that 2.0 was. 2.0 was tremendously different than 1.0, and the reason the popularity has taken off so much since September, when it was released, is because it ran on a lot of UNIX platforms, beginning with 2.0. Since the main vehicle for Internet nodes is UNIX platforms, that made it more popular in the UNIX/Internet world. Since Internet seems to be the fertile soil of discourse on cryptography, the fact that PGP 2.0 began running on UNIX platforms has a lot to do with it's popularity since that version was released...Tthat was in September of '92. J: The easiest way to get PGP is through FTP from various sites? P: Yeah. Most of them European sites. PGP 2.0 and above was released in Europe. The people that were working on it were out of reach of U.S. patent law...and not only are they out of reach of patent law, but it also defuses the export control issues, because we're importing it into the U.S., instead of exporting it. Also PGP 1.0 was exported, presumably by somebody, any one of thousands of people could have done it...but it was published in the public domain. It's hard to see how something like that could be published, and thousands of people could have it, and it could not leak overseas. It's like saying that the New York Times shouldn't be exported, how can you prevent that when a million people have a copy? It's blowing in the wind, you can't embargo the wind. J: And by beginning in Europe, you sort of fanned the flame that much better. P: Yeah. J: It seems to have spread globally, and I'm sure that you're hearing a lot about it, getting a lot of response. P: Particularly at this conference (CFP93), yes. J: Do you plan to do more development of PGP, or are you satisfied with where it is.... P: PGP will be developed further. My personal involvement is more in providing design direction and making sure that the architecture stays sound. The actual coding is taking place overseas, or at least most of it is. We do get patches sent in by people in the U.S. who find bugs, and who say, "I found this bug, here's a patch to fix it." But the bulk of the work is taking place outside the U.S. borders. J: Is there a Mac version as well as a DOS version now? P: Yeah, there is a Mac version...there was a Mac version released shortly after PGP 2.0 came out. Somebody did that independently, and I only found out about it after it was released. People have written me about it, and it did seem to have some problems. The same guy who did that version is doing a much improved version, Mac PGP version 2.2, which I believe should be out in a few days...that was the last I heard before I came to the conference. The second Mac development group, that's working on a very "Mac"-ish GUI, is being managed by a guy named Blair Weiss. That takes longer, it's difficult to write a good Mac application, so it's probably going to be a couple of months before that hits the streets. J: Were you involved in the UNIX version, too? P: I did the first MS-DOS version entirely by myself, but it's not that big a distance between MS-DOS and UNIX, so most of it was the same. The UNIX board took place soon after PGP 1.0 was released. After that, many other enhancements were added, and major architectural changes took place to the code, and that's what finally made its way out as version 2.0. J: You're doing consulting now? P: That's how I make my living, by consulting. I don't make anything from PGP. J: Do you think you'll just let PGP take a life of its own, let other people work on it from here out? P: Other people are contributing their code, and other people are adding enhancements, with my design direction. Perhaps someday I'll find a way to make money from PGP, but if I do, it will be done in such a way that there will always be a free version of PGP available. J: I was thinking of the UNIX thing, where everybody's modified their versions of the UNIX Operating System so that some [customized versions] weren't even interoperable. I was wondering if there was a chance that PGP would mutate, whether you're going to keep some sort of control over it, or whether people will start doing their onw versions of it.... P: Well, I don't know, that could happen. There are so many people interested in the product now, it's hard to keep track of everybody's changes. When they send in suggested changes, we have to look at it carefully to see that the changes are good changes. J: But you don't have some sort of structure in place where you do some kind of approval if somebody wants to make some kind of mutant version of PGP.... P: There is a kind of de facto influence that I have over the product, because it's still my product, in a kind of psychological sense. In the user population, they associate my name with the product in such a way that, if I say that this product is good, that I have looked at this and that I believe the changes made sense the last version are good changes, that people will believe that. So I can determine the direction, not by some iron law, not by having people work for me that I can hire and fire, but more by my opinion guiding the product. It would not be easy for a person to make a different version of PGP that went in a different direction than how I wanted it to go, because everybody still uses the version that I approved, so to be compatible...this has a kind of intertia to it, a de facto standard. PGP currently, I believe, is the world's most popular public key encryption program, so that has potential to become a de facto standard. I don't know what that means in comparison to the PEM standard. PEM is for a different environment than PGP, perhaps, although the PGP method of certifying keys can be collapsed into a special case that mimics in many respects the PEM model for certifying keys. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Sun, 2 Jan 94 16:38:42 PST To: cypherpunks@toad.com Subject: Re: Anonymous video on demand Message-ID: <199401030038.QAA28203@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain Of course, with tamper-proof chips this problem can be solved easily. You don't need oblivious transfer. Rather, you get digital tokens from the video provider which you pass on to the tamper-proof decryption chip, where each token is worth a certain amount of decryption. Then you choose which movies you want to decrypt. The only question would be whether the tamper-proof chip would keep a record of your viewing habits. But you should be able to monitor anything it transmits (if it has to transmit anything) and it should not have to send any encrypted messages. So your secrets should be safe. One problem with this approach (and the other ones we have discussed) is that the vendor loses any information about which movies are most watched, which hurts his ability to set prices and choose which movies to carry. Perhaps he could resort to a separate anonymous public-opinion poll to determine this info (protected with is-a-person (is-a-customer?) credentials so that our friend Detweiler can't pseudo-spoof with his multiple tentacles ;-). Or, perhaps another approach is to have a different decryption key for each movie, and to simply sell those keys to anonymous buyers. They would then load them into their decryption boxes. This does seem vulnerable to pirating the keys, though. Piracy could be avoided if the decryption keys were stamped with the serial number of the particular tamper-proof decryption box they were for (so that they would only work with that one box). But then you lose the anonymity. I'm thinking that some form of blinding could be used to produce a key which would only be accepted by one box, but for which the movie seller would not be able to determine which box it was for. This is very similar to the requirement for electronic cash, and I think a similar idea would work. This solution also is a nice example of the uses of anonymous networks. I wonder whether the NII could support DC-nets? :) Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Andrew Loewenstern Date: Sun, 2 Jan 94 15:03:49 PST To: cypherpunks@toad.com Subject: Re: Anonymous Video on Demand Message-ID: <9401022303.AA27235@valinor.cubetech.com> MIME-Version: 1.0 Content-Type: text/plain > It just occured to me that when this protocol is implemented with > RSA, it is subject to a minor (and unlikely) failure that can > allow Alice to determine which video Bob has selected (or at > least eliminate some of them). If each video keypair has a > different modulus and the one Bob selects has a larger modulus > than some of the "dummy" videos, then if the encryption of Bob's > session key with his selected video public key results in a > message that is close to the modulus itself, the keypairs with > moduli that are smaller than Bob's message can be trivially > eliminated as candidates. This protocol also assumes that all of the movies (or pieces of information) cost the same amount. Presumably in the video-on-demand business, a most movies would have the same cost or there would be a few 'levels' of costs with many movies in each 'level.' In that case you would only pick random 'padding' videos that have the same price. However, a video store could easily give all of the horror movies one price, all of the comedy ones another, all the pornos another, etc.... and at least be able to determine the general type of video the customer is purchasing. In a general information market type setup, I would expect that the value of different pieces of information would vary greatly. How would payment of the information be made? In a general information market setup, where the bits of information have varrying values you could do something like the following. in the oblivious transfer protocol, if the hardware used is implemented in tamper-proof chips, the price of each piece of information could be encoded with the information. The chip would store a running total of the prices of information successfully decrypted by the customer. At the end of the month, the box would send the total price to the vendor, which will bill the customer. Depending on the number of pieces of information purchased, the vendor would be able to infer more or less information on the types of info bought by the customer... Also, you could randomly purchase very cheap (or free and worthless) bits of information to make it more difficult for the vendor to figure out what you are interested in... andrew From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@rosebud.ee.uh.edu Date: Sun, 2 Jan 94 14:58:44 PST To: cypherpunks@toad.com Subject: Informed Consent Message-ID: <9401022257.AA12783@toad.com> MIME-Version: 1.0 Content-Type: text/plain You know, this radiation experiment reminds me of another incident. A group of African-American men were injected, without their knowledge or consent, with live syphilis spirochaetes, and studied for a number of years. No attempt at therapy was ever attempted, as I recall, for these individuals. Here is a reference. BRS Number: 000988639 Author: Jones, James H. (James Howard), 1943- Title: Bad blood : the Tuskegee syphilis experiment / James H. Jones. Impr/Ed: New York : Free Press ; Toronto : Maxwell Macmillan Canada ; New York : Maxwell McMillan International, c1993. New and expanded ed. Phys Desc: xv, 297 p. : ill. ; 24 cm. Subjects: Afro-American men -- Diseases -- Alabama -- Macon County -- History. AIDS (Disease) -- United States. Human experimentation in medicine -- Alabama -- Macon County -- History. Syphilis -- Alabama -- Macon County -- History. Syphilis -- Research -- Alabama -- Macon County -- History. Tuskegee Syphilis Study. Other Author: Tuskegee Institute. Notes: Includes bibliographical references and indexes. Language: eng ISBN: 0029166764 (pbk.) LCCN: 92034818 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Mon, 3 Jan 94 06:14:05 PST To: cypherpunks@toad.com Subject: Technology vs. Politics Message-ID: <01H77S8TJEYC93B2W7@delphi.com> MIME-Version: 1.0 Content-Type: text/plain >>But could the government ban a book today? Of course not, at least not >>after one person typed it or scanned it into a computer. Technological >>gains are permanent. The political approach is only useful as a >>tactical weapon, to hold them off until technological solutions are >>in place. If you want to change the world, don't protest. Write code! >This position seems to be fast becoming cypherpunks dogma, but I don't >agree. The notion that we can just fade into cypherspace and ignore >the unpleasant political realities is unrealistic, in my view. >Have people forgotten the Clipper proposal, with the possible follow-on to >make non-Clipper encryption illegal? To the extent this proposal has been >or will be defeated, it will happen through political maneuvering, not >technology. Yes, when something fascistic like Digital Telephony or Clipper comes along, we have to fight it. But if we win, it will just return the next time something scares the government. There can be no permanent victory through politics. The only way to win permanently is to hold them off through politics and public opinion long enough so that everyone has encryption and is using it. If it's widespread enough, it will be impossible both technically and politically to stop it. Stalin refused to build a phone system in the Soviet Union, because he considered it subversive. Could the government take away all our phones today? >Have people forgotten the PGP export investigation? Phil Zimmermann >hasn't. He and others may be facing the prospect of ten years in prison >if they were found guilty of illegal export. If anyone has any >suggestions for how to escape from jail into cyberspace I'd like to hear >about them. Yes, we have to mobilize around the Zimmermann case, and if he actually goes to trial, I'm going to send in my contribution and try to get others to do so. Perhaps the next version of Secure Drive should have a request of the form: if you like this product, please send a contribution to the Phil Zimmermann Defense Fund. They may be able to single out individuals who have put themselves on the spot, but they can't stop the technology. >Mike's SecureDrive is a terrific program for protecting privacy. But >if we want to keep keys secret from politically-motivated investigations, >we have to rely on the very political and non-technological Fifth Amendment >(an amendment which Mike Godwin of EFF and others contend does not actually >protect disclosure of cryptographic keys). Again, we need to win >political, not technological, victories in order to protect our privacy. And the next time there's a Red scare, or a Yellow scare, or any kind of scare, they will say "national security" or "public safety" and start putting people in camps, like the Japanese. Political victories are temporary. Whatever the Constitution says, the fact is it has been blatantly ignored every time the government imagined a threat, starting with the Sedition Act only a few years after the Bill of Rights was passed. The Supreme Court has never stopped one of those actions until after the scare was over. >I even question Mike's point about the government's inability to ban books. >Look at the difficulty in keeping PGP available in this country even though >it is legal. Not only have FTP sites been steadily closed down, even the >key servers have as well. And this is legal software. Yet almost everyone I talk to has a copy. It's on BBSes all over the country, and hundreds of thousands of people have it. Maybe millions, worldwide. I've sent it to many people by modem and on disks. It's even on CD-ROMs. Are they going to confiscate them all? What are they going to do, shoot everyone caught with a copy? That is bad for public relations. >Sure, this software is currently available overseas, but that is because >PGP's only legal limitations are the U.S. patent issues. Imagine how much >worse it would be if non-escrowed encryption were made illegal in a broad >range of countries, with stringent limits on net access to countries which >promote illegal software? Here again, these kinds of decisions will be >made in the political realm. >Fundamentally, I believe we will have the kind of society that most people >want. If we want freedom and privacy, we must persuade others that these >are worth having. There are no shortcuts. Withdrawing into technology >is like pulling the blankets over your head. It feels good for a while, >until reality catches up. The next Clipper or Digital Telephony proposal >will provide a rude awakening. Ultimately the people have to want it. Very true. And the best way to get them to want it is to provide it. Let them see how much more freely they talk when their mail is encrypted. How they can write and store what they want, when their hard drives are encrypted. If the public experiences real privacy, they will want it, and it will be harder to take away. They will even be willing to buy it. In the long run, PGP may well be the best thing that ever happened to James Bidzos, just like the pirating of Altair Basic was the best thing that ever happened to Bill Gates. Politics, the process of politics and the political mindset, is our enemy. Governments cannot create freedom; they can either leave it alone or take it away. We must prevent them from taking it away, until it is so widespread and universal that it can't be taken away. --- Mike From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Sun, 2 Jan 94 16:43:50 PST To: cypherpunks@toad.com Subject: Washington Post Op/Ed on Bobby Ray Message-ID: <9401030041.AA14189@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain extracted from: The Washington Post Sunday, 2 January 1994 pages C1, C2 Outlook; Commentary and Opinion The Pentagon's Secret Garden With Inman's Arrival, Will The 'Black Budget' Grow? by Bill Sweetman Bobby Ray Inman, defense secretary-designate, is not merely the first career military man to hold that position. He is also a lifetime intelligence professional, with a background in cryptography -- which, apart from the operation of covert agents in hostile territory, is the most jealously guarded of all intelligence activities. When Inman ran the National Security Agency, it was a felony to disclose that the multibillion-dollar agency existed. Inman will not find himself lonely in this latest of the several administrations in which he has served. Indeed, the rapid tapping of Inman to replace Les Aspin follows other signs that the Clinton administration shares the previous regime's enthusiasm for secret weapons and covert operations. Since the Berlin Wall came down, the Pentagon has lifted the curtain an inch on a couple of secret projects (a Stealth ship and a tactical missile) but dozens remain hidden -- including, probably, the 4,000-mph spy plane called Aurora and other exotic aircraft. Inman's rise parallels the growth of the secret military, the so-called "black world" that exists within the Pentagon and the defense industry. Although estimates vary, it is likely that more than $15 billion of the Pentagon's annual research, development and production budget is spent on secret projects: about 16 percent of the total and much more than most countries spend to equip their entire armed forces. Secrecy costs billions. The fortified buildings, guards and the vetting bureaucracy are only the start. Newly hired people spend weeks doing nothing, waiting for their clearances. The cost of shuttling workers from Las Vegas and California into remote sites is enormous. Documents and data must be tracked with maniacal care from the printer to the shredder. Ben Rich, former chief of the Lockheed Skunk Works, reckons that the toughest "special access" security rules add 10 to 15 percent to the cost of a project, implying that the Pentagon spends $1.5 billion or more per year on enforcing those rules. The Soviet Union has come apart. Iraq was defeated using (apparently) unclassified technology. If the black world has invented anything newer and more exotic -- which it certainly should have done, with all that money -- America's future adversaries will probably not be able to do much about it even if they know it exists. When the Senate holds hearings on the Inman nominations later this month, it will no doubt wish to consider more than the defense secretary-designate's tax liabilities, "comfort level" with the president or even his prior record in the service of his country. One question in particular that should be asked of Inman is, quite simply: From whom, exactly, is the black world still keeping secrets? Whether we will get an answer is uncertain. Inman is, as a former intelligence officer notes, "steeped in the cult of intelligence." He was the first intelligence professional to be appointed special assistant to the chief of naval operations. He is one of only two Navy intelligence men to be made full admirals. He has been head or deputy chief of four intelligence agencies: NSA, CIA, the Defense Intelligence Agency and the Office of Naval Intelligence. In the early Reagan years, Inman's differences with his boss at the CIA, Bill Casey, have been attributed to Casey's covert operations. The codebreaker Inman, by contrast, leans toward "technical means" of intelligence-gathering: satellites and massive computer data banks. Inman's links to James Guerin, the now-jailed arms wheeler-dealer, and to Guerin's failed International Signal & Control (ISC) conglomerate, provide interesting fodder for Aurora observers. Inman went from the CIA to ISC as a member of an independent proxy board responsible for ensuring that no military secrets passed from ISC's U.S. subsidiaries to its non-U.S. headquarters. In 1992, Inman wrote a letter to the sentencing judge attesting to Guerin's "patriotism," and other ISC defendants have claimed that the company's actions were influenced by the CIA. Although ISC is usually described as a maker of cluster bombs, one of its major subsidiaries was the Marquardt Company. Now owned by Kaiser, Marquardt is the most experienced U.S. developer and producer of ramjets -- engines exclusively used for hypersonic aircraft and missiles. Inman, of course, got his first high-level job, the NSA directorship, from Jimmy Carter. It was Carter, not Reagan, who started the black world's expansion; and when Inman arrives at the Pentagon he will find, in the next-door office, William J. Perry, the Carter appointee who was most closely associated with the black world's growth. In 1976, before Perry was undersecretary of defense for research and engineering, the Stealth project was not even classified. Perry, who earned the title of "the godfather of Stealth," was instrumental in the decision to fast-track Stealth into service, over the doubts of many service chiefs -- and to bury in the Pentagon basement. The new administration promptly removed the project from the civilian-headed Defense Advanced Research Projects Agency and gave it to the Air Force, which concealed its existence. By 1978, Lockheed had a contract for an operational stealth fighter, the F-117, and the Air Force was writing requirements for a Stealth strategic bomber, to become the B-2. Although fighter and bomber projects had never been secret in peacetime, Carter's Pentagon hid both of them. After Reagan's inauguration in 1981, Perry was the only senior Carter appointee to remain at the Pentagon, serving for several months as an advisor to incoming Defense Secretary Caspar Weinberger and helping to get the B-2 project rolling. Perry, who returned to the Pentagon in January 1993 as Clinton's deputy defense secretary, should have a comfortable relationship with Inman, for Perry has long-standing connections to the secret world. In 1964, Perry helped found ESL Inc. (now part of TRW), to develop and produce the electronic eavesdropping equipment that provided Inman and his codebreaking colleagues with their raw material. Perry was ESL's president until he went to Washington in 1977. Perry and Inman are not the only Clinton appointees with black-world credentials. Air Force Secretary Sheila E. Widnall was, for six years, a trustee of the Aerospace Corp., a unique half-billion-dollar-per-year nonprofit organization that provides management and technical support to the Air Force space program -- well over half of which involves black reconnaissance projects that support the CIA and NSA. Secrecy is sometimes necessary, in military affairs, to protect lives in combat. In the intelligence world, lives are often at stake, even in peacetime. But the intelligence community still tags as "secret" information that has already been revealed or can be inferred from observations and from physics (such as the orbits and basic capabilities of spy satellites). The professionals argue that any doubt in an adversary's mind about what you know helps them do their jobs -- which is why the details of "technical means" are so carefully protected. But why they do not consider, and should be made to consider, is the damage that secrecy does to the credibility of the military and hence to its effectiveness in an open society. One example concerns 3,900 acres of public land in the Nevada desert that the Pentagon wants to close under armed guard. The land is adjacent to the Switzerland-seized tract that the Air Force uses for training and where the Department of Energy tests nuclear weapons. A letter from Air Force Secretary Widnall to Interior Secretary Bruce Babbitt says that the land is needed "for the safe and secure operation of the activities on the Nellis range." Widnall's explanation is vague to the point of deceptiveness. The land grab has nothing to do with safety, and everything to do with preventing ordinary U.S. citizens -- who can now easily take a hike to a vantage point on the adjacent public land -- from seeing an Air Force flight-test base known as Groom Lake. But Widnall can't tell Babbitt that, because, officially, Groom Lake does not exist -- never mind that a Russian satellite photo of the base is reproduced in the instructions for the Testor Corp.'s newest Aurora hobby-kit model. No material cleared by the Air Force, even if it concerns events of almost 30 years ago, can mention the base as anything other than "a remote facility." The seizure confirms that Groom Lake is not a monument to the Cold War, but an active flight-test center. It also confirms that the Soviet Union -- as the only nation that posed a direct threat to the United States -- never was the only target of the ultra-tight security that surrounds the Pentagon's gigantic secret or "black" budget. In the Pentagon, however, secrecy is often equated with efficiency. A high-ranking defense executive, an engineer who has worked with the CIA and on Stealth projects, observes that "Bill Perry is in favor of skunk-works projects, created and developed by small teams." Given the Pentagon's own massive bureaucracy, the maze of procurement rules and Congress's insatiable appetite for oversight, secrecy may be the only way for this to work, as it was when Lockheed's Skunk Works created the U-2, SR-71 Blackbird and F-117. Some projects are also concealed for their own protection, the same executive explains: "When you have really radical solutions, the inertia of the establishment is so great that spend all their energy fighting to stay alive." The tank and the submarine, for example, are classic examples of breakthrough ideas that faced strong opposition. The executive compares the black world to Australia -- a place where unique creations can evolve to their full potential without being gobbled up by an established predator. The 535-member board of directors on Capitol Hill does not always help. Some people in Congress try hard to come to grips with the issues. Some find that a new weapon's military utility correlates to the number of jobs it brings to their district. Others are know-nothings who regard military leaders as incompetent, but who would have a hard time explaining how an airplane stays up, let alone how it could be made invisible to radar. Given the erratic behavior of the Washington machine, it is hardly surprising that the professionals sometimes feel justified in stringing razor wire across the kitchen door, the better to keep a hundred amateur cooks away from the soup kettle. Inman's appointment could be good or bad news for those pressing for fewer secrets in the post-Soviet world. Like many intelligence professionals, Inman may believe that unlocking the vaults would be a mistake; his "comfort level" discussions with Clinton may have included an understanding that the White House would respect that view. On the other hand, Inman may have decided that the demise of the Soviet Union does permit more openness, or that it requires radical change to the intelligence structure. In that case, Inman -- as a military man and intelligence professional -- is in a much better position to lead the spooks and soldiers through such changes than Aspin would have been. Inman's confirmation hearings are our only chance to find out which way he plans to go. The opportunity should not be missed. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Detweiler" Date: Sun, 2 Jan 94 19:08:43 PST To: cypherpunks@toad.com Subject: Best Death Threat Yet II Message-ID: <199401030306.UAA02607@longs.lance.colostate.edu> MIME-Version: 1.0 Content-Type: text/plain Here is another interesting death threat. You might have noticed that the previous one I posted had the header line from anon.penet.fi, `x-anonymously-to: an12070'. It would appear on the surface that I posted something that came from anon.penet.fi, was sent to ld231782@longs.lance.colostate.edu, and used the an12070 alias, thereby in posting it compromising my pseudonym. There are some interesting possibilities at this point. * The message was exactly as it appears, proving I am indeed an12070. * I changed the header line so that, where before it was addressed to an[x] where [x] is my anon.penet.fi alias, it became `x-anonymously-to: an12070' I guess the question is: am I stupid? Would I deliberately do this to further the L.Detweiler == S.Boxx speculation or make such a spectacular blunder? Do you trust me not to change headers of mail I post? Do I care if people think I am an12070 or that if my identity is compromised? Am I in a mischievous mood? Did I make up the entire message to gain sympathy? Would I do something that puerile? I suppose you will have to ask an55805@anon.penet.fi. But what if *I* am an55805, and I sent myself that death threat? That would be very amusing, wouldn't it? an55805 might even claim that he sent me *both* letters, and that both are real. It seems to me that the only person that can resolve this is determining who an55805@anon.penet.fi is. But if it is not me, this person is guilty of sending one of the most grisly and overt death threats I have ever received. I doubt it would be illegal but it could get the person in hot water. an55805, why don't you post here and settle this once and for all? Who are you? Did you send me that mail? Can you prove you are not me while at the same time hiding your identity? To add some more interesting fuel to the fire, I will post another message. This one was addressed as `x-anonymously-to: ld231782@longs.lance.colostate.edu'. This message, of course, has nothing to do with whether I am posting through an12070. You are free to make your own decision as to what is real, and what is not. Too bad that in cyberspace, no one knows if you are a liar. BTW, I want to reiterate that I have never threatened N.Sammons, and if he claims that I have, please post the mail. I admit I was extremely upset at him and yelled at him for throwing me off the Colorado Cypherpunks list without telling me and claiming that everyone on the list asked him to without any evidence, and telling others that he did tell me, but I am over it. Even though you haven't apologized, I forgive you Nate. ===cut=here=== From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy <72114.1712@CompuServe.COM> Date: Sun, 2 Jan 94 21:18:43 PST To: Subject: INFORMED CONSENT Message-ID: <940103051508_72114.1712_FHF49-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Nobody wrote: You know, this radiation experiment reminds me of another incident. A group of African-American men were injected, without their knowledge or consent, with live syphilis spirochaetes, and studied for a number of years. No attempt at therapy was ever attempted, as I recall, for these individuals. . . . Actually, this is wrong on two counts. One, the men were not injected with syphilis; they had already contracted it when they went into the program. Two, in most cases, they *were* given therapy. What was withheld was penicillin. The subjects who were treated, were given relatively ineffective and dangerous mercury therapies. Not as bad as Nobody said, but more than bad enough. As an aside, I was watching a documentary on this sad chapter of American history and they interview the guy who blew the whistle on the study. He was a San Franciscan I have known for several years. In all that time, I thought he was just another Second Amendment, gun nut, fellow traveller. You know, you never know. S a n d y >>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an12070@anon.penet.fi () <> Chuck E. Cheese <> () Date: Sun, 2 Jan 94 20:08:43 PST To: cypherpunks@toad.com Subject: cyberanarchy RULEZ!!! Message-ID: <9401030345.AA08556@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain When my son appeared home from work last Tuesday evening just as the 10 p.m. news was beginning, I was pleasantly surprised to see him. Earlier in the day he told me he'd be home around 11 since he was scheduled to be one of the `closers' at Chuck E. Cheese that evening. I hated it when he was scheduled to close on school nights, and I told him so that afternoon. But since his fellow employees and manager had been so kind to him during a recent illness, and since he hadn't been able to earn much Christmas money, I didn't say much more. So when he came in and said, ``Hey, someone else wanted to close tonight, so I didn't have to stay,'' I knew I could lock up and go to bed a little earlier than I'd planned. Then the news bulletin came on: ``There has been a shooting at Chuck E. Cheese pizza parlor in Aurora.'' I yelled and my son came out of the bathroom with his toothbrush still in his mouth. He sat on the edge of the rocking chair watching and waiting for more information. Then he said, pointing his finger at me and shaking, ``I bet I know who it was...'' I questioned him about what he had seen and dialed the police department. The police spoke with him and said they'd send out a detective. Then my son told me about the people who were still at the restaurant when he left. Bobby -- the nicest guy in the world, he said. Sylvia -- a lot of fun. Ben, oh yeah, he was in the game room. Colleen -- she was working the show room. And Marge -- did you know she liked weird pizza -- like spinach and stuff? He spoke about each one as we waited for more information. In the meantime, we heard helicopters and sirens waited for more word. The early reports were sketchy ... Several people had been shot ... Some were still in the restaurant, some were being wheeled out on stretchers .... More on the morning news, they said. We looked at each other in disbelief. I knew that my son had missed being one of the victims by minutes, maybe just a couple of minutes. No one in our family slept well that night. At about 4:30 a.m., I got up. I had been having nightmares anyway, and I wanted to make sure that whatever the news was, I knew it before my son did. I'll help him through it, I thought. He was sleeping on the floor in his brother's room. He didn't want to be alone. As I looked at the front page of the newspaper, I felt some relief that at least some of the people had survived. But then I turned on the early news and learned that all the victims had been shot in the head and that two were dead: Marge and Colleen. I held my sides and wept. My son heard me and came out to watch the news. He urged on those still living: ``Come on, Sylv, come on ...'' I prayed hardest for Bobby. He had offered to close for my son. I didn't know if I could handle it, or how my son would feel, if he didn't make it. But as that day wore on -- that horrible day -- two more would die. There but for the grace of God, I thought. I kept picturing my son's face as he talked to the TV reporters. My child is in shock, I thought. And here I am at work, trying to act as though my world has not been blown apart as well. After a few short hours, I decided I should go home -- I wanted to be there when he came home. I wanted to hold him and tell him I love him. After my son arrived home, the phone rang and rang. People from all over the country were calling to make sure that he was OK. He told his story over and over again. He needs help, I can see, but I don't know how to give it to him. It's so hard to imagine the pain felt by the families of Colleen, Sylvia, Ben, and Marge. I've thought often about how horrible that night was for them and about how hard it will be in the future. It's hard for me to even imagine the depth of my own son's pain. No one taught me how to help my child through a mass murder. I can't explain to him why the police say they are going to call and then don't. I don't know why the alleged murderer was allowed to threaten people for months without anyone challenging him. I'm not sure that it would happen again tonight. Most of all, I'm scared to admit that most people won't attach any responsibility for the situation to anyone but the killer. No parent, no school official, no juvenile or adult law enforcement agency, no former employer recognized and took responsibility for the potential danger of this situation. Maybe that is today's truth. We have become very adept at avoiding responsibility for much of anything. I'm angry at s many people -- and I'm angry with myself. Our young people need our help. They are living through these horrors because we are allowing them too, mostly because we are just too busy to care. They did not, in their short lives, create this violent, irresponsible society. We pretend not to see that we sell them the means of their destruction. I realize that my nerves are raw right now. I just hope that as the days and months go by that we do something meaningful to show our kids that we really mean to help them end the violence that threatens their generation. I am sorry, too, son. I haven't done enough so far. But that doesn't mean that I can't do more now. Please help me. We all need to speak up when we see something going very wrong. If we are going to effect an real change, I'll need your energy and commitment to push me. And I will take responsibility for my part. It isn't too late, son. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an12070@anon.penet.fi () <> James Bond 007 <> () Date: Sun, 2 Jan 94 22:48:43 PST To: cypherpunks@toad.com Subject: Current Operational Status Message-ID: <9401030623.AA23221@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain We (operation Cyberanarchist Repression and Poison) thought you might like an update of our current status and future plans. We have been extremely busy! So much has happened lately! Remember when we said, > You have 24 hours before we >launch our next cyberspatial strike. That was a reference to Operation Tick-Tick-Tick. We were really delighted with the outcome of this attack, we made very significant gains in our campaign, and there were some stellar fireworks. The sequence of Usenet posts equating cyberanarchists with drug users and Sodomites found great response. The Cyberanarchist glossary was unchallenged! We nailed the szabo@netcom.com tentacle mercilessly, and he is afraid to show his sickly green face any more. The Pit Bull (His Royal Eminence) showed up to make a fatal mistake in exposing the Szabo tentacle, and we nailed him some too (his brilliant smear tactics give us more ideas ourselves!). As usual, Emminent Eric has been rather quiet. We did spoof him spectacularly with that Apology feint. `I never wanted a brainwashed follower.' `Democracy stinks.' `I am the anti Christ.' Ha, ha. Tantalizing Timmy showed up a bit `out there' to further whine, evade, and threaten, and tell us that he doesn't know anything about drugs! He says he has a gun, and isn't afraid to use it! Fantastic! `The rumors about high level conspiracies and drug use are false' he says. Ooops, have you talked to Ingenuous John? (hee, hee). You guys really have to work on getting your stories straight. It's pretty pathetic. As for the BS, we don't know who it is you saw at your last Cypherpunk party and their California IDs. Must have been some cardboard cutouts! Oh, what fun. This is all in addition to the shrapnel wounds on the public lists (we have no comment on the private ones!). We appreciate your feedback in all areas. What did you think of the delightful poetry? How about the Nazi Espionage story? That brought tears to our eyes when we thought how much your own Big Macs have surpassed the Fuhrer in their own present glories and future ambitions. Perhaps the people `out there' on Usenet will be similarly impressed ... ? === Nevertheless, the Big Macs don't seem to understand that we have long since lost interest in the tentacle exorcisms, although we like to continue to play to keep our practice. We have graduated to the Big Leagues and they are still scratching their crotches in the minors. Full fledged exposure! The Cypherpunk Credit union for money laundering! the black markeeting! the tax evasion! The lies in the media! The secret mailing lists! Thank you so much for finally coming clean (or at least opening a few windows to diminish the stench) in some key areas. Our next projects should help encourage you to continue this wonderful Glasnost, where before we had the KGB. Once again, we remind you that you can relent and surrender at any time. Some of the things we are interested in at the moment: 1. Further information on the media deceptions in Wired and NYT. These are very difficult to unravel. 2. A complete status report of the TX bank and CA credit union. Maybe some more info on the `real' Chaum link. 3. A complete comment by the Big Macs on their knowledge and involvement in pseudospoofing and all the `quasi-legal' activities. 4. A complete list of all the secret mailing lists. Your subscribers to this list would probably be interested in this too, why not post it publicly? After all, they don't know that all the *real* development is being done under the table. Kind of ironic, too, how long people were asking for a `list split', not knowing that it had already been done in secret. Ah, a pity, but that is your modus operandi. But, since in the true spirit of warfare we must be prepared for any eventuality, including the continued persistence and tenacity of the enemy. So you know, here are some of the operations we are planning over the coming weeks and months, listed in scale of seriousness and potency. Operation SQUISH - a very sophisticated and comprehensive simultaneous attack on many fronts that will involve a `grass roots' approach vs. the last `top down' attack in the newsgroups. Medusa keeps asking for our complete knowledge. This will lay it all out on the table for everyone to examine -- a complete list of tentacles, Small Fries, Big Macs, Poison Needles, Medusa Sisters, and Medusa. It will also be a bit disorienting for you in the spirit of our favorite tactics of `polymorphic paragraphs'. You really seem to get a buzz from that. If you think that the last Usenet strike was bad, wait 'til you see what happens with this one! Operation Octopus - this is the multiple pseudonym and agent project. We plan to have at least a dozen (hence the name) posting simultaneously to many different lists and the newsgroups. But the overhead on this is very significant, and it will take us awhile to gear up and build the infrastructure to the point we can `engage'. You have seen more of these agents lately `out there', but our coordinated attack will take some more planning. Hopefully, these operations will crack the nut. It is already wobbling, splintering, chipping, and shaking. But this is a tough nut to crack. The following operations are far more insidious and devastating. We have been hinting about them in various places. They are our `secret weapons' -- the will require some further developments, but will be immensely effective in destabilizing your technology and `movement'. Operation Duplicity - extremely top secret. Let's just say, you will be seeing double, and triple, and quadruple, and ... Operation Apocalypse - extremely top secret. Let's just say, Robert Morris and Richard Depew would be proud ... Of course, in the meantime your list will be subject to the same drizzle of froth that has you so excited lately. And we'll probably recycle some of our better artillery to strategic positions `out there' on Usenet some more. We wish to thank T.C.May personally for all the stellar ideas in Reputation Assault and Cyberspatial Sabotage. What's good for the criminal is good for the police, so to speak! Finally, just to let you know, we are going to take a momentary breather here and scale back all the current operations somewhat to reorganize and retrench before the next onslaught, so enjoy the respite. Happy New Year! p.s. you might want to see this below. This software and attack report was part of our last strike, Operation Tick-Tick-Tick. The software for the new operations is far more complex (you know how difficult it is e.g. to track multiple identities well), partly the reason for the delay. === #!/bin/csh -f sleep 518400 echo insider echo `date` nick "Cryptoanarchist Assassination Squad" send ./insider& sleep 86400 #1 day echo glossary echo `date` nick "T.C.Hughes" send ./gloss1& send ./gloss2& sleep 86400 echo szabo echo `date` nick "GCHQ" send ./szabo& sleep 86400 echo druggies echo `date` nick "Pablo Escobar" send ./druggies& sleep 86400 echo homo echo `date` nick "A.Pervert" send ./homo& sleep 86400 echo tcmay echo `date` nick "The Allied Forces" send ./tcmay& sleep 86400 echo conspiracy echo `date` nick "S.Boxx" send ./conspiracy& === insider Mon Dec 13 15:58:36 UTC 1993 [1] 8930 [1] + Done send ./insider glossary Tue Dec 14 15:58:57 UTC 1993 [1] 10919 [2] 10920 [2] + Done send ./gloss2 [1] + Done send ./gloss1 szabo Wed Dec 15 15:59:26 UTC 1993 [1] 13139 [1] + Done send ./szabo druggies Thu Dec 16 15:59:52 UTC 1993 [1] 15347 [1] + Done send ./druggies homo Fri Dec 17 16:00:31 UTC 1993 [1] 17894 [1] + Done send ./homo tcmay Sat Dec 18 16:03:15 UTC 1993 [1] 20016 [1] + Done send ./tcmay conspiracy Sun Dec 19 16:03:52 UTC 1993 [1] 21253 ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: m5@vail.tivoli.com (Mike McNally) Date: Mon, 3 Jan 94 05:14:00 PST To: cypherpunks@toad.com Subject: Re: Current Operational Status In-Reply-To: <9401030623.AA23221@anon.penet.fi> Message-ID: <9401031310.AA29540@vail.tivoli.com> MIME-Version: 1.0 Content-Type: text/plain Well, if there ever was any doubt about his sanity: #!/bin/csh -f It is a terrible thing to lose one's mind. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: paul@poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 3 Jan 94 06:28:58 PST To: MIKEINGLE@DELPHI.COM Subject: Re: Hoax or ??? In-Reply-To: <9312310552.AA11958@news.delphi.com> Message-ID: <199401031425.AA20729@poboy.b17c.ingr.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Be aware that Colin James is pushing his own, newly-patented encryption system as an alternative to RSA. It appears to be a simple XOR stream but I don't have full details. However, based on the tenor of his other postings to comp.lang.ada, I think it's probably safe to take him lightly. - -Paul - -- Paul Robichaux, KD4JZG | Richard Davis was twice convicted of kidnapping. Intergraph Federal Systems | He was released twice; then he killed Polly Klaas. Not speaking for Intergraph| Why wasn't he in jail? Why's he still alive? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLSgqzCA78To+806NAQFFEgQApeEp5ugkVYABjkydxVi6T2j5l6VxD9JU OztavBXn1N8fZBiD76tDGAhqjdwtiNzLS99+alaXXM4nWyrvLJxi3tYKhjuR3D2T Uu2fRFDmFH8nA8jXRPR+dX+ZfXuqmQnmDjpnu/yz5uN/BDONUpSuF36Lmq46Eofh /slBiS+Tpak= =jzyy -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ferguson@icm1.icp.net (Paul Ferguson) Date: Mon, 3 Jan 94 05:33:58 PST To: m5@vail.tivoli.com (Mike McNally) Subject: Re: Current Operational Status In-Reply-To: <9401031310.AA29540@vail.tivoli.com> Message-ID: <9401031332.AA05881@icm1.icp.net> MIME-Version: 1.0 Content-Type: text Mike McNally writes - > Well, if there ever was any doubt about his sanity: > > #!/bin/csh -f > > It is a terrible thing to lose one's mind. If you think that is bad, you should surf comp.org.eff.talk this morning. Gads. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: SINCLAIR DOUGLAS N Date: Mon, 3 Jan 94 12:24:06 PST To: cypherpunks@toad.com Subject: Subscription Message-ID: <94Jan3.151901edt.2113@cannon.ecf.toronto.edu> MIME-Version: 1.0 Content-Type: text/plain A little while ago, my account name changed. I sent a message to cypherpunks-request asking for my subscription address to be changed. I got no response, and cypherpunks is not being delivered to my new account. (Don't know about the old one -- it's gone). So.... Does cypherpunks still exist, or did it get blown away by the TLAs while I wasn't looking? Is Eric on a protracted holiday and just not reading request mail? Did Toad go down? What gives? If anyone can set me straight, please mail me. Thanks. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Romana Machado Date: Mon, 3 Jan 94 10:58:58 PST To: cypherpunks@toad.com Subject: Jobba the Hunt Message-ID: <9401031857.AA09739@apple.com> MIME-Version: 1.0 Content-Type: text/plain Friends, extropians, cypherpunks: The year is new, I hope to find a new job, too. If you are involved in, or know about, forward-looking projects that would interest me, I'm looking forward to hearing from you. IUve achieved quite a few personal goals recently: I've launched and publicized Stego, the first steganography tool for the Macintosh, developed a part time job as a print model, worked on various extropian essays, traveled and vacationed. Once again, it's time to find work, so I am posting my resume. Romana Machado 19672 Stevens Creek Blvd. #127 Cupertino, CA 95014 EMail: romana@apple.com Phone: (408)446-9486 Objective I am looking for an intellectually challenging opportunity as a Macintosh developer, or a combined software development/quality assurance position. I am available on a contract, consulting, or project- by-project basis. I am willing to telecommute, but not to relocate. Skills Software development, quality assurance, electronic mail systems, networking, database interfaces, device interfaces, object-oriented software design, Macintosh QA tools, PowerShare, Symantec C++, Think Class Library, MPW, C, Hypercard, Turbo Pascal, DOS. Experience Macintosh Software Developer, Paradigm Shift Research, Sep '93 - Present. Developer of Stego, the first shareware steganography tool for the Macintosh. Stego 1.0 is a data security tool that embeds data in Macintosh PICT files without changing their size or appearance. Stego was developed using Symantec C++ and the Think Class Library. Source code and software are available for review on request. Macintosh Quality Assurance Lead Engineer, Apple Computer, Inc. Nov '91 - Sep '93. Member of Macintosh Technology Group in Information Systems & Technology division. Lead QA engineer for a mail server gateway bridging AppleLink and PowerShare/PowerTalk. Authored comprehensive test plans based on IEEE specs for several products. Implemented automated and manual testing, maintained regular reporting. Provided general support to development engineer: installed PowerShare networks and gateways, created icons and graphic art for products, etc. Reviewed and corrected documentation. Tested gateway functions of PowerShare messaging and mail for PowerShare QA team. Also provided quality assurance engineering and testing for several database front-end products, including DAL Terminal 1.1, Data Browser 1.1, Software Asset Librarian, and Pablo 1.3. Macintosh Quality Assurance Engineer, Intuit, Menlo Park, CA. Dec '90 - May '91. QA engineering for Macintosh Quicken 3.0. Implemented structured test plan and tested user interface, report generation. Macintosh ROM Toolbox Test Engineer, Apple Computer Inc., July '89 - March '90. Test engineering and test tool development using MacApp. Tested File Manager, Sound Manager, Device Manager. Maintained regular reports with Radar. Database Programmer, Afghan Refugee Fund, Los Altos, CA. June '87 - May '90. Extensive programming of a large mail address database for a charity, using DBase III+ compiled using Clipper. Software Developer, Strategic Decision Group, Palo Alto, CA. March '89 - July '89. Developed a printing and graphics interface for SuperTree, a financial decision analysis system. Staff Engineer, Stanford University Department of Communication. Mar '88 - Nov '88. Designed and developed LiVE, a communications research tool that constructs video sequences using a laserdisk video player driven by an IBM AT computer. Developed graphics tools for data analysis for psychophysiology research. Developed Hypercard XCMDs that provide a direct interface to the Macintosh's four-voice synthesizer. Staff Engineer, Stanford University Psychophysiology Lab, June '86 - Mar '88. Developed custom software for psychophysiology research. Created graphics tools for visual analysis of data. Wrote applications that used a variety of low-level hardware device interfaces for multichannel analog-to-digital devices. Software Engineer, Greenleaf Science Software, Palo Alto, CA. Dec '85 - June '86. Member of startup team. Assisted in the development of a Apple II GS based physiological data recording system. Extensive structured programming in Apple Pascal. Education Bachelor of Arts in English, minor in Mathematics/Computer Science, San Jose State University, 1986. MPW, C++ classes at Apple Developer University, 1990. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jim choate Date: Mon, 3 Jan 94 10:48:57 PST To: cypherpunks@toad.com Subject: Help, I am moving... Message-ID: <9401031833.AA23393@wixer> MIME-Version: 1.0 Content-Type: text/plain Would somebody please e-mail me the addresses and proceedures that I need to follow to unscubscribe this account and move to another account now and finaly my own internet machine in about 3 weeks. I realize this has been put out before but for some reason I never thought about saving them...(duh). Thanks for the help. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy <72114.1712@CompuServe.COM> Date: Mon, 3 Jan 94 17:28:57 PST To: Subject: TECHNOLOGY v. POLITICS Message-ID: <940103180827_72114.1712_FHF52-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mike Ingle wrote: . . . when something fascistic like Digital Telephony or Clipper comes along, we have to fight it. But if we win, it will just return the next time something scares the government. There can be no permanent victory through politics. The only way to win permanently is to hold them off through politics and public opinion long enough so that everyone has encryption and is using it. . . . Absolutely correct. It reminds me of the Soldier of Fortune t-shirt: PEACE THROUGH SUPERIOR FIREPOWER Works for me. S a n d y >>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLShUR05ULTXct1IzAQGrxQP9Gpr/iXLetX+c7C++SAZ6ZlnYmS6H5ECr 40yUfz+j1wZvkEQztt+dqpU9Jvfi79I3TtBf6nJH1BNGrHfmIUxGZQ0srK2ccoIv 6bjX6QwgUwADMKQvmsn+v1NMlC9vGrEIyih3c2rH/CsSHkPkNI28wjC90ROvzMhU oSGeOaOOQyk= =I/Io -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: collins@newton.apple.com (Scott Collins) Date: Mon, 3 Jan 94 14:54:09 PST To: pkalaher@arhu.umd.edu (Patrick Kalaher) Subject: Re: Question for article Message-ID: <9401032251.AA08254@newton.apple.com> MIME-Version: 1.0 Content-Type: text/plain >Say someone fucks you over (real or imagined) or flames you severely. What >sort of nasty things can you do to them or their data? You know, like >e-mail bombings etc. I don't need particulars, since this is pointed at a >mainstream audience. (It also might not get published if the technophobic >editor(s) think its too risque, if you know what I mean.) You can: - 1 - If the damage done you was real, not just an annoyance, then you might litigate. - 2 - Otherwise, or if there is reason to believe that it was without intent, then you could be a grown-up: live and learn. Purile retaliation is the demesne of bullies and children. >I have some ideas already, but I'd like to hear from the pros. :-> This sounds like people who study martial arts so they can `really kick some ass'. Serious students of many disciplines consider it for defense only. This is the case with the technology of privacy. You have seriously mistaken this list. This is not a list of `expert electronic vigalantes' who deal out home brew justice. This is a group of people with concerns about technological encroachment on personal privacy, and ensuring that the information age doesn't swallow law abiding citizens into a new world of glass houses. I am sorry to say I can easily imagine what you must have been reading to give you this impression. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins@newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2B Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brad Dolan Date: Mon, 3 Jan 94 14:54:07 PST To: cypherpunks@toad.com Subject: Here come the data fascists Message-ID: <199401032253.OAA00394@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain Well, here it comes guys: --------------------------------------------------------------------- LET'S MAKE SURE GOVERNMENT STEERS DATA HIGHWAY IN THE RIGHT DIRECTION San Jose Mercury News Sunday, January 2, 1994 By LAWRENCE J. MAGID (...) Do we really need Al Gore, Bill Clinton, Congress, the FCC, the FTC and countless other bureaucracies meddling in this new industry? The answer is a qualified yes. While industry will and should take the lead in developing new products and services, it is the role of government to take the long view to assure that these services are implemented in a way that is fair and fruitful. We don't need unnecessary bureaucracies, but we also don't want the educational equivalent of lead poisoning or data equivalent of gridlock. The government's role is especially crucial in a world where physical geographic borders are increasingly irrelevant. Think about the cybernetic equivalent of illegal immigration and smuggling. The Internet doesn't have border patrols to protect our intellectual property. The government must be involved, but, as the Vice President has promised, it must also leave lots of room for both entrepreneurs and the corporate giants to play their hands. (...) Lawrence J. Magid writes a telecommunications column weekly for the Mercury News and is author of ''The Little PC Book, a Gentle Introduction to Personal Computers.'' You can write to him via Mercury Center Online at LarryMagid or the Internet at magid@latimes.com. ---------------------------------------------------------------------------- Crypto? Why that would make it impossible for the data police to do their jobs! Anyway, only someone with something to hide would use crypto! Try to hold 'em off with this one, it worked elsewhere for a while: "When crypto is outlawed, only outlaws will have crypto". It's like listening to the raindrops at the start of a storm. Corporate America just woke up and realized we have a good thing that it doesn't control. It will soon rectify that. Pessimistically yours, bdolan@well.sf.ca.us From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: a2@ah.com (Arthur Abraham) Date: Mon, 3 Jan 94 15:04:07 PST To: cypherpunks@toad.com Subject: Clipper FOIA requests... In-Reply-To: <9312301606.AA03222@ah.com> Message-ID: <9401032302.AA04065@ah.com> MIME-Version: 1.0 Content-Type: text I would like to publicly thank John Gilmore for his tireless pursuit of this important issue. -a2 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Arthur Chandler Date: Mon, 3 Jan 94 15:18:59 PST To: "Curtis D. Frye" Subject: Re: Question for article In-Reply-To: <9401032213.AA28289@ciis.mitre.org> Message-ID: MIME-Version: 1.0 Content-Type: text/plain There is an excellent essay in the December 21 issue of *The Village Voice* that talks about, among other things, the distinction between anonymity and pseudonymity in the NET (on MOOs in particular). There has been a small amount of calm discussion about pseudonymity on Cypherpunks, and I don't want to revive the embers; but the distinction the VV author (Julian Dibbell) makes between the abusive behavior often masked by anonymity and the more mature concern for one's pseudonymous reputation would make good background reading for anyone wanting to mull over this issue in print. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Duncan Frissell Date: Mon, 3 Jan 94 14:54:13 PST To: CYPHERPUNKS@toad.com Subject: POLI: Politics vs Technol Message-ID: <199401032049.AA12825@panix.com> MIME-Version: 1.0 Content-Type: text/plain H>Have people forgotten the Clipper proposal, with the possible H>follow-on to make non-Clipper encryption illegal? To the extent this H>proposal has been or will be defeated, it will happen through political H>maneuvering, not technology. If it got that far, a ban on unapproved crypto would be defeated by litigation not politicking. There is no chance that a crypto ban would be upheld by the Supremes these days. The courts have explicitly ruled that one can speak other languages (than English) if one wishes. Crypto is just another language. H>Have people forgotten the PGP export investigation? Phil Zimmermann H>hasn't. He and others may be facing the prospect of ten years in prison H>if they were found guilty of illegal export. I'd like to see some indictments first. The trial would be fun. Long sentences are unlikely in any case. H>If anyone has any suggestions for how to escape from jail into H>cyberspace I'd like to hear about them. The same way one survives and atomic bomb (for those who asked) by *not* being there when it goes off. Those indicted have two years prior to trial to leave the country. Anyone who can't figure out how to flee the jurisdiction in two years deserves prison. H>Mike's SecureDrive is a terrific program for protecting privacy. But H>if we want to keep keys secret from politically-motivated H>investigations, we have to rely on the very political and H>non-technological Fifth Amendment (an amendment which Mike Godwin of EFF H>and others contend does not actually protect disclosure of cryptographic H>keys). Again, we need to win political, not technological, victories in H>order to protect our privacy. Encryption alone will absolutely protect the 99.99% of communications that are never the subject of any government disclosure orders. Investigations take *serious* money. The government can only investigate (let alone prosecute) a very small number of individuals. Since much of their attention will necessarily be on others, the members of this list -- much less the general public -- have little to worry about. What's the big deal. Dan White emptied his revolver into the Mayor of the City of San Francisco, reloaded, and then emptied it again into the body of a member of the Board of Supervisors. For this crime, he served 5 years and 2 months. Since nothing we are doing is worse, we can't serve more than that amount of time. (I know, I know. Just kidding.) The criminal justice system is a pretty dull tool, however. The Feds have lost most of the big political cases that went to trial over the last few years. They lost all but one of the insider trading cases. They lost the BCCI case. They lost the Ollie North prosecution. They lost the Steve Jackson games case. In confrontations with the Feds, behave like the guy who was acquitted of insider trading in the Princeton Partners case -- wear a Cat hat reading "Shit Happens" to all the negotiating sessions. Remember too that in the absence of war, 99.99% of the damage "the government" does to you is actually self inflicted. Don't obey. Don't line up. Don't fill out the proper forms, properly. Don't give them your right name and address. Keep fixed in your mind the words of the first rebel, a fallen angel, who said, "Non Servatum" (I will not serve). DCF Who will request that the jury at *his* trial be required to watch Schindler's List. --- WinQwk 2.0b#1165 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: baumbach@atmel.com ( ) Date: Mon, 3 Jan 94 13:38:58 PST To: cypherpunks@toad.com Subject: Risk and Opportunity Message-ID: <9401032054.AA09864@trident.chp.atmel.com> MIME-Version: 1.0 Content-Type: text/plain I stumbled onto a pair of programs called seejunk.exe and prune.exe this past week. It seems that files are stored on disk media in fixed units called clusters. Your file size is usually not an integral multiple of disk clusters in size, so the ends of your file is followed by random data to fill up that last cluster. Random is a bad choice of words though. I suppose each system is different, but under DOS, the extra fill data is a copy of a piece of whatever you had in memory at the time your system wrote the file. You could have information written to disk that you do not wish to have there, and seejunk.exe will show it to you ... and anyone else. prune.exe is the solution offered. Using this program, I wrote "This space intentionally left blank " repeating in the 5K of space sitting at the end of the doc file for these two programs. That was the risk and the fix available. There is also an opportunity here. Encrypted information could be stored at the end of your files. In other words this is an opportunity for steganography. You would have to be careful though; any disk operation involving that file could corrupt your encrypted data. I don't have full access to the internet. If someone finds these programs on the internet, can they post the location here. If the files aren't on the internet, I can email them to anyone that wants to post them to the cypherpunk ftp site. Peter Baumbach baumbach@atmel.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pkalaher@arhu.umd.edu (Patrick Kalaher) Date: Mon, 3 Jan 94 13:28:56 PST To: cypherpunks@toad.com Subject: Question for article Message-ID: <199401032126.QAA06027@arhu.umd.edu> MIME-Version: 1.0 Content-Type: text/plain Hello; I read your postings in alt.wired with much interest. I am working on an article in the 'electronic frontier' vein, kind of like a cyber-gunslinger piece, and I'd love to have your input... Say someone fucks you over (real or imagined) or flames you severely. What sort of nasty things can you do to them or their data? You know, like e-mail bombings etc. I don't need particulars, since this is pointed at a mainstream audience. (It also might not get published if the technophobic editor(s) think its too risque, if you know what I mean.) I have some ideas already, but I'd like to hear from the pros. :-> Thanks in advance for your help. -pbk -- Patrick B Kalaher pkalaher@arhu.umd.edu When great changes occur in history, when great principles are involved, as a rule the majority are wrong. -Eugene Debs From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cfrye@ciis.mitre.org (Curtis D. Frye) Date: Mon, 3 Jan 94 14:08:59 PST To: pkalaher@arhu.umd.edu (Patrick Kalaher) Subject: Re: Question for article Message-ID: <9401032213.AA28289@ciis.mitre.org> MIME-Version: 1.0 Content-Type: text/plain >Hello; I read your postings in alt.wired with much interest. >I am working on an article in the 'electronic frontier' vein, kind of like >a cyber-gunslinger piece, and I'd love to have your input... Great, just the sort of publicity we need; we're out here on the frontier, alone with our reputations, and if you mess with us? We shoot you. > >Say someone fucks you over (real or imagined) or flames you severely. What >sort of nasty things can you do to them or their data? You know, like >e-mail bombings etc. I don't need particulars, since this is pointed at a >mainstream audience. (It also might not get published if the technophobic >editor(s) think its too risque, if you know what I mean.) I have some >ideas already, but I'd like to hear from the pros. :-> Bad angle, man. Some folks might get a kick out of screwing over someone else, but doing it invites the authorities to step in and put the handcuffs on all of us by restraining our access or tools (at least the legal ones). If it's only a flame and you're established - no problem, just ignore it or defend yourself once or twice and let it go. Besides, you're asking us to tell you the questionably ethical stuff we could theoretically do if we were motivated. I don't think we would be, except in an extreme case, so I would argue that the "rootin', tootin', quick-drawin' console cowboy" image you're trying to perpetuate is way off the mark. Also remember, the probable penalty for mail bombing or any data destruction is being forced off your account which means that you need to find alternative access or *be* *gone* *forever*. Access isn't as hard to come by as it used to be, but reputations are damn hard to live down. Magnetic media store bits reliably for about seven years, but our memories last much longer. -- Best regards, Curtis D. Frye cfrye@ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: m5@vail.tivoli.com (Mike McNally) Date: Mon, 3 Jan 94 15:24:08 PST To: a2@ah.com (Arthur Abraham) Subject: Clipper FOIA requests... In-Reply-To: <9312301606.AA03222@ah.com> Message-ID: <9401032319.AA00724@vail.tivoli.com> MIME-Version: 1.0 Content-Type: text/plain Arthur Abraham writes: > I would like to publicly thank John Gilmore for his tireless pursuit > of this important issue. Here here. Hip hip hoorah, and so on. I think it embodies the spirit in which this country was founded, a spirit that seems more and more remote nowadays. -- Mike McNally :: m5@tivoli.com :: Day Laborer :: Tivoli Systems :: Austin \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\_-u-t-a-o-h-r-s-c-l- -r-e- -e-t-c-e ///////////////////////////////////// j-s- -n-t-e- -i-k-y-g-e-n-t-n-a-l From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Stanton McCandlish Date: Mon, 3 Jan 94 16:19:07 PST To: thesegroups@tic.com Subject: OUTPOSTS - A List of CyberLiberties Organizations, 01/03/93 Message-ID: <199401040011.TAA06301@eff.org> MIME-Version: 1.0 Content-Type: text/plain -=> OUTPOSTS <=- on the Electronic Frontier International, National, Regional & Local Groups Supporting the Online Community List Updated 01/03/94 For those readers interested in hooking up with regional groups that are organized to work on projects to improve online communications, feel free to contact any of the folks listed below with your ideas and to learn more about how you can get involved. We are constantly looking to update this list, so if you know of other groups that we should add, or if you are trying to form a group in your local area, please forward the name of the group and contact information to Stanton McCandlish . Please also inform of any updates or changes that need to be made. This list is copylefted freeware; distribute at will. Please! Check your entry regularly and make sure it is up to date. [Apologies to those that receive multiple copies, but I am attempting to make certain that it gets to EVERYONE listed herein, so that they can verify the information on them it contains. Please do so, even if just to tell me "it's ok, no changes". -=>NATIONAL/INTERNATIONAL<=- -USA- Electronic Frontier Foundation Non-profit public interest organization, concentrating on ensuring that civil liberties are retained, expanded and protected in the emerging information age. Supports legal and legislative action to protect civil rights online. Supports and/or hosts various conferences and projects, including Big Dummy's Guide to the Internet, and Computers and Academic Freedom. General: Stanton McCandlish , Online Activist Legal: Shari Steele , Dir. of Legal Services Mike Godwin , Online Counsel Policy/Open Platform/NII: Daniel J. Weitzner (djw@eff.org), Senior Staff Counsel Tech: Dan Brown , Systems Administrator Basic info: info@eff.org Mailing list requests: eff@eff.org Online newsletter: Stanton McCandlish Hardcopy publications: pubs@eff.org Membership: membership@eff.org Net services: ftp.eff.org, archie.eff.org, wais.eff.org http://www.eff.org/ Usenet: comp.org.eff.talk, comp.org.eff.news, alt.politics.datahighway WELL: g eff AOL: keyword EFF CIS: GO EFFSIG 1001 G St. NW, Suite 950 E Washington DC 20001, USA voice: +1 202 347 5400 fax: +1 202 393 5509 Computer Professionals for Social Responsibility (CPSR) CPSR is a national membership organization, based in Palo Alto, California. CPSR conducts many activities to protect privacy and civil liberties. Membership is open to the public and support is welcome. CPSR maintains local chapters in Austin, TX; Berkeley, CA; Boston, MA; Chicago, IL; Washington, DC; Los Angeles, CA; Madison, WI; Palo Alto, CA; Portland, OR; Denver- Boulder, CO; Seattle, WA; and elsewhere [where information is available, these chapters are listed separately under REGIONAL.] General (nat'l. HQ): cpsr@csli.stanford.edu General (Wash. offc.): Marc Rotenberg Mailing list: listserv@gwuvm.gwu.edu (message body of: subscribe cpsr [your 1st & last name]) Telecom Policy Roundtable: Jeff Chester , voice: +1 202 628 2620 CPSR National Office CPSR Washington Office P.O. Box 717 666 Pennsylvania Ave. SE, Ste. 303 Palo Alto CA 94302 USA Washington DC 20003 USA Voice: +1 415 322 3778 Voice: +1 202 544 9240 Fax: +1 415 322 3798 Fax: +1 202 547 5482 -AUSTRALIA- Electronic Frontiers Australia (EFA) EFA is still in the process of forming and getting organized. Michael Baker has announced the incept of a new Internet mailing list forum for discussion and planning in the effort to form a public interest electronic civil liberties organization in Australia: Electronic Frontiers Australia. To participate, send a subscribe request to the address listed below. Baker says to "point any other potential interested people from Australia to the list." General: Michael Baker Mailing list requests: efa-request@iinet.com.au -=>REGIONAL/LOCAL<=- -USA- *ALABAMA* HUNTSVILLE Huntsville Group Matt Midboe *CALIFORNIA* LOS ANGELES METRO AREA CPSR/Los Angeles (CPSR/LA) [See CPSR under NATIONAL for more info; no further info available.] PALO ALTO CPSR/Palo Alto See CPSR under NATIONAL for more information. CPSR/PA local chapter not to be confused with CPSR National Office in Palo Alot, though the mailing address is the same. Supports various projects and groups, including the "Assembler Multitude" nano- technology SIG. General/newsletter: Andre Bacard Assembler Multitude: Ted Kaehler [See CPSR under National for more contact info.] SAN FRANCISCO BAY/BERKELEY AREA BAWiT (Bay Area Women in Telecom) Hosted by CPSR/B (see below), and probably involved with This!Group, BAWiT is a group of women working with telecom to make the online community inclusive rather than exclusive of women and other minorities. The working group's activities include outreach and mentoring, and providing speakers for events & informal online discussions. Info: Judi Clark Online conferences: listserv@cpsr.org (message body containing: subscribe bawit-announce [1st & last name]) CPSR/Berkeley See CPSR, under NATIONAL for more information. Besides standard CPSR projects, CPSR/B hosts the Bay Area Women in Telecom and Working in the Computer Industry working groups. General: cpsr-berkeley@csli.standford.edu Newsletter: Jim Davis Judi Clark mailing lists: listserv@cpsr.org (cpsr-cpu, bawit-announce, etc.) ftp site: cpsr.org CPSR/B P.O. Box 40361 Berkeley, CA 94704 voice: +1 415 398 2818 This!Group Judi Clark [This!Group is dormant, as of this writing.] *COLORADO* DENVER/BOULDER METRO AREA CPSR/Denver-Boulder (CPSR/DB) [See CPSR under NATIONAL for more info; no further info available.] *DISTRICT OF COLUMBIA/WASHINGTON DC METRO AREA* CapAccess General: capacces@gwuvm.gwu.edu Voice: Taylor Walsh, +1 202 466 0522, +1 301 933 4856 CPSR/DC See CPSR under NATIONAL for more information. DC Chapter not to be confused with DC Nat'l. Office of CPSR. General/mailing lists: Larry Hunter Electoral Issues: Eva Waskell, voice: +1 703 435 1283 evenings Voice: +1 202 728 8347 (Joel Wolfson, CPSR/DC Co-Chair) Group 2600 [and some public access operators] Bob Stratton Mikki Barry *ILLINOIS* CHICAGO CPSR/Chicago [See CPSR under NATIONAL for more info; no further info available.] *MASSACHUSSETTS* CAMBRIDGE-BOSTON METRO AREA CPSR/BOSTON [See CPSR under NATIONAL for more info; no further info available.] EF128 (Electronic Frontier Route 128). Lar Kaufman *MICHIGAN* ANN ARBOR Ann Arbor Computer Society [& others] General: Ed Vielmetti Msen gopher: gopher.msen.com Msen mailing list: majordomo@mail.msen.com "info aacs" Msen Inc. 628 Brooks Ann Arbor MI 48103 USA Voice: +1 313 998 4562 Fax: +1 313 998 4563 *MISSISSIPPI* GULF COAST SotMESC/GCMS Local chapter with chapters in Alaska, Orlando Florida, Atlanta Georgia, Mobile Alabama, Montgomery Alabama, Oxford Miss, California, Ocean Springs Miss, and other locations. R. Jones PO Box 573 Long Beach, MS 39560 *MISSOURI* KANSAS CITY AREA Greater Kansas City Sysop Association Scott Lent GKCSA P.O. Box 14480 Parkville, MO 64152 Voice: +1 816 734 2949 BBS: +1 816 734 4732 *NEW YORK* NEW YORK CITY METRO AREA Society for Electronic Access (SEA) The SEA promotes and informs about civil liberties and public access online. SEA is based in New York City, so many of our activities are focused toward the New York metropolitan area, though issues of national concern are addressed. Queries: sea@sea.org General Info: sea-info@panix.com - E-mail or finger Simona Nass : President Alexis Rosen : Vice-President Steve Barber : Secretary/Media Contact Eleanor Evans : Membership Director Post Office Box 3131 Church Street Station New York, NY, 10008-3131 Voice: +1 212 592 3801 WESTERN NY STATE Genesee Community College Group General: Thomas J. Klotzbach <3751365@mcimail.com, klotzbtj@snybufva.cs.snybuf.edu> Thomas J. Klotzbach Genesee Community College Batavia, NY 14020 Voice (work) +1 716 343 0055 x358 *OHIO* CLEVELAND Cleveland Freenet Telnet: freenet-in-a.cwru.edu Modem dialup: +1 216 368 3888 *OKLAHOMA* STILLWATER [group name unknown] General: Lonny L. Lowe Freelance Consulting 514 S. Pine Stillwater OK 74074-2933 USA Voice: +1 405 747 4242 *OREGON* PORTLAND CPSR/Portland See CPSR under NATIONAL for more information. Newsletter & General: Erik Nilsson *TENNESSEE* NASHVILLE [Group name unknown] General: Craig Owensby Craig Owensby 805 Harpeth Bend Dr. Nashville TN 37205 Voice: +1 615 662 2011 (home) +1 615 248 5271 (work) *TEXAS* AUSTIN CPSR/Austin [See CPSR under NATIONAL for more info; no further info available.] Electronic Frontier Foundation - Austin (EFF-Austin) EFF-Austin was formed to protect constitutional guarantees of free speech and freedom from unreasonable search and seizure for users of computer networks. Experience has taught us that these freedoms must be fought for if they are to survive in the online world. EFF-Austin was created as an experimental local chapter of the national EFF but became independent in 1993 while retaining contacts with the parent organization. We're heavily involved in public speaking, education, and advocacy of constitutional rights in cyberspace. We're Austin's forum for discussion of all concerns related to the cutting edge where society meets technology. General: eff-austin-moderator@tic.com Mailing list subscriptions: eff-austin-request@tic.com Directors: eff-austin-directors@tic.com Usenet: austin.eff FTP: ftp.tic.com, eff-austin directory Gopher: gopher.tic.com, EFF-Austin (option #9) EFF-Austin P.O. Box 18957 Austin TX 78760 USA Voice: +1 512 465 7871 BBS: the SMOFboard +1 512 467 7317 HOUSTON Electronic Frontiers Houston (EFH) a non-profit corporation devoted to working with and for the Houston computer and telecommunications community. Working in alliance with the Electronic Frontier Foundation, EFF-Austin and other national and regional organizations, EFH acts as a focal point for the diverse set of individuals who find themselves involved in computer communications. Included on the EFH's agenda are: advocating civil liberty issues in "cyberspace," promoting wider public access to computer networks, exploring artistic and social implications of new digital media, and educating the public about the increasingly important on-line world. General: efh@blkbox.com WWIVnet: efh@5285 Board of Directors: efh-directors@blkbox.com (efh-directors@5285 on WWIVnet) Usenet: houston.efh.talk FTP: ftp.tic.com, EFH directory Gopher: gopher.tic.com, Electronic Frontiers Houston (option #10) EFH 2476 Bolsover #145 Houston TX 77005 USA Voice: Ed Cavazos, +1 713 661 1561 BBS: Bamboo Gardens +1 713 665 4656 (login as EFH GUEST, pw EFH) *WASHINGTON [STATE]* - see DISTRICT OF COLUMBIA for WASH. DC SEATTLE CPSR/Seattle [See CPSR under NATIONAL for more info; no further info available.] *WISCONSIN* MADISON CPSR/Madison [See CPSR under NATIONAL for more info; no further info available.] -CANADA- *BRITISH COLUMBIA* VICTORIA/VANCOUVER I. AREA Victoria Freenet Association (ViFA) General: vifa@cue.bc.ca ViFA, c/o Vancouver I. Advanced Technology Centre 203-1110 Government St. Victoria BC V8W 1Y2 CANADA Voice: +1 604 384 2450 Fax: +1 604 384-8634 *ONTARIO* OTTOWA National Capital Freenet [No further info available.] -CYBERSPACE- *INTERNET* TheseGroups TheseGroups is a mailing list expressly for and about groups, individuals and organizations like those listed here, wherein ideas and experiences can be exchanged, leading to better inter-communication and cross-pollenization. This is not a conference for lurkers or chatterers, but for those that really want to get some work done, and who wish to make a difference. List address: thesegroups@tic.com Subscription requests: thesegroups-request@tic.com General: Pretiss Riddle CYPHERPUNKS The Cypherpunks mailing lists exist for those interested in cryptography and it's political rammifications, programming encryption software, creation of digital cash and electronic banking via secure (and anonymous) crypto tech, local crypto- oriented activism, hacking cypher hardware, and more. There also tends to be much libertarian/anarcho-capitalist debate as well. The main list is VERY high-traffic. The UK branch generally goes by the name of UK Crypto-Privacy Assoc. The CypherWonks list is a split-off that is generally opposed to the anarchic stance of some on the main list. There are also some local lists [no info on these as of yet.] Main list: cypherpunks@toad.com Main request: cypherpunks-request@toad.com Main info: hughes@soda.berkeley.edu Hardware list: cp-hardware@nextsrv.cas.muohio.edu Hardware request: cp-hardware-request@nextsrv.cas.muohio.edu Hardware info: jdblair@nextsrv.cas.muohio.edu Wonks list: cypherwonks@lists.eunet.fi Wonks request: majordomo@lists.eunet.fi (message body of: subscribe cypherwonks [1st & last name] [address]) Wonks info: cypherwonks-owner@lassie.eunet.fi *USENET* comp.org.eff.talk/comp.org.eff.news These newsgroups (online conferences), also gated to Internet mailing lists and Fidonet echomail conferences, serve as much more that EFF house organs, and are "hot spots" for online debate on issues such as civil liberties online, legal liabilities of system operators, copyright and net distribution, the development of a national public network, and more. Some other groups that may be relevant to such interests: alt.activism alt.activism.d alt.2600 alt.privacy alt.privacy.clipper alt.security.pgp sci.crypt misc.legal comp.risks talk.politics.crypto alt.politics.datahighway alt.cyber* and many more This FAQ is maintained by Stanton McCandlish , and is based on a previous version by Shari Steele. Future updates will be posted to the TheseGroups mailing list and comp.org.eff.talk, besides a few other places. The most current version is archived on ftp.eff.org, pub/Groups/regional_groups.list, and is available for anonymous ftp. -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ferguson@icm1.icp.net (Paul Ferguson) Date: Mon, 3 Jan 94 16:18:58 PST To: baumbach@atmel.com Subject: Sydex Support programs In-Reply-To: <9401032054.AA09864@trident.chp.atmel.com> Message-ID: <9401040014.AA18280@icm1.icp.net> MIME-Version: 1.0 Content-Type: text P. Baumbach wrote - > I stumbled onto a pair of programs called seejunk.exe and prune.exe this > past week. It seems that files are stored on disk media in fixed units > called clusters. Your file size is usually not an integral multiple of > disk clusters in size, so the ends of your file is followed by random > data to fill up that last cluster. Random is a bad choice of words > though. I suppose each system is different, but under DOS, the extra > fill data is a copy of a piece of whatever you had in memory at the time > your system wrote the file. You could have information written to disk > that you do not wish to have there, and seejunk.exe will show it to you > ... and anyone else. prune.exe is the solution offered. Using this > program, I wrote "This space intentionally left blank " repeating in > the 5K of space sitting at the end of the doc file for these two programs. These two nifty programs have been around for a while -- they are considered "must haves" in any competent hack's tool kit. .-) They are produced by a company called Sydex Software (support bbs at 503.683.1385) and prune.exe is especially useful to clear out buffer garbage between the marker and the sector boundary. Most folks know of their more popular programs, AnaDisk (a really good floppy disk analytical tool) and TeleDisk (another nifty tool to compress an entire diskette and its contents into a single, compressed file for transport). Cheers. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: fnerd@smds.com (FutureNerd Steve Witham) Date: Mon, 3 Jan 94 16:49:00 PST To: cypherpunks@toad.com Subject: Re: Here come the data fascists Message-ID: <9401040038.AA27461@smds.com> MIME-Version: 1.0 Content-Type: text/plain Brad Dolan fwds (thanks, Brad)- > San Jose Mercury News > By LAWRENCE J. MAGID > > Do we really need Al Gore, Bill Clinton, Congress, the FCC, the FTC and > countless other bureaucracies meddling in this new industry? > The answer is a qualified yes. I love this resurgence of the idea of "just a little" regulation. How to be a plausible policy wonk straight out of the box. As if it were a new idea. As if that weren't how it always starts. Oh boy, a new field for everyone to propose their two cents worth of regulation on. > ...The > government must be involved, but, as the Vice President has promised, > it must also leave lots of room for both entrepreneurs and the corporate > giants to play their hands. ! "We must make positive noises about small business while protecting the status quo." I heard snippets of what must have been Gore, on NPR, talking to the National Press Club. Snippets because I would switch back to TV when the commercials were over or... Well, for instance (I paraphrase): "I want to start with a story... Why did the Titanic fail to hear all the warnings about ice fields at their latitude? Why did other ships fail to hear their distress calls? Because the radio telegraph business was run *as* a business in those days. No one was required to be listening" I know I should have let Star Trek tape and kept listening to this Guy; I just wimped. Maybe he somehow completed his thought reasonably. I hope things work out. Gore and policy wonks and industry reps have all said good things, but also all those great short turning radius waffle words. Brad comments: > It's like listening to the raindrops at the start of a storm. Like watchin' 'em spray the primer. -fnerd quote me - - cryptocosmology- sufficiently advanced communication is indistinguishable from noise -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: fnerd@smds.com (FutureNerd Steve Witham) Date: Mon, 3 Jan 94 17:48:58 PST To: cypherpunks@toad.com Subject: Re: io.com Message-ID: <9401040123.AA27691@smds.com> MIME-Version: 1.0 Content-Type: text/plain Paul Ferguson fwds from Bruce Sterling who says- > ...And Steve Jackson, rather than owning the > single-line bulletin board system "Illuminati" seized in > 1990, now rejoices in possession of a huge privately-owned > Internet node, "io.com," with dozens of phone-lines on its own T-1 > trunk. Oh, I...was confusing IO with EO. Can someone say more about what io.com does and how Steve Jackson got to this point? -fnerd quote me - - cryptocosmology- sufficiently advanced communication is indistinguishable from noise -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Tue, 4 Jan 94 01:14:10 PST To: cypherpunks@toad.com Subject: A real flamewar... Message-ID: <01H79S02SL7694NV6J@delphi.com> MIME-Version: 1.0 Content-Type: text/plain If you think the Detweiler thread is bad...take a look at "IRC: Who's harassing who?" on alt.best.of.internet, among several other groups. There's over 200K of an absolutely hilarious netwar there, which began as an argument on IRC and ended up with death threats, threats of lawsuits, mail to sysadmins... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Tue, 4 Jan 94 05:59:09 PST To: cypherpunks@toad.com Subject: Humor! Message-ID: <9401041356.AA23664@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain sorry, folks. just couldn`t pass up the chance tp pass this along. - ---- From: strnlght@netcom.com Newsgroups: comp.org.eff.talk Subject: (none) Date: 4 Jan 94 02:41:56 GMT __________________ ---- | | |-\_ ----- | | | |_\ \ O / <---Me ---- | |_| | | ^^oo^^^^^^^^^oo^^^ o^^o^ _/ \_ -- David Sternlight When the mouse laughs at the cat, there is a hole nearby.--Nigerian Proverb From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hughes@ah.com (Eric Hughes) Date: Tue, 4 Jan 94 09:09:10 PST To: cypherpunks-announce@toad.com Subject: ANNOUNCEMENT: January cypherpunks meeting is non-standard Message-ID: <9401041705.AA05065@ah.com> MIME-Version: 1.0 Content-Type: text/plain ANNOUNCEMENT ============ The January 1994 Bar Area cypherpunks meeting will not be the second Saturday of the month, but rather the third. Usenix is in San Francisco the following week, and it was decided at our last meeting to make it easier for some Usenix folk to attend. We also decided to give each meeting a theme in order to better focus discussion. When: Saturday, January 15, 1994 12:00 noon - 6:00 p.m. Where: Cygnus Support offices, Mt. View, CA Theme: Software Infrastructure for Cryptography The lack of a unified software architecture is a major obstacle to widespread deployment of cryptography. Existing approaches have been primarily for specific purposes or applications. We'll talk about infrastructure issues, technical, social, and political. We'll review existing work at the system level (cfs, swipe) and at the application level (pgp, pem). If you have a specific presentation, please send me some email (hughes@ah.com) and I'll schedule you in. [Directions to Cygnus provided by John Gilmore. -- EH] Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dmandl@lehman.com (David Mandl) Date: Tue, 4 Jan 94 06:29:12 PST To: baumbach@atmel.com Subject: Re: Risk and Opportunity Message-ID: <9401041425.AA29707@disvnm2.lehman.com> MIME-Version: 1.0 Content-Type: text/plain > From: baumbach@atmel.com ( ) > > [...] It seems that files are stored on disk media in fixed units > called clusters. Your file size is usually not an integral multiple of > disk clusters in size, so the ends of your file is followed by random > data to fill up that last cluster. Random is a bad choice of words > though. I suppose each system is different, but under DOS, the extra > fill data is a copy of a piece of whatever you had in memory at the time > your system wrote the file. You could have information written to disk > that you do not wish to have there, and seejunk.exe will show it to you > ... and anyone else. prune.exe is the solution offered. Using this > program, I wrote "This space intentionally left blank " repeating in > the 5K of space sitting at the end of the doc file for these two programs. Yes, this is a major security hole, but the Norton Utilities has included a program to wipe these areas clean for a while now. Of course, the Norton Utils aren't freeware... I've long thought that this was one of the greatest security risks in the PC world. People tend to be sloppy about keeping this "slack area" clean. You can easily give someone a copy of an innocent file that contains your secring file for all to see at the end of it. --Dave. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Tue, 4 Jan 94 09:29:10 PST To: cypherpunks@toad.com Subject: Slack area behind files Message-ID: <199401041729.JAA07026@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain I use Stacker for disk compression on my PC, and this problem of un-erased data is potentially worse with that software. Probably Microsoft's DoubleSpace suffers from the same problem. If you erase a file on a compressed partition using some of these suggestions, such as writing a pattern followed by its complement, you won't erase the whole file. That is because a repeated pattern is far more compressible than the original file contents, in most cases. A 4K byte text file may compress down to 2K on the disk, but 4K worth of repetitions of 0xff will compress down to just a few bytes! The majority of your file will not be touched at all. Norton has a "wipefile" program which overwrites files according to a government standard, but I believe it just writes constant values repeatedly. This will overwrite only the start of the file, many times. Bruce Schneier recommends including one or more passes of writing pseudorandom data to the file. Since this data is not compressible it should overwrite the whole file. The data doesn't have to be cryptographically random, just something that won't be compressed by straightforward algorithms. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Peter shipley Date: Tue, 4 Jan 94 10:14:29 PST To: cypherpunks@toad.com Subject: Re: Humor! In-Reply-To: <9401041356.AA23664@bsu-cs.bsu.edu> Message-ID: <9401041813.AA03210@merde.dis.org> MIME-Version: 1.0 Content-Type: text/plain this .sig was also printed in Wired last month. > >sorry, folks. just couldn`t pass up the chance tp pass this along. > >- ---- > >From: strnlght@netcom.com >Newsgroups: comp.org.eff.talk >Subject: (none) >Date: 4 Jan 94 02:41:56 GMT > > > __________________ > ---- | | |-\_ >----- | | | |_\ \ O / <---Me > ---- | |_| | | > ^^oo^^^^^^^^^oo^^^ o^^o^ _/ \_ >-- >David Sternlight When the mouse laughs at the cat, > there is a hole nearby.--Nigerian Proverb > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: freeman@MasPar.COM (Jay R. Freeman) Date: Tue, 4 Jan 94 11:24:31 PST To: shipley@merde.dis.org Subject: Re: Humor! Message-ID: <9401041909.AA09195@cleo.MasPar.Com> MIME-Version: 1.0 Content-Type: text/plain And for some of us that should be: __________________ __________________ ---- | | |-\_ _/-| | | ---- ----- | | | |_\ \ O / /_| | | | ----- ---- | |_| | | | |_| | ---- ^^oo^^^^^^^^^oo^^^ o^^o^ _/ \_ ^o^^o ^^^oo^^^^^^^^^oo^^ -- -- Me!! Confusion say: Man who stands in middle of road gets hit by trucks going both ways... -- Jay Freeman From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Steve Greenberg Date: Tue, 4 Jan 94 02:44:14 PST To: cornpop@glia.biostr.washington.edu (Dan Lieberman) Subject: Re: All of this Death Threat Shit. In-Reply-To: <9401010953.AA09462@glia.biostr.washington.edu> Message-ID: <9401041041.AA24051@toad.com> MIME-Version: 1.0 Content-Type: text/plain Dan Lieberman writes: >Hello Fellow CypherPunks.... > >But when it came to this 'Tentacles' and 'Medusa' stuff, I thought that >it was getting a little close to the edge, but not too far. Not >death threats? Come on guys! I'm 15 years old, and even I'm beyond >death threats about senseless matters. > >I don't think that any of this should have gotten this far. I think >people took Mr. L. Detweiler's posts as anything to be serious about. >I dismissed them when I saw them, yet some people took them personally. >I think L. Detweiler made that clear in some of his last postings. >Something to the effect of: If you would have ignored me, I would have >gone away. > Dan, I think that you've made a few assumptions that aren't warranted. Firstly, people on this list HAVE been ignoring Detweiler. It wasn't more than a few months ago that one of his posts would reverberate for days and generate dozens of responses. Rarely is there more than one or two responses anymore. The same pattern has repeated on several other lists he posts to regularly (alt.conspiracy and sci.crypt in particular); initially people spend effort trying to refute what he says, but eventually he becomes a clown that people just ignore or read for humorous content. Secondly, you've assumed that the death threat came from THIS cypherpunks list. It was supposedly delivered by someone from the Colorado cypherpunks list, which is separate from this one. There are, according to lead tentacle and list moderator E.Hughes, about 500 people on this list. I think that the amount of self-restraing it admirable. Finally, and most importantly, you've assumed that Detweiler didn't write the message himself. Considering the tactics that he's used in the past, I don't think that you can assume that out of hand. Don't believe everything that you read, especially from a nut like Detweiler. From my point of view, the interesting thing is that he got what he wanted; that is to say that his "reputation" is now enough for people to believe or disregard his statements out of hand. He's a brand name. If you're worried about whether he's actually convincing people or not, subscribe to his much-hyped "cypherwonks" list. There's almost no traffic at all. That is the final judgement, wouldn't you say? Now, finally, a few comments you didn't invite. Firstly, don't tell people that you're "only" fifteen. It prejudices them against you. If your ideas are good, then they're that way regardless of your age. If not, your age still doesn't matter. What DOES matter is that you listen to the responses that people send to you and pick from them everything that you can. If you think that my arguments are full of crap, that's okay, just make sure that you know WHY you think that. Take care, Steve +-----------------------------------------+---------------------------------+ |VOTE Steve Greenberg for President (2004)| CMR 420, Box 2569 APO, AE 09063 | | "He's Too Big To Fail!" (tm) | Reply to: greenbes@acm.org | +-----------------------------------------+---------------------------------+ |"It is a popular delusion that the government wastes vast amounts of money | | through inefficiency and sloth. (On the contrary,) enormous effort and | | elaborate planning are required to waste this much money." P.J. O'Rourke | +---------------------------------------------------------------------------+ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jim choate Date: Tue, 4 Jan 94 11:24:31 PST To: hfinney@shell.portal.com (Hal) Subject: Re: Slack area behind files In-Reply-To: <199401041729.JAA07026@jobe.shell.portal.com> Message-ID: <9401041822.AA13284@wixer> MIME-Version: 1.0 Content-Type: text/plain I suspect that the random number characteristics for good compression would be nearly identical to those of cryptography. After all a compression algorithm is a form of ecryption. Just a thought... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Tue, 4 Jan 94 12:34:31 PST To: cypherpunks@toad.com Subject: (fwd) 38 Hours in Hamburg: A visit to the 10th Chaos Communications Congress Message-ID: <199401042030.MAA09676@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Cypherpunks (and Extropians, too), (If you respond, only reply to the group you are a member of...cross-posting between mailing lists gets to be confusing.) Here's an interesting snapshot report on the 10th Chaos Communications Congress, a Cypherpunkish European group of some repute. (Actually, they obviously predate us, but their new interest in digital cash and crypto parallels our own.) --Tim May From: farber@linc.cis.upenn.edu (David Farber) Newsgroups: comp.org.eff.talk Subject: 38 Hours in Hamburg: A visit to the 10th Chaos Communications Congress Message-ID: <2gccse$20j@netnews.upenn.edu> Date: 4 Jan 94 18:34:54 GMT Lines: 469 Date: Tue, 4 Jan 94 18:52:54 +0100 Subject: 38 Hours in Hamburg From: efarber@iiic.ethz.ch (Manny E. Farber) 38 Hours in Hamburg: A visit to the 10th Chaos Communications Congress by Manny E. Farber Armed only with an invitation in English addressed to the "global community" and a small pile of German Marks, I arrived at the Eidelstedter Buergerhaus about an hour or so before the beginning of the 10th Chaos Communication Congress (subtitled "Ten years after Orwell"), sponsored by the (in)famous Chaos Computer Club. The Buergerhaus (literally, "citizen's house") turned out to be a modest community hall; needless to say, not all invited showed up. The Congress took place between the 27th and the 29th of December. As the title implies, social as well as technical issues were on the docket. After forking over 30 DM (about $20) for a pass for the first two days of the Congress, I sort of felt like asking for a schedule, but refrained, thinking that asking for scheduled chaos might seem a bit odd. I went to the cafeteria for breakfast. An organizer started out announcing, "Anyone who wants to eat breakfast pays 5 Marks, and gets a stamp, which--no, rather, anyone who wants breakfast pays 5 Marks and eats breakfast." The atmosphere was quite collegial and informal, with little more order than was absolutely necessary. The approximately 150 attendees were predominantly German (a few from Switzerland and Holland, at least -- and probably only -- one from the United States, namely myself), male, and technically oriented. (During an explanation of the mathematical algorithm underlying electronic cash, a non-techie objected, "But I don't want to have to think up a 200-digit random number every time I buy something!" It was explained to him that this was done by software in the chip-card ...). Although not mentioned in the invitation, not a word of English was to be heard; all the events were conducted in German. Some were conducted in a "talk show" format, with a host asking questions, simplifying answers, making jokes. A television network carried the video from the auditorium to other rooms throughout the building (albeit without sound) along with up-to-the-minute event schedules. The tone of the discussions of how electronic cash could be embezzled, or chip cards abused, digital signatures forged, etc., was constructive rather than destructive. And it was balanced, i.e. not only "how could a malicious individual embezzle money?" was discussed, but also "how could the government use chip cards to reduce people's privacy?" Here, the "hackers" were hackers in the positive sense of understanding a technology, not in the negative sense of wreaking havoc. It was, however, noted that trying out a potential weakness of the "EuroScheck" cash cards was quite easy: it would require buying a card reader for 1,500 DM and maybe a week of time. The question of technical solutions to "big brother" did come up in the presentations about chip cards. The danger is that a pile of cards is eliminated in favor of a card containing someone's driver's license, driving record (maybe), employee information, credit information, etc. etc. A chip card could theoretically be programmed to give out *only* the information absolutely necessary, e.g. telling a policeman only that someone is allowed to drive, without disclosing his identity. The "Hackzentrum" (Hacking Center) turned out to be a room filled with networked computers and people hacking on them. It seemed mostly harmless. (I nevertheless did not try a remote login -- I had no reason to doubt good intentions, but on the other hand, who knows who wrote or replaced the keyboard driver and what sort of supplemental functionality it might have?) The packet radio room had a "Digi" repeating station and, true to the ham radio tradition, where the conversation centers on who is talking to whom and how well they hear each other and on what other frequency they might hear each other better, the computers attached were mostly displaying maps of the packet radio network itself. I didn't delve very deeply into the "Chaos Archive," but noticed a collection of maintenance sheets for telephone equipment among CCC newsletters and other paraphenalia. Some "signs of the Congress": - Bumper sticker: "I (heart) your computer" - Telephone stickers: "Achtung, Abhoergefahr" ("Attention, Eavesdropping danger"; and the German PTT logo transformed into a pirate insignia, with the words "Telefun - Mobilpunk" (derived from "Telefon - Mobilfunk") - T-shirt: "Watching them (eye-ball) watching us" - Post-It Note pad (for sale for DM 1.50): a pad of about 50, pre-printed with a hand-written note: "Vorsicht, Stoerung. Automat macht Karte ungueltig" ("Careful--Defect. Machine makes card invalid") - Word coinage: "Gopher-space" - Stamp: "ORIGINALE KOPIE" ("ORIGINAL COPY") The press were told not to take pictures of anyone without their explicit permission. Schedules were distributed throughout the Congress. By the evening of the 27th, a schedule for the 28th, "Fahrplan 28.12 Version 2.0," was already available ("Fahrplan" means a bus/train schedule; this is presumably an "in" joke). By 17:30 on the 28th, "Fahrplan 28.12 Version 2.7" was being distributed. (I missed most of the intervening versions; presumably they were neatly filed away in the Chaos Archive by then ...) The scheduled events (in translation) were as follows; a "*" means that I have included some comments later in this report: December 27, 1993 - Welcoming/opening - How does a computer work? - ISDN: Everything over one network - Internet and multimedia applications: MIME/Mosaik/Gopher - Data transport for beginners - Chip-cards: Technology * Media and information structures: How much truth remains? Direct democracy: information needs of the citizen - Encryption for beginners, the practical application of PGP * Alternative networks: ZAMIRNET, APS+Hacktic, Green-Net, Knoopunt, Z-Netz and CL December 28, 1993 - Encryption: Principles, Systems, and Visions - Modacom "wireless modem" - Electronic Cash - Bulletin board protocols: Functional comparison and social form, with the example of citizen participation - Discussion with journalist Eva Weber - Net groups for students, Jan Ulbrich, DFN * What's left after the eavesdropping attack? Forbidding encryption? Panel: Mitglied des Bundestags (Member of Parliament) Peter Paterna, Datenschutz Beauftragter Hamburg (Data privacy official) Peter Schar, a journalist from Die Zeit, a representative from the German PTT, a student writing a book about related issues, and a few members of the Chaos Computer Club - Cyber Bla: Info-cram * How does an intelligence service work? Training videos from the "Stasi" Ministrium fuer STAatsSIcherheit (Ministry for National Security) - System theory and Info-policies with Thomas Barth - Science Fiction video session: Krieg der Eispiraten ("War of the ice pirates") December 29, 1993 - Thoughts about orgination ("Urheben") - Computer recycling - Dumbness in the nets: Electronic warfare - Lockpicking: About opening locks - The Arbeitsgemeinschaft freier Mailboxen introduces itself - In year 10 after Orwell ... Visions of the hacker scene ------------------------------------------------------------------------------- THE EAVESDROPPING ATTACK This has to do with a proposed law making its way through the German Parliament. The invitation describes this as "a proposed law reform allowing state authorities to listen in, even in private rooms, in order to fight organized crime." This session was the centerpiece of the Congress. Bayerische Rundfunk, the Bavarian sender, sent a reporter (or at least a big microphone with their logo on it). The panel consisted of: MdB - Mitglied des Bundestags (Member of Parliament) Peter Paterna DsB - Datenschutz Beauftragter Hamburg (Data privacy official) Peter Schar Journalist - from Die Zeit PTT - a representative from the German PTT Student - writing a book about related issues CCC - a few members of the Chaos Computer Club My notes are significantly less than a word-for-word transcript. In the following, I have not only excerpted and translated, but reorganized comments to make the threads easier to follow. IS IT JUSTIFIED? MdB - There is massive concern ("Beunruhigung") in Germany: 7 million crimes last year. Using the US as comparison for effectivity of eavesdropping, it's only applicable in about 10-20 cases: this has nothing to do with the 7 million. The congress is nevertheless reacting to the 7 million, not to the specifics. In principle, I am opposed and have concerns about opening a Pandora's box. CCC #1 - The 7 million crimes does not surprise me in the least. I am convinced that there is a clear relationship between the number of laws and the number of crimes. When you make more laws, you have more crimes. Every second action in this country is illegal. Journalist - Laws/crimes correlation is an over-simplification. There are more murders, even though there are no more laws against it. MdB - There is a conflict between internal security, protecting the constitution, and civil rights. How dangerous is 6 billion Marks of washed drug money to the nation? Taking the US as an example, the corrosion may have gone so far that it's too late to undo it. I hope that this point hasn't been reached yet in Germany. DsB - I am worried about a slippery slope. There is a tradeoff between freedom and security, and this is the wrong place to make it; other more effective measures aren't being taken up. EFFECTIVENESS OF CONTROLS ON EAVESDROPPING MdB - Supposedly federal controls are effective. Although there are very few eavesdropping cases, even if you look at those that are court-approved, it's increasing exponentially. No proper brakes are built into the system. As for controls for eavesdropping by the intelligence service, there is a committee of three members of parliament, to whom all cases must be presented. They have final say, and I know one of the three, and have relatively much trust in him. They are also allowed to go into any PTT facility anytime, unannounced, to see whether or not something is being tapped or not. MdB - Policies for eavesdropping: if no trace of an applicable conversation is heard within the first "n" minutes, they must terminate the eavesdropping [...] The question is, at which point the most effective brakes and regulations should be applied: in the constitution? in the practice? PTT - True, but often the actual words spoken is not important, rather who spoke with whom, and when. DsB - There is no catalog for crimes, saying what measures can be applied in investigating which crimes. It's quite possible to use them for simple crimes, e.g. speeding. There is no law saying that the PTT *has to* store data; they *may*. They can choose technical and organizational solutions that don't require it. MdB - This is a valid point, I don't waive responsibility for such details. The PTT could be required to wipe out detailed information as soon as it is no longer needed, e.g. after the customer has been billed for a call. TECHNICAL TRENDS Journalist - Digital network techniques make it easy to keep trails, and there is an electronic trail produced as waste product, which can be used for billing as well as for other purposes. Load measurements are allowable, but it can also be used for tracking movements. DsB - The PTT claims they need detailed network data to better plan the network. The government says they need details in order to be able to govern us better. DsB - In the past, the trend has always been to increasingly identificable phone cards. There is economic pressure on the customer to use a billing card instead of a cash card, since a telephone unit costs less. With "picocells," your movement profile is getting more and more visible. PTT - As for the trend towards less-anonymous billing-cards: with the new ISDN networks, this is necessary. Billing is a major cost, and this is just a technical priority. Student - As for techniques to reduce potential for eavesdropping, it is for example technically possible to address a mobile phone without the network operator needing to know its position. Why aren't such things being pursued? PTT - UMTS is quite preliminary and not necessarily economically feasible. [Comments about debit cards]. We have more interest in customer trust than anything else. But when something is according to the law, we have no option other than to carry it out. But we don't do it gladly. THE BIG CONSPIRACY? CCC #2 - I don't give a shit about these phone conversations being overheard. I want to know why there is such a big controversy. Who wants what? Why is this so important? Why so much effort? Why are so many Mafia films being shown on TV when the eavesdropping law is being discussed? What's up? Why, and who are the people? Student - I am writing a book about this, and I haven't figured this out myself. My best theory: there are some politicians who have lost their detailed outlook ("Feinbild"), and they should be done away with ("abgeschaffen"). PTT - We're in a difficult position, with immense investments needed to be able to overhear phone conversations [in digital networks (?)]. We have no interest in a cover-up. MdB - As for the earlier question about what NATO countries may do. During the occupation of Berlin, they did want they wanted on the networks. In western Germany, it has always been debated. Funny business has never been proved, nor has suspicion been cleared up. CCC #2 - After further thought, I have another theory. American companies are interested in spying on German companies in order to get a jump on their product offerings. MdB - That's clear, but there are more benign explanations. Government offices tend towards creating work. Individuals are promoted if their offices expand, and they look for new fields to be busy in. In Bonn, we've gone from 4,000 people to 24,000 since the 50's. CCC #1 (to MdB) - Honestly, I don't see why you people in Bonn are anything other than one of these impenetrable bureaucracies like you described, inaccessible, out of touch with reality, and interested only in justifying their own existence. MdB - Well, *my* federal government isn't that. CLIPPER CHIP CONTROVERSY Student - Observation/concern: in the US, AT&T's encryption system is cheap and weak. If this becomes a de facto standard, it is much harder to introduce a better one later. Journalist - In the US, the Clipper chip controversy has centered more on the lost business opportunities for encryption technology, not on principles. There every suggestion for forbidding encryption has encountered stiff opposition. Student - As for the Clipper algorithm, it's quite easy to invite three experts to cursorily examine an algorithm (they weren't allowed to take documents home to study it) and then sign-off that they have no complaints. Journalist - As for the cursory rubber-stamping by the three experts who certified the Clipper algorithm, my information is that they had multiple days of computing days on a supercomputer available. I don't see a problem with the algorithm. The problem lies in the "trust centers" that manage the keys. I personally don't see why the whole question of cryptology is at all open ("zugaenglich") for the government. CONCLUDING REMARKS DsB - The question is not only whether or not politicans are separated from what the citizens want, but also of what the citizens want. Germans have a tendency to valuing security. Different tradition in the US, and less eavesdropping. I can imagine how the basic law ("Grundgesetz") could be eliminated in favor of regulations designed to reduce eavesdropping, the trade-off you (MdB) mentioned earlier. The headlines would look like "fewer cases of eavesdropping", "checks built in to the system," etc., everyone would be happy, and then once the law has been abolished, it would creep back up, and then there's no limit. MdB - (Nods agreement) CCC #2 - There are things that must be administered centrally (like the PTT), and the government is the natural choice, but I suggest that we don't speak of the "government," but rather of "coordination." This reduces the perceived "required power" aspect ... As a closing remark, I would like to suggest that we take a broader perspective, assume that a person may commit e.g. 5,000 DM more of theft in his lifetime, live with that, and save e.g. 100,000 DM in taxes trying to prevent this degree of theft. ------------------------------------------------------------------------------- MEDIA AND INFORMATION STRUCTURES In this session, a lot of time was wasted in pointless philosophical discussion of what is meant by Truth, although once this topic was forcefully ignored, some interesting points came up (I don't necessarily agree or disagree with these): - In electronic media, the receiver has more responsibility for judging truth placed on his shoulders. He can no longer assume that the sender is accountable. With "Network Trust," you would know someone who knows what's worthwhile, rather than filtering the deluge yourself. A primitive form of this already exists in the form of Usenet "kill" files. - A large portion of Usenet blather is due to people who just got their accounts cross-posting to the entire world. The actual posting is not the problem, rather that others follow it up with a few dozen messages debating whether or not it's really mis-posted, or argue that they should stop discussing it, etc. People are beginning to learn however, and the ripple effect is diminishing. - Companies such as Microsoft are afraid of the Internet, because its distributed form of software development means they are no longer the only ones able to marshal 100 or 1,000 people for a windowing system like X-Windows or Microsoft Windows. - If someone is trying to be nasty and knows what he's doing, a Usenet posting can be made to cost $500,000 in network bandwidth, disk space, etc. - At a Dutch university, about 50% of the network bandwidth could have been saved if copies of Playboy were placed in the terminal rooms. Such technical refinements as Gopher caching daemons pale in comparison. - All e-mail into or out of China goes through one node. Suspicious, isn't it? ------------------------------------------------------------------------------- ALTERNATIVE NETWORKS Several people reported about computer networks they set up and are operating. A sampling: APS+Hacktic - Rop Gonggrijp reported about networking services for the masses, namely Unix and Internet for about $15 per month, in Holland. There are currently 1,000 subscribers, and the funding is sufficient to break even and to expand to keep up with exponential demand. A German reported about efforts to provide e-mail to regions of ex-Yugoslavia that are severed from one another, either due to destroyed telephone lines or to phone lines being shut off by the government. A foundation provided them with the funds to use London (later Vienna), which is reachable from both regions, as a common node. The original author of the Zerberus mail system used on many private German networks complained about the degree of meta-discussion and how his program was being used for people to complain about who is paying what for networking services and so forth. He said he did not create it for such non-substantial blather. The difference between now and several years ago is that now there are networks that work, technically, and the problem is how to use them in a worthwhile manner. A German of Turkish origin is trying to allow Turks in Turkey to participate in relevant discussions going on on German networks (in German) and is providing translating services (if I heard right, some of this was being done in Sweden). This killed the rest of the session, which degenerated into a discussion of which languages were/are/should be used on which networks. ------------------------------------------------------------------------------- HOW AN INTELLIGENCE SERVICE WORKS: STASI TRAINING VIDEOS The person introducing the videos sat on the stage, the room darkened. The camera blotted out his upper body and face; all that was to see on the video, projected behind him, was a pair of hands moving around. It apparently didn't take much to earn a file in the Stasi archives. And once you were in there, the "10 W's: Wo/wann/warum/mit wem/..." ("where/when/why/with whom/...") ensured that the file, as well as those of your acquaintances, grew. The videos reported the following "case studies": - The tale of "Eva," whose materialistic lifestyle, contacts with Western capitalists, and "Abenteuerromantik" tendencies made her a clear danger to the state, as well as a valuable operative. She swore allegiance to the Stasi and was recruited. Eventually the good working relationship deteriorated, and the Stasi had to prevent her from trying to escape to the West. The video showed how the different parts of the intelligence service worked together. - A member of the military made a call to the consulate of West Germany in Hungary. The list of 10,000 possible travellers to Hungary in the relevant time frame was narrowed down to 6,000 on the basis of a determination of age and accent from the recorded conversation, then down to 80 by who would have any secrets to sell, then down to three (by hunch? I don't remember now). One video showed how a subversive was discreetly arrested. Cameras throughout the city were used to track his movements. When he arrived at his home, a few workers were "fixing" the door, which they claimed couldn't be opened at the moment. They walked him over to the next building to show him the entrance, and arrested him there. A dinky little East German car comes up, six people pile into it. Two uniformed police stand on the sidewalk pretending nothing is happening. David Farber; Prof. of CIS and EE, U of Penn, Philadelphia, PA 19104-6389 Join EFF! For information about membership, send mail to eff@eff.org. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdwilson@gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Tue, 4 Jan 94 20:09:12 PST To: tcmay@netcom.com (Timothy C. May) Subject: Re: GPS and security In-Reply-To: <199312310710.XAA06992@mail.netcom.com> Message-ID: <9401050404.AA11550@gold.chem.hawaii.edu> MIME-Version: 1.0 Content-Type: text/plain > > > > > Re GPS & weapons delivery - > > > > With nuclear weapons you don't have to be all that accurate, +/- 50 miles > > still gets the job done ;-) > > > > -Jim > > > > I assume you're just joking. > Definately kidding! But the info below is appreciated. > If not, read up on how critical the targeting is for even moderately Aloha! -Jim From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an31888@anon.penet.fi Date: Tue, 4 Jan 94 13:14:32 PST To: cypherpunks@toad.com Subject: info on CRVAX articles Message-ID: <9401042028.AA11855@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain Please send information on obtaining articles listed in recent posting. Cannot locate them on crvax.sri.com in \RISKS. Any help appreciated. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Corbet Date: Tue, 4 Jan 94 20:49:12 PST To: cypherpunks@toad.com Subject: New Yorker article on Bill Gates Message-ID: <199401050446.VAA10658@stout.atd.ucar.EDU> MIME-Version: 1.0 Content-Type: text/plain The January 10 issue of the New Yorker has an amusing article about the author's email communications with Bill Gates. Perhaps most interesting, from the point of view of this list, is the quote from one of Gates's messages: I am the only person who reads my email so no one has to worry about embarrassing themselves or going around people when they send a message. Our email is completely secure... Neither Gates nor the New Yorker author (John Seabrook) seems aware that messages from 73124.1524@compuserve.com to billg@microsoft.com travel in plaintext over the Internet. Either that or they aren't admitting to their use of encryption...:-) Seabrook's article is about, as much as anything, a newbie discovering the pleasures of email, so he can be forgiven for not questioning the above statement. Gates should know better. Even if security within microsoft.com is absolute, which seems unlikely to me. Actually, the whole article shows a sort of awe of "Bill" that, from my unix-oriented perspective, I really can not share. But it's an interesting read anyway. The New Yorker is showing a surprising willingness to delve into interesting parts of our culture these days. Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet@stout.atd.ucar.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@rosebud.ee.uh.edu Date: Tue, 4 Jan 94 22:44:38 PST To: cypherpunks@toad.com Subject: Re: INFORMED CONSENT Message-ID: <9401050644.AA17770@toad.com> MIME-Version: 1.0 Content-Type: text/plain Sandy Sandfort writes: S> Nobody wrote: S> S> You know, this radiation experiment reminds me of S> another incident. A group of African-American men were S> injected, without their knowledge or consent, with live S> syphilis spirochaetes, and studied for a number of S> years. No attempt at therapy was ever attempted, as I S> recall, for these individuals. . . . S> S> Actually, this is wrong on two counts. One, the men were not S> injected with syphilis; they had already contracted it when S they went into the program. Correct. Thank you for bringing this to my attention. S> Two, in most cases, they *were* given S> therapy. What was withheld was penicillin. The subjects who S> were treated, were given relatively ineffective and dangerous S> mercury therapies. From what I've been able to glean from the below reference, at the very beginning of the study, in 1932, the subjects were given rather innefective treatment. From about 1933 on the focus of the study became purely one of longterm _untreated_ syphilis. Indeed, during United States Public Health Service campaigns against V.D. in the South, during the late '30s and into the '40s when more effective therapies were coming into use, subjects of the study were actively *denied* treatment; to the point of actually pulling them out line at clinics (those who sought treatment), telling them that they weren't supposed to be treated, and sending them home. This "study" was conducted under the auspices of the United States Public Health Service, was not a secret, and ran for 40 years. --Nobody ================================================================== Author: Jones, James H. (James Howard), 1943- Title: Bad blood : the Tuskegee syphilis experiment Impr/Ed: New York : Free Press ; Toronto : Maxwell Macmillan Canada; New York : Maxwell McMillan International, c1993 : LCCN: 92034818 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 4 Jan 94 23:24:40 PST To: cypherwonks@lists.eunet.fi Subject: Re: Cypherpunk Credit Union Message-ID: <9401050719.AA28116@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain LD asks about the status of digicash credit unions and such. > 1. Do you have to join the CA cypherpunks to learn about this? > Obviously you guys have been working on this a long time, and as > long as I was on the list I barely saw any peep about it. Several different projects are going on. The credit-union approach is from some folks in the Austin cypherpunks group whose names I've forgotten, who posted a rather funny article to the net a few months back about their drive to Dallas to meet Chaum; I think it was on both sci.crypt and cypherpunks. The other project I know about is the one Eric Hughes and friends are working on. Anything having to do with banking law tends to take an immense learning-curve hit just to do the legalities - they're often harder than the technical work, given the availability of Chaum and other people's work in the academic community. As with most projects, people spend a while kicking around what they'd like a system to do, and developing technology to do it (often in parallel, and sometimes science-fiction writers tell us what a system *ought* to be doing for us long before anybody figures out the details of how to do it or what the real implications of technology are), but sitting down and actually implementing something is often a lot of work - especially if you're doing stuff like writing business plans and hunting down venture capitalists, which may not go on as publicly. Unfortunately, certain flame-wars have made it difficult for people to do real work on cypherpunks (ahem!), and have forced people to adjust the priorities of what they read and think about and how much time they spend doing or talking about new fun stuff. (Flames to /dev/null :-)) This means that sometimes the only way to find out what people are doing is to meet them in person, or send private email saying "what are you up to these days?" One of the valuable parts of CA-cypherpunks has been everybody going around the room saying "here's what I've been playing with lately." > 2. Is this a private development group? Is it open to anyone who > wishes to join? If so, are cy{b,ph}erwonks allowed to join in the > development? We are interested in these kinds of projects. Don't know; you can ask the people doing the work by email, and maybe they'll think it's worth their time to bring you up to date and ask for your help if you've got usefl contributions. Or you can go out and start one yourself, and ask for help; lots of the important projects get the bulk of their work done by 1 or a few people working hard. > 3. [other mailing lists?] Nobody's invited me :-), except there's the IMP lists, which I haven't taken the time for yet. > 4. If any of your projects are indeed secret, why are many > cypherpunks actively engaged in a campaign on the imp-interest > list (Internet Mercantile Protocols)? Why don't you just stick to > your own project and let the Internet sort out which protocol is > more acceptable to the world-at-large? There are dozens of different flavors of applications for moving money, goods, and services around the Internet, with different needs, different economic characteristics, etc. Most of them need some form of crypto to be usable, whether to prevent forgery or counterfeiting, preserve privacy, guarantee you'll get paid, deliver the goods and cash at the same time, etc. That means that cypherpunks, sci.crypt readers, and people like us who may or may not have time to follow the lists :-) are generally the experts on this sort of technology among internet-users, except for corporate efforts which may be going on in proprietary-space. An IMP needs to accommodate a wide range of needs, and needs to avoid re-making mistakes that cypherpunks have already learned to avoid. While I certainly am concerned about keeping information about where I'm travelled and when private, both I and the subway providers are willing to risk using little mag-cards bought for cash with the $5-20 they hold; on the other hand, I'd really rather not file my income tax return on postcards or satellite broadcast-grams with payment attached via my credit-card numbers, SSN, mother's maiden name, and digitized-ink signature. You may have other preferences :-) > 5. What about the rumors that seem to be confirmed by what > B.Stewart said about evading tax laws and black marketeering, > that the cypherpunk credit union is actually a surreptitious > front for plans to provide money laundering over the Internet? That's a political question for another thread, and most of what I said was political discussion, it wasn't market surveys of customers. FOllowups to cypherwonks, please. Any sufficiently advanced technology... > 7. What is the David Chaum connection to all this? I know that he > met with E.Hughes to discuss plans but are the Cypherpunks to be > understood as the U.S.-based Chaum group? Chaum and the folks at C.W.I. and Chaum's company have developed a lot of the interesting technology, or at least patented it in the U.S., so you *have* to deal with them if you want to go into business. That doesn't mean you become a subsidiary, just a customer. Meanwhile, the meeting you're referring to was between Chaum and the Austin folks, as I and others have mentioned. Bill Stewart # Bill Stewart NCR Corp, 6870 Koll Center Parkway, Pleasanton CA, 94566 # Voice/Beeper 510-224-7043, Phone 510-484-6204 # email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jpinson@fcdarwin.org.ec Date: Wed, 5 Jan 94 10:29:35 PST To: cypherpunks@toad.com Subject: One-Time Pad Available Message-ID: <9401051201.ab03492@pay.ecua.net.ec> MIME-Version: 1.0 Content-Type: text/plain A Beta test version of OTP-PC is ready for release. OTP-PC is a MS DOS version of the Vernam One-time pad, an unbreakable but somewhat clumsy cipher. I have added several features to make the one-time pad easier to use. -OTP-PC can use a large pad (codebook) for multiple messages. This feature is more efficient than using multiple smaller pads. -Optional Precompression of the plain text reduces consumption of the pad, and masks the size of the original file. -The portions of the pad used each session are overwritten, both on encoding and decoding, to prevent reuse. -Encoded files have a 2-stage header. The first stage, an un- encrypted "bootstrap", automates the decode process. The second encrypted header contains more sensitive information. -A 32 bit CRC (stored in the encrypted header) verifies reconstruction of the original file. -Automatic wiping of intermediate compressed files. If anyone would like to volunteer to test OTP-PC, and give me any suggestions or bug reports, please send me a message. Please indicate your preference for UUencode, Mime Base64, BinHex, or PGP ASCII Armor. I will send you both the executable and ANSI C (Borland C++ V3.0) source code. Jim Pinson jpinson@fcdarwin.org.ec From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hastings@courier8.aero.org Date: Wed, 5 Jan 94 08:54:18 PST To: cypherpunks@toad.com Subject: RSA Conference 1/12-1/14 Message-ID: <000A78D7.MAI*Hastings@courier8.aero.org> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Here's a recent e-mail exchange, between RSA Data Security, Inc. and myself, that may interest you cypherpunks: - ---------------------------------------------------------------- Subject: Crypto FAQ Request Author: Hastings@courier8.aero.org at INTERNET Date: 1/4/94 10:31 AM My deadline for the first issue of the Agorist Quarterly is rapidly approaching. I'm writing an article about digital cash protocols for use on Internet e-mail accounts, comparing Chaum's recent work with Representative/Observer hardware versus software-only approaches like Netcash and rumors about better things from the cypherpunk list. Of course, RSA will get mentioned as one of the foundations of digital cash, along with Chaum's blind signatures, mixes, remailers, DC-nets, and etc. Your latest cryptography FAQ that I've seen is Revision 2, dated October 5, 1993. Is that the latest version? If so, I'm all set. If not, please e-mail the latest version to me here at hastings@courier8.aero.org. If it is only available on paper, please send a copy to me at this address: The Agorist Institute 291 S. La Cienega Blvd #749 Beverly Hills, CA 90211 If your company has any products specifically targeting paperless checks, cash, or related applications, let me know and I'll include them in the article. Thanks for your help. Kent - Ham packet radio: WA6ZFY @ N6YN.#SOCA.CA.USA.NA ______________________________ Reply Separator _________________________________ Kent: Yes, release 2 is the latest release of the FAQ. David Chaum is going to be speaking at our conference next week, and will be available for interviews. Since you're press, you get in free: will you be coming? Finally, what is the Agorist Institute? Kurt Stammberger RSADSI ______________________________ Reply Separator _________________________________ The Agorist Institute is a non-profit educational institute that is best characterized as a libertarian think tank. It was established "on the last day of 1984 to mark the end of Orwell's nightmare future." Seminars on agorist subjects, like Austrian Economics, and Feminism And The State, have been held in Southern California. The Institute's Directorate maintains a semi-monthly presence at the Albert J. Nock Forum, and at the H.L. Mencken Supper Club, to distribute publications, and serve as speakers when appropriate. For example, I gave a speech about digital cash, "Cyber Cash: Free-Market Money Comes of Age," to three different groups at the end of September, 1993. The speech was first delivered to a World Future Society chapter in Santa Ana, the H.L. Mencken Forum in Hollywood, and to a Libertarian Party chapter in Culver City. Note: The Agorist Institute does not endorse candidates for any political party. We serve the vast libertarian movement outside the small numbers of L.P. activists. The Director presented a libertarian analysis of our current business environment at a 1993 conference held in Midlands, Michigan. The conference was called "Freedom, Trade, and Markets in a High-Tech Age." He has been invited back, to give seminars this March, 1994, along with other Institute researchers, on topics ranging from electronic publishing, to How To Sell Freedom to a Hostile Audience. Unlike the Cato Institute, which provides libertarian policy advice to Washington D.C. politicians and lobbyists, the AI's research mainly covers the gray market and black market areas we call "counter-economics." This is also the focus of other institutes, like the one associated with Peruvian writer Hernando de Soto, famous for his book, The Other Path, which documented the growth and present influence of the "informal economy" in Peru. The informal economy grew steadily in the big cities of Peru, from nothing, to controlling over 90% of what are normally considered "public" services (like bus transportation, and road construction and maintenance), all despite a succession of formal left-wing and right-wing governments. So you can see why the development of untraceable digital cash for any e-mail user would interest us. With 20 million Internet accounts throughout the world, and Internet usage doubling every year, digicash will have a profound impact on businesses, government, and consumers. The Institute studies, but does not encourage, activities that are illegal. Still, if it weren't for gun smugglers, tax cheats, and traitors, the United States would still be a British colony, and Eastern Europe would still be Communist. It is unlikely that I will be able to travel to Northern Cal. next week, (I have a real job, too!), but if you send me the date and time, I could arrange for a local person to attend the Chaum conference. I could announce it at tonight's Albert J. Nock Forum meeting, if you want me to. You might give me prices for the non-press attendees in that case. Thanks again for your prompt reply. Kent - Ham packet radio: WA6ZFY @ N6YN.#SOCA.CA.USA.NA ______________________________ Reply Separator _________________________________ Send me your fax number and I will fax you a complete comnference agenda: David's talk is on the third day. Non-press attendees are $245 each (just a break-even fee: we feed you breakfast and lunch all three days, and proceedings and hardcopies of the presentations, a various other goodies) Kurt RSADSI 415/595-8782 - -------------------------------------------------------- I suppose you could call Kurt, and tell him I sent you. The conference begins on Wednesday, January 12, 1994. Registration is at 415/595-8782. The conference is at the Hotel Sofitel January 12-14, 1994 in Redwood Shores, CA about 15 minutes south of the San Francisco International Airport. Rooms are available at the Sofitel (415/598-9000) "at a special guaranteed rate for conference attendees." - ------------------------------------------------------------------------ Here's a PGP public key for use at my office computer only: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAixhYsIAAAEEANPvKYGwdSeUvJuMF1PH4sydYFiAOV3iKW+ZUle9HeTeG8xq hEJNu3MsOqsnYSeXkamsVlNR07bWipSAdSmeHJKVhARLDchN7P0n8gg65lJzZBJc ZaOo8KfCd6fF1etj8g8TD7cf7rHhOLI2QyPtNq0N2/i/W/lNPvEzOz6fx5dFAAUR tC1KLiBLZW50IEhhc3RpbmdzIDxoYXN0aW5nc0Bjb3VyaWVyOC5hZXJvLm9yZz4= =Yxil - -----END PGP PUBLIC KEY BLOCK----- Kent - Ham packet radio: WA6ZFY @ N6YN.#SOCA.CA.USA.NA -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLSrrovEzOz6fx5dFAQGzRAP+LupdOPffenceBEzZjz50S3nL+jjHNsfK EmRpj4FfTiQfSu6HLeBTV8H9QJtQ9lJX8Q7US8nWvOkcT/6UXMWJEUL6aOFZpe8d +PDq5Z00EO7pMN6odmijfZtGZOhVF/GIscgwokhWHiCi2ZBPIXtooet/7bK0DOK6 12cGySl0WPo= =VjBf -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pckizer@tamu.edu (Philip Kizer) Date: Wed, 5 Jan 94 06:49:35 PST To: cypherpunks@toad.com Subject: REQUEST: PGP Lib status Message-ID: <9401051444.AA10360@gonzo.> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- A while back, whenever someone talked about perhaps working on libraritizing PGP themselves, the reply would be "someone's working on it," or "it will be in the next release." Anyone have the current status of this? Thanks, philip ____________________________________________________________ Philip Kizer ___ Texas A&M CIS Operating Systems Group, Unix fnord pckizer@tamu.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLSrSCbZspOMRmJBhAQFcsQP+JGGrou0fBnfYVOnD1PA9Zkxyq7uGNW7T nuaNgAdj7CIb8HU7oykCond9d5HC7KmZXsQRz4pEtzPWBl5fLvTe33cgfAtRtPxk PBsrDuriB6FwK6i/OdB7ac0NxIdCGCWRwrpjCWb5DfFzQN+/fmV86gHBt++t+6qz gkXI5xaftOQ= =WKcl -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jpinson@fcdarwin.org.ec Date: Wed, 5 Jan 94 10:29:38 PST To: cypherpunks@toad.com Subject: Wiping files on compressed disks. Message-ID: <9401051201.ac03492@pay.ecua.net.ec> MIME-Version: 1.0 Content-Type: text/plain I did a few tests on wiping compressed (Stacker) files: Sdir, the Stacker directory command, reported a 900k PKZip file had a compression ratio of 1.0:1 (no compression). I wiped the file using the same character repeatedly, and sdir reported the resultant file had a compression ratio of 15.9:1 I wiped another copy of the zip file using sets of increasing characters (0-255). After this wipe the compression ratio was 8.0:1 Lastly, I wiped the file using random characters, generated using Turboc's random() function. This time, the compression ratio was 1.0:1, the same as the original. Sounds like wiping with random characters may indeed be the way to go to avoid "slack" at the end of the file. One interesting note: When I fragmented the original zip file into 50K segments with a "chop" program, sdir reported that each segment had a compression ratio of 1.1:1, even though the original file showed no compression. When I created 10K segments, I got a compression ratio of 1.6:1 Pkzip however, was unable to compress these file segments at all. I suspect that Stacker is not really compressing these smaller files in the normal sense, but is storing them more efficiently (better sector or cluster size?). Jim Pinson From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian D Williams Date: Wed, 5 Jan 94 13:34:40 PST To: cypherpunks@toad.com Subject: cryptocosmology Message-ID: <199401052134.NAA24208@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Cryptocosmology: sufficently advanced communication is indistinguishable from noise. I really like this! Its kind of a corollary to Clarks (Arthur C that is) third law "Any sufficently advanced technology is indistinguishable from magic." I guess this means that if there are other civilizations out there, and they have Cypherpunks, and they are just a little more advanced, then the people at S.E.T.I. are wasting there time (and to beat Tim to it "our Bucks!") Brian Williams Extropian Cypherpatriot -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLSswbtCcBnAsu2t1AQET7QP/fYzAidhb05NkSJOLNEDHLtclna47n1Im hxRYGgKZGAgkHkM1BfsCCOBNSZehhQ2H36WM6VGs/ZZDHlowrbunfBuEtEWl52Lm rchJPCnpK0Z72M+oTBtDo2V+eUdppTCaLaJ9EEvzLRCaRnpOjhTwFAtmkjKjKhNh mkE9jDlfJlk= =fvQv -----END PGP SIGNATURE----- Extropians please excuse the dupe. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cappello@cs.ucsb.edu (Peter Cappello) Date: Wed, 5 Jan 94 17:59:44 PST To: cypherpunks@toad.com Subject: ASAP'94: Call for papers Message-ID: <9401060151.AA00289@spooner> MIME-Version: 1.0 Content-Type: text/plain Since many people withdrew for the holidays, I thought it best to resend the following Call. The Conference attracts those who design/implement special-purpose computing systems. I welcome privately mailed suggestions for either a keynote speaker or an invited speaker (we will have up to 3 invited presentations). Pete ----------------------------------------------------------- A S A P '94 INTERNATIONAL CONFERENCE ON APPLICATION-SPECIFIC ARRAY PROCESSORS 22-24 August 1994 The Fairmont Hotel San Francisco Sponsored by the IEEE Computer Society ASAP'94 is an international conference on application- specific computing systems. This conference's lineage traces back to the First International Workshop on Systolic Arrays held in Oxford, England, in July 1986, and has con- tinued through the International Conference on Application- Specific Array Processors held in Venice, Italy, in Oct. 1993. Areas for application-specific computing systems are many and varied. Some samples areas follow: CAD tools; com- putational biology, chemistry, geology, pharmacology, phy- sics, and physiology; cryptography; data base, information retrieval, and compression; electronic commerce; high- performance networks; medical equipment; robotics and prosthetics; signal and image processing. Aspects of application-specific computing systems that are of interest include, but are not limited to: - Application-specific architectures - Application-specific fault tolerance strategies - Application-specific test & evaluation strategies - CAD tools for application-specific systems - Design methodology for application-specific systems - Special-purpose systems for fundamental algorithms - Implementation methodology & rapid prototyping - Standard hardware components & software objects - Systems software: languages, compilers, operating systems The conference will present a balanced technical pro- gram covering the theory and practice of application- specific computing systems. Of particular interest are con- tributions that either achieve large performance gains with application-specific computing systems, introduce novel architectural concepts, present formal and practical methods for the specification, design and evaluation of these sys- tems, analyze technology dependencies and the integration of hardware and software components, or describe and evaluate fabricated systems. The conference will feature an opening keynote address, technical presentations, a panel discussion, and poster presentations. One of the poster sessions is reserved for on-going projects and experimental systems. INFORMATION FOR AUTHORS Please send 5 copies of your double-spaced typed manuscript (maximum 5000 words) with an abstract to a Pro- gram Co-Chair. Your submission letter should indicate which of your paper's areas are most relevant to the conference, and which author is responsible for correspondence. Your paper should be unpublished and not under review for any other conference or workshop. The Proceedings will be published by the IEEE Computer Society Press. CALENDAR OF SIGNIFICANT EVENTS 18 Feb. Deadline for receipt of papers. 29 Apr. Notification of authors. 24 Jun. Deadline for receipt of photo-ready paper. 22 Aug. Conference begins. GENERAL CO-CHAIRS Prof. Earl E. Swartzlander, Jr. Prof. Benjamin W. Wah e.swartzlander@compmail.com wah@manip.crhc.uiuc.edu Electrical & Computer Engineering Coordinated Science Lab. University of Texas University of Illinois Austin, TX 78712 1308 West Main Street Urbana, IL 61801 (512) 471-5923 (217) 333-3516 (512) 471-5907 (Fax) (217) 244-7175 (Fax) PROGRAM CO-CHAIRS Prof. Peter Cappello Prof. Robert M. Owens cappello@cs.ucsb.edu owens@cse.psu.edu Computer Science Computer Science & Engineering University of California Pennsylvania State Univ. Santa Barbara, CA 93106 University Park, PA 16802 (805) 893-4383 (814) 865-9505 (805) 893-8553 (Fax) (814) 865-3176 (Fax) EUROPEAN PUBLICITY CHAIR Prof. Vincenzo Piuri e-mail piuri@ipmel1.polimi.it Dept. of Electronics and Information Politecnico di Milano p.za L. da Vinci 32 I-20133 Milano, Italy +39-2-23993606 +39-2-23993411 (Fax) Please forward this Call to all interested parties. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Blaze Date: Wed, 5 Jan 94 15:44:26 PST To: cypherpunks@toad.com Subject: automatic mail scanning software Message-ID: <9401052342.AA09170@big.l1135.att.com> MIME-Version: 1.0 Content-Type: text/plain I was just cleaning up my office, throwing out a bunch of vendor literature from a recent unixexpo, when a flyer for a product called "MpScan" from an outfit called "CyberSoft" caught my eye. This product, as advertised, "automatically searches outgoing email for company classified material". Aside from being configurable to do stuff like block mail to certain addresses, it also " ...uses the powerful, user-tested CVDL scanning language..." and can generate "...reports which can be used to look for unusual changes in Email usage...". A "version 2" promises "many more feaures using an AI engine". All this can be yours for only $49,000 per mail server, or $200,000 per site license. You get free upgrades until the end of 1997. -matt From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: fnerd@smds.com (FutureNerd Steve Witham) Date: Wed, 5 Jan 94 17:34:26 PST To: cypherpunks@toad.com Subject: Non-techie Crypto book? Message-ID: <9401060124.AA05687@smds.com> MIME-Version: 1.0 Content-Type: text/plain Is there a good not-very-technical, but up-to-date book on crypto? An acquaintance asks. -fnerd - - cryptocosmology- sufficiently advanced communication is indistinguishable from noise - god is in the least significant bits -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Wed, 5 Jan 94 20:34:28 PST To: fnerd@smds.com (FutureNerd Steve Witham) Subject: Re: Non-techie Crypto book? In-Reply-To: <9401060124.AA05687@smds.com> Message-ID: <199401060433.XAA15461@snark> MIME-Version: 1.0 Content-Type: text/plain FutureNerd Steve Witham says: > Is there a good not-very-technical, but up-to-date book on > crypto? > > An acquaintance asks. No, there is nothing that is nontechnical and up-to-date. Indeed, I'd question the very idea -- people trying to understand cryptography in enough detail that they would understand what has happened in the last decade had best learn the technical details. On a non-technical level you can't write more than a dozen pages before exhausting the information you can convey about the technologies. The best TECHNICAL book out there on crypto at the moment is of course Bruce Schneier's "Applied Cryptography", which is a wonderful piece of work. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Wed, 5 Jan 94 22:14:30 PST To: cypherpunks@toad.com Subject: cryptopolitics: Message-ID: <01H7CEDOXTMG94PWJH@delphi.com> MIME-Version: 1.0 Content-Type: text/plain cryptopolitics: Any sufficiently advanced government is indistinguishable from anarchy. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Edward Marotta Date: Thu, 6 Jan 94 02:39:51 PST To: cypherpunks@toad.com Subject: A Crypto Biblio Message-ID: <199401061036.CAA17662@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain number 006 CLACKER'S DIGEST December 6, 1992. philosophy and applications for analytical engines ------------------------------------------------------------------ (46 lines) A Cryptography Bibliography by mercury@well.sf.ca.us (Technically, cryptography is MAKING codes while cryptanalysis is BREAKING them. Both are subsumed under cryptology. A CIPHER is a regular transposition such as A=Z, B=Y, etc., while a CODE is a table of arbitrary symbols.) Kahn, David, THE CODEBREAKERS, MacMillan, 1967. The MOST complete history with specific examples. Written before public keys, RSA, etc., but still THE place to start. Marotta, Michael, THE CODE BOOK, Loompanics, 1987, Overview of history and post-1967 developments. Sinkov, Abraham, ELEMENTARY CRYPTANALYSIS: A MATHEMATICAL APPROACH, Random House, 1968. Sinkov worked for Friedman on the breaking of Purple. First rate. Gaines, Helen Fouche, CRYPTANALYSIS, Dover, 1956. A classic work. The first step to breaking codes and ciphers. Lysing, Henry, SECRET WRITING, Dover, 1974. Another reprint of another classic. Smith, Laurence Dwight, CRYPTOGRAPHY, Dover, 1955. Ditto. Konheim, Alan G., CRYPTOGRAPHY: A PRIMER, John Wiley, 1981. Textbook for mathematicians from IBM's Watson Center. Includes public keys, digital signatures. Meyer, Carl H., and Matyas Stephen M., CRYPTOGRAPHY, John Wiley, 1982. From IBM Cryptography Competency Center. For computers, includes public keys, digital signatures. Weber, Ralph E., UNITED STATES DIPLOMATIC CODES AND CIPHERS 1775- 1938, Precedent, 1979. Not just a history! The appendix contains the all the keys!! Chadwick, THE DECIPHERMENT OF LINEAR B, Vintage, 1958. Worked with Michael Ventris on unraveling Minoan script. Yardley, Herbert O., THE AMERICAN BLACK CHAMBER, Ballantine 1981, Random House, 1931. Yardley broke German ciphers in WWI and then Japanese ciphers of 1920, and was fired in 1931 because "Gentlemen don't read each other's mail." (anonymous), THE DATA ENCRYPTION STANDARD, National Bureau of Standards, January 1977, NTIS NBS-FIPS PUB 46. (anonymous), DATA SECURITY AND THE DATA ENCRYPTION STANDARD, National Bureau of Standards, 1978, Pub 500-27; CODEN: XNBSAV. Rivest, Ronald L., Shamir, A., and Adleman, L., "A Method for Obtaining Digital Signatures and Public-key Cryptosystems," COMMUNICATIONS OF THE ACM, February, 1979. The last word. -------------------------- 30 ------------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@rosebud.ee.uh.edu Date: Thu, 6 Jan 94 01:04:30 PST To: cypherpunks@toad.com Subject: Butt-Head Message-ID: <9401060903.AA17105@toad.com> MIME-Version: 1.0 Content-Type: text/plain L.A. Times Jan. 3, 1994 p. D1 THAT'S WHAT HE GETS FOR COMPLAINING SAN FRANCISCO - Apple Computer Inc., after receiving a complaint from famed scientist Carl Sagan, has changed the internal code name for an upcoming model to "Butt-Head Astronomer" from "Carl Sagan," the San Francisco Chronicle reported. Sagan asked the company to stop using his name after an article about the new computer appeared in MacWeek magazine, the newspaper said. The Computer is one of three Apple models that will use the PowerPC microprocessor, which was developed by an alliance of Apple, Motorola Inc. and International Business Machines Corp. For those of tender sensibilities, Butt-Head Astronomer will be known as BHA for short. -Bloomberg Business News From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an3747@anon.penet.fi Date: Wed, 5 Jan 94 21:14:30 PST To: cypherpunks@toad.com Subject: Klinton's Gestapo Message-ID: <9401060442.AA03617@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain From an AP story Jan 4 President Clinton commended the nation's fallen spies and their colleagues of the Central Intelligence Agency on Tuesday, saying espionage helped win the Cold War and now is needed to guard against new evils. Addressing hundreds of CIA employees on his first visit to the top-secret agency, Clinton said ``the new world remains dangerous'' as threats of terrorism, ethnic conflict and militant nationalism challenge the intelligence community. About 400 workers crowded the marble lobby of the agency's headquarters; others lined hallways, watching the president's address on TV monitors. The employees applauded several times as Clinton paid tribute to their work at a time when some critics are questioning the agency's role in the post-Cold War era. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: paul@poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 6 Jan 94 06:20:07 PST To: cypherpunks@toad.com Subject: AT&T licenses crypto modules Message-ID: <199401061417.AA04319@poboy.b17c.ingr.com> MIME-Version: 1.0 Content-Type: text/plain Below is a press release posted by David Arneke of AT&T to the Telecom Digest. It looks like the licensing chain goes RSA -> ISC -> AT&T -> you, but it's encouraging that these libraries are available: they offer good potential for continuing and even accelerating the spread of strong crypto out beyond the bounds of the online world. -Paul AT&T LICENSES LINKABLE CODE FOR SECURE SOFTWARE GREENSBORO, North Carolina -- AT&T is giving software developers access to linkable code modules for encryption, public key exchange and other communications security functions. AT&T announced today that a comprehensive library of linkable code modules, including RSA security technology and the NIST Digital Signature Algorithm, is available for licensing. Linkable code is available in the form of linkable object module libraries and Windows Dynamic Link Libraries (DLLs), which are under license from Information Security Corporation of Deerfield, Illinois. [ .. deletia .. ] "Electronic commerce has an inherent requirement for privacy, data integrity, authentication and non-repudiation," said Larry Salter, director of secure systems and services for AT&T Secure Communications Systems. "These capabilities are ideal for PCMCIA and smart-card applications as well as conventional software for PCs and workstations." The package includes code for DES encryption, the ElGamal public key cryptosystem, the Digital Signature Algorithm, the Secure Hash Standard and most RSA security functions, including RSA encryption, key management and digital signatures; MD5 hashing functions; and the Diffie-Hellman key exchange protocol. A proprietary encryption algorithm for exportable applications is available as well. More than a dozen military and civilian federal agencies and a growing number of corporations have already licensed the code for new software applications, Salter said. "This is a full range of information security functions, relying on the most widely accepted government and commercial standards," Salter said. Prices for code packages containing DSA technology are $750 for the DOS/Windows version, $1,000 for the Macintosh version and $1250 for the UNIX version. For code packages containing RSA technology are $300 for the DOS/Windows version, $400 for the Macintosh version and $500 for the UNIX version. The license allows developers to load the code into two workstations for software development. Royalty payments are required for distribution of applications to end users. [ .. descriptions of AT&T's shrinkwrapped products deleted .. ] Software developers can get more information on licensing the AT&T linkable code module library by calling the AT&T Secure Communications Customer Service Center, 1 800 203-5563. -- Paul Robichaux, KD4JZG | "Change the world for a better tomorrow. But perobich@ingr.com | watch your ass today." - aaron@halcyon.com Intergraph Federal Systems | Be a cryptography user- ask me how. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jim Demmers Date: Thu, 6 Jan 94 07:14:33 PST To: cypherpunks@toad.com Subject: farewell cypherwonks... Message-ID: <199401061505.AA11919@noel.pd.org> MIME-Version: 1.0 Content-Type: text/plain I picked up the following tidbit off of the Computists' Communique: The Cypherwonks list for electronic democracy, cryptography, digital cash, etc., "has essentially died at the hand of one of its founders and his numerous detractors." Other members are seeking a moderated forum. [Sam Sternberg (samsam@vm1.yorku.ca), NETWORKS and COMMUNITY, 1/3/94. net-hap.] - jim |=======================================================================| | | | Jim Demmers Public Domain, Inc. INET: jdemmers@pd.org | | P.O. Box 8899 jim.demmers@oit.gatech.edu | | Atlanta, GA 30306-0899 balder@gnu.ai.mit.edu | | USA | | Phone: 404-377-2627 FAX: 404-894-9135 | | | |=======================================================================| From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: farber@central.cis.upenn.edu (David Farber) Date: Thu, 6 Jan 94 10:00:08 PST To: eff-staff@eff.org Subject: Microsoft-Cryptography-Redmond, WA Message-ID: <199401060812.DAA20660@linc.cis.upenn.edu> MIME-Version: 1.0 Content-Type: text/plain >Posted-Date: Thu, 6 Jan 1994 03:03:07 -0500 >Newsgroups: sci.crypt >Path: >netnews.upenn.edu!newsserver.jvnc.net!howland.reston.ans.net!europa.eng.gtefsd. >com!uunet!microsoft!wingnut!y-wait >From: y-wait@microsoft.com (Usenet Job Response Account) >Subject: Microsoft-Cryptography-Redmond, WA >Organization: Microsoft Corporation >Date: Thu, 6 Jan 1994 01:27:44 GMT >Distribution: na >Lines: 35 >Apparently-To: farber@linc > >MICROSOFT > * * ADVANCED CONSUMER TECHNOLOGY DIVISION * * > >Do you need a research challenge which results >in tangable product? Then the Advanced Consumer >Technology Division at Microsoft is the place >for you! Microsoft is looking to challenge the >brightest mathematical minds with the latest >advances in cryptography. The ideal candidate >will be responsible for the research, analysis, >verification, and recommendation of cryptographic >standards as well as the design of new standards. >Candidate should be familiar with authentication >techniques, blind signatures, digital signature >and time-stamping techniques, public key >encryption systems, hashing methods, and >encryption standards. Familiarity with RSA, DES, >minimum knowledge systems, and Digital Cash/Smart >Card technology a plus. A MS/Phd degree in >Mathematics, with a focus on cryptography desired. > >If you are interested in working in a small team >environment developing first version products, >mail your resume to: > > Microsoft Corporation > Attn: Recruiting > Dept. N5930-0105 > One Microsoft Way > Redmond, WA 98052-6399 > >or FAX your resume to 206-869-0947, Attn: N5930-0105 > >No phone calls please. We are an equal opportunity >employer and support workforce diversity. > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: freeman@MasPar.COM (Jay R. Freeman) Date: Thu, 6 Jan 94 10:04:35 PST To: cypherpunks@toad.com Subject: Re: cryptopolitics: Message-ID: <9401061803.AA00949@cleo.MasPar.Com> MIME-Version: 1.0 Content-Type: text/plain Mike Ingle says: > cryptopolitics: Any sufficiently advanced government is indistinguishable > from anarchy. And conversely? -- Jay Freeman From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jim choate Date: Thu, 6 Jan 94 11:44:34 PST To: MIKEINGLE@delphi.com (Mike Ingle) Subject: Re: cryptopolitics: In-Reply-To: <01H7CEDOXTMG94PWJH@delphi.com> Message-ID: <9401061754.AA13161@wixer> MIME-Version: 1.0 Content-Type: text/plain > > cryptopolitics: Any sufficiently advanced government is indistinguishable > from anarchy. > That is one way to look at it, I personaly prefer, Any sufficiently advanced government is indistinguishable from a egalitariate. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Thu, 6 Jan 94 12:04:34 PST To: cypherpunks@toad.com Subject: cypherpolitics Message-ID: <199401062001.PAA20538@snark> MIME-Version: 1.0 Content-Type: text/plain Any sufficiently advanced mailing list is indistinguishable from noise. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: freeman@oxygen.aps1.anl.gov (David Freeman) Date: Thu, 6 Jan 94 13:20:11 PST To: cypherpunks@toad.com Subject: info Message-ID: <9401062120.AA17656@oxygen.aps1.anl.gov> MIME-Version: 1.0 Content-Type: text/plain Howdy, Any info that you can send regarding premise, scope of project, effects, etc. would be greatly apreciated. I'm really curious as to how this all works. thanks David Freeman freeman@anlaps.aps.anl.gov From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Arthur Chandler Date: Thu, 6 Jan 94 16:00:13 PST To: "Perry E. Metzger" Subject: Re: cypherpolitics In-Reply-To: <199401062001.PAA20538@snark> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Thu, 6 Jan 1994, Perry E. Metzger wrote: > > Any sufficiently advanced mailing list is indistinguishable from > noise. > > Perry > I realize we're all supposed to smile knowingly at this cynical remark; but I can't let the cynicism pass without a commentary. If the list is advanced, then the issues being discussed may strike newbies as arcane -- this is noise only to the uninitiated. And repeated threads may strike old-timers as rehash -- and therefore a kind of noise. But -- at least as far as Cypherpunks goes -- even apparently repetitive threads have new slants, unforeseen shadings of personal meaning, and new contexts to save them from being considered as just noise. "The main cause of failure in education," said A.N. Whitehead, "is staleness." And a stale reader will hear only noise if the attention isn't focussed enough to see the actually new within the apparently old. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: freeman@MasPar.COM (Jay R. Freeman) Date: Thu, 6 Jan 94 15:50:13 PST To: cypherpunks@toad.com Subject: Re: info Message-ID: <9401062350.AA01375@cleo.MasPar.Com> MIME-Version: 1.0 Content-Type: text/plain > TAKE TWA TO CAIRO. ===== At the very least, it should have said "CASABLANCA"... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Harry S. Hawk" Date: Thu, 6 Jan 94 13:14:33 PST To: cypherpunks@toad.com (Good Guys) Subject: RSA & General Magic Message-ID: <199401062114.AA29066@panix.com> MIME-Version: 1.0 Content-Type: text/plain General Magic in their media kit which was handed out at MacWorld today states; "General Magic picks RSA to provide security for Telescript and Magic Cap. Jan 6th 93 (sic) - GM announced today it has licensed tech. from RSA to provide security services for its Telescript communications engine.... GM used RSA's BSAFE toolkit, with encryption and digital sig. features based on RSA Public Key Cryptosystem and RSA's RC4 symmertic stream cipher. -- Harry S. Hawk habs@extropy.org Electronic Communications Officer, Extropy Institute Inc. The Extropians Mailing List, Since 1991 EXTROPY -- A measure of intelligence, information, energy, vitality, experience, diversity, opportunity, and growth. EXTROPIANISM -- The philosophy that seeks to increase extropy. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: freeman@oxygen.aps1.anl.gov (David Freeman) Date: Thu, 6 Jan 94 14:40:13 PST To: cypherpunks@toad.com Subject: info Message-ID: <9401062237.AA20104@oxygen.aps1.anl.gov> MIME-Version: 1.0 Content-Type: text/plain Hello, I'm interested in what is currently available to protect ones privacy in terms of encryption and how one goes about obtaining materials. I also would like to know if this is an organized effort is which outside programmers can contribute, if so how does one participate? How does one stays out of trouble with the powers that be when engaging in such activities, or do I give the powers that be too much credit? Is there a mailing list or news letter available? thanks David Freeman freeman@anlaps.aps.anl.gov From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Thu, 6 Jan 94 15:10:13 PST To: cypherpunks@toad.com Subject: Re: cypherpolitics Message-ID: <9401062307.AA05695@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain > Any sufficiently advanced mailing list is indistinguishable from > noise. Any in-sufficiently advance mailing list is indistinguishable from silence. ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: m5@vail.tivoli.com (Mike McNally) Date: Thu, 6 Jan 94 15:24:35 PST To: freeman@oxygen.aps1.anl.gov (David Freeman) Subject: info In-Reply-To: <9401062237.AA20104@oxygen.aps1.anl.gov> Message-ID: <9401062320.AA07481@vail.tivoli.com> MIME-Version: 1.0 Content-Type: text/plain David Freeman writes: > How does one stays out of trouble with the powers that be when > engaging in such activities Umm, the cynical among us might say that somebody posting from a .gov site *represents* the powers-that-be... -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cfrye@ciis.mitre.org (Curtis D. Frye) Date: Thu, 6 Jan 94 14:20:12 PST To: cypherpunks@toad.com Subject: U.S. Sprint Using SSN as Passcode? Message-ID: <9401062224.AA25295@ciis.mitre.org> MIME-Version: 1.0 Content-Type: text/plain While listening to NPR this morning, I heard the director of US Sprint giving a demonstration of his company's new voice-activated long distance calling system. The user dials 1-800-GIVEUS$ and verbally enters his/her passcode. Apparently, the system recognizes and checks the code as well as analyzing the caller's voice pattern, comparing it to a recorded sample to verify the caller's identity. So, what's the catch? As hinted in the title, the passcode is the customer's SSN plus one digit supplied by US Sprint. Now all the bad guys need is a sharp set of ears or a microphone in the phone booth and they have us by the . I hope this idiotic passcode scheme dies a quick, horrible death. Maybe I misunderstood or the reporter got it wrong (a permutation on the SSN is little better, though), but I don't think so. ObRant about the dangers of giving out one's SSN deleted for brevity. -- Best regards, Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author cfrye@ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ferguson@icm1.icp.net (Paul Ferguson) Date: Thu, 6 Jan 94 16:30:13 PST To: cfrye@ciis.mitre.org (Curtis D. Frye) Subject: Re: U.S. Sprint Using SSN as Passcode? In-Reply-To: <9401062224.AA25295@ciis.mitre.org> Message-ID: <9401070028.AA20366@icm1.icp.net> MIME-Version: 1.0 Content-Type: text > As hinted in the title, the passcode is the customer's SSN plus one digit > supplied by US Sprint. Now all the bad guys need is a sharp set of ears or > a microphone in the phone booth and they have us by the whatever organs you hold near and dear to your heart>. I hope this idiotic > passcode scheme dies a quick, horrible death. Maybe I misunderstood or the > reporter got it wrong (a permutation on the SSN is little better, though), > but I don't think so. > > ObRant about the dangers of giving out one's SSN deleted for brevity. I can, at least, assure you that we internet engineering types are not as foolish as our voice counterparts. Also, marketing is an evil thing. ObCaveat: I speak for myself, my data brethren, and not for US Sprint. ____________________________________________________________________________ Paul Ferguson Sprint Managed Router Network Engineering tel: 703.904.2437 Herndon, Virginia USA internet: ferguson@icp.net From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: fnerd@smds.com (FutureNerd Steve Witham) Date: Thu, 6 Jan 94 19:30:15 PST To: cypherpunks@toad.com Subject: Re: Non-techie Crypto book? Message-ID: <9401070318.AA10750@smds.com> MIME-Version: 1.0 Content-Type: text/plain Maybe there's a book on "Privacy" out there that gives reasonably up-to-date coverage of crypto. I would love a book that covered all the sociopolitical cypherpunk issues like reputations and anonymity; agorics and pay-per-use; copyright, left and not; Chaum's distinction between Identification and Authentication; traceable vs. non-traceable emoney; smart cards and wallets; history of privacy invasion; history of public-key crypto and non-government cryptology; accelleration of technology that can be used for spying; the sorry present state of cellular phone privacy, Qualcomm's initiative; "digital license plates" as likely implied in various government proposals; etc. Has anyone read the Michael Marotta book? -fnerd quote me - - cryptocosmology- sufficiently advanced communication is indistinguishable from noise - god is in the least significant bits -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: edgar@spectrx.saigon.com (Edgar W. Swank) Date: Fri, 7 Jan 94 06:25:31 PST To: Cypherpunks Subject: Risk and Opportunity Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Peter Baumbach posted on Jan 3: I stumbled onto a pair of programs called seejunk.exe and prune.exe this past week. ... There is also an opportunity here. Encrypted information could be stored at the end of your files. In other words this is an opportunity for steganography. ... I don't have full access to the internet. If someone finds these programs on the internet, can they post the location here. If the files aren't on the internet, I can email them to anyone that wants to post them to the cypherpunk ftp site. A backlevel version (2.2) of PRUNE is available on internet at both GARBO and SIMTEL. prune22.zip GARB 9959 03-31-92 Overwrite unallocated "Tail End" of files, from Sydex " " " SIMT 9689 04-05-92 B Clear out unallocated bytes at the end of file To order from the GARBO e-mail server, To: mailserv@garbo.uwasa.fi Subject: garbo-request send pc/fileutil/prune22.zip However, there is a more recent version (2.3) on local BBS's here (San Jose). PRUNE23.ZIP DCTL 10504 03-29-93 Unbeknownst to you, DOS often puts data from your other files after the end of your files PRUNE allows you to clear this perhaps sensitive information out before you pass it on to your competitors. You know can pick the pattern to be written after the end-of- file, and there's now a "scan subdirectories " option too. Version 2.3 of a free Sydex utility. Files: 4 Oldest: 3/4/93 Newest: 3/4/93 " " " EGLN @ 10905 11-21-93 [same description] " " " FDUT 10737 11-20-93 " " " " " " SNKP 10504 07-11-93 " " " Two of the above BBS's also have the SEEJUNK utility: SEEJUNK.ZIP DCTL 9447 07-30-90 Lets you see the junk appended to your floppy " " " FDUT 9345 10-01-91 See the "junk" inside some of your executables. Key to BBS Codes DCTL DC-to-Light 408-956-0317 EGLN Eagle's Nest 408-223-9821 FDUT Flying Dutchman 408-294-3065 SNKP Snakepit (aka Micro-Medic) 408-287-2454 All of the above support at least 9600 bps V.32. I'll join Peter in offering to download & send copies of these programs to anyone who will put them on a public FTP site or mailserver. Another program similar to the above is WIPIT100.ZIP EGLN 14897 11-21-93 WIPIT v1.00 8/2/93 Wipe all free space on your disk to prevent Undeleting files. Free for personal use. which takes care of data left in free areas. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLS02UN4nNf3ah8DHAQEkUwP8CtNr9SFcW8B/hS2Qxu6EWM2KsTUuKKIj bDM7svpt9/p1ZBTulhmXWoLNMA6p3aBHt8TDHPzkJoJtoacXRMa3FK534ZYOu+fz 8DsJjN1Z3qWSaxqj6G+PAJtNYD6IdCFhfOEfw3ameA1n7xTXEx2AlyAa8YLJFBDp vGwO9JBPmpM= =03Dr -----END PGP SIGNATURE----- -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: edgar@spectrx.saigon.com (Edgar W. Swank) Date: Fri, 7 Jan 94 06:24:44 PST To: Cypherpunks Subject: Slack area behind files Message-ID: MIME-Version: 1.0 Content-Type: text/plain Hal Finney brought up the problem of securely wiping files stored on a "compressed" disk a la Stacker, DoublesSpace, or (in my case) SuperStor. I have modified (my copy of) PGP so that the wipe function uses pseudo-random data rather than zeroes to over-write files. This change -should- appear in the next release of PGP. It's a fairly simple change. I'll supply source diff's on request. -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Johnson Date: Fri, 7 Jan 94 05:34:41 PST To: cypherpunks@toad.com Subject: Crypto Controls in the USA Message-ID: <199401071333.AA01463@teal.csn.org> MIME-Version: 1.0 Content-Type: text/plain Data Encryption Software and Technical Data Controls in the United States of America Copyright (C) 1994 Michael Paul Johnson PO Box 1151 Longmont CO 80502-1151 USA mpj@csn.org 303-447-7302 Distribute unmodified copies freely. 7 January 1994 1. Introduction 2. Problems with the Status Quo 2.1. Regulations Ignore Technology 2.2. Overly Broad Definition of "Encryption Software" 2.3. Overly Broad Definition of Export 2.4. Censorship and the First Amendment 3. National Security Issues 3.1. Signals Intelligence 3.1.1. Enemy Signals 3.1.2. Bugs & National Technical Means 3.2. Counter-Intelligence Activities 3.3. Our Military and Diplomatic Communications 3.4. Banking Transactions 3.5. Domestic Personal and Corporate Communications 3.6. Authentication in the Private Sector 3.7. Upholding the Constitution 3.8. Law Enforcement 3.9. Technology Base Migration and Loss 4. Technology Issues 4.1. Availability of Computers 4.2. Telephone Lines and Modems 4.3. The Internet 4.4. Information Services and Bulletin Boards 4.5. Books and Magazines 4.6. Availability of Encryption Software 4.7. DES is Dying 4.8. Unbreakable Encryption 5. Economic Issues 5.1. International Trade 5.2. Cryptographic Competition 5.3. Domestic Chilling Effect 6. Regulatory Issues 6.1. Clarity of Regulations and their Intent 6.2. The First Amendment 6.3. Enforcement 6.4. Consistency with Technology 7. Recommendations 7.1. Reevaluate National Security Impact 7.2. Deregulate Publicly Available Information 7.3. Deregulate Research and Publication 7.4. Replace DES with Better Public Standard 7.5. Control NSAs Cryptographic Technology 7.6. Alternate Intelligence Methods 7.7. Alternate Law Enforcement Methods 7.8. Clarify & Repair Export Regulations 1. Introduction The current status of the regulation of encryption software in the United States of America is, at best, confusing and harmful to business. At worst, the current status is harmful to National Security and violates U. S. Constitution. I invite you to study this issue with me. I present what I perceive to be the problems and the issues that must be considered, then suggest some solutions. Even if you don't fully agree with all of my statements, I hope that they prove helpful to your own understanding of this situation. 2. Problems with the Status Quo I perceive several problems with the current International Traffic in Arms Regulations (ITAR) far beyond typos like the reference to $120.10(d), which doesn't exist, in $120.10(1). These problems are severe enough that I hope that they will be rectified soon before they do even more damage. All of the problems with the ITAR mentioned here have to with encryption software, as defined in the ITAR. 2.1 Regulations Ignore Technology The ITAR ignores the fact that software, like other technical data, can exist in a multitude of forms, many of which know no national boundaries. The ITAR ignores the fact that much of what is prohibited to be exported exists in unlimited quantities outside the USA. The ITAR hurts U. S. Business but doesn't significantly reduce the availability of strong encryption technology outside the USA. The ITAR ignores the widespread use of purely electronic means to distribute software, such as the Internet, Computer Bulletin Board Systems (BBS), and commercial information services (such as CompuServe). The ITAR ignores the fact that shareware publishing, which is a form of Constitutionally protected publication, propagates software all over the world with no formal distribution mechanism. 2.2 Overly Broad Definition of "Encryption Software" "Encryption software" is defined in $121.8(f) and $121.1, Category XIII(b) to include not only computer programs designed to protect the privacy of information, but all of the technical data about those programs. This naturally includes a great deal of material in any large library or book store. William B. Robinson, Director of the United States Department of State, Bureau of Politico-Military Affairs, Office of Defense Trade Controls, states in his letter to me of 30 November 1993, that "the exemptions listed in $125.4 for technical data do not apply to cryptographic software and source code." I conclude, therefore, that the ITAR implies that the majority of the libraries and larger bookstores in the United States stock "munitions" on their shelves for anyone to read. 2.3 Overly Broad Definition of Export $120.17 of the ITAR makes it clear that allowing a foreign person to read a book containing encryption software constitutes export. Therefore it seems possible that some perverse person might state that all of the libraries and bookstores that contain any book on cryptography must register as an exporter of munitions. This situation gets even more interesting in its electronic analogies. However, restricting domestic distribution of technology that is perfectly legal and useful within the USA just because a foreigner might see it is not only unreasonable, it could probably not stand a Constitutional challenge. 2.4 Censorship and the First Amendment The ITAR does make some acknowledgment of the fact that not all of the publications that it calls "encryption software" need be subject to export restrictions, but doesn't even come close to defining the difference. All it does is set forth a censorship procedure called a "Commodity Jurisdiction Procedure" (see $120.4). From what I know of the First Amendment and Constitutional case law (I'm not a lawyer, but I took a class on the subject), the only way the Federal Government can legally take away U. S. Citizen's rights to freedom of speech or freedom of the press is when there is a clear danger that is caused by that expression, or a significant infringement of the rights of another person. The classic examples of this are yelling "FIRE" in a crowded theater, or committing libel or slander. In the case of technical data concerning encryption software that is already in the "public domain" (as defined in the ITAR for technical data), the damage (or benefit), if any, is pretty much already done and further publication probably makes little difference. I believe that any definition of what is a munition that makes the nation's bookstores and libraries appear to be exporters of munitions is not just ridiculous, it is unconstitutional. When I tried to get clarification from the Department of State on what the rules that they applied when performing their censorship role (Commodity Jurisdiction Proceeding) were, all I got back was two letters, one that clarified a point made muddy by a typo in the ITAR and gave no help beyond the ITAR itself, and one form letter that said that the Department of State would not deal with hypothetical questions (even though most of my questions weren't purely hypothetical). This serious Constitutional question casts doubt on the enforceability of any of the regulations in the ITAR against any encryption software. It could be difficult to prove that the publication of a particular piece of technical data or computer program caused specific, measurable damage resulting from intentional export without a license (even if you could figure out who exported it). Yet, there cannot be any restriction to U. S. Citizen's freedom of speech and freedom of the press unless it can be proved that damage resulted from that speech. 3. National Security Issues "National Security" means a lot of things. It means maintaining the integrity and safety of our Constitution, our people, our land, and our environment. It means the ability to defend ourselves against anyone or any thing that would seek to harm us. Our freedom, constitutional democracy, and fairness to all citizens are our greatest protection against internal threats. This gives us the strength and will to have a strong diplomatic, economic, and military force to protect us against external threats. 3.1 Signals Intelligence In the context of encryption software, the most obvious connection to National Security (if you ask the NSA) is the impact on intelligence operations. In the process of spying on enemies, it is a lot safer to listen to what they are doing remotely than to send a person in to spy. The two main ways of doing this are (1) to listen to and/or alter signals that they generate for their own purposes, and (2) to listen to signals emanating from devices that we have placed for the purposes of listening. 3.1.1 Enemy Signals Enemy signals may include telemetry, radio transmissions on various frequencies for various purposes, telephone conversations, computer data links of various sorts, etc. These all may provide some kind of clue as to what evil deeds they may try to perpetrate on us next, or may indicate significant vulnerabilities for us to exploit in war time. The enemy knows that we know this, and will probably try to protect at least some of their signals using encryption, deception, jamming, or data hiding (steganography). It is possible that an enemy might use some of our own encryption technology against us. The enemy may either directly use a commercial product to hide the meaning of communications from us, or use some published technology originated in the USA and other free countries to build their own systems. They may also add their own secret innovations to what they learn from us. Of course, there is also the consideration that an enemy would prefer to use cryptographic technology of their own design. This would give them the advantage of not letting us know which algorithm they are using. It would also deprive us of the huge head start we have on cryptanalysis of things like the ancient Data Encryption Standard (DES). This may not be enough to stop me from protecting a proprietary cookie recipe with the DES algorithm (or the triple DES variant if the cookies tasted good and weren't fattening), but it would be a significant consideration for a nation planning to bomb Pearl Harbor. DES is probably a bad example, since everyone on planet Earth who really cares already has a copy of a program that does DES encryption, or can get one in a few minutes. Using a commercial product like a spread sheet or data base program that does encryption only as an extra feature against us is something of a problem for an enemy, since such products are not normally well suited to the applications needed in military and diplomatic situations. Imagine giving a field commander a laptop computer with a U. S. commercial spread sheet program on it to decrypt orders from his commander. I may underestimate the silliness of our enemies, but I don't think that this is likely. A much more tamper-resistant device with better key management would be much more appropriate for a military or diplomatic application. Use of our publicly available encryption design technical data in building more appropriate military communications security devices is a more likely threat in the case of a clever adversary. The only consolation in this case is that we also have access to this same data as an aid to cryptanalysis. In the extreme case, strong cryptographic technology could become so readily available and easy to use that most of the interesting signals generated by enemies for their own purposes are encrypted in such a way that we cannot decrypt or subvert the communications without stealing their keys. In that case, all nations might have to behave like gentlemen (and not open the other's mail or read their electronic communications). Then again, that is probably too idealistic to expect. It is more likely that mankind will only figure out other ways of spying on each other. 3.1.2 Bugs & National Technical Means Even if the enemy takes great care to protect the secrecy and integrity of their own communications channels, we can still spy on them. Listening devices can be made so small and have such inconspicuous output that they can be almost impossible to detect or jam when planted properly. It takes very little power to send a signal to a nearby relay to a satellite, and many varieties of listening devices can be used. Even if an enemy becomes wise to one kind, another kind may be in use. Suffice it to say that all the encryption technology in the world could not cut off this source of intelligence, since all valuable intelligence exists in the clear at some point. If it didn't, it would be of no value to the originator and intended recipient. Public use of strong cryptographic technology may limit the points where listening devices must be planted to be of value, but can never totally cut off this sort of intelligence. Increases in knowledge cryptography and steganography may help this sort of spying more than hinder it. 3.2 Counter-Intelligence Activities Increased public use of strong cryptography makes it easier for a spy to obtain a good cryptosystem. It also makes it easier to send encrypted messages without arousing suspicion. That is good for our spies, but bad for detecting spies in our own country. Then again, it would be a pretty inept spy (ours or theirs) who could not now obtain a good cryptosystem and send messages home without arousing suspicion, under conditions much worse than the USA right now. Of course, increased public use of strong cryptography also makes it harder for a spy to find valuable data to send back home. I think that the net effect will be that spies in the USA (and some other developed nations) will be harder to catch, but less effective. 3.3 Our Military and Diplomatic Communications The greatest contribution of cryptography to our National Security is in protecting our own military and diplomatic communications from eavesdropping or alteration. Communications of this nature must be private, must be authentic (not an alteration or forgery), and must not have been altered in transit. Increased public use of strong cryptography can only help us to keep our most sensitive communications private. This is because there will be more encrypted traffic to attempt attacks on, making traffic analysis harder. It also may be that discoveries made in the private sector help in the design and evaluation of military and diplomatic cryptosystems. 3.4 Banking Transactions We do so much banking electronically that failure to use strong cryptography to protect these transactions would be criminally negligent. It would be like not locking the vault and bank doors and not posting a guard. The importance of the integrity of our banking system to our economic well-being is obvious. The cryptographic protection must also be economical, just as the bank buildings, vaults, and other security systems must be, or the banks will not remain competitive. We must balance the cost of protection with the value of what is being protected. Strong cryptography usually doesn't cost much more to implement than weak cryptography, and may save a whole lot of money if it can prevent some fraud. 3.5 Domestic Personal and Corporate Communications Although there are strict and fairly consistent guidelines for the protection of U. S. Government classified information, the private sector is much more vulnerable. Some companies are very security conscious, but some are not. Those which are not are easy targets for foreign and domestic spies, either working for governments or competing corporations (or both). Encouraging good security practices in the private sector, including use of strong cryptography, use of good crosscut shredders, etc., makes the USA more secure against this threat. Protection of personal communications with encryption is good for privacy, just as locks on doors and curtains on windows are. It becomes very important in some cases, such as when a battered person is hiding from a stalker that is still at large, or when coordinating activities that might attract criminals like shipping diamonds. Encryption technology can help reduce crime, just like dead bolt locks. Just as I prefer to manage my own dead bolt keys, I'd rather not be forced to escrow a master key to my data with Big Brother. This isn't because I do anything evil with my dead bolts or cryptographic software, but because I love freedom. This preference is nearly universal among users of cryptography, and the countries and companies that cater to this desire will have a big economic advantage. 3.6 Authentication in the Private Sector Encryption technology is the only way to provide a signature on a digital document. Nothing is totally fool proof, but digital signatures, when done properly, are much harder to forge or refute than pen and ink signatures on paper. Electronic documents can be transmitted faster and with higher fidelity than faxes, and the ability to sign them will be a great aid to quickly and conveniently doing business with remote customers and suppliers. As contract case law and technology evolve, this will become more and more important to our economy. 3.7 Upholding the Constitution Citizens of the United States of America have a right to privacy guaranteed by the Constitution's Bill of Rights. This quaintly stated right to be secure in our papers and effects is highly cherished. The advance of technology has eroded privacy. Corporations like Tandy openly track their customer's names, addresses, buying habits, then shower them with junk mail. Credit bureaus keep massive amounts of (often incorrect) data on people all over the country -- information that is supplied to lenders and in the form of prescreened mailing lists for solicitors. Government organizations keep records of real estate transactions, census data, and other such records that are used by solicitors to pester owners of houses in selected neighborhoods. Hospitals keep your patient records on computer systems that can be accessed by many people. Cellular and cordless telephones are trivial to monitor without physically tapping any wires, and legislated privacy in these areas is unenforceable. Strong encryption can bring back part of the privacy that has been lost to technology. No law can keep spies and criminals from listening to phone calls made over radio links (including microwave and satellite links for normal phone calls), but encryption can make those calls unintelligible to criminals and other unauthorized listeners. 3.8 Law Enforcement The proper use of encryption technology by law enforcement officers helps deny knowledge of monitoring operations to criminals and fugitives. It helps them to keep records private and protect under cover agents. It helps prevent tampering and deception from being used against them in their own communications. Unfortunately, this is a two-edged sword. Strong encryption technology can also be used by criminals to thwart the efforts of law enforcement officers to gather useful information from court authorized wire taps. Strong cryptography also provides a "safe" way for a criminal to keep records of nefarious deeds that cannot be read by the police and used as convincing evidence leading to a conviction. Of course, fewer such records might be kept in the absence of strong cryptography, and some records kept in this manner might not be all that useful in obtaining a conviction. This is not very assuring to law abiding citizens and law enforcement officers, who want dangerous criminals to be caught well before they meet the Ultimate Judge in Heaven. Fortunately, most of the investigative tools available to law enforcement officials are not affected by strong cryptography. It is also likely that anyone stupid enough to engage in criminal activity is likely to screw up in some way that leaks information about their actions. Murder, terrorism, rape, and other violent crimes are not all that hard to commit (for those devoid of conscience or with the twisted conscience of a kamikaze), but these crimes are very difficult to get away with. 3.9 Technology Base Migration and Loss When a technology is discouraged by over-regulation, taxation, or other means, that technology becomes less profitable in the country where it is discouraged. Less profitable technologies are not invested in as heavily. Therefore, the technology in that country will tend to fall behind. Right now, it appears more profitable to develop an encryption product for sale in many other countries than in the USA because export of this technology from the USA is discouraged but import is not. An entrepreneur in New Zealand has an unfair advantage against one in the USA. The New Zealander is not required to cripple key lengths or deal with unreasonable and unreadable regulations like our ITAR. This means that encryption technology in the USA will tend to atrophy while it prospers in other countries. This is bad for National Security. 4. Technology Issues Any policy concerning encryption software that is to make sense must take into account the realities of the current state of the art in the applicable technologies. Failure to do so could at best lead to confusion, and at worst do much more harm than good. 4.1 Availability of Computers It doesn't take a lot of computing power to perform strong encryption (locking data up). It often takes a great deal of computing power to do serious cryptanalysis (unlocking data without the key). Strong encryption can be done with almost any microprocessor on today's market. The original IBM PC (now greatly outclassed by the current desktop computers) has more than enough computing power to lock up significant amounts of data so tight that all the spy organizations in the world combined could not unlock it for thousands of years or more. This class of computer is available in essentially any developed or semi-developed country in the world. 4.2 Telephone Lines and Modems There are still places in the world that don't have easy access to telephone lines, but they are growing fewer all the time. The places that do have telephones, computers, and modems are those places where encryption technology is the most useful. Be they friend or foe, these places all have one thing in common. They are only a telephone call or two away from strong cryptographic software if they know where to call, and it isn't that hard to find out. Since many telephone connections are by satellite, and since international telephone traffic is not routinely monitored and censored by most free nations, any technical data (including encryption software) can be transmitted across almost any national border unhindered and undetected. 4.3 The Internet The Internet has grown to such a large, international collection of high speed data paths between computers, that it has become, among other things, one of the most effective examples of international freedom of expression in existence. Physical distances and political boundaries become irrelevant. I can peruse data posted for public access on university and corporate computer systems on five continents and many islands, no matter if I'm in the USA or in Russia. This is a powerful research tool. News groups provide discussion forums for subjects technical and nontechnical, decent and obscene, conservative and liberal, learned and ignorant, from Animal husbandry to Zymurgy, and more. The Internet provides easy access to lots of strong cryptographic technology and software that can be reached from any nation with a connection to the Internet. A great deal of this data originated from outside the USA. The most complete and up to date collections of encryption software on the Internet are published for anonymous ftp from sites outside the USA. (Anonymous ftp sites are computer systems that allow anyone to log in with the name "anonymous" using the file transfer protocol program called "ftp" to transfer files to their own system). There are several ftp sites in the USA that carry some encryption software, and they have varying degrees of barriers to export. Some sites make no attempt at all to limit access to encryption software. Some sites are very effective at not allowing export, but are totally ineffective at distributing software domestically because of the hassles they impose on users (who can just as easily get the same stuff from Italy). The strongest barrier to export that I've seen used at a U. S. domestic ftp site for encryption software that doesn't totally defeat most of the advantages of this form of software distribution is the one used at rsa.com for the distribution of their RSAREF package and RIPEM. The idea is to force you to read a text file containing an anti-export warning before you can find the data you are after. The text file that contains the warning also contains the name of a hidden directory that changes periodically. The encryption software is in the hidden directory. Naturally, this doesn't prevent an unwelcome intruder from stealing the data anyway, but the moral barrier presented probably reduces the number of "exports" from that site initiated by people in other countries. I support RSA Data Security, Incorporated's right to publish this data, even though I have observed copies of this data on several foreign computer systems. I tried hard to think of a better solution (and even called the Department of State and the NSA for ideas), but there is basically no way to widely and freely publish any data in the USA without making it possible for a foreigner to steal that data out of the country. Even if the data is confined to physical packages and sold or placed in libraries only in the USA, there is nothing to prevent someone (either a U. S. or foreign citizen) from buying or borrowing a copy, then transmitting a copy of that copy out of the country. Even if positive proof of citizenship is required before release of the data, all it takes is one citizen to release a copy of the data outside the USA. You might argue that there would be a strong moral barrier against this, but remember that all it takes is one. What does it matter to someone if they send a copy of encryption software to a friend or relative in another country so that they can send private electronic mail back and forth? All it takes is one copy out of the country, and that copy can be copied any number of times. If rabbits multiplied so easily, we would all quickly drown in them. The bottom line is that the best solution to balancing freedom of the press and the ITAR for encryption software ftp sites is just an annoyance for the intended users and a way to make it impossible to prove that the operators of the site intended to break any valid law. This may or may not have any bearing on the proliferation of encryption technology outside of the USA. I am not a lawyer, but I know RSA Data Security, Incorporated, has lots of them, and I don't believe they would do anything stupid. 4.4 Information Services and Bulletin Boards CompuServe, America Online, Genie, Bix, Delphi, and other similar services offer massive amounts of data, including encryption software and technical data, to callers. They often act as common carriers between correspondents who carry this data themselves, and really don't know the contents of what they are carrying. Other times, they are well aware of what they have. For example, CompuServe publishes a magazine promoting some of the shareware that they carry, and featured some encryption software in an article in their November 1993 issue. These information services also serve customers outside of the USA. Indeed, it would be very difficult not to do so, even if they didn't want to bring some foreign money into their hands. Computer bulletin board systems vary in size from hobby systems running on a single PC in a home to large commercial systems. Some are run as a hobby, some as a means of providing technical support to customers, and some as profit-making information services. A very large number of these systems have encryption software on them with no export controls expressed, implied, or implemented. Indeed, many of the operators of these systems would laugh in your face if you claimed they were trafficking in arms. These systems are normally accessible from anywhere with a telephone, computer, and modem. 4.5 Books and Magazines Encryption software and technical data about it can be found in a large number of books and magazines in libraries, book stores, and by subscription in and out of the USA. Some of these have companion disks that can be ordered separately or that are bound in the back of the book. Some have associated postings on an information service. Some have printed computer program source code listings in them. In those rare cases where the book and disk sets are not distributed by the publisher outside the USA, it is almost certain that the books and disks will appear outside the USA, because most book stores don't restrict their sales to U. S. Citizens. Indeed, to do so sounds rather fascist and unamerican: "Let me see your citizenship papers before you buy a book!" This country is both more pleasant and a lot more secure without such nonsense. 4.6 Availability of Encryption Software There is already a large number of free or very inexpensive software packages available internationally from various information services, computer bulletin boards, Internet ftp sites, and commercial packages available off the shelf. These include: o Many DES implementations originating from many countries. o Several packages that implement the Swiss IDEA cipher. o Several packages that directly implement triple-DES. o Assorted implementations of published algorithms, some of which probably exceed DES in strength. o Assorted programs (such as utility packages, spread sheets, database programs, and word processors) that include some form of encryption that is incidental to their main function. The security of the encryption varies from so poor that it should be called false advertising (like that used in Microsoft Word), to probably good against all but professional cryptanalysts (like PKZIP), to fairly decent implementations of DES or better. o Numerous proprietary algorithms, many of which probably claim greater security than they merit, but some of which may be very good. o A few encryption packages that effectively use a combination of the RSA public key encryption algorithm and a block cipher (DES, triple DES, or IDEA) to encrypt electronic mail. o Several cryptographer's tool kits that implement large integer arithmetic over finite fields, fast DES, IDEA, and RSA implementations, and other data that facilitates including these functions in other programs. There are also a few cryptanalytical programs floating around internationally to assist in cracking insecure cryptosystems like the password protected files of Microsoft Word and WordPerfect. In most cases, this software encryption and cryptanalytical software cannot ever be eradicated (even if you think it should be), because there are so many copies held by people who think that this software is a Good Thing. Any one copy can be copied again as much as desired. Hiding software is much easier than hiding elephants. The bottom line is that the cat is out of the bag, so to speak, and no amount of regulation can ever put the cat and all its millions of kittens back in again. 4.7 DES is Dying DES was doomed to a limited lifetime from the beginning by limiting its key length to 56 bits. This was probably done intentionally, since there was much opposition to this decision at the time. It is also possible that this key length may have been an indication from the NSA that because of differential cryptanalysis, the strength of the algorithm didn't justify a larger key. Now a paper has been published that shows how DES can be cracked for an amount of money that is within the budgets of many nations and corporations (Efficient DES Key Search, by Michael J. Wiener, 20 August 1993). Schematic diagrams of showing how to build a device to accomplish this task are included in the paper, which has been distributed internationally electronically. I would be very surprised if one or more of the world's major intelligence gathering organizations had not already built DES cracking machines of greater sophistication than Michael Wiener's. The only reason that I say that DES is not totally dead is that it is still useful in some cases, for the same reason that physical locks that can be picked with a pocket knife or credit card in a matter of seconds are still sold and used. DES encryption does help keep unauthorized, honest, ladies and gentlemen out of your proprietary and personal data. When used in its triple DES variant, it might even keep dishonest people with big budgets and lots of motivation out of your private data. 4.8 Unbreakable Encryption One very well known algorithm (called the One Time Pad), when properly used (i. e. with truly random keys used only once), can never be broken by anyone, no matter what their computing power. The One Time Pad has been known to the general public for many years, but it has not caused the end of the free world. I've never heard of a case of it being used for any criminal activity except for spying (and there, I suppose, the use by "us" and "them" somehow balances out). The One Time Pad is still used to protect our most sensitive diplomatic communications. An implementation of the One Time Pad in software is trivial, as the following complete, non-hypothetical, Pascal program demonstrates: program one_pad; uses dos; var infile, keyfile, outfile: file of byte; plain, key, cipher: byte; begin if paramcount < 3 then begin writeln('Usage: one_pad infile keyfile outfile') end else begin assign(infile, paramstr(1)); reset(infile); assign(keyfile, paramstr(2)); reset(keyfile); assign(outfile, paramstr(3)); rewrite(outfile); while (not eof(infile)) and (not eof(keyfile)) do begin read(infile, plain); read(keyfile, key); {The following single line does the encryption/decryption.} cipher := plain xor key; write(outfile, cipher); end; close(outfile); close(infile); close(keyfile); end end. The whole One Time Pad program is short enough to be written from memory (for an experienced programmer, anyway). (For instructions on using the above program, see your local library or check out the sci.crypt Frequently Asked Questions document on the Internet.) It could be argued that the trivial program above isn't a complete encryption system, since it doesn't do any key management. Ladies and gentlemen, does this document contain a weapon of war or other munition, or is it just free exercise of the author's freedom of the press? Would the ITAR prohibit the export of this document or not? I claim that the U. S. Constitution specifically allows me to publish this document, no matter what the ITAR says. 5. Economic Issues While it seems clear that it is impossible to exercise our right to freely publish encryption technical data and software in the USA and at the same time prevent its export, it is very easy to economically damage the USA with encryption export controls. 5.1 International Trade It seems that the only encryption software that can be legally exported for profit from the USA is either (1) crippled to provide weak security (i. e. only a 40 bit key with RC-2 or RC-4), (2) limited in function to certain purposes that do not cover all market needs, or (3) limited in distribution to a limited market. Therefore, encryption software export is not a very lucrative field to enter. How can you compete with foreign competitors who need not cripple their products? 5.2 Cryptographic Competition There are sources of cryptographic software outside the USA where the encryption software is not crippled, and is available at a competitive price. Given a choice, the full-featured, secure software is more likely to win. This means that other countries will grow in this area and the USA will suffer economically. 5.3 Domestic Chilling Effect Export controls on encryption software discourage distribution of strong encryption software in the USA and encourage the weakening of domestic software to the same inadequate standards forced upon exported software. It seems better to buy (real or perceived) strong security from an external source than from a domestic, persecuted supplier. Even though it would be unconstitutional for the ITAR to disallow domestic distribution of encryption software, few people want to be harassed by the federal government or become a test case where the unconstitutionality of the ITAR is conclusively proven in court. 6. Regulatory Issues The International Traffic in Arms Regulations are designed to make the world a safer place by limiting the export of weapons and military equipment. It also regulates classified or otherwise non-public technical data about those weapons. Most of the items regulated have a whole lot more to do with the objective of limiting arms proliferation than encryption software and technical data. The subject of this document, however, is limited to a discussion of the regulation of encryption technical data and software. 6.1 Clarity of Regulations and their Intent For a regulation to be effective and enforceable, it must be clear. No one should be compelled to guess what the state requires or proscribes. Indeed, how could you be expected to follow a law you don't understand? There should be a clear way of telling what is and is not allowed without having to submit an item for censorship. The intent of the regulation should also be clear, so that a citizen could reasonably understand what the regulation is for. 6.2 The First Amendment The ITAR cannot override the Constitution of the United States of America, in spite of its current claims that indicate that it does. To the degree that it does violate the Constitution, it is null and void. Any limitation on the freedom of speech and freedom of the press of U. S. Citizens must be clearly linked with a severe danger or denial of rights to another person that can be proven in court. Worse things than encryption software have been upheld in court as Constitutionally protected expression. When balancing defense and intelligence considerations with the U. S. Constitution, it is important to remember that (1) the whole point of defense and intelligence operations is to protect and defend the Constitution and the people of the United States of America, (2) the Constitution is the Supreme law of the land, and (3) federal officials and military officers in the USA are sworn to uphold the Constitution. There is a theory among those involved in private sector cryptography in the USA that there is an official or semi-official policy of discouraging strong cryptography within the borders of the USA, while giving the appearance of supporting it. There is evidence to support this theory in certain documents recently obtained under the Freedom of Information Act by John Gillmore and released to the public. This theory also explains a whole lot of otherwise difficult to explain circumstances. Because such a policy, if openly stated, would sound stupid at best and like treason against the Constitution at worst, it is not openly stated as such. Export control regulations and patent law appear to have been used as tools to carry out this policy of discouraging strong cryptography for the general public. In the event this scandal is even partially true, then the policy must be reexamined. This policy might not exist, but some alternate explanations for some of the evidence is even more disturbing. 6.3 Enforcement A regulation that cannot possibly be enforced is of questionable value, at best. Ideally, it should be possible to detect all violations and demonstrate beyond the shadow of a doubt to a judge and jury that the violation was perpetrated by a specific person or persons. 6.4 Consistency with Technology Regulations cannot ignore technology, math and science. Regulations cannot redefine pi to be exactly 3, repeal the law of gravity, or stop radio waves at national boundaries. In the same way, regulations (like the ITAR) that treat public information like tanks, guns, and nuclear weapons make no sense. 7. Recommendations So far, I have pointed out problems and considerations that cannot be satisfied concurrently. On the other hand, it is possible to do much better than current regulations do. 7.1 Reevaluate National Security Impact A study of the total impact of public use of strong encryption software should be made that includes all of the considerations mentioned above, as well as classified data concerning just how much impact (if any) such software (which is widely available now and projected to increase in both quality and quantity) has on current U. S. and foreign intelligence operations. 7.2 Deregulate Publicly Available Information Export controls on publicly available information, including encryption software and technical data, are not only ineffective, unenforceable, unclear, and damaging to U. S. business interests, they are likely to be ruled unconstitutional in any serious challenge. Deregulating this information would help the U. S. economy, increase the use of strong encryption software in the places where it does the most good, and have minimal negative effects. Since so much strong encryption technical data and software is available now, it is unclear if any additional negative effects would even be enough to measure. The desired effects of better security and technology in the USA and a healthier economy would, however, be substantial. 7.3 Deregulate Research and Publication Research and publication of scholarly work in the international, public forums benefit the USA. The fact that this also benefits other nations does not diminish the value to the USA. This does not prevent the NSA from conducting classified research within its security boundaries that is not available to the international community. It does prevent the NSA or any other government agency from interfering with or discouraging any work in the field of cryptography outside its own facilities. The NSA should maintain technological superiority by its own merit, not by crippling all domestic competition. 7.4 Replace DES with Better Public Standard DES is old and its key length is too short. The public wants a more secure encryption standard that is fully public and can be used in software implementations. The Swiss IDEA algorithm is one likely alternative, but it would be better if an algorithm that is royalty-free (like DES) could be made an official standard. Clipper/Capstone key escrow is not the answer to this need, although it might be useful within the Federal Government. Several possible replacements for DES have been suggested. One that is much stronger than DES (and slightly stronger than IDEA) and can be used royalty-free is the MPJ2 Encryption Algorithm, which has been donated to the Public Domain by the inventor. Technical details on this algorithm have been published, and are available to U. S. Citizens in the USA. 7.5 Control NSA's Cryptographic Technology While it is unreasonable to think that the general public's cryptographic technology could possibly be confined to any one country, it is not so difficult to control the technology in a single organization such as the NSA. The NSA should be, with very few exceptions, a trap door for information on cryptography and cryptanalysis. They should strive to stay ahead of the general public in these fields, and should not confirm or deny what they can and cannot do to the general public without a conscious decision by competent authority to do so (for example, to endorse a DES replacement). In like manner, the NSA should not discourage or encourage any cryptographic technology outside of their walls but still inside the USA. Of course, even an endorsement by the NSA is suspect, since their charter includes reading other people's encrypted traffic. It would be better, in my opinion, to preserve the NSA as a national treasure of cryptographic expertise by dealing with public encryption standards totally within the Department of Commerce, National Institute of Standards and Technology (NIST). It is probable that someone in the USA (or another country) will independently invent something that someone inside the NSA has invented, and that person will be honored with fame and fortune publicly for what has already been done privately within the NSA. This should never be construed as an excuse to censure the public invention. Indeed, to do so would leak information about the NSA's technology level and capabilities to the outside world. 7.6 Alternate Intelligence Methods To mitigate the effect of the inevitable improvement in both the quality and availability of strong encryption software and hardware all over the world, it would be wise to invest in alternate intelligence methods, such as harder to detect and easier to place bugs. Subtle long range bug delivery mechanisms, relay devices, etc., could pay back great dividends in intelligence value for the money for use in those cases where strong encryption makes cryptanalysis impossible. 7.7 Alternate Law Enforcement Methods There are many ways to catch a crook, no matter how cryptographically sophisticated. After all, it is much easier to plant listening devices around a suspected drug trafficker, serial murderer, or whatever, in our own country (with a proper search warrant) than it is to try to figure out how to bug the command center of an enemy dictator surrounded by a loyal army. An encrypted phone conversation may actually lull the bugged suspect into a sense of false security, talking openly about crimes on a secure line. An encrypted telephone does a criminal little good if the room or car the phone is in is bugged. 7.8 Clarify & Repair Export Regulations My specific recommendations to clarify the export regulations with respect to encryption software, keep the encryption technology that we use for our own military and diplomatic communications safe, allow all reasonable commercial uses of encryption technology in the United States, to make the regulations much more enforceable, and to bring these regulations into compliance with the United States of America's Constitution follow. $ 120.10 (1) should be altered (by removing the exception for software defined in a nonexistent section) to read: (1) Information which is required for the design development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions and documentation. $ 121.1, Category XIII, subcategory (b), items (1), (2) and (3), should be modified to read: (b) Information Security Systems and equipment, cryptographic devices, software, and components specifically designed or modified therefor, including: (1) Cryptographic (including key management) systems, equipment, assemblies, modules, integrated circuits, components or software with the capability of maintaining secrecy or confidentiality of information or information systems originated by the U. S. Government or persons working under contract to the U. S. Government, except for those specific items intentionally released by the U. S. Government to the general public or independently developed by a person or persons outside of the U. S. Government. In case of any doubt about the status of any of these items, see $120.4. (2) Cryptographic (including key management) systems, equipment, assemblies, modules, integrated circuits, components or software which have the capability of generating spreading or hopping codes for spread spectrum systems or equipment and which were originated by the U. S. Government or persons working under contract to the U. S. Government, and not independently developed outside of the U. S. Government. (3) Cryptanalytic systems, equipment, assemblies, modules, integrated circuits, components or software originated by the U. S. Government or persons working under contract to the U. S. Government, and not independently developed outside of the U. S. Government. The above changes have the effect of maintaining strict controls on the cryptosystems that we use in our own military and diplomatic service, but has no ill effects on the U. S. Constitution or economy. It also has the effect of costing less taxpayer money to support censorship (Commodity Jurisdiction) proceedings. $ 121.8 (f) should be modified to read (deleting the exception for encryption software): (f) Software includes but is not limited to the system functional design, logic flow, algorithms, application programs, operating systems and support software for design, implementation, test, operation, diagnosis and repair. A person who intends to export software only should apply for a technical data license pursuant to part 125 of this subchapter. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Duncan Frissell Date: Fri, 7 Jan 94 10:00:37 PST To: CYPHERPUNKS@toad.com Subject: Re: Non-techie Crypto boo Message-ID: <199401071758.AA04719@panix.com> MIME-Version: 1.0 Content-Type: text/plain F >Maybe there's a book on "Privacy" out there that gives reasonably F >up-to-date coverage of crypto. I would love a book that covered all F >the sociopolitical cypherpunk issues like Give us a break. It takes a while to write a book and most of the concepts mentioned are too new for a book. In a sense, net developments move too fast for books and will probably never be adequately documented by that traditional form. Much as I love books... DCF Who would love to write a book but Usenet takes too much time. --- WinQwk 2.0b#1165 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Fri, 7 Jan 94 13:34:43 PST To: cypherpunks@toad.com Subject: Softlock from alt.wired Message-ID: <199401072132.NAA05072@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain Saw this on alt.wired. They are creating electronic vouchers which you can use, in effect, to buy software on the net. I have more comments below: > Newsgroups: alt.wired > Path: portal!sdd.hp.com!sgiblab!swrinde!cs.utexas.edu!howland.reston.ans.net!newsserver.jvnc.net!jvnc.net!exit14tty21.jvnc.net!user > From: Schull@SoftLock.com (Jon Schull) > Subject: Re: Time for an Internet Electronic Funds Transfer Protocol? > Message-ID: > Followup-To: alt.wired > Sender: news@tigger.jvnc.net (Zee News Genie) > Nntp-Posting-Host: exit14-tty21.jvnc.net > Organization: SoftLock Services > References: <35218@mindlink.bc.ca> <2fnvni$99h@inca.gate.net> > Date: Tue, 4 Jan 1994 22:49:49 GMT > Lines: 46 > > > I think we at SoftLock Services are pretty much there already. > > We have an automated, 24 hour 800 number set up for sale of anyone's > products. > Dial 1-800-SoftLock. > > We respond to Email. (Send something to Intro@SoftLock.com) > > We take VISA, MasterCard, and SoftLock Vouchers. > (SoftLock Vouchers are pre-paid virtual certificates, redeemable by Email > for > anything we sell. Since you get to determine the value of the Voucher, > you > risk only the value of your Voucher.) > > We have a license from RSA to use the DES- and public-key-based RIPEM > for > secure Email transactions. And since we'll soon be selling Passwords by > return Email, the purchaser's risk and delay-of-gratification can be > virtually zero. > > And we give away the Tools for creating SoftLocked documents and > executables, > (freely copyable, partially encrypted, and instantly unlockable with a > workstation-specific SoftLock Password). So anyone can sell anything > online, > or off. For example, The SoftLock DOS document toolkit, for example, will > soon be available for free at popular internet sites, and can be ordered > for > $9.99 as ProductNumber 10011 from 1-800-SoftLock. > (When asked for a SoftLockID, you can press 30639668). > > P.S. We're still shaking this stuff down (and Passwords@SoftLock.com is > still in chains), but we're open for business. > > Please inform me or Staff@SoftLock.com now if you have any problems, > questions, or propositions! > ------------------------------------------------------------------------------ > A 400-line press-release, "SoftLock Services Introduces SoftLock Services" > is > automatically available from the Email robot at IntroLong@SoftLock.com. > > Jon Schull Schull@SoftLock.com (716)-242-0348 > "You trust your mother, but you still cut the cards. > SoftLock makes for a good game." I got the press release referred to. The business is to provide passwords to unlock advanced features of software products distributed like shareware. You can use a crippled version of the program for free, but to get the advanced features you call Softlock and pay them money, then they give you a code which unlocks all the program's features. Softlock takes a percentage of the fee and passes the rest on to the developer. This is not that new, but one thing they do have is a pre-paid voucher usable to purchase software password codes. When you buy a new password to unlock a program you can pay electronically by MC/VISA or by voucher. (You can also send checks and cash by postal mail.) Presumably these vouchers could be given as gifts, or exchanged in other ways. If Softlock eventually develops a good range of useful software, this could lead to a grass-roots form of electronic money. It would be backed by the Softlock software products, but could eventually be used to buy other things, because people would know that the vouchers were worth real products so they would accept them. This route to backing money seems to have less problems with the banking laws, etc. The specific Softlock vouchers are not anonymous, I'm sure. Anonymity would add a lot of overhead and complexity in working with them (see our earlier discussions of Chaumian cash). But they could be a start towards a net-wide electronic payment system. The Softlock people are somewhat crypto aware, accepting RIPEM messages, which is good if you want to send your VISA card number to them. I wonder if they might be interested in a more cryptographically advanced untraceable voucher system. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Pierre Uszynski Date: Fri, 7 Jan 94 15:04:42 PST To: cypherpunks@toad.com Subject: Re: Non-techie Crypto book? Message-ID: <199401072303.PAA08252@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain Quoting fnerd (all quotes from his post): > Maybe there's a book on "Privacy" out there that gives reasonably up-to-date > coverage of crypto. I would love a book that covered all the sociopolitical > cypherpunk issues like [...] I don't know if a book is the right response (agreed with Duncan Frissell: writing a book takes so much time, and reading usenet already doesn't leave much :-), or if the cypherpunk archive is a step in the right direction, but there is a problem: The background relevant for an understanding of cypherpunks' concerns, hopes, tools, political and economical non-agenda, and technology is not something that can be acquired in one place, in a magazine article read in one hour, yet. There is not one such document to which we can point newbies that is a suitable introduction. Ideally, this document should also be online. It's something that came apparent to me when talking to friends about cypherpunkish issues, and then the main reason I attended Tim May's seminars at Stanford. The seminar was, roughly, to cover the issues, the techniques, and the potential/eventual political and economical consequences of crypto. The assumption was originally that the talk would skip the details of crypto algorithms, and the math behind them (if I remember well). And my conclusion was that a one hour seminar is not sufficient for even an introduction to that stuff, even to a theoretically bright audience. There is too much to cover. There is too little to start from. The seminar was ok for people who already were aware of the basics in privacy, public key crypto, crypto-politics, and computer networking. For them, the seminar kind of connected things together, showed the wider picture. But for others, not aware of privacy issues, not aware of even the existence of public key crypto, barely aware of computer networking, etc..., there is just too much, and lots of it just does not make sense. These others are amazed that "Porn" (That Major Evil ;-) can come unchecked from other countries on computer networks (heck some people don't even understand that not all countries give a damn about the US laws :-( For these same others, computer networks are still a very new notion. What proportion of TV journalists understands what computer networks are about? And finally, for the same people, crypto results such as unbreakable encryption, secret sharing, untraceability (a la DC-net), digital cash, remote coin flipping are utterly indistinguishable from magic. So much so that most would just not understand it is possible. And when they see and understand, say a demo of a DC-net, the consequences are still impossible to grasp. It's the same as trying to explain the Internet to a 1960's farm hand (no offense to farm hands). Some questions at the seminar showed this kind of symptom. All this leads me to the conclusion that if cypherpunks want to see more awareness of possibilities and issues, they should concentrate as much on generating a body of introductory documents, as on literally "writing code". Generating stuff suitable for publication in general distribution magazines would also help (and even potentially make some money). From the level of awareness we can see out there, even very basic articles should be acceptable by thousands of magazines and newsletters. A book would help, but barring that, random intro articles here and there would go a long way (BTW, Email and BillG just made the cover of The NewYorker, for those who don't know yet, and showed no awareness of privacy or crypto issues...) It also leads us to the many people that believe that there is a time constant dictating the adoption and understanding of new technology. It may not matter how much we want people to understand it. > Has anyone read the Michael Marotta book? What's this one about? Anybody has the full reference, and maybe a survey of the table of contents? > cryptocosmology- sufficiently advanced communication is indistinguishable > from noise - god is in the least significant bits ObRecommendedRead: Related to noise, communication, Kolmogorov complexity, and god in the least significant bits :-) and bad writing unfortunately :-( A science fiction story about SETI: Carl Sagan, Contact, 1985, 434pp, Pocket Books, ISBN 0-671-43422-5 Pierre Uszynski. pierre@shell.portal.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: allan@elvis.tamu.edu (Allan Bailey) Date: Fri, 7 Jan 94 14:30:43 PST To: cypherpunks@toad.com Subject: GNN.Com, Mosaic, and Detweiler :) Message-ID: <9401072226.AA18736@elvis.tamu.edu> MIME-Version: 1.0 Content-Type: text I wonder how Detweiler spoofed the GNN.Com people to put his article in their GNN Magazine with the *obviously* phoney bio-blurb? just pondering.... -- Allan Bailey, allan@elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey@tamu.edu "Liberty means responsibility. <> That is why most men dread it." <> I'd rather be a free man in my grave, --g.b.shaw <> Than living as a puppet or a slave... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dave Banisar Date: Fri, 7 Jan 94 21:04:49 PST Subject: No Subject Message-ID: <<9401080004.AA16686@hacker2.cpsr.digex.net> MIME-Version: 1.0 Content-Type: text/plain cpsr.digex.net> Date: Sat, 8 Jan 1994 00:04:16 -0500 From: Dave Banisar To: Cypherpunks@toad.com Cc: Dave Banisar Subject: CFP 94 Draft Program CFP '94 THE FOURTH CONFERENCE ON COMPUTERS, FREEDOM AND PRIVACY MARCH 23-26, 1994 CHICAGO PALMER HOUSE HILTON "CYBERSPACE SUPERHIGHWAYS: ACCESS, ETHICS and CONTROL" SPONSORS ASSOCIATION FOR COMPUTING MACHINERY SPECIAL INTERESTS GROUPS ON: COMMUNICATIONS (SIGCOMM) COMPUTERS AND SOCIETY (SIGCAS) SECURITY, AUDIT AND CONTROL (SIGSAC) JOHN MARSHALL LAW SCHOOL, CENTER FOR INFORMATICS LAW PATRONS & SUPPORTERS (as of 15 December 1994) AMERICAN EXPRESS CORP. BAKER & McKENZIE EQUIFAX, INC LEGAL TRUSTEES, JERSEY, LTD. (UK) MOTOROLA, INC NATIONAL SCIENCE FOUNDATION (PENDING) WIRED MAGAZINE COOPERATING ORGANIZATIONS AMERICAN BAR ASSOCIATION SECTION OF SCIENCE AND TECHNOLOGY AMERICAN CIVIL LIBERTIES UNION COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY ELECTRONIC FRONTIER FOUNDATION GEORGE WASHINGTON UNIVERSITY INSTITUTE for COMPUTER and TELECOMMUNICATIONS POLICY IEEE COMPUTER SOCIETY IEEE-USA COMMITTEE ON COMMUNICATIONS AND INFORMATION POLICY LIBRARY AND INFORMATION TECHNOLOGY ASSOCIATION PRIVACY INTERNATIONAL U.S. PRIVACY COUNCIL UNITED AIRLINES IS THE OFFICIAL AIRLINE FOR CFP'94 Fourth Conference on Computers, Freedom and Privacy Chicago, Il., March 23 - 26, 1994 CFP'94 "Cyberspace Superhighways: Access, Ethics and Control" General Chair George B. Trubow Center for Informatics Law, John Marshall Law School Executive Committee George B. Trubow Chair, CFP'94 Lance J. Hoffman George Washington University Chair, CFP'92 Bruce Koball San Francisco, CA Chair, CFP'93 Conference Treasurer Robert Ashenhurst University of Chicago Special Promotions Patric Hedlund Sweet Pea Productions Alan Whaley The WELL, San Francisco Manager, Volunteers and Conference Office Judi Clark ManyMedia, Palo Alto Chair, Student Writing Competition Gene Spafford Purdue University Co-Chairs, Student Scholarship Program John McMullen Marist College James Thompson Northern Illinois University ^LProgram Committee David Banisar Computer Professsionals for Social Responsibility Jerry Berman Electronic Frontier Foundation Robert Belair Mullenholz and Brimsek Roger Clarke Australian National Univesity Mike Godwin Electronic Frontier Foundation Mark Hellmann Pattishall, McAuliffe Linda Knutson Library & Information Technology Association Dennis McKenna Government Technology Magazine Michael Mensik Baker & McKenzie Ron Plesser Piper and Marbury Priscilla Regan George Mason University Lance Rose LOL Productions Marc Rotenberg Computer Professionals for Social Responsibility Robert Ellis Smith Privacy Journal James Thompson Northern Illinois University Alan F. Westin Columbia University Conference Administration by John Marshall Law School: Arrangements Director, RoseMarie Knight Publicity & Publications, John McNamara Financial Officer, James Kreminski Program Coordinator, Gary Gassman "CYBERSPACE SUPERHIGHWAYS: ACCESS, ETHICS and CONTROL Cyberspace, Information Superhighway, National Information Infrastructure, Open Platforms, Computer and Communications Revolution, Electronic Networks, Digital Data Bases and Information Society are words and phrases common to the rhetoric of our modern era. The relationships between and among individuals, society, nations, government entities and business organizations are in constant flux as new stresses and alliances change the old "rules of the game." Today's challenges are to define what is the "game," who owns the "franchises," who can play, what are the rules and who calls the shots. Information and communications technology raise new issues for freedom and privacy in this new era. Such questions are on the agenda as the participants in CFP'94 consider the alternatives and seek some solutions. Come, join in the dialogue that will help to shape the world's future! PRE-CONFERENCE TUTORIALS On Wednesday March 23, the day before the formal conference begins, CFP '94 is offering a number of in-depth tutorials covering a wide variety of subjects on five parallel tracks. These presentations will be interesting, educational, thought-provoking and often controversial. The tutorials are available at a nominal additional registration cost. CONFERENCE NEWSPAPER On each of the three days of the conference, a daily newspaper will appear to highlight what has transpired and announce important coming events. The staff of "The Decisive Utterance," The John Marshall Law School's student newspaper, is providing this service. CONFERENCE RECEPTION AND TECHNOLOGY DISPLAY On Wednesday evening, from 6:00 p.m. - 9:00 p.m., you are invited to meet new and old friends and colleagues at an opening reception at the John Marshall Law School from 6:00 p.m.-9:00 p.m. The School is only two blocks from the conference hotel. A state-of-the-art computer lab will be used to demonstrate high-tech applications in academia and registrants will be invited to take part. ^LSINGLE-TRACK MAIN PROGRAM The technological revolution that is driving change in our society has many facets and we are often unaware of the way they all fit together, especially those parts that lie outside one's own daily experience. An important goal of CFP '94 is to bring together individuals from disparate disciplines and backgrounds and engage them in a balanced discussion of CFP issues. To this end our main program, starting on Thursday, March 24, is on a single track enabling registrants to attend all sessions. The concurrent Birds- of-a-Feather meetings Thursday after 9:15 p.m. are exceptions. BIRDS OF A FEATHER SESSIONS (BoF) CFP '94 will provide a limited number of meeting rooms to interested individuals for informal "Birds of a Feather" sessions after the formal program Thursday, from 9:15 p.m. - 11:15 p.m. These sessions will provide an opportunity for special-interest discussions. For further information or to request a BoF contact CFP '94 Program Coordinator, Gary Gassman, at the John Marshall Law School (6gassman@jmls.edu) MUSEUM OF SCIENCE AND INDUSTRY GALA Registrants are invited to a very special reception and buffet at Chicago's famed Museum of Science and Industry where they also will be treated to a private showing and demonstration of the MSI's newly-opened Communications and Imaging Exhibits. These multi- million dollar presentations occupy 15,000 sq.ft. of museum space and required three years to develop. "Communications" is a panoramic display of how technology has transformed our lives by dissolving distance and and making connections; visitors can even enter the unreal world of virtual reality. "Imaging" is a mind- boggling journey through modern applications of imaging technology. Visitors can even play the role of brain surgeon, using radiosurgery made possible by 3-D imaging, or explore imaging in forensic science by using MRI, fingerprint enhancement, face aging and other modern technologies to solve a crime! REGISTRATION WILL BE LIMITED CFP '94 registration will be limited to 550 attendees, so we advise you to register early to assure admission and to take advantage of the early registration discounts. MEALS AND RECEPTIONS A key component of the CFP conferences has been the interaction between the diverse communities that constitute our audience. To promote this interaction CFP '94 provides three luncheons, three receptions and three evening meals with the price of registration. EFF PIONEER AWARDS All conference attendees are invited to the EFF Pioneer Awards Reception sponsored by the Electronic Frontier Foundation on Thursday evening. These, the third annual EFF Pioneer Awards, will be given to individuals and organizations that have made distinguished contributions to the human and technological realms touched by computer-based communications. CONFERENCE BUSINESS OFFICE The Conference business and registration office will be open from 8:00 a.m. until 9:00 p.m. on Wednsday thru Friday, and until 6:00 p.m. on Saturday, for registration and general information. NOTE: The following program content and schedule is subject to change. The Information Superhighway is a fast track! Wednesday, March 23, 1994 Pre-Conference Tutorials 9:00 a.m. - noon Cyberspace Law for Non-Lawyers This tutorial presents an outline of the law for laymen, dealing with Constitutional and legal issues that confront those concerned with privacy, crime, and freedom of expression in cyberspace. There will be summaries of recent cases, legislative proposals and government activities. Mike Godwin, Online Counsel, EFF Rules of the Road for Network Travelers. (CLE Credit Approved) The information superhighway presents a variety of rights and risks. Learn about the legal issues of computer networks, services and bulletin boards, including on-line property rights; protecting personal privacy and business information; electronic publishing and multimedia rights; viruses, adult materials and other no-nos. Lance Rose, Attorney and Author of "Syslaw." Get Mad, Get Motivated, Get Moving! The focus of this panel is on citizen action for privacy protection: how to reach and organize constituents; support legislation or other privacy protection measures; conduct public education activities; use the technology in program activities, etc. Robert Ellis Smith, Privacy Journal Exploring Internet: A Guided Tour This tutorial gives participants a practical introduction to the most popular and powerful applications available via the world's largest computer network, the Internet. There will be hands-on demonstrations of communications tools such as e- mail, conferencing, Internet Relay Chat and resource discover, and navigations aids such as Gopher, WAIS, Archie and World Wide Web. Extensive documentation will be provided. Mark Graham, Pandora Systems Using the Freedom of Information Act The Federal FOIA is the principal focus of this tutorial though some attention is given to the use of state FOIAs. The session will cover procedures for making requests, identifying the information desired, differences between electronic and hard copy responses, and the appeals process within agencies and the courts. David Sobel, Counsel, Computer Professional for Social Responsibility 2:00 p.m. - 5:00 p.m. Cryptography: What, and How? Data encryption is in the cyberspace limelight as perhaps the only technique to ensure digital privacy and security; it is also the subject of sharp debate regarding control of the development and use of the technology. This tutorial will display what encryption is, how it works, and some of the options for its use. Computer animations and graphic displays will be used to help make cryptography comprehensible; the audience will engage in some hands-on encryption exercises. Mark Hellmann, Pattishall, McAuliffe et.al, Chicago Electronic Detectives: Critical Issues for Public and Private Investigators. Both governmental and private sector investigators have unprecedented access to "open" sources that were practically inaccessible a few years ago. This information environment poses opportunities and risks that will be the focus of this program. Investigative techniques via networks will be demonstrated and the legal, ethical and practical issues will be explored. Actual case-studies will be utilized. Michael Moran, CCO; Michael Robertson, CFE Hi-Tech Intellectual Property Law Primer (CLE Credit Approved) This panel will cover the special problems in patent, copyright and tradmark law engendered by computers and digital technology, with attention to the impact of recent cases. The differences in European protection will be surveyed as well as technology export restrictions. Raymond Nimmer, University of Texas Law School Leslie A. Bertagnolli, Baker & McKenzie, Chicago ^L Transactional Data Analyses: Making FOI Access Useful Electronic communication, coupled with federal and state Freedom of Information Acts, has made a great deal of data available to the public regarding the activities and policies of government enforcement and regulatory agencies. Knowing how to evaluate and use this information is critical to understanding and demonstrating what the data really means. The Transactional Records Access Clearinghouse (TRAC) of Syracuse University uses its various knowledge-bases to demonstrate the power of transactional data. Colorgraphics and analytic techniques are combined in demonstrations of how otherwise drab statistics can be displayed dramatically to aid in policy analyses and advocacy. David Burnham, former New York Times Investigative Reporter; Susan Long, Co-director, TRAC, SUNY-Syracuse Election Fraud and Modern Technology There has been increasing attention, in the U.S. and abroad, to the use of modern technology in the electoral process. Buying votes, stealing votes, changing votes -- whether in the environment of punch-cards or fully automated voting machines -- is the subject of this tutorial. Mock elections will be staged in which the participants have roles in planning to perpetrate as well as prevent vote fraud. Voter registration, phone-based voting, cryptography and verification are among the strategies and technologies to be considered. Russel L. Brand, Reasoning Systems. SPECIAL EVENTS ON WEDNESDAY, Mar. 23: Noon - 4:00 p.m., Privacy International Business Meeting This meeting, at the John Marshall Law School, begins with a buffet luncheon. Non-members interested in learning about P.I. and the Illinois Privacy Council are invited to be guests for lunch and a briefing. Guest space will be limited so attendance on a "first come" basis MUST be confirmed by March 8, 1994. 6:00 p.m. - 9:00 p.m. Conference Reception All CFP registrants are invited to a reception and open house demonstrating the John Marshall Law School's recently opened computer lab. This also is an opportunity to "network" the old-fashioned way, meeting old friends and making new ones while enjoying the reception and buffet. This state-of-the-art facility will display information and communications technology being used in the educational environment. Guests also may participate in hands-on demonstrations of the technology under the tutelage of JMLS faculty and staff. ^L(Wed. Special Events, Cont'd) 9:15 p.m. - 11:15 p.m. "CFP SOAPBOX SQUARE" On Wednesday, March 23, from 9:15 p.m. to 11:15 p.m., "CFP Soapbox Square" will be open. This is a chance for those who have something to say publicly to say it and to hear response from others! Those interested in making a brief statement (3 minutes) at this meeting must file their request and describe their topics by 5:00 p.m. on Wednesday. Discussion time for various topics will be allocated based upon the number of topics and the number who have asked to speak. Requests to speak can be made at the time of pre-registration or at the conference site. Thursday, March 24, 1994 8:30 a.m., CFP'94 Official Opening Welcome to the Conference: George B. Trubow, General Chair Welcome to Chicago: Hon. Richard M. Daley, Mayor (Invited) 9:00 a.m. Keynote Address: Mr. John Podesta, Assistant to the President, Washington, D.C. 10:00 a.m. Break 10:30 a.m. The Information Superhighway: Politics and the Public Internet. The Administration and Congress propose policies that will lead to a digital multimedia highway. How can the road be built at affordable cost while serving the public interest and our constitutional values? Chair: Jerry Berman, Electronic Frontier Foundation 12:00 p.m. Lunch Speaker: U.S. Senator Paul Simon (Invited) 1:30 p.m. Is It Time for a U.S. Data Protection Agency? Beginning with the Privacy Act of 1974, proposals to establish an oversight body for data protection have been offered but not adopted; another proposal is currently pending in Congress. Against a background of almost twenty years experience under the Privacy Act, the panel will consider whether the current political, economic and technological mileau favors establishment of a data protection agency. Chair: Priscilla M. Regan, George Mason University 2:45 p.m. Break 3:00 p.m. "Owning and Operating the NII: Who, How, When?" The National Information Infrastructure is an important initiative for the present Administration. This panel will explore policy and technical issues such as equity and access, connectivity and standards, funding and regulation, privacy and security, ownership and operation. Chair: Marc Rotenberg, Computer Professionals for Social 4:15 p.m. Break 4:30 p.m. Data Encryption: Who Holds The Keys? Recent attempts, led by federal law enforcment agencies, to control the development and dissemination of strong cyptography programs has engendered considerable discussion and disagreement. The interests of law enforcement agencies may conflict with the need for data security and personal privacy demanded by users of electronic networks. This panel will evaluate proposals to deal with the question. Moderator: Willis Ware, Rand Corporation 5:30 p.m. Adjourn 6:00 p.m. EFF Awards Reception Once again, the Electronic Frontier Foundation hosts a reception prior to its annual Pioneer Awards presentation. All CFP attendees are invited to enjoy the recepiton and congratulate the new honorees. 7:00 p.m. Conference Banquet (Speaker to be announced) 9:15 - 11:15 p.m. "Birds-of-a-Feather" sessions run concurrently. Friday, March 25, 1994. 8:30 a.m. Keynote: David Flaherty, Data Protection Commissioner, Victoria, British Columbia 9:15 a.m. Health Information Policy The Clinton Health Reform Plan, and variations on that theme, stress the use of information technology to help the efficiency and effectiveness of health care. Expert consultation, improved service delivery through new technology, and improvements in the processing of health insurance claims bring promise of cost cuts as well as the possibilities of threats to personal privacy. This panel of experts will form the "CFP Group" to explore these promises and threats. Chair: Robert R. Belair, Mullenholz & Brimsek, Wash., D.C. 10:30 a.m. Break 10:45 a.m. Can Market Mechanisms Protect Consumer Privacy? When does protection of consumer privacy require legal standards and government regulation and when can bargains and agreements in the market suffice? What role do new technological options for individuals and organizations play in facilitating private choice and market transactions? Is "ownership" of personal information a useful concept or a dead end for privacy protection in an information age? Chair: Dr. Alan F. Westin, Columbia University Noon Lunch, Speaker: Philip Zimmerman, PGP 1:30 p.m. Creating an Ethical Community in Cyberspace The fundamental ethical questions posed by the "settlement" of cyberspace are not new. What is new is that the relationship between behavior and the ethical conceptions by which we judge behavior shift and become more ambiguous and vague. This sessions examines the ethical dilemmas brought about by the "colonization" of cyberspace that must be resolved to establish and maintain a stable, humane environment. Chair: Prof. James Thomas, Northern Ilinois University 2:45 p.m. Break 3:00 p.m. Standards for Certifying Computer Professionals The subject of licensing of computer professionals is receiving increased attention by professional organizations and by state legislatures. Both the ACM and IEEE have proposals under study, and perhaps a half-dozen states are considering licensing bills. This panel will consider the pros and cons and suggest some standards for certification. Chair: Donald Gotterbarn, East Tennessee State Univ. 4:15 p.m. Break 4:30 p.m. Hackers and Crackers: Using and Abusing the Networks This session will explore issues surrounding the "fringe" of network use. What can and should be exchanged? Who will monitor "appropriate" use? What's the current difference, if any, between "hacker" and "cracker"? What should be expected and accepted regarding the role of law enforcement agencies? 5:30 p.m. Adjourn 5:45 p.m. Buses begin departing for the Chicago Museum of Science and Industry for a private reception and demonstration at the Communications and Imaging exhibits. 9:00 p.m. Buses begin departing for return to the Palmer House and Chicago's "Loop." ^L Saturday, March 26, 1994 9:00 a.m. The Role of Libraries on the Information Superhighway As the information landscape changes dramatically the historic role of libraries as the "information commons" is challenged. How will the Carnegie ideal of free, public access be implemented by the library community? Should it be? This panel will consider policy for an information network in the public interest. Moderator: Tamara J. Miller, President, Library and Information Technology Association 10:15 a.m. Break 10:30 a.m. International Governance of Cyberspace: New Wine in Old Bottles -- Or Is It Time For New Bottles? Much discussion transpires between members of the Economic Community, the O.E.C.D., the Council of Europe, and the United States, regarding data protection, intellectual property rights, transborder data flow, the mediation of disputes, etc. This panel will consider whether existing mechanisms can solve the problems or a new structure for the governance of cyberspace is needed. Chair: Ronald L. Plesser, Piper and Marbury Noon: Lunch Speaker: Simon Davies, Director General, Privacy International 1:30 p.m. The Electronic Republic: Delivery of Government Services over the Information Superhighway State and local governments use computer networks to deliver a wide range of services and information to the public; electronic "kiosks" are moving to "government by ATM." How will this interaction between government and the people affect the process of American government in the future? Chair: Dennis McKenna, Publisher, "Government Technology." 2:45 p.m. Break 3:00 p.m. Education and NREN, K - 12 Internetworking is a very new technology being rapidly deployed to conventional classrooms, a very old technology. The panel will explore the clash of contradictory assumptions embedded within these systems -- a clash which has profound implications for the future of both the network and the classrooom. Chair: Steven Hodas, NASA NREN Project 4:00 Break 4:15 p.m. Guarding the Digital Persona After this panel has established the threats to personal privacy from individual profiling and target marketing, and a regime to legally recognize and protect an "electronic personality" is put forth, Bruce Sterling will offer to explain why much of that worry is misdirected! Chair: Roger Clarke, Australian National University 5:30 p.m. Adjournment Featured Speakers Confirmed as of 12/15/93 Philip Agre, Dept. of Sociology, U. of Cal., San Diego David Banisar, Computer Professional for Social Responsibility Robert R. Belair, Mullenholz & Brimsek, Washington, D.C. Jerry Berman, Executive Director, Electronic Frontier Foundation Leslie A. Bertagnolli, Baker & McKenzie, Chicago Andrew Blau, The Benton Foundation, Washington, D.C. Dr. Herbert Burkett, GMD, Koln, Germany Jeffrey Chester, Director, Center for Media Education Roger Clarke, College of Commerce, Australian National University Ellen Craig, Commissioner, Illinois Commerce Commission Simon Davies, Director General, Privacy International, London David Flaherty, Data Commissioner, British Columbia Oscar H. Gandy, Media Studies Center, Columbia University Donald Gotterbarn, East Tennessee State University Allan Hammond, New York University Law School Steven Hodas, NASA NREN Project, Washington, D.C. David Johnson, Wilmer, Cutler & Pickering, Washington Steven Kolodney, Dir., Information Technology, State of California Curtis Kurnow, Landels, Ripley & Diamond, San Francisco Kenneth Laudon, School of Information Systems, New York University Lee Ledbetter, HDX Jay Lemke, School of Education, City University of New York Duncan MacDonald, V.P. & Gen. Couns., Citicorp Credit Services Shirley Marshall, Public Sector Marketing, IBM Dennis McKenna, Publisher, Government Technology Magazine Michael Mensik, Baker & McKenzie, Chicago Raymond Nimmer, University of Texas Eli Noam, Columbia University School of Business Michael North, President, North Communications Ronald L. Plesser, Piper and Marbury, Washington, D.C. Marc Rotenberg, Computer Professionals for Social Responsibility Rohan Samarajiva, Department of Communication, Ohio State Univ. David Sobel, Computer Professionals for Social Responsibility Bruce Sterling, Sci-Fi Writer and Journalist, Austin, Texas Connie Stout, Texas Education Network James Thomas, Department of Sociology, Northern Illinois University Greg Tucker, Head of the Business School, Monash Univ., Australia Bruce Umbaugh, Old Dominion University Patricia Valey, Acting Director, Office of Consumer Affairs Maarten van Swaay, Dept. of Computer Science, Kansas State U. Daniel Weitzner, Sr. Staff Counsel, Electronic Frontier Foundation Alan Westin, Columbia University Christine Zahorik, Staff, Senate Committee on REGISTRATION Register for the conference by returning the Registration Form along with the appropriate payment. The registration fee includes conference materials, three luncheons (Thursday, Friday and Saturday), a reception, open house and buffet (Wednesday), a reception and banquet (Thursday), and a gala reception and buffet at the Museum of Science and Industry. Payment must accompany registration. REGISTRATION FEES If paid by: 7 February 8 March On Site Early Regular Late Conference Fees $315 $370 $420 Tutorial Fees $145 $175 $210 Conf. & Tutorial $460 $545 $630 Save by Registering Early! FP '94 SCHOLARSHIPS The Fourth Conference on Computers, Freedom and Privacy (CFP '94) will provide a limited number of full registration scholarships for students and other interested individuals. These scholarships will cover the full costs of registration, including luncheons, two banquets, and all conference materials. Scholarship recipients will be responsible for their own lodging and travel expenses. Persons wishing to apply for one of these fully-paid registrations should contact CFP '94 Scholarship Chair: John F. McMullen CFP '94 Scholarship Committee Perry Street Jefferson Valley, NY 10535 Phone: (914) 245-2734 or email mcmullen@mindvox.phantom.com HOTEL ACCOMMODATIONS CFP'94 will be held at the Palmer House Hilton, a venerable Chicago landmark in the "Loop." This spacious and comfortable facility is easily accessible from the O'Hare International and Chicago Midway airports, and is only 2 blocks from The John Marshall Law School. Special conference rates of $99/night, single or multiple occupancy, are available. Our room block is guaranteed only until March 1, 1994, so we urge you to make your reservations as early as possible. When calling for reservations, please be sure to mention CFP'94 to obtain the conference rate. Hotel Reservations: Palmer House Hilton, 17 E. Monroe, Chicago, Il., 60603. Tel: 312-726-7500; 1-800-HILTONS; Fax, 312-263-2556 REFUND POLICY Refund requests received in writing by March 8, 1994 will be honored. A $50 cancellation fee will be applied. No refunds will be made after this date; however, registrants may designate a substitute. OFFICIAL AIRLINE CFP'94 is proud to have United Airlines -- Chicago's Own -- as our own exclusive official airline! United will give our conferees a 5% discount off any published United or United Express airfare, including First Class, or 10% off the new BUA fare when purchased at least a week in advance of travel. Call toll-free 1-800-521- 4041 to make reservations and be sure to give our CFP'94 ID Number: 541QI. REGISTRATION NAME (Please Print) TITLE AFFILIATION MAILING ADDRESS CITY, STATE, ZIP TELEPHONE E-MAIL PRIVACY LOCKS: We will not sell, rent. loan, exchange or use this information for any purpose other than official Computers, Freedom and Privacy Conference activities. A printed roster containing this information will be distrusted at the conference. Please indicate if you wish information to be excluded from the roster: ( ) Print only name, affiliation and phone no. ( ) Print name only ( ) Omit my name from the roster ( ) I would like to attend the Privacy International luncheon and briefing at noon on Wednesday, March 23. (Your attendance as a guest of P.I. and the Illinois Privacy Council MUST be confirmed by March 8, and is on a "first come" basis.) "CFP Soapbox Square" ( ) I would like to make a formal statement (3 mins.) during "CFP Soapbox Square" to be held from 9:15 p.m. - 11:15 p.m. on March 23. My topic: ( ) I plan to attend "Soapbox Square" but do not wish to make a prepared statement, though I may join in the discussion. REGISTRATION FEES If paid by: 7 February 8 March On Site Early Regular Late Conference Fees $315 $370 $420 Tutorial Fees $145 $175 $210 Conf. & Tutorial $460 $545 $630 Note: If you have registered for the Tutorials, please select one from each group: 9:00 A.M. - 12:00 NOON ( ) Cyberspace Law for Non-Lawyers ( ) Rules of the Road for Network Travelers (CLE Credit) ( ) Citizen Action: Get Mad, Met Motivated, Get Moving! ( ) Exploring Internet: A Guided Tour ( ) Using FOIA 2:00 P.M. - 5:00 P.M. ( ) Cryptography: What, and How? ( ) Introduction to Hi-Tech Law (CLE Credit) ( ) TRAC: Evaluative Data Analysis ( ) The Electronic Detective" Online Investigations ( ) Electoral Fraud PAYMENTS TOTAL AMOUNT Please indicated method of payment: ( ) Check (payable to JMLS-CFP '94) ( ) VISA ( ) MasterCard Credit Card # Expiration Date Name on Card Signature *********** George B. Trubow, Professor of Law Director, Center for Informatics Law The John Marshall Law School 315 S. Plymouth Ct. Chicago, IL 60604-3907 Fax: 312-427-8307; Voice: 312-987-1445 E-mail: 7trubow@jmls.edu *********** From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James D. Wilson" <75540.357@CompuServe.COM> Date: Sun, 9 Jan 94 02:21:01 PST To: "C'punks" Subject: Online: The Gore'y Details Message-ID: <940109101339_75540.357_DHE29-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain AL GORE IN CONVENTION CENTER CP'sters: in case you hadn't heard: (6-Jan-94) U.S. News & World Report will host a live conference with U.S. Vice President Al Gore in the CompuServe Convention Center on 13-Jan at 5:30 p.m. EST (23:30 CET). Gore will be typing responses to member questions and comments direct from the White House offices. Advance reservations are required. Members may submit questions ahead of time for the moderator to ask during the conference. Submit questions in the U.S. News Online Forum's (GO USNFORUM) Message Section 2, "Washington/Politics." Members who do not access the Convention Center by 5:20 p.m. EST (23:20 CET) may lose their reservations. Please note that Mr. Gore's schedule is subject to change. To make advance reservations and to access the conference, GO GORE. The Convention Center is a part of CompuServe's extended services. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: blankenm@seq.oit.osshe.edu (Marcus Blankenship) Date: Sun, 9 Jan 94 14:11:13 PST Subject: No Subject Message-ID: <9401092208.AA10434@seq.oit.osshe.edu> MIME-Version: 1.0 Content-Type: text/plain subscribe blankenm@seq.oit.osshe.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Christian Void Date: Sun, 9 Jan 94 17:11:15 PST To: cypherpunks@toad.com Subject: T-Shirt Ordering Information Message-ID: MIME-Version: 1.0 Content-Type: text/plain "Cypherpunk Criminal" T-shirt Ordering Information --------------------------------------------------------- Part I: Where to get a preview of the design The front of the t-shirt can be obtained via anonymous FTP at netcom.com in pub/cvoid/cypherpunks. The filename is "front.gif" which is based on Jef Poskanzer's "CRYPTO-DATA" DOT warning logo (this file is available as well as "logo.gif"). The back of the t-shirt consists of the upper banner, "cypherpunks@toad.com", and the lower banner, "There is safety in large numbers". In the middle is a listing of 7-digit primes in a large block. The typestyle is Fusion and Fusion bold. Outputting this to a GIF is next to impossible due to the resolution needed to reproduce the text. Trust us, it's cool. Part II: What kind of t-shirt is it? What color? Sizes? Custom? Availability? The t-shirts are Hanes Beefy-T's, which are a very strong and durable. The t-shirts will be black, with white and yellow screened on to it. We were unable to come up with a practical way to customize the t-shirts on an individual or group basis, so we opted for this design instead. We will only be making as many as we get orders for, and have no plans to do a second printing. Sizes available are S, M, L, and XL. We may be able to get XXL, XXXL and XS shirts as well. We will post an update in regards to the additional sizes. Part III: How much do they cost? Ordering deadline? The t-shirts will cost $10 each, which will include shipping and handling to anywhere you want them sent (except Mars). We will be accepting orders until February 15th. The t-shirts will be shipped out before February 28th. Part IV: Ordering Information Please make all Money Orders out to "Inky Fingers" (the screening company we use). Please specify the number of t-shirts, and what size you need, and where you want them shipped. We cannot (for obvious reasons) accept personal checks. Cashier's Checks and Money Orders only, please. Orders can be mailed to: V/M/R Attn: Cypherpunks T-Shirt P.O. Box 170213 San Francisco, CA 94117-0213 If you have any further questions, you can send me e-mail here at or . Anyone who sent e-mail in regards to this will also get this e-mailed to them directly, in case they do not have access to the list. Feel free to forward this to any interested parties. Thanks. -- Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid@netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-998-0774 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Detweiler" Date: Sun, 9 Jan 94 16:56:15 PST To: cypherpunks@toad.com Subject: PGP key servers Message-ID: <199401100054.RAA10582@longs.lance.colostate.edu> MIME-Version: 1.0 Content-Type: text/plain Uh, I must have missed something, but a lot of the servers seem to be down. Is there a problem here? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: greg@ideath.goldenbear.com (Greg Broiles) Date: Sun, 9 Jan 94 20:51:15 PST To: cypherpunks@toad.com Subject: Beware of forged messages Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Someone recently posted a forged message with my name on it to the Cypherwonks list. In the future, all of my messages will be sent PGP-clearsigned. Please ignore (or mail to me) any messages which aren't - particularly if they appear to support Detweiler and his totalitarian schemes, which this particular forgery did. The header of the message in question was a byte-for-byte duplicate of an authentic header from a message I did write; apparently our favorite cyberspatial lunatic has moved beyond just signature blocks. -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLTDdcH3YhjZY3fMNAQGwigQAtPhZpZoC8SXR0tstHQgabIVLq04jzTNz kWOibwRd4Zvvs+tnxkKhkMQU2qR13e4Go0N/RV19cVpqA2Yr3DEnCkCbqKnVz54V qK6Pyu+fw3wNROobzCAsTZw25H4zRgqmxjkSW7hbIQVU35mZt+pLn23BKV+ck3L4 cdZeOer6Q7w= =MXpV -----END PGP SIGNATURE----- -- Greg Broiles "Sometimes you're the windshield, greg@goldenbear.com sometimes you're the bug." -- Mark Knopfler From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Sun, 9 Jan 94 20:35:04 PST To: cypherpunks@toad.com Subject: Crypto not being used where needed Message-ID: <01H7HW21PVZ68WYKRH@delphi.com> MIME-Version: 1.0 Content-Type: text/plain At CES someone was showing a cellular credit card machine. It had an antenna and a regular card reader, and was battery powered, so it could be used anywhere. The machine was designed to be used in taxicabs, at swapmeets, and wherever there were no phone lines available. I asked the rep about its security - does it use encryption? No, it does not use encryption. It sends your credit card number and expiration date over the cellular link in clear. Most credit card machines use low-speed modems which are trivial to intercept. This one is probably no exception. Here is a case where DES is badly needed and not being used. If this machine becomes popular, thieves will be trailing taxicabs with scanners and tape recorders. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Sun, 9 Jan 94 22:11:33 PST To: cypherpunks@toad.com Subject: Forged messages part of "Operation"? Message-ID: <01H7HZH8EKZ68Y611I@delphi.com> MIME-Version: 1.0 Content-Type: text/plain "greg@ideath.goldenbear.com" writes: >Someone recently posted a forged message with my name on it to the >Cypherwonks list. In the future, all of my messages will be sent >PGP-clearsigned. Please ignore (or mail to me) any messages which >aren't - particularly if they appear to support Detweiler and his >totalitarian schemes, which this particular forgery did. > >The header of the message in question was a byte-for-byte duplicate >of an authentic header from a message I did write; apparently our >favorite cyberspatial lunatic has moved beyond just signature blocks. This message forging may be about to become a major problem. In his last post "Current Operational Status", S.Boxx spewed forth: (I hereby flame myself for quoting Detweiler - so don't bother) ---snip---snip--- Operation Octopus - this is the multiple pseudonym and agent project. We plan to have at least a dozen (hence the name) posting simultaneously to many different lists and the newsgroups. But the overhead on this is very significant, and it will take us awhile to gear up and build the infrastructure to the point we can `engage'. You have seen more of these agents lately `out there', but our coordinated attack will take some more planning. Operation Duplicity - extremely top secret. Let's just say, you will be seeing double, and triple, and quadruple, and ... ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ---snip---snip--- If he starts flooding the newsgroups, what can we do about it? I'd watch for forged messages and posts, and if you don't have a key on the servers, check to make sure a forged one isn't posted. --- Mike From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gnu (John Gilmore) Date: Mon, 10 Jan 94 02:51:20 PST To: cypherpunks, gnu Subject: Twelve year flashback to Admiral Bobby Inman Message-ID: <9401101047.AA19758@toad.com> MIME-Version: 1.0 Content-Type: text/plain San Jose Mercury, January 8, 1982 (EIGHTY-two), page F-1 CIA boss assail high-tech leaks [The Washington Post] WASHINGTON -- Adm. Bobby R. Inman, deputy director of the CIA, Thursday predicted a "tidal wave" of public outrage and laws restricting scientists if scientists do not agree to voluntary "review" of their work by intelligence agencies. Scientists had better cooperate in making some of their papers secret voluntarily, or they will face tough laws restricting them, Inman told a panel session at the annual meeting of the American Association for the Advancement of Science. Scientists should beware that there are congressional investigations now in progress that will point up the "thoroughly documented" fact that in the buildup of Soviet defense capability "the bulk of new technology which they have employed has been acquired from the United States," Inman said. When the details of this "hemorrhage of the country's technology" come out in public, Inman said, there will be a "tidal wave" of public outrage that will lead to laws restricting the publication of scientific work that the government might consider "sensitive" on national security grounds. "The tides are moving, and moving fast, toward legislated solutions that in fact are likely to be much more restrictive, not less restrictive, than the voluntary" censorship system he has suggested, Inman said. When he was director of the National Security Agency, the codemaking and breaking intelligence agency, Inman led an effort to get prominent private researchers to submit their papers on the mathematical theory of codes to his agency before publication. The NSA also briefly put secrecy orders on some of the private code research in recent years. But in April 1981, cooperation among the National Science Foundation, the American Council on Education and the NSA resulted in a voluntary review system under which scientists can submit their papers to NSA for review and receive a judgement on whether they possibly contain information damaging to the national security. Since then, about 25 papers have been reviewed and none had problems, according to Daniel Schwartz, until recently chief counsel for the NSA. "There are other fields where publication of certain information could affect the national security in a harmful way," Inman said. These include the fields of "computer hardware and software, other electronic gear and techniques, lasers, crop projections and manufacturing procedures." ------- The above news article ran twelve years ago. His tidal wave of crypto censorship didn't appear; instead, a wave of support for free expression ran through the scientific and library community. About half of the technical societies amended their by-laws to disallow closed or censored meetings or conferences. I wonder if Admiral Inman feels the same way today, as he faces Senate confirmation hearings as Secretary of Defense. Will we be seeing the same sort of proposals? How does he feel about export controls on cryptographic software? What should be done with the Skipjack program? If you wonder too, please ask your Senator to ask him about it. Seriously. John From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Mon, 10 Jan 94 05:31:24 PST To: Mike Ingle Subject: Re: Forged messages part of "Operation"? In-Reply-To: <01H7HZH8EKZ68Y611I@delphi.com> Message-ID: <199401101328.IAA13285@snark> MIME-Version: 1.0 Content-Type: text/plain Mike Ingle says: > If he starts flooding the newsgroups, what can we do about it? If he starts forging mail from other people, he's committing a crime and we can get his system administrators to pull his account. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Mon, 10 Jan 94 10:31:33 PST To: cypherpunks@toad.com Subject: Has the "an12070" Account been Revoked? In-Reply-To: <199401101328.IAA13285@snark> Message-ID: <199401101830.KAA01786@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain > Mike Ingle says: > > If he starts flooding the newsgroups, what can we do about it? > > If he starts forging mail from other people, he's committing a crime > and we can get his system administrators to pull his account. > > Perry Last week I complained to Julf about the semi-forged messages ("NAZI ACHIEVEMENT AWARDS," etc.) that appeared from an12070's account but with my name prominently attached and with my sig block at the end. After receiving mail from readers in the various groups that Rotweiler posted this crap to, including soc.culture.jewish and about a dozen other groups (all independently posted, so a follow-up to one of them did not reach the other sites), I decided he had gone too far, that this was surely the "abuse" that Julf urges folks to report to him. So I did. I haven't heard back from Julf, but I also haven't seen an an12070/S. Boxx posting for several days now, and Rotweiler has been ranting on about S. Boxx "told him" that his account has been "cnesored" by that evil and malicious TENTACLE OF THE MEDUSA, JULF. So, it may be that Detweiler has finally gone too far, at least with his an12070 account. Get ready for other accounts, and perhaps better forgeries--as perhaps Greg Broiles has already seen. I know I should be PGP-signing all my posts and e-mail but, frankly, it's too much of a hassle. I typically read my mail and Usenet over a dial-up line from my Mac at home to a Netcom machine, so signing my messages with MacPGP (I don't trust using PGP on Netcom per se) involves downloading the message, signing it, and then uploading it....a major delay and hassle. However, should the forgeries escalate, I may have to. Or at least consider installing a lower-grade PGP in my Netcom account and using that for on-line signings. Any incorporation of PGP into Elm yet? Interesting times we live in. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Mon, 10 Jan 94 07:36:28 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <9401101536.AA27860@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain someone keeps sending me amusing messages encrypted with key ID 548D21. either you have failed to find my proper key ID or have succeeded in your practical joke. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Philippe Nave" Date: Mon, 10 Jan 94 10:41:34 PST To: MIKEINGLE@delphi.com (Mike Ingle) Subject: Re: Crypto not being used where needed In-Reply-To: <01H7HW21PVZ68WYKRH@delphi.com> Message-ID: <9401101839.AA27426@toad.com> MIME-Version: 1.0 Content-Type: text/plain Mike Ingle writes : > > At CES someone was showing a cellular credit card machine. It had an > antenna and a regular card reader, and was battery powered, so it could > be used anywhere. The machine was designed to be used in taxicabs, > at swapmeets, and wherever there were no phone lines available. > > I asked the rep about its security - does it use encryption? No, it does > not use encryption. It sends your credit card number and expiration date > over the cellular link in clear. Most credit card machines use low-speed > modems which are trivial to intercept. This one is probably no exception. > Here is a case where DES is badly needed and not being used. If this > machine becomes popular, thieves will be trailing taxicabs with scanners > and tape recorders. > Although I sincerely agree that the data should be encrypted, is it really that easy to intercept cellular phone calls? I thought you had to go to considerably more effort than programming a scanner to pick up these transmissions - I don't know much about cellular phones, but I thought they hopped frequencies and so forth such that it was a real pain to listen in. The reason I ask is that I have a buddy who works for local law enforcement. His group is about to roll out a network of laptops in their cars, linked by modem to the AS/400 that serves as their gateway to NCIC. We've talked about how easy it is to intercept/spoof transmissions in the clear on a single channel, but we both figured it would be considerably more difficult to intercept cellular calls. Given the level of understanding of the fuzz, they'll probably slap a Hayes modem on their Barney Fife Cop Car Radios anyway, and I'll gleefully try to trap their transmissions.... just as an exercise, of course, to educate them as to the error of their ways... Seriously, folks, this issue is a valid one. If [insert favorite bogeyman here] can dial a scanner and pick up credit card numbers, vehicle and driver's license data, and criminal histories, our privacy is due for another beating. The way I got my friend's attention was to ask whether the police department is liable for revealing private information - in other words, if Charles Manson grabs my license data off the cops' data net, can I sue the cops? -- ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: plaz@netcom.com (Geoff Dale) Date: Mon, 10 Jan 94 12:31:36 PST To: cypherpunks@toad.com Subject: Re: Forged messages part of "Operation"? Message-ID: <199401102029.MAA25733@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain >Mike Ingle says: >> If he starts flooding the newsgroups, what can we do about it? > >If he starts forging mail from other people, he's committing a crime >and we can get his system administrators to pull his account. > >Perry Any plans or tips on how to prove it in court? _______________________________________________________________________ Geoff Dale -- Cypherpunk/Extropian -- Plastic Beethoven AnarchyPPL - Anarch (Adjudicator) ExI-Freegate Virtual Branch Head plaz@netcom.com 66 Pyramid Plaza plaz@io.com Freegate, Metaverse@io.com 7777 "Subvert the domination paradigm!" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pat@tstc.edu (Patrick E. Hykkonen) Date: Mon, 10 Jan 94 11:36:34 PST To: pdn@dwroll.dw.att.com (Philippe Nave) Subject: Re: Crypto not being used where needed In-Reply-To: <9401101839.AA27426@toad.com> Message-ID: <9401101936.AA03275@tstc.edu> MIME-Version: 1.0 Content-Type: text/plain > Although I sincerely agree that the data should be encrypted, is it really > that easy to intercept cellular phone calls? I thought you had to go to > considerably more effort than programming a scanner to pick up these > transmissions - I don't know much about cellular phones, but I thought they > hopped frequencies and so forth such that it was a real pain to listen in. Technically it is that easy. Cellular phones only "hop frequencies" when they are mobile. In other words as I am driving along the highway my phone is changing frequencies as I change cells. If I am stationary, however, my phone will most likely stay on one frequency within that cell. However, the MTSO (Mobile Telephone Switching Office) may command my phone to change to a different frequency if another user moves into my cell and the MTSO "decides" that my current frequency would be better allocated to the other user. In any case, there are two solutions to tracking the frequency of a particular cellular user. First, and most expensive. Get the users ESN (Electronic Serial Number) from the phone and listen in on the control channel. I do not know how the control data is modulated on the control frequency, but once you can decode that data you can "see" the MTSO command the phone to change frequencies and cells. Secondly, simply get a frequency counter and a yagi antenna. By pointing the antenna at the cellular antenna you should be able to get the frequency the phone is currently on. When the phone switches frequencies, simply follow the same procedure. Labor intensive, but cheap! Note, these are general ideas based on what I know about cellular. I am most definetely *not* an expert on cellular technology. > The reason I ask is that I have a buddy who works for local law enforcement. > His group is about to roll out a network of laptops in their cars, linked > by modem to the AS/400 that serves as their gateway to NCIC. We've talked > about how easy it is to intercept/spoof transmissions in the clear on a > single channel, but we both figured it would be considerably more difficult > to intercept cellular calls. Given the level of understanding of the fuzz, > they'll probably slap a Hayes modem on their Barney Fife Cop Car Radios > anyway, and I'll gleefully try to trap their transmissions.... just as an > exercise, of course, to educate them as to the error of their ways... > > Seriously, folks, this issue is a valid one. If [insert favorite bogeyman > here] can dial a scanner and pick up credit card numbers, vehicle and > driver's license data, and criminal histories, our privacy is due for > another beating. The way I got my friend's attention was to ask whether the > police department is liable for revealing private information - in other > words, if Charles Manson grabs my license data off the cops' data net, can > I sue the cops? I would be willing to bet that it would be "fairly" easy for the average techie to be able to intercept and decode your PD's data. And only a "little" more difficult to spoof one of the mobile data terminals. If they are using off-the-shelf hardware then you can assume that you could buy the same hardware! -- Pat Hykkonen ** N5NPL ** pat@tstc.edu ** CNSA ** (817) 867-4831 "The pen is mightier than the sword! And my pen is bigger than your pen!" - Jason Henderson, the emenintly quotable From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: szabo@netcom.com (Nick Szabo) Date: Mon, 10 Jan 94 13:56:36 PST To: cypherpunks@toad.com Subject: Internet billing scam? Message-ID: <199401102155.NAA04903@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain DNS indicated that this organization does in fact have one site, mary.iia.org. Even so, this is not enough for me to trust them with my credit line. This conclusion may apply to many other, more legitimate-looking operations that spring up in the near future. This demonstrates that privacy is only one reason to go to digital cash; the biggest reason may be the massive fraud commonplace in the current electronic system. Online billing is moving towards this incredibly insecure system where our $multi-thousand credit lines are exposed by giving out their short "keys" to numerous unknown entities. Nick Szabo szabo@netcom.com Forwarded from COMMUNET: Date: Tue, 4 Jan 1994 16:18:44 -0500 >From: Scott A. Ward 703-614-4719 To: Multiple recipients of list COMMUNET Subject: Warning: International Internet Association A company calling itself the International Internet Association, and billing itself as "the largest non-profit provider of free Internet access in the world" has started advertizing in the Washington, D.C. area, and offering free Internet accounts to individuals who will FAX them, among other things, a credit card number. As an active member of the Member Council of the National Capital Area Public Access Network (CapAccess), I wanted to find more about this organization that supposedly has offices NOT THREE BLOCKS FROM CAPACCESS. Here's the result of my search for the IIA. 1. Their address, listed as "Suite 852 - 202 Pennsylvania Ave, N.W. Washington D.C. 20006", is actually a post office box at Mailboxes, Etc. 2. The company lists no incorporation, trademark or service-mark licenses. 3. They claim your E-mail address would be @iia.org. However: a. No iia.org is listed in the hq.af.mil hosts table b. No iia.org is listed in the acq.osd.mil hosts table c. No iia.org is listed is the INTERNIC 'whois' database d. No iia.org is listed using the INTERNIC 'netfind' Internet lookup In other words, IIA.ORG does NOT, at this time, exist. 4. Although they apologize profusely in the application, they state that "Without receiving a credit card number, the IIA _cannot_ process an account." 5. Although I have left a message on their voice-mail system, I have received no response from them. (they also apologize in the voice mail that, due to demand, they are operating at a 3-week backlog for applications.) I cannot judge an organization in advance. However, I do think it highly suspicious that, to use their propaganda, "The International Internet Association is able to make this service available through generous private donations, and the extraordinary dedication of its membership." I can say that I am not convinced this organization exists, and highly discourage any Internet user from sending information until you make certain that the IIA is real. ======================================================================= From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: smb@research.att.com Date: Mon, 10 Jan 94 11:06:34 PST To: "Philippe Nave" Subject: Re: Crypto not being used where needed Message-ID: <9401101905.AA27994@toad.com> MIME-Version: 1.0 Content-Type: text/plain Although I sincerely agree that the data should be encrypted, is it really that easy to intercept cellular phone calls? I thought you had to go to considerably more effort than programming a scanner to pick up these transmissions - I don't know much about cellular phones, but I thought they hopped frequencies and so forth such that it was a real pain to listen in. Yes, it's really easy to monitor cellular calls. They only hop frequencies when you move between cells -- and most cop calls will be within a single cell, simply because most of the queries happen *after* they've pulled someone over. Things will change somewhat with the so-called personal communicators, since they'll use much smaller cells -- but the basic problem is still the same. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: peter honeyman Date: Mon, 10 Jan 94 11:11:34 PST To: cypherpunks@toad.com Subject: Re: Crypto not being used where needed Message-ID: <9401101910.AA28064@toad.com> MIME-Version: 1.0 Content-Type: text/plain it is trivial to monitor cellular calls. until recently, bearcat scanners included this capability. and i have seen it done on an oki 900 handheld. peter From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Eric Blossom Date: Mon, 10 Jan 94 14:46:36 PST To: pdn@dwroll.dw.att.com Subject: Crypto not being used where needed In-Reply-To: <9401101839.AA27426@toad.com> Message-ID: <9401102247.AA25468@srlr14.sr.hp.com> MIME-Version: 1.0 Content-Type: text/plain > Although I sincerely agree that the data should be encrypted, is it really > that easy to intercept cellular phone calls? In a word, yes. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: szabo@netcom.com (Nick Szabo) Date: Mon, 10 Jan 94 15:01:37 PST To: cypherpunks@toad.com Subject: IIA, more info Message-ID: <199401102258.OAA10710@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain This just in: -------->snip<-------- The message below was written by a friend who works at UUNET: --- begin included message --- Actually, we set them up. They appear to be real. Note, this is not an endorsement!!! I have no dealings with iia.org directly. I know only what I've heard around the office. They dropped big bucks for a router just for this service. The guy who sent that message appears to have been looking in all the wrong places. Military hosts tables are infamous for their incompleteness and for their tremendous lag time. Whois does indeed have this site's info, and has since December! The sender probably looked in the DDN whois DB which is only for MILITARY SITES. The correct site to check for everything else is rs.internic.net. [ken@rodan(tcsh):107] whois iia.org International Internet Association (IIA2-DOM) 30 South First Avenue Highland Park, NJ 08904 Domain Name: IIA.ORG Administrative Contact, Technical Contact, Zone Contact: Bochicchio, Charleen (CB45) char@JOY.ICM.COM +1 202 387 5445 (FAX) +1 202 387 5446 Record last updated on 01-Dec-93. Domain servers in listed order: MARY.IIA.ORG 198.4.75.9 NS.UU.NET 137.39.1.3 The InterNIC Registration Services Host ONLY contains Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. Someone in our office did send for info and did receive it, though I do not know how long it took for them to reply. Ken Dahl ken@uunet.uu.net UUNET Technologies, Inc. ...!uunet!ken --- end included message --- BTW, I faxed the company an account request back in October (and again in November) but have yet to hear anything from them. Peter Johansson peter@cs.umbc.edu -------->unsnip<-------- Your guess is as good as mine! d3 `-{> ---- +------------------------------------------------------------------------+ | Pics OnLine MultiUser System 609/753-2540 HST 609/753-2605 (V32bis) | | Massive File Collection - Over 45,000 Files OnLine - 250 Newsgroups | +------------------------------------------------------------------------+ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: szabo@netcom.com (Nick Szabo) Date: Mon, 10 Jan 94 15:05:11 PST To: cypherpunks@toad.com Subject: IIA Message-ID: <199401102302.PAA11042@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain >Newsgroups: alt.internet.services >Path: netcom.com!csus.edu!wupost!howland.reston.ans.net!newsserver.jvnc.net!jvnc.net!johnson >From: johnson@tigger.jvnc.net (Steven L. Johnson) >Subject: Re: IIA >Message-ID: <1994Jan9.221436.5417@tigger.jvnc.net> >Originator: johnson@nisc.jvnc.net >Sender: news@tigger.jvnc.net (Zee News Genie) >Nntp-Posting-Host: nisc.jvnc.net >Organization: JvNCnet >References: <1.8248.1623.0N27B602@satalink.com> >Date: Sun, 9 Jan 1994 22:14:36 GMT >Lines: 20 ???@??? (Mike Fieschko) writes: >MF> + gulfa:/u/john 105> whois iia.org >MF> >MF> + International Internet Association (IIA2-DOM) >MF> + 30 South First Avenue >MF> + Highland Park, NJ 08904 >MF> Well, well. I grew up in Highland Park, a small town across the Raritan >MF> River from New Brunswick. I _believe_ the building on South First is in a >MF> residential area. 30 South First is a blue two story residence complete with Volvo in the driveway and Winnebago (or some such similar beast) in the back yard. There are no signs or markings for IIA (or Intellicom/icm.com, which shares this same address according to whois). There is a single mailbox which has no name on it, personal or company. -Steve "with obviously not enough to do." From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cfrye@ciis.mitre.org (Curtis D. Frye) Date: Mon, 10 Jan 94 13:25:11 PST To: cypherpunks@toad.com Subject: Re: Forged messages part of "Operation"? Message-ID: <9401102130.AA13288@ciis.mitre.org> MIME-Version: 1.0 Content-Type: text/plain Geoff Dale asks regarding forged signatures and id's: >Any plans or tips on how to prove it in court? Several of us on the list discussed this issue a month or so ago, covering everything from computer-based text analysis tools which derive the probability that two writing samples (one from a known author and one from an anonymous author) were produced by the same individual. Another list member indicated in private email that sentence length and grammar were also fairly invariant, so you could use those measures to build a case. If you'd like more information, I'd be happy to send you some of the list traffic from that discussion. The real question, as Tim May and others have pointed out numerous times, is whether involving the heat is the best way to take care of problems. If we can't learn to effectively stamp out blatant abuses ourselves, then there's no hope for evolving the net.community. I personally think Julf took a much-needed step in shutting down an12070, though there's still the matter of Colorado State. -- Best regards, Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author cfrye@ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish." From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Mon, 10 Jan 94 14:41:36 PST To: cypherpunks@toad.com Subject: Filing Income Taxes Electronically Message-ID: <9401102237.AA10870@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain Forwarded from alt.internet.services: I've been involved with electronic tax filing (EFT) for six years now. I develope and sell a tax filing package which allows you to basically enter the data from a completed return and transfer directly to the IRS or to one of our transmission sites. This is a tax filing not a tax prep program. Our main market is tax preparers who buy the program and transmitt direct to the IRS, tax preparers who register with us and transmitt returns to us to transmitt to the IRS and tax preparers who fax us returns and we enter the data and transmitt. As for specifics, yes you need a bell 208 modem to send directly to the IRS. The IRS has several transmission sites all over the country which processes everybody`s returns. And they have a set schedule of when a refund is sent. Basically returns are processed every Tuesday night. What this means is that if your return has been sent and passed the IRS acceptanced tests by Monday night the IRS will process it Tuesday and if you do direct deposit it will be in your bank account in 10 days, if you have it mailed it will be mailed in 12 days. So if you do file electronicaly DO NOT get a Refund Anticipated Loan (RAL) unless your electricity is already off :-). A RAL will get you your money in 3 to 5 days at pre-fixed fee which averages to be about a 150% loan interest rate for a at most 7 day loan. If your interested in doing EFT from your home IBM or clone let me know. We also work with non tax preparers who have registered with the IRS to do electronic filing and have a electronic filing indentification number (EFIN). The IRS can give you these rather quickly, they do a background check to see if you do not owe back taxes or have been convicted of any felonies and if that works you get a EFIN. Once you have an EFIN we can work with you to set you up for EFT. Basically if you transmitt to us we give you the software and charge you per return. What you do is find your clients ( and they are your clients you must see then personally and have them sign a EFT form which gets sent with their W2s to the IRS by you ) enter there returns with our software and send to one of our transmission sites. If interested or any other questions relating to EFT let me know. Dave Hotlosz no sig never had one never needed one, which means I`ll have to get one ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: zant0001@gold.tc.umn.edu Date: Mon, 10 Jan 94 15:45:11 PST To: cypherpunks@toad.com Subject: unsubscribe Message-ID: <0012d31e888a24281@gold.tc.umn.edu> MIME-Version: 1.0 Content-Type: text/plain unsubscribe From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: smb@research.att.com Date: Mon, 10 Jan 94 15:46:37 PST To: szabo@netcom.com (Nick Szabo) Subject: Re: Internet billing scam? Message-ID: <9401102342.AA04115@toad.com> MIME-Version: 1.0 Content-Type: text/plain DNS indicated that this organization does in fact have one site, mary.iia.org. Even so, this is not enough for me to trust them with my credit line. This conclusion may apply to many other, more legitimate-looking operations that spring up in the near future. This demonstrates that privacy is only one reason to go to digital cash; the biggest reason may be the massive fraud commonplace in the current electronic system. Online billing is moving towards this incredibly insecure system where our $multi-thousand credit lines are exposed by giving out their short "keys" to numerous unknown entities. Nick Szabo szabo@netcom.com You raise an interesting point; however, it's far from clear that digital cash is a solution. In fact, it may even be a negative factor in some contexts. Let's look at why some vendors -- whether of network services, hotel rooms, or rental cars -- much prefer credit cards, even though the card issuer will charge them a few percent off the top. The answer is that in these cases, customers have the potential to run up a large bill -- that is, a debt -- between interactions with the provider. Furthermore, this debt is often legitimate, i.e., the customer really did consume that amount of service. A vendor possessing a credit card number *will* be paid, with minimum hassle. If the customer skips town, the card issuer eats the charge. But that's part of their cost of doing business, which they try to minimize via things like credit checks. If credit cards didn't exist, the vendor would have to assume the risk. Most are not nearly as large as the card issuers, and they don't have the lead time to do a credit check in many cases. Their usual answer is to demand a deposit. That's fine with either regular cash or digital cash -- but if and only if you can afford that kind of capital outlay. And those deposits are often very large compared to the final actual bill, because the vendor wants to cover the larger potential bill (i.e., a wrecked car). I suppose one could invent a deposit broker, who took a few percent to cover the short-term loan of (perhaps) large sums, and who issued digital cash tokens. But there's one more important point to consider: U.S. law on disputed credit card purchases. Suppose that this organization really is fraudulent (though the evidence for that varies between slim and none, and the person who sent the original note may be headed for a libel suit). The customer isn't liable for the bill, subject to assorted restrictions and caveats. The card issuer has to eat that, too -- and it's up to them to try to collect from the offending merchant. Why send cash -- digital or otherwise -- to a potentially-disreputable organization, when you can protect yourself quite easily? Digital cash solves some problems very nicely -- but I don't think this is one of them. --Steve Bellovin From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: karn@qualcomm.com (Phil Karn) Date: Mon, 10 Jan 94 19:31:38 PST To: pat@tstc.edu Subject: Re: Crypto not being used where needed In-Reply-To: <9401101936.AA03275@tstc.edu> Message-ID: <199401110330.TAA07277@servo.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain There are several commercially available "RF service monitors" with option modules specifically designed for AMPS (the North American cellular standard). Manufacturers include IFR, HP and Marconi. Among many other things, these monitors can be programmed to monitor cellular access channels. Whenever someone nearby hits the SEND key on their phone, the monitor instantly displays the called number, the user's MIN (phone number) and ESN (electronic serial number). Furthermore, it can be told to automatically follow the conversation channel assignment message and any subsequent handoff messages. Or the unit can be programmed to monitor the forward paging link for pages (land-to-mobile) calls directed to any particular mobile. When a page is found, the unit can again switch to the appropriate conversation channel and follow the conversation through any subsequent handoffs. You do, of course, have to remain physically close enough to the mobile in question to be able to hear the same cell sites it is using. As a manufacturer of cellular phones, we have legitimate need for such units in testing our phones. We had one of these units in house a while back and I had a chance to play with it. I can attest to its effectiveness. It's not cheap, of course, but if we can afford one, than so can any motivated government agency. Phil From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 10 Jan 94 17:06:37 PST To: cypherpunks@toad.com Subject: Re: Internet billing scam? Message-ID: <9401110104.AA25513@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain I tried to telnet to mary.iia.org, and a Sun machine named "mary" did answer; I didn't play around with telnetting to port 25 nad seeing if it did smtp, though I'll try sending mail to bogususer@mary.iia.org and see if it bounces. As Steve points out, sometimes credit cards are more useful for services like this than digicash is, but I'd still prefer not to send credit card numbers in cleartext, even if the card vendor is supposed to eat most of the fraudulent use. Would be nice if they'd use some sort of public-key mail system so that they're the only ones capable of fraudulently using the card number, rather than any eavesdropper :-) Bill Stewart From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 10 Jan 94 17:15:13 PST To: cypherpunks@toad.com Subject: Re: Forged messages part of "Operation"? Message-ID: <9401110113.AA25570@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain > >> If he starts flooding the newsgroups, what can we do about it? > >If he starts forging mail from other people, he's committing a crime > >and we can get his system administrators to pull his account. > >Perry I don't think you can strictly call it a crime, just abusive rudeness, though if you did something like that in Detweiler-space, it might classify you as a Tentaculer Traitor to Humankind. However, sufficient levels of abuse can get you kicked off systems; though he's been posting lots of verbose human-generated messages rather than mechanized mailbombs, which are clearly over the edge. And he's been mailbombed directly by other rude people; don't know if he's done it to anyone himself. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 10 Jan 94 17:21:57 PST To: cypherpunks@toad.com Subject: Re: Crypto not being used where needed Message-ID: <9401110121.AA25609@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain h There are two different problems with eavesdropping cellular calls: - trying to find a *specific* person's calls - trying to find any interesting call. The former is still hard, but if unencrypted cellular credit-auth boxes become widespread, all you'll have to do is set your scanner to listen for 1200-baud tones and match for patterns that look like credit-card requests, since you don't really mind *who* you rip off. This is not good. One way around it is to use public-key crypto; however, simple symmetric-key crypto with different keys per vendor should be adequate, and the paper-trail for setting up credit-card service gives you a key distribution mechanism. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Johan Helsingius Date: Mon, 10 Jan 94 10:55:09 PST To: tcmay@netcom.com (Timothy C. May) Subject: Re: Has the "an12070" Account been Revoked? In-Reply-To: <199401101830.KAA01786@mail.netcom.com> Message-ID: <199401101850.AA29505@lassie.eunet.fi> MIME-Version: 1.0 Content-Type: text/plain In short, yes. > I haven't heard back from Julf, but I also haven't seen an an12070/S. > Boxx posting for several days now, and Rotweiler has been ranting on > about S. Boxx "told him" that his account has been "cnesored" by that > evil and malicious TENTACLE OF THE MEDUSA, JULF. So, it may be that > Detweiler has finally gone too far, at least with his an12070 account. Yep. This evil and malicious tentacle has indeed blocked an12070. As well as some other faked accounts probably belonging to the same individual (who's identity I would of course never divulge ;-). > I know I should be PGP-signing all my posts and e-mail but, frankly, > it's too much of a hassle. I typically read my mail and Usenet over a > dial-up line from my Mac at home to a Netcom machine, so signing my > messages with MacPGP (I don't trust using PGP on Netcom per se) > involves downloading the message, signing it, and then uploading > it....a major delay and hassle. Yeah. I'm currently in Boston, so I would have to transfer the stuff a couple of times over the atlantic, download it into my 386SX, and transfer it back. And to top everything off, my keyboard gave up. Sigh. Julf From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Christian Void Date: Mon, 10 Jan 94 22:31:38 PST To: cypherpunks@toad.com Subject: T-Shirt Ordering Update - PLEASE READ Message-ID: MIME-Version: 1.0 Content-Type: text/plain Updated Ordering Information: Due to popular demand, we will be accepting checks for orders on a few conditions: The checks must be drawn on US banks for orders placed in the US ONLY. We cannot accept checks from outside the US. Orders placed from outside the US should be paid using a Money Order, or Cashier's Check in US Funds. Also, please include your e-mail address with your order, so we can acknowledge receiving it. The original announcement is below. Thanks! --------------------------------------------------------- "Cypherpunk Criminal" T-shirt Ordering Information --------------------------------------------------------- Part I: Where to get a preview of the design The front of the t-shirt can be obtained via anonymous FTP at netcom.com in pub/cvoid/cypherpunks. The filename is "front.gif" which is based on Jef Poskanzer's "CRYPTO-DATA" DOT warning logo (this file is available as well as "logo.gif"). The back of the t-shirt consists of the upper banner, "cypherpunks@toad.com", and the lower banner, "There is safety in large numbers". In the middle is a listing of 7-digit primes in a large block. The typestyle is Fusion and Fusion bold. Outputting this to a GIF is next to impossible due to the resolution needed to reproduce the text. Trust us, it's cool. Part II: What kind of t-shirt is it? What color? Sizes? Custom? Availability? The t-shirts are Hanes Beefy-T's, which are a very strong and durable. The t-shirts will be black, with white and yellow screened on to it. We were unable to come up with a practical way to customize the t-shirts on an individual or group basis, so we opted for this design instead. We will only be making as many as we get orders for, and have no plans to do a second printing. Sizes available are S, M, L, and XL. We may be able to get XXL, XXXL and XS shirts as well. We will post an update in regards to the additional sizes. Part III: How much do they cost? Ordering deadline? The t-shirts will cost $10 each, which will include shipping and handling to anywhere you want them sent (except Mars). We will be accepting orders until February 15th. The t-shirts will be shipped out before February 28th. Part IV: Ordering Information Please make all Money Orders out to "Inky Fingers" (the screening company we use). Please specify the number of t-shirts, and what size you need, and where you want them shipped. We cannot (for obvious reasons) accept personal checks. Cashier's Checks and Money Orders only, please. Orders can be mailed to: V/M/R Attn: Cypherpunks T-Shirt P.O. Box 170213 San Francisco, CA 94117-0213 If you have any further questions, you can send me e-mail here at or . Anyone who sent e-mail in regards to this will also get this e-mailed to them directly, in case they do not have access to the list. Feel free to forward this to any interested parties. Thanks. -- Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid@netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-998-0774 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: HO JUNYA Date: Mon, 10 Jan 94 19:36:38 PST To: cypherpunks@toad.com Subject: request for references on random one time pad Message-ID: <94Jan10.223522edt.4884@cannon.ecf.toronto.edu> MIME-Version: 1.0 Content-Type: text/plain Hi, I am taking part in an engineering design course, where we will be designing and building something of our choice, with an emphasis on electronics... What i proposed to do was basically a one time pad, with a true random number generator to generate the pad. We want to do it on 8 bit xt plug in cards, with the initial transfer of the random pad between the sender and receiver being done over a cable (with the terminals side by side). Then, an arbitrary amount of time later, the two terminals can be separated, and a promiscuous method of transmission can be used to transmit encrypted data. The encrypted data is to be generated by simply XORing the bits of the pad, and the bits of the plaintext, with decryption occuring at the receiving end by XORing the bits of the pad and the bits of the encrypted message, to extract the plaintext bits. Talking to the instructor today, he didn't understand why I wished to use a truly random number generator, since he believed that any pseudorandom number generator, or even something periodic would be just as secure, in practical terms. Is this true? I did not wish to use a pseudorandom number generator (and after all, it's an electronics design course, not software design) or any period function, because i believed that it would be susceptible to brute force attacts by statistical analysis of the encrypted data (are there other ways of attacking it?). Wouldn't this also apply to any textual input as the pad? (eg, verse n of chapter m of book o of the bible) I would like to be able to back up my assertion that using pseudorandom number generators, periodic functions or english texts would not be secure (to what degree?), and that the use of a true random number generator (probably using circuit noise) is theoretically the most secure method available (assuming real randomness and not taking into account the transfer of the pad). Can anyone suggest any references? I was also wondering how difficult it would be to implement DES into this, using random bits for keys, in hardware or software. I'm afraid that we may have to use basic, if we are to talk with the plug-in-card, as i'm not confident of my C abilities, and am not aware of any libraries out there. Any help would be greatly appreciated. I am not on the cypherpunks mailing list yet, however, and would appreciate a Cc: to my email address, in addition to the list itself. Junya ______________________________________________________________________________ "Merci, merci, merci." -La Femme Nikita | hojunya@ecf.toronto.edu ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Christian Void Date: Mon, 10 Jan 94 22:56:44 PST To: cypherpunks@toad.com Subject: T-Shirt Clarification... Message-ID: MIME-Version: 1.0 Content-Type: text/plain Sorry for the bandwidth. It is only Tuesday and has already been a long week. :( Any orders placed outside of the US, paid by check drawn on a US bank are acceptable. Our screening company has expressed concerns over dealing with checks drawn on non-US banks, so we are avoided this type of payment. If anyone has any further questions, or special circumstance, send me a note and I'll see what I can do. Thanks again. Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid@netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-998-0774 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Mon, 10 Jan 94 21:55:12 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <199401110646.AAA07468@chaos.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain Greetings. We are enjoying rebuffing your latest volley in the newsgroups. You have really gotten desperate, it is clear! Our last exploding shrapnel bomb into the newsgroups (Operation South Pole), was a fantastic success; you have been scurrying madly with the damage control. And szabo@netcom.com really is almost dead, contrary to whatever *you* think. Unfortunately one of our key outlets has taken a serious hit, but we overtaxed the site anyway and expected to lose it eventually. This message is a little notice that our Wham, Bam, Thank You Ma'am campaign starts today. When it is finished, you will see a variation of our signature below. We think you will enjoy the `bounces' and some more of the polymorphic paragraphs. Remember the Golden Rule, do unto others as you would have them do unto you! -- and what goes around, comes around! he who lives by the sword, dies by the sword! what's good for the goose is good for the gander! for every action, there is an equal and opposite reaction! It may be next weekend perhaps in two weeks that we mount operation SQUISH. Obviously, a key strike has to be planned carefully and accompanied with feints to be successful and effective. We appreciate all the great ideas you have provided us lately, and the highly entertaining squirming and contortions. Remember, if the guerilla is not losing, he is winning! Take care :-) \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ _________ _________ _________ / / \ \ / / \ \ / / \ \ / / / / / / / / ______ / / / / / / ~~~~ / / / / / __ \ / / / / / / / ~~~ __/ ~~~_/ / / ~~~ / / / ____ / /~\ \ /~~~~_ / / /~~~~~~~ \ \ / / / / \ \ \ ~~~ _ \ / / ~~~~~~~~~ ~~~~ ~~~~ ~~~~~ ~~ ~~~~ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ C y b e r a n a r c h i s t R e p r e s s i o n a n d P o i s o n From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Eric Hollander Date: Tue, 11 Jan 94 02:05:12 PST To: cypherpunks@toad.com Subject: a simple guide to my remailer Message-ID: <199401111003.CAA14828@soda.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain Here's the Official Guide to the hh remailer. Please post this wherever you think people will find it useful. ----- How to use the hh@soda.berkeley.edu Usenet poster and Anonymous Remailer by Eric Hollander This document describes some of the special features of the hh@soda.berkeley.edu remailer. Because this remailer is essentially just a modification of the standard Cypherpunk's Remailer, I recomend that you also read soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz. = What does this remailer do? This remailer allows anyone who can send mail to post to Usenet newsgroups, and also to send mail to anyone else on the Internet. Both of these functions can be anonymous (the identity of the sender is hidden from the recipient) or non-anonymous (the identity of the sender is known to the recipient). = Why is this remailer different from the standard Cypherpunks remailers? The main difference between this remailer and the other Cypherpunk remailers is that this remailer allows posting to all Usenet newsgroups, either anonymously, or non-anonymously. It also has the regular remailer functions of forwarding mail, either anonymously or non-anonymously (nonymously?). The other minor difference is that this remailer adds a random time delay for anonymous mail and posting. = A note about header fields This remailer/poster looks at the header of the mail you send it to decide what to do. Some mail programs don't allow easy editting of the header. If your program doesn't allow editting of the header, you can still use the remailer. To do this, send mail in the normal way, but start your message like this: :: Anon-Post-To: rec.fish leaving no blank lines before the :: and a blank line after the header field to be inserted. The remailer will consider the line after the :: to be a part of the header. All of the instructions bellow can be used with actual header fields or the :: format. = How do I use this remailer to anonymously post to Usenet? Send mail to hh@soda.berkeley.edu with a header like this: To: hh@soda.berkeley.edu Anon-Post-To: rec.fish Subject: I flushed a fish on Friday On Friday, I did a terrible thing, so I'm posting this anonymously... This message will be posted to rec.fish, with nothing to indicate who was the original sender. Only the Subject field will be retained; everything else in the header will be discarded. = How do I post non-anonymously? Send mail like this: To: hh@soda.berkeley.edu Post-To: rec.fish Subject: flushing fish How despicable of you to flush a fish! This will be posted to rec.fish non-anonymously; the From and Subject fields will be retained in the post. = Crossposting To crosspost, simply list the newsgroups, separated by commas, with no spaces, like this: Anon-Post-To: rec.fish,alt.ketchup Note that excessive crossposting is an abuse of the net. Some people have to pay for their news, and they don't want to read "how to make money fast" in rec.fish. = Testing I recomend that you post test messages to make sure you are using the remailer properly. Please post these messages to the appropriate test groups (alt.test, rec.test, etc). Also, if you post non-anonymously to a test group, many sites will send you mail confirming that they have received the post. To avoid this, put the word "ignore" in the subject line. = Anonymous mail This remailer is capable of sending anonymous mail. To send mail to foo@bar.com, send a message like this: To: hh@soda.berkeley.edu Anon-Send-To: foo@bar.com Subject: Ronald Sukenick I think you should read something by Ronald Sukenick. and foo@bar.com will recieve the message, without knowing who sent it. = Non-anonymous mail forwarding This remailer supports non-anonymous mail forwarding. To use this feature, send mail like this: To: hh@soda.berkeley.edu Send-To: foo@bar.com Subject: you know who I am This mail is from me! = Testing mail Please test the anonymous remailer functions before you use it "for real" by sending mail to yourself or a friend. = Chaining, encryption, and other issues These features are discussed in detail in soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz. While you're looking at that file, you might also want to check out PGP in /pub/cypherpunks/pgp. If you haven't installed PGP on your machine yet, you should try it out. This remailer doesn't yet support encryption, but it's coming soon. = Remailer abuse This remailer has been abused in the past, mostly by users hiding behind anonymity to harass other users. I will take steps to squish users who do this. Lets keep the net a friendly and productive place. = A note to ucb users This remailer allows posting to ucb.* newsgroups. = If you have other questions or problems send normal mail (without any of the above headers) to hh@soda.berkeley.edu. = Copyright This file is copyright 1994 Eric Hollander, all rights reserved. You are free to distribute this information in electronic format provided that the contents are unchanged and this copyright notice remains attached. = Disclaimer This remailer is not endorsed in any way by the University of California. I, Eric Hollander, take no responsibility for the content of posts or messages, and I take no responsibility for the consequences of using my remailer. For example, if you post anonymously, and someone manages to trace it back to you, I am not responsible. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: phred@well.sf.ca.us (Fred Heutte) Date: Tue, 11 Jan 94 02:06:42 PST To: cypherpunks@toad.com Subject: Re: Twelve year flashback to Admiral Bobby Inman In-Reply-To: <9401101047.AA19758@toad.com> Message-ID: <9401110205.ZM8030@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain Thanks for posting that, John. I don't think I particularly want to ask ONE of my Senators (Packwood) about this, since as far as I am concerned he is a shame to the nation and my state. But I will ask the other one -- Hatfield -- to vote against this nomination. In general, I am against career military and/or intelligence operatives from being Secretary of Defense, because it is important to retain at least a semblance of civilian control. (Of course, the way things really work, it might not make that much difference. But appearances *do* matter, and I care deeply about small-d democratic civilian control of our national government and its agencies.) Hatfield is no particular friend of the military-industrial complex (although not especially an opponent either), so it may be possible to find someone on his staff who is interested in pursuing the *real* Bobby Ray Inman story. Fred Heutte Sunlight Data Systems phred@well.sf.ca.us phred@teleport.com heutte@cse.ogi.edu "Why make it simple and easy When you can make it complex and wonderful!" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hh@cicada.berkeley.edu Date: Tue, 11 Jan 94 02:35:12 PST To: cypherpunks@toad.com Subject: yet another thing tacked on to my slocal Message-ID: <9401111032.AA15767@cicada.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain You can get the ordering info about the Cypherpunks T shirt by sending mail to hh@soda.berkeley.edu with "tshirt-info" (spelling counts!) in the subject line. This is part of my plot to subvert all Internet protocols and just use Port 25 for everything. e From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: szabo@netcom.com (Nick Szabo) Date: Tue, 11 Jan 94 04:15:13 PST To: smb@research.att.com Subject: Credit cards vs. digital cash In-Reply-To: <199401102343.PAA22212@mail.netcom.com> Message-ID: <199401111214.EAA10092@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Steve Bellovin raises some good points about the function of credit cards. A couple responses: > ...in these cases, customers have the potential to run up a > large bill -- that is, a debt -- between interactions with the > provider... A vendor possessing a > credit card number *will* be paid, with minimum hassle. If the > customer skips town, the card issuer eats the charge. Vendors should be able to get the equivalent protection by buying insurance against customers skipping town, for a similar price. That, and collection enforcement, via local jurisdictions which have been lobbied to pass credit card fraud laws, are two of the main functions served by credit card companies. A third is collection of dossiers on customers, which we would like to put under customer control. For online services, where the customer can be billed in near real-time, the case where a large bill approaches the credit limit is at least exceptional, and might be eliminated entirely. Where the largest bill is much smaller than the credit limit, the customer is put at much smaller risk by putting up a deposit then by exposing their entire credit rating to both the vendor and snoopers who intercept the number. Furthermore, the deposit can be made with a neutral third party which serves the arbitrator function for disputes. In this particular case, phone billing could be done in very small increments, in near real-time, with digital cash. > But there's one more important point to consider: U.S. law on > disputed credit card purchases. This company was operating internationally; one of their customers who posted lives in Kuwait. Do all Internet jurisdictions have laws protecting credit card customers? How are these laws enforced? On whom lies the burden of evidence, legal costs, etc.? I agree that the issue of customer vs. vendor assumption of risk deserves much more attention than we have given it. A major goal is to minimize dependence on the maze of Internet jurisdictions to resolve conflicts. One interesting idea is an online escrow services that holds a customer deposit equal to the amount of the largest possible bill, and uses the escrow to resolve disputed billings. The challenge is minimizing leakage of private information, via the escrow. Nick Szabo szabo@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: szabo@netcom.com (Nick Szabo) Date: Tue, 11 Jan 94 04:21:42 PST To: cypherpunks@toad.com Subject: Welcome to IIA (fwd) Message-ID: <199401111218.EAA10252@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Here's the IIA info message that has caused all the furor: Forwarded message: From info@iia.org Mon Jan 10 14:31:54 1994 The text in this document is how we envision our host machine to look in the very near future. Please be patient if some things are not currently available. We are working on this system daily to improve it. Welcome to the International Internet Association - the largest non-profit provider of free Internet access in the world. We are a Washington based association dedicated to the free flow of information without regard to position or affiliation. We look forward to serving you. In response to your request we need a little more information to set up an account and get you on-line. Please complete the attached form and return to our offices in Washington. You will advance in line quicker if you simply fax back the attached registration form at the end of this document. When received we will provision accounts in the order received. We have responded to over fifteen thousand requests in the last several weeks, and we greatly appreciate your continued patience. WHO AM I ON THE INTERNET? We will assign a USERID (User Identification) which combines your first and last name in accordance with international standards governing E-mail. All accounts will be eight characters or less beginning with the last name and ending with the first initial. For example John Smith will become SMITHJ. If your last name is over seven characters only the first seven characters will be used. If you would like a specific ID, this can be arranged as well as other custom services upon your first login. You need only follow the menu items to custom services and make the electronic request. Since you will gain access to the Internet through the IIA your address to the rest of the internet community will be USERID@IIA.ORG where USERID is the name we generated using your last name first initial. WHAT DO I GET? You get an Internet account providing 14,400 BPS capability and lower (9600,2400,1200). 256K of storage allowing you to download files and messages (more can be made available). Kermit, X-MODEM, Y-Modem, and Z-MODEM download protocols to transfer information to your home computer. Menu driven options will allow easy access to GOPHER, World- Wide-Web, Archie, Prospect, Telnet, FTP and a host of others (no pun intended) In short you can do what anyone else anywhere can do on the net and more (we have built in capabilities beyond the general capabilities of the Internet). ACCESS The International Internet Association is able to make this service available through generous private donations, and extraordinary dedication of its membership. We will invite users to join, but will in no way restrict access based on membership. WHAT TO EXPECT You will receive two numbers with your welcome aboard package. One is a direct dial number to either our master node in Washington D.C., or our research facility in New Jersey. If you choose to direct dial it is your responsibility to pay your long distance carrier for the time spent on-line. Your bill will be identical to the cost of calling and speaking to someone. The cost of a phone call. The second option is to receive an 800 number provided by the IIA. The IIA has made arrangements for this service to be provided universally across the U.S. 24 hours a day at the rate of 20 cents per minute. (The 20 cents is billed exactly at cost through the generous contribution of our supporting provider). You need to look at your long distance rate from your current provider and decide the most economical way to reach our nodes. The IIA plans to install local calling points across the U.S. to support our users, as soon as we obtain the funds. WHAT WE NEED FROM YOU: Please complete the enclosed form in its entirety. Pay careful attention to the accuracy of your name and address. We need a Master Card, Visa, Or American Express. When we provision your account you will have access to both the direct dial, and the U.S. 800 number. If you do not use the 800 number you will never receive a charge. If you find the 800 number more economical than direct dial than you will be billed in 10 dollar increments. A charge will be rolled over until all time has been exhausted. Without receiving a Credit Card Number, the IIA cannot provision an account. (We apologize for this inconvenience to our users planning on direct dial. Shortly we plan to rectify this through programming, but until that time we must adhere to the policy of our long-distance provider.) WELCOME ABOARD PACKAGE Your welcome aboard package will contain additional information about the IIA including your USERID and Password (required for login) and instructions on how to login. We will also provide information on the Internet services available. However the majority of the useful information can be found on-line by following the menus to the help section. OUR THANKS The IIA would like to thank-you for your interest in becoming part of the electronic community, and we look forward to serving in the capacity of your host. We trust it will change you life. INTERNATIONAL INTERNET ASSOCIATION APPLICATION FOR FREE INTERNET ACCESS Name ________________________________________ Address ________________________________________ ________________________________________ Fax Line(___)______________ Voice Line (___)____________ Modem Speed (1200) (2400) (9600) (14.4) (Whats a modem?) Credit Account: Required (See attached statement) Visa _______________________Exp-date_____ MC _______________________Exp-date_____ AMEX _______________________Exp-date_____ Signature ____________________ Date _____________________ 1. I understand that the use of this account will be for lawful purpose and accept responsibility for my actions while on-line. I will not hold the IIA responsible for any activities occuring, or initiated by any user who makes knowing use of the ID IIA assigns on my behalf. 2. I agree that any use of the 800 number made available to me by the IIA will be billed to my credit card. I authorize use of this account with regard to voluntary on-line services to which I approve. When completed please fax this document to the following. (202) 387 - 5446 PLEASE NOTE - FAX THIS DOCUMENT DIRECTLY - WE CAN NOT ENSURE PRIVACY IF YOU SEND IT THROUGH THE NETWORK! This form may be copied for the purposes of adding additional Internet users. If you are having difficulties making a clean connection try changing your modem parameters to 7 bits, even parity and 1 stop bit. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Tue, 11 Jan 94 04:55:13 PST To: cypherpunks@toad.com Subject: Am. Bar Ass'n Information Security Committee Meeting (fwd) Message-ID: <9401111252.AA15799@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain Here's a crypto-EDI/legal mini-conference announcement from the Electronic Data Interchange Issues list. This is a great list for issues of networked-based commerce and security practicum. Forwarded message: Date: Fri, 7 Jan 1994 09:45:57 -0500 Sender: Electronic Data Interchange Issues From: Michael Baum Subject: Am. Bar Ass'n Information Security Committee Meeting Announcement To: Multiple recipients of list EDI-L **Posted For Information Purposes Only** Please correspond to: Michael S. Baum, Esq. 33 Tremont Street Cambridge, MA 02139-1227 Tel: 617/661-1234 Fax: 617/661-0716 Email: baum@hulaw1.harvard.edu Subject: ** Notice and Invitation ** Certification Authority Work Group Notarization and nonrepudiation Work Group Information Security Committee, EDI/IT Division Section of Science and Technology You are cordially invited to participate in a meeting of the above- referenced work groups of the Information Security Committee on Wednesday-Thursday, January 19-20, 1994. These interdisciplinary work groups will continue to address conventional and electronic notarization and certification authority issues. The meetings are focused around the work product of its respective participants and will be highly results driven. At the last meeting, further progress was made on the development of "Model Certification Authority Guidelines/Rules of Practice ("Guideline") to provide a legal framework for the use of certificate- based public key cryptography. Also, proposals were further debated and developed including for: (i) the creation of a new ABA accreditation/- specialization "attorney-notary;" (ii) a "Clipper Resolution;" and (iii) alternative dispute resolution for CAs. Professor Carl Felsenfeld has secured the use of the Faculty Reading Room of Fordham Law School in New York City. The meeting agenda and logistics are attached. I look forward to seeing you in New York. Sincerely, Michael S. Baum Chair, Information Security Committee and EDI/IT Division cc: Joe Potenza, Section Chair Council, Division and Committee Chairs attachment Information Security Committee EDI and Information Technology Division Section of Science and Technology American Bar Association Certification Authority Work Group Notarization and Nonrepudiation Work Group January 19-20, 1994 TENTATIVE AGENDA Wed. Jan. 19, 1994 8:30- 9:00 Continental breakfast and registration. 9:00- 9:30 Participant introductions, meeting logistics and questions. 9:30-10:30 Presentation of revised notary and accreditation proposals. 10:30-10:45 Break. 10:45-12:30 Review of revised draft Guideline outline; presentation on identity credentials; break-out session on contributions. 12:30-13:30 Lunch & informal presentation - TBD. 13:30-15:00 Report from break-out session; drafting sessions. 15:00-15:15 Break. 15:15-16:45 Update on computer-based powers of attorney; continuation of Guideline contribution presentations and discussion. 16:45-17:00 Wrap-up. Thurs. Jan. 20, 1994 8:30- 9:00 Continental breakfast and registration. 9:00-10:30 Break-out sessions on Guideline. 10:30-10:45 Break. 10:45-12:30 Additional presentation by contributors to the Guideline; Review of outline and contributions. 12:30-13:30 Lunch & informal presentation - TBD. 13:30-15:00 Review of Meeting Work Product and "mid-course corrections." 15:00-15:45 Break. 15:15-16:15 Presentation and Update of Clipper-Capstone Resolution; presentation of revised proposal/resolutions (Notarial, etc.). Report on Dec. '93 WG meeting on Digital Signature Legislation. 16:45-17:00 New Work Group assignments; wrap-up. Certification Authority Work Group Notarization and Nonrepudiation Work Group Information Security Committee January 19-20, 1994 Meeting Details Papers: All prior participants who plan to attend must submit their agreed upon contributions ASAP to: baum@hulaw1.harvard.edu and please bring a copy of the contribution to the meeting on disk. First-time participants (who plan to attend the January 19-20 meeting) must submit a brief paper (~3 pages in length) relevant to the subject matter or discuss their planned contribution to the committee (please contact Michael Baum for details). A binder of prior papers will be presen to new participants during registration. Prior participants are requested to bring their Work Group binders. Meeting Location: Faculty Reading Room - 4th Floor Fordham Law School 140 West 62nd Street New York, NY (enter btwn. Amsterdam and Columbus Aves.) (this is adjacent to Lincoln Center) Phone: 212-636-6856 (Prof. Carl Felsenfeld) Fax: 212-636-6899 (Law School Faculty Office) Meals: Continental breakfast and refreshments during the breaks will be served as well as a light lunch (at cost). Hotels: The closest hotel to the meeting is the Radisson Empire Hotel at 44 West 63rd Street, New York, NY 10023 Ph: +1 212-265-7400 Fax: +1 212-314-0349). However, you may want to take advantage of the conference discount provided for the Worldwide Electronic Commerce conference being held at the Waldorf-Astoria Hotel, Ph: 212-355-3000 (hotel reservations). I am informed that the Waldorf's conference discount will continue for the duration of the Information Security Committee Meeting. R.S.V.P. Please notify the ABA to RSVP. Also, please send a biography (new participants) and confirmation of your intention to participate to Ann Kowalski, Section Manager, Section of Science and Technology (ABA Chicago 312-988-6281 or kowalskya@attmail.com) as soon as possible. *** END *** ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hughes@ah.com (Eric Hughes) Date: Tue, 11 Jan 94 07:41:44 PST To: cypherpunks@toad.com Subject: a simple guide to my remailer In-Reply-To: <199401111003.CAA14828@soda.berkeley.edu> Message-ID: <9401111542.AA16499@ah.com> MIME-Version: 1.0 Content-Type: text/plain >of forwarding mail, either anonymously or non-anonymously (nonymously?). The Greek word is 'onyma', so that's onymously. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Martin.Greifer@f28.n125.z1.FIDONET.ORG (Martin Greifer) Date: Wed, 12 Jan 94 08:27:06 PST To: Cypherpunks@toad.com Subject: Extropia remailer Message-ID: <6779.2D32F6DF@shelter.FIDONET.ORG> MIME-Version: 1.0 Content-Type: text/plain Is it just me, or is the usually-reliable Extropia remailer (remail@extropia.wimsey.com) down? ... Origin: The Crusade for Moorish Dignity, N'orl'ns, LA ___ Blue Wave/QWK v2.12 -- Martin Greifer - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!Martin.Greifer INTERNET: Martin.Greifer@f28.n125.z1.FIDONET.ORG From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: doug@netcom.com (Doug Merritt) Date: Tue, 11 Jan 94 09:15:18 PST To: cypherpunks@toad.com Subject: amusing quote Message-ID: <199401111715.JAA02749@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain I found this quote amusing: >obviously, I don't give a damn, do I? somehow my life has become far more >exciting now that I have so many enemies and have discovered all their >blackest secrets. I've been keeping out of the Detweiler fray, and wouldn't ordinarily quote him, but this is unusual...I'm taking him at face value here; that probably *is* the source of his motivation for all his frothing at the mouth. Paranoia is entertaining to him. The quote comes from talk.politics.crypto, where I was grazing the other day. Doug -- Doug Merritt doug@netcom.com Professional Wild-eyed Visionary Member, Crusaders for a Better Tomorrow Unicode Novis Cypherpunks Gutenberg Wavelets Conlang Logli Alife HC_III Computational linguistics Fundamental physics Cogsci SF GA VR CASE TLAs From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: doug@netcom.com (Doug Merritt) Date: Tue, 11 Jan 94 09:37:08 PST To: cypherpunks@toad.com Subject: Weak Random Number Generators Message-ID: <199401111734.JAA04369@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain jerry@terminus.dell.com a while ago said he'd made a hardware random number generator, and offered to send out data generated by it, inviting people to look for weaknesses. I followed up on that and found problems with one of the two sets of data he sent (files a.bin and b.bin, one produced with his hardware and one with a software RNG, but which is which was not identified). He apparently is too busy to acknowledge my response, so I thought I'd post the results I emailed him here, for those of you interested in weaknesses of RNG's. The weakness is shown via ascii graphics of the results of the analysis, which makes it accessible and intuitive. -------------- included message ------------------ As I suspected, it only took a few minutes of programming to find periodicity in the phase space. The set you called "a.bin" is the one that shows a great deal of obvious structure. The intrinsic resonance is related to powers of two (I haven't figured it out more closely than that), which is what one might expect from software methods, but less likely from hardware methods (unless there's a power-of-two bias introduced by an ADC). On the other hand, I may be seeing structure in your psuedo-random number generator...they're notoriously bad unless you went out of your way to find a really really good one. The b.bin file appeared ergodic, almost completely filling the 2d phase space I picked as an easy-to-implement test. I may try another few tests shortly. For your amusement, I produced two psuedo-RNG files, one using the ancient and decrepit rand() function, well known to be a very poor source of randomness (c.bin), and one using the more carefully constructed BSD Unix random() function (d.bin). The latter also has its flaws, but they are far better hidden than those of rand(). Note that c.bin is even more grossly flawed (structured) than your a.bin. Meanwhile, if a.bin happens to be from your software RNG rather than from your hardware RNG, then you need a new one! I have one of the better ones lying around somewhere, let me know if you need it. Below is what I saw from my crude-ascii graphics output from the four test sets. If you think this would be of interest to cypherpunks, feel free to post this there...or tell me to. Doug (Note that I'm using a 35 by 80 window to view these) 2811> ran < a.bin . . .... . . .... . . ..... . ... . . . . ... .... . . . . . . . . . . . .. . .... . . . .... . ....... . .... ... ... .... .. ..... . ..... .... . ..... . ..... . ..... . .... . .... . . .... .... . ... . . ... . .. . . . .. . . . . .. .. ... . . ..... . . ..... . ..... . .... . . ....... ...... ..... ... . . ..... . ..... . ..... .... 2812> ran < b.bin ........................................................... .... . .............................................................. ..................................... .......................... ................................................................ ...................................... ......................... ..................... .......................................... ................................................................ ........................................ ....................... ................................................................ ................................................................ .................... ................. ......................... ................................................................ .......................................... ..................... ................................................................ .................................... ........................ .. ............................. .................................. ............................................. .................. ................................................................ ................................................................ ................................ ............................... ................................................................ ......... ..................................................... ............................ ................................... .......................... ..................................... ................................................................ ................................................................ ........... .................................................... ................... ............................................ .......................... ..................................... ................................................................ ................................................................ .............................................................. . 2813> ran < c.bin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2814> ran < d.bin ................................................................ ................................................................ ... ............................................... ....... .... ........................................................... .... ................................................................ ........................................................ ....... ................................................................ ................................................................ ................................................. .............. ...................................... ......................... ................................................................ ............ ................................................... ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ............... ................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ .......................... ................ .................... ................................................... ............ ................................................................ ................................................................ ................................................................ ................................................................ -------------- end included message ------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: sdw@meaddata.com (Stephen Williams) Date: Tue, 11 Jan 94 07:36:45 PST To: szabo@netcom.com (Nick Szabo) Subject: Re: IIA In-Reply-To: <199401102302.PAA11042@mail.netcom.com> Message-ID: <9401111537.AA04944@jungle.meaddata.com> MIME-Version: 1.0 Content-Type: text/plain > > > >Newsgroups: alt.internet.services > >Path: netcom.com!csus.edu!wupost!howland.reston.ans.net!newsserver.jvnc.net!jvnc.net!johnson > >From: johnson@tigger.jvnc.net (Steven L. Johnson) > >Subject: Re: IIA > >Message-ID: <1994Jan9.221436.5417@tigger.jvnc.net> > >Originator: johnson@nisc.jvnc.net > >Sender: news@tigger.jvnc.net (Zee News Genie) ... > 30 South First is a blue two story residence complete with Volvo > in the driveway and Winnebago (or some such similar beast) in the > back yard. There are no signs or markings for IIA (or > Intellicom/icm.com, which shares this same address according to > whois). There is a single mailbox which has no name on it, > personal or company. > > -Steve "with obviously not enough to do." Don't let that fool you: Why does an electronic com company need a storefront and extra overhead? I built a new house, wired it with 20 phone lines to the underground 'pole', over .5 mile of cable, including ethernet to every room, satellite downlink, etc. Why incur extra overhead? sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw@lig.net sdw@meaddata.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 GNU Support ICBM: 39 34N 85 15W I love it when a plan comes together From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hkhenson@cup.portal.com Date: Tue, 11 Jan 94 10:46:47 PST To: cypherpunks@toad.com Subject: Bay area BBS bust--fyi Message-ID: <9401111046.2.17378@cup.portal.com> MIME-Version: 1.0 Content-Type: text/plain Eric, please put me back on the list. Keith ------ About two years ago I helped a guy from Milpitias (just north of San Jose) deal with a BBS bust at what he described as a "light" porn BBS. The San Jose cops realized shortly that they had really goofed by not considering the ECPA and related laws in their search&seizure. The result was that they gave his system back after five weeks, and stated in a written release that this guy's activities were within the scope of the law. The BBS is called Amateur Action, and the sysop's name is Richard Thomas (408-263-1079). A few minutes ago Richard (who I have yet to meet in person) called. A search warrant was being served at that very moment by the US Postal Inspectors, who (with the help of San Jose cops) were packing up his equipment and carting it out--again. Richard managed to get one of these inspectors on the phone with me. This inspector seemed to be rather knowledgeable of such things as the ECPA, 2000aa, and the Steve Jackson case. He was completely unconcerned! He piously stated that it was their intent to bring the system back to Richard within a "few days" and, as a result of the short interruption of user access, and their good intent "not to look at private email," they were completely safe from the provisions of the ECPA. This postal inspector gave his name as David Dirmeyes, from Tennesse (does this sound like Bible Belt prosecution for pron?) and gave me the name of the US Attorney he was working under, one Dan Newson with a phone of 901-544-4231 in TN (though he stated that the phone # would be of no use because Dan was at a conference for a week). For what it is worth, the postal people were using the San Jose cops on the bust because they did not have the expertise themselves to move the system and make copies. According to the investigator, they did not know that they could get a court order to have a backup of the system made on the spot. It may be that Richard is the target, he said there was a mystery package which came today in the mail today (which his son brought in and his wife opened, but he had not gotten around to seeing what it was) which seemed to the center of the postal inspector's concerns. (In spite of not meeting him, I suspect Richard may be the kind of smart alec who attracts the attention of cops.) I don't know if this is something of marginal concern to those of us concerned with government abuse of people's computers and communications or a major concern. I intend to find out more tomorrow, but if the ECPA is applicable, this guy had about 3500 users, over 2k pieces of protected email on his system, plus (I think) agreements with his uses for him to represent them in an ECPA related legal action--two million dollars if I am multiplying right tonight. (My "Warning to Law Enforcement Agents" was part of his signup screens.) Keith Henson 408-972-1132 hkhenson@cup.portal.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Tue, 11 Jan 94 07:55:14 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <9401111553.AA25098@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain Noone persists in the belief that absolutely no "psuedospoofing" is occurring on Cypherpunks. What is patently obvious, however, is that Detweiler makes wild and unsubstantiated charges against others. Please send me a small selection of his 1000 messsages that he feels prove the charges he has been making. Otherwise, let him keep his delusions to himself. His behaviour concerning these absurd claims that Tim May and Eric Hughes (neither of whom I have met) are criminals is completely unacceptable to reasonable people. I urge Detweiler to bring forth proof or shut up. Has he ever considered how sociopathic it is for him to whine about how painful a particular letter or article is to him and yet he never seems to care about the hurt he's causing with his apparently groundless charges concerning TC May, Eric Hughes, and Cypherpunks list members in general ???? Jeremy Anderson Freelance programmer and Chinese translator jeremy@cyberspace.com PGP public key available on request Good cheer and smiles dispensed freely From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carl Ellison Date: Tue, 11 Jan 94 08:21:44 PST Subject: Re: Public key encryption, income tax and government In-Reply-To: Message-ID: <199401111620.LAA14192@ellisun.sw.stratus.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 2001,MIC-CLEAR Originator-Name: cme@sw.stratus.com Originator-Key-Asymmetric: MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP 9oHjo+pCJC+lAgMBAAE= MIC-Info: RSA-MD5,RSA, C3gMSFO0aMHOYmm5S1biubEdUqIq8HEhOvSHO8n/+DqknxLju55dTCcI43u6rhH9 Nh6A0d8+9rZFi1P+sNAJ/kk0ory5q144Chg1z1Aukf/uLrhDLYkZZhplL0tFSi5y YWmf6jzlH5I6tcTzMbpf5/5iHFsgLiFJ0LVFn1rYwTY= In article jdurr@eland.com (J. Durr) writes: > >from Strategic Investment, p 11, November 11 1993 > >Escape to Cypherspace: >The Information Revolution and the demise of the income tax > >by James Bennett > >The ultimate revenge of the Nerds > > Readers of Strategic Investment are already aware of the crucial >role of the microchip in eroding the power of governments over their >citizens. Recent developments herald an expansion of this role that >promises to dwarf the effects seen to date. >[...] in >the coming decade, it may create consequences which change the life of >everyone on the planet more than the atomic bomb. Mr. Bennett is clearly a victim of the popular impression that privacy is somehow new. Anything which can be done with public key encryption can be done already with private communications (whispers, notes which are mailed and destroyed, secret mail drops, couriers, secret-key encryption, ...). All the hype over cryptoanarchy is overblown. We are capable of anarchy, income tax evasion and secret bank accounts today. Look around you. How much of that do you see in your own life? What makes you think that you'll see any more of it in 10 years? - Carl P.S. His claim that RSA markets RIPEM was humorous -- but sad. Maybe it's always like this when the general public gets interested in something technical. -----END PRIVACY-ENHANCED MESSAGE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carl Ellison Date: Tue, 11 Jan 94 08:42:08 PST To: pem-dev@tis.com Subject: retraction re: triple-DES Message-ID: <199401111641.LAA14274@ellisun.sw.stratus.com> MIME-Version: 1.0 Content-Type: text/plain Some of you may remember that I was promoting triple-DES-CBC using three feedback loops rather than one, claiming that is was clearly at least as secure as triple-DES with one feedback loop, while being faster for pipelined operation. It is clearly faster in a pipeline but Eli Biham has shown me his attack on inner-loop triple-DES and it's quite good and I was quite wrong...at least for chosen-ciphertext attacks. The inner loops weaken the resulting cipher drastically, under those attacks. I might still use the inner loops to get longer brute force attacks (as noted by Burt Kaliski in a posting here a while ago), if I knew that chosen-ciphertext attacks couldn't happen, but my original claim is clearly wrong and I thank Eli for pointing that out. Meanwhile, there are probably better ways to get the longer key for avoiding brute force (eg., XOR with a single secret value or with a simple (fast) PRNG). I'm told that Eli has a paper in preparation explaining his attack in full and I'm looking forward to that paper. I am sure that its location will be announced to this list when it becomes available. - Carl From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Tue, 11 Jan 94 08:45:15 PST To: cypherpunks@toad.com Subject: Re: Public key encryption, income tax and government In-Reply-To: <199401111620.LAA14192@ellisun.sw.stratus.com> Message-ID: <199401111642.LAA18416@snark> MIME-Version: 1.0 Content-Type: text/plain Carl Ellison says: > Mr. Bennett is clearly a victim of the popular impression that privacy is > somehow new. Anything which can be done with public key encryption can be > done already with private communications (whispers, notes which are mailed > and destroyed, secret mail drops, couriers, secret-key encryption, ...). > > All the hype over cryptoanarchy is overblown. We are capable of anarchy, > income tax evasion and secret bank accounts today. Look around you. How > much of that do you see in your own life? What makes you think that you'll > see any more of it in 10 years? Currently, if you wish to sit down in a Cafe with a friend of yours and hand over $10,000 for the original copy of Vince Foster's diary, say, and you want privacy, you would either have to carry cash (which is difficult to put into and take out of banks without machinations, especially given current reporting requirements), or one of you would have to trust the other with a foreign bank check which would have to be deposited by mail (a long and tedious and unsafe proceedure), or you could both sit down with your HP100s or Psions or what have you and exchange digicash right on the table and relay the deposit right to your bank in the Bahamas. Yes, all the methods exist already -- but they are inconvenient to use. I could probably have rigged hundreds of messengers and teams of horses so that I could live atop a mountain and still run a worldwide business one two hundred years ago. In principle, nothing that I can do now couldn't be done then. In practice, transaction costs and delays would have made such a life impractical -- whereas now a mogul has fax machines, phones, computers, etc. Cryptography and the nets will not make offshore banking different in any way other than convenience -- but never underestimate the powerful impact convenience can have. I could potentially carry out a near "normal" lifestyle while still keeping all my money offshore -- this is a new and potent developement, and one which governments will fight very hard. Look for ever more agressive work by the IRS to pressure bank havens to breech secrecy. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hkhenson@cup.portal.com Date: Tue, 11 Jan 94 13:05:18 PST To: cypherpunks@toad.com Subject: Updated/corrected posting Message-ID: <9401111304.2.14612@cup.portal.com> MIME-Version: 1.0 Content-Type: text/plain About two years ago I helped a guy from Milpitias (just north of San Jose) deal with a BBS bust at what he described as a "light" porn BBS. The San Jose cops realized shortly that they had really goofed by not considering the ECPA and related laws in their search & seizure. The result was that they gave his system back after five weeks, and stated in a written release that this guy's activities were within the scope of the law. The BBS is called Amateur Action, and the sysop's name is Robert Thomas (408-263-1079). Robert's lawyer, Richard Williams's phone number is 408-295-6336. Last night about 8 pm, Robert (who I have yet to meet in person) called. A search warrant was being served at that very moment by the US Postal Inspectors, who (with the help of San Jose cops) were packing up his equipment and carting it out--again. Robert managed to get one of these inspectors on the phone with me. This inspector seemed to be rather knowledgeable of such things as the ECPA, 2000aa, and the Steve Jackson case. He stated he was completely unconcerned about their lack of warrants for email! He piously stated that, because it was their intent to bring the system back within a "few days" and, as a result of the short interruption of user access, and their good intent "not to look at private email," they were completely safe from the provisions of the ECPA. This postal inspector gave his name as David Dirmeyer, from Tennessee (does this sound like Bible Belt prosecution for pron?) and gave me the name of the US Attorney he was working under, one Dan Newson with a phone of 901-544-4231 in TN (though he stated that the phone # would be of no use because Dan was at a conference for a week). For what it is worth, the postal inspector said they were using the San Jose cops on the bust because they did not have the expertise themselves to move the system and make copies. According to the investigator, they did not know that they could get a court order to have a backup of the system made on the spot. It may be that Robert is the target. (In spite of not meeting him, I suspect Richard may be the kind of smart alec who attracts the attention of cops.) Robert said there was a mystery package which came today in the mail today (which his son and wife picked up and she opened). The package turned out to be real honest-to-gosh kiddy porn. Robert claims not to have ordered it, and considering that his wife picked the (unexpected) package up and opened it, I think this is the actual case. Robert was busy with system problems that afternoon and had not gotten around to doing anything about the stuff. The guy who sent it is known as "Lance White," who Robert thinks is one of his BBS members. (As is postal inspector Dirmeyer.) They had Robert pull all postal correspondence with this guy (video porn orders) from his files and took it with them. Robert thinks the postal folks may be after this guy, and his BBS just got caught in the middle. An interesting side point is that while they asked for the package which came that day when they came in, they did not have a warrant for it, and said they would have drive over to SF to get one unless he volunteered to give it up. Robert signed off that they could take it, and they did. He noted this morning that the original warrant he has was neither signed nor dated, though a judge's name was typed in. I don't know if this is something of marginal concern to those of us concerned with government abuse of people's computers and communications or a major concern. I intend to find out more, but if the ECPA is applicable, this guy had about 3500 users, over 2k pieces of protected email on his system, plus (I think) agreements with his uses for him to represent them in an ECPA related legal action--two million dollars if I am multiplying right. (My "Warning to Law Enforcement Agents" was part of his signup screens.) Question for Mike Godwin. One aspect of this case gives me the shakes. *Anyone* with a grudge (and access to this kind of stuff) can send you a package in the mail and tip off the postal inspectors. Short of the obvious (don't make enemies!) how can you protect yourself from this kind of attack? My non-lawyer thoughts: Burn it at once! Call my lawyer. Call the cops. For a while this will be a very serious problem, because *any* of us with readily available morfing tools can make (what looks like) kiddy porn out of legal porn. Keith Henson 408-972-1132 hkhenson@cup.portal.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ltech1!ltech1!mercury@heifetz.msen.com Date: Tue, 11 Jan 94 12:37:15 PST Subject: No Subject Message-ID: MIME-Version: 1.0 Content-Type: text/plain unsubscribe  From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Tue, 11 Jan 94 13:16:51 PST To: cypherpunks@toad.com Subject: Public key encryption, income tax and government Message-ID: <9401112112.AA16760@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain I don't agree with the extreme position that cryptography will lead to the failure of the income tax and the destruction of the government. Consider: untraceable, anonymous transactions occur every day - not through cryptography, but through simple cash purchases at the local grocery store, gas station, department store, restaurant, and so on. There are many occupations which primarily involve cash transactions. Are these people immune from income tax? Of course not. The government has many ways of extracting tax in these cases, ranging from periodic audits with heavy penalties (which keep people honest) to imputing income (as in the case of tip income by waiters), to fraud investigations for those living beyond their means. As I see it, cryptography may extend similar conditions to information workers - programmers, architects, authors. Naturally, since a disproportionate number of those on the net fall into these categories, this seems like a revolutionary development. But from the larger perspective, it is not a major change. The fact is, information purchases are a small part of most people's budgets. If you add up all of what the average person purchases that would fall into the general category of "information" - books, magazines, newspapers, music, video - you probably won't exceed a few percent of income. Information, despite the hype, is not a dominant part of our economy. Particularly at the corporate level, the notion that cryptography will allow widespread tax cheating seems especially questionable. I don't agree that the major force for tax compliance is government surveillance of telephone and electronic communications. Instead, the corporations have to keep books which reflect their financial transactions, and they have to make appropriate reports to the government and investors. To cheat they'd have to have two sets of books, with all the concomitant risks. It would be difficult to pass on the illegal gains to shareholders because they wouldn't match up with what was reported to the governments. Perhaps the beneficiaries in this scenario are the corporate officers? This sounds like simple fraud, and I doubt that the shareholders would allow their investments to be jeapordized in this fashion. Suppose I walk into IBM today and offer to go to work as a programmer, for 10% less than they would normally pay me, as long as they pay me "off the books", and pass on to me in cash the amount they would normally have to pay to the government in payroll taxes. Sounds like a win-win situation, right? Both IBM and I save money. But naturally IBM won't agree to this. And it's not because they're afraid of government bugging of their phones, which cryptography might overcome. They know that there are many ways a scheme like this can be detected. I don't think this will change once strong cryptography allows me to make the same offer to IBM across the net. Sure, my electronic conversations with IBM will be private - but my conversations in the example above were just as private. The advent of cryptography will not change the fact that violating the tax laws is a serious, difficult, and very risky business. Now, I don't know much about high finance, so it's hard for me to judge what the effects would be of cryptographically-protected communications with offshore banks. Again, I am skeptical that the main barrier to such widespread tax evasion that the government would collapse is the government's ability to eavesdrop on electronic communications. I was under the impression that money transfers have used the Data Encryption Standard for years, which is not known to be breakable, and yet government has survived. Summing up, the main change I see cryptography bringing is to extend to information workers some of the same possibilities for anonymous, private cash transactions that plumbers and shopkeepers have always had. Even then, big business will continue to operate under the present rules. I don't see this as a major change in society. I might add that over-hyping of the changes due to cryptography is actually counterproductive. To the extent that law enforcement believes these projections, the government will oppose simple cryptographic technologies that do have an important role to play in preserving privacy. Hal Finney hfinney@shell.portal.com ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: karn@qualcomm.com (Phil Karn) Date: Tue, 11 Jan 94 16:05:21 PST To: hkhenson@cup.portal.com Subject: Re: Updated/corrected posting In-Reply-To: <9401111304.2.14612@cup.portal.com> Message-ID: <199401120000.QAA13865@servo.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain >*Anyone* with a grudge (and access to this kind of stuff) can send you >a package in the mail and tip off the postal inspectors. Short of the >obvious (don't make enemies!) how can you protect yourself from this >kind of attack? This sounds like the standard KGB practice to frame "spies". Have an agent posing as a dissident ask you to carry a letter to the West. When it changes hands, pounce. Then conduct a show trial "proving" that "secret" information changed hands. I'm seeing fewer and fewer differences between the present-day USA and the former USSR. Phil From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Duncan Frissell Date: Tue, 11 Jan 94 13:15:18 PST To: cypherpunks@toad.com Subject: Crypto and Taxes, Etc. Message-ID: <199401112113.AA20044@panix.com> MIME-Version: 1.0 Content-Type: text/plain To: cypherpunks@toad.com In a recent post, Carl Ellison opined: >Mr. Bennett is clearly a victim of the popular impression that privacy is >somehow new. Anything which can be done with public key encryption can >be done already with private communications (whispers, notes which are >mailed and destroyed, secret mail drops, couriers, secret-key >encryption,...>. > >All the hype over cryptoanarchy is overblown. We are capable of anarchy, >income tax evasion and secret bank accounts today. Look around you. How >much of that do you see in your own life? What makes you think that >you'll see any more of it in 10 years? > - Carl PM has already responded pointing out that cryptography makes such things more convenient and this is certainly true. It is much easier to participate in real free markets if secrecy is cheap and easy. There is another aspect however that is tied up with crypto and telecoms. In traditional Black Markets, the transactions are illegal. In future Black Markets on the nets, most of the transactions will be legal. Legality certainly encourages transactions relative to illegality. If I am a non-US citizen resident in a tax-haven jurisdiction, I have no US tax liability for my non-US source income. I also have no tax liability in the haven jurisdiction as long as I wasn't working in that economy. This was OK in the past if you were a bank or a rich owner of passive income. You could accumulate it free in a tax haven. Most people couldn't participate, however. With commerce on the nets, however, it becomes much cheaper to arrange your affairs (if you are a non-US citizen) such that you have no tax liability. You may also be able to operate in a much looser regulatory environment. While it is true that you could accomplish all of the above using traditional technology, the nets mean that you can do it more cheaply (meaning it becomes economically appropriate for more transactions) and in a mainstream market not off to the side in a tropical pesthole. You can have all the benefits of forum shopping while not giving up access to the richest markets of the OECD countries. If a Brit or an American chooses to download a financial product, a video, a drug synthesis description file, medical advice, or some other bits of information from you (you being located somewhere on the nets) they may be breaking various laws (depending on the contents of their download) but you may not. Thus it is legal, today, for an American to purchase an unregistered foreign security but it is illegal for me to promote such a thing domestically. On the nets, we are all foreign and we are all domestic. It would be legal to promote the sale of an unregistered foreign security over the nets. What happens to the SEC? As I said in London in November (and *think* about this folks): "And what can we call this new form of social organization growing on the nets and in the modern fluid business environment? When two or more people can meet together and communicate freely and privately without interference by outsiders, they can trade -- they can form a market. If this trade on the nets is made free from even the *possibility* of external regulation, what we have is a free market and a free society." Unless you can block this communication, we've got a market since 90% of the economy will be in non-physical goods and services within a very few years. Sorry to repeat myself... DCF Frissell Glossary - OECD (Organization for Economic Cooperation and Development) AKA the 24 richest countries. (The 12 EEC Members, US, Canada, Japan, Aus, NZ, the non-EEC countries of Western Europe including Iceland, and Turkey.) --- WinQwk 2.0b#1165 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jon@balder.us.dell.com (Jon Boede) Date: Wed, 12 Jan 94 07:12:05 PST To: szabo@netcom.com (Nick Szabo) Subject: Re: Credit cards vs. digital cash In-Reply-To: <199401111214.EAA10092@mail.netcom.com> Message-ID: <9401112336.AA17384@balder.us.dell.com> MIME-Version: 1.0 Content-Type: text/plain Nick Szabo writes: > For online services, where the customer can be billed in near > real-time, the case where a large bill approaches the credit limit > is at least exceptional, and might be eliminated entirely. I run a national network of public-access email systems. We do not validate anything about our callers and when they run a credit card charge, all we ask for is the name on the card -- we don't check that against anything. We have 50% more subscribers than the Well and we're making buckets of money. Even though our callers are anonymous we still see a chargeback rate of less than 0.5%, which we consider to be an acceptable cost of doing business. It's my opinion that we have four things working in our favor: 1. Most people are honest. When you start analyzing the different ways that people can screw you, you can quickly forget this point. 2. People buy their time in advance. We "see" these people on a regular basis so we can partially "recover" by shutting off an account operating on fraud-based monies. 3. We limit people to buying only what they need for the short term and do not give them the opportunity to charge up a card. 4. We have a long memory for bad card numbers and shady customers. :-) I say these things because I've noticed that there is a general assumption that anyone doing commerce in a more anonymous environment like cyberspace is going to be Under Siege at All Times by People in Black Hats. That's an appropriate attitude to take in order to set the context for the discussion of ways to prevent fraud, etc. But! don't be surprised that when you present the results of your efforts to people who are looking to do business on the net, that they will tell you that your solutions are too complicated and too paranoid for their situation. Most people will be too busy running their business and counting their money to really care about that 0.5% Jon From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@cicada.berkeley.edu Date: Tue, 11 Jan 94 17:55:20 PST To: cypherpunks@toad.com Subject: "tentacles"-- I don't get it!! Message-ID: <9401120152.AA26169@cicada.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain I hate to intrude here but I have been seeing all the smoke out in the newsgroups about this "tentacle" business and L. Detweiler (who is this guy??!). I hope I won't be flamed so I am sending this through a remailer. (I love your technology, one of my friends went to a cypherpunk meeting once and told me about the cooler stuff.) I sent L. Detweiler some of these questions but he never responded, so I was hoping people here could help me understand what is going on out here!!! So anyway... Could someone define "tentacle"? Detweiler said, out in the newsgroups: > > 1) the cypherpunks betrayed me. they even got a an old college friend > to pretend he was real. M.Dale sent me mail claiming he was real. I > did not ask for this mail. But if you send me lies, I will call you a > liar. I don't agree with that in the least. (With what he says they did, not the paragraph itself). > > 2) Szabo is one of the most valuable cypherpunk tentacles as far as > reputation. `he' has been posting to the net for a long time in > many groups. this is why they fought so tenaciously to protect him. > > 3) T.C.May said at a cypherpunk meeting that everyone I have accused of > being a tentacle is real. T.C.May is a liar. I dare you, Mr. May, > to come out of your hole. I will tear your postings to shreds. I > will rip the lies apart. I will decapitate the tentacles, and they > will be afraid to show their sickly green faces anywhere respectable. > I have followed this thread for such a short time (relativly speaking). I think I picked up on the "Cryptoanarchist" part (someone who doesn't support the regulation of cryptography?). From what I've been able to gather, the talk is about "tentacles" coming from one "Medusa." > 4) B.Stewart says that he saw N.Szabo and J.Dinkelacker at the > last cypherpunk meeting, *and* their drivers license. B.Stewart is > an Accomplice. I challenge anyone who saw them to tell the world > you did. Did you really see the Phantoms? > > 5) the whole affair proves that the conspiracy is very active, > involves very many people, and has gotten quite out of control. > > 6) anyone who supports the cypherpunks or their leaders are > accomplices to lies and the `hidden agenda' of black marketeering, > manipulation, tax evasion, deception, money laundering, overthrow > of governments. And these are just the *obvious* ones. So many makeshift terms here that I'm not familiar with. Could someone Define "cypherpunk." (I HAVE heard of "CyberPunk," but couldn't extract a meaning out of that either.) Please enlighten me. > > 7) cypherpunks are responsible for a huge increase in trash lately > to newsgroups. It is a means of drowning my signal in noise. They > are nothing but conspiracists, powermongers, and extremists. > What trash is this? The only thing I have seen (so far, as I believe) are various messages written by an12070 (L. Detweiler?) that have erupted into flame wars. Keep in mind that I'm NOT FLAMING ANYONE here. > hey cypherpunks! you think that because no one challenges your > ridiculous posts, calling me insane, that no one believes me? that > no one is taking me seriously? That no one is stunned that szabo > is nothing but a worthless, slimy snake? the joke's on you. there > are a fantastic number of lurkers `out there' who are beginning to > sense the lies. > CyberAnarchists... Is that someone who doesn't want CyberSpace regulated? Personally, I have nothing against the free exchange of information (does anyone here?). I was really upset when he said > death to cyberanarchists-- by anarchy... > > > stay tuned, soon they will all be SQUISHed > > -- is this one of the "violent death threats" that everyone has been talking about? thanks for the help, I just want to know. sorry that I missed some of the earlier stuff. I will be watching this list for a reply. BTW that stuff that Detweiler is doing with signatures, switching them around, it is kind of ironic given that the cypherpunks are really into that thing. He seems to be really pissing you guys off. but I gotta admit it really is a sort of new art form in cyberspace, kinda like Graffiti. although, there is so much activity lately that it kind of makes me wonder if there is a whole team of people out there. there have been a lot of rumors about infiltrators and double agents. we'll see what the future brings. personally I think remailers are God's Gift to Cyberspace, and anything done to limit their capabilities or infringe on the privacy of whoever uses them is CENSORSHIP and ORWELLIAN POLICE STATE. we'll prove to Detweiler that we are not the hypocrites he claims we are, that under no circumstances whatsoever will we *ever* betray the people who use our remailers, even if they are our enemies, because Privacy is all that matters. .adAMMMb. .dAMMMAbn. .adAWWWWWWWWWAuAWWWWWWWWWWAbn. .adWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWbn. ..adMMMMMP^~".--"~^YWWWWWWWWWWHHMMMMMMMMbn.. "~^Y" / ..dMWMP".ammmmdMMMUP^~" | Y dMAbammdAMMMMMMP^~" | | MMMMMMMMMMMMU^" -Row l : Y^YUWWWWUP^" \ j "-..,.^ mveaudry@turing.acs.ryerson.ca & ld231782@longs.LANCE.ColoState.EDU (and how many more that I haven't revealed yet? Could I actually be jmurphy@apple.com? could I be 3CJS5@qucdn. QueensU.ca? Who am I? Who cares?) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Tue, 11 Jan 94 18:21:54 PST To: cypherpunks@toad.com Subject: Who is L. Detweiler? Message-ID: <199401120218.SAA00987@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Cyphertentacles, Here's a posting I made yesterday to the Extropians list, describing the Detweiler situation. Yes, even they have heard of L. Detweiler and his new prominence as a Net.Loon of note. So when some folks asked for an explanation, I sat down and wrote up a summary of the situation. Here it is: ***from the Extropians list (with a quote from that list excised, as they have rules about forwarding list traffic, except one's own, of course)*** I'll descend into the depths of Detweiler's mad world for a bit to answer some questions raised by John Clark. Detweiler is actually a fascinating case history in Net paranoia....we actually have gotten to see the birth of a Net.loon like McElwaine or Serdar Argic, a Net.loon who is already famous. He makes anybody we've seen on the Extropians list look like a Minor Perversion (apologies to Vinge's "A Fire Upon the Deep") by comparison. Antics like his are why postive reputation filters are needed so urgently, not just on mailing lists like Cypherpunks, but throughout Cyberspace. (The Extropians list software, with ::excludes, is sorely needed on Cypherpunks. Various things are holding up the transfer of this. I have suggested to Harry that one approach is to set up "mailing list servers" that support this software, as a profit-making venture.) Anyway, here's the saga of Lawrence Detweiler, aka S. Boxx and a dozen other such names. --quote from John Clark removed-- Lawrence Detweiler, sometimes called Larry and sometimes called Lance (which may be a mistake, one he never corrected until recently) is a guy who's about 22-23 who lives in Colorado, having recently graduated from Colorado State U. in Computer Science. Don't know what his career is now, if he has one. He joined the Cypherpunks list about a year ago and showed great enthusiasm and energy, volunteering to write the FAQ on "Anonymity on the Internet" and "Privacy and Anonymity." He put this out very quickly (too bad he's crazy and can't do the same for the Cypherpunks FAQ, which I have recently agreed to write, or the Extropians FAQ, about which I'll say no more). Detweiler was, like I said, very energetic, often writing very long rants against Clipper, Dorothy Denning, etc. He often got angry with someone and slipped into insulting them as being duplicitous, malicious, etc., instead of merely ascribing their different opinions as being just that. He asked for my help several times in getting his views accepted by the Cypherpunks, and I tried to get him to tone down his ad hominem attacks and general rants (he was always prone to writing agonized prose, such as "I am becoming increasingly disgusted and completely and thoroughly disenchanted by the nauseatingly waffling on vital issues by the Cypherpunks High Command."--this is not something he actually wrote, but my attempt to duplicate his style). His FAQs are very well-done, if a bit long, and tell us there's a glimmer of brilliance beside the madness....the two often go together, so this is hardly surprising. By last summer, Detweiler was handing out "Cypherpunks of the Week" awards, was arguing for his own form of electronic democracy (one person one vote, to be done on a daily basis on all sorts of issues....needless to say, many of us disagreed with him), and was generally ranting and raving. When I stated my disagreement with his electronic democracy idea as being the main goal of the Cypherpunks--and this was done in a mild, objective manner--Detweiler spat venom at me and accused me of being an agent of some government agency. His paranoia and rancor increased steadily throughout September and by October he had become "S. Boxx" and other pseudonyms, using his "an12070" account to argue about "pseudospoofing" and "tentacles of the Medusa." He apparently decided that I, for example, was using a variety of fake names, including Nick Szabo, Hal Finney, Geoff Dale (yes, the very same folks you all know from _this_ List!), to drive him crazy and to argue against his points. Thus, if Nick Szabo argues against electronic democracy AND has a Netcom account, as I do, then it's obvious: szabo@netcom.com is obviously a "tentacle" of tcmay@netcom.com! What could be more obvious? This all increased, with Detweiler launching daily rants against me, Eric Hughes, and others. He demanded apologies "or else." He demanded statements from the "Cypherpunks High Command" that we no longer "pseudospoof." He appealed to John Gilmore to "put a stop to this pseudospoofing," but John was in Nepal on a trek and didn't respond. When John eventually returned, he replied in a calm manner and suggested that Detweiler was mistaken. True to form, Detweiler went ballistic at this "betrayal" and declared Gilmore to be just another "Big Mac." (In DetSpeak, many new terms exist. Those of us who appeared on the cover of "Wired" (issue 1.2), Eric, John, and me, are "Big Macs." Other Cyperhpunks are "cheeseburgers." Of course, we are also "TENTACLES" and "SNAKES" of Medusa. Sometimes Detweiler refers to _me_ as Medusa, other times he imputes to "her" the role of coordinating the Grand Conspiracy to a) drive him crazy, b) spread the Cryptoanarchist message, and c) corrupt all of Cyberspace with Lies. He also drifts into Christian rants about Hell, Satan, God, and Damnation. Keeping track of his shifting terminology is a chore.) He asked to be removed from the Cypherunks list, and was, but continued to post to it (blindly). He created his own group, the "Cypherwonks" list, with a fascist list of rules and regulations about true identities, the evils of pseudospoofing, etc. I gather from reports that it is now moribund. (I didn't join, for obvious reasons, not even under a "tentacle"--which I don' even have, needless to say). Ironically, but hardly surprisingly, the very thing Detweiler rails against so much, "pseudospoofing," is precisely what he is most famous for! I'm sure a psychologist would have a field day with him. Detweiler issued death threats, saying he would be visiting the Bay Area to "kill the tentacles." He mostly did this under his an12070 name, though he often confused the identities and made several telling slips which confirmed to even the doubters that L. Detweiler = an12070 = S. Boxx = Pablo Escobar = Adolf Hitler, all names he has used for his paranoid rants. (Other evidence: same line lengths, same use of TeX-style ``quotes'' in messages, same use of no spaces between initials in names like "T.C.May," same florid languages, same emphasis on same issues, and, most tellingly of all, several "goofs" in which private messages to one or the other were quoted by the other, and even goofs within messages that alluded to himself as "Lance" or "Larry.") And so it goes. He has been posting his "CRYPTOANARCHIST INVASION ALERT"-type messages to several Usenet groups for the last couple of months, and has recently gone even further in the direction of madness. I expect one day to hear Detweiler has shot and killed himself, or has shot and killed others, or is holding them hostage. I know the Colorado Cypherpunks group--which expelled Detweiler from their physical meetings and from their list--is fairly concerned about their security, and the security of Phil Zimmermann, who lives in Colorado and whom Detweiler alternately characterizes as "God" or as "Satan." After the latest rounds of forged messages, with my name attached and with .sig block attached, I alerted Julf, operator of the anon.penet.fi site, to the obvious "abuse" of his remailer site....I didn't do this when Detweiler was ranting, only when he was sending out posts which gave the appearance of being from _me_. No an12070 messages have been seen by me for several days now, and Detweiler has made comments about how S. Boxx "told him" that his account has been stopped. Yeah, right. So that's the saga of L. Detweiler, the latest Net Perversion to be born in cyberspace. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: michael shiplett Date: Tue, 11 Jan 94 15:45:20 PST To: cypherpunks@toad.com Subject: Re: Public key encryption, income tax and government In-Reply-To: <9401112112.AA16760@tamsun.tamu.edu> Message-ID: <199401112344.SAA02662@totalrecall.rs.itd.umich.edu> MIME-Version: 1.0 Content-Type: text/plain "hf" == Hal Finney writes: hf> I don't agree with the extreme position that cryptography will hf> lead to the failure of the income tax and the destruction of the hf> government. hf> Consider: untraceable, anonymous transactions occur every day - hf> not through cryptography, but through simple cash purchases at the hf> local grocery store, gas station, department store, restaurant, hf> and so on. [ remainder of message deleted ] Cash need not remain as untraceable & anonymous as it currently is. If you look at a piece of US paper, there is the embedded strip (material?) on the left side giving the denomination and the computer-readable serial number in the upper right and lower left. All that's needed now is a law requiring merchants to scan bills as they come in and go out. Considering the federal activities in the banking world, such a law is not out of the realm of possibility. michael From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy <72114.1712@CompuServe.COM> Date: Tue, 11 Jan 94 18:01:54 PST To: Subject: CRYPTO/TAX Message-ID: <940112014058_72114.1712_FHF126-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Hal Finney wrote: I don't agree with the extreme position that cryptography will lead to the failure of the income tax and the destruction of the government. Consider: untraceable, anonymous transactions occur every day - not through cryptography, but through simple cash purchases at the local grocery store, gas station, department store, restaurant, and so on. There are many occupations which primarily involve cash transactions. Are these people immune from income tax? Of course not. Do these people pay such income tax? Of course not. The government's own figures peg tax evasion at "only" 20%. Yeah, and Elvis lives in my closet. The government has many ways of extracting tax in these cases, ranging from periodic audits with heavy penalties (which keep people honest) to imputing income (as in the case of tip income by waiters), to fraud investigations for those living beyond their means. Think "cost-benefit analysis." Duncan has already pointed out that the modal number of years spent in prison by tax evaders is "zero." Hal should get friendly with a weekend mechanic or a waitress. He might want to re-think his belief in the voluntary tax compliance of alternative economy. Perhaps Eric Hughes will recap the "crypto point-of-sale" rap he gave at the previous Cypherpunks meeting. (Or maybe he won't.) What it demonstrated was that the types of economic transactions that can benefit from crypto-privacy is much broader than Hal is imagining. We have already won. S a n d y >>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBK1IgLE5ULTXct1IzAQFC0QP/fWrSeauH3xnD7CFofRO8dTIdVN31etSO LPqw+XOC2us01cBRCyR6BNArbjpscLgiYjdvbEaMGBGbjPw8JFlVlDTI2+WV/b7h 6fLIFgCkUzmFaZKBHaNmiCIQarii8xucVaM8lHt8rZ3tQE9mCe8i6mosagcuDO5B +9/f0an++6g= =sZO9 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Tue, 11 Jan 94 22:31:55 PST To: cypherpunks@toad.com Subject: Crypto and taxes Message-ID: <199401120628.WAA02857@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain I can agree that cryptography will make some kinds of illegal private transactions easier. What I doubt is that this will happen at a large enough scale to seriously threaten the ability of governments to fund themselves by taxes. Take Perry's example of one person buying a rare, expensive item from another. This might be made easier to do anonymously with ecash. But how much significance will this have taxwise? If these were private individuals involved in a personal swap, chances are no taxes would be paid even under current conditions. I bought a car from my next door neighbor a few months ago. I doubt that he paid income tax on it. And transactions of this magnitude are rare among individuals in a non- business situation. Most of our transactions are done with businesses, generally corporations. Imagine taking $15,000 in cash to buy a new car anonymously. I believe you will find that the car dealers will not cooperate, that government regulations (designed to crack down on drug dealers) will require them to get some ID from you. Digicash would presumably be under the same restrictions. Furthermore, as I argued earlier, it will be much harder for a large business to successfully switch to cash transactions in the hope of evading taxes. A much larger group of people would have to be "in" on the secret, in order to cooperate to prepare the false receipts and books that would be necessary. Any situation like this will be risky and dangerous to maintain. I don't fully understand Duncan's arguments for how taxes can be avoided through being a non-citizen. I gather, though, that this would require me to either move to another country, or to go to work for a company that is in another country. Neither seems likely in the next few years for the majority of citizens. And if this did catch on, presumably this loophole could be closed, so that you were taxed by whatever country you lived in. (A similar situation exists today with respect to state income tax for people who live in one state and work in another. I don't think they are exempt from all state income taxes.) Sandy may be right that self-employed people who get cash payments do widely under-report their income, and no doubt self-employed programmers do the same to some extent. But I'm really not sure why or how a programming contractor or consultant, let alone an employee, will be able to avoid paying taxes once strong crypto is common. Won't the company paying him still want to record those payments on its books, so it can deduct them as business expenses? I believe similar records are used today to verify tax liabilities of paid consultants. Why won't this be true with crypto involved? And for employees, companies are still going to need a social security number, name and address, and they will still submit records to the government showing how much you were paid. I don't see widespread tax evasion in the picture at all. Sure, some smart people may be able to exploit the new technologies and disappear into the cracks. Self-employed information workers may have the most to gain. But the average worker and the average company aren't going to have major new opportunities for tax evasion. The economy will keep plugging along as it always has, and if the government goes down the tubes it won't be because of the advent of strong cryptography. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: lear35!mdbomber@nebula.acs.uci.edu (Matt Bartley) Date: Tue, 11 Jan 94 23:42:20 PST To: cypherpunks@toad.com Subject: please resubscribe Message-ID: <9401120711.AA03181@lear35.ca.us> MIME-Version: 1.0 Content-Type: text/plain I somehow got dropped from this list. Several messages to cypherpunks-request have ended up in /dev/null somehow. Could someone please add me back to the list? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Chris Goggans Date: Tue, 11 Jan 94 23:45:21 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <199401120744.XAA06060@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain After a complete sellout at HoHo Con 1993 in Austin, TX this past December, the official Legion of Doom t-shirts are available once again. Join the net luminaries world-wide in owning one of these amazing shirts. Impress members of the opposite sex, increase your IQ, annoy system administrators, get raided by the government and lose your wardrobe! Can a t-shirt really do all this? Of course it can! -------------------------------------------------------------------------- "THE HACKER WAR -- LOD vs MOD" This t-shirt chronicles the infamous "Hacker War" between rival groups The Legion of Doom and The Masters of Destruction. The front of the shirt displays a flight map of the various battle-sites hit by MOD and tracked by LOD. The back of the shirt has a detailed timeline of the key dates in the conflict, and a rather ironic quote from an MOD member. (For a limited time, the original is back!) "LEGION OF DOOM -- INTERNET WORLD TOUR" The front of this classic shirt displays "Legion of Doom Internet World Tour" as well as a sword and telephone intersecting the planet earth, skull-and-crossbones style. The back displays the words "Hacking for Jesus" as well as a substantial list of "tour-stops" (internet sites) and a quote from Aleister Crowley. -------------------------------------------------------------------------- All t-shirts are sized XL, and are 100% cotton. Cost is $15.00 (US) per shirt. International orders add $5.00 per shirt for postage. Send checks or money orders. Please, no credit cards, even if it's really your card. Name: __________________________________________________ Address: __________________________________________________ City, State, Zip: __________________________________________ I want ____ "Hacker War" shirt(s) I want ____ "Internet World Tour" shirt(s) Enclosed is $______ for the total cost. Mail to: Chris Goggans 603 W. 13th #1A-278 Austin, TX 78701 These T-shirts are sold only as a novelty items, and are in no way attempting to glorify computer crime. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@soda.berkeley.edu Date: Wed, 12 Jan 94 00:47:20 PST To: cypherpunks@toad.com Subject: Somebody posting fake Detweiler messages Message-ID: <199401120847.AAA09404@soda.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain This message was posted to alt.conspiracy. ============================================================================ From: Tommy the Tourist Subject: Apologies Organization: Cypherpunks From: "L. Detweiler" Before the story gets around from other sources, here's what *really* happened. I guess that I should start by saying that I'm sorry. I'm sorry for the tremendous disturbance that I caused, I now see that I was completely wrong. Nick Szabo is a real person, and I was mistaken to say otherwise. I don't know how to go about cleaning up the mess that I made, but I guess that I'll start by humbly asking all of you to forgive me. It began when I was at home one evening last week, watching TV. The voices were back again. They told me that the TENTACLES were going to use his account to spread their LIES, and to RAPE the unsuspecting net.virgins. The more I thought about it, the more agitated I became. Their SCREAMS filled my ears, and their TEARS came from my own eyes. I couldn't sleep because I knew that their fates rested in my hands. I had to do something. The hell that awaited them was known to me alone, and only I could save them. The poor souls would SQUIRM in AGONY and CRY OUT in pain, but the GROTESQUE cypherpunks would only LAUGH. Every time that I closed my eyes, I'd see the inferno. The monsters believed, I knew, that no joy was greater than UTTERLY DESTROYING an unsuspecting user, SODOMIZING their innocent victims just as they do each other. I thought about posting another message, but decided that this time I had to take my stand. The SATANIC CABAL must be BROKEN, as totally and completely as the Tower of Babel. I flew to Washington, D.C., determined to prove once and for all that szabo@netcom.com is nothing but a deceiving TENTACLE, bent on PILLAGE and PLUNDER. Once that was done, the fate of the MEDUSA was sealed. Thanks to one of his net *friends*, I had Szabo's phone number. Locating his address was not difficult. I knocked at the door and asked for Szabo. The fellow who answered the door asked my name and, when I gave it, he told me to wait there. A few seconds later I heard a voice from upstairs yelling ``Call 911! Call 911!''. His roommate jumped me and we wrestled until, finally, I freed myself and was able to calm him down enough to talk. Szabo came downstairs and said that he'd called the police, and I'd better hightail it out of there or be prepared to spend some time in jail. Thinking that he was an imposter paid by t.c.may and e.hughes to act as Szabo should anyone check, I agreed to talk with the CHARLATAN. He would meet his fate soon enough, and he would PAY DEARLY for his complicity. I convinced him that I wasn't armed, and he agreed to talk. He insisted that he *was* Szabo and tried many ways of proving it. He produced a drivers license and a passport, both issued to Szabo and with pictures of this same man. They seemed valid. I was confused. He then dialed into netcom as szabo and read some mail. It was then that I noticed the sounds, soft and just at the edge of my hearing. It was a light and breathy sound. It was... LAUGHTER. The VOICES WERE LAUGHING AT ME. It was then that the clouds parted and the gleaming ray of sunlight came down to illuminate my vision. All of the time that I had spent jousting quixotically with the cypherpunks had been wasted, as they weren't the enemy. They weren't the ones who were sending the voices to disrupt my sleep. It wasn't them at all. The voices were my true enemy, and I set out with renewed vigor to seek out and destroy the voices. Um, anyway, I guess that he really is szabo@netcom.com. Sorry. Now what I need to know is how do I go about rebuilding the reputation that I've spent so long destroying? So many people have learned to ignore posts from my account that I fear I'll not get another hearing. Gee, maybe on the internet they CAN tell if you're a dog... ============================================================================ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Wed, 12 Jan 94 01:05:22 PST To: cypherpunks@toad.com Subject: One of our alumni achieves "alt.usenet.kooks" fame! Message-ID: <199401120904.BAA28189@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Our own former member, but still all-too-frequent contributor, L. Detweiler has achieved fame by appearing in the compilation of net.cranks in the new group "alt.usenet.kooks." I had a hunch he'd be listed there along with such luminaries as Robert McElwaine, Jack Schmidlang, Gary Stollman, and Serdar Argic, and he was. Here's in entry in the draft FAQ: "L. Detweiler (you are all TENTACLES of the CYPHERpunk anarchoSYNDICALIST pseudospoofing CONSPIRACY; everyone who contacts me via post or email is a tentacle of a single Medusa): All information relevant has been deleted (probably by the cypherpunk pseudospoofers); ask around - old-timers can tell you about him, through "safe" avenues (like email). Warning: attempting to disillusion him of his theories usually results in threatening mail and getting incorporated into said theories. Handle With Extreme Care. Appears occasionally on the news.* hierarchy, crossposted to hell and back. Author of the Internet Anonymity FAQ. (Posts as ld231782@.lance.colostate.edu (L. Detweiler) and an12070@anon.penet.fi (various constantly-changing identities).)" Which one of us will be next? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@pmantis.berkeley.edu Date: Wed, 12 Jan 94 04:12:03 PST To: cypherpunks@toad.com Subject: szabo@netcom.com is NOT a tentacle!!! Message-ID: <9401121210.AA13798@pmantis.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain As for the `Szabo being a tentacle thread' in the newsgroups, pmetzger just posted stating that he had indeed posted the name of the town Szabo lives in, as well as the names of his roommates. He refrained from posting that information again. I seem to vaguely recall seeing the original post, but can't find it in the buffers here -- everything before December 21st or so has expired. the thing that ROYALLY PISSES ME OFF is that NOONE WHO HEARD PMETZGER CLAIM THIS has POSTED TO SAY THAT THEY HEARD HIM SAY THAT. reminds me of the infamous rape and murder of that NY woman, with dozens of witnesses hearing her screams, just going about their business. who will be raped next? and who will be silent? everyone who is watching my thread, and being silent about what they know, is a hypocrite and a dangerous accomplice to lies. I guess that's a bit overstated. I suspect people in most major metropolitan areas don't want to get involved partially because they fear retribution, and partially because, with that many people packed together, you tend to care less about your neighbors than you would in a small town, where you know the people in your building or street. I suspect people on the net don't bother because "it's just bits" -- they read the Net like they watch TV, without any connection to the characters or dramas unfolding before them. In large part, what is said here doesn't really matter. People get curious, but it's not worth getting into an uproar. if YOU GIVE A DAMN, POST! Ah, there's the rub. Deep down, I really don't care about this particular issue. To my knowledge, Nick Szabo, whether real or not, has never said anything that has made me even care whether or not he has real. I've never found anything he's said particularly interesting. He's a net.person. Should he turn out to be a "tentacle," that's fine by me -- he won't be the first I've encountered. If he turns out to be T.C.May in disguise, all that means is that there's one less person with T.C.May's ideas in the world than people thought. I think that uncaring attitude, which I regard as fairly dominant among people who've used cyberspace (and especially Usenet) a good amount of time, is the very reason that May's ideas about widespread crypto bringing down governments will never come to pass. People have, and I believe will continue to have, a distrust about putting much faith into computers, and thus cyberspace will always have limitations. I believe people put a great deal of stock in the feel of a crisp paper dollar bill, as well as a smile and a handshake. :-) Perhaps to add more fuel to the fire, a Nicholas Szabo does indeed live in Cupertino, according to a 1990-1991 White Pages from the area. There is no G.Dale listed, however. (I was hoping to correlate the two numbers) I suspect that I need a more recent phone book to make a better test. ------ Legalize: >----< | act I have programmed a computer. . . \ / You are ~1,000,000,000,000,000 .1ms NAND gates have a nice day. . . . \/ The true theory of everything will run on a finite turing machine. . . . From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Wed, 12 Jan 94 05:12:05 PST To: Hal Subject: Re: Crypto and taxes In-Reply-To: <199401120628.WAA02857@jobe.shell.portal.com> Message-ID: <199401121310.IAA23723@snark> MIME-Version: 1.0 Content-Type: text/plain Hal says: > Take Perry's example of one person buying a rare, expensive item from > another. This might be made easier to do anonymously with ecash. But > how much significance will this have taxwise? If these were private > individuals involved in a personal swap, chances are no taxes would be > paid even under current conditions. I think you misunderstand, Hal. As with most people I've spoken to outside the financial community, you mistake an anonymous banking system for an anonymous payments system. Yes, it is possible that two people might swap lots of cash and valuable items now. However, it is inconvenient to do so, and impossible to conveniently invest the proceeds. What if I want to own 5000 shares of MicroSloth anonymously, order the position liquidated, go to the local cafe, and pay someone with the money that day? With conventional offshore banking, this is difficult if not impossible. > I bought a car from my next door neighbor a few months ago. I doubt > that he paid income tax on it. And transactions of this magnitude > are rare among individuals in a non- business situation. That is precisely why he can get away with it -- he knows that since most of his income is declared the fraction that is not will not be noticed. Lets say, however, that he decided to do lots of illicit transactions -- he would suddenly find himself shut out of the banking system. One $2000 check without an explanation will go unnoticed. Dozens will not. > Most of our transactions are done with businesses, generally > corporations. Imagine taking $15,000 in cash to buy a new car > anonymously. I believe you will find that the car dealers will not > cooperate, that government regulations (designed to crack down on > drug dealers) will require them to get some ID from you. Digicash > would presumably be under the same restrictions. Of course it would be under the same restrictions, but in all likelyhood none of its users would pay the least bit of attention to them. New car dealers are unlikely to accept digicash -- but used car dealers might if they can get part of their transactions above ground. Cars are an unusual case because of the degree of regulation -- cars must be registered and their provenance is carefully monitored. Consider, instead, dinner. You can go to any restaurant you like in the U.S. and pay with an offshore bank's Visa card and no one will look twice. No one is arguing, by the way, that all the economy will go black. I'm merely noting that whereas right now its hard to lead a normal life entirely in the black economy (you suffer from a myriad of inconveniences), an anonymous offshore banking system that you have free access to changes all that. > Furthermore, as I argued earlier, it will be much harder for a large business > to successfully switch to cash transactions in the hope of evading taxes. Thats certainly the case -- it will likely be another pressure on large businesses to downsize since small flexible enterprises will have an even greater competitive advantage. > Sandy may be right that self-employed people who get cash payments do > widely under-report their income, and no doubt self-employed > programmers do the same to some extent. But I'm really not sure why or > how a programming contractor or consultant, let alone an employee, will > be able to avoid paying taxes once strong crypto is common. Won't the > company paying him still want to record those payments on its books, so > it can deduct them as business expenses? Perhaps not. Its very common in many large business conducted here in New York in certain seemingly legitimate industries for much of the business to be conducted off the books -- people who will take cash for work are sought after. I will not name the industry in question, but it is one of the few major ones left in the city and it isn't finance. Import/Export companies, which are already a maze of evading companies, would likely be the first to take widespread advantage of digicash systems, followed by small scale information workers and smugglers of various kinds. I have no idea how deeply it might penetrate society -- who can say for sure? -- but I think you are wrong in thinking that tax evasion is as little practiced and as little desired as you apparently do. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: lefty@apple.com (Lefty) Date: Wed, 12 Jan 94 09:22:06 PST To: cypherpunks@toad.com Subject: But Detweiler _Is_! (Was Re: szabo@netcom.com is NOT a tentacle!!!) Message-ID: <9401121717.AA16391@internal.apple.com> MIME-Version: 1.0 Content-Type: text/plain >This feels like Detweiler spoofing again. Anyone else get that >feeling? It's certainly possible. A possibility which, I might add, raises in me an almost uncontrollable desire to yawn, deeply. Isn't it interesting, though, that Mr. Detweiler has become precisely what he rails against? As Friedrich Nietzsche once remarked, "He who fights with monsters should see to it that he does not _become_ a monster." FWIW, I felt that the "Tentacles--I don't get it" posting was a good candidate for hidden Detweiler-hood as well. Mr. Detweiler, the abyss is gazing into you... -- Lefty (lefty@apple.com) C:.M:.C:., D:.O:.D:. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@soda.berkeley.edu Date: Wed, 12 Jan 94 09:27:06 PST To: cypherpunks@toad.com Subject: Re: Public key encryption, income tax and government Message-ID: <199401121717.JAA04570@soda.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain Hal Finney put out an excellent posting on why digicash and such are not likely to undercut the tax system. While a lot of what he says is valid, I would like to throw in another data point. You see, my wife is Italian, and I've spent quite a bit of time hanging out with the in-laws, seeing how they live and how their society works. Italy's underground economy is estimated at being 30% or more of the total GDP. It is a very cash-based economy, obviously. It is also a country where, IMHO, standards for honesty are lower than in the US and a certain amount of cleverness in avoiding things like taxes earns respect. Any Italian will tell you with pride that Italians do not follow rules. Italian merchants are required by law to produce receipts for every transaction. In fact, you as a customer may be required to produce the receipt on demand and will be fined if you do not have it. Nonetheless, if you do not insist on a receipt for many purchases -- even for very expensive things -- it has a good chance of not being produced. If you do insist, the price may suddenly increase. Tax evasion at the retail level is widespread. > Suppose I walk into IBM today and offer to go to work as a programmer, > for 10% less than they would normally pay me, as long as they pay me > "off the books", and pass on to me in cash the amount they would > normally have to pay to the government in payroll taxes. Sounds like a > win-win situation, right? Both IBM and I save money. But naturally > IBM won't agree to this. The only taxes that are sure to be paid are wage taxes for normal employees. Right? Well...for normal work, yes. My brother-in-law works in a furniture factory that, like all the rest of them, does a lot of its production off the books. As a result, much of his work is off the books too. This is how Italians make ends meet in a country with (relative to us) low salaries and high prices. There is a word for it -- arrangarsi -- "to arrange oneself". Tax evasion at the manufacturing/wholesale levels is widespread. The official response to this is a good study in governmental desperation. Customers are fined for leaving businesses without a receipt. Your car may be stopped and searched for undocumented merchandise at any time. Imputed income taxes for self-employed people are at ridiculous levels (i.e. a large degree of evasion is assumed). Taxes are levied on everything (car radios, the width of your driveway, electric lighters for gas stoves). I am told that Italians were, at one time, forbidden to possess foreign bank accounts; this rule is not sustainable under the European Community, of course. And none of the above is working very well. As long as Italians believe that it is their right to skip out on their taxes (while, of course, demanding extensive benefits from the government) the situation will continue. I guess my point here is that one should not be too quick to assume that this sort of situation could not arise in the US. Cryptography and digital cash may not, in and of themselves, bring down the tax system. But if Americans decide that they have had enough of it, severe problems could arise with or without such tools; they would only make it easier. Tax evasion rates are low (relatively) in the US because people here are more inclined to follow the rules, and because most people seem to believe that you can't get something for nothing. That is a much more powerful force than any repressive governmental action. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: futor@llnl.gov Date: Wed, 12 Jan 94 09:22:32 PST To: cypherpunks@toad.com Subject: Re: szabo@netcom.com is NOT a tentacle!!! Message-ID: <9401121720.AA12127@ocfmail.ocf.llnl.gov> MIME-Version: 1.0 Content-Type: text/plain > This feels like Detweiler spoofing again. > Anyone else get that feeling? It's not. I recognize: >> ------ Legalize: >--> \ / :-)-~ o>--< | act I have programmed a computer. . . >> \ / You are ~1,000,000,000,000,000 .1ms NAND gates have a nice day. . . . >> \/ The true theory of everything will run on a finite turing machine. . . . from someone else on the net. There *are* similarities between their names, but I doubt that they're the same person. I *have* been wrong before, however. __ \/ -+- randy -+- all generalizations are flawed -+- futor@llnl.gov From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Wed, 12 Jan 94 07:22:04 PST To: cypherpunks@toad.com Subject: Re: szabo@netcom.com is NOT a tentacle!!! In-Reply-To: <9401121210.AA13798@pmantis.berkeley.edu> Message-ID: <199401121519.KAA23805@snark> MIME-Version: 1.0 Content-Type: text/plain This feels like Detweiler spoofing again. Anyone else get that feeling? Perry nobody@pmantis.berkeley.edu says: > As for the `Szabo being a tentacle thread' in the newsgroups, pmetzger > just posted stating that he had indeed posted the name of > the town Szabo lives in, as well as the names of his roommates. He refrained > from posting that information again. I seem to vaguely recall seeing the > original post, but can't find it in the buffers here -- everything before > December 21st or so has expired. > > the thing that ROYALLY PISSES ME OFF is that NOONE WHO HEARD > PMETZGER CLAIM THIS has POSTED TO SAY THAT THEY HEARD HIM SAY THAT. > reminds me of the infamous rape and murder of that NY woman, with > dozens of witnesses hearing her screams, just going about their > business. who will be raped next? and who will be silent? everyone who > is watching my thread, and being silent about what they know, is a > hypocrite and a dangerous accomplice to lies. > > I guess that's a bit overstated. I suspect people in most major metropolitan > areas don't want to get involved partially because they fear retribution, and > partially because, with that many people packed together, you tend to care > less about your neighbors than you would in a small town, where you know the > people in your building or street. I suspect people on the net don't bother > because "it's just bits" -- they read the Net like they watch TV, without any > connection to the characters or dramas unfolding before them. In large part, > what is said here doesn't really matter. People get curious, but it's not > worth getting into an uproar. > > if YOU GIVE A DAMN, POST! > > Ah, there's the rub. Deep down, I really don't care about this particular > issue. To my knowledge, Nick Szabo, whether real or not, has never said > anything that has made me even care whether or not he has real. I've never > found anything he's said particularly interesting. He's a net.person. Shoul d > he turn out to be a "tentacle," that's fine by me -- he won't be the first > I've encountered. If he turns out to be T.C.May in disguise, all that means > is that there's one less person with T.C.May's ideas in the world than people > thought. > > I think that uncaring attitude, which I regard as fairly dominant among peopl e > who've used cyberspace (and especially Usenet) a good amount of time, is the > very reason that May's ideas about widespread crypto bringing down government s > will never come to pass. People have, and I believe will continue to have, a > distrust about putting much faith into computers, and thus cyberspace will > always have limitations. I believe people put a great deal of stock in the > feel of a crisp paper dollar bill, as well as a smile and a handshake. :-) > > Perhaps to add more fuel to the fire, a Nicholas Szabo does indeed live in > Cupertino, according to a 1990-1991 White Pages from the area. There is no > G.Dale listed, however. (I was hoping to correlate the two numbers) I > suspect that I need a more recent phone book to make a better test. > > > ------ Legalize: >-- \ / :-)-~ o>--< | act I have programmed a computer. . . > \ / You are ~1,000,000,000,000,000 .1ms NAND gates have a nice day. . . . > \/ The true theory of everything will run on a finite turing machine. . . . From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brad Huntting Date: Wed, 12 Jan 94 09:22:36 PST To: hkhenson@cup.portal.com Subject: Re: Bay area BBS bust--fyi In-Reply-To: <9401111046.2.17378@cup.portal.com> Message-ID: <199401121721.AA03919@misc.glarp.com> MIME-Version: 1.0 Content-Type: text/plain > For what it is worth, the postal people were using the San Jose cops > on the bust because they did not have the expertise themselves to move > the system and make copies. Regardless of their technical expertiece, federal law enforcment agents must always be accompanied by local police. Otherwise they are out of their juristiction. DC and other "teritories" are probably excempt from this. brad From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: paul@hawksbill.sprintmrn.com (Paul Ferguson) Date: Wed, 12 Jan 94 07:42:06 PST To: pmetzger@lehman.com Subject: Re: szabo@netcom.com is NOT a tentacle!!! In-Reply-To: <199401121519.KAA23805@snark> Message-ID: <9401121541.AA14080@hawksbill.sprintmrn.com> MIME-Version: 1.0 Content-Type: text Perry writes - > This feels like Detweiler spoofing again. Anyone else get that > feeling? Of course. - Paul From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: James Still Date: Wed, 12 Jan 94 14:32:13 PST To: Vladimir Kilin Subject: PGPShell Version 3.0 Message-ID: <2D34524E@kailua.colorado.edu> MIME-Version: 1.0 Content-Type: text/plain -------------------------------------------------------------------- FOR IMMEDIATE RELEASE -------------------------------------------------------------------- PGPSHELL VERSION 3.0 PROGRAM RELEASE PGPShell, a front-end DOS program for use with Philip Zimmermann's Pretty Good Privacy (PGP) public-key encryption software, has just been upgraded and released as version 3.0. PGPShell incorporates easy to use, mouse-driven menus and a unique Key Management Screen to easily display all public key ring information in a flash. PGP encryption will never be the same again! Breeze through PGP UserID's, KeyID's, Fingerprints, E-mail addresses, Signature's, Trust Parameter's, and PGP's Validity ratings all in one screen, at one place, and with a single mouse-click. PGPShell is archived as pgpshe30.zip at many Internet sites including garbo.uwasa.fi:/pc/crypt and oak.oakland.edu:/pub/msdos/security and has been posted to the FidoNet Software Distribution Network (SDN) and should be on all nodes carrying SDN in a week or so. To immediately acquire version 3.0 by modem you can call the Hieroglyphic Voodoo Machine BBS at +1 303 443 2457 or the GrapeVine BBS at +1 501 791 0124. Questions or comments? Ping me at --> still@kailua.colorado.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Wed, 12 Jan 94 09:25:25 PST To: cypherpunks@toad.com Subject: underground industry Message-ID: <199401121720.MAA23987@snark> MIME-Version: 1.0 Content-Type: text/plain Someone asked me the obvious question in private mail... > > Perhaps not. Its very common in many large business conducted here in > > New York in certain seemingly legitimate industries for much of the > > business to be conducted off the books -- people who will take cash > > for work are sought after. I will not name the industry in question, > > but it is one of the few major ones left in the city and it isn't > > finance. > > Politics? Politics also involves some of that, but it wasn't what I was refering to. The answer to the question is the garment industry. Huge underground factories and design shops operate on a completely cash basis. Millions of dollars of goods enter in to the system "mysteriously". There are "sweatshops" (read, free market factories) operating all over the city in concealed locations. They are almost always operated by the Chinese -- they have a code of silence about such things. Its one of the few things thats keeping the economy in NYC going. This operates on a HUGE scale. Its a counterexample to Hal's beliefs about industry and taxation. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: paul@hawksbill.sprintmrn.com (Paul Ferguson) Date: Wed, 12 Jan 94 10:02:08 PST To: futor@llnl.gov Subject: Re: szabo@netcom.com is NOT a tentacle!!! In-Reply-To: <9401121720.AA12127@ocfmail.ocf.llnl.gov> Message-ID: <9401121800.AA14358@hawksbill.sprintmrn.com> MIME-Version: 1.0 Content-Type: text futor writes - > > This feels like Detweiler spoofing again. > > Anyone else get that feeling? > > It's not. I recognize: > > >> ------ Legalize: >-- >> \ / :-)-~ o>--< | act I have programmed a computer. . . > >> \ / You are ~1,000,000,000,000,000 .1ms NAND gates have a nice day. . . . > >> \/ The true theory of everything will run on a finite turing machine. . . . Ah, but keep in mind that whoever is ranting in the newsgroups (an12070) has also used .signature blocks used by other _real_ people. This signifies nothing. - Paul From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Duncan Frissell Date: Wed, 12 Jan 94 10:12:09 PST To: CYPHERPUNKS@toad.com Subject: Public key encryption, in Message-ID: <199401121808.AA18598@panix.com> MIME-Version: 1.0 Content-Type: text/plain R >As I see it, cryptography may extend similar conditions to R >information workers - programmers, architects, authors. Naturally, R >since a disproportionate number of those on the net fall into these R >categories, this seems like a revolutionary development. But from the R >larger perspective, it is not a major change. R > R >The fact is, information purchases are a small part of most people's R >budgets. If you add up all of what the average person purchases that R >would fall into the general category of "information" - books, R >magazines, newspapers, music, video - you probably won't exceed a few R >percent of income. Information, despite the hype, is not a dominant R >part of our economy. You left out a few information purchases: education, much of medicine, all of financial services, design, marketing, supervision, and management. Note the current tendany to "unbundle" tasks and outsource them to other businesses will tend to encourage the development of "information only" companies. Once the interface is good enough, virtual offices with full workgroup interaction built of pure information will spring up and the "information" component of much of what we think of as physical work will become apparent. I expect information purchases (broadly defined) to reach 90% of our GDP in a few years. Agriculture once represented 90% of GWP (Gross World Product). It is now down to the 5% range in the OECD countries. Yet we eat better than our ancestors. Goods industries (and real estate sales) can show a similar relative decline. We will have more "stuff" than ever, it will just be a smaller part of the total economy. What will cause this growth? Humans are *thinking* machines. We exist inside our minds. We already exist as 100% information. What we are doing is to map the rest of the world to bring it into congruance with what we already are. We don't feel as many constraints in our mind as we do in our bodies. We are deploying our minds to reduce the physical restraints under which we've labored. (Just a guess...) In any case, since the restraints are fewer in the non-physical universe than in the physical universe, costs are lower and much of the growth of the economy will be in the non-physical realm. Certainly the non-physical parts of the economy have grown more than the physical ones in the OECD countries in recent years. If there is also a *regulatory* difference between the physical and the non-physical worlds, then this switch to the non-physical will be exaserbated. R >Particularly at the corporate level, the notion that cryptography R >will allow widespread tax cheating seems especially questionable. Did you see HP on 60 Minutes with Indian contract programmers hired cheaply in probable violatiion of US immigration law. Companies are already setting up programming shops in India. Once they are set up "in cyberspace" they will be harder to control. R >I don't fully understand Duncan's arguments for how taxes can be R >avoided through being a non-citizen. I gather, though, that this would R >require me to either move to another country, or to go to work for a R >company that is in another country. Neither seems likely in the next R >few years for the majority of citizens. 95% of the world's population are not US Citizens/Permanent Residents. You may not be willing to live in another country but they already are. Since other countries don't tax their expats (as the US does) it is easier for non-US expats to eliminate their tax liability. In the past you had to be in the US to work here but foreigners will soon be able to work for US-based companies as easily as anyone else. Because of tax savings, they will be able to underbid US workers. Also companies (or more likely contract services firms) will be able to themselves locate in friendlier jurisdictions and still supply workers (from anywhere on earth to anywhere on earth) to companies that may be in the US or somewhere else. Remember, under current law it is legal for a US company to hire workers overseas and US taxes are not owed. There are technical questions of withholding from payments to entities located in non-tax-treaty jurisdictions but these problems can be planned around. Offshore subsidiaries will also be very cheap to form. If you wander down the shopping street of a future MUD/MOO and you buy or sell things, what nation has jurisdiction for tax purposes. What if the MUD/MOO exists as a set of cooperative processes spread around the globe. There is commerce there but who rules. The proprietors not any government. Look at the situation in this country vis a vis state income and sales taxes. There is tremendous fiddling going on now in a country with the soverign jurisdiction of the federal government and concepts like "full faith and credit." Imagine how much fiddling there will be when disperate soverignties are involved with no overall international authority. Tax compliance is down anyway, it will further decline as more people are self-employed or "reside" in ambiguous jurisdictions. DCF --- WinQwk 2.0b#1165 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy <72114.1712@CompuServe.COM> Date: Wed, 12 Jan 94 10:42:10 PST To: Subject: CRYPTO & TAXES Message-ID: <940112181727_72114.1712_FHF43-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'Punks, Hal still has his doubts about crypto and taxes. He wrote: I can agree that cryptography will make some kinds of illegal private transactions easier. What I doubt is that this will happen at a large enough scale to seriously threaten the ability of governments to fund themselves by taxes. Government tax policies are extremely susceptible to the "tipping factor." Initially, non-compliance is addressed by simply hiking up collections across the boards. When non-compliance reaches some critical factor, however, such techniques become counter- productive. Previously compliant taxpayers begin to chaff at higher taxes and more aggressive collection. More and more become non-compliant as taxes go higher and higher. Eventually, the runaway chain reaction either causes the government to cut back or the system undergoes a core melt-down. Non-crypto versions of this scenario have occurred repeatedly in countries around the world. Hal also have several specific examples of transactions he felt demonstrated the difficulty of using crypto-anarchy techniques. Perry and others have address some of these, but one or two things should be added to round out the picture. Hal wrote: Most of our transactions are done with businesses, generally corporations. Imagine taking $15,000 in cash to buy a new car anonymously. I believe you will find that the car dealers will not cooperate, that government regulations (designed to crack down on drug dealers) will require them to get some ID from you. Digicash would presumably be under the same restrictions. Maybe, but the example begs the question. You don't need to *own* a car, to have the *use* of a car. Imagine leasing a car and using your cyberspace bank digital checks, digital money or credit card to pay the monthly rent. No audit trail, and no asset to be seized. Similar techniques can be used for virtually all of your assets. Don't like renting? Well there are other offshore techniques that can cure that problem as well. I don't fully understand Duncan's arguments for how taxes can be avoided through being a non-citizen. I gather, though, that this would require me to either move to another country, or to go to work for a company that is in another country. . . . I think Hal hasn't been reading Duncan or my posts very closely. Here's a hint: A Cayman Islands corporation is a non-US citizen even if it is owned by an American. You have questions? We have answers. S a n d y >>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBK1MJWE5ULTXct1IzAQG8cgQAtZ5xbIn6wO/GkjVd68hPe+37Sj4C3uD1 eI2YEUodHRzPC5on4hoHs+AeTtGR132Bcr76oj366cvJF42YqtaZt/4xWKaN+QKJ 5xMJS4qjQorGQw9fxAPjERJ9O+WCgFYn1vNDGnsn4+HGC4Ax/CevQdtBlt2sBlMc SUWGU1GdSkM= =Fyuc -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 12 Jan 94 11:12:10 PST To: pmetzger@lehman.com Subject: Re: underground industry Message-ID: <9401121908.AA22612@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain My three guesses about cash business in New York had been - retail pharmaceuticals :-) - politics - garment industry all of which have traditionally been off-the-books to large extent. A friend of mine in NJ had for quite a while been a bookkeeper at small companies that typically would only hire her under the condition that she was off-book, and therefore not getting Social Security, etc. For many companies, though, hiring people off-book is a problem, because their income is relatively traceable, and they get taxed on the difference between income and expenses, and payments to suppliers also tend to be traceable because otherwise the IRS won't allow them. If you can make your income look lower, by not reporting cash income, it's not a problem, but otherwise you want the expenses to look high, and non-reporting suppliers aren't as willing to deal with customers who have to report transactions. Another set of trqaditional off-books cash work is the manual labor market - house cleaners, yard work, odd jobs, evening carpentry; a number of politicians have been getting stung on these recently. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Stanton McCandlish Date: Wed, 12 Jan 94 11:12:36 PST To: tk0jut2@mvs.cso.niu.edu Subject: NOTICE: John Perry Barlow, MBONE, 9:00 AM - 10:30 AM PST, Jan 17, 1994 In-Reply-To: <199401120715.AA21102@piper.cs.colorado.edu> Message-ID: <199401121910.OAA06599@eff.org> MIME-Version: 1.0 Content-Type: text/plain John Perry Barlow will deliver the keynote address opening the winter USENIX conference at the San Francisco Hilton, Jan 17-21, 1994. The keynote will be broadcast (audio and video) on the Internet MBONE from a bit after 9:00 AM to 10:30 AM PST on Monday, January 17. Barlow will speak on recent developments in the national information infrastructure, telecommunications regulations, cryptography, globalization of the Net, intellectual property, and, generally, of the settlement of Cyberspace. In 1990, Mr. Barlow and Mitch Kapor co-founded the Electronic Frontier Foundation, and he currently serves as chair of its executive committee. -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mark Brand Date: Wed, 12 Jan 94 14:42:13 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <01H7LLI74EYA7DYD06@ACFcluster.NYU.EDU> MIME-Version: 1.0 Content-Type: text/plain subscribe brandm@acfcluster.nyu.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Stanton McCandlish Date: Wed, 12 Jan 94 12:22:12 PST To: mech@eff.org Subject: Brock Meeks summary of Gore speech Message-ID: <199401122017.PAA07629@eff.org> MIME-Version: 1.0 Content-Type: text/plain [This report from Brock Meeks first appeared on the WELL, and is redistributed with permission. Further redistribution/republication should be cleared with the author first, at brock@well.sf.ca.us.] __________ begin forward _____________ Jacking in from the Policy port: Vice President Gore today outlined the Administration's plan for revamping the regulatory regime that will guide the converging telecommunications industry into the next century. Gore said the Administration will propose lifting all restrictions on local telephone companies imposed during the breakup of AT&T, allowing them to enter the long distance and manufacturing markets. But buried deep in his speech, in a single ominous sentence, Gore made a pledge that is sure to a chill into privacy advocates everywhere: "We'll help law enforcement agencies thwart criminals and terrorists who might use advanced telecommunications to commit crimes." In laymen's terms: We're fucked. Gore didn't elaborate on his statement, but his comment hinted that the White House will throw its full behind two of the most controversial policies the Clinton Administration inherited from the Bush presidency: The FBI Digital Wiretap Proposal and the so-called "Clipper Chip," government mandated encryption program. Both policies have been publicly trashed by the computer and telecommunications industry as well as civil liberty groups. The White House is currently working to overhaul the entire U.S. security policy. Earlier this year, in a little noticed speech, FBI Dir. Freeh renewed his push for the ill-conceived Digital Wiretap proposal. It now appears that the White House will back that proposal when it issues new security guidelines due sometime in the Summer. Changing the Playing Field ========================== Gore also challenged the nation to bring every classroom and library online by the year 2000. He outlined 5 broad principles for restructuring the telecommunications industry, leading to a National Information Infrastructure: -- Encourage private investment -- Provide and protect competition -- Provide open access to the network -- Avoid creating information "haves" and "have nots" -- Encourage flexible and responsive government action Gore said the Administration's plan would "clear from the road the wreckage of outdated regulations and allow a free-flowing traffic of ideas and commerce." Administration plan would allow telephone companies to get into cable business and let cable companies into the telephone business, preempting state regulations that for the most part ban such businesses. Although the White House plan allows local telephone companies to provide video, they must also allow any programmer access to those video delivery systems on nondiscriminatory basis. The plan also seeks to stop telephone companies from buying cable systems in the areas where they offer telephone service. But the plan also gives the FCC the authority to revamp that rule within 5 years if "sufficient competition" has risen. The plan also would implement a new flexible regulatory regime called Title VII that encourages firms to provide broadband, switched digital transmission services. Like the Cable reregulation act, the FCC will have the ability to provide for rate regulation on these new companies until "competition is established." One of the trickiest issues facing the Administration was how to define and ensure the concept of Universal Service. The White House plan proposes to make that policy "an explicit objective the Communications Act" in order to make sure that advanced information services are available to rural and low-income urban areas. But the Administration bailed on how to insure the concept, opting to lay that burden at the feet of the FCC. Also, all telecommunications providers, not merely telephone companies as is the current policy, will have to start contributing to universal access subsidies. But the FCC will be responsible for determining a kind of "sliding scale" for how much each company will be required to pay. In fact, if smaller firms can't pony up the cash to help out with the universal service commitment, they can make "in-kind" contributions instead. This might be in the form of free service to school, hospitals, etc. Meeks out.... __________________ end forward ____________ -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Wed, 12 Jan 94 14:45:24 PST To: cypherpunks@toad.com Subject: Skepticism on the Detweiler Conspiracy Claims Message-ID: <9401122153.AA01310@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain Detweiler says we don't understand that `all that is required for the spread of evil is for good people to do nothing' Understand it? Yes. Believe it completely, or even believe that it applies here? No. May's beliefs that pseudo-spoofing can lead to monetary and governmental anarchy have little connection in reality, despite the writings of Bruce Sterling and Vernor Vinge. In that context, May's pseudo-spoofing is little more than childish play-acting. In any event, we need far more evidence to come to light before Occam's razor can even be applied. ``in other words, `entertain me some more, detweiler. I don't believe you yet, but maybe, just maybe, you will find something that convinces me. for now, I simply don't give a damn either way, and most of all I am not going to post, even though there are some things I would like to post on, because I am a sheep like the rest of humanity, and while these people could be dangerous lunatics out for revenge on anyone who posts, how could these highly respectable people be behind a conspiracy?'' Take out everything above before "I don't..." and after "...not going to post", and you're close. You're right, they could be dangerous lunatics out for revenge on anyone who posts. So could you. Are they respectable? Who knows? Who cares, given that their sphere of influence is so incredibly small? Convince me. I'm a fairly hard-core skeptic -- I don't believe *anything* until I can weigh the facts on both sides. You've told me that Geoff Dale sent you mail implying that Nick Szabo was *not* his roommate, but something tells me that you believed Szabo wasn't real long before that. Why? What led you to that conclusion. Posting the evidence would help convince other skeptics, especially if it's concrete enough. - - - - - - - - - - - - - - - - - - - - - - - - - - ``Death is the ultimate form of censorship.'' (author unknown) Jim Riverman Software Engineer jr@netcom.com (415) 941-4782 [work] ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy <72114.1712@CompuServe.COM> Date: Wed, 12 Jan 94 13:05:24 PST To: Subject: CRYPTO & TAXES Message-ID: <940112210033_72114.1712_FHF86-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'Punks, I was asked in private e-mail: So how does the average US citizen go about starting a Cayman Islands (or similar) corporation? . . . Look in the advertising sections of international publications such as THE ECONOMIST, THE EUROPEAN and THE INTERNATIONAL HERALD TRIBUNE. Every issue will contain several ads for incorporation services. These services exist everywhere, but for historical and legal reasons, many have offices in the UK or Isle of Man. Request information from every company with an ad. You can save big by doing a little comparison shopping. Follow the ads for several months, if possible, to see which companies stay around and which are fly-by-night operations. Even better, check back issues from previous years to see if the same folks are still in business. The following, is a fee schedule from just one such company: ____JURISDICTION_________ANNUAL_FEES_________FORMATION_FEE_______ United Kingdom B# 32 B# 150 Hong Kong HK$ 1200 HK$ 2500 Ireland IR# 10 IR# 195 Isle of Man B# 285 B# 250 Gibraltar B# 250 B# 250 Jersey/Guernsey B# 600 B# 500 Turks & Caicos US$ 300 US$ 500 Brit. Virgin Is. US$ 300 US$ 500 Bahamas US$ 100 US$ 500 Liberia US$ 100 US$ 750 Panama US$ 150 US$ 750 Of course, these companies offer lots of other interesting services, as well. Come the crypto-anarchy--or just a simple bank in cyberspace--and everything gets a lot easier, a lot cheaper. (If Detweiler thinks things are "bad" now . . . ) S a n d y >>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBK1MwR05ULTXct1IzAQGxngP/azAd7kcstUoiohyWqE1JEHASptoo/WY6 W+FfiHTguaiaWn0m7EtR0CGIgUVZFrEWASiOboEYlkS6xnhk7TEK+pkfHw1BXprA oMnObtqn4sxsvRc3bSkGFzLrHa00Kg3KeRT9VUcc76Ds3sSC04lleQFVv/1MFjM9 U0hpjQw+qAY= =viLe -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Wed, 12 Jan 94 16:07:39 PST To: cypherpunks@toad.com Subject: Crypto and Taxes Message-ID: <199401130007.QAA21562@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain I appreciate the thoughtful responses in this thread. Let me just make one point now, saving a more detailed response for this evening. Perry implied that I do not wish to see people avoid taxes, and that was why I was arguing that cryptography would not make this as easy as some had suggested. That is not a reasonable inference from my posts, and I am surprised Perry would suggest it given our two years of discussions on the extropians list. My primary motivation is of course simply to test what I see as a discrepency between the world I live and work in and that proposed in the crypto-anarchy model. I also want to question speculations that I see playing into the hands of law enforcement interests by making cryptography look more threatening than it is. Another reason is to discourage complacency that cryptography will solve our political problems by automatically ushering in a libertarian/anarchist utopia. This is a follow-on to the posts I made last week on this topic. Today, Sandy still says "We've won". From my perspective, this declaration of victory is highly premature! The postings about life in Italy did provide an interesting portrait of a society of tax evaders, but at the same time the government response was chilling. The U.S. is not Italy, and I suspect that neither the widespread tax avoidance nor the draconian government measures could happen here. But it should give pause to those who suggest that our political battles are won. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Wed, 12 Jan 94 16:37:14 PST To: cypherpunks@toad.com Subject: Apology to Perry Message-ID: <199401130037.QAA23051@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain > I think you are > wrong in thinking that tax evasion is as little practiced and as > little desired as you apparently do. > > Perry I realize upon re-reading this comment that Perry was not suggesting that I did not desire tax evasion, but rather that I did not think tax evasion was widely desired, which is entirely different. I apologize to Perry for accusing him of impugning my motives and I will try to read more carefully next time. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Ryan Snyder-Consultant Date: Wed, 12 Jan 94 15:42:13 PST To: cypherpunks@toad.com Subject: No Subject In-Reply-To: <9401122325.AA00453@wps.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain subscribe cypherpunks From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Ryan Snyder-Consultant Date: Wed, 12 Jan 94 15:52:38 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: MIME-Version: 1.0 Content-Type: text/plain subscribe cs000rrs@selway.umt.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Johan Helsingius Date: Wed, 12 Jan 94 07:57:08 PST To: remail@tamsun.tamu.edu Subject: Re: szabo@netcom.com is NOT a tentacle!!! (fwd) In-Reply-To: <9401121343.AA28368@tamsun.tamu.edu> Message-ID: <199401121554.AA13579@lassie.eunet.fi> MIME-Version: 1.0 Content-Type: text/plain > Sigh, more garbage from the cypherwonks list ownere posted to cypherpunks: Sigh. Why do you associate this garbage with the cypherwonks list owner? And who are you refering to by that? Unfortunately *I* am the physical list owner, as I offered to host the list on lists.eunet.fi to channel away the Detweiler discussion from cypherpunks. And I *know* I didn't send that stuff! Julf From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Hasan Bramwell" Date: Wed, 12 Jan 94 16:02:39 PST To: cypherpunks@toad.com Subject: Fascinated and wanting more... Message-ID: <68536.hasan%pi.pro.ec@uunet.uu.net> MIME-Version: 1.0 Content-Type: text/plain Uhhh? Hello in there...? Are you a person or some persons? :> I'm trying to get my hands on some encryption algorithms, and understand that this is the place to visit. Can you (or one of you) advise me? I would very much appreciate it. TIA Hasan ~~~~~~~ Hasan Bramwell Casilla 17-17-1004 Freehand Quito, Ecuador Internet: Ecuanet hasan@pi.pro.ec Compuserve: 70322,2617 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Wed, 12 Jan 94 18:37:14 PST To: Hal Subject: Re: Crypto and Taxes In-Reply-To: <199401130007.QAA21562@jobe.shell.portal.com> Message-ID: <199401130234.VAA24756@snark> MIME-Version: 1.0 Content-Type: text/plain Hal says: > I appreciate the thoughtful responses in this thread. Let me just > make one point now, saving a more detailed response for this > evening. Perry implied that I do not wish to see people avoid taxes, I did not wish to imply that -- I merely implied that your comments on large industries being unable to practice tax evasion were naive in the light of the fact that they often do so now. I make no public judgements on whether you do or don't think tax evasion is a good thing. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Wed, 12 Jan 94 21:52:15 PST To: cypherpunks@toad.com Subject: Crypto & Taxes Message-ID: <01H7M5G3SZHU99DOWQ@delphi.com> MIME-Version: 1.0 Content-Type: text/plain ssandfort@attmail.com wrote: >Government tax policies are extremely susceptible to the "tipping >factor." Initially, non-compliance is addressed by simply hiking >up collections across the boards. When non-compliance reaches >some critical factor, however, such techniques become counter- >productive. Previously compliant taxpayers begin to chaff at >higher taxes and more aggressive collection. More and more >become non-compliant as taxes go higher and higher. Eventually, >the runaway chain reaction either causes the government to cut >back or the system undergoes a core melt-down. Non-crypto >versions of this scenario have occurred repeatedly in countries >around the world. This is true of government in general. As it gets bigger, government becomes more oppressive and hostile to the people. It also becomes more hypocritical, ignoring its own laws and violating its own ideals. The people then become less obedient, as they realize that the government is taking advantage of them, and does not care about their interests. The government becomes more and more oppressive in an effort to force the people to obey. It soon turns into a police state, and if the people can become organized enough, they will all refuse to obey, and there will be a revolution. Communism is the best example. Most people in those countries did not pick up guns and fight. They just stopped obeying the government. Computers, networks, and encryption are powerful organizing tools. The Chinese have been known to put guards in front of fax machines in government offices, because dissidents outside the country fax in political information and news. --- Mike From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: davros@raf.com (Dave Ross) Date: Thu, 13 Jan 94 14:07:38 PST To: distribution.@uu1014.UUCP@uu9.psi.com; (see end of body) Subject: No Subject Message-ID: <9401132111.AA22040@ raf.com> MIME-Version: 1.0 Content-Type: text/plain teve_Schlosser_at_ERIM), sjdenni@afterlife.ncsc.mil(Steve_J._Dennis_at_DOD), skyhawk@bailey.cpac.washington.edu, slewis(Steve_Lewis), soreff@vnet.IBM.COM(Jeffrey_Soreff), srihari@cs.buffalo.edu(Sargur_Srihari_at_SUNY_Buffalo), stepahead@aol.com, szabo@techbook.com, tcmay@netcom.com(Tim_May), tecdrs1@sdc.boeing.com(Dick_Schmidt), toby@asi.com(Toby_Skinner_at_ASI), tomis@microsoft.com(Tom_Isenberg), tribble@netcom.com(Dean_Tribble), vikki@tfs.com(Victoria_Rehn), wilson@magi.ncsl.nist.gov(Charles_Wilson_at_NIST), workshop@dimund.umd.edu(Dimund_Workshop), wpoffice.holland1.fahy@jhl.red-cross.org(Greg_Fahy) Subject: Engineering Jobs Available at RAF My company is hiring for two positions, a Senior Software Engineer and a Software Technician. We want to hire these people as soon as we can, but are looking for first-quality personnel. I would appreciate your passing these on to people you believe are appropriate. Here are the net postings on the two positions. Thanks. -Dave Ross _______________________________________________________________________ _______________________________________________________________________ For Senior Software Engineer: RAF Technology inc. is a maker of pattern recognition solutions. RAF is a leader in Optical Character Recognition for forms. We have challenging problems and needs hard working creative people to solve them. We are constantly trying to find new algorithms that will recognize printed information faster and more accurately. We are looking for a full-time, senior engineer. This inventor will be a part of a small team. An excellent working relationship with the others is important. The candidate must be fun to work with, creative and enjoy meeting the commitments we make to our customers. RAF is located in Redmond Washington, which is a suburb of Bellevue and is about 20 miles from downtown Seattle. We are looking for someone with experience in the following: Algorithm development User interface design Unix, C, and C++. X-windows Experience with co-processor cards, and other hardware accelerators is a plus. Experience with SGML would be helpful. Please mail, or e-mail your resume to: Bill Greenhalgh RAF Technology Inc. 16650 NE 79th St Ste 200 Redmond WA 98052 job@raf.com Make it clear you are looking for the Senior Engineer position. _______________________________________________________________________ _______________________________________________________________________ For Software Technician: RAF Technology is looking for a software technician. We are a small company that makes pattern recognition software. The immediate responsibilities will be to collect large data sets that will be used for forms recognition training and performance evaluation. This person will also write test programs and test proceedures for RAF's software libraries and user interfaces. The ideal candidate will have a BS in engineering or sciences. This position potentially offers an opportunity to move into a salaried engineering position. The position is in Redmond, Washington. It is paid by the hour, and we offer flexible hours, but we need 40 hours a week. The candidate will have the following skills: C programming experience. Unix, X-Windows, and MS-DOS experience. Please fax, e-mail, or mail your resume to: John Taves RAF Technology Inc, 16650 NE 79th St Ste 200 Redmond WA 98052 Fx: 882-7370 job@raf.com Make it clear you are looking for the Software Technician position. _______________________________________________________________________ _______________________________________________________________________ %%% overflow headers %%% To: 71170.2635@compuserve.com(Jim_Fruchterman), 72537.2156@compuserve.com(CheckFree), agorics@netcom.com, ann@monster.apd.saic.com(Roger_Bradford_at_SAIC), ar@cfar.umd.edu(Azriel_Rosenfeld_at_UMD), baa9336@arpa.mil(TIPSTER), bennett@tmn.com(Jim_Bennett), benw@xis.xerox.com(Ben_Wittner_at_XIS), boba@asi.com(Bob_Anundson_at_ASI), bxr@miteksys.com(Bart_Rothwell_at_MITEK), carl@caere.com(Carl_Alsing_at_Caere), crystal@arpa.mil(Tom_H._Crystal_at_ARPA-SISTO), cypherpunks@toad.com, davisd@pierce.ee.washington.edu, davisd@pierce.ee.washington.edu(Dan_Davis), davros@raf.com, davros@raf.com(David_Ross_at_RAF), dkrieger@netcom.com(Dave_Krieger), document-request@dimund.umd.edu(Dimund_Comments), document-server@dimund.umd.edu(Dimund_Server_Requests), documents@dimund.umd.edu(Dimund_Submissions), doermann@cfar.umd.edu(Dave_Doermann), dst@cs.cmu.edu(Dave_Touretzky_at_CMU), erichill@netcom.com(Eric_Hill), esc@isl.stanford.edu, frisko@eskimo.com, frisko@eskimo.com(Seth_Ceteris), gayle@amix.com(Gayle_Pergamit_at_AMIX), geist@magi.ncsl.nist.gov(John_Geist), greg@asi.com(Greg_Holman_at_ASI), haralick@ee.washington.edu(Bob_Haralick), hsb@research.att.com(Henry_S._Baird_at_Bell_Labs), hughes@soda.berkeley.edu(Eric_Hughes), jackl@microsoft.com(Jack_Love), janzen@idacom.hp.com, janzen@idacom.hp.com(Martin_Janzen), jbrown@mcc.com(Joe_Brown_at_MCC), jeanbb@charm.isi.edu(Betty_Jean), joule@netcom.com(Joule_non-tech), jreed@jaguar.ess.harris.com(Jonathan_Reed_at_Harris), jtech@netcom.com(Joule_tech), kenc@gatekeeper.calera.com(Ken_Choy_at_Calera), kopec@parc.xerox.com, mark@vfl.paramax.com(Mark_Lipshutz_at_Paramax), maverick@raf.com(Tom_Fruchterman), mebuchm@afterlife.ncsc.mil(Mitch_Buchman_at_DOD), mindy@calera.com(Mindy_Bokser_at_Calera), miron@extropia.wimsey.com, mmiller@netcom.com(Mark_Miller), moana@applelink.apple.com(Charles_Vollum), more@usc.edu(Max_More), msmith@coyote.trw.com(MLissa_Smith_at_TRW), nagy@ecse.rpi.edu(George_Nagy_at_RPI), nash@visus.com(Rich_Nash_at_VISUS), niehaus@well.sf.ca.us(Ed_Niehaus), northrop@netcom.com, northrop@netcom.com(Scott_Northrop), peterson@netcom.com(Chris_Peterson), phantom@hardy.u.washington.edu, prasanna@erg.sri.com(Prasanna_G._Mulgaoukar_at_SRI), rama@cfar.umd.edu(Rama_Chellappa_at_UMD), rcrowley@zso.dec.com, rht@ri.cmu.edu(Robert_Thibadeau_at_CMU), rpandya@netcom.com, rpandya@netcom.com(Ravi_Pandya), schlosser@erim.org(S %%% end overflow headers %%% From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hugh@ecotone.toad.com (Hugh Daniel) Date: Thu, 13 Jan 94 13:45:34 PST To: cypherpunks@toad.com Subject: Digest of droped messages Message-ID: <9401132142.AA04999@ ecotone.toad.com> MIME-Version: 1.0 Content-Type: text/plain (The list was broken last night, here are the 6 postings that ended up on the floor before I fixed it. --||ugh Daniel) Date: Thu, 13 Jan 1994 00:45:04 -0400 (EDT) From: Mike Ingle Subject: Crypto & Taxes To: cypherpunks@toad.com Message-Id: <01H7M5G3SZHU99DOWQ@delphi.com> X-Vms-To: INTERNET"cypherpunks@toad.com" Mime-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-Transfer-Encoding: 7BIT ssandfort@attmail.com wrote: >Government tax policies are extremely susceptible to the "tipping >factor." Initially, non-compliance is addressed by simply hiking >up collections across the boards. When non-compliance reaches >some critical factor, however, such techniques become counter- >productive. Previously compliant taxpayers begin to chaff at >higher taxes and more aggressive collection. More and more >become non-compliant as taxes go higher and higher. Eventually, >the runaway chain reaction either causes the government to cut >back or the system undergoes a core melt-down. Non-crypto >versions of this scenario have occurred repeatedly in countries >around the world. This is true of government in general. As it gets bigger, government becomes more oppressive and hostile to the people. It also becomes more hypocritical, ignoring its own laws and violating its own ideals. The people then become less obedient, as they realize that the government is taking advantage of them, and does not care about their interests. The government becomes more and more oppressive in an effort to force the people to obey. It soon turns into a police state, and if the people can become organized enough, they will all refuse to obey, and there will be a revolution. Communism is the best example. Most people in those countries did not pick up guns and fight. They just stopped obeying the government. Computers, networks, and encryption are powerful organizing tools. The Chinese have been known to put guards in front of fax machines in government offices, because dissidents outside the country fax in political information and news. --- Mike From: frode@toaster.SFSU.EDU (Frode Odegard) Message-Id: <9401130805.AA21044@toaster.SFSU.EDU> To: cypherpunks@toad.com Subject: Re: Crypto & Taxes Mike Ingle writes about the government growing bigger and more oppressive. Has anyone given any thought to why this happens? Any ideas? Is it related to the ethics of the people in a country? And if yes, how? And where does ethics come from anyway? From: Hal Message-Id: <199401131717.JAA18739@jobe.shell.portal.com> To: cypherpunks@toad.com Subject: Court decision re 'willfulness' A few months ago I posted some information on the statutes criminalizing unauthorized export of cryptographic software. (As far as I know, an investigation into the export of PGP is still being carried on by a federal grand jury in northern California.) One of the key aspects of the law, IMO, is that it states that it is illegal to "willfully" violate the restrictions. Several courts have held that this word means that the government has to prove that the accused knew that his action was illegal. Contrary to the general rule, this would be a case where ignorance of the law actually is an excuse. Tuesday, the Supreme Court overturned a conviction based on the same principle: the use of the word "willfully" to mean that there had to be proven knowledge that the action was illegal. In this case, the accused had paid a debt using a series of just-under-$10,000 payments, each of which is small enough to avoid triggering reporting requirements. "Structuring" payments in this way to avoid reporting is illegal. In this case, there was no question that the accused was trying to violate the requirements, and he was convicted on that basis. But the Supreme Court overturned the conviction because the statute requires "willfully" violating the law, and in this case the government had not proven that the accused knew that his actions were illegal. This is promising with regard to any attempts to crack down on naive crypto users who, say, put PGP up on the local BBS or FTP site. As long as they don't know that what they are doing is illegal (assuming it is), they are not violating the law. Here is a summary of the Supreme Court decision from usenet: NOTE: Where it is feasible, a syllabus (headnote) will be released, as is being done in connection with this case, at the time the opinion is issued. The syllabus constitutes no part of the opinion of the Court but has been prepared by the Reporter of Decisions for the convenience of the reader. See United States v. Detroit Lumber Co., 200 U. S. 321, 337. SUPREME COURT OF THE UNITED STATES Syllabus RATZLAF v. UNITED STATES certiorari to the united states court of appeals for the ninth circuit No. 92-1196. Argued November 1, 1993-Decided January 11, 1994 As here relevant, federal law requires a domestic bank involved in a cash transaction exceeding $10,000 to file a report with the Secretary of the Treasury, 31 U. S. C. 5313(a), 31 CFR 103.22(a); makes it illegal to ``structure'' a transaction-i.e., to break up a single transaction above the reporting threshold into two or more separate transactions-``for the purpose of evading the reporting requiremen[t],'' 31 U. S. C. 5324(3); and sets out crimi- nal penalties for ``[a] person willfully violating'' the antistructuring provision, 5322(a). After the judge at petitioner Waldemar Ratzlaf's trial on charges of violating 5322(a) and 5324(3) in- structed the jury that the Government had to prove both that the defendant knew of the 5313(a) reporting obligation and that he attempted to evade that obligation, but did not have to prove that he knew the structuring in which he engaged was unlawful, Ratzlaf was convicted, fined, and sentenced to prison. In affirm- ing, the Court of Appeals upheld the trial court's construction of the legislation. Held: To give effect to 5322(a)'s ``willfulness'' requirement, the Government must prove that the defendant acted with knowledge that the structuring he or she undertook was unlawful, not simply that the defendant's purpose was to circumvent a bank's reporting obligation. Section 5324 itself forbids structuring with a ``purpose of evading the [5313(a)] reporting requirements,'' and the lower courts erred in treating the ``willfulness'' requirement essentially as words of no consequence. Viewing 5322(a) and 5324(3) in light of the complex of provisions in which they are embedded, it is significant that the omnibus ``willfulness'' requirement, when applied to other provisions in the same statutory subchapter, consistently has been read by the Courts of Appeals to require both knowledge of the reporting requirement and a specific intent to commit the crime or to disobey the law. The ``willfulness'' requirement must be construed the same way each time it is called into play. Because currency structuring is not inevitably nefari- ous, this Court is unpersuaded by the United States' argument that structuring is so obviously ``evil'' or inherently ``bad'' that the ``willfulness'' requirement is satisfied irrespective of the defendant's knowledge of the illegality of structuring. The interpretation adopted in this case does not dishonor the venerable principle that ignorance of the law generally is no defense to a criminal charge, for Congress may decree otherwise in particular contexts, and has done so in the present instance. Pp. 5-15. 976 F. 2d 1280, reversed and remanded. Ginsburg, J., delivered the opinion of the Court, in which Stevens, Scalia, Kennedy, and Souter, JJ., joined. Blackmun, J., filed a dissenting opinion, in which Rehnquist, C. J., and O'Connor and Thomas, JJ., joined. Date: Thu, 13 Jan 94 09:41:08 -0800 From: hughes@ah.com (Eric Hughes) Message-Id: <9401131741.AA20358@ah.com> To: cypherpunks@toad.com Subject: crypto point of sale Sandy hinted that I should explain my 'crypto point-of-sale' idea. So I will. The idea is a mostly a social structure, adjoining existing (or soon-to-be) pieces of technology and setting them in a particular environment. The technological pieces are 1. the Newton -- one for the buyer, one for the seller 2. one radio data link for the seller's machine, either a. a cell phone, cellular modem, and a corresponding host b. a cellular data service 3. the Internet 4. packet forwarding services 5. an online bank 6. public keys 7. authenticated Diffie-Hellman key exchange Or, to be short, "two Newtons, one radio". Preparations in the form of assertions about the time of transaction: 1. The seller has an account at the online bank. This entails that the bank and the customers have each other's public keys. 2. The buyer has an account at the online bank with funds sufficient for purchase. 3. The seller has an arrangement with a packet forwarding service. This may not need to be instantiated before transaction (i.e. software vending machine), although it will likely be cheaper to do so. 4. Software as described below is installed on all the machines mentioned. Steps in the transaction: 1. The Newton has an infrared interface with a range of about three feet. The buyer and the seller start an infrared connection between their two Newtons. A Diffie-Hellman key exchange protocol over that link is the first step in securing the link against eavesdropping. Regular D-H is good enough in this case because there is no way to put a machine in the middle of the infrared link. I suppose someone with a very powerful IR beacon could spoof one of the machines, but likely not both. Regular D-H also means that there is no need for the buyer and the seller to have each other's public keys at transaction time. 2. The seller establishes a data connection with his packet forwarder on the Internet. This allows the seller to (at minimum) instantiate multiple outgoing TCP connections from the forwarding machine. 3. If necessary, the seller allows the buyer to go online by allowing the seller's Newton to forward packets for the buyer's Newton. The buyer, if not in possession of enough digital notes, can go online with the bank and purchase notes now. The flow of data is buyer's Newton -> seller's Newton -> forwarding machine -> bank. The buyer goes online by instantiating outgoing TCP connections from the forwarding service hired by the seller. The buyer connects to the bank. This secure connection uses an authenticated D-H key exchange, which prevents the interposition attack. Public keys are necessary for this protocol, but the bank and its customers have already exchanged them. 4. The buyer, now with digital notes in hand, so to speak, offers them to the seller for payment. The seller, as part of this protocol, goes online with the bank to check the validity of the notes. The seller also uses the authenticated D-H key exchange. The bank OK's the notes (presumably) and credit is made to the seller's account. Advantages, or, why should I use this? 1. The radio means that business need not be conducted indoors, where the telephones are usually wired. Of course, if you have a wired telephone, you can also use the basic schema of the system, allowing the same software on the buyer's machine to be used for a wide variety of transactions. 2. Only one party to the transaction needs the relatively expensive radio link but that both parties, if necessary, can use it. Since the seller is in business, the cost of the radio link is just a cost of business. 3. The buyer, on the other hand, has not bought a single-purpose machine. Many existing projects have created single purpose computers which purpose is to do money transactions. A single purpose machine is too expensive to use for just transactions, especially when its so easy to use the manufacturing for general purposes. 4. In situations where paper cash in not convenient, this protocol allows for the instantaneity and anonymity of cash without its physicality. Signals cost a lot less to move than paper, in several different ways. Comments are welcome. Eric Date: Thu, 13 Jan 1994 12:48:38 -0600 Message-Id: <199401131848.MAA17541@chaos.bsu.edu> From: Anonymous To: cypherpunks@toad.com X-Remailed-By: Anonymous X-Ttl: 0 X-Notice: This message was forwarded by a software- automated anonymous remailing service. Everyone who is unaware of it should know that an12070@anon.penet.fi, regardless of what he set his "name" field to for the day, is "L.Detweiler", whos first name is apparently "Lance" or "Lawrence" depending on whom you ask. He's a psychotic or a good mimic of one -- I say that not to slander him but as a simple statement of fact. He's been filling every cryptography mailing list and newsgroup with rants, and I suppose he has now decided to disrupt this mailing list too. He has mailed death threats in anonymous mail. He forges mail, spreads rumors, rants, makes paranoid claims (i.e. he believes lots of people are the same person all trying to plot against him; he believes there is a nationwide conspiracy attempting to sully his name, etc.), posts dozens of messages at a time to lists in order to disrupt them, and overall behaves far worse than his alleged "CRYPTOANARCHIST CONSPIRACY" does. I would ask in the interest of sanity that people not reply to his messages. Obviously there is little that I can do beside request people's cooperation, but if we spend time discussing Mr. Detweiler, there will be no time to discuss internet mercantile protocols. -- Perry Metzger pmetzger@lehman.com -- "I can't go out and save every undercapitalized entrepreneur in America." -- Hillary Clinton, when asked about the impact of her health care "plan" on small business (Wall Street Journal, 9/24/93, pg A10, col. 3) Message-Id: <4hBNkKi00WAyMWWkdS@andrew.cmu.edu> Date: Thu, 13 Jan 1994 14:08:06 -0500 (EST) From: Matthew J Ghio To: cypherpunks@toad.com Subject: Re: Non-techie Crypto book? Awhile back I wrote a little FAQ for cypherpunks that I hadn't posted. After the current discussions, I figured some of you might be interested. It is designed to be a non-technical introduction to cryptography as well as a FAQ for cypherpunks. It's not really completely finished, so comments or suggestions in email are welcomed. ------------------------------ Who are the cypherpunks? As the name might imply, the cypherpunks are cyberpunks interested in ciphers, or encryption technology. Cypherpunks seek to develop new encryption techiques, and to find new methods of utilizing existing technology to ensure privacy and honesty in the computer age. Cypherpunks want to make cryptographic technology to be availiable to everyone. This is reflected in our motto: "Cypherpunks write code." Why encryption? In the past, encryption was only needed and used by very few people. People didn't have any need to be so secretive. If something was private, it was kept sealed or locked. It wasn't easy to steal information, because it could be kept physically secure. But the computer age has changed that. Now, information travels all over the world at the speed of light. No more is there localized physical security. A hacker could potentially invade a computer system halfway around the world and steal proprietary information. Volumes of private data can be copied in seconds. Worse, the victim might not even know that the data had been copied. No longer with physical security to protect privacy, we must use mathematical security: Cryptography. I don't have anything to hide, why should I use encryption? Something doesn't have to be a big secret for you to want to keep it private. You don't send all your mail on postcards. You certainly wouldn't want someone at the post office to be able to read your monthly financial statements. An envelope provides a barrier which allows you to maintain your privacy. If you put your postal mail in a paper envelope, why not put electronic mail in a cryptographic envelope? Many people fear cryptography because it conjures up images of espionage, secrecy, and the CIA and KGB. Cypherpunks want to encourage public awareness of cryptography and the benefits thereof. People need to realize that using encryption should be as commonplace and natural as putting a letter into an envelope before mailing it. It's not that everything has to be a secret, but that people are just more comfortable keeping certain things private. What are the basic types of ciphers? Traditional ciphers consisted of rearranging and substituting letters, words and numbers for other letters or symbols, so as to make the message unintelligible. A secret key was necessary to decode the message With the use of computers, this process is can be improved, allowing stronger ciphers, and new types of ciphers, such as public-key cryptography. What is a strong cipher? A good cipher should meet two main criteria. First, after the data is encrypted, it should not "leak" information which would give clues as to what the decrypted message was. For example, simply flipping bits (XOR) or replacing letters in an ascii text file is not a good cipher because, although the words are scrambled, the spacing and formatting information is still clearly visible, giving an attacker clues about what was encoded, which would enable them to break the cipher more easily. A good cipher should impart a randomness upon the data to defeat such cryptanalysis. Second, looking at an encrypted and decrypted version of the same data should not reveal what key or method was used to encrypt the data. That way, if the security of one peice of data is compromised, it can't be used to reveal the rest of the data. Cypherpunks want to make people aware that just because a program encrypts data, it isn't necessarily a good encryption program. Many programs which offer data encryption can actually be broken easily because they leave too many clues in the encrypted data. Know the source of your software, and know what kind of encryption it uses. Cypherpunks know that a good encryption algorithm can be described openly without compromising its security. If a software author claims they can't reveal their encryption method, it's probably because it's weak and they're afraid someone might break it, so look somewhere else. What is public-key cryptography? In a traditional cryptosystem, the people communicating must keep the key to the cipher secret. If someone gets the key, they can decode the message. Public key cryptography is a new method of cryptography which uses pairs of two keys, one for encryption, and one for decryption. To generate a keypair, someone picks a random number or numbers, and uses a mathematical formula to generate two numeric cryptographic keys from the random numbers. One of these keys is the used as the encryption key, and the other is the decryption key. After the keys have been created, the numbers used to create them can be discarded. The formula works one way only- one key can not be used to find the other. Therefore, someone can generate a pair of keys, and give someone (or everyone) the encryption key, while keeping the decryption key to himself. That way, anyone can send him an encrypted message, and only the holder of the private key can decode it. In this way, someone can communicate securely with someone they've never met to exchange keys with, and know that nobody else could be intercepting the message. What are other uses of cryptographic technologies? The mathematics of cryptography have many other uses besides secrecy and privacy. One development is the one-way hash or digest. In a one-way hash, a data file or message is scrambled and reduced to a small numeric identification string. Such hash functions are designed such that the output from the hash can not be used to reconstruct the original message, and it is virtually impossible to find another message which matches the same hash value. Therefore, data can be tagged with an identification string which is unique to that file. If the data file is altered, the hash will produce a different value. In this way, sensitive data can be protected from tampering, because any alterations to the file would affect the hash. (For technical description, see RFC1186.) Another possibility is to use public-key cryptography in reverse; that is, the decode key is made public and the encode key is kept private. (Each key in a P-K pair can be used for encryption or decryption, with the other key necessary for the reverse operation.) This doesn't hide anything, since anyone could decode the message; however, although anyone can read the message, only the holder of the secret key could create it. Therefore, anything encrypted in this manner is authenticated, since there is only one person, the holder of the secret key, who could have encrypted the message. By combining a message digest with public-key authentication, it is possible to create a unforgeable digital signature identifying the sender of the message. (PGP does this.) This makes it possible to combat electronic forgery and unauthorized access into remotely accessed databases. You can keep your secret key secure on your machine, but anyone in the world could verify that you have it, since only you, the holder of the secret key, could be signing or encrypting the messages the messages you send. What is the cypherpunks political agenda? Although cypherpunks is not really a political group, cryptography can be a hotly debated political issue. Frankly, cryptography scares governments. The thought that an international criminal orginazation could use advanced encryption to communicate secretly and securely, scares many people. As a result, many governments want to ban or restrict use of encryption. But, as the saying goes, when encryption is outlawed, only outlaws will have encryption. Banning encryption will not stop criminals from using it. Therefore, cypherpunks want to make encryption availiable to everyone, so that we can concentrate on the positive aspects of encryption, to promote privacy and to prevent crime. Cryptography can prevent much more crime than it can conceal. By using cryptography, we can create secure databases and prevent digital forgery and theft. What do people mean when they talk about "cryptoanarchy"? Cryptographers scare governments, so governments scare cryptographers. For this reason, many cypherpunks favor more libertarian governments. Cypherpunks would rather rely on cryptography for protection, instead of men with guns from some government agency. It's much better to deter or prevent a crime than to try to clean up after the fact. And, after all, people make mistakes and computers don't, and the police are people. Some believe that one day everyone will or will be able to handle all their business, finances, and communication needs online, and protect them with strong cryptography, virtually eliminating criminals and the need for police to chase them. The belief in this state of affairs is known as cryptoanarchy - the elimination of the need for cyberspacial government through cryptography. What are some of the other goals of the Cypherpunks? Cypherpunks would like to further their pursuit of privacy by setting up anonymous remailers (see listing by Karl Lui Barrus), by writing and distributing cryptographic software (such as PGP), by setting up secure, encrypted communications channels, and by working to create a secure digital cash system, based on cryptography, instead of current credit card systems which use insecure methods, and are easy to defraud. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hugh@ecotone.toad.com (Hugh Daniel) Date: Thu, 13 Jan 94 14:27:38 PST To: cypherpunks@toad.com Subject: Request for World Wide Crypto FTP/BBS Sites Message-ID: <9401132224.AA05060@ ecotone.toad.com> MIME-Version: 1.0 Content-Type: text/plain I have been contacted by a member of the (technical) press who would like to put together a list of publicly accessible FTP (or even BBS's) sites world wide where folks can get crypto information and crypto software. Since I know and trust this person, I have offered to post this notice and collect any posting of such sites (email me or post to cypherpunks) that anyone feel comfortable sending out. Please include a short description of the sorts of information/software on each site you post, though you don't have to list packages, just an idea of what's there. Note that while I think this could be a useful list to have, that once it is out (in paper and/or on the net) that anyone can read it (or even have added sites to it). Caveat Postor and then Caveat Emptor... ||ugh Daniel From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: davros@raf.com (Dave Ross) Date: Thu, 13 Jan 94 15:22:38 PST To: distribution.@uu1014.UUCP@uu9.psi.com; (see end of body) Subject: No Subject Message-ID: <9401132236.AA23669@ raf.com> MIME-Version: 1.0 Content-Type: text/plain i.com(Toby_Skinner_at_ASI), tomis@microsoft.com(Tom_Isenberg), tribble@netcom.com, vikki@tfs.com(Victoria_Rehn), wilson@magi.ncsl.nist.gov(Charles_Wilson_at_NIST), workshop@dimund.umd.edu(Dimund_Workshop), wpoffice.holland1.fahy@jhl.red-cross.org(Greg_Fahy) Subject: Openings at RAF I had posting problems on the first try at this. Please forgive the duplicate message if you got one. -dave My company, RAF Technology, is hiring for two software positions, a Senior Engineer and a Software technician. We want to hire right away, but as always want first-quality people. Please pass this on as you think appropriate. Here are the net postings for the two positions. Thanks! -Dave Ross ________________________________________________________________________ ________________________________________________________________________ For Senior Software Engineer: RAF Technology inc. is a maker of pattern recognition solutions. RAF is a leader in Optical Character Recognition for forms. We have challenging problems and needs hard working creative people to solve them. We are constantly trying to find new algorithms that will recognize printed information faster and more accurately. We are looking for a full-time, senior engineer. This inventor will be a part of a small team. An excellent working relationship with the others is important. The candidate must be fun to work with, creative and enjoy meeting the commitments we make to our customers. RAF is located in Redmond Washington, which is a suburb of Bellevue and is about 20 miles from downtown Seattle. We are looking for someone with experience in the following: Algorithm development User interface design Unix, C, and C++. X-windows Experience with co-processor cards, and other hardware accelerators is a plus. Experience with SGML would be helpful. Please mail, or e-mail your resume to: Bill Greenhalgh RAF Technology Inc. 16650 NE 79th St Ste 200 Redmond WA 98052 job@raf.com Make it clear you are looking for the Senior Engineer position. ________________________________________________________________________ ________________________________________________________________________ For Software Technician: RAF Technology is looking for a software technician. We are a small company that makes pattern recognition software. The immediate responsibilities will be to collect large data sets that will be used for forms recognition training and performance evaluation. This person will also write test programs and test proceedures for RAF's software libraries and user interfaces. The ideal candidate will have a BS in engineering or sciences. This position potentially offers an opportunity to move into a salaried engineering position. The position is in Redmond, Washington. It is paid by the hour, and we offer flexible hours, but we need 40 hours a week. The candidate will have the following skills: C programming experience. Unix, X-Windows, and MS-DOS experience.n Please fax, e-mail, or mail your resume to: John Taves RAF Technology Inc, 16650 NE 79th St Ste 200 Redmond WA 98052 Fx: 882-7370 job@raf.com Make it clear you are looking for the Software Technician position. ________________________________________________________________________ ________________________________________________________________________ %%% overflow headers %%% To: 71170.2635@compuserve.com, 72537.2156@compuserve.com(CheckFree), agorics@netcom.com, ann@monster.apd.saic.com(Roger_Bradford_at_SAIC), ar@cfar.umd.edu(Azriel_Rosenfeld_at_UMD), baa9336@arpa.mil(TIPSTER), bennett@tmn.com, benw@xis.xerox.com(Ben_Wittner_at_XIS), boba@asi.com(Bob_Anundson_at_ASI), bxr@miteksys.com(Bart_Rothwell_at_MITEK), carl@caere.com, crystal@arpa.mil, cypherpunks@toad.com, davisd@pierce.ee.washington.edu, davisd@pierce.ee.washington.edu(Dan_Davis), davros@raf.com, dkrieger@netcom.com, document-request@dimund.umd.edu(Dimund_Comments), document-server@dimund.umd.edu(Dimund_Server_Requests), documents@dimund.umd.edu(Dimund_Submissions), doermann@cfar.umd.edu, dst@cs.cmu.edu(Dave_Touretzky_at_CMU), erichill@netcom.com, esc@isl.stanford.edu, frisko@eskimo.com, frisko@eskimo.com(Seth_Ceteris), gayle@amix.com, geist@magi.ncsl.nist.gov(John_Geist), greg@asi.com(Greg_Holman_at_ASI), haralick@ee.washington.edu, hsb@research.att.com(Henry_S._Baird_at_Bell_Labs), hughes@soda.berkeley.edu(Eric_Hughes), jackl@microsoft.com, janzen@idacom.hp.com, janzen@idacom.hp.com(Martin_Janzen), jbrown@mcc.com(Joe_Brown_at_MCC), jeanbb@charm.isi.edu(Betty_Jean), joule@netcom.com(Joule_non-tech), jreed@jaguar.ess.harris.com(Jonathan_Reed_at_Harris), jt@raf.com, jtech@netcom.com(Joule_tech), kenc@gatekeeper.calera.com(Ken_Choy), kenc@gatekeeper.calera.com(Ken_Choy_at_Calera), kopec@parc.xerox.com, mark@vfl.paramax.com(Mark_Lipshutz_at_Paramax), maverick@raf.com, mebuchm@afterlife.ncsc.mil, mindy@calera.com, miron@extropia.wimsey.com, mmiller@netcom.com, moana@applelink.apple.com(Charles_Vollum), more@usc.edu, msmith@coyote.trw.com(MLissa_Smith_at_TRW), nagy@ecse.rpi.edu(George_Nagy_at_RPI), nash@visus.com(Rich_Nash_at_VISUS), niehaus@well.sf.ca.us(Ed_Niehaus), northrop@netcom.com, northrop@netcom.com(Scott_Northrop), peterson@netcom.com, phantom@hardy.u.washington.edu, prasanna@erg.sri.com, rama@cfar.umd.edu(Rama_Chellappa_at_UMD), rcrowley@zso.dec.com, rht@ri.cmu.edu(Bob_Thibadeau_at_CMU), rpandya@netcom.com, rpandya@netcom.com(Ravi_Pandya), schlosser@erim.org(Steve_Schlosser_at_ERIM), sjdenni@afterlife.ncsc.mil(Steve_J._Dennis_at_DOD), skyhawk@bailey.cpac.washington.edu, slewis@raf.com, soreff@vnet.IBM.COM, srihari@cs.buffalo.edu(Sargur_Srihari_at_SUNY_Buffalo), stepahead@aol.com, szabo@techbook.com, tcmay@netcom.com, tecdrs1@sdc.boeing.com(Dick_Schmidt), toby@as.raf.com %%% end overflow headers %%% From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Detweiler" Date: Thu, 13 Jan 94 14:23:13 PST To: cypherpunks@toad.com Subject: Who is T.C.May? Message-ID: <199401132222.PAA17483@longs.lance.colostate.edu> MIME-Version: 1.0 Content-Type: text/plain Hello, I recently saw Mr. May's delightful `Who is L.Detweiler' post. I am going to address this posting in utmost seriousness. It contains very many inaccuracies and distortions that I simply cannot let stand. Mr. May and all other cypherpunks have the most self-centered, egotistical view of the universe of anyone. Mr. May, his associates, and his sycophantic followers distort the truth so frequently that they eventually begin to believe their own lies. The pattern of taking credit for other's hard earned accomplishments, starting with Zimmermann's PGP and even in the case of my `insanity' (the Big Mac term for anything I write, no matter how lucid), persists forever. First, reports of my insanity are greatly exaggerated. They seemed to have originated with P.Metzger. At first I was just writing `rants' and these became labelled as `insane' as a simple progression in terms that paralleled the Cypherpunk desperation at my tenacity. Mr. May starts out with an amusing account of my tenure on the Cypherpunks list, apparently believing that was the beginning of my existence. For cypherpunks, who live in their complex inbred environment in cyberspace, it is. >He often got angry with >someone and slipped into insulting them as being duplicitous, >malicious, etc., instead of merely ascribing their different opinions >as being just that. I think it is clear to anyone who has posted on the list for some time that it is filled with two classes of people: the people who attend CA meetings and grovel at the feet of the High Leaders, Gilmore, Hughes, and May. And there are the independent thinkers who occasionally agree but also call the leaders Stupid when they post messages that imply stellar stupidity or hypocrisy (e.g., `Abandon PGP!' `Change the Cypherpunk Name to Something Less Subversive'!). And we have the Wannabes from around the world, people like D.Barnes (TX) and Nate Sammons (CO) who look up to their Gods in reverent awe and hope to be Big Macs themselves one day. In short, the list has been intensely political, laden and smacked with complex secret and hidden loyalties, from the beginning. Anyone who flames a leader for stupidity or hypocrisy, based on nothing other than their actual posts, is considered a `frustrated wannabe'. Everyone here fits into some particular caste. (The Cypherpunks do exist in a sort of mysterious balance with some outsiders, but usually there is only enmity in the case of irreverence on the outsider's part and approval if there is glorification and idolatry.) Mr. May makes long reference to my postings on the Cypherpunks list, characterizing them all as a sort of bag of ad hominem insults and rants. I stand by everything I have ever posted to the Cypherpunks list, contrary to T.C.May, who is deathly terrified that anyone outside his little inbred fiefdom should stumble on his rants about how all Law Enforcement and Governments are inherently Evil, how Pornography is Liberating, etc. These are just the rants that he says *publicly*. Behind the scenes all three leaders, Gilmore, May, and Hughes, promote much more subversive ideology and religion to their cult of fanatic followers. `Lies are Liberating' etc. The media has been infected with their distortions of their agenda of hiding criminal activities such as tax evasion, black marketeering, money laundering, and the overthrow of governments under the guise of `privacy for the masses' and `the cryptographic revolution'. I have forever attempted to start projects on the Cypherpunks list, but found lukewarm interest and searing enmity from the CA Clique. One project was the whistleblowing newsgroup, which was a success from the beginning. I wrote the FAQ for it and despite that its activity has declined, people still inquire about the FAQ. But the CA psychopunks were opposed to this project, because they were not controlling it. And they conspired in the most malicious ways to thwart its establishment. One of their favorite tactics is to say, `so and so is working on it. don't do anything.' If anyone else has gotten this line from any cypherpunk, I urge you to ignore it as a lie. >By last summer, Detweiler was handing out "Cypherpunks of the Week" >awards, was arguing for his own form of electronic democracy (one >person one vote, to be done on a daily basis on all sorts of >issues....needless to say, many of us disagreed with him), and was >generally ranting and raving. I think it is clear that Electronic Democracy and the cypherpunk vision of Cryptoanarchy are simply fundamentally incompatible. But it took a long time for me to realize that it wasn't that it wasn't a great idea, but that the CA psychopunks recognized their Antichrist when they heard the words `Electronic Democracy' and flamed it into oblivion with all their tentacles on the list. >He apparently decided that I, for example, was using a >variety of fake names, including Nick Szabo, Hal Finney, Geoff Dale >(yes, the very same folks you all know from _this_ List!), yes, cypherpunk readers, and from *where* else do you know them? G.Dale is real, but as for the others...? >Thus, if Nick Szabo argues >against electronic democracy AND has a Netcom account, as I do, then >it's obvious: szabo@netcom.com is obviously a "tentacle" of >tcmay@netcom.com! What could be more obvious? we know that szabo@netcom.com was one of your favorite sites to `pseudopool' from, or have many different cypherpunks post through from `behind the scenes'. T.C.May was one such cypherpunk. This question of who posts through the account is independent of who Szabo is as a human being. >This all increased, with Detweiler launching daily rants against me, >Eric Hughes, and others. He demanded apologies "or else." He demanded >statements from the "Cypherpunks High Command" that we no longer >"pseudospoof." He appealed to John Gilmore to "put a stop to this >pseudospoofing," but John was in Nepal on a trek and didn't respond. >When John eventually returned, he replied in a calm manner and >suggested that Detweiler was mistaken. True to form, Detweiler went >ballistic at this "betrayal" and declared Gilmore to be just another >"Big Mac." The escalation started, really, after I had been betrayed by real tentacles. Mr. May as usual is very careful to avoid any specific references to them. And our information that T.C.May, E.Hughes, and J.Gilmore are all involved in a pseudospoofing conspiracy comes from insiders, not from speculation. This is why they are deathly terrified of making any conclusive statements about their complicity. >(In DetSpeak, many new terms exist. I thank Mr. May for explaining the new terminology invented to adequately summarize the cypherpunk conspiracy. >He also drifts into Christian rants about Hell, Satan, God, and >Damnation. Keeping track of his shifting terminology is a chore.) I don't recall those. I'd be delighted if you post even one message of the thousands I have written and sent in email, instead of distorting the truth about their contents. >He asked to be removed from the Cypherunks list, and was, but >continued to post to it (blindly). I ask Mr. Hughes and Mr. May whether it is an invasion of privacy to tell the world whether someone is on their list or not. I also ask them why they seem to think that I am not receiving the cypherpunks list even as I post to it. >He created his own group, the >"Cypherwonks" list, with a fascist list of rules and regulations about >true identities, the evils of pseudospoofing, etc. I'm delighted at Mr. May's reference to the cypherwonk charter as `fascist'. Everyone is free to read it themself. send `info cypherwonks' in the message body to majordomo@lists.eunet.fi. I think you will find that the charter actually simply insists on a code of ethics and morality in cyberspace -- something cypherpunks and their leaders, not surprisingly because of their aversion to honesty, brand `fascist'. I would like to know why Mr. May continually insists, despite our damning evidence to the contrary (which unfortunately we are unable to present publicly at this time, to continue to delineate the extent of the conspiracy), that he has never used a `tentacle', and simultaneously claims that rules and regulations about true identities, against `the evils of pseudospoofing', are `fascist'. >Detweiler issued death threats, saying he would be visiting the Bay >Area to "kill the tentacles." I have never said any such thing. I have however posted some satirical messages about `death to tentacles' or `death to cyberanarchists' that could be misconstrued as real death threats by people with overactive imaginations spurred by their fevered consciences. Mr. May's barrage of references to events that have never happened and text that does not exist frustrates me in the extreme-- most frustrating is that the BrainDead, the Blind, and the Brainwashed do not challenge it. >He mostly did this under his an12070 >name, though he often confused the identities and made several telling >slips Mr. May, who says that he has no idea why anyone thinks he has pseudospoofed with tentacles, says that S.Boxx `slipped' when he `confused identities'. Why is this a `slip', Mr. May? What is your advice on how to avoid such a `slip'? >(Other evidence: same line lengths, same use of >TeX-style ``quotes'' in messages, same use of no spaces between >initials in names like "T.C.May," same florid languages, same emphasis >on same issues, and, most tellingly of all, several "goofs" in which >private messages to one or the other were quoted by the other, and >even goofs within messages that alluded to himself as "Lance" or >"Larry.") the same list of circumstantial evidence could be built to associate szabo@netcom.com with T.C.May. In fact, I challenge Mr. May to say the following: I have never posted a message under the szabo@netcom.com name. And if he succeeds in doing so, I ask why he has refused to claim this publicly for months, despite ample opportunity and the urging of many outsiders. >several "goofs" in which >private messages to one or the other were quoted by the other, and >even goofs within messages that alluded to himself as "Lance" or >"Larry.") again, a `goof'. But it seems that only someone that believed that keeping identities *separate*, and *deceiving* people of their independence and uniqueness, would consider the S.Boxx prose `slips' or `goofs'. >I expect one day to hear Detweiler has shot and killed himself, or has >shot and killed others, or is holding them hostage. I know the >Colorado Cypherpunks group--which expelled Detweiler from their >physical meetings and from their list--is fairly concerned about their >security, and the security of Phil Zimmermann, who lives in Colorado >and whom Detweiler alternately characterizes as "God" or as "Satan." The Colorado cypherpunks is not even a half dozen people, and when I was kicked off `we' (at that time, `we' anyway) had had one meeting at a coffee shop. It is nothing but Nate Sammons and a pathetically lame list, and it was refreshing to be thrown off it, because it helped me be free of these petty, egotistical people, CA wannabes, and discover new enemies. There was no `expulsion', it was nothing but an egotistical dictator, very much similar to E.Hughes, throwing me off the list unilaterally and without telling me, secretly conspiring with the rest to do so, and lying about the events that led to my `expulsion'. As for my relationship with PRZ, the CA cypherpunks have no clue. As for `shooting and killing', I have a few things to say. (1) People who know me know that I am the most nonviolent person in the world. My writing may be violent by my body is not. (2) I do not own a gun or any other deadly weapon, contrary to virtually all the cypherpunks. (3) Mr. May announced publicly in the newsgroups that `I have a Gun' and indicated he would use it if I ever visited the CA area. If there is any paranoia about `shooting and killing' it is entirely his. (4) All the cypherpunks are nothing but stellar hypocrites when they complain of `death threats' in writing. The believe that, apparently, all messages are meaningless unless I type them. When I talk about their conspiracy I am lying, but when I am ridiculing their fears, it is `violent death threats' to be taken with the utmost seriousness, unequivocal proof that soon I am going to go off the deep end and take hostages or kill someone. >After the latest rounds of forged messages, with my name attached and >with .sig block attached, Mr. May, when he sees editorial cartoons in the newspaper, probably likewise considers them `forgeries'. He is incapable of understanding the distinction of truth and satire, having, like the rest of the CA psychopunks, stoned himself for years on lies. What Mr. May calls `forgeries' are actually carefully crafted insults and satire directed at the people most responsible for the Cypherpunk conspiracy, and masterpieces of art, as the enormous exploding S.Boxx following attests. In giving no respect to the Cypherpunk identities by ridiculing and misrepresenting their signatures, a karmic balance is achieved with their own disrespect for the honesty of trust of others in their routine, continual, persistent, unabated violations and embezzlements accruing from their own poisonous pseudospoofing. If anyone doubts my claims anywhere in this letter, please read Risks 15.25,15.27, and 15.28x, or ask Mr. May to provide the nonexistent letters that he refers to. >No an12070 >messages have been seen by me for several days now, and Detweiler has >made comments about how S. Boxx "told him" that his account has been >stopped. Yeah, right. Actually, I heard that S.Boxx is being held hostage or has been assassinated by cypherpunks. Or it could be that he hasn't been censored at all, but that I claimed that to show that Cypherpunks, such as T.C.May (who has admitted to requesting S.Boxx be censored) were the hypocrites who asked that he be. So that's the saga of T.C.May and the cypherpunks, the biggest Net Perversion to be born in cyberspace. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, cheap assassination rates. Higher Power:2**859433 | Public Key: PGP and MailSafe available. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Hasan Bramwell" Date: Thu, 13 Jan 94 13:12:36 PST To: cypherpunks@toad.com Subject: Fascinated and deluged!!! Message-ID: <58200.hasan%pi.pro.ec@uunet.uu.net> MIME-Version: 1.0 Content-Type: text/plain Many thanks to, Nick Szabo, Bill Stewart, Eric Hughes, &, Matthew Ghio, for detailed assistance. This stuff has really captured my imagination. I'll do the right thing and evesdrop for a while, but you seem like mighty friendly folk and I look forward to a chat. Hasan ~~~~~~~ Hasan Bramwell Casilla 17-17-1004 Freehand Quito, Ecuador Internet: Ecuanet hasan@pi.pro.ec Compuserve: 70322,2617 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jkreznar@ininx.com (John E. Kreznar) Date: Thu, 13 Jan 94 17:58:03 PST To: cypherpunks@toad.com Subject: Re: Public key encryption, income tax and government In-Reply-To: <9401112112.AA16760@tamsun.tamu.edu> Message-ID: <9401140157.AA16947@ininx> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > The government has many ways of extracting tax in these cases, ranging > from periodic audits with heavy penalties (which keep people > honest)... > ... > Particularly at the corporate level, the notion that cryptography will > allow widespread tax cheating seems especially questionable. I don't want to leave unquestioned this implied linkage between honesty and paying taxes, between not paying taxes and ``cheating''. Sure, for some, like those Italians mentioned by Perry who willfully accept the benefits of taxation when they have reasonable alternatives, such a linkage would apply. The legitimate tax resister, however, is simply someone who declines the offer made to him: ``I don't want your steenking benefits, and I'm not liable for your steenking debts. I'm certainly not responsible for any _compelled_ benefits.'' I see nothing honest about willfully paying taxes to, or otherwise cooperating with, any institution which, by expropriating the fruits of the toil of unconsenting victims through taxation, has stolen more wealth than any other criminal organization ever seen on the face of the earth. John E. Kreznar | Relations among people to be by jkreznar@ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTX7VMDhz44ugybJAQH+UwQAgKGSVIvkj+OMxdxiTB2eCHutgc8Y4VX8 ldlhpjwP1wyW8IpqKe8Pd/Qim9FWFjKMQaKhpK7UOMTQQ17+hthW+xMHJJ60oEZA uZy2rCMQ8wnxb6x2YlCgu2RUXCaoYrIN2AnPslqUyfhXktdpr8AuJHh2+XuGAKyM rvP86VLgILg= =x0OB -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gregguy@aol.com Date: Thu, 13 Jan 94 16:42:39 PST To: cypherpunks@toad.com Subject: why govt's get bigger Message-ID: <9401131939.tn12178@aol.com> MIME-Version: 1.0 Content-Type: text/plain frode@toaster.SFSU.EDU (Frode Odegard) asked the rather sweeping question of why governments get bigger. Actually, this is one of the great (but often unsung) libertarian proofs. Governments act as any rational being acts -- in their own self interest. As the distillers of laws and collectors of taxes, however, they just have a better shot at self-interest nirvanna than the rest of us. //greg brooks (gregguy@aol.com PGP key available on keyservers) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frode@toaster.SFSU.EDU (Frode Odegard) Date: Thu, 13 Jan 94 20:42:42 PST To: cypherpunks@toad.com Subject: Re: why govt's get bigger Message-ID: <9401140439.AA25291@toaster.SFSU.EDU> MIME-Version: 1.0 Content-Type: text/plain Greg Brooks (gregguy@aol.com) writes: > Governments act as any rational being acts -- in their own self interest. As > the distillers of laws and collectors of taxes, however, they just have a > better shot at self-interest nirvanna than the rest of us. So you are saying that acting in one's own rational self-interest is compatible with acting upon somone else by force? Um, and how can you epistemologically justify looking upon the government as being a rational being, as having a consciousness? It consists of many separate individuals, does it not? Finally, isn't self-interest nirvanna a contradiction in terms? Nirvanna means merging with something greater, extinction of the self etc. But isn't the only rational standard of value, the ultimate self-interest, the preservation and flourishing of one's self, of one's life? I'm very curious about why people think governments are allowed to grow so oppressive - maybe this has something to do with whether people in a society think big government is good. It appears to me that most people these days are of the opinion that government should 'help people' instead of protect what our founding fathers saw as inalienable rights. It also seems to me like the whole concept of rights has been perverted, that political leaders now believe that _needs_ make rights, such as the "need" for health care or an information superhighway for all Americans. For those who've forgotten, this country was not founded as a democracy but as a republic. - Frode From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Karl Lui Barrus Date: Thu, 13 Jan 94 19:15:40 PST To: cypherpunks@toad.com Subject: TV: Nova & Crypto Message-ID: <9401140314.AA10265@flammulated.owlnet.rice.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Cypherpunks, On a different note, I see that the NOVA episode on Tuesday the 25th of January is supposed to cover cryptography. It looks like historical stuff (Zimmerman note, Enigma, Purple, William Friedman, etc.) and may not cover any "current" issues :-) But it should be interesting. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTYN1oOA7OpLWtYzAQGemwP/b+cxMmxlIZatbOC9/6l/sBWu+RhXz4Gf hTsoChT99JT70lAsORVMd95m75KTy4jtxQrr7YXGrGKmCsDq95UOkDg9jSDcawlv kl6Yai16Yc9ikE/YjnPZCxSu62OvPxYnpRfhUPGe9qxkFkex8TlZ7SE3UFcMr2WR s66A0C1/+Fo= =AKuN -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frode@toaster.SFSU.EDU (Frode Odegard) Date: Thu, 13 Jan 94 23:07:45 PST To: cypherpunks@toad.com Subject: re: why govts get bigger Message-ID: <9401140706.AA25805@toaster.SFSU.EDU> MIME-Version: 1.0 Content-Type: text/plain Greg Brooks (gregguy@aol.com) writes: > Frode Odegard (frode@toaster.sfsu.edu) writes: > >> So you are saying that acting in one's own rational self-interest is >> compatible with acting upon somone else by force? > (Yes, in case of protection of one's life or, in some cases, one's property. > I didn't say the government was acting rationally in everything (or indeed, > most things) they do; only that force is a natural response to being > threatened. That we perceive the government as the real threat has little > bearing on their actions, I suspect.) Um, I was referring to _initiation_ of force. When the government taxes you that is initiation of force. When you fire a gun at a robber (or an IRS agent attempting to steal your assets) that is self-defense. But what is the philosophical premise behind government as it now stands? I believe it is altruism - the ethics that tells man that action in his own rational self-interest is immoral ("selfish") and that only self- sacrifice, acting _against_ one's own interest for the benefit of the people, one's neighbors, the state, or some random homeless person, is morally good. The ethical bases of laissez-fare capitalism is rational egoism, not altruism. According to altruism, productivity for one's own benefit is a vice, suffering is a virtue. This is why the "free market" isn't free - it is ethically incompatible with the philosophical basis of our so-called leaders (and many, many citizens.) As long as we do not reject the moral code of altruism we will move steadily towards fascism - the parallels between the Weimar developments and those here in the United States are rather astonishing - I'll be happy to elaborate on them if there is interest. - Frode From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gregguy@aol.com Date: Thu, 13 Jan 94 21:07:43 PST To: cypherpunks@toad.com Subject: why govt's get bigger Message-ID: <9401140005.tn40585@aol.com> MIME-Version: 1.0 Content-Type: text/plain frode@toaster.SFSU.EDU (Frode Odegard) asked the rather sweeping question of why governments get bigger. Actually, this is one of the great (but often unsung) libertarian proofs. Governments act as any rational being acts -- in their own self interest. As the distillers of laws and collectors of taxes, however, they just have a better shot at self-interest nirvanna than the rest of us. //greg brooks (gregguy@aol.com PGP key available on keyservers) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gregguy@aol.com Date: Thu, 13 Jan 94 21:17:42 PST To: cypherpunks@toad.com Subject: re: why govts get bigger Message-ID: <9401140017.tn41783@aol.com> MIME-Version: 1.0 Content-Type: text/plain frode@toaster.SFSU.EDU (Frode Odegard) writes: So you are saying that acting in one's own rational self-interest is compatible with acting upon somone else by force? (Yes, in case of protection of one's life or, in some cases, one's property. I didn't say the government was acting rationally in everything (or indeed, most things) they do; only that force is a natural response to being threatened. That we perceive the government as the real threat has little bearing on their actions, I suspect.) Um, and how can you epistemologically justify looking upon the government as being a rational being, as having a consciousness? It consists of many separate individuals, does it not? (Indeed, but history is full of individuals banding together to act in their own self interest. I may not share the interests of the federal employee unions, the lifetime bureaucrats and career politicians, but I can certainly see what their motivation is for acting the way in which they do. Does government have consicousness? Certainly not. But does it, through its various entities and arms, exhibit the characteristics of both mob-rule mentality and a cornered animal? Yes, quite often it does.) Finally, isn't self-interest nirvanna a contradiction in terms? Nirvanna means merging with something greater, extinction of the self etc. But isn't the only rational standard of value, the ultimate self-interest, the preservation and flourishing of one's self, of one's life? (OK, you caught me in a writer's flourish here... Nirvanna was, categorically, not the correct word. As for the second part of your statement above, I agree -- but I also think there are millions of people in government who live and breathe a "box mentality" that convinces them very little of their self-interest is unlinked to the great monstrosity that is our government. They are perhaps the last true serfs in this country, mentally if not monetarily.) (I agree with your subsequent statements) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: karn@qualcomm.com (Phil Karn) Date: Fri, 14 Jan 94 01:05:46 PST To: frissell@panix.com Subject: Re: Public key encryption, in In-Reply-To: <199401121808.AA18598@panix.com> Message-ID: <199401140903.BAA01811@servo.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain >You left out a few information purchases: education, much of medicine, >all of financial services, design, marketing, supervision, and management. Indeed. Some years ago I ran into a guy at Newark Airport who was on his way to Barbados. We struck up a conversation, and it turned out that he ran a data entry business. He ships documents of various kinds to Barbados where workers convert them to machine-readable form and return the tapes. I asked why Barbados. The answer was very simple: it's about the only English-speaking third-world country in the western hemisphere with a decent literacy rate (99%, according to my National Geographic atlas). The economy was bad, and the people were happy to get the work. This got me thinking about the impossibility of regulating and taxing the international transmission of information. At the time I was thinking more in terms of the impossibility of enforcing US import duties; who's to say what a particular magtape is worth? If this guy is still in business I suspect he has long since replaced physical magtape shipments with electronic transfers, which bypasses Customs completely. I suspect there are many other similiar operations, and the trend is strongly positive. Phil From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "andrew m. boardman" Date: Fri, 14 Jan 94 02:37:47 PST To: cypherpunks@toad.com Subject: Re: Welcome to IIA (fwd) In-Reply-To: <199401111218.EAA10252@mail.netcom.com> Message-ID: <199401141037.FAA03832@shiva.cs.columbia.edu> MIME-Version: 1.0 Content-Type: text/plain I'm rather behind in my mail, but I see the IIA flamage in subject lines all the way up to the present, so here are a few random facts and observations... As far as the organization goes, their "research facility" is a residential (no reason not to be) location in NJ (I can see it from the window) which did indeed purchase and have installed an Alternet T1 a few weeks ago. Said company that "processed 15000 requests in the last several weeks" has four users online, one running X on the console. If, however, we really have gotten to the point where private organisations will fund free Internet access for the masses, the fun is only beginning... andrew From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gnu (John Gilmore) Date: Fri, 14 Jan 94 07:55:49 PST To: cypherpunks, gnu@toad.com Subject: Export request (CJR) filed for Kerberos Bones Message-ID: <9401141555.AA02227@toad.com> MIME-Version: 1.0 Content-Type: text/plain This is a Commodity Jurisdiction Request for the bones of the Kerberos distribution. This "Bones" distribution has the encryption stripped out to make it exportable (we hope). A CJR is a formal request to the State Department for them to determine what kind of export license is required for this item. This request has been asigned case # 012-94. The State Department has 15 working days to tell us whether the Bones are officially exportable or not, and under what rules. I'll post the results when they come in. One of the games that the State Dept. and NSA play is to not reveal exactly what is exportable, so that people will err on the side of safety (and export fewer things with crypto in them). By sharing information among ourselves, we can find out what the real rules are. This CJR was made using Lee Tien's CJR kit, available for FTP on cygnus.com:/pub/export.cjr.kit. John Gilmore Cygnus Support John Gilmore Generalist Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1418 +1 415 903 0122 fax ATTN: Maj Gary Oncale - 15 Day CJ Request U.S. Department of State Office of Defense Trade Controls PM/DTC SA-6 Room 200 1701 N. Fort Myer Drive Arlington, VA 22209-3113 Fax +1 703 875 5845 ATTN: 15 Day CJ Request Coordinator National Security Agency P.O. Box 246 Annapolis Junction, MD 20701 Subject: Mass Market Software with Encryption - 15 Day Expedited Review Requested Subject: Commodity Jurisdiction Request for "Kerberos 900104 bones.tar.Z patchlevel 6" INTRODUCTION This is a Commodity Jurisdiction Request for mass market software with encryption capabilities. The name of the software product is "Kerberos 900104 bones.tar.Z patchlevel 6". We have no DTC registration code. We have reviewed and determined that the software, which is the subject of the CJ request, meets paragraph 1 of the "Criteria for Determining the Eligibility of A Mass Market Software Product for Expedited Handling." A duplicate copy of this CJR has been sent to the 15 Day CJ Request Coordinator. DESCRIPTION The software is an authentication system for networked computers. It is a component of the MIT Athena project, which built various software for automating the administration and operation of large networks of computers. The Kerberos software is undoubtedly familiar to your agency. We believe that previous CJR's have been made on it, including at least one from Digital Equipment Corporation. The Kerberos system authenticates individual users in a network environment. It bases security on a `secret' which is shared between a central Kerberos server and the user. This secret is a cryptographic key based on the user's password, with which the user can prove who they are by being able to decrypt sealed messages from the server. After the user has authenticated herself to Kerberos, she can use familiar Berkeley Unix network utilities such as rlogin, rcp, and rsh, without having to present passwords to remote hosts and without having to rely on insecure ``.rhosts'' files. These utilities will work without passwords only if the remote machine supports the Kerberos protocols. If not, the normal facilities will be used. Kerberos provides the following benefits: * Security against outside attackers. * Security against inside attackers. * Convenience in a distributed workstation environment. * Augmentation of an existing security organization. * Standardized access control mechanisms. I have enclosed a technical paper, "Kerberos: An Authentication Service for Open Network Systems", from the 1988 Winter USENIX Conference Proceedings. This "Bones" version of the Kerberos software has been specially prepared for export by removing the encryption routines and the calls to the encryption routines. We are submitting this CJ to confirm the the official opinion of the Department of State on whether we require a State Department and/or Commerce Department license to export this software. ORIGIN OF COMMODITY The item was originally designed for its current use. It was created as part of MIT's Project Athena in the 1980's. It was designed for commercial use without concern for military use. An example of its commercial use is in authenticating students who work from various workstations on a campus, connected via local-area and wide-area networks. The item was developed with private funding. The item is currently publicly available on the Internet via FTP (file transfer protocol) from the machine athena-dist.mit.edu (18.71.0.38) in directory /pub/kerberos/dist/900104/bones.tar.Z. Its documentation is available as /pub/kerberos/dist/900104/doc.tar.Z.aa and doc.tar.Z.ab. We obtained the item and documentation from that location. CURRENT USE The current use of this item is to provide user authentication for computer users in a network. The software provides: * a server which runs on a physically secured computer and which stores the password of each user * library routines which establish communication between the server and other programs * utility programs for administering the authentication system klist, kinit, kdestroy, ksu, ksrvtgt, kadmin, kprop * modified versions of readily available networking programs, which use the library routines for authentication, including: tftp - trivial file transfer protocol sample - a sample application knetd - user authentication daemon rsh and rshd - remote shell rlogin and rlogind - remote login rcp - remote file copy The uses of the item have not changed significantly over time. Most of the product market is commercial. SPECIAL CHARACTERISTICS There are no military standards or specifications that the item is designed to meet. There are no special characteristics of the item, including no radiation-hardening, no ballistic protection, no hard points, no TEMPEST capability, no thermal and no infrared signature reduction capability, no surveillance, and no intelligence gathering capability. The item does not use image intensification tubes. The item originally used encryption algorithms for authentication, using the DES (Data Encryption Standard), however these algorithms and the calls to them have been removed to facilitate export approval. OTHER INFORMATION We recommend that this item and its technical documentation be determined to be in the jurisdiction of the Commerce Department. We believe that it qualifies for the general license GTDA for General Technical Data to All Destinations, because it qualifies as "publicly available" and contains no encryption routines or hooks for encryption. ATTACHMENTS I have enclosed a technical paper, "Kerberos: An Authentication Service for Open Network Systems", from the 1988 Winter USENIX Conference Proceedings. I have also enclosed the README file from the MIT directory where we obtained the software, which describes what was done to the software to make it more suitable for export. If there are any technical questions, NSA has direct access to the full source code and online documentation via the Internet. The item is currently publicly available on the Internet via FTP (file transfer protocol) from the machine athena-dist.mit.edu (18.71.0.38) in directory /pub/kerberos/dist/900104/bones.tar.Z. Its documentation is available as /pub/kerberos/dist/900104/doc.tar.Z.aa and doc.tar.Z.ab. We obtained the item and documentation from that location. Sincerely, John Gilmore Generalist Cygnus Support -- John Gilmore gnu@toad.com -- gnu@cygnus.com -- gnu@eff.org ``This committee has not tried to determine whether the National Security Agency tendency to advance exaggerated claims of authority ... stems from conscious policy or the actions of individual NSA employees.'' The Government's Classification of Private Ideas, House Report 96-1540, p. 67 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: thx1139@knuth.cba.csuohio.edu (tim werner) Date: Fri, 14 Jan 94 05:42:48 PST To: cypherpunks@toad.com Subject: please cancel Message-ID: <9401141342.AA00190@knuth.cba.csuohio.edu> MIME-Version: 1.0 Content-Type: text/plain Please cancel thx1139 subscription. I am on the list from two accounts now. thanks, tim werner From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Fri, 14 Jan 94 07:23:27 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <9401141524.AA09674@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain Mr. Detweiler, I would claim that you have the brain of a cabbage, but obviously you've expended a fair quntity of intellect figuring out this tremendous conspiracy of cryptoanarchists and their devious leaders attempting to sink you (if they're anarchists, how can they have leaders anyhow?) Dozens of people have stated that they have met all the people you think are the same. You are living in a self-consistant delusion -- there is no way to demonstrate to your satisfaction that your claims are false, because you won't accept testimonial evidence and you wont go through any effort to check out the evidence you have been given that you can check out yourself. There is no amount of effort that will convince you of the truth. Meanwhile, you continue to post huge disruptive messages about topics 99% of the net doesn't care about both under your name and under "an12070@anon.penet.fi" to dozens of newsgroups. I'd say if anyone around here is a problem its YOU. Nick Szabo is a real human being, last I checked. He was a computer science major at U.W. and later worked at JPL in Pasadena. He shared a basement apartment with a Tibetan holy man. While he was about as odd as any other hardcore C-Sci guy I know of, he's a lousy candidate to be a leader, a tentacle, or any other part of a massive cryptoanarchist conspiracy. This won't dissuade you (obviously, I'm just another member of the conspiracy. My tenous link with Nick proves it for a fact. In fact, Jeremy Anderson is just an alias! I picked up the driver's license, credit cards, passport, and personality dossier 8 years ago in Tiajuana from a shadowy man known only as "rodriguez, with two lower case r's".) Let's try a different tact. Yes Detweiler. You have sucessfully exposed the international cryptoanarchist conspiracy. Unfortunately, our vast experience with media manipulation and our connections with the highest levels of government will hamper your ability to make further progress. We are proud to count as members of our conspiracy such luminaries as Socks Clinton, Bobby Inman, Connie Chung Yu-Hwa (who while mascarading as a mild-mannered TV anchor is our connection with the Chinese Kuomintang's massive intelligence apparatus), and the 23 secret leaders of the Masons. We've been monitoring your actions for years with bugs, wiretaps, and secret agents. One night, while you slept, a crack surgical terrorist team entered your domicile, sedated you heavily, and planted radio-controlled electrodes in your head. Should you ever get a positive identification on any of the leaders of our cabal, a radio signal will be sent causing you to go into a massive seizure, whereupon the elctrodes will disintegrate, leaving no trace of our work for the forensics experts to sift through. The situation really is hopless Detweiler. We can wipe your existence off the face of the planet any time. While we figure you're too driven and fanatical to co-opt, we're happy to fight to a draw. Congratulate yourself. Your superior intellect has exposed more about the inner workings of our organization (and I use the term loosely) than we expected any mere mortal to be able to manage. We consider our protection mechanisms to be strong enough that you won't be able to cause much damage to our command and control structure. Relax, take the day to go hiking in the mountains, enjoy life, and know that your personal desires and plans are safe from interference for now. Regards, Jeremy Anderson Assistant Secretary of Propaganda United Thought Patrol P.S. Don't try to archive this message, it's wired with virtual explosives. -- Jeremy Anderson Freelance programmer and Chinese translator jeremy@cyberspace.com PGP public key available on request Good cheer and smiles dispensed freely From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Fri, 14 Jan 94 07:52:51 PST To: cypherpunks@toad.com Subject: No Subject In-Reply-To: <9401141524.AA09674@bsu-cs.bsu.edu> Message-ID: <199401141548.KAA09114@snark> MIME-Version: 1.0 Content-Type: text/plain God, he's a loonie. This is half composed of a message I posted, partially other messages, and partially his own. I have no idea if "Jeremy Anderson" is a stolen identity. However, its very doubtful that he's going to be a problem in my life for long -- I'm going to finish up setting up my long promised moderated cryptography mailing list tonight or tommorrow and will be announcing it at Usenix. (Please don't send me mail asking me about it -- there will be a formal announcement.) Perry Anonymous says: > Mr. Detweiler, I would claim that you have the brain of a cabbage, but > obviously you've expended a fair quntity of intellect figuring out this > tremendous conspiracy of cryptoanarchists and their devious leaders > attempting to sink you (if they're anarchists, how can they have leaders > anyhow?) > > Dozens of people have stated that they have met all the people you > think are the same. You are living in a self-consistant delusion -- > there is no way to demonstrate to your satisfaction that your claims > are false, because you won't accept testimonial evidence and you wont > go through any effort to check out the evidence you have been given > that you can check out yourself. There is no amount of effort that > will convince you of the truth. Meanwhile, you continue to post huge > disruptive messages about topics 99% of the net doesn't care about > both under your name and under "an12070@anon.penet.fi" to dozens of > newsgroups. I'd say if anyone around here is a problem its YOU. > > Nick Szabo is a real human being, last I checked. He was a computer > science major at U.W. and later worked at JPL in Pasadena. He shared a > basement apartment with a Tibetan holy man. While he was about as odd > as any other hardcore C-Sci guy I know of, he's a lousy candidate to be > a leader, a tentacle, or any other part of a massive cryptoanarchist > conspiracy. > > This won't dissuade you (obviously, I'm just another member of the > conspiracy. My tenous link with Nick proves it for a fact. In fact, > Jeremy Anderson is just an alias! I picked up the driver's license, > credit cards, passport, and personality dossier 8 years ago in Tiajuana > from a shadowy man known only as "rodriguez, with two lower case r's".) > Let's try a different tact. > > Yes Detweiler. You have sucessfully exposed the international > cryptoanarchist conspiracy. Unfortunately, our vast experience with > media manipulation and our connections with the highest levels of > government will hamper your ability to make further progress. We are > proud to count as members of our conspiracy such luminaries as Socks > Clinton, Bobby Inman, Connie Chung Yu-Hwa (who while mascarading as a > mild-mannered TV anchor is our connection with the Chinese Kuomintang's > massive intelligence apparatus), and the 23 secret leaders of the > Masons. We've been monitoring your actions for years with bugs, > wiretaps, and secret agents. One night, while you slept, a crack > surgical terrorist team entered your domicile, sedated you heavily, and > planted radio-controlled electrodes in your head. Should you ever get a > positive identification on any of the leaders of our cabal, a radio > signal will be sent causing you to go into a massive seizure, whereupon > the elctrodes will disintegrate, leaving no trace of our work for the > forensics experts to sift through. > > The situation really is hopless Detweiler. We can wipe your existence > off the face of the planet any time. While we figure you're too driven > and fanatical to co-opt, we're happy to fight to a draw. > > Congratulate yourself. Your superior intellect has exposed more about > the inner workings of our organization (and I use the term loosely) than > we expected any mere mortal to be able to manage. We consider our > protection mechanisms to be strong enough that you won't be able to > cause much damage to our command and control structure. Relax, take the > day to go hiking in the mountains, enjoy life, and know that your > personal desires and plans are safe from interference for now. > > Regards, > > Jeremy Anderson > > Assistant Secretary of Propaganda > United Thought Patrol > > P.S. Don't try to archive this message, it's wired with virtual explosives. > -- > Jeremy Anderson Freelance programmer and Chinese translator > jeremy@cyberspace.com PGP public key available on request > Good cheer and smiles dispensed freely > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gtoal@an-teallach.com (Graham Toal) Date: Fri, 14 Jan 94 04:22:49 PST To: cypherpunks@toad.com Subject: Remote Job Entry validated by pgp (hack script) Message-ID: <199401141202.MAA21915@an-teallach.com> MIME-Version: 1.0 Content-Type: text/plain #!/bin/sh # This is a little hack to let me send myself signed pgp mail containing # a batch script and have it execute as me. I knocked this up in a hurry # this evening when I needed to remote control a machine I couldn't easily # telnet to. It's not especially elegant but then it's not especially # big, so if you don't like it, write your own the way you prefer. # Because this runs as a batch job, PGPPATH and PGPPASS must be # set in the environment. If invoked from procmail, they have to # be defined in .procmailrc Clearly you should use a different # private key to your personal one for mail. Given that this is # only to stop outsiders accessing your account, it doesn't matter # that the exec-key is held online or in the environment - if someone # could hack your account to get the key they've already done enough # to hack your account anyway and having access to this exec-server # would give them no extra advantage... # I use procmail runes like this to execute this script: # :2 # ^From.*gtoal # Subject: batch job # The From line is redundant, but I just put it in so I could easily # bounce requests from most unauthorised senders in a later procmail # rule. Unauthorised senders posting as me are silently dropped # on the floor... (assuming the pgp signature check fails that is!) cat > $PGPPATH/job.$$ # This just extracts the first pgp message to a file to avoid possible # problems with spoofing... - it leaves the file empty if no pgp message # was found. I use my own editor 'ecce' to do this - you might use # sed or perl or whatever... if [ -f /usr/local/lib/ecce ]; then # Skipping this stage probably doesn't hurt... /usr/local/lib/ecce $PGPPATH/job.$$ << EOD f/-----BEGIN PGP MESSAGE-----/l0k-0f/-----END PGP MESSAGE-----/mk0,m-0k0;%c EOD fi # can't use -f filter mode because it's impossible to specify # the pubring to use if you do. # +batchmode is essential - it forces a return code of 0 if and # only if the pgp message was signed and the signator is explicitly # listed in 'execring.pgp'. pgp +batchmode $PGPPATH/job.$$ \ $PGPPATH/exec.$$ \ $PGPPATH/execring.pgp if [ $? -ne 0 ]; then # This goes into the procmail log echo ILLEGAL REMOTE JOB - USER NOT IN EXECRING.PGP # tidy up rm -f $PGPPATH/job.$$ rm -f $PGPPATH/exec.$$ exit 1 fi # execute the command - probably a script but could as easily be a # binary executable if properly compiled for the target host. chmod +x $PGPPATH/exec.$$ $PGPPATH/exec.$$ # tidy up rm -f $PGPPATH/job.$$ rm -f $PGPPATH/exec.$$ exit 0 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: greg@ideath.goldenbear.com (Greg Broiles) Date: Fri, 14 Jan 94 15:55:46 PST To: cypherpunks@toad.com Subject: Re: Public key encryption, in Message-ID: <4eu6Fc2w165w@ideath.goldenbear.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- uunet!qualcomm.com!karn (Phil Karn) writes: > This got me thinking about the impossibility of regulating and taxing > the international transmission of information. At the time I was > thinking more in terms of the impossibility of enforcing US import > duties; who's to say what a particular magtape is worth? If this guy > is still in business I suspect he has long since replaced physical > magtape shipments with electronic transfers, which bypasses Customs > completely. Last summer I needed to send a magtape with custom-written software to Oman, and needed to declare a value for customs; neither the State Department nor Customs nor Federal Express nor DHL had any idea whether I was supposed to declare the value of the software or the value of the tape carrying the software. I settled on the value of the tape if it was blank, based on the notion that a copy of the software wasn't worth much; it was the legal right to use the software which was valuable, and that wasn't being shipped. (Electronic transfer wasn't possible as the Omanis were very particular about which modems could be used with their telephone system, and it took longer to find an approved modem than it did to ship the magtape.) As far as I could tell, the thing the Omanis were most concerned with was preventing the import of pornography or other forbidden data; I don't think many of the people involved in processing the shipment understood that the tape could easily have contained those forbidden images. - -- Greg Broiles "Sometimes you're the windshield, greg@goldenbear.com sometimes you're the bug." -- Mark Knopfler -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLTcLZH3YhjZY3fMNAQHOfAP+I9+gSLfv8gSyMgZhwg7bJga/mA8MVFX1 GsUR+y4av3QLgz+gbWSnbymo77tvpcTjzmGn6gZemlaifgEQMFFByMdooK9wSMgX 72lFSGnko12lX44StWI6VCIbg3uQvCpE05cK9Cs0b2aJ/bnmoaghUIClKf/YovZy c/mKDHNu/HY= =BGBS -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: edgar@spectrx.saigon.com (Edgar W. Swank) Date: Fri, 14 Jan 94 13:23:34 PST To: Cypherpunks Subject: Announcing SecureDrive Version 1.2 Message-ID: <9JV6Fc6w165w@spectrx.saigon.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- This is to announce the availability of Version 1.2 of SecureDrive. This release of Secure Drive is based on release 1.0, mostly written by Mike Ingle The code which we wrote is not copyrighted, but the program contains GNU Copylefted code, and therefore may be freely distributed under the terms of the GNU General Public Licence. Version 1.2 adds significant new function. As of Version 1.2, you may use an operand /PGP with LOGIN, either by itself, or with other operands. By itself, LOGIN /PGP will prompt for a passphrase and set the PGPPASS environment variable with whatever is entered. If PGPPASS is already set then LOGIN D: /PGP or LOGIN /F /PGP will use whatever PGPPASS is set to as the passphrase. For the hard disk partition, LOGIN will test the PGPPASS passphrase. If it is incorrect, then it will prompt you for another passphrase. If PGPPASS is NOT set when these forms of LOGIN are used, than a passphrase is prompted for AND PGPPASS is set to this passphrase. This is more secure than using the SET command since LOGIN only echoes "*"'s when entering the passphrase. As of Version 1.2, typing LOGIN /C /PGP will clear the SecureDrive crypto keys from memory AND clear the PGPPASS environment variable. This is done in a manner less likely to leave your passphrase in memory than just using the DOS SET command. In addition, Version 1.2 clears all the free memory it can find, which is likely to include some plaintext. However, if you want to be absolutely sure all traces of sensitive data are erased from memory then turning off the computer is still recommended. As of version 1.2, if PGPPASS is set before you run CRYPTDSK, CRYPTDSK will ask to use the value of PGPPASS for the passphrase before prompting you (for encryption), or try PGPPASS (for decryption). Obviously, if you encrypt or decrypt a lot of diskettes at once, this feature can save you a lot of typing. The purpose of these changes is to allow you to enter a single passphrase only once per boot IF you choose to use the same passphrase for your PGP secret key, your SecureDrive encrypted hard disk partition, and SecureDrive encrypted floppies. Mike Ingle and I have different opinions on the distribution of SecureDrive. Under the GNU General License (copyleft) I do not need Mike's permission to distribute version 1.2 and I have not asked for same. My policy on distribution is in the version 1.2 doc: Exporting this program. Cryptography is export controlled, and sending this program outside the country may be illegal. Don't do it. The "author" of version 1.2, Edgar Swank, says that the export ban should not prevent you from placing this program on public BBS's and anonymous FTP sites in the US and Canada. If individuals outside the US/Canada use the internet or international long distance to obtain copies of the program, THEY may be breaking US law. Any such foreign individuals should be aware that US law enforcement may legally (under US law) apprehend individuals who break US laws even if such individuals are not on or even have never been on US soil. Such apprehension may remove such individuals directly to US jurisdiction without benefit of extradition proceedings in such individuals' home country(ies). This has actually happened in at least two cases, Mexico -- suspect in murder of US drug agent, Panama -- Noriega -- indicted in absencia for drug smuggling. As is well known, after a small war with Panama, Noriega was brought to the USA, tried and convicted. He is now a guest of the US Government in a Florida prison. SecureDrive Version 1.2 is already available for download on the following public BBS's as SECDRV12.ZIP: Eagle's Nest (408)223-9821 Flying Dutchman (408)294-3065 I will send a copy via E-mail to any person with a US/Canada net address who requests a copy and will upload it to a public BBS or anonymous FTP site. (I don't have access to FTP from my account here). Here is the contents of SECDRV12.ZIP: Searching ZIP: E:/TLXD/ZIP/SECDRV12.ZIP Length Method Size Ratio Date Time CRC-32 Attr Name ------ ------ ----- ----- ---- ---- -------- ---- ---- 1632 DeflatX 1260 23% 12-04-93 00:43 980125ec --w- KEY.ASC 19664 DeflatX 4183 79% 11-19-93 21:42 22c2502c --w- CRYPT2.ASM 8027 DeflatX 2244 73% 01-06-94 21:42 801b1439 --w- CRYPTDSK.C 152 Stored 152 0% 01-09-94 00:38 96da6ef2 --w- SECTSR.SIG 152 Stored 152 0% 01-09-94 00:39 61d155dc --w- LOGIN.SIG 1632 DeflatX 1082 34% 01-09-94 00:15 90d6bca6 --w- SECTSR.COM 152 Stored 152 0% 01-09-94 00:39 8e8cc6c4 --w- CRYPTDSK.SIG 6320 DeflatX 1990 69% 01-07-94 11:44 a7faa9a8 --w- LOGIN.C 29800 DeflatX 14644 51% 01-09-94 00:14 e4b79fe7 --w- CRYPTDSK.EXE 33 Stored 33 0% 07-16-93 06:09 aa6151a5 --w- M.BAT 1252 DeflatX 502 60% 01-09-94 00:07 24a04819 --w- MAKEFILE 11557 DeflatX 3277 72% 05-09-93 19:38 e71f3eea --w- MD5.C 3407 DeflatX 1097 68% 05-11-93 12:49 f1f58517 --w- MD5.H 6190 DeflatX 2081 67% 01-04-94 16:21 38e843f7 --w- SDCOMMON.C 18346 DeflatN 6680 64% 01-13-94 15:17 94491e3e --w- SECDRV.DOC 2019 DeflatX 664 68% 01-04-94 17:03 cc63f413 --w- SECDRV.H 28336 DeflatX 7336 75% 11-19-93 20:45 790c6e41 --w- SECTSR.ASM 7507 DeflatX 2581 66% 12-29-93 21:15 ceda9b20 --w- SETENV.ASM 1254 DeflatX 541 57% 05-09-93 19:39 182978aa --w- USUALS.H 29482 DeflatX 14440 52% 01-09-94 00:15 2e2202bb --w- LOGIN.EXE ------ ------ --- ------- 176914 65091 64% 20 Also note that the ZIP file contains PGP detached signatures (*.SIG) for the executable files. Finally here is my public key, also available on many public keyservers; note who has signed it. Type bits/keyID Date User ID pub 1024/87C0C7 1992/10/17 Edgar W. Swank - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf 9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2 hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR tClFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYWlnb24uY29tPokAlQIF ECwAALo04ip/MkW/XQEBmNQD/0jUVqT0LMoVvw7Zz2FXyWrdBn6bRlyGxeqQWhig DXRipZ824/fHbA2vkbAczEayw8ZpwRVmhWNsxxWhjYFIi92KYJbAP/XIbr+rEuTI hPKKKKhuuGLUWhfXhCFluHjs3CA6ZQwnT4jnu1NlCkcnWLbL4ktqub2zLwrHCPUe 31L1iQCUAgUQK9Y50xgzoWUItwfFAQHPrAPzBbf6lQyzwbUwdxayzLDoh3Hygnun Looi+yzziEVQchOgSt3sLe2I108DLxTgp+26lJYTAZB+Gg8HGyB+Nz6263D0XlVU XQi9/7CSRyd8bhYFeuFPwFzHPWZlyLDAIsuaEfBsmp2DBLgffvhUCqiiWYmP9oa+ rOA+5IHS+xN8tIkAVQIFECu5dYOzvL/Jh3qmYQEBYDICAI5KdaTiPr2Y1OtRCTi6 xMG6hnRNalvK9C5d/bxrKnUYqsfSpKayX+Ts9psmq6a6doOrX3AAtgcZuTCYUfQk d22JAJUCBRArlzITocE4X0qvAOUBAahdA/4rRoSVp3G+Ki0wvkcAvpnwt7vSEYpH XSkyoC8LdAqs9bft5NDTOykgw5H1qFG1Doqk6oR0yxY0k91eVoBVclLWDb94sNO3 JjHJKO/QdODik5DpmXEnQhBfLlujuYkCtJjoBv1+QdImnnv9aNidGuLAneNvZ+UN NqfE3IRShzNw3IkAlQIFECtj5iw2VpfGMt2Y2QEBDEYD/2iMMml65eFaNWrNP7ab Yh8QW3+Mnjyl5CNpAjGkxejmIm4nZKqUHN5DuGzpJDnstRwbz6daXK15XcoM1m8g uhu6UzIwHs9+hbKE6inTCz4C0mE55PSmvF/ejjexnGzsiFpuFnjN/sRrSHc57flO IUWBCZD8Hizz3aYBxmvwJ863iQCVAgUQKxEXHOJ13g7/Z/cLAQGyYgP/apcv9V2M bHFgU0hl0D4MLqGjBReUfDroxQCsgsTb/0nr1W9yltBMqYPgD7ThLAf2rxIPNbGy D7VUA27LTwQTS6n2mbtkHOvGQVw7J2GwTA6319Gf0Qne0M1h7VJWjFX0Vzjuh/nk 6btxM2uTLSF2nUsDXe5/9N5XeesFhrbXNrM= =4fGE - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTXdxN4nNf3ah8DHAQFFMwP/Uv1qYwds9Yl7dmMYchKdHMKaHbztog66 x2bf9kTnfCOiRPnIjMmMPOlbnFe7mm/v214iMkRE1WGuQcMS34P/zGuWG0zsBbjG EbJg6bL/8F3QPx8HapX2JAi8dF7xrVgL9fGvmRjmv6TSOI/PnLGpXYx9L8wRPhwh y/uQA1bGyT8= =pfy8 -----END PGP SIGNATURE----- -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: edgar@spectrx.saigon.com (Edgar W. Swank) Date: Fri, 14 Jan 94 13:22:52 PST To: Cypherpunks Subject: SoundBlaster clone for voice encryption Message-ID: MIME-Version: 1.0 Content-Type: text/plain I bought a Sound Blaster Clone card a couple of days ago for $65, including a nice integrated stereo headset and hands-free microphone. The Brand name is "Sound Sparc Mecer Multimedia Sound System". It claims to be compatible with Sound Blaster V2.0. I purchased it at the Campbell Domino Computer store; probably other members of the chain also have it. The reason I mention it here is that this unit might work well along with a 9600bps or higher modem & appropriate software (to be developed) to implement an encrypted phone system for real-time (or close) voice. Anyone working on a similar project please contact me via E-mail so we can compare notes. -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Micromine Date: Thu, 13 Jan 94 23:02:45 PST To: cypherpunks@toad.com Subject: Cancel subscription. Message-ID: <199401140701.PAA18671@yarrow> MIME-Version: 1.0 Content-Type: text/plain Please cancel my subscription to cypherpunks mail feed. Can't keep up with the input and it was really only a passing interest. Thanks for your time. Regards, Simon Shaw. -- ------------------------------------------------------------------------------- Micromine Pty. Ltd. Exploration and Mining Software. [SNAIL] PO BOX 7, Nedlands 6009, Western Australia. [PHONE] +61 9 389-8722 [FAX] +61 9 386-7462 [BBS] +61 9 389-8317 [E-Mail] mmine@yarrow.wt.uwa.edu.au [Fidonet] 3:690/372.0@fidonet.org =============================================================================== From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: norm@netcom.com (Norman Hardy) Date: Fri, 14 Jan 94 18:15:47 PST To: MIME-Version: 1.0 Content-Type: text/plain At 0:05 1/14/94 -0500, gregguy@aol.com wrote: >frode@toaster.SFSU.EDU (Frode Odegard) asked the rather sweeping question of >why governments get bigger. > >Actually, this is one of the great (but often unsung) libertarian proofs. >Governments act as any rational being acts -- in their own self interest. As >the distillers of laws and collectors of taxes, however, they just have a >better shot at self-interest nirvanna than the rest of us. > >//greg brooks (gregguy@aol.com PGP key available on keyservers) Any sucessful biological entity acts in its own self interest. It need not be logical or concious. The libertarian would call the governement a parasite. The book Bionomics by Rothchild examines this anology in detail. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: crunch@netcom.com (John Draper) Date: Fri, 14 Jan 94 20:12:52 PST To: sfraves@techno.stanford.edu Subject: TV appearance you might want to record. Message-ID: <199401150410.UAA07359@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain To who it may concern, yours truly will be interviewed on FOX Television due to air nationwide. Locally, it will be aired at 10:30 PM on Channel 2 on the 22nd of Jan. During which time, my obedient VCR will be taping it while I'm enjoying myself at "Industrial Strength" rave. The topic of discussion will be Phone Hackers, and cryptography. so if there is anything I should say in relation or on behalf of Cypherpunks, please let me know. Taping will be done at my place in Marin on Tuesday. The name of the program is "On the Money", so for those not in the Bay Area, check your TV listing for times and channels. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Graham Toal Date: Fri, 14 Jan 94 13:23:21 PST To: cypherpunks@toad.com Subject: Re: Welcome to IIA (fwd) Message-ID: <199401142102.VAA03667@an-teallach.com> MIME-Version: 1.0 Content-Type: text/plain > Here's the IIA info message that has caused all the furor: What furor? - what group is this being discussed in? (I've been netless for three weeks catching up onlost time with my wife) All this free! Wow! Hmmm... cynical old me says if I look at this closely enough I'll find a request for credit card numbers... > If you do not use the 800 number you will never receive a charge. > If you find the 800 number more economical than direct dial than > you will be billed in 10 dollar increments. A charge will be > rolled over until all time has been exhausted. Without receiving > a Credit Card Number, the IIA cannot provision an account. > (We apologize for this inconvenience to our users planning on > direct dial. Shortly we plan to rectify this through programming, > but until that time we must adhere to the policy of our > long-distance provider.) Yep, there it is. Be careful folks, be VERY careful... G From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Fri, 14 Jan 94 20:35:47 PST To: alt.privacy.usenet@decwrl.dec.com Subject: ANNOUNCE: Secure Drive 1.1 Message-ID: <01H7OVFBX1UE9GVIL4@delphi.com> MIME-Version: 1.0 Content-Type: text/plain INTRODUCING S E C U R E D R I V E 1 . 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AVAILABLE NOW Secure Drive 1.0 users: Secure Drive 1.1 has three improvements over V1.0: * Two-drives bug fixed. Secure Drive 1.0 could get the drive letters out of order if you had two physical hard drives. V1.1 fixes this problem. * Enhanced passphrase security: Secure Drive 1.0 used a simple MD5 of the passphrase as the IDEA key. This allowed a fast passphrase search. V1.1 iterates the passphrase hash 2048 times to slow down an attacker. * One-step passphrase change. CRYPTDSK allows you to easily change your passphrase, without a separate encrypt/decrypt cycle. This also enhances security: there is no "window of opportunity" during which the data is in clear on the disk, and no magnetic traces of the plaintext. There is a Secure Drive version 1.2 going around. I was not aware of it until I saw an announcement on the Cypherpunks. This version contains some enhancements to interact with the PGPPASS variable, enabling you to easily use the same passphrase with PGP and Secure Drive. ***HOWEVER - it does not include either the bug fix or the security enhancements of version 1.1. While I would like to see these PGP-compatible features included in Secure Drive, the bugs need to be fixed. For now, please use V1.1. You will need to decrypt and re-encrypt your hard drive, because the new hashing algorithm generates a different IDEA key for the same passphrase. I will talk to the author of V1.2 about adding his improvements to V1.1 to create a version 1.3 soon. Secure Drive 1.1 is available within the U.S. and Canada ONLY, due to US export laws. FTP to csn.org, cd /mpj, and read README.MPJ. This is an export-controlled FTP site which also carries RIPEM and other cryptographic software. The file README.MPJ will explain how to access the cryptographic code from within the U.S. and Canada. You will be able to download immediately; there is no sign-up-and-wait procedure. (Ad continues) Do you have confidential or sensitive information on your DOS/Windows PC or laptop? Imagine what could happen if that data were to fall into the wrong hands through theft or unauthorized access. Protect your privacy with SecureDrive. SecureDrive allows you to create an encrypted hard drive partition and encrypted floppy disks. All of your sensitive data is automatically encrypted with the state-of-the-art IDEA cipher. You simply log in with your passphrase, and the program is completely transparent to your applications. The TSR uses only 2K RAM, and encrypts at the sector level. An intruder gets nothing - not even your directory listing. You can decrypt your disks at any time. The program automatically switches on and off as you access encrypted and unencrypted floppies. Invalid passwords will cause a Drive Not Ready error, locking out writes and protecting your data from damage. The program is Copylefted under the GNU General Public License, and source code in C and assembly language is included. This program is free and always will be. This program may be freely distributed within the U.S. and Canada; do not export it. Cypherpunks Write Code! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@pmantis.berkeley.edu Date: Sat, 15 Jan 94 03:53:02 PST To: cypherpunks@toad.com Subject: Detweiler, you are WASTING YOUR TIME Message-ID: <9401151151.AA15967@pmantis.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain Detweiler is apparently the only one who cares enough to waste any time on this. He's been provided with ample information to prove or disprove his accusations. He has refused to do so, and in such a refusal, he comes off like a ranting loony. Is there any evidence _whatsoever_ that these accounts are indeed one person? P.Metzger and T.C May have both posted evidence that they are seperate people. In absence of _any_ evidence to the contrary, I accept their word for it. I don't see a motive, I don't see any evidence. No smoking gun - from my perspective, it's simply your word against theirs. Detweiler's given me not one iota of proof for your claims, just a blanket assertion. There is no reason whatsoever for me (again, I don't know anybody involved here) to doubt their words. Detweiler, on the other hand, has alleged a huge conspiracy that's gone to a huge amount of theoretically tracable work (phone lines for all the pseudos in 3 different area codes). This seems like an extremely expensive way to accomplish what should be a fairly straightforward (and I note, harmless) procedure. I will reconsider that opinion if he can post whatever it is that convinced you that this is one person. I pretty much assume everything on the net is crap, since its an insecure means of communication. Anyone not convinced of this is politely directed towards their nearest zumabot posting. Dave Criswell The true source of Oracle Corporation's wretched desperation, and low level stooge of the vast satanic cryptoanarchist conspiracy dcriswel@us.oracle.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Sat, 15 Jan 94 02:02:57 PST To: cypherpunks@toad.com Subject: Electronic tax filing Message-ID: <9401150958.AA25364@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain This raises some interesting security issues. Elsewhere is was reported that no encryption is used between the home PC and the central transmission site. --------------------------- forwarded from alt.internet.services: I`ve gotten many request for further info so I`ll just repost the details here. Dave Hi, I've been involved with electronic tax filing (EFT) for six years now. I develope and sell a tax filing package which allows you to basically enter the data from a completed return and transfer directly to the IRS or to one of our transmission sites. This is a tax filing not a tax prep program. Our main market is tax preparers who buy the program and transmitt direct to the IRS, tax preparers who register with us and transmitt returns to us to transmitt to the IRS and tax preparers who fax us returns and we enter the data and transmitt. The IRS has several transmission sites all over the country which processes everybody`s returns. And they have a set schedule of when a refund is sent. Basically returns are processed every Tuesday night. What this means is that if your return has been sent and passed the IRS acceptanced tests by Monday night the IRS will process it Tuesday and if you do direct deposit it will be in your bank account in 10 days, if you have it mailed it will be mailed in 12 days. If your interested in doing EFT from your home IBM or clone let me know. We also work with non tax preparers who have registered with the IRS to do electronic filing and have a electronic filing indentification number (EFIN). The IRS can give you these rather quickly, they do a background check to see if you do not owe back taxes or have been convicted of any felonies and if that works you get a EFIN. Once you have an EFIN we can work with you to set you up for EFT. Basically if you transmitt to us we give you the software and charge you per return. What you do is find your clients ( and they are your clients you must see then personally and have them sign a EFT form which gets sent with their W2s to the IRS by you ) enter there returns with our software and send to one of our transmission sites. If your interested in filing taxes electronicaly ( not preparing ) you need to contact the IRS to get your EFIN number. There is no fee to get a EFIN number, you must file a form with the IRS and pass their background check. If you do this and would like to work with us you need to register which is $20. After that we will send you the data entry program and the charge will be $3 per return with a minimun charge of $5 for each data file of returns you send us. This simple means that you send us a data file over modem of 1 return we will charge $5. If it has 2 returns it would be $6 which is $3 per return. After you file 100 returns through us the price will drop to $2 per return but there will still be the $5 minimun per data file ( a data file can have up to 500 returns ). What you charge the taxpayer for filing his taxes is your decision. Charges vary from around $15 to $75 for filing. If you want to register call 614-676-1333 or 614-676-5666 but contact the IRS first to get your EFIN. Electronic filing runs from Jan 11 to Aug 15. Thanks Dave ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mike@EGFABT.ORG (Mike Sherwood) Date: Sat, 15 Jan 94 07:13:02 PST To: cypherpunks@toad.com Subject: Re: TC May advertises cypherpunks as keeping your taxes from going to In-Reply-To: <9401151301.AA25018@pizzabox.demon.co.uk> Message-ID: <1B97Fc3w165w@EGFABT.ORG> MIME-Version: 1.0 Content-Type: text/plain "gtoal@gtoal.com" writes: > Perhaps Detweiler was right after all about certain cypherpunks having > a hidden agenda... seems TC May's rationale for running the cypherpunks > list isn't to do with enhancing individual liberties but rather keeping > all us WASPS safe from 'people of colour'... > > I want nothing to do with a list run by racists. Unsubscribe me now > please (cypher@an-teallach.com). > > G > > >Subject: Re: neo-nazis "supported" by NETCOM > >Newsgroups: netcom.general > > In article tcmay@netcom.com writes: > > > >And I appreciate that Netcom has never once warned my for what many of > >my critics have called seditious postings. It is true that I look > >forward to seeing the collapse of the U.S. governement and the end to > >the taxation that steals from me to give to so-called "people of > >color." > > > >Some call me a Nazi, which is wrong. I use Netcom to spread strong > >cryptography, the tool which will help overthrow the corrupt U.S. > >government and usher in anarcho-capitalism. > > > >If this view interests you, contact me about joining the "Cypherpunks" > >mailing list. > > > >--Tim May this is a good example of why we need pgp signatures on messages. I would tend to not believe either of of them without confirming them. After all, any post that involves a "Detweiler may be right" idea, regardless of the context, is certainly not something most people would say. And the other post just seems to be odd - someone who, for all intents and purposes, tends to have a functional brain, claiming that the government takes from him to give to "people of color" is overlooking the fact that the government will give money to anyone who labels themself as "disadvantaged" regardless of race, religion, favorite flavor of ice cream, etc. Anyway, who are any of us to speak of nationalities anyway? dont we all look the same, ie. user@site.domain? I havent seen anyone start using white-user@site.domain, black-user@site.domain, asian-user@site.domain, etc. Anyway, what do other people's motives matter anyway? this list is for cryptography last I checked. And for every person who chooses to use it in a bad(pick a context) way, there is probably someone who wants to use it in a good(pick a context) way. anyway, enough ranting and raving. does the fact that I posted (a rarety) now qualify me for membership in the hidden-agenda tentacle club? =) -- Mike Sherwood internet: mike@EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Sat, 15 Jan 94 08:58:04 PST To: cypherpunks@toad.com Subject: SecDriver 1.1 versus 1.2 Message-ID: <199401151656.IAA01508@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain Aside from the technical differences between the two packages, I think the more significant difference is in the distribution. Edgar's 1.2 documentation encourages users to put the package up for FTP, while Mike's 1.0 (and, I presume, 1.1) docs ask that this not be done. Mike wants to protect himself against a PGP-style investigation into export of software. But if 1.2 is put up for FTP, it could conceivably lead to such an investigation. And Mike would presumably be a potential target. This is a confusing situation. What rights does Mike have to control a derivative product like 1.2, given that he is releasing it under the Gnu Public License? Maybe the GPL is not appropriate for the release of crypto software, at least if the author will attempt to restrict its distribution in this way. I don't blame Mike for his concern, but I think we need to recognize an inconsistency between the following three goals, for U.S. citizens at least: public recognition as the author of a crypto package; avoidance of Grand Jury investigations; free availability of the package in the U.S. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "W. Kinney" Date: Sat, 15 Jan 94 11:03:05 PST To: cypherpunks@toad.com Subject: SecureDrive 1.1 & 1.2 Message-ID: <199401151902.MAA12233@ucsu.Colorado.EDU> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Hal writes: >Mike wants to protect himself against a PGP-style investigation into >export of software. But if 1.2 is put up for FTP, it could conceivably >lead to such an investigation. And Mike would presumably be a >potential target. > >This is a confusing situation. What rights does Mike have to control a >derivative product like 1.2, given that he is releasing it under the >Gnu Public License? Legal questions aside, one might hope that within the Cypherpunks at least there might be more of an ethic of respecting the wishes of an author. Edgar seems awfully casual about exposing other people to legal difficulties without their consent, and justifying that by some bullshit technicality doesn't change the reality of it one bit. I for one am most unimpressed. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLTfaV/fv4TpIg2PxAQG8TgP7B1RCFmNquI1ctKdLqVutIcWy8S8ycM3F wjZXGuCRiDZnRQh6q+WTp7aG5p07suF0qmVCFZnvAmrLBZx/PfsFxRPuSZML5J4R b+Clw9uq2rADxUbClgekp7oL4MXmOuXjYCiXdc2CoogME2s4fZRdT9cdteS6hieW kQOWTzfGQzw= =CQtw -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "gtoal@gtoal.com" Date: Sat, 15 Jan 94 05:13:04 PST To: cypherpunks@toad.com Subject: TC May advertises cypherpunks as keeping your taxes from going to 'people of colour' Message-ID: <9401151301.AA25018@pizzabox.demon.co.uk> MIME-Version: 1.0 Content-Type: text/plain Perhaps Detweiler was right after all about certain cypherpunks having a hidden agenda... seems TC May's rationale for running the cypherpunks list isn't to do with enhancing individual liberties but rather keeping all us WASPS safe from 'people of colour'... I want nothing to do with a list run by racists. Unsubscribe me now please (cypher@an-teallach.com). G >Subject: Re: neo-nazis "supported" by NETCOM >Newsgroups: netcom.general In article tcmay@netcom.com writes: > >And I appreciate that Netcom has never once warned my for what many of >my critics have called seditious postings. It is true that I look >forward to seeing the collapse of the U.S. governement and the end to >the taxation that steals from me to give to so-called "people of >color." > >Some call me a Nazi, which is wrong. I use Netcom to spread strong >cryptography, the tool which will help overthrow the corrupt U.S. >government and usher in anarcho-capitalism. > >If this view interests you, contact me about joining the "Cypherpunks" >mailing list. > >--Tim May From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Sat, 15 Jan 94 10:33:05 PST To: cypherpunks@toad.com Subject: Forged messages (was: TC May advertises cypherpunks as keeping your taxes from going to 'people of colour') Message-ID: MIME-Version: 1.0 Content-Type: text/plain "gtoal@gtoal.com" writes: > Perhaps Detweiler was right after all about certain cypherpunks having > a hidden agenda... seems TC May's rationale for running the cypherpunks > list isn't to do with enhancing individual liberties but rather keeping > all us WASPS safe from 'people of colour'... > > I want nothing to do with a list run by racists. Unsubscribe me now > please (cypher@an-teallach.com). > > G A few headers from the message: Received: by toad.com id AA16763; Sat, 15 Jan 94 05:13:04 PST Received: by toad.com id AA16671; Sat, 15 Jan 94 05:09:48 PST Received: from gate.demon.co.uk ([158.152.1.65]) by toad.com id AA16667; Sat, 15 Jan 94 05:09:42 PST Received: from pizzabox.demon.co.uk by gate.demon.co.uk id aa06847; 15 Jan 94 13:04 GMT Received: by pizzabox.demon.co.uk (AA25018); Sat, 15 Jan 94 13:01:35 GMT Date: Sat, 15 Jan 94 13:01:35 GMT Message-Id: <9401151301.AA25018@pizzabox.demon.co.uk> From: "gtoal@gtoal.com" Reply-To: Graham Toal To: cypherpunks@toad.com Subject: TC May advertises cypherpunks as keeping your taxes from going to 'people of colour' Note that pizzabox.demon.co.uk [158.152.8.236] doesn't tell where it got the message from. Could it have been longs.lance.colostate.edu? I liked Detweiler better when he just used anon.penet.fi. P.S. I sent myself a test email by telnetting to pizzabox.demon.co.uk 25, but it identified the IP address I telnetted from... hopefully the site administrators at demon.co.uk have recognized the problem and taken steps to prevent further detweiling. But be on your lookout, this will only hold him off until he can find another SMTP port to spoof from. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: VACCINIA@UNCVX1.OIT.UNC.EDU Date: Sat, 15 Jan 94 11:05:54 PST To: cypherpunks@toad.com Subject: Using the tools we have Message-ID: <01H7PQ29CXGI001P7J@UNCVX1.OIT.UNC.EDU> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- The detman has been blathering for weeks about how he will subvert the list and we now see all sorts of rants impugning the reputations of certain cypherpunks. Postings are reiterated with the message that so and so said this or that and this person is a nazi, or some such drivel. I have no idea who said what because many of the technowizards don't avail themselves of the technology which they themselves have made available and promote as a powerful new tool for the future. Positive reputations? Without an electronic sig, you don't have one. Future? It's here. If even we don't use the available tools, then they are indeed worthless. Expect a long campaign of det-rants if people don't take steps to negate this bullshit now. I personally don't want to see the list go back to the way it was in the days of an12070. Many of you have been hard at work developing NET tools for the future, I applaud you for it but it seems that you will soon need them-like now. It's a pain in the ass for me to sign stuff and I am probably the least techno-capable of all of you. I do it because I see the writing on the wall, you see it too. The time is now punks. Scott G. Morham !The First, Vaccinia@uncvx1.oit.unc.edu ! Second PGP23a Public key by request! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTefRz2paOMjHHAhAQFhfwP9EKM24d0ha4jktJhykLiIRU31MjJ5ne8q V7YDgKFfYnaj5SmwcSCDSDyeKfEBlKdEW32MJlNRmE+OpgINv/+IlZivJzof3bCx Qqr/FS2erUHGRTcDo1D164PEMaNbqAwCgSfVaaW1EnzNbGqv/4q0aVV17IlOl7Zq gPmbueEPfrs= =nTSc -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hkhenson@cup.portal.com Date: Sat, 15 Jan 94 14:13:07 PST To: barlow@eff.org Subject: update noon Message-ID: <9401151410.1.3858@cup.portal.com> MIME-Version: 1.0 Content-Type: text/plain Update Saturday noon. Back from seeing Robert's sons and friend pick up his computer equipment and a 10 minute chat with Postal Inspector Dirmeyer, and a San Jose Police officer by the name of Weidner. At least one point is clear, David Dirmeyer and Lance White are the same person, I simply asked him, and he admitted it. I also found out why he was willing to talk to me during the search. He figured that anybody who starts quoting chapter and section from the Federal Code is a lawyer. [Dirmeyer reminds me somewhat of one of my cousins when he was about 18. My cousin was tall and gangly, and given to putting on a hick act.] Dirmeyer/White seemed completely unconcerned with having generated any liability for the government under the ECPA or the Newspaper Privacy Protection Act (2000aa). He backed this up by being very proud of getting the system (well, most of it anyway) back to the sysop in under a week. [The EFF *has* had a positive effect, this is the first time I ever heard of any LEA's caring how long they take to return a computer.] He was very confident that a judge would dismiss any civil lawsuit brought by the users because of what he perceived as criminal obscenity activities by the sysop. How actions, criminal or not, of one person (the sysop) cancels the rights of others (email customers) to recover from those who block access to their email is beyond me. If that did not get them off the hook, they would get out of civil liability claims because they interrupted people's email access for such a short time, as opposed to the lengthy time the Secret Service kept Steve Jackson's BBS. I can almost quote the relevant sections of the ECPA, and *I* don't remember any time limits under which the civil penalties of law do not apply, "But Judge, I only exceeded the speed limit for a *few* miles!" I wonder how the Postal Service would react to locking *their* patrons out of a local office and away from their mail boxes for a week? I expressed my hope (as a San Jose resident and taxpayer) to Officer Weidner that the Post Office had agreed to take responsibility for any civil liability arising out of the case. He was close to uncivil in stating that I had no standing in the case, and it was none of my concern. He advised me to butt out of being involved in any way. He asked if I had ever *seen* the material on that BBS, (my answer was no) and expressed the opinion that I would be smeared by it and greatly regret getting involved. Back to Dirmeyer, I asked him about the warrant. He said what he did is ordinary investigation practice, including sending people unsolicited material and then picking it up under a warrant. I asked him if the Judge knew, and he assured me the Judge was fully aware that the person getting a warrant for "Lance White's" correspondence was also Lance White. He also said the Judge was aware of the 2000aa and ECPA issues, and that they were under orders not to look at anything labeled email. For some reason, this did not reassure me. Robert's sons and a friend got the last pieces of the computer down to the lobby and we parted company with a few comments on my part about Postal Service agents legally sending kiddy porn through the mail, like the Nebraska case recently ruled entrapment by the Supreme Court. Just one minor thing to add. Because of a persistent back injury, I am on crutches most of the time. I was making my way across the lobby of the old Post office nearing the doors. Dirmeyer and Weidner passed me, opened the doors, went through and let them swing shut in my face. I guess scum like me is below their notice. Keith Henson From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Sat, 15 Jan 94 13:25:50 PST To: cypherpunks@toad.com Subject: Detweiler is really losing it... Message-ID: <9401152125.AA13875@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain Question: has anybody actually had any contact with Detweiler recently? I know he used to be a rational and respectable Usetter; keeper of the Privacy FAQ, runner of an autoposter service for other people's FAQs, etc. I'd like to think this is all somebody's research project or piece of performance art, but otherwise... it's pretty ugly to watch this disintegration happen. The deterioration has been marked even within the last few weeks. The RISKS posting was coherent enough, and no more paranoid than say, the average talk.politics.guns poster. My opinion is just from his language, logic, reaction to other people - whether his conspiracy theories are true are not is pretty irrelevant. Multiple identites mapping to one person is hardly unusual in electronic spaces, but most people regard tracking them down as a challenge or an entertainment, not as the cause for desperate rage and paranoia. Cf. the netsport of hunting down John Palmer identities. Is he actually a student at Colorado State? If so, and he's genuinely sending out death threats, the recipients might seriously consider forwarding them there. Not to get him in trouble, but perhaps to get someone to look into the situation before this accelerating downward curve gets where ever it is going. There's plenty of nuts on the net, but the level of their nuttiness is stable enough. I don't think I've ever seen someone fall apart like this before. Of course, maybe it *is* just performance art... Laura -- -------------- Laura Burchard / burchard@digex.net ---------------- "It didn't take very much reductio to get right down to absurdium from where you started." ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jeremy Porter Date: Sat, 15 Jan 94 14:38:06 PST To: cypherpunks@toad.com Subject: Re: Using the tools we have Message-ID: <9401152235.AA04772@terminus.us.dell.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article <2h9gen$55r@uudell.us.dell.com> you write: > >From owner-cypherpunks@toad.com Sat Jan 15 19:33:39 1994 >From: VACCINIA@UNCVX1.OIT.UNC.EDU >Subject: Using the tools we have >To: cypherpunks@toad.com >-----BEGIN PGP SIGNED MESSAGE----- > >The detman has been blathering for weeks about how he will subvert the list >and we now see all sorts of rants impugning the reputations of certain >cypherpunks. Postings are reiterated with the message that so and so said >this or that and this person is a nazi, or some such drivel. I have no idea >who said what because many of the technowizards don't avail themselves of the >technology which they themselves have made available and promote as a >powerful new tool for the future. Positive reputations? Without an electronic >sig, you don't have one. Future? It's here. If even we don't use the available >tools, then they are indeed worthless. One usefull thing that could be done, is to design a list, that will only post pgp-signed messages. To subscribe to the list, you send your pgp public key, and it sends back its private key. In order to for a recieved message to get sent out, it must be signed by the author. In order to make anonymous posting possible a person would need to create a "anonymous" key, with the anonymous remailer address in it. The annonymous account would still have to sign the messages so and identity could be track through this method. In order to prevent some kinds of abuses, the list server could send a password back to you encrypted with the private key you sent it. You would have to send it the password back encrypted with the server's public key. This would verify that the key was created by a particular users at a specific site. (OK, it would be possible to subvert this, but it is significantly more difficult.) The person that runs the list server can sign the list server's key to vouch for the listserver. For added security you could do something even better. The list server only posts messages that are "trusted" at a specified level, or it adds a trust factor to the message. If the list maintainer has met you and has signed his key, the list server will believe you are real. With the web of trust and introducers, the list server will quickly be able to identify most of the people on the list as being real or "pseudo". In particular this will cut down on the number of forgeries posted to the list. There are some technical problems with this, due to the hassel of signing and or encrypting the messages. Lack of anonyminity, etc. This could even convince most SANE people that there is no conspiracy, i.e. someone you trust to act as an introducer, believes that the other person you are talking with is real. Of course if there really is a conspiracy it doesn't really help. One of the things I've been thinking about recently, is about excerpt of messages and signatures. When you reply to a message and copy part of it there is nothing that prevents someone from editing the text. And of course the digitial signature is not longer valid because of the >'s or other characters in the body, plus you probably don't want to quote the whole message. Duplicating the entire message to prove that two or three lines were actually writen by a particular user id, is pretty wasteful. I suppose someone could write a signing program that signs each line idividually, but that does not sound like a good idea either. A 128bit hash would eat nearly 10% of each line. The hashes can be signed in the signature section at the end. After rereading some of Schneir book, it looks like you can't generate a MD5 hash for less than 64 bytes. You would need to pad lines or generate a hash for every two lines. It would still require some fancy software to handle the extracts and preserve the signature information. Currently most peoples software doesn't even easily support normal PGP/RSA signatures, much less anything so fancy. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLThtW3NeM/yj7Ik1AQEWgAQAh5tqTP1YvTQy09GhqlX85tkt8yH55Lz1 TRcZA5mJ8k9OXqgVLwkIHVUPViX+m+iSLuLR+QWbgUV04uPS/V8wzrnDNWRKvkQE qmYR3ZSr3agouXQygmFMtPgHzQpkzHNxV6rVSM6Wq7hEj/2lga7+lptHRW9Zy0tC SLL+0C6Jcpc= =rKLG -----END PGP SIGNATURE----- -- Jeremy Porter ----------------- Systems Enginneering ---- Dell Computer Corp. --- jerry@terminus.us.dell.com -------- ------------------------------------------------------------ Support your Second Amendment rights to encryption technology. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Sat, 15 Jan 94 14:08:06 PST To: gtoal@pizzabox.demon.co.uk> Subject: Apology to Graham Toal & Cypherpunks Message-ID: MIME-Version: 1.0 Content-Type: text/plain I'd like to apologize for stating that the post made by Graham Toal was a forgery. It has now come to my attention that it was not. Graham Toal had always posted from until today, when he suddenly posted from: "gtoal@gtoal.com" , talking about a racist post by TC May that I had never seen, and asking to be removed from the list. Naturally, I got suspicious. I still don't know what's going on with the email address switching, but I guess the recent events on cypherpunks have made me a bit overly paranoid. Hopefully, I haven't made a complete fool out of myself over this misunderstanding. I guess we have another good reason to sign with PGP... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Sat, 15 Jan 94 14:25:51 PST To: cypherpunks@toad.com Subject: Secure Drive versions Message-ID: <01H7PWWV4WY299EJCL@delphi.com> MIME-Version: 1.0 Content-Type: text/plain My only problem with Secure Drive 1.2 is that it doesn't include the bug fixes which needed to be included. If Edgar wants to use my 1.1 code to make 1.3, great. But the two-drives bug needs fixing, and I wrote a cracker which tests 1000 passphrases per second on the 1.0 version. The 1.1 version iterates the passphrase hash to prevent this. As for how it's distributed, I've always requested that it not be exported, and there is a message in the new distribution asking that foreign sites not carry it if they somehow obtain a copy. --- Mike P.S. All these forged messages are becoming a problem. Detweiler may succeed in his effort to make us not know who's real and who's a tentacle. Ignore anything from a remailer, which (a) has a name at the bottom, or (b) sounds like Detweiler. As for what to do about SMTP spoofing, any ideas? Next he will start posting denials of real messages. That way we won't know what messages are real and falsely denied, and which ones are false and the denials are real. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: m@BlueRose.com (M Carling) Date: Sat, 15 Jan 94 17:43:07 PST To: cypherpunks@toad.com Subject: Re: What is Real? Message-ID: <9401160134.AA00610@BlueRose.com> MIME-Version: 1.0 Content-Type: text/plain Fred Cooper writes: >The distrinutioni of known good keys still remains a problem... In a >lot of ways because CP seem to be split into several regional groups >between which real-life contact or contigiuous trusts seem to be >few... >If i'm not mistaken, there seems to be a california group, a >colorado group, a texas group, and a boston group... I'm normally in California, but will be in Washington City the 25th through the 27th, and then in Houston the 28th and 29th (of January). My key has been signed by Castor Fu, whose key was signed by Phil Zimmerman. I would be happy to meet with anyone in Washington or Houston to sign keys. Anyone who is interested should feel free to email me. M Carling -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAizzqB8AAAEEAMP3n2PtfBfvcLhnu2U2X/1Acq0J+8GtCYe1F72jIglewU+C fSfD2DZdrem97bhMF0pr52SlU0BgmxLlPfCJ9HhsKp0wzOAOA8fC9vC86pAk0pFc G9HTVtmtUQ/RJELPzYUd5qIloyFCQ2PSgJke9wHgAwjzpbvuTtW1EdSEoj8pAAUR tBpNIENhcmxpbmcgPG1AQmx1ZVJvc2UuY29tPokAlQIFEC0gh0BITmU1mAl/jwEB gF4EALnodYMUkuHx93hPgb57aNklinvzJe74QN652JoOAzxvcVgEMNkGpB1E8oDA qbkCWs48FCCVTi/TXlqzjDoEvX840x8+Dc2SEg2OQf2CGyHTSt0HmnzuudFd+I3J bXqO6HfFQ8ofayWjVP0VZ7qvE1zwYhIGeQ4ccfJPiGT/aCNviQCVAgUQLQy8Qp23 mkTW0CxBAQHMnAP/aYShEy9fWjAW63f/BKCtzuAh5GNLEVCdx7ydmddQ/cNJMJfX 4EVC6wxETqRgGVZzvopjNGGBizzrYXZ/tadIiLDZqsV+VAGt08tPCyn19dLhhFLn VPSCTjlNTB76YxBiX4gySJ1OCKRbFFScMIaR+44EpDcIxeklixL3bR98VlaJAJUC BRAtDUT51bUR1ISiPykBAcNMBACvxiB5MALQ1hhFWe82yVSs0NZIvbEtfD0wMtJq c/jQmEuvWT+jTdDbRJV3Df32kN2oJ2cVc0OtfuRxjDBDkMiaXTiHT5PTArJvT/Yx yvg6ugj9RIP997DQ3QixzNywzvsP1r/7dqIGPnXHMSmxU2tsSW8iNcwDwRzuHJDI w4RR1IkAlQIFEC0JC6ZBMZN3EgN9QQEBa3kD/j4vu4pQ6Idb2ZlEqZ3idK1z3vrl PgOmTQfmeSLoxfIw99Vlq+1/3gvJ9TZTzqcwEPEEEbWGWleGcvPiiJqe3hpevo/r cvLYdKhg1R79IlSwVc8HeAH7GOpz33BdeTR4g2A5vZpWzaQDZrOIatu28J/T4/9o Gc/IMAUstQXAf1gMiQBVAgUQLP4eI8xOF0itgirrAQFeWwH/dU7bwP2Kp8vOrtks SJtxPS7d5exemI+xnsQznFQxOb2RRS22JojrPoUjLcu5GK9P8JDKQolxCIDz4A0/ sLpnn4kAlQIFECz0JQT2XAZlQR0DNwEBQ2EEAKDSLJt9HdgWkXBfcXqqWE0Jyvel 6KHWD7nYh898Ti/U4SCyetBCXd7bIJX9mAoxGKp+B60VoYSrnJnRSggNxxp07cUF 8CTcFjOuJtXQpb4wq8bmbfZnuR6dHyrtNna68bW55Df2PHuuFYO/F9hOEJbJHrlD tKeibyG2wQTAC5cz =/VLG -----END PGP PUBLIC KEY BLOCK----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Sat, 15 Jan 94 14:55:50 PST To: cypherpunks@toad.com Subject: Planting Evidence Message-ID: <01H7PY0NP7CI986BH5@delphi.com> MIME-Version: 1.0 Content-Type: text/plain >Back to Dirmeyer, I asked him about the warrant. He said what he did >is ordinary investigation practice, including sending people >unsolicited material and then picking it up under a warrant. I asked >him if the Judge knew, and he assured me the Judge was fully aware >that the person getting a warrant for "Lance White's" correspondence >was also Lance White. He also said the Judge was aware of the 2000aa >and ECPA issues, and that they were under orders not to look at >anything labeled email. For some reason, this did not reassure me. This reminds me of a description in "LA Secret Police" of how the LAPD used to avoid the requirement for a search warrant. A cop would go to a payphone, call 911, and report a rape or assault in progress at the location they wanted to search. The cops would go in, arrest everyone, and ransack the place. Anything they found, they could use, claiming it was out in the open and discovered incidentally. Along with the common practice of piling on outrageous charges, such as "conspiracy to ..." in addition to the actual charge, this allows the police to circumvent most of the person's rights and force him or her to plead guilty or risk a very unjust sentence. When did sending someone illegal material and then raiding the place become standard investigative practice? That used to be called "planting evidence". --- Mike From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Fred Cooper Date: Sat, 15 Jan 94 15:15:50 PST To: cypherpunks@toad.com (Cypherpunks) Subject: What is Real? Message-ID: <199401152314.SAA10095@duke.bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Folks, The quickest way for us to imapir detweiler's spoofing ability (if it is detweiler, and not someone else...) is for those ppl that say PGP signing everything is too much hassle to bite the bullet and generate secondary keys to use on the systems where they read and write mail... Once all mail is being signed, we can at least tell when a piece of mail is from a given id regardless of whether or not the ID is a True Name. The distrinutioni of known good keys still remains a problem... In a lot of ways because CP seem to be split into several regional groups between which real-life contact or contigiuous trusts seem to be few... If i'm not mistaken, there seems to be a california group, a colorado group, a texas group, and a boston group... Am I the only 'punk in Pennsylvania? egads.... nope, there is Matt Ghio. Are all the keyservers dead? I seem to remember a new one going up as the one at MIT died.. but i dont have the address for it... Anyone got a btter idea? FRC - -- #include /* Neural Nets catch only dreaming fish. */ - ----- Paranoia... More than a state of mind. It's a way of Life. ----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTh42bbAlE4AqlTZAQH0LAQAtI3ddTX9hiyf9e9G+eXxutxLmvd3l/tp sYMbDYB9orCULv3vwwvlMw54bPEXjd3f5kQsbu5RfZMKIwNT16jY9gVK4XiXsP9p +TachWEt+sOH1C0o5fX08PAnzjAtN5eSEUfjPK2olj/2G76NLOzwLdWNPsqcww7B oORKpOSn4H0= =OAOe -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: sdw@meaddata.com (Stephen Williams) Date: Sat, 15 Jan 94 15:33:06 PST To: jerry@terminus.us.dell.com (Jeremy Porter) Subject: Re: Using the tools we have In-Reply-To: <9401152235.AA04772@terminus.us.dell.com> Message-ID: <9401152329.AA18124@jungle.meaddata.com> MIME-Version: 1.0 Content-Type: text/plain > > In article <2h9gen$55r@uudell.us.dell.com> you write: > > > >From owner-cypherpunks@toad.com Sat Jan 15 19:33:39 1994 > >From: VACCINIA@UNCVX1.OIT.UNC.EDU > >Subject: Using the tools we have > >To: cypherpunks@toad.com > > > >The detman has been blathering for weeks about how he will subvert the list > >and we now see all sorts of rants impugning the reputations of certain > >cypherpunks. Postings are reiterated with the message that so and so said > >this or that and this person is a nazi, or some such drivel. I have no idea > >who said what because many of the technowizards don't avail themselves of the ... > One usefull thing that could be done, is to design a list, that will > only post pgp-signed messages. To subscribe to the list, you send > your pgp public key, and it sends back its private key. In order ... > Jeremy Porter ----------------- Systems Enginneering ---- > Dell Computer Corp. --- jerry@terminus.us.dell.com -------- > ------------------------------------------------------------ > Support your Second Amendment rights to encryption technology. You've given me an idea. I felt the edges of it when discussing my plans for an endorsement message enhancement to Netnews/INN/Tin/... Instead of controlling every message that gets posted, why don't we instead allow email endorsements. Each message has a unique message id, is fairly easy to identify, and could of course be PGP signed. What if we hacked a .procmailrc to 'mark' (Subject change?) or filter messages that weren't marked properly (say they were signed but not by the key you had for that person) OR those that received a later endorsement (positive/neg/typing) from someone on your trusted list. (ED: sorry for the long lines, I sometimes feel the thought is more clear that way.) Acting on an endorsement after you had received a message means modifying a mailbox, which needs to be done carefully. You might want to track where the message went if using automatic sorting in procmail. What do you think? sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw@lig.net sdw@meaddata.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 GNU Support ICBM: 39 34N 85 15W I love it when a plan comes together From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "gtoal@gtoal.com" Date: Sat, 15 Jan 94 10:38:04 PST To: cypherpunks@toad.com Subject: WARNING: IGNORE ANY RECENT POSTINGS FROM MY SITE Message-ID: <9401151833.AA28140@pizzabox.demon.co.uk> MIME-Version: 1.0 Content-Type: text/plain I've just caught someone logged on to Matthew Ghio's account mg5n@glenn.res. andrew.cmu.edu abusing my system to post mail purportedly from "anon@detweiler.com". I suspect it was aimed at cypherpunks though since I'm now no longer subscribed, I don't know what he posted. I can't tell the recipient from the minimal logs here. I've notified the andrew.cmu.edu postmaster that someone may have abused Ghio's account and be using it to hack from. Graham From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@pmantis.berkeley.edu Date: Sat, 15 Jan 94 20:03:41 PST To: cypherpunks@toad.com Subject: the bitter end Message-ID: <9401160403.AA16058@pmantis.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain oh, how the noise hurts my ears, oh how the fires burn my eyes, oh how my body quakes and shivers. i, the glorious memetic warrior, lie bleeding on the rocks, the enemy has vanquished us, we have been trampled 'neath their onslaught. i hear my fellow men groaning with spasms around me, they call each other's names and cry out, the noxious stench of death oppresses my nostrils. the eve grows cool, it is twilight, and the bitter cold infiltrates my body like fog through the grass. we were ambushed, we thought we knew the enemy's numbers, we thought our intelligence sound. but they had tricked us in the blackest of betrayals, all our spies were double agents, and they had stabbed us in the back. they laughed as they crushed us. the enemy was so numerous, his location so ubiquitous, that we could not help but be massacred in the hot sun. there was white fear and red terror everywhere as they came from every direction to slay us. all our operations were useless and ineffective, our carefully crafted future plans aborted, the enemy had infected our own nervous system with his poison, and our grisly, grotesque failures haunt my mind like shrieking phantoms. oh, my trusted friends! my fellow warriors! my noble generals! all are dead and dying, bleeding and weeping, lying and crying. my consciousness flits between moments like a thief in the shadows, i am bewildered and dazed, as fragmentary hallucinations of my youth flash before my eyes. oh, the horror of their weaponry! they assailed us with their bombs, their grenades, their tanks, their planes, the machine guns pumped bullets into our fragile flesh, our limbs scatter the battlefield, our blood lies in pools in the trenches. we went deaf with the onslaught, our ears bleeding, our eyes blinded by the horrid wrath of fire. their blitzkrieg trampled us like bewildered ants 'neath the stamp of soldier's feet. the earth is scarred with holes and pits, and hideous shapes of artillery and shrapnel surround me like monsters looming in my nightmares. oh, that fearsome face of mine enemy, how it glowered and glared and burned with fire in my eyes, i saw the venemous hatred cutting and mowing me down. their hate surpassed ours, their deadliness crushed us unmercifully, wretchedly, horribly beneath their iron wrath. they were monsters from beyond our nightmares but from our own reality, and they ripped our bodies apart to feed their chiseled jaws. the moon shines down at me now, i see the reflection in the pools of water around me, and i am the only one left alive. i hear my rasps, i feel my chest heave, i feel my feeble heart pump, i can feel the gentle trickle of oozing blood at my sides, my life slowly, silently, inevitably, inextricably leaking from my body. there is only utter cold and pitch blackness, as i hear the rats scurrying through my hair and gnawing at my flesh. / / / / / / / / / / / / / / / / / / . : _________ _________ _________ . / / \ \ / / \ \ / / \ \ /'/ / / / / / / / / ______ / / / / / / / ~~~~ / / / / / __ \ / / / / \~~~~~~~~/~~~/~~~~~~~~~~~/~~~~~~~~__/~~~~~ ~~~_/~~/~~~~~/~~~~~~~~~~/ ~~ \,\ / / ____ / /~\ \ /~~~~_ / / /~~~~~~~ :' \ \ / / / / \ \ \ ~~~ _ \ / / ; ~~~~~~~~~ ~~~~ ~~~~ ~~~~~ ~~ ~~~~ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "gtoal@gtoal.com" Date: Sat, 15 Jan 94 13:33:06 PST To: cypherpunks@toad.com Subject: On leaving the list; and forgeries Message-ID: <9401152119.AA00424@pizzabox.demon.co.uk> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Ah. Now I see why Matthew was forging mail from my site. Thanks for your concern Matthew, but the mail was indeed from me, and pizzabox is quite secure since I run home-brew fingerwarz and pidentwarz daemons. I'll pgp-sign this confirmation just to keep everyone happy. Yes, I have unsubscribed from cypherpunks because I don't want to be part of a list which is advertised elsewhere on the net as being sympathetic to people who don't want their tax money going to coloured people. If he'd said he didn't want his tax money going to unemployed people or poor people, I could have understood his viewpoint (though not sypmathised with it), but to explicitly single out coloured people in a posting soliciting like-minded people for cypherpunks tells me its time to move on. And as for doug@netcom's rant, I'm not even going to dignify it with an answer. G : Note that pizzabox.demon.co.uk [158.152.8.236] doesn't tell where it got : the message from. Could it have been longs.lance.colostate.edu? I : liked Detweiler better when he just used anon.penet.fi. : : : P.S. I sent myself a test email by telnetting to pizzabox.demon.co.uk : 25, but it identified the IP address I telnetted from... hopefully the : site administrators at demon.co.uk have recognized the problem and taken : steps to prevent further detweiling. But be on your lookout, this will : only hold him off until he can find another SMTP port to spoof from. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLThdO3CRCOmNcN2dAQG80QP/aWyl1C2AsVpxtR/Jvtaj2egf+CAtXtZq KSYzmo2xLe/8iTJdD495Ttjrsp/hSB9Z630EU0bTfPQ7o82uf75JE3F1oz+tzRiq LlNjpUwaEX3PVZNQkyiSrZ7dEALWbkaGVZgCsrXWXcvuGjdf/BSZpCSNtgj0O39h ZENhzUN+dfM= =X/Zc -----END PGP SIGNATURE----- PS Matthew - I'll mail the andrew.cmu.edu postmaster and tell him it was a misunderstanding. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdwilson@gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Sun, 16 Jan 94 00:33:11 PST To: jerry@terminus.us.dell.com (Jeremy Porter) Subject: Re: Using the tools we have In-Reply-To: <9401152235.AA04772@terminus.us.dell.com> Message-ID: <9401160829.AA25953@gold.chem.hawaii.edu> MIME-Version: 1.0 Content-Type: text/plain > For added security you could do something even better. The list > server only posts messages that are "trusted" at a specified level, or it > adds a trust factor to the message. If the list maintainer has met you > and has signed his key, the list server will believe you are real. With > the web of trust and introducers, the list server will quickly be able to > identify most of the people on the list as being real or "pseudo". In > particular this will cut down on the number of forgeries posted to the list. > Another option could be sending an access agreement which is notarized. In order to notarize, you need photo id etc... Nyx has used this for some time with success. -Jim From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Philippe Nave" Date: Sat, 15 Jan 94 21:45:53 PST To: cypherpunks@toad.com (cypherpunks) Subject: PGP posting validation Message-ID: <9401160545.AA04896@toad.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- As I recall, the PGP-filtered mail list idea was proposed to the list a while back and semi-informally put to a vote. At the time, I 'voted' against the idea, because I did not perceive the spoofing problem to be serious enough to warrant that sort of response. Times change, I guess - it's easy to filter certain names and anon ids out of my mail, but more complex spoofs involving SMTP ports and so on call for more involved filtering procedures. Here's my two cents' worth- how about a filter on incoming mail to the list that performs these functions: 1) check the incoming post for a PGP signature 2) If a sig is found, check it against the list's public keyring 3) If the key matches, pop a line like "X-PGP-Keycheck: user so-and-so" into the posting 4) If the incoming message already has a "X-PGP-Keycheck:" line in it, drop that line off - somebody's trying to spoof us For those 'punks who can/will sign their messages, this would provide a simple 'reputation check' visible to all recipients. For others, postings would flow through the system exactly like they do today, vulnerable to spoofs and so on. My main concern is that we get a filter online that is secure but simple. Programmers (myself included) will want to launch off and devise some horrendously complex PGP empire right away, but it would probably be smarter to start small. - -- ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTjTAwvlW1K2YdE1AQGEdAP8DY8KAK7EU9HkPxuuqMwApwTB7hMP+k1i WGzHgq6RLQvHpZAbzywAbLvxVayzbPd+oCAfF8rSuf7NgFiz8TSqIDyMxM7dGh8Q 8KkEUbEyMQG4//M1Y0HrxhZXemq0a98umtAEQmyyFUFFuvrR95q5iJ1BtGqqF+oH fNXp2UIqfIw= =cXHA -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Sat, 15 Jan 94 21:38:10 PST To: cypherpunks@toad.com Subject: PGP's e exponent too small? Message-ID: <01H7QC1A386W99ENND@delphi.com> MIME-Version: 1.0 Content-Type: text/plain Is the e exponent in PGP too small? It's usually 17 decimal. Applied Cryptography pp. 287-288 says: "Low Exponent Attack Against RSA Another suggestion to 'improve' RSA is to use low values for e, the public key. This makes encryption fast and easy to perform. Unfortunately, it is also insecure. Hastad demonstrated a successful attack against RSA with a low encryption key [417]. Another attack by Michael Wiener will recover e, when e is up to one quarter the size of n [878]. A low decryption key, d, is just as serious a problem. Moral: Choose large values for e and d." --- Mike P.S. Anyone know where to get a Capstone chip? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Sat, 15 Jan 94 22:45:53 PST To: Cypherpunks Mailing List Subject: Re: PGP posting validation In-Reply-To: <9401160545.AA04896@toad.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- On Sat, 15 Jan 1994, Philippe Nave wrote: > Here's my two cents' worth- how about a filter on incoming mail to the list > that performs these functions: > 1) check the incoming post for a PGP signature > 2) If a sig is found, check it against the list's public keyring 2a) Make sure that as part of the sign up procedure, the subscriber's public key is also provided. > 3) If the key matches, pop a line like "X-PGP-Keycheck: user so-and-so" > into the posting > 4) If the incoming message already has a "X-PGP-Keycheck:" line in it, > drop that line off - somebody's trying to spoof us also: 4a) Make sure the line pointing out that it was validated is part of the message, and not the headers, because some newreaders have a nasty habit of dumping headers that aren't recognized, or making them very difficult to find (you have to remember to switch to full headers for pine, for example.) I would think that a line added to the end of the message as a trailer woudl work dandilly. 5) If there is no PGP signature, the message is bounced back to the originating address. Yes, this might bounce to a non-existant one, but if joe@moron.com is trying to fake a message from joe@foo.com, joe@foo.com would find out about it then. Also, make sure the reply-to: header is set so that messages bouncing due to a non-existant address do lead to a loop. > For those 'punks who can/will sign their messages, this would provide a simple > 'reputation check' visible to all recipients. For others, postings would flow > through the system exactly like they do today, vulnerable to spoofs and so on. Of course, there is the question of the reliability of the automated reposter... :-) > My main concern is that we get a filter online that is secure but simple. > Programmers (myself included) will want to launch off and devise some > horrendously complex PGP empire right away, but it would probably be smarter > to start small. Keep it simple and functional, IMHO. ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and \/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTjjG53BsrEqkf9NAQFDlQP+OeDUULpjOMJUxa7dRzf9se5SQL9Eln+f ZYh8HN7U9phUdroD6n2ta3b6v+hYkNtI6n2DGFtjOLtygxbwH1M8JAkZAFin78zC Kz8kkRolAxaHTjgRjFRXcyWPxUopDO57+Q+HYcOKJL3AwJa30cDvDmBjvGcXeXSs UQFQxM4VHf0= =5NNa -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remail@tamsun.tamu.edu Date: Sat, 15 Jan 94 23:25:55 PST To: cypherpunks@toad.com Subject: Detweiler == Rotweiler Message-ID: <9401160725.AA12935@tamsun.tamu.edu> MIME-Version: 1.0 Content-Type: text/plain I may have missed responses to my last post on the subject, but I am wondering: what makes Detweiler think that T.C. May and Mayor Szabo are the same person? How is this so critical to his argument that he needs to spend half his waking hours ranting about it? I'm still trying to figure out why it's critical to his argument. The one time I started getting mail/flamage from someone who (from writing patterns, nicknames, etc.) I thought was someone else, I was pretty livid about it (Eric Hughes). I've since cooled down, after he apologized, somewhat... but it doesn't change a thing about the argument itself. (Of course, I knew his argument was bunk to begin with). But is Rotweiler so unable to address issues that he has to attribute everyone with a roughly similar belief to be one person? "It didn't take very much reductio to get right down to absurdium from where you started." --Mike Jones, jonesmd@crd.ge.com I think we're in the situation of trying to get *up* to absurdium. Either Detweiler's a disturbed individual with some sort of multiple personality disorder, or he's impersonating one. Or, of course, the GRAND CYPHERPUNK CONSPIRACY has been FORGING messages to LOOK like they've come from L. Detweiler! UN-altered REPRODUCTION and DISSEMINATION of this IMPORTANT information is ENCOURAGED! -- +-----------------------+---------------------------------------+ |Phil Fraering | "...drag them, kicking and screaming, | |pgf@srl03.cacs.usl.edu | into the Century of the Fruitbat." | +-----------------------+-Terry Pratchett, _Reaper Man_---------+ ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: sdouglas%hartford.edu@uhasun.hartford.edu (Headless Pumpkin) Date: Sat, 15 Jan 94 23:38:11 PST To: cypherpunks@toad.com Subject: is this for real? Message-ID: <9401160736.AA20430@uhasun.hartford.edu> MIME-Version: 1.0 Content-Type: text/plain So, Queen Umbish Is Still Here. But is this SQUISH for real? Where are those POTS (POinters To Snakes) and PANS (Poison Agents Needing SQUISHing) mentioned? >QUESTIONS >=== > > Address further questions to cypherpunks@toad.com, gnu@toad.com, > tcmay@netcom.com, or hughes@ah.com. Some additional information is > available in RISKS 15.25, 15.27, 15.28x: ftp CRVAX.SRI.COM, login > anonymous, directory RISKS: (include the colon), file RISKS-i.j > >=== > > ///// //// // // //// ///// // // > /// // // // // // /// // // > //// // // // // // //// ////// > /// // // // // // /// // // > ///// ///\\ //// //// ///// // // > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Introducing the SUGGESTIVELY QUESTIONABLE UNIFIED INTERNET SNAKE HUNT! Scott Douglass *My joys, my griefs, my passions, and * ->sdouglas@hartford.edu<- * my powers, * dithyramb@pan.com *Made me a stranger. Byron* scott@pumpkin.uucp http://www.hartford.edu/UofHWelcome.html finger me for my public key! MIME spoken here! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: smb@research.att.com Date: Sun, 16 Jan 94 05:33:13 PST To: Mike Ingle Subject: Re: PGP's e exponent too small? Message-ID: <9401161330.AA10496@toad.com> MIME-Version: 1.0 Content-Type: text/plain Is the e exponent in PGP too small? It's usually 17 decimal. Applied Cryptography pp. 287-288 says: "Low Exponent Attack Against RSA Another suggestion to 'improve' RSA is to use low values for e, the public key. This makes encryption fast and easy to perform. Unfortunately, it is also insecure. Hastad demonstrated a successful attack against RSA with a low encryption key [417]. Another attack by Michael Wiener will recover e, when e is up to one quarter the size of n [878]. A low decryption key, d, is just as serious a problem. Moral: Choose large values for e and d." There was some discussion on this on sci.crypt. Briefly, the folks from RSA don't agree that it's a problem in practice. If you always include some random padding in the message, you're safe, if I remember what Kaliski posted. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: remailer@merde.dis.org (remailer bogus account) Date: Sun, 16 Jan 94 09:26:01 PST To: cypherpunks@toad.com Subject: The Detweiler Saga Message-ID: <9401161725.AA19227@merde.dis.org> MIME-Version: 1.0 Content-Type: text/plain once again, I am getting tired of trying to convince people that don't really give a damn and would rather amuse themselves by inventing new ways of calling me insane. I am tired of hearing the deafening silence of thousands of lurkers saying, quite eloquently, . How Wrong I Have Been. So wrong. We always took Detweiler for granted. Our rock. Our knight. Will now our beloved Atlas shrug? Yea, will our prophet fall? You presence filled the heavens. You were without beginning middle or end. no one and a star stand am to am flaming dream to dreaming flame millionary wherewhens distant as reckoned by the unimmortal mind Those words come back to me as I reflect on our salad days, together in Prague, before the revolution. All, zorn. All, zorn. And I remember what you wrote, that dark day, and I remember the sound of the T-62's as if we were there again... the sunlight in the garden hardens and grows cold we cannot cage the minute within its nets of gold when all is *told* we cannot BEG for PARDON THE SKY WAS GOOD FOR FLYING DEFYING THE CHURCH BELLS! AND EVERY _EVIL_ _IRON_ _SIREN_ AND WHAT IT TELLS THE EARTH compells... (How those words haunt me now. How they haunt me.) I may focus on more damaging counterrevolutionary tactics soon and just give up on the BrainDead out here. I have tried to start a fire but get nothing but wet drizzle. soon I will wash my hands of it all completely, having done all I can, and the cyberanarchists will advance unhindered to an internet site near you. Every word burns like a knife across raw nerves. His radiance is blinding now! (o deliver me deliver me) O Lance, I can see your eyes shining; with an open mouth you glitter in an array of colors, and your body touches the sky. I look at you and my heart trembles; I have lost all courage and all peace of mind. When I see your mouths with their fearful teeth, mouths burning like fires at the end of time, I forget where I am and I have no place to go. I see our warriors and all the cryptonihilists who are here to fight. All are rushing into your awful jaws! I see some of them crushed by your teeth. As rivers flow into the ocean, all the warriors of the world are passing into your fiery jaws; all creatures rush to their destruction like moths into a flame. Filled with your terrible radiance, the whole of creation bursts into flame!! You have murdered me. murdered me murdered me murdered me murdered me murdered george william herbert gwh@crl.com Work: System / Net Administrator, CR Labs Home/Play: Retro Aerospace KD6WUQ gwh@crl.com gwh@soda.berkeley.edu gwh@{isu,exec}.isunet.edu deltaV = g * Isp * ln(Mr) ... it's not just a good idea, it's the Law ---------------------------------------------------------------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Lt. Donald F. Sullivan Campus Safety Department" Date: Sun, 16 Jan 94 07:58:13 PST To: CYPHERPUNKS@toad.com Subject: No Subject Message-ID: <009789DE.7E774600.13447@okra.millsaps.edu> MIME-Version: 1.0 Content-Type: text/plain Saw your add on one of my listserve boards. Could you send me information on this,"Snake Hunt" thing your talking about. How do I join and play. Would like to know more... Don ___ (o O) =============uuu(U)uuu============== | M i l l s a p s C o l l e g e | | -------------------------------- | | CAMPUS SAFETY DEPARTMENT | |__________________________________| \ Lt. Donald F. Sullivan / / FAX:(601)-974-1173 \ \ PHONE:(601)-974-1181 / / InterNet Address \ | Sullidf@Okra.Millsaps.Edu | |________________________________| From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Sun, 16 Jan 94 10:13:46 PST To: cypherpunks@toad.com Subject: PGP question Message-ID: <9401161814.AA00826@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain This may sound like a question that I should probably already know, but it would appear not. How do I change my key ID to reflect my current ID? For instance: If my key ID now reads also known as and I wanted to change both of these a different, singular address; Is there an easy way to do this? Many thanks in advance! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Chris \"Strunoph\" Norman" Date: Sun, 16 Jan 94 10:23:16 PST To: cypherpunks@toad.com Subject: SQUISH Message-ID: <94Jan16.132213est.56938-3@undergrad.math.uwaterloo.ca> MIME-Version: 1.0 Content-Type: text/plain Please put me on the mailing list, if there is one, for SQUISH. I don't have the time to participate, but it looks interesting. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Yaoshiang Ho Date: Sun, 16 Jan 94 13:28:15 PST To: cypherpunks@toad.com Subject: GUNZIP (fwd) Message-ID: MIME-Version: 1.0 Content-Type: text/plain ---------- Forwarded message ---------- Date: Sun, 16 Jan 94 14:45:18 CST From: Gary Jeffers To: cypherpunks@toad.com Subject: GUNZIP I need help. I've downloaded gunzip from the net but it doesn't work. My operating system is IBM mainframe vm/cms. error is "error in DMSRLD routine; return code 508. Maybe I got a wrong system gunzip? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Sun, 16 Jan 94 13:58:47 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation Message-ID: MIME-Version: 1.0 Content-Type: text/plain Robert A. Hayden [hayden@krypton.mankato.msus.edu] wrote: > > Here's my two cents' worth- how about a filter on incoming mail to the list > > that performs these functions: > > 1) check the incoming post for a PGP signature > > 2) If a sig is found, check it against the list's public keyring Hmm.. this would allow us to prove that THE LIST thinks he's who he says he is.. or who THE LIST tells us he is.. Now, I am not paranoid against THE LIST, but I suggest that THE PEOPLE should not filter THEIR thoughts. What of censorship [on an aside, is there a censor apprenticeship? Why the 'ship?']!? If you must censor.. censor your own messages with filters running on your own machine.. maybe even publish your filter list to the net so we can all understand each other. Remember that there will always be a percentage of noise in any public forum.. there is no average without these outliers. For a group SO interested in RANDOM numbers, some people sure do want to organize everything. TTFN. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: anonymous@extropia.wimsey.com Date: Sun, 16 Jan 94 14:03:15 PST To: cypherpunks@toad.com Subject: TC May, Taxes and Colored People Message-ID: <199401162141.AA13609@xtropia> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Graham Toal writes: gt: >Subject: Re: neo-nazis "supported" by NETCOM gt: >Newsgroups: netcom.general gt: gt: In article tcmay@netcom.com writes: gt: > gt: >And I appreciate that Netcom has never once warned my for what many of gt: >my critics have called seditious postings. It is true that I look gt: >forward to seeing the collapse of the U.S. governement and the end to gt: >the taxation that steals from me to give to so-called "people of gt: >color." gt: > gt: >Some call me a Nazi, which is wrong. I use Netcom to spread strong gt: >cryptography, the tool which will help overthrow the corrupt U.S. gt: >government and usher in anarcho-capitalism. gt: > gt: >If this view interests you, contact me about joining the "Cypherpunks" gt: >mailing list. gt: > gt: >--Tim May As a tax-paying colored person I share Tim's concerns about the disposition of my tax money by the U.S. government. My parents, who are also colored, and many of my colored friends, relatives and acquaintances also pay taxes. However, given all of the questionable governmental expenditures (clipper, et. al) that are usually talked about, singling out "so-called 'people of color'" seems a bit peculiar; especially as part of a recruitment drive for a cryptography list. Surely, there are more interesting reasons to join the list. (And, as we celebrate his birthday this weekend, let's not forget that Martin Luther King, Jr. was a victim of FBI wiretapping). HasnUt the U.S. government done worse than give TimUs money to colored folk? Just as Tim anxiously awaits the "collapse of the U.S. government," many colored people in our fair land once awaited an end to slavery (a wait that ran around 300 years or more - Patience Tim). Colored people have thought about the U.S. government quite a bit over the years. Well...we'll see if strong cryptography is indeed Tim's "underground railroad" to the "promised land" of anarcho-capitalism. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLTmkTrcOmH2KTo5BAQGVygP/SM/8nvOWzHgWj1ogSGPgofwG3DaRD3so pir+i4qAsRvmj/LaankoH4T6dL7HQoqqhLcmK1A44Ni6w08Vr/Zxme5lsv8AL207 Ye/HgtxUlecraE2ULScR3S+7WIdJN7+ljLnyemdHyMGzc1d+r2xh+UxHtvazncfK QDuWPUL7eVg= =xupK -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi05oMkAAAEEAMeHmva0y3bqUVFlrRLto4UIrLtwK58TVOKNrPRMn/SMD7qs ei083E8ftwy4L0xRw9QDGJwVRoAcfSEeCEa4seWWnDLV+NptzSMnUm5FiqUuZ5i3 Dr0fQzc6oI2e6gxwXo1TgmcocTv8cQwFNA8M6oJL0KCC/0v3frcOmH2KTo5BABEB AAG0C1JvZG5leSBLaW5niQCVAgUQLTmh6rcOmH2KTo5BAQF9qAP/Vfrmvohhuwtp ODfsmnw6S2hOZCYx5dlwJYELuT4RD+a5xKjGllHADfKhPSryqk3dQdDqtU2w2IEv U6RMkyHIdBNcGGoZO3Wc4yfCz3UArdW8wFD6b+UWyDHl+1PCVGi2Z5q4frwlQCQr le9H7XqSszYoIAvGTaDSXgcQUmUW144= =P0PB -----END PGP PUBLIC KEY BLOCK----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: smid@evan1.nl.edu Date: Sun, 16 Jan 94 12:23:15 PST To: cypherpunks@toad.com Subject: SQUISH Message-ID: <13B4B8350D7@evan1> MIME-Version: 1.0 Content-Type: text/plain Please tell me more about SQUISH! *********************************** Stephen Middlebrook/smid@evan1.nl.edu Director, Baker Demonstration School National-Louis University 2840 Sheridan Road, Evanston, IL 60201 Voice: (708) 256-5150 x2580 Fax: (708) 256-1057 ************************************ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Gary Jeffers" Date: Sun, 16 Jan 94 12:48:47 PST To: cypherpunks@toad.com Subject: GUNZIP Message-ID: <9401162048.AA14631@toad.com> MIME-Version: 1.0 Content-Type: text/plain I need help. I've downloaded gunzip from the net but it doesn't work. My operating system is IBM mainframe vm/cms. error is "error in DMSRLD routine; return code 508. Maybe I got a wrong system gunzip? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdblair@nextsrv.cas.muohio.EDU Date: Sun, 16 Jan 94 11:48:15 PST To: cypherpunks@toad.com Subject: Libertarian FTP site Message-ID: <9401162010.AA28801@ nextsrv.cas.muohio.EDU > MIME-Version: 1.0 Content-Type: text/plain I know that there's a Libertatarian Literature ftp site- I've downloaded stuff from there, but I've lost the address. Could someone in the know pass it my way? Thanks in advance, -john jdblair@nextsrv.cas.muohio.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdblair@nextsrv.cas.muohio.EDU Date: Sun, 16 Jan 94 11:53:15 PST To: cypherpunks@toad.com Subject: Applied Cryptography Message-ID: <9401162016.AA28825@ nextsrv.cas.muohio.EDU > MIME-Version: 1.0 Content-Type: text/plain Would somebody please pass on an ISBN number, publisher info, and the best placed to order "Applied Cryptography"? I would appreciate this greatly. Thanks in advance, -john. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdwilson@gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Sun, 16 Jan 94 17:13:15 PST To: drzaphod@brewmeister.xstablu.com (DrZaphod) Subject: Re: PGP posting validation In-Reply-To: Message-ID: <9401170109.AA26968@gold.chem.hawaii.edu> MIME-Version: 1.0 Content-Type: text/plain > > Robert A. Hayden [hayden@krypton.mankato.msus.edu] wrote: > > > > Here's my two cents' worth- how about a filter on incoming mail to the list > > > that performs these functions: > > > 1) check the incoming post for a PGP signature > > > 2) If a sig is found, check it against the list's public keyring > > Hmm.. this would allow us to prove that THE LIST thinks he's > who he says he is.. or who THE LIST tells us he is.. Now, I am not > paranoid against THE LIST, but I suggest that THE PEOPLE should > not filter THEIR thoughts. What of censorship [on an aside, is there > a censor apprenticeship? Why the 'ship?']!? If you must censor.. // // // // // As to why you might want to check against a list, consider it private and a priviledge to participate in. Another example, 'punksters decide to work collaboratively on a project and want to restrict the exposure/discussion to trusted list members to protect the project from outside influence/intervention, Bottom line, don't you want to know that the person you think you are respondingto today is the same person you were communicating last week etc? Don't you want to keep someone from pretending to be you and sending out opinions etc. which might damage your reputation or misrepresent you? This is NOT censorship i.e. it does NOT stop you from expressing your views, it only ensures that a message which appears to be from you really IS from you. -Jim From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@cicada.berkeley.edu Date: Sun, 16 Jan 94 15:13:47 PST To: cypherpunks@toad.com Subject: Re: message Message-ID: <9401162312.AA29521@cicada.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain > Something found on another list... > > ---------------------------------------------------------------------- > > From: nobody@CICADA.BERKELEY.EDU > Subject: *SQUISH* THE TENTACLES IN CYBERSPACE!! > To: MIND-L@asylum.sf.ca.us So that's why all those weirdos have been showing up here lately. Detweiler is really becoming a nuisance... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Sun, 16 Jan 94 12:18:16 PST To: cypherpunks@toad.com Subject: Re: PGP's e exponent too small? In-Reply-To: <9401161330.AA10496@toad.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Mike Ingle wrote: > Is the e exponent in PGP too small? It's usually 17 decimal. > > Applied Cryptography pp. 287-288 says: > > "Low Exponent Attack Against RSA > > Another suggestion to 'improve' RSA is to use low values for e, > the public key. This makes encryption fast and easy to perform. > Unfortunately, it is also insecure. Hastad demonstrated a successful > attack against RSA with a low encryption key [417]. Another > attack by Michael Wiener will recover e, when e is up to one > quarter the size of n [878]. A low decryption key, d, > is just as serious a problem. Moral: Choose large values for e and d." smb@research.att.com wrote in reply: > There was some discussion on this on sci.crypt. Briefly, the > folks from RSA don't agree that it's a problem in practice. If > you always include some random padding in the message, > you're safe, if I remember what Kaliski posted. Not true. If the RSA folks really believe that, they are kidding themselves. I don't see what adding padding will do to provent solving for the key (although it is a good idea for other reasons). Here's why you shouldn't use low powers of d: Remember that d and e are factors of (p-1)(q-1)+1. Doing a little math, we can rewrite that as de=pq-p-q+2. Unless p or q is very small, (which is unlikely because a small factor is easy to find, which would weaken the key), the product (p-1)(q-1)+1 is going to be somewhere near pq-2*SQRT(pq). (Actually, it will always be greater than pq-2*SQRT(pq)+2. SQRT=SquareRoot) By first trying obvious, small factors of pq, it would be possible to establish a lower bounds on (p-1)(q-1)+1. Consider the following example using small numbers: pq=161 Now, suppose you have a public key exponent 7. You try a few factors say, 2 and 3 on 161, which don't factor it. You now know that p>3 and q>3. Therefore, the smallest value pq could be would be pq-3-pq/3+2, which is 161-3-53.6+2=106.4 The square root of 161 is ~12.7. Therefore the upper limit of (p-1)(q-1)+1=pq-2(12.7)+2=161-25.4+2=137.6 Since we are only dealing with whole numbers, we have 107 15 5.6 d=6 or d=7 Only two possibilities! This attack can be used on large numbers too. Suppose pq=10^50 (approximately). Then suppose you try dividing with the first billion (10^9) numbers and are not able to find a factor of pq. You then know that p>10^9 and q>10^9. Therefore (p-1)(q-1)+1 lower bound is 10^50-10^9-10^41+2, and the upper bound is 10^50-2*10^25+2. Although that is still a lot of possibilities, it does eliminates 99.9999999% of possibilities for d. If d is small, it would be a relatively quick search. If e was greater than 10^48, there would be fewer than 100 possibilities for d. This attack can be avoided. Consider again the previous example: p=7 q=23 pq=161 de=(p-1)(q-1)+1=133 d=19 e=7 If for any x, x mod pq = x^(de) mod pq then, by substitution, we have: x^(de) mod pq = x^(2de) mod pq therefore, x^(2de) mod pq = x^(3de) mod pq combining this, we have: x mod pq = x^(de) mod pq = x^(2de) mod pq = x^(3de) mod pq = x^(4de) mod pq ... and so on. Taking 2(p-1)(q-1) where p=7, q=23 gives 265. That factors into 53*5. We have another keypair in additon to the 7,19 already found. Continuing on, we find many more keypairs: (7-1)(23-1)+1=133=7*19 2(7-1)(23-1)+1=265=53*5 3(7-1)(23-1)+1=397 (prime) 4(7-1)(23-1)+1=529=23*23 5(7-1)(23-1)+1=661 (prime) 6(7-1)(23-1)+1=793=61*13 7(7-1)(23-1)+1=925=25*37 8(7-1)(23-1)+1=1057=151*7 (duplicate of 19*7; 19+133=151) 9(7-1)(23-1)+1=1189=41*29 10(7-1)(23-1)+1=1321 (prime) 11(7-1)(23-1)+1=1453 (prime) 12(7-1)(23-1)+1=1585=317*5 (duplicate of 53*5) 13(7-1)(23-1)+1=1717=101*17 14(7-1)(23-1)+1=1849=43*43 15(7-1)(23-1)+1=1981=283*7 (duplicate of 19*7) 16(7-1)(23-1)+1=2113 (prime) 17(7-1)(23-1)+1=2245=449*5 (duplicate of 53*5) 18(7-1)(23-1)+1=2377 (prime) 19(7-1)(23-1)+1=2509=13*193 (duplicate of 61*13) 20(7-1)(23-1)+1=2641=139*19 (duplicate of 7*19) 21(7-1)(23-1)+1=2773=47*59 22(7-1)(23-1)+1=2905=35*83 23(7-1)(23-1)+1=3037 (prime) 24(7-1)(23-1)+1=3169 (prime) 25(7-1)(23-1)+1=3301 (prime) Some are duplicates, and some are primes, but we have found 8 key pairs: 7*19, 53*5, 61*13, 25*37, 41*29, 101*17, 47*59, and 35*83. We also found two self-reversing secret keys, 23 and 43. If you continue this on, you will find keypairs containing every prime number that is not a factor of (p-1)(q-1). By using this method, you can easily find a keypair with large enough numbers to defeat guessing techniques. For example, 47*59 and 35*83 might be good choices. Furthermore, d*e will not be simply (p-1)(q-1)+1, which defeats the method of guessing the range of values described earlier. Remember: In the RSA PK system, key generation is everything. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Al Billings Date: Sun, 16 Jan 94 14:16:03 PST To: cypherpunks@toad.com Subject: message (fwd) Message-ID: MIME-Version: 1.0 Content-Type: text/plain Something found on another list... ---------------------------------------------------------------------- From: nobody@CICADA.BERKELEY.EDU Subject: *SQUISH* THE TENTACLES IN CYBERSPACE!! To: MIND-L@asylum.sf.ca.us Message-id: <9401161201.AA32913@cicada.berkeley.edu> Content-transfer-encoding: 7BIT Remailed-By: Tommy the Tourist INTRODUCING === ##### #### ## ## #### ##### ## ## ### ## ## ## ## ## ### ## ## #### ## ## ## ## ## #### ###### ### ## ## ## ## ## ### ## ## ##### ###\\ #### #### ##### ## ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the SECRETLY QUIZZICAL UNIFIED INTERNET SNAKE HUNT! * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * ENDLESS ENTERTAINMENT * CONTENTS ======== - INTRODUCTION - UPDATES - DEADLINE - THE CASH PRIZE - MORE ABOUT `SQUISH' & `FACE' - QUESTIONS === The recent WHITE HOT interest by multiple groups and individuals in the CYBERANARCHIST TENTACLE INFILTRATIONS into the Internet have inspired an EXCITING NEW CONTEST and COMPETITION! we, the Federation of Associations of Cyberspace Everywhere (FACE), announce the SUPREMELY QUACKY UNIFIED INTERNET SNAKE HUNT! (SQUISH) * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * FAMOUS PARTICIPANTS * UPDATES === updates on the SQUISH contest will be posted regularly. Send in notice of the more spectacular point accumulations with proof for verifications immediately and the Halls of Fame and Shame. Unverified points are not valid toward the cash prize. DEADLINE === TIME IS RUNNING OUT! AVOID INQUIRING FURTHER OR WAITING FOR FURTHER INSTRUCTIONS. START IMMEDIATELY! MONTHS OF PARTICIPATION ARE REQUIRED TO ACCUMULATE COMPETITIVE STANDING. SOME PARTICIPANTS ALREADY HAVE A HEAD START. THE CASH PRIZE WILL BE AWARDED APRIL 1, 1994. FURTHER INCREMENTS WILL BE AWARDED AT YEARLY INTERVALS THEREAFTER. MORE ABOUT `SQUISH' AND `FACE' === The Federation of Associations of Cyberspace, Everywhere was founded in 1994 as a group that coordinates the activities among the many different online organizations. We have played a very low-profile role to date, and wanted to find some way of promoting our newfound alliance. We have groups combined from BBSes, local area networks, the Internet, and other global and local networks around the world (see below). We have built up some membership funds from the contributing organizations and private contributions to provide the prize money for SQUISH, and some private individuals have donated significant amounts. The contest was inspired by S.Boxx, who was the architect of point classifications and the current opponent lists. S.Boxx has also promised to provide any funds necessary for the successful completion of the contest. We hope that recent interest into snakes and tentacles by many on the Internet will make the contest spirited entertainment and a strong success. We encourage reporters and the media to use this announcement as our official press release. Feel free to redistribute or comment on this announcement in any forum. QUESTIONS === Address further questions to cypherpunks@toad.com, gnu@toad.com, tcmay@netcom.com, or hughes@ah.com. Some additional information is available in RISKS 15.25, 15.27, 15.28x: ftp CRVAX.SRI.COM, login anonymous, directory RISKS: (include the colon), file RISKS-i.j === ///// //// // // //// ///// // // /// // // // // // /// // // //// // // // // // //// ////// /// // // // // // /// // // ///// ///\\ //// //// ///// // // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the STELLARLY QUOTABLE INTERNET SNAKE HUNT! === Brought to you as a coordinated effort between the individuals * S.BOXX * MEDUSA * INFOCALYPSE * THE EXECUTIONER * PABLO ESCOBAR * DEADBEAT and the Federation of Associations of Cyberspace Everywhere (FACE) * ILF (INFORMATION LIBERATION FRONT) * BLACKNET (INTERNET ESPIONAGE COORDINATION HEADQUARTERS) * BLOODNET (CYBERSPATIAL BLACK MARKETEERING AND LIQUIDATION SQUAD) * CRAM (CYBERSPATIAL REALITY ADVANCEMENT MOVEMENT) * CRaP (CYBERANARCHIST REPRESSION AND POISON) * CY{B,PH}ER{PU,WO}NKS === * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * CRIMINAL CONVICTIONS * * GRISLY DEATH TORTURE * JUDGEMENT DAY * APOCALYPSE NOW * From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Ingle Date: Sun, 16 Jan 94 13:58:15 PST To: cypherpunks@toad.com Subject: PGP, security, Applied Crypto, etc. Message-ID: <01H7RA9I5WYC99EII9@delphi.com> MIME-Version: 1.0 Content-Type: text/plain Anon asked about changing PGP userids: pgp -ke Applied Crypto: John Wiley & Sons Inc. ISBN: 0-471-59756-2 Bookstores have no trouble looking it up from the title. About PGP security: is PGP safe with 17 used as the public exponent? Someone pointed out that pgp -kg 1024 17 will create a 1024-bit modulus and a 17-bit e, so you can create a larger e if you want to. I tried it and it's no slower. There is a compile-time constant which could make this a default - should it be increased? --- Mike From USA Weekend: "Nicole Richardson, 20, of Mobile, Ala., is serving a 10-year mandatory sentence without parole for her first offense. Her crime? As a high-school senior, she fell in love with a small-time drug dealer. A police informant called to ask where he could find the boyfriend to finalize an LSD sale. She told him and was arrested for conspiracy to distribute LSD. Because she had no information to trade for a lesser sentence, she was put away for a decade. Her boyfriend, who did have information, got five years." Now doesn't that make you proud to be an American? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Sun, 16 Jan 94 15:09:05 PST To: Cypherpunks Mailing List Subject: Re: PGP posting validation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- On Sun, 16 Jan 1994, DrZaphod wrote: > Robert A. Hayden [hayden@krypton.mankato.msus.edu] wrote: Just to verify, I followed up to a previous posting, it wasn't mine originally :-) > > > > Here's my two cents' worth- how about a filter on incoming mail to the list > > > that performs these functions: > > > 1) check the incoming post for a PGP signature > > > 2) If a sig is found, check it against the list's public keyring > > Hmm.. this would allow us to prove that THE LIST thinks he's > who he says he is.. or who THE LIST tells us he is.. Now, I am not > paranoid against THE LIST, but I suggest that THE PEOPLE should > not filter THEIR thoughts. What of censorship [on an aside, is there > a censor apprenticeship? Why the 'ship?']!? If you must censor.. > censor your own messages with filters running on your own machine.. > maybe even publish your filter list to the net so we can all understand > each other. Remember that there will always be a percentage of noise > in any public forum.. there is no average without these outliers. > For a group SO interested in RANDOM numbers, some people sure do want > to organize everything. TTFN. Please don't take this as confrontational (ie, this is not a flame :-) How would requiring that postings made to a list be verifyable be censorship? What it does is verify that REAL people posted the message and that the person who's address is on the message is actually the person that posted it. Now, granted, I suppose it could end up dumping some postings because they were forged, and that is sort of censoring. But it isn't censoring based on content, but based on the fact that it appears to be a forgery. And by bouncing a message back to the person that posted it, you give them an opportunity to repost (this time signed) in case they forgot. Also, as for the filter idea. If some jerk is posting a message as appearing to come from schmuck@foo.bar.com, yes, I could add that address to my filter and delete it before i see it, but if the jerk starts posting as coming from idjit@bar.foo.com, I'd have to add another filter line. By doing a check of the digital signature against the posters public key, you eliminate most instances of forgery. Of course, if the poster's key is compromised, that's a different story. ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and \/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTnJ/53BsrEqkf9NAQEUNgP/ZcToPpXmZ1LodtlMUi3xibxppUEAKv5H czC97H08Lewk+E9Ss2eRjJWWfMsqTE7Yo1o7iAD+aB6dhrpSLNJ4XuTLD/Z8SWO2 OeWZTgSp1gwAbqrQBRyIkq0Ocu5GgI9bURzqoSfUQ6s1sPi8fSqICghG0vV5sXYd IFqoEJQSTPc= =sIKV -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Bruce Pea Date: Sun, 16 Jan 94 15:18:47 PST To: cypherpunks@toad.com Subject: UNSUBSCRIBE Message-ID: <199401162318.AA02306@dragonfly.wri.com> MIME-Version: 1.0 Content-Type: text/plain UNSUBSCRIBE From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Lee Wittenberg Date: Sun, 16 Jan 94 14:36:04 PST To: hughes@ah.com Subject: [remailer@dis.org (remailer bogus account): THE *GREATEST* MOMENT IN CYBERSPATIAL HISTORY!!] Message-ID: MIME-Version: 1.0 Content-Type: text/plain Please make sure I don't get this anymore. Thank you. --------------- Received: from TURBO.Kean.EDU by pilot.njin.net (5.59/SMI4.0/RU1.5/3.08) id AA29225; Sun, 16 Jan 94 00:49:22 EST Received: from soda.berkeley.edu by TURBO.Kean.EDU; 16 Jan 94 00:40:20 EST Received: from merde.dis.org (uucp@localhost) by soda.berkeley.edu (8.6.4/PHILMAIL-1.10) with UUCP id VAA10287 for SIGPAST@List.Kean.EDU; Sat, 15 Jan 1994 21:23:19 -0800 Received: by merde.dis.org (4.1/SMI-4.2) id AA17326; Sat, 15 Jan 94 21:21:11 PST Date: Sat, 15 Jan 94 21:21:11 PST From: remailer@dis.org (remailer bogus account) Message-Id: <9401160521.AA17326@merde.dis.org> To: SIGPAST@list.kean.edu Subject: THE *GREATEST* MOMENT IN CYBERSPATIAL HISTORY!! Remailed-By: remailer bogus account Reply-To: SIGPAST@list.kean.edu, remailer@dis.org (remailer bogus account) DO NOT REDISTRIBUTE. === ##### #### ## ## #### ##### ## ## ### ## ## ## ## ## ### ## ## #### ## ## ## ## ## #### ###### ### ## ## ## ## ## ### ## ## ##### ###\\ #### #### ##### ## ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the SOPHOMORIC QUARTERLY UNIFIED INTERNET SNAKE HUNT! * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * ENDLESS ENTERTAINMENT * CONTENTS ======== - INTRODUCTION - OBJECT OF SQUISH - SQUISH DIRECTIONS - UPDATES - THE CASH PRIZE - DEADLINE - MORE ABOUT `SQUISH' & `FACE' - QUESTIONS === The recent WHITE HOT interest by multiple groups and individuals in the CYBERANARCHIST TENTACLE INFILTRATIONS into the Internet have inspired an EXCITING NEW CONTEST and COMPETITION! we, the Federation of Associations of Cyberspace Everywhere (FACE), announce the SUPREMELY QUACKY UNIFIED INTERNET SNAKE HUNT! (SQUISH) * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * FAMOUS PARTICIPANTS * === OBJECT OF SQUISH the OBJECT of SQUISH is to find TENTACLES and SNAKES. A TENTACLE is an email address used by a real person for the purpose of concealing their identity from others. A SNAKE is a TENTACLE that is particularly wicked and evil and will lie and trick others into believing the TENTACLE is real. In words, the more consequential and malicious a TENTACLE, the more it is a SNAKE. Different points are awarded for playing. Anyone who can send mail can play! The simplest and cheapest points come from sending email to suspected SNAKES and TENTACLES, and chalking up points depending on the responses. Larger points are awarded for `real world' interactions such as calling suspected tentacles and snakes at their telephone numbers. When a snake or tentacle gets upset in response to mail, it is said to be QUIVERING. It will go through CONTORTIONS to convince you to leave it alone and may begin to SQUIRM if you persist. When people are not writing through fake email addresses, they are said to be using their TRUE NAME. TRUE NAMES may go through quivering, contortions, and squirming too. Sometimes snakes or tentacles may threaten to stop using an email account entirely. Some of the TRUE NAMES are BIG MACS and some are SMALL FRIES. Much larger points are awarded for exposing the BIG MACS, but some points are available for SMALL FRIES. BIG MACS are famous people on the Internet-- people that no one would expect have snakes and tentacles, or have media stories written about them. Massive points are awarded for BIG MAC exposures. Matches take place in Cyberspace on the PLAYFIELD, with different regions consisting of INFECTED OUTLETS, CRIME SCENES, and KILLING FIELDS. A KILLING FIELD is a place where a tentacle and a player compete or a Big Mac is assaulted. INFECTED OUTLETS are media outlets or journals that carry BIG MAC propaganda, disinformation, or lies. A CRIME SCENE is a place where provably illegal activity takes place, e.g. someone passes a bribe. The grand point prizes go to anyone who can expose MEDUSA. MEDUSA is the leader of all SMALL FRIES and BIG MACS, a wicked, evil incarnation of SATAN on the Internet. She is the originator and chief proseletyzer of the art, science, and religion of lies. MEDUSA has dozens of SNAKES all over the Internet, particularly in extremely sensitive areas such as Internet protocol development (e.g. mercantile or digital cash protocols), posting from public access sites and even `covers' and `front' sites, these are called POISON NEEDLES. Corrupt administrators are always either BIG MACS or SMALL FRIES. Some sites have administrators who are unaware or apathetic toward infiltrations, these are called PAWNS. MEDUSA is the orchestrator of a MASSIVE INTERNATIONAL CONSPIRACY to STRANGLE, SABOTAGE, and POISON THE INTERNET. Anyone who can drive MEDUSA and all the corrupt BIG MACS from Cyberspace and the real world forever is called THE SAVIOR and said to have DRIVEN THE PHARISEES FROM THE TEMPLE. However, the player must avoid being CRUCIFIED or the cash award will not be given. POINTS can be traded in for COLD CASH. The first person with more than 500 points gets A DOLLAR PER POINT (some restrictions apply, not valid in all areas, void where prohibited by law, taxes may vary). * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * MYSTERIES OF THE UNKNOWN * === SQUISH DIRECTIONS 1. Consult the list of SUSPECTED SMALL FRIES, BIG MACS, SNAKES, TENTACLES, MEDUSA & SISTERS, and POISON NEEDLES below. Send mail to any attempting to discover whether they are real or fake, or have knowledge of other BIG MACS or even MEDUSA. 2. When you get CONTORTIONS or SQUIRMS, or mount COUNTERMEASURES, keep track of your all your points in a file. Ratings are listed under RATINGS below. List the persons and email addresses involved and quote the actual mail. Keep permanent and complete records of all mail. 3. The biggest points are awarded for the greatest deceptions. Some snakes in the lists below (the most deceitful ones) have actually installed out-of-state phone numbers, developed software for coordination, and have an international arsenal of infiltration points. 4. In particular go after the BIG MACS and MEDUSA, where the most fantastic points are awarded. Some BIG MACS know of MEDUSA; they are called MEDUSA'S SISTERS. 5. The categories listed below of SUSPECTED SNAKES, TENTACLES, ACCOMPLICES, BIG MACS, and MEDUSA are not conclusive or definitive. In particular, some people in these lists may be INNOCENT BYSTANDERS, and their harassment should be minimized. But, be careful! the SNAKES, TENTACLES, ACCOMPLICES, BIG MACS, and MEDUSA will all claim to be INNOCENT BYSTANDERS. (rules subject to change without notice. watch for further announcements.) * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * SECRET CONSPIRACIES * UPDATES === updates on the SQUISH contest will be posted regularly. Send in notice of the more spectacular point accumulations with proof for verifications immediately and the Halls of Fame and Shame. Unverified points are not valid toward the cash prize. THE CASH PRIZE === A cash prize will be awarded to the first person to surpass 500 points, one dollar per point. The person may continue playing to continue to gain cash. Further awards may be presented to close contenders. Some restrictions apply. Void where prohibited. Tax not included. In the case of deceased victims the award will be given to the nearest living relative, or the Federation of Associations of Cyberspace Everywhere (FACE) if all relatives have met mysterious fatal accidents as well. If the world economies have collapsed from cyberanarchist sabotage before the award is granted, no further action is necessary (this constitutes the final sign of the Apocalypse). DEADLINE === TIME IS RUNNING OUT! AVOID INQUIRING FURTHER OR WAITING FOR FURTHER INSTRUCTIONS. START IMMEDIATELY! MONTHS OF PARTICIPATION ARE REQUIRED TO ACCUMULATE COMPETITIVE STANDING. SOME PARTICIPANTS ALREADY HAVE A HEAD START. THE CASH PRIZE WILL BE AWARDED APRIL 1, 1994. FURTHER INCREMENTS WILL BE AWARDED AT YEARLY INTERVALS THEREAFTER. MORE ABOUT `SQUISH' AND `FACE' === The Federation of Associations of Cyberspace, Everywhere was founded in 1994 as a group that coordinates the activities among the many different online organizations. We have played a very low-profile role to date, and wanted to find some way of promoting our newfound alliance. We have groups combined from BBSes, local area networks, the Internet, and other global and local networks around the world (see below). We have built up some membership funds from the contributing organizations and private contributions to provide the prize money for SQUISH, and some private individuals have donated significant amounts. The contest was inspired by S.Boxx, who was the architect of point classifications and the current opponent lists. S.Boxx has also promised to provide any funds necessary for the successful completion of the contest. We hope that recent interest into snakes and tentacles by many on the Internet will make the contest spirited entertainment and a strong success. We encourage reporters and the media to use this announcement as our official press release. Feel free to redistribute or comment on this announcement in any forum. QUESTIONS === Address further questions to cypherpunks@toad.com, gnu@toad.com, tcmay@netcom.com, or hughes@ah.com. Some additional information is available in RISKS 15.25, 15.27, 15.28x: ftp CRVAX.SRI.COM, login anonymous, directory RISKS: (include the colon), file RISKS-i.j === ///// //// // // //// ///// // // /// // // // // // /// // // //// // // // // // //// ////// /// // // // // // /// // // ///// ///\\ //// //// ///// // // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the SUGGESTIVELY QUESTIONABLE UNIFIED INTERNET SNAKE HUNT! === Brought to you as a coordinated effort between the individuals * S.BOXX * MEDUSA * INFOCALYPSE * THE EXECUTIONER * PABLO ESCOBAR * DEADBEAT and the Federation of Associations of Cyberspace Everywhere (FACE) * ILF (INFORMATION LIBERATION FRONT) * BLACKNET (INTERNET ESPIONAGE COORDINATION HEADQUARTERS) * BLOODNET (CYBERSPATIAL BLACK MARKETEERING AND LIQUIDATION SQUAD) * CRAM (CYBERSPATIAL REALITY ADVANCEMENT MOVEMENT) * CRaP (CYBERANARCHIST REPRESSION AND POISON) * CY{B,PH}ER{PU,WO}NKS === * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * CRIMINAL CONVICTIONS * * GRISLY DEATH TORTURE * JUDGEMENT DAY * APOCALYPSE NOW * From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Duncan Frissell Date: Sun, 16 Jan 94 14:48:15 PST To: cypherpunks@toad.com Subject: Re: Crypto and taxes Message-ID: <199401162247.AA00203@panix.com> MIME-Version: 1.0 Content-Type: text/plain To: cypherpunks@toad.com Perry says: P >Perhaps not. Its very common in many large business conducted here in P >New York in certain seemingly legitimate industries for much of the P >business to be conducted off the books -- people who will take cash P >for work are sought after. I will not name the industry in question, P >but it is one of the few major ones left in the city and it isn't P >finance. The size of NYC's underground economy can be proven by the fact that almost any mortgage lender will give you a "No Income Verification" loan for a residential property. They don't care where you get the dough from as long as you have a good record of making payments (they still do a credit check). DCF --- WinQwk 2.0b#1165 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@pmantis.berkeley.edu Date: Sun, 16 Jan 94 18:13:15 PST To: cypherpunks@toad.com Subject: CYBERSPATIAL SNAKE *SQUISHING* CONTEST!! HUGE CASH PRIZE!! Message-ID: <9401170210.AA23463@pmantis.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain INTRODUCING === ##### #### ## ## #### ##### ## ## ### ## ## ## ## ## ### ## ## #### ## ## ## ## ## #### ###### ### ## ## ## ## ## ### ## ## ##### ###\\ #### #### ##### ## ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the SECRETLY QUIZZICAL UNIFIED INTERNET SNAKE HUNT! * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * ENDLESS ENTERTAINMENT * CONTENTS ======== - INTRODUCTION - UPDATES - DEADLINE - THE CASH PRIZE - MORE ABOUT `SQUISH' & `FACE' - QUESTIONS === The recent WHITE HOT interest by multiple groups and individuals in the CYBERANARCHIST TENTACLE INFILTRATIONS into the Internet have inspired an EXCITING NEW CONTEST and COMPETITION! we, the Federation of Associations of Cyberspace Everywhere (FACE), announce the SUPREMELY QUACKY UNIFIED INTERNET SNAKE HUNT! (SQUISH) * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * FAMOUS PARTICIPANTS * UPDATES === updates on the SQUISH contest will be posted regularly. Send in notice of the more spectacular point accumulations with proof for verifications immediately and the Halls of Fame and Shame. Unverified points are not valid toward the cash prize. DEADLINE === TIME IS RUNNING OUT! AVOID INQUIRING FURTHER OR WAITING FOR FURTHER INSTRUCTIONS. START IMMEDIATELY! MONTHS OF PARTICIPATION ARE REQUIRED TO ACCUMULATE COMPETITIVE STANDING. SOME PARTICIPANTS ALREADY HAVE A HEAD START. THE CASH PRIZE WILL BE AWARDED APRIL 1, 1994. FURTHER INCREMENTS WILL BE AWARDED AT YEARLY INTERVALS THEREAFTER. MORE ABOUT `SQUISH' AND `FACE' === The Federation of Associations of Cyberspace, Everywhere was founded in 1994 as a group that coordinates the activities among the many different online organizations. We have played a very low-profile role to date, and wanted to find some way of promoting our newfound alliance. We have groups combined from BBSes, local area networks, the Internet, and other global and local networks around the world (see below). We have built up some membership funds from the contributing organizations and private contributions to provide the prize money for SQUISH, and some private individuals have donated significant amounts. The contest was inspired by S.Boxx, who was the architect of point classifications and the current opponent lists. S.Boxx has also promised to provide any funds necessary for the successful completion of the contest. We hope that recent interest into snakes and tentacles by many on the Internet will make the contest spirited entertainment and a strong success. We encourage reporters and the media to use this announcement as our official press release. Feel free to redistribute or comment on this announcement in any forum. QUESTIONS === Address further questions to cypherpunks@toad.com, gnu@toad.com, tcmay@netcom.com, or hughes@ah.com. Some additional information is available in RISKS 15.25, 15.27, 15.28x: ftp CRVAX.SRI.COM, login anonymous, directory RISKS: (include the colon), file RISKS-i.j === ///// //// // // //// ///// // // /// // // // // // /// // // //// // // // // // //// ////// /// // // // // // /// // // ///// ///\\ //// //// ///// // // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the STELLARLY QUOTABLE INTERNET SNAKE HUNT! === Brought to you as a coordinated effort between the individuals * S.BOXX * MEDUSA * INFOCALYPSE * THE EXECUTIONER * PABLO ESCOBAR * DEADBEAT and the Federation of Associations of Cyberspace Everywhere (FACE) * ILF (INFORMATION LIBERATION FRONT) * BLACKNET (INTERNET ESPIONAGE COORDINATION HEADQUARTERS) * BLOODNET (CYBERSPATIAL BLACK MARKETEERING AND LIQUIDATION SQUAD) * CRAM (CYBERSPATIAL REALITY ADVANCEMENT MOVEMENT) * CRaP (CYBERANARCHIST REPRESSION AND POISON) * CY{B,PH}ER{PU,WO}NKS === * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * CRIMINAL CONVICTIONS * * GRISLY DEATH TORTURE * JUDGEMENT DAY * APOCALYPSE NOW * From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ltech1!ltech1!mercury@msen.com Date: Sun, 16 Jan 94 16:08:15 PST Subject: Unix joke. Message-ID: MIME-Version: 1.0 Content-Type: text/plain I'm leaving for now, but I thought I'd share this with you. Even though you get !!!!! in all your mail, you can't really use the ! in your mail command. I tried to mail to someone!account@system.net and I got an "Event not found" error. So I made this up: mail !Superbowl Superbowl: Event not found (bye) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Detweiler" Date: Sun, 16 Jan 94 17:33:15 PST To: cypherpunks@toad.com Subject: Remailer Technology Message-ID: <199401170131.SAA21284@longs.lance.colostate.edu> MIME-Version: 1.0 Content-Type: text/plain Hello darlings! I was playing with your remailers recently, yesterday in particular, and was a bit disappointed in them for a variety of reasons. I got a list of the current ones from K.Barrus some time ago but even this supposedly up-to-date list had a lot that appeared not to work. Out of ~20 on the list, ~8 sent back a ping message. One kept sending me some strange error. In another test, I sent out an informative posting to a whole bunch of mailing lists recently through some of the remailers. The remailers seem to be very fragile and can be overcome by a huge onslaught of postings. It appears that every new message spawns a new process, and the machines get overloaded and don't have memory left to do anything. Kind of a serious flaw! One could mess them up doing this. Good thing that no one has any malicious feelings toward the cypherpunks or their remailers, or this might have already happened. As a solution to the `spawning' problem, here is a possibility: I am just guessing, but I bet the perl script is grabbing in the message from the incoming socket at the beginning, and then closing the socket, and then going about its business to send the message out. But during this period, new messages can be sent to the now `clear' socket, hence spawning a new process. A solution would be to keep the socket `busy' for the duration of the execution of the perl code. Another solution is to have the messages sent into a buffering script, and something else continuously running in the background to go through the queue to send messages. Finally, I was wondering if anyone else was doing Ping tests on the remailers for run times and whether they post them. If there is interest I would be willing to write a script to automate this process and post the results say every week, so that people can keep abreast of what remailers are active and responsive. If we want a strong infrastructure for all our evil deeds, we have to make sure that it is resilient! Thanks, and please don't flame me for trying *earnestly* to contribute! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "W. Kinney" Date: Sun, 16 Jan 94 17:48:15 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation Message-ID: <199401170147.SAA03374@ucsu.Colorado.EDU> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Robert A. Hayden writes: >How would requiring that postings made to a list be verifyable be >censorship? What it does is verify that REAL people posted the message >and that the person who's address is on the message is actually the person >that posted it. I have to say, I'm uncomfortable with this, not even _considering_ the ironic similarity some of the ideas brought up lately bear to LD's original points about True Names and reputation servers. My point of view is that if the possibility of being spoofed is high enough, that should provide sufficient incentive to the the _poster_ to PGP sign his messages. None of this, however, precludes offering auto-validation of signatures by the list software as a service to those who choose to avail themselves of it. -- Will (Feeling rather smug that I've been signing most of my posts for a while...) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLTmKpvfv4TpIg2PxAQEV9wP9G2B6fy4GbH5K++8jdhbCWaJvZmcBFrda H9oCDHCUKwdCv/pTzxce/qupqYb5LQTHAAbvJJMl/GpwwfksGpYhxPJuc8kEqgI8 SUIhDstWjve5PqgALDPToL0Oh49vZpwG2YZbUHCg+fAs9oYVbyS8pOGCWU2im90K wV9RM8HNoTQ= =6eB+ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hfinney@shell.portal.com Date: Sun, 16 Jan 94 19:18:15 PST To: cypherpunks@toad.com Subject: Re: PGP's e exponent too small? Not! Message-ID: <199401170317.TAA24162@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Matthew J Ghio, , argues that low public exponents such as are used by PGP are unsafe in the RSA public-key cryptosystem. I think his analysis is mistaken, although there were a fair number of typing errors which make it hard to be sure I am understanding him correctly. > Here's why > you shouldn't use low powers of d: The issue is not whether the d power should be low; of course it should not be, since that is the secret exponent, and choosing a small one will make it easier to guess. The question is whether small e values are unsafe. I think this is just a typographical mistake. > Remember that d and e are factors of (p-1)(q-1)+1. This is the fundamental error in his analysis. The correct equation is d*e = 1 mod (p-1)(q-1) or, in other words: d*e = k(p-1)(q-1) + 1 All of Matthew's reasoning about putting bounds on d*e (he often writes of bounding p*q, but I'm pretty sure he means d*e) is based on this false assumption that d*e is a factor of (p-1)(q-1)+1. Actually, the true relation is that (p-1)(q-1) is a factor of d*e-1. The concern about low values of e in the Schneier book relates to the issue of RSA-encrypting the same value with the same low e value and different RSA moduli. This might be done if you were using "pure" RSA (which PGP and PEM do not) and encrypting the same message for multiple recipients. Kaliski is right that adding random padding to what is encrypted will eliminate this attack. PGP and PEM do add such random padding, following RSA's Public Key Crypto System standard. Hal -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTnW4agTA69YIUw3AQFPOAP9Hk+bwFCgF6F16Cl+WUh0ZfoUvHXLQGuV +pGVySmTe1yftSUq4NQTVMFmzHXc16MvxJjMBYgH445qpwn9EgHVHISG/YdaDsFs 9AA7c5lcgLxUPwzwkOLlUhICXyFLy+Hz9kWqE90ypd+7RFk0UiCwtIT9EsVywC0c 3GM8BKtJNJI= =/BA8 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: hfinney@shell.portal.com Date: Sun, 16 Jan 94 19:18:49 PST To: cypherpunks@toad.com Subject: Crypto and Taxes Message-ID: <199401170317.TAA24167@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I'll just briefly recap some of the points: Hal> I don't agree with the extreme position that cryptography will lead to Hal> the failure of the income tax and the destruction of the government. Perry> No one is arguing, by the way, that all the economy will go black. I'm Perry> merely noting that whereas right now its hard to lead a normal life Perry> entirely in the black economy (you suffer from a myriad of Perry> inconveniences), an anonymous offshore banking system that you have Perry> free access to changes all that. It's not clear to what extent Perry and I disagree here. I agree that some people will exploit the new opportunities. My doubt is whether the vast silent majority on which the government depends for its taxation revenues will do so. I read the other day that the government gets something like 70-80% of its tax revenues from people making less than $35,000 a year. These people are not financially sophisticated. Duncan> In traditional Black Markets, the transactions are illegal. In future Duncan> Black Markets on the nets, most of the transactions will be legal. Duncan> Legality certainly encourages transactions relative to illegality. I agree with the last point about legality helping, but I don't understand why most transactions will become legal in the future. I thought we were talking about ways to evade laws via cryptography. My assumption is that governments would actually crack down when faced with lost revenue, similar to what was described as happening in Italy: ??> Customers are fined for leaving businesses without a receipt. Your car may ??> be stopped and searched for undocumented merchandise at any time. Imputed ??> income taxes for self-employed people are at ridiculous levels (i.e. a ??> large degree of evasion is assumed). Taxes are levied on everything (car ??> radios, the width of your driveway, electric lighters for gas stoves). So I'd think even more transactions would be illegal in the future. The main issue, I thought, was whether people would widely risk violating these laws in order to save on their taxes, and whether cryptography would let them do so with impunity. Duncan> You left out a few information purchases: education, much of medicine, Duncan> all of financial services, design, marketing, supervision, and Duncan> management. Duncan is pointing out that more of the economy is in the form of information than I was counting. Even if we count these things as information, though, the question is still to what extent the providers of these services will be able to escape taxation. Take medicine as an example. I should be able to go to a doctor today and pay him cash, off the books, at a greatly reduced rate, for my medical services. Yet no doctor I've ever seen, and I've probably seen twenty or thirty in my lifetime, has ever suggested that. I don't see how cryptography will change this. Duncan> Once the interface is good enough, virtual offices with full workgroup Duncan> interaction built of pure information will spring up and the Duncan> "information" component of much of what we think of as physical work Duncan> will become apparent. Is this the key, people working for virtual businesses? No one knows the true name of anybody else, so no one is afraid of being caught? I am still skeptical. A whole nation of people tele-commutes to work for companies whose name they don't know, with co-workers protected by aliases, all so they can be paid in cash for their services. I find this notion implausible in the extreme. Joe and Jane Sixpack aren't going to want to work for a boss who wears a mask. Duncan> If you wander down the shopping street of a future MUD/MOO and you Duncan> buy or sell things, what nation has jurisdiction for tax purposes. Duncan> What if the MUD/MOO exists as a set of cooperative processes spread Duncan> around the globe. This may be uncertain now, but I don't see why it would always remain that way. There is nothing to stop governments from declaring, say, that residents in their boundaries are subject to their taxation, or that their citizens are subject to their taxes regardless of where they do business. More interesting from the crypto perspective would be the case where the business in the MUD refuses to disclose its true nationality or location. There again, though, I think running an anonymous corporation will pose many practical problems. Sandy> You don't need to Sandy> *own* a car, to have the *use* of a car. Imagine leasing a car Sandy> and using your cyberspace bank digital checks, digital money or Sandy> credit card to pay the monthly rent. No audit trail, and no Sandy> asset to be seized. Similar techniques can be used for virtually Sandy> all of your assets. How does this bear on the issue of government collapse due to failure of income tax? This example actually strikes me as an unobjectionable use of cryptography, one in which individual privacy is protected. The only tax consequence I see is possible avoidance of sales tax, which is col- lected only at the state level and not the national level. Sandy's example shows that car rental agencies might be able to operate on a cash basis, like the local fried chicken outlet. I don't see how this brings down the government. Sandy> I think Hal hasn't been reading Duncan or my posts very closely. Sandy> Here's a hint: A Cayman Islands corporation is a non-US citizen Sandy> even if it is owned by an American. Sandy is replying to my question about moving out of the country to avoid taxes. I gather that he is suggesting that people could set up corporations in the Cayman Islands and somehow divert some of their income to them, so that the income would be shielded from taxes. Can this be done today? Can I go to my boss and ask him to start sending my salary to this numbered bank account in the Cayman Islands, and to stop troubling the U.S. government with information about how much he is paying me? Sounds great. Why doesn't everybody do it, and why will everybody start doing it in the future? To sum up, I am willing to accept that people will be eager to avoid paying taxes, but I still doubt that cryptography will bring down the United States government. Particularly when we consider the lack of sophistication (both financial and technical) of the vast middle class who provide the bulk of tax receipts, I think that virtual corporations and offshore tax havens are not likely to become widespread enough to seriously endanger the government. (In response to John Kreznar's comments about my use of the term "cheating" to refer to violation of tax laws, I accept the thrust of his comments but I'll just observe that while preparing a false set of books may be justified and in some circumstances even honorable, it is not honest.) Hal -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTnMY6gTA69YIUw3AQHqlgP/d6GTpNrK3c4B/jfxT5tQqAJ0uBkvc5Y7 fh1dtj16QrR/CmAHEJVV+JWXUjwaTnjqO1RdgPJfjjG1U7CaSiuy84OVlyQPSpAc JeIC7qa1HfqXRCK/bQmxcJMhbOULMKkk2plphcwDvL2Tlxe8DXvmgDLS21DUV6r+ bOT9RBf2U3c= =p55w -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jkyser@netcom.com (Jeff Kyser) Date: Sun, 16 Jan 94 19:26:03 PST To: cypherpunks@toad.com Subject: Applied Cryptography Disk via FTP? Message-ID: <199401170326.TAA14619@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain I just purchased a copy of Schneier's Applied Cryptography, and am interested in obtaining the source code disk set that accompanies the book. Does anyone know if these disks are available via FTP? Any pointers would be appreciated. Thanks, Jeff -- Jeff Kyser PGP 2.3 public key available via finger jkyser@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "W. Kinney" Date: Sun, 16 Jan 94 18:48:15 PST To: cypherpunks@toad.com Subject: LD's "Contest" Message-ID: <199401170244.TAA08102@ucsu.Colorado.EDU> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Detweiler froths: > * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * > * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * >> * FANTASTIC FUN FOR EVERYONE * CRIMINAL CONVICTIONS * > * GRISLY DEATH TORTURE * JUDGEMENT DAY * APOCALYPSE NOW * Sorry, but I did laugh in spite of myself. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLTmYOvfv4TpIg2PxAQGwaAP8C9iVJ0K5v5+huawNVpIOcp5oD9wsCMCp VKPfR1687Y7YZuxbZSscKzxnztK6hRvfkryMLqOl5scZ+LcYJioRfOz0Db84HSdm ZB+nigsjuhaIg4ON8BELYORCoq20EXjHRVKHLDAEV+3OYRkxJeYeaiJ8vY2x2nuC 2wkiZhygtoU= =OA5H -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: greg@ideath.goldenbear.com (Greg Broiles) Date: Sun, 16 Jan 94 20:33:15 PST To: cypherpunks@toad.com Subject: A modest proposal Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I suggest that remailer operators might find it useful to redirect remailing requests originating from Detweiler directly to postmaster@lance.colostate.edu. - -- Greg Broiles "Sometimes you're the windshield, greg@goldenbear.com sometimes you're the bug." -- Mark Knopfler -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLToPH33YhjZY3fMNAQE8RAQAoMv09y0bEdUWvmSFYwW7UhTaNjpE7Nkf q0PxA0QiT+xK3tRTvzSxzFVpUnDuERW9GwiySnPp/9XekdmKA6lP3oLMafwHbE8+ LkKHnZGJYhtYzE24dqgyW60GyMvqVWAnBlyivtkmn4zrsOIDQKolFBde5jt/cEi1 e1r3g3ilMZU= =B/s/ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Sun, 16 Jan 94 17:08:49 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation Message-ID: MIME-Version: 1.0 Content-Type: text/plain Just to throw in my two cents worth: How about this: Subscribes to the list (or anyone) can register their public keys with a special keyserver that is part of the mailing list software. Then, on any posts made thereafter, signed with that public key, the list software would append a header identifying the sender, their public key ID, and their key fingerprint/md5-hash. To prevent spoofing by registering false key IDs, the system could keep a reputation on each key, and report the number of days that key had been registered, and the number of posts. For example, a typical header might look like: From: John Doe Subject: Whatever Date: Tue, 27 May 1996 02:19:35 GMT PGP-Authenticated-As: 1296A5/1F5A6792E5609CD7A932B1C82CAE934F; John Doe PGP-Key-Reputation: 372d / 197p Assuming that John Doe had been on the list over a year (372 days) and had made 197 posts. If suddenly a post appeared: From: John Doe Subject: Detweiler Date: Tue, 29 May 1996 18:23:56 GMT PGP-Authentication: Unknown Key It would indicate that it was signed with a key that the system didn't have in its database; an obvious forgery. Hovever if the spoofer was able to register a false public key with the server, with John Doe's name on it: From: John Doe Subject: SQUISH Date: Tue, 29 May 1996 23:39:47 GMT PGP-Authenticated-As: 1296A5/6A1DFF5A49D56029B725E05609C0D7A9; John Doe PGP-Key-Reputation: 0d / 0p It would still be an obvious forgery, because the key had no reputation. Anonymous users might like this feature, because they could identify their posts without exposing their email addresses. I don't think it's really necessary to block posts from people who don't sign them, there are circumstances where it's not feasible to do so, but perhaps a warning could be added such as: PGP-Authentication: None From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdwilson@gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Sun, 16 Jan 94 22:19:11 PST To: shipley@merde.dis.org (Peter shipley) Subject: Re: MEDUSA *LIVES* IN CYBERSPACE!! (fwd) In-Reply-To: <9401170519.AA21075@merde.dis.org> Message-ID: <9401170618.AA28199@gold.chem.hawaii.edu> MIME-Version: 1.0 Content-Type: text/plain Re: > > -----BEGIN PGP SIGNED MESSAGE----- > > > I just got this emailed to me at the technical and administrative contact = > for > the dis.org (where a remailer is mainiained). Since cypherpunks > is given credit for the contence I figgured I would forward the > complaint... > > -Pete Shipley > > - ------- Forwarded Message > > Return-Path: lwright@cac.washington.edu > the dis.org domain. I would appreciate it if you would let > "remailer" know that this announcement was completely unappreciated > by the 730 members of the CLASSICS list and that we do not want > this to happen again. Thank you. > > - - -Linda Wright > University of Washington Did you send her the info postmaster@longs.lance.colostate.edu disavowing "ownership" of this msg? -Jim From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Sun, 16 Jan 94 18:48:49 PST To: Cypherpunks Mailing List Subject: Re: PGP posting validation In-Reply-To: <199401170147.SAA03374@ucsu.Colorado.EDU> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- On Sun, 16 Jan 1994, W. Kinney wrote: > My point of view is that if the possibility of being spoofed is high > enough, that should provide sufficient incentive to the the _poster_ to PGP > sign his messages. I'm looking at it as a way to keep these fake postings from flooding my mailbox. If real people want to post crap, than at least I have somebody to bitch to, but fake postings waste my time and the money of people with pay-feeds. *shrug* ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and \/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTn87p3BsrEqkf9NAQGGYwP/ZZMSmREnZtQUIAwWKKP30lZIYXzwUWW8 p9FnB+fhj95R+nYHprIT57WmKs2d9Bj9yGkQZXXJ4wdQHAr7+a9pgDP8+lhpFvtN LYRTSVi62cXU+LY7nuEoml9g5iUX3C6+glPoThXCiZRizpwKhJTcRaXLFBoxy6JO gt8prUp4uts= =Ny8P -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdwilson@gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Sun, 16 Jan 94 23:03:17 PST To: shipley@merde.dis.org (Peter shipley) Subject: Re: MEDUSA *LIVES* IN CYBERSPACE!! (fwd) In-Reply-To: <9401170621.AA21576@merde.dis.org> Message-ID: <9401170659.AA28294@gold.chem.hawaii.edu> MIME-Version: 1.0 Content-Type: text/plain Should you tell her? I don't know. This whole subject is a lose/lose issue. If you react to it you may be feeding the need for attention, and if you don't you might be tacitly allowing it to continue. It's a shame that the list is equated with the message. -Jim From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@rosebud.ee.uh.edu Date: Sun, 16 Jan 94 19:13:15 PST To: cypherpunks@toad.com Subject: Coming Soon From A Tentacle Near You... Message-ID: <9401170311.AA19568@toad.com> MIME-Version: 1.0 Content-Type: text/plain This message was posted here a while ago, describing all of the nasty things we have in store for us. Right now we seem to be enjoying Operations SQUISH and Octopus. What else do you suppose he has in mind? From: smtp%"an12070@anon.penet.fi" 3-JAN-1994 02:01:08.99 To: smtp%"cypherpunks@toad.com" CC: Subj: Current Operational Status We (operation Cyberanarchist Repression and Poison) thought you might like an update of our current status and future plans. We have been extremely busy! So much has happened lately! Remember when we said, > You have 24 hours before we >launch our next cyberspatial strike. That was a reference to Operation Tick-Tick-Tick. We were really delighted with the outcome of this attack, we made very significant gains in our campaign, and there were some stellar fireworks. The sequence of Usenet posts equating cyberanarchists with drug users and Sodomites found great response. The Cyberanarchist glossary was unchallenged! We nailed the szabo@netcom.com tentacle mercilessly, and he is afraid to show his sickly green face any more. The Pit Bull (His Royal Eminence) showed up to make a fatal mistake in exposing the Szabo tentacle, and we nailed him some too (his brilliant smear tactics give us more ideas ourselves!). As usual, Emminent Eric has been rather quiet. We did spoof him spectacularly with that Apology feint. `I never wanted a brainwashed follower.' `Democracy stinks.' `I am the anti Christ.' Ha, ha. Tantalizing Timmy showed up a bit `out there' to further whine, evade, and threaten, and tell us that he doesn't know anything about drugs! He says he has a gun, and isn't afraid to use it! Fantastic! `The rumors about high level conspiracies and drug use are false' he says. Ooops, have you talked to Ingenuous John? (hee, hee). You guys really have to work on getting your stories straight. It's pretty pathetic. As for the BS, we don't know who it is you saw at your last Cypherpunk party and their California IDs. Must have been some cardboard cutouts! Oh, what fun. This is all in addition to the shrapnel wounds on the public lists (we have no comment on the private ones!). We appreciate your feedback in all areas. What did you think of the delightful poetry? How about the Nazi Espionage story? That brought tears to our eyes when we thought how much your own Big Macs have surpassed the Fuhrer in their own present glories and future ambitions. Perhaps the people `out there' on Usenet will be similarly impressed ... ? === Nevertheless, the Big Macs don't seem to understand that we have long since lost interest in the tentacle exorcisms, although we like to continue to play to keep our practice. We have graduated to the Big Leagues and they are still scratching their crotches in the minors. Full fledged exposure! The Cypherpunk Credit union for money laundering! the black markeeting! the tax evasion! The lies in the media! The secret mailing lists! Thank you so much for finally coming clean (or at least opening a few windows to diminish the stench) in some key areas. Our next projects should help encourage you to continue this wonderful Glasnost, where before we had the KGB. Once again, we remind you that you can relent and surrender at any time. Some of the things we are interested in at the moment: 1. Further information on the media deceptions in Wired and NYT. These are very difficult to unravel. 2. A complete status report of the TX bank and CA credit union. Maybe some more info on the `real' Chaum link. 3. A complete comment by the Big Macs on their knowledge and involvement in pseudospoofing and all the `quasi-legal' activities. 4. A complete list of all the secret mailing lists. Your subscribers to this list would probably be interested in this too, why not post it publicly? After all, they don't know that all the *real* development is being done under the table. Kind of ironic, too, how long people were asking for a `list split', not knowing that it had already been done in secret. Ah, a pity, but that is your modus operandi. But, since in the true spirit of warfare we must be prepared for any eventuality, including the continued persistence and tenacity of the enemy. So you know, here are some of the operations we are planning over the coming weeks and months, listed in scale of seriousness and potency. Operation SQUISH - a very sophisticated and comprehensive simultaneous attack on many fronts that will involve a `grass roots' approach vs. the last `top down' attack in the newsgroups. Medusa keeps asking for our complete knowledge. This will lay it all out on the table for everyone to examine -- a complete list of tentacles, Small Fries, Big Macs, Poison Needles, Medusa Sisters, and Medusa. It will also be a bit disorienting for you in the spirit of our favorite tactics of `polymorphic paragraphs'. You really seem to get a buzz from that. If you think that the last Usenet strike was bad, wait 'til you see what happens with this one! Operation Octopus - this is the multiple pseudonym and agent project. We plan to have at least a dozen (hence the name) posting simultaneously to many different lists and the newsgroups. But the overhead on this is very significant, and it will take us awhile to gear up and build the infrastructure to the point we can `engage'. You have seen more of these agents lately `out there', but our coordinated attack will take some more planning. Hopefully, these operations will crack the nut. It is already wobbling, splintering, chipping, and shaking. But this is a tough nut to crack. The following operations are far more insidious and devastating. We have been hinting about them in various places. They are our `secret weapons' -- the will require some further developments, but will be immensely effective in destabilizing your technology and `movement'. Operation Duplicity - extremely top secret. Let's just say, you will be seeing double, and triple, and quadruple, and ... Operation Apocalypse - extremely top secret. Let's just say, Robert Morris and Richard Depew would be proud ... Of course, in the meantime your list will be subject to the same drizzle of froth that has you so excited lately. And we'll probably recycle some of our better artillery to strategic positions `out there' on Usenet some more. We wish to thank T.C.May personally for all the stellar ideas in Reputation Assault and Cyberspatial Sabotage. What's good for the criminal is good for the police, so to speak! Finally, just to let you know, we are going to take a momentary breather here and scale back all the current operations somewhat to reorganize and retrench before the next onslaught, so enjoy the respite. Happy New Year! p.s. you might want to see this below. This software and attack report was part of our last strike, Operation Tick-Tick-Tick. The software for the new operations is far more complex (you know how difficult it is e.g. to track multiple identities well), partly the reason for the delay. [Long shell script and its output deleted] Key ring: 'pubring.pgp' Type bits/keyID Date User ID pub 1024/9C0865 1993/10/12 W.Meredith W.MEREDITH Bill Meredith BILLM3 pub 1024/2DF719 1993/08/11 Raidar Do not send this key to key servers! pub 1024/77308D 1993/08/05 WhiteBeard 77308D pub 1024/7C06F1 1993/04/05 J. Michael Diehl, 3, pub 1024/EB2B0D 1993/07/28 Victor A. Borisov aka blaster pub 1024/C0EA49 1993/08/30 Anonymous Remailer pub 1022/ABFBB3 1992/12/02 remailer03 <> pub 1024/69464F 1993/09/11 Sameer's Remailer pub 1024/9E3311 1993/09/02 Sameer's Remailer pub 1024/567449 1993/09/01 Sameer's Remailer pub 512/606225 1993/08/11 Zaphraud (Zaphraud@usa.805.445.9630) pub 1024/569A09 1993/07/31 Mike Ingle 12 key(s) examined. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Peter shipley Date: Sun, 16 Jan 94 21:23:17 PST To: Cypherpunks Mailing List Subject: Re: MEDUSA *LIVES* IN CYBERSPACE!! (fwd) Message-ID: <9401170519.AA21075@merde.dis.org> MIME-Version: 1.0 Content-Type: text/x-pgp -----BEGIN PGP SIGNED MESSAGE----- I just got this emailed to me at the technical and administrative contact for the dis.org (where a remailer is mainiained). Since cypherpunks is given credit for the contence I figgured I would forward the complaint... -Pete Shipley - ------- Forwarded Message Return-Path: lwright@cac.washington.edu Return-Path: Received: from remarque.berkeley.edu by merde.dis.org (4.1/SMI-4.2) id AA19742; Sun, 16 Jan 94 13:49:07 PST Received: from ucbvax.Berkeley.EDU by remarque.berkeley.edu (8.6.4/1.31) id NAA02945; Sun, 16 Jan 1994 13:49:02 -0800 Received: from shiva2.cac.washington.edu by ucbvax.Berkeley.EDU (5.63/1.43) id AA27381; Sun, 16 Jan 94 13:47:01 -0800 Received: by shiva2.cac.washington.edu (5.65/UW-NDC Revision: 2.29 ) id AA22478; Sun, 16 Jan 94 13:48:54 -0800 Date: Sun, 16 Jan 1994 13:48:54 -0800 (PST) From: Linda Wright Subject: MEDUSA *LIVES* IN CYBERSPACE!! (fwd) To: shipley@ucbvax.Berkeley.EDU Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII You are listed at the technical and administrative contact for the dis.org domain. I would appreciate it if you would let "remailer" know that this announcement was completely unappreciated by the 730 members of the CLASSICS list and that we do not want this to happen again. Thank you. - - -Linda Wright University of Washington CLASSICS Listowner - - ---------- Forwarded message ---------- Date: Sat, 15 Jan 1994 21:14:40 PST From: remailer bogus account To: Multiple recipients of list CLASSICS Subject: MEDUSA *LIVES* IN CYBERSPACE!! INTRODUCING === ##### #### ## ## #### ##### ## ## ### ## ## ## ## ## ### ## ## #### ## ## ## ## ## #### ###### ### ## ## ## ## ## ### ## ## ##### ###\\ #### #### ##### ## ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the SECRETLY QUIZZICAL UNIFIED INTERNET SNAKE HUNT! * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * ENDLESS ENTERTAINMENT * CONTENTS ======== - - - INTRODUCTION - - - UPDATES - - - DEADLINE - - - THE CASH PRIZE - - - MORE ABOUT `SQUISH' & `FACE' - - - QUESTIONS === The recent WHITE HOT interest by multiple groups and individuals in the CYBERANARCHIST TENTACLE INFILTRATIONS into the Internet have inspired an EXCITING NEW CONTEST and COMPETITION! we, the Federation of Associations of Cyberspace Everywhere (FACE), announce the SUPREMELY QUACKY UNIFIED INTERNET SNAKE HUNT! (SQUISH) * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * FAMOUS PARTICIPANTS * UPDATES === updates on the SQUISH contest will be posted regularly. Send in notice of the more spectacular point accumulations with proof for verifications immediately and the Halls of Fame and Shame. Unverified points are not valid toward the cash prize. DEADLINE === TIME IS RUNNING OUT! AVOID INQUIRING FURTHER OR WAITING FOR FURTHER INSTRUCTIONS. START IMMEDIATELY! MONTHS OF PARTICIPATION ARE REQUIRED TO ACCUMULATE COMPETITIVE STANDING. SOME PARTICIPANTS ALREADY HAVE A HEAD START. THE CASH PRIZE WILL BE AWARDED APRIL 1, 1994. FURTHER INCREMENTS WILL BE AWARDED AT YEARLY INTERVALS THEREAFTER. MORE ABOUT `SQUISH' AND `FACE' === The Federation of Associations of Cyberspace, Everywhere was founded in 1994 as a group that coordinates the activities among the many different online organizations. We have played a very low-profile role to date, and wanted to find some way of promoting our newfound alliance. We have groups combined from BBSes, local area networks, the Internet, and other global and local networks around the world (see below). We have built up some membership funds from the contributing organizations and private contributions to provide the prize money for SQUISH, and some private individuals have donated significant amounts. The contest was inspired by S.Boxx, who was the architect of point classifications and the current opponent lists. S.Boxx has also promised to provide any funds necessary for the successful completion of the contest. We hope that recent interest into snakes and tentacles by many on the Internet will make the contest spirited entertainment and a strong success. We encourage reporters and the media to use this announcement as our official press release. Feel free to redistribute or comment on this announcement in any forum. QUESTIONS === Address further questions to cypherpunks@toad.com, gnu@toad.com, tcmay@netcom.com, or hughes@ah.com. Some additional information is available in RISKS 15.25, 15.27, 15.28x: ftp CRVAX.SRI.COM, login anonymous, directory RISKS: (include the colon), file RISKS-i.j === ///// //// // // //// ///// // // /// // // // // // /// // // //// // // // // // //// ////// /// // // // // // /// // // ///// ///\\ //// //// ///// // // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the STELLARLY QUOTABLE INTERNET SNAKE HUNT! === Brought to you as a coordinated effort between the individuals * S.BOXX * MEDUSA * INFOCALYPSE * THE EXECUTIONER * PABLO ESCOBAR * DEADBEAT and the Federation of Associations of Cyberspace Everywhere (FACE) * ILF (INFORMATION LIBERATION FRONT) * BLACKNET (INTERNET ESPIONAGE COORDINATION HEADQUARTERS) * BLOODNET (CYBERSPATIAL BLACK MARKETEERING AND LIQUIDATION SQUAD) * CRAM (CYBERSPATIAL REALITY ADVANCEMENT MOVEMENT) * CRaP (CYBERANARCHIST REPRESSION AND POISON) * CY{B,PH}ER{PU,WO}NKS === * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * CRIMINAL CONVICTIONS * * GRISLY DEATH TORTURE * JUDGEMENT DAY * APOCALYPSE NOW * - ------- End of Forwarded Message -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLTof3XynuL1gkffFAQE21wH+JYX/bsJvaIpTApsOjNqaeQFBAdkeCpOZ kXYx4yabmOPSDaUoUBTXV3t45GYGFfadILaT/IX8SMjOcJbqW+RXwA== =AhwP -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ae446@freenet.carleton.ca (Nigel Allen) Date: Sun, 16 Jan 94 18:26:03 PST To: cypherpunks@toad.com Subject: Questionnaire: Encyclopedia of Associations Message-ID: <199401170224.VAA25566@freenet.carleton.ca> MIME-Version: 1.0 Content-Type: text/plain [If this is of interest to you, please return the questionnaire to the address in Detroit, not to me. Thanks.] If you would like your association to be listed free of charge in the Encyclopedia of Associations, the standard reference guide to associations, societies, and other nonprofit organizations, please fill out the following form and return it to: Encyclopedia of Associations Gale Research Inc. 835 Penobscot Building Detroit, Michigan 48226-4094 telephone (313) 961-2242 fax (313) 961-6815 no e-mail address If you do not have time to fill out the questionnaire, then just send in some descriptive material about the organization, together with its name, address, phone number and the name and title of an executive officer that people can contact. The symbol [ ] represents a box that you can check or type an x in. Name of organization: ____ Address: ____ Telephone number: ____ Name and title of executive officer (president, chairperson, executive director, etc.): ___ Fax number: __________ Toll-free number: _________ Telex number:________ [ ] Multinational [ ] Binational [ ] National [ ] Regional [ ] State [ ] Local Former Name (and year of name change): ____ Predecessor group (if formed by merger): ____ ORGANIZATIONAL STRUCTURE Year founded ____ [ ] Nonmembership [ ] Membership. Number of members_______ Describe Membership _ Number of staff_______ Budget ____ Number of: Regional groups _____ State groups ____ Local groups _____ ORGANIZATION'S OBJECTIVES AND ACTIVITIES Describe the objectives of your organization; also explain how your organization works towards these objectives. (Please attach printed material if helpful.) SPECIAL SERVICES (check box and describe services) [ ] Competitions [ ]Awards [ ] Biographical Archives [ ] Hall of Fame [ ] Placement Service [ ] Speaker's Bureau [ ] Children's Services [ ] Charitable Programs [ ] Museum [ ] Statistics [ ] Library [ ] Research Programs [ ] Educational Programs [ ] Political Action Committee Describe (e.g. holdings, types of services) ___ Computerized Services (e.g., data bases, online and mailing list services) __ Telecommunications Services (e.g., electronic bulletin boards, telephone referral services) __ Subunits (e.g. committees, divisions, departments, councils) PUBLICATIONS (please attach information on additional publications.) Title____ Type of Publication ____ Frequency of Issue ____ Features of Publication: ____ Price: ___ ISSN: ____ Circulation: ____ Advertising: [ ] accepted [ ] not accepted Alternate formats: [ online [ ] microform CONVENTIONS/MEETINGS Type (e.g., conference, congress) ___ Frequency (e.g. annual, semiannual) ____ None held [ ] Dates and Locations: please be specific; use additional sheet if necessary. 1993: Month/Dates: ____ City/State/Country: ____ 1994: Month/Dates: ____ City/State/Country: ____ 1995: Month/Dates: ____ City/State/Country: ____ 1996: Month/Dates: ____ City/State/Country: ____ Commercial exhibits? [ ] Yes [ ] No A Letter from the Editors: We are currently compiling information for the new edition of the Encyclopedia of Associations: National Organizations of the U.S., which describes more than 20,000 national, nonprofit groups. The Encyclopedia of Associations is published by Gale Research Inc. (founded 1954). Complemented by companion volumes International Organizations and Regional, State and Local Organizations, the Encyclopedia is updated and revised annually. The Encyclopedia of Associations, now in its 24th edition, is considered a standard reference source and is found in libraries throughout the country. It is used by researchers and market analysts, as well as individuals looking for groups in a specific field. Critics have hailed EA as a classic research tool. We wish to include your organization in this directory and ask that you complete the questionnaire on the other side. Please return it within 15 days (or as soon as possible). We would also be grateful for any additional information you could provide, such as lists of parent and sister organizations with addresses, if possible. There is no charge or obligation for this or any subsequent listing in the Encyclopedia of Associations. -- Nigel Allen ae446@freenet.carleton.ca From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Sun, 16 Jan 94 21:33:16 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > > Robert A. Hayden [hayden@krypton.mankato.msus.edu] wrote: > > Just to verify, I followed up to a previous posting, it wasn't mine > originally :-) Yep.. sorry about the confusion.. I wiped the first msg.. and only had your reply to go on. Now on to the topic at hand. > Please don't take this as confrontational (ie, this is not a flame :-) I always associated flames with rash, unfounded accusations.. It's ok to confront.. |-] > How would requiring that postings made to a list be verifyable be > censorship? What it does is verify that REAL people posted the message > and that the person who's address is on the message is actually the person > that posted it. No, verifying identities [even pseudonyms] is fine.. if you trust THE LIST.. which is also fine.. but it does leave a gap. [note: this filter approach is similar to the Clipper chip in that it provides a [possibly] false sense of security -- if people want to filter what they see, trust in themselves and don't filter what other people see] This also eliminates anonymous postings. Well.. unless the filters are willing to let all messages that are from people NOT registered with THE LIST thru.. > Now, granted, I suppose it could end up dumping some postings because > they were forged, and that is sort of censoring. But it isn't censoring > based on content, but based on the fact that it appears to be a forgery. If THE LIST wants to tack on a little note at the top of every msg saying "VERIFIED AUTHOR WITH LIST DATABASE" then fine.. but don't FILTER it. > And by bouncing a message back to the person that posted it, you give > them an opportunity to repost (this time signed) in case they forgot. a warning from THE LIST, no less. > Also, as for the filter idea. If some jerk is posting a message as > appearing to come from schmuck@foo.bar.com, yes, I could add that address > to my filter and delete it before i see it, but if the jerk starts > posting as coming from idjit@bar.foo.com, I'd have to add another filter > line. If THE LIST can filter msgs by PGP sigs, then so can you. It will be no more work for you. > By doing a check of the digital signature against the posters public key, > you eliminate most instances of forgery. Of course, if the poster's key > is compromised, that's a different story. By trusting validation to just HAPPEN to your incoming mail on some remote location is ludicrous. In conclusion. . . All too often people want to patch a problem and have it go away.. for everyone. Why don't we make the solution available to everybody, not make the solution for everybody. Nice chatting, Robert. I'm sure I'll be seeing more. TTFN. > ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Sun, 16 Jan 94 21:43:17 PST To: cypherpunks@toad.com Subject: Re: TC May, Taxes and Colored People In-Reply-To: <199401162141.AA13609@xtropia> Message-ID: <199401170540.VAA27950@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Look, I was not going to waste my time or your time by responding to Graham Toal's announcement that I am a racist and that he was thus leaving the list. But I've seen several messages dealing with this, speculating that perhaps Detweiler spoofed my account, blah blah blah. So let me make some points: 1. I wrote that message in netcom.general, a group local to Netcom, for the discussion of Netcom issues (Netcom is an Internet service provider based in San Jose, California. How Graham Toal, presumably in the U.K., got it is unknown to me.) 2. I stand by what I said, but the comments Graham cited were taken out of contect of the discussion thread in Netcom. Basically, some folks on Netcom were arguing that speech that is "hurtful" to women and other "people of color" and other aggrieved minorities should be blocked by Netcom management, and that perhaps the First Amendment needs to be reinterpreted to limit such expression. Many of us disagreed strongly with this PC (and paternalistic) ideas, and we especially disagree with the laws Catherine MacKinnon is trying to get accepted. (Look to the Homulka case in Canada for one example, to the bans on porn in Canada for another....in a delicious irony, the Dworkin-MacKinnon porn bans, aimed at stopping the "exploitation" of women, are not being used to proscute feminist and Lesbian sex material outlets...sauce for the gander, to mix some metaphors.) Here is my comment on "people of color," quoted first by G. Toal, then by others, and here by "Rodney King": > gt: >And I appreciate that Netcom has never once warned my for what many of > gt: >my critics have called seditious postings. It is true that I look > gt: >forward to seeing the collapse of the U.S. governement and the end to > gt: >the taxation that steals from me to give to so-called "people of > gt: >color." The use of quotes in "people of color" should tell anyone who bothers to think instead of react that I was commenting on the handing out of money to any and all groups that call themselves victims of some vague past injustices. "People of color" thus implies criticism of the name itself. I make no apologies for disliking the term "people of color"--it harkens back to my childhood when blacks were called colored people. (I often provoke liberal airheads by pretending I can't tell the difference between "people of color" and "colored people"...I started doing this around 1986, when I moved to Santa Cruz, and then saw that Gary Trudeau made the same point in a "Doonsbury" cartoon.) (Perhaps proving Graham's point in a strange way, the term "people of color" was the basis of a running series of jokes at yesterday's grossly overcrowded Cypherpunks meeting yesterday (50 in attendance at various times, including Bruce Schneier, Matt Blaze, "J.I.," Perry Metzger, and others in town for Usenix. Matt described his "Black Pages" key service idea, being implemented at AT&T, and the joke arose that AT&T's affirmative action department has already nixed the name "Black Pages" (really) and that henceforth the service will be called "Pages of Color." Had Graham head this one, would he have denounced us as Nazis? As people ready for political reeducation camps? I wonder.) 3. I also make no apologies for my radical libertarian views. I generally avoid arguing political issues here on Cypherpunks, as the issues have been debated many times. For example, I stayed out of the debate last week with Hal Finney over his criticisms. I think he's wrong, but I made my points some time back, well over a year ago, in fact. In other forums, where the debate is explicitly political (as with the "should Netcom allow Neo-Nazis?" debate), I will make my points. Even if they offend the coloreds. (Cf. the earlier point if this joke appears to be "racist" to you.) 4. Personally, I don't care much about skin color, or other epiphenomenal aspects of a person's behavior. But I reject affirmative action, hiring quotas, restrictions on firing employees, etc. And I reject the notion that speech can be limited because it "hurts the feelings" of another, or because someone considers comments to be "harassment" or "virtual rape." (And with the crypto technologies already available, and coming, it all becomes moot anyway. Positive reputations and filter agents will be the way people cope with "hurtful" speech.) 5. As to why Graham Toal quit the list, who knows? To take a brief comment about "people of color" and how I believe strong crypto--the stuff I've long advertised in my sig block--will nuke the current welfare state and from this conclude that the _rest of you_ hold this view as well is.....absurd! Methinks Graham was looking for an excuse to quit the list and my comments gave him the chance to self-righteously declare himself to be disgusted with what he has concluded the list must stand for. Good riddance, I say. Anybody seriously interested in the issues of this list, whether they are libertarian or socialist, anarchist or monarchist, heterosexual or homosexual, white or red or black or whatever, is not going to storm off the list in a huff because of comments taken out of context from a discussion on censorship in a group devoted to a commercial service located 6,000 miles away! 6. "Rodney King" goes on to say: > acquaintances also pay taxes. However, given all of the questionable > governmental expenditures (clipper, et. al) that are usually talked > about, singling out "so-called 'people of color'" seems a bit > peculiar; especially as part of a recruitment drive for a cryptography > list. Surely, there are more interesting reasons to join the list. Like I said, my comments are being taken out of context. This was not a "recruitment drive," nor did I say the main reason to support strong crypto has anything to do with attacking "people of color." For me, achieving libertarian goals (including an end to taxation, to government handouts, truly a colorblind legal system, etc.) is the main reason to support strong crypto. Graham Toal claims my goals are not his, i.e., personal liberty. Well, this is an old debate. Is economic liberty part of personal liberty? Is the freedom to associate, to pick one's friends, customers, employees, suppliers, etc., as one chooses part of personal liberty? I say "Yes." (I'm _not_ saying racial discrimination is a desirable thing, or that it makes good business sense. But what is desirable or what is business-smart is not the issue here. This is Libertarianism 101, so I'll stop this tangent here.) > (a wait that ran around 300 years or more - Patience Tim). Colored > people have thought about the U.S. government quite a bit over the > years. > > Well...we'll see if strong cryptography is indeed Tim's "underground > railroad" to the "promised land" of anarcho-capitalism. > > Whether my friend "Rodney" here is really black or not is unknown--and unimportant. I, too, am hoping that blacks will wake up to the disastrous effects government handout programs have had on them. It's created a new kind of serfdom, a new "Massa" who lives in the Really Big White House (the one in D.C.) instead of just the Massa who lived in the white house on the plantation. Fortunately, some black leaders have woken up to this (Thomas Sowell, Walter Williams, Les Brown, several others), and even Jesse Jackson is now talking about the problems of dependency on AFDC and welfare. A hopeful sign. When I see discussions in the Netcom groups--and elsewhere--about how government needs to set limits on free speech so as to protect minorities and "persons of color," I see this as an attack on everything that this country once stood for. And I will speak out. If Graham Toal and others need to hunt down politically incorrect phrasings, and even ignore the quote marks around these phrasings, then it is best that they storm off this list, because at least some of us are not going to shy away from commenting on these important issues. I hope not to have to say anymore on this subject, so that I can get on with other things. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Sun, 16 Jan 94 22:13:17 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation In-Reply-To: <9401170109.AA26968@gold.chem.hawaii.edu> Message-ID: MIME-Version: 1.0 Content-Type: text/plain --I said-- > > Hmm.. this would allow us to prove that THE LIST thinks he's > > who he says he is.. or who THE LIST tells us he is.. Now, I am not > > paranoid against THE LIST, but I suggest that THE PEOPLE should > > not filter THEIR thoughts. What of censorship [on an aside, is there > > a censor apprenticeship? Why the 'ship?']!? If you must censor.. --Jim says-- > As to why you might want to check against a list, consider it private and > a priviledge to participate in. Sounds along the lines of "It's a privilage, not a right" [granted, this is a privately run list.. but that's not what we're about.. at least that's what I've been led to believe] > Bottom line, don't you want to know that the person you think you are respondingto today is the same person you were communicating last week etc? Don't you > want to keep someone from pretending to be you and sending out opinions etc. > which might damage your reputation or misrepresent you? I want to know that the people I'm talking to are the people I think they are.. and that is why I do my own authentication, when I can. If I trust the machine to do it for me, then I've just shot two large holes in my objective. [THE LIST database could me tampered with; The PGP sigs could be forged from the start] > This is NOT censorship > i.e. it does NOT stop you from expressing your views, it only ensures that a > message which appears to be from you really IS from you. It IS censorship if people's posts are trashed because they are either anonymous or a forger.. even forged posts are sometimes important.. See my other posts regarding LIST authentication, not filtering. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Thomlinson Date: Sun, 16 Jan 94 23:28:49 PST To: cypherpunks@toad.com Subject: Re: MEDUSA *LIVES* IN CYBERSPACE!! (fwd) Message-ID: MIME-Version: 1.0 Content-Type: text/plain since she's in my domain (.washington.edu) I sent her a note explaining the detweiler affair and asking her to please respond to the postmaster, etc. I'll try and take care of this. matt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom@u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom@hardy.u.washington.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nikolaos Daniel Willmore Date: Sun, 16 Jan 94 21:04:11 PST To: cypherpunks@toad.com Subject: Re: a modest proposal Message-ID: <199401170504.AA08741@konichiwa.cc.columbia.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Greg Broiles offered, "I suggest that remailer operators might find it useful to redirect remailing requests originating from Detweiler directly to postmaster@lance.colostate.edu." Here are results of a somewhat unfair but curiosity driven experiment. I have got to admit I agree with the postmaster, but I figured it was worth a try. They are reproduced without permission. - From steved@longs.lance.colostate.edu Sat Jan 15 00:31:44 1994 To: Nikolaos Daniel Willmore Subject: Re: Detweiler fan mail. Reply-To: postmaster@longs.lance.colostate.edu Date: Fri, 14 Jan 94 22:31:40 -0700 Sender: steved@longs.lance.colostate.edu >Hi, coming from your site are the worst abuses in rants and rave I have ever >seen on Usenet. Like it or not, this is a free country where the right to free speech is highly valued and protected. I will neither endorse nor censor anything posted to a public forum by any user from this site. Unless some law is being broken or some other user's individual rights are being violated, I don't want to hear about it. >I will help you keep informed by mailing to you each and >every one of these to you until you tell me to stop. You may stop now. >Lance Detweiler is >talking to himself over and over again all day long. I believe the best way to deal with net.pests is to ignore them. When they realize they are talking only to themselves, they will go away. BTW, his name is not Lance. ==================================== Engineering Network Services Steve Dempsey Colorado State University postmaster@longs.lance.colostate.edu Fort Collins, CO 80523 ==================================== +1 303 491 0630 - -Nik -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLTnVomQa8GyiAZrpAQHQWQQAqljWmUyMkgShJWvnBHAo4Y/dbvTIBzds O/PG70FxEMTTYMvz+m0zDXh5ipJzCiFQPEkGaw8+nLkBWgRDYaJ02FNojm9el5X0 /JtjjEvgutKpukV7w/aP8+QDQHLNCKoE8KEV9OrMvglAWwHm+muJYoF1nhUi1RTx Wi0oB155A80= =avk4 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Sun, 16 Jan 94 21:08:16 PST To: cypherpunks@toad.com Subject: Re: PGP's e exponent too small? Not! :) In-Reply-To: <199401170317.TAA24162@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain hfinney@shell.portal.com wrote: -> All of Matthew's reasoning about putting bounds on d*e (he often -> writes of bounding p*q, but I'm pretty sure he means d*e) is based -> on this false assumption that d*e is a factor of (p-1)(q-1)+1. -> Actually, the true relation is that (p-1)(q-1) is a factor of d*e-1. Yeah, I guess I should have proofread that better. You are correct. I was stating that it was possible to narrow your search significantly if d*e=(p-1)(q-1)+1. In retrospect, it was probably a mostly irrelevant tangent. -> The correct equation is -> -> d*e = 1 mod (p-1)(q-1) You mean 1 = d*e mod (p-1)(q-1) Right? -> or, in other words: -> -> d*e = k(p-1)(q-1) + 1 Yup. -> The concern about low values of e in the Schneier book relates to the -> issue of RSA-encrypting the same value with the same low e value -> and different RSA moduli. This might be done if you were using -> "pure" RSA (which PGP and PEM do not) and encrypting the same -> message for multiple recipients. Kaliski is right that adding random -> padding to what is encrypted will eliminate this attack. PGP and -> PEM do add such random padding, following RSA's Public Key -> Crypto System standard. Oh. Okay. That was not made clear in the original post. Yes, I can see how that could be a problem... and random padding would solve it. I don't think that would actually reveal the secret key, but the message could be decrypted... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: greg@ideath.goldenbear.com (Greg Broiles) Date: Mon, 17 Jan 94 10:16:07 PST To: cypherpunks@toad.com Subject: Re: a modest proposal Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Nikolaos Daniel Willmore writes: > Greg Broiles offered, > "I suggest that remailer operators might find it useful to redirect > remailing requests originating from Detweiler directly to > postmaster@lance.colostate.edu." > > Here are results of a somewhat unfair but curiosity driven experiment. I > have got to admit I agree with the postmaster, but I figured it was worth > a try. They are reproduced without permission. > > [Postmaster sez he doesn't care what Detweiler writes] I was thinking that the postmaster would be annoyed by the volume, not shocked by the content, of Detweiler's posts. I understood Detweiler's recent posting about remailer weaknesses as a threat to exploit those weaknesses - potentially creating hassle and expense for the people whose accounts are used as remailers, and perhaps even the other people with accounts on the machines which run the remailers. He's no longer talking about (assuming he ever was) using the remailers to make an unwelcome or politically unpopular comments - he's now talking about using the remailer system to hurt the people who run it and the people they share machines with. I take issue not with the content of his messages, but their purpose and volume. I don't know how many messages it takes to swamp a remailer. I predict that it's more than 10 times the number of messages, redirected to Detweiler's postmaster, than it'd take to get his mail access yanked. His postmaster can take one of two positions: 1. Detweiler's conduct is unacceptable and beyond even the most basic requirements of decent net citizenship; and the postmaster will be in an excellent position to address this concern locally. 2. Detweiler's conduct is within the boundaries of acceptable behavior; in which case, objections to it showing up in his mailbox and on his machine (as well as everyone else's) seem hardly appropriate. If you've ever seen _Brazil_, picture the two maintenance guys with their pressure-suits filling up with sewage, after Robert DeNiro (?) replaced their air-supply tubing with sewage tubing. I figure that piping some of lance.colostate.edu's sewage back onsite seems only fair. - -- Greg Broiles "Sometimes you're the windshield, greg@goldenbear.com sometimes you're the bug." -- Mark Knopfler -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLTpRYX3YhjZY3fMNAQGkAwP/fIrU+ZTCs2zKS1G9jMkjGWqGa31nbu3E qsPyDkWzaTcJoR6OzYw8vXghI6zAOavSF8ei3qxRmL4j7IIiTd0nRX0f7t0fSYoU WfXyZqaByv3fdCqRu2Biylye/uQxf25F1DIszrD1uU7hN4+MNo/26OHgcgg7M0CI 0oHEBkjEl8Q= =E9uE -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Duncan Frissell Date: Sun, 16 Jan 94 22:23:17 PST To: CYPHERPUNKS@toad.com Subject: Crypto and Taxes Message-ID: <199401170622.AA08724@panix.com> MIME-Version: 1.0 Content-Type: text/plain H>I agree with the last point about legality helping, but I don't H>understand why most transactions will become legal in the future. I H>thought we were talking about ways to evade laws via cryptography. Legality is a matter of time and place. The nets let us pick our time and place. A non-economic example: It is a crime for someone in Germany to produce, possess, or transfer "Nazi Material." It is legal for someone in the US to produce, possess, or transfer "Nazi Material" (substitute other jurisdictions and other "material" to taste). If I am in Germany and I download "Nazi Material" from the US, no crime has occurred in the US. A crime may have occurred in Germany but discovery and proof will be very difficult. Encryption will help here. Info contraband (which also include things like "unregistered securities" or "American Movies in France") can be produced and accumulated where legal and acquired anywhere else. Production and distribution remain legal. In some cases the possession may be illegal but in others (unregistered securities) it won't. H>My assumption is that governments would actually crack down when faced H>with lost revenue, similar to what was described as happening in Italy: If 90% of GWP is on the nets, cracking down will be difficult because there is nothing to seize. What is happening of economic value on a private, encrypted net? Who knows or can know? Enterprise networks (properly designed) will only respond to their owners. No one else can have a say. Governments will be reduced to taxing the remaining physical parts of the economy. Meanwhile, people will be learning what it's like to live in a free society for part of the time (on the nets). They will not put up with restrictions in their physical life. They will have assets and attitudes that they can apply to freeing the rest of their lives. When people turn away from obedience, governments disappear (see the DDR) or at least weaken. God fights on the side with the heaviest artillery. Unless you can suggest some sort of artillery that governments could use over fiber optic cable, they will be disarmed in that environment. In the early 80's when Continental Illinois Bank was going bankrupt, these fun telexes used to arrive every day from Tokyo. "CANCEL OUR OVERNIGHT DEPOSIT OF $10,000,000.00 EFFECTIVE TODAY". Suppose that the Feds had sought to seize this money (as governments have in the past). How do you seize an overnight deposit? It is gone when cancelled. Simple bookkeeping entry in Tokyo. Similar problems everywhere in cyberspace. H>Is this the key, people working for virtual businesses? No one knows H>the true name of anybody else, so no one is afraid of being caught? I H>am still skeptical. A whole nation of people tele-commutes to work for H>companies whose name they don't know, with co-workers protected by H>aliases, all so they can be paid in cash for their services. I find H>this notion implausible in the extreme. Joe and Jane Sixpack aren't H>going to want to work for a boss who wears a mask. They can know each other. They can be paid in digital drafts (checks) drawn on the First Internet Bank. Cash not needed. Their *nationality* need not be known and will be irrelevent. Taxation is geographically based. H>Duncan> What if the MUD/MOO exists as a set of cooperative processes H>Duncan> spread around the globe. H>This may be uncertain now, but I don't see why it would always remain H>that way. There is nothing to stop governments from declaring, say, H>that residents in their boundaries are subject to their taxation, or H>that their citizens are subject to their taxes regardless of where they H>do business. Try to enforce this requirement. In any case, foreigners will not be covered which will give them a real competitive advantage if residents of the high tax nations don't "cheat." In practice even in our current physical world, small businesses only report 48% of their revenue, the self employed have the lowest rates of individual tax compliance, and 61% of expat Americans do not file US tax returns. When almost everyone is self-employed or a small business and when regulators can be excluded from transactions by the simple application of crypto technology, compliance will suffer. H>More interesting from the crypto perspective would be the case where H>the business in the MUD refuses to disclose its true nationality or H>location. There again, though, I think running an anonymous corporation H>will pose many practical problems. It can admit that its location is Grand Cayman. After a short period of social development time, it will be able to admit that its location is on a street in a MUD commercial center. Virtual communities can be as real as a skyscraper (an artificial environment.) H>To sum up, I am willing to accept that people will be eager to avoid H>paying taxes, but I still doubt that cryptography will bring down the H>United States government. Particularly when we consider the lack of H>sophistication (both financial and technical) of the vast middle class H>who provide the bulk of tax receipts, I think that virtual H>corporations and offshore tax havens are not likely to become widespread H>enough to seriously endanger the government. Once we get a better interface... People will be drawn to the nets for the games and the thrills (no censorship). They will start by buying legal and forbidden items there. Some entrepreneurs will locate there. Any government restrictions on info will be market opportunities. Porno almost everywhere, the Asian WSJ in Singapore, non-government TV in India, US movies in France, etc. The last vestiges of control over money and investments will die. These sorts of restrictions create market opportunities that traders can arbitrage. The nets almost eliminate transaction costs. Government regs on banks, stock markets, telecoms companies, etc. will end. Once restrictions on types of info or types of money are smashed, the now flush markets on the nets will start to arbitrage the tax structures of nations. If a transaction costs more because it occurs in a particular jurisdiction and is taxed, people will be able to make money by transferring the transaction (or part of it) to a non-taxed area (the nets). Why hasn't this been done as much before? Transaction/transportation costs. Duncan Frissell "Good will and artillery will get you more than good will alone, anytime." -- Artillery officer's saying --- WinQwk 2.0b#1165 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Colin Chandler Date: Mon, 17 Jan 94 02:48:21 PST To: David Clunie Subject: Re: Mac PGP In-Reply-To: <9401170917.AA01938@britt.ksapax> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > I am looking for a compiled version of PGP for the Mac ... would > someone be able to point me to an ftp or mailserver site ? here we are: Host ftp.wustl.edu (128.252.135.4) Last updated 11:25 22 Dec 1993 Location: /systems/mac/info-mac/Old/app FILE -r--r--r-- 211074 bytes 00:00 4 Feb 1993 mac-pgp-20.hqx From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "W. Kinney" Date: Mon, 17 Jan 94 06:38:59 PST To: sullidf@okra.millsaps.edu (Lt. Donald F. Sullivan Campus Safety Department) Subject: Explanation of "Snake Hunt" In-Reply-To: <00978A90.F8A51080.14590@okra.millsaps.edu> Message-ID: <199401171438.HAA08150@ucsu.Colorado.EDU> MIME-Version: 1.0 Content-Type: text/plain Don -- > Will please get back to me as soon as possible on this thing. Your not the > only person that had told me the same thing as far as not knowing anything > about "Snake Hunt". Below I will send you a copy of the Add and a letter > from a guy on The Safety net where the Add first showed up. > > Also while I'am thinking about it I also got a mail message from some BUTT > brain called Medusa. He or She sent me a real ungly E-Mail. If you know this > person tell them not to do it again...It seems like it all started when I > asked about this Snake Hunt thing. I don't know whats going on but I don't > like it at all... This is a little weird, ok? "Cypherpunks" is a cryptography mailing list. One of the people from the list has been slowly going insane, becoming convinced that everyone on the list from California are actually _one_ person posting through multiple identities in order to (a) take over the world, (b) destroy the internet, and/or (c) drive him insane. He refers to this supposed entity as "Medusa", and all his/her supposed fake identities as "snakes" or "tentacles", and has been waging a campaing of strange internet tricks to try to discredit all the supposed fake "tentacles of Medusa". The BUTT brain's (couldn't have put it better) name is L. Detweiler, and his email address is ld231782@longs.lance.colostate.edu. Complaints to his postmaster have met, appropriately, if unfortunately, with references to the first amendment. But please get the word our to everybody in your corner of the net that this guy is a nut. And flame his ass but good. Have a swell day. -- Will From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Roger (Brad) Jones Jr Date: Mon, 17 Jan 94 08:46:07 PST To: cypherpunks@toad.com Subject: More SQUISH Stuff (Long, includes list of tentacles) Message-ID: <9401171643.AA02574@orion.us.oracle.com> MIME-Version: 1.0 Content-Type: text/plain I got this on the ars-magica mailing list, as can be seen from the headers below. This is a very long post, including a list of all the tentacles and "horrible" things that the cypherpunks do. I'm keeping it as a reference so I can be sure who is a tentacle and who isn't. Enjoy! ------- Forwarded Message Return-Path: ars-magica-request@soda.berkeley.edu Received: from gatekeeper.us.oracle.com by hqsun4.us.oracle.com (Oracle 1.12/37.7) id AA00908; Sat, 15 Jan 94 22:00:30 PST Received: from soda.berkeley.edu by gatekeeper.us.oracle.com with ESMTP (8.6.4/37.7) id WAA27500; Sat, 15 Jan 1994 22:00:28 -0800 Received: from localhost (daemon@localhost) by soda.berkeley.edu (8.6.4/PHILMAIL-1.10) id VAA10506 for ars-magica-list; Sat, 15 Jan 1994 21:28:57 -0800 Received: from plague.Berkeley.EDU (plague-ether.Berkeley.EDU [128.32.184.252]) by soda.berkeley.edu (8.6.4/PHILMAIL-1.10) with SMTP id VAA10466 for ; Sat, 15 Jan 1994 21:28:29 -0800 From: remail@tamsun.tamu.edu Received: from TAMSUN.TAMU.EDU by plague.Berkeley.EDU (5.65c/CHAOS) id AA07037; Sat, 15 Jan 1994 21:13:32 -0800 Received: by tamsun.tamu.edu id AA06507 (5.65b/IDA-1.4.3 for ars-magica@ocf.berkeley.edu); Sat, 15 Jan 94 23:13:26 -0600 Date: Sat, 15 Jan 94 23:13:26 -0600 Message-Id: <9401160513.AA06507@tamsun.tamu.edu> To: ars-magica@ocf.Berkeley.EDU Subject: *COOL* NEW INTERNET ROLEPLAYING GAME!! Remailed-By: Anonymous Comments: This message DID NOT originate from the address listed in the From line. It was remailed by an automated remailing service operating at that address. Please report problems by mailing to with the subject header of PROBLEM. NOTICE: PLEASE IMMEDIATELY REDISTRIBUTE THIS ANNOUNCEMENT TO ALL CYBERSPATIAL OUTLETS. === ##### #### ## ## #### ##### ## ## ### ## ## ## ## ## ### ## ## #### ## ## ## ## ## #### ###### ### ## ## ## ## ## ### ## ## ##### ###\\ #### #### ##### ## ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the SUPREMELY QUACKY UNIFIED INTERNET SNAKE HUNT! * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * ENDLESS ENTERTAINMENT * CONTENTS ======== - - INTRODUCTION - - OBJECT OF SQUISH - - SQUISH DIRECTIONS - - POINTS & SCORING . SECRET PROJECTS (CONSPIRACIES) . SUSPECTED ACCOMPLICES (SMALL FRIES) . SUSPECTED FAKE ADDRESSES (SNAKES AND TENTACLES) . SUSPECTED ASSOCIATES (MEDUSA'S SISTERS) . SUSPECTED LEADERS (BIG MACS) . SUSPECTED MASTERMIND (MEDUSA) . SUSPECTED CORRUPT SITES (POISON NEEDLES) . PLAYFIELD MAP (KILLING FIELDS, INFECTED OUTLETS, CRIME SCENES) . ATTACKS (TICKLES, POKES, COUNTERMEASURES) . RATINGS (SQUIRMS AND CONTORTIONS) . BALDFACED LIE BONUS POINTS . STELLAR HYPOCRISY AWARDS . BIG AND BLOODY BETRAYALS . THE SMALL PRINT ON POINTS - - A NOTE ABOUT YOUR OPPONENTS - - UPDATES - - THE CASH PRIZE - - DEADLINE - - MORE ABOUT `SQUISH' & `FACE' - - QUESTIONS === The recent WHITE HOT interest by multiple groups and individuals in the CYBERANARCHIST TENTACLE INFILTRATIONS into the Internet have inspired an EXCITING NEW CONTEST and COMPETITION! we, the Federation of Associations of Cyberspace Everywhere (FACE), announce the SUPREMELY QUACKY UNIFIED INTERNET SNAKE HUNT! (SQUISH) * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * FAMOUS PARTICIPANTS * === OBJECT OF SQUISH the OBJECT of SQUISH is to find TENTACLES and SNAKES. A TENTACLE is an email address used by a real person for the purpose of concealing their identity from others. A SNAKE is a TENTACLE that is particularly wicked and evil and will lie and trick others into believing the TENTACLE is real. In words, the more consequential and malicious a TENTACLE, the more it is a SNAKE. Different points are awarded for playing. Anyone who can send mail can play! The simplest and cheapest points come from sending email to suspected SNAKES and TENTACLES, and chalking up points depending on the responses. Larger points are awarded for `real world' interactions such as calling suspected tentacles and snakes at their telephone numbers. The largest points of all are awared for finding tentacle infiltrations into important Internet and real world outlets such as journals and news magazines! When a snake or tentacle gets upset in response to mail, it is said to be QUIVERING. It will go through CONTORTIONS to convince you to leave it alone and may begin to SQUIRM if you persist. When people are not writing through fake email addresses, they are said to be using their TRUE NAME. TRUE NAMES may go through quivering, contortions, and squirming too. Sometimes snakes or tentacles may threaten to stop using an email account entirely. If they do they are said to SELF DESTRUCT or be EXORCIZED DEMONS (these are extremely rare). The TRUE NAME of a person behind a tentacle is also called the MOTHER or the MONSTER. Some of the TRUE NAMES are BIG MACS and some are SMALL FRIES. Much larger points are awarded for exposing the BIG MACS, but some points are available for SMALL FRIES. BIG MACS are famous people on the Internet-- people that no one would expect have snakes and tentacles, or have media stories written about them. Massive points are awarded for BIG MAC exposures. When different MOTHERS and MONSTERS send out TENTACLE-GRAMS or SNAKEMAIL, they are said to be MOLESTING people. Sometimes the BIG MACS molest followers, SMALL FRIES, or even other BIG MACS. Sometimes they molest unsuspecting INNOCENT BYSTANDERS, this is called RAPING VIRGINS. When a lot of MONSTERS get together in a pack and attack, it is called GANG RAPE. A MONSTER commenting on himself through snakemail or replying to one of his own postings is called INBREEDING. When BIG MACS are involved it is called INCEST. Anyone who knows about a tentacle or other CONSPIRACY, an `insider', is called TAINTED. People who don't know are called CLEAN. Some CLEAN and BYSTANDERS are particularly NAIVE and believe everything that BIG MACS and MEDUSA says, they are called BRAINWASHED. The ones that defend BIG MACS and MEDUSA are called BLIND. Those that simply don't care are called BRAIN DEAD. Many of the TRUE NAMES and BIG MACS promote various philosophies that are directly opposed to their actual actions. They are called STELLAR HYPOCRITES, and points are awarded for uncovering them. Some of the BIG MACS even regularly betray their BRAINWASHED and BRAINDEAD defenders and apologists and even fellow BIG MACS. The followers who are striving to become BIG MACS themselves are called WANNABES. They are called TRAITORS guilty of HIGH TREASON. Valuable points are award for players who ATTACK the STELLAR HYPOCRITES or BIG MACS using such strategies as TICKLING, POKING, and COUNTERMEASURES like name calling, negative publicity, public and private pressure, smear campaigns, mudslinging, humiliation, exposure, etc. Matches take place in Cyberspace on the PLAYFIELD, with different regions consisting of INFECTED OUTLETS, CRIME SCENES, and KILLING FIELDS. A KILLING FIELD is a place where a tentacle and a player compete or a Big Mac is assaulted. INFECTED OUTLETS are media outlets or journals that carry BIG MAC propaganda, disinformation, or lies. A CRIME SCENE is a place where provably illegal activity takes place, e.g. someone passes a bribe. The more trusted an INFECTED OUTLET, the more INSIDIOUS the lie. Some INFECTED OUTLETS are particularly corrupt, they are called TOXIC WASTE DUMPS. The grand point prizes go to anyone who can expose MEDUSA. MEDUSA is the leader of all SMALL FRIES and BIG MACS, a wicked, evil incarnation of SATAN on the Internet. She is the originator and chief proseletyzer of the art, science, and religion of lies. MEDUSA has dozens of SNAKES all over the Internet, particularly in extremely sensitive areas such as Internet protocol development (e.g. mercantile or digital cash protocols), posting from public access sites and even `covers' and `front' sites, these are called POISON NEEDLES. Corrupt administrators are always either BIG MACS or SMALL FRIES. Some sites have administrators who are unaware or apathetic toward infiltrations, these are called PAWNS. When MEDUSA infiltrates many sites and spews extremely dangerous disinformation and propaganda, this is called SABOTAGE. Telling people to go somewhere else and dominating conversations with irrelevant topics is called STRANGLING or GANG RAPE. Stealing sensitive information from others is called ESPIONAGE. Sabotage, strangling, espionage, and other types of cyberterrorism are called POISON. MEDUSA hides her activities beneath the various phrases PRIVACY FOR THE MASSES, the CRYPTOGRAPHIC REVOLUTION, and CRYPTOANARCHY in respectable media outlets like Wired and the New York Times. Sometimes this is accomplished by fooling reporters, but note that not all reporters are CLEAN, and bribery may be possible. MEDUSA is the orchestrator of a MASSIVE INTERNATIONAL CONSPIRACY to STRANGLE, SABOTAGE, and POISON THE INTERNET. Anyone who can drive MEDUSA and all the corrupt BIG MACS from Cyberspace and the real world forever is called THE SAVIOR and said to have DRIVEN THE PHARISEES FROM THE TEMPLE. However, the player must avoid being CRUCIFIED or the cash award will not be given. POINTS can be traded in for COLD CASH. The first person with more than 500 points gets A DOLLAR PER POINT (some restrictions apply, not valid in all areas, void where prohibited by law, taxes may vary). * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * MYSTERIES OF THE UNKNOWN * === SQUISH DIRECTIONS 1. Consult the list of SUSPECTED SMALL FRIES, BIG MACS, SNAKES, TENTACLES, MEDUSA & SISTERS, and POISON NEEDLES below. Send mail to any attempting to discover whether they are real or fake, or have knowledge of other BIG MACS or even MEDUSA. 2. When you get CONTORTIONS or SQUIRMS, or mount COUNTERMEASURES, keep track of your all your points in a file. Ratings are listed under RATINGS below. List the persons and email addresses involved and quote the actual mail. Keep permanent and complete records of all mail. 3. Where possible, record phone numbers and call tentacles. Special bonus points are awarded when the snake owner is not in the same state as the snake, and you can prove it. 4. The biggest points are awarded for the greatest deceptions. Some snakes in the lists below (the most deceitful ones) have actually installed out-of-state phone numbers, developed software for coordination, and have an international arsenal of infiltration points. 5. In particular go after the BIG MACS and MEDUSA, where the most fantastic points are awarded. Some BIG MACS know of MEDUSA; they are called MEDUSA'S SISTERS. 6. if a suspected TENTACLE or SNAKE *ever* admits to being a tentacle or snake, they are not valid. This game only applies to tentacles and snakes who play the game themselves with QUIVERING, SQUIRMS, and CONTORTIONS. 7. The categories listed below of SUSPECTED SNAKES, TENTACLES, ACCOMPLICES, BIG MACS, and MEDUSA are not conclusive or definitive. In particular, some people in these lists may be INNOCENT BYSTANDERS, and their harassment should be minimized. But, be careful! the SNAKES, TENTACLES, ACCOMPLICES, BIG MACS, and MEDUSA will all claim to be INNOCENT BYSTANDERS. 8. The best players and highest awards are recorded periodically in the HALL OF SHAME. (rules subject to change without notice. watch for further announcements.) * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * SECRET CONSPIRACIES * * * * SECRET PROJECTS (CONSPIRACIES) === BLACKNET - a cyberspatial espionage, extortion, blackmail, and terror organization founded by T.C.MAY, who is obsessed with sabotage and subversive goals on the Internet and in Cyberspace. Points are awarded for: 2 Quote and info on T.C.May from Wired, Village Voice, and NYT. 3 The introduction notice to Blacknet. 3 Claim by T.C.May that Blacknet is no longer active or other current updates. CYPHERPUNKS -- see CYBERANARCHISTS. DAVID CHAUM - a respected researcher that the CYPHERPUNKS claim is affiliated with them and is helping them set up banks in the U.S. Points: 2 Any quote on the cypherpunks. 3 A quote that denies any affiliation or is negative about their subversive goals. 5 Evidence that he is actually masterminding a secret penetration into the U.S. via the cypherpunks. 5 Anything on the affiliation between Eric Hughes and David Chaum, including a visit by E.Hughes to the Chaum research laboratory. SECRET MAILING LISTS - a set of lists maintained by the cypherpunks to surreptiously promote their subversive aims. Maintained by E.Hughes. Topics include an encryption phone, the Credit Union, etc. 2 Denial by E.Hughes of the existence of the lists 3 Join any mail list, monitor traffic 5 A list of all the lists and email addresses and instructions to subscribe PORNOGRAPHY SERVER - a Cyberanarchist idea to set up a server to deliver pornography over the Internet for a fee. 2 Mention of the server 2 Mention of pornography as `natural' or a `basic human need' 3 Information on the development of the server CYPHERPUNK CREDIT UNION - a project underway by the CYPHERPUNKS to get a Internet commerce system started that is conducive to black marketeering, tax evasion, destruction of governments, and money laundering. Points: 1 Mail from anyone on the subject. 2 Information on the leaders and actual goals. 3 Information on the current status. 5 Evidence of criminal activity CYBERANARCHISTS - a group of people interested in black marketeering, tax evasion, destruction of governments, pornography distribution, all in the name of `privacy for the masses' and the `cryptographic revolution'. They believe that the use of fake names is constitutionally guaranteed, and have made an art, science, and relgion of it. They also believe they have a right to lie to the media, and have infiltrated Wired and NYT articles with disinformation and propaganda. They also are drug apologists. Points awarded for: 1 Cyberanarchist propaganda 2 Disinformation 3 propaganda from a proven tentacle or snake 4 disinformation from a proven tentacle or snake 5 Disinformation or propaganda from a Big Mac or Medusa BRIBERY - The Cyberanarchists may be bribing reporters to get their fake stories into media outlets. CRYPTOANARCHY,CRYPTOANARCHIST - a name invented by T.C.May for cyberanarchists, emphasizing the technological aspects (Chaumian subterfuges, public key cryptography, signatures, etc.) INFILTRATE AND SABOTAGE - what Cyberanarchists do to mailing lists and newsgroups. They attack others, post subtle or overt propaganda and disinformation, etc. Points: 1 Instances in newsgroups 2 Instances of sabotage on insensitive mailing lists - no protocol development 3 Instances on sensitive lists - public internet development 4 Instances on secret supersensitive lists - e.g. internal company lists, CERT, etc. note: point values are subject to change without notice. some new categories may be added. some points may be decreased, some increased. * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * BIZARRE MONSTROSITIES * SUSPECTED ACCOMPLICES (SMALL FRIES) === 1 Steve Klingsporn 2 Geoff Dale Klingsporn and Dale are housemates and were involved in the defense of the known tentacle szabo@netcom.com. Dale appears to have close ties to the T.C.May Big Mac. Klingsporn has some knowledge but is mostly uninvolved. SUSPECTED FAKE ADDRESSES (SNAKES AND TENTACLES) === 5 Caleb@sidefx.sidefx.com A Canadian tentacle and infiltration site of T.C.May's. No prominent profile known. 6 Jamie Dinkelacker Not particularly interesting any more either except that he has a phone number and has close ties to T.C.May. In fact, very likely he is a T.C.May tentacle. Very arrogant, obnoxious, and cruel. Delights in torture. Puerile threats. 7 Matthew B. Landry Landry has a telephone number in Washington, and supposedly goes to school there. He is a suspected T.C.May tentacle. He has posted to the Cypherpunks list in the past. He is highly dangerous and will tell lies to gain sympathy or credibility and then betray later. Not particularly interesting any more but was involved in some extremely grotesque inbreeding with T.C.May on the cypherpunks list. 8 Peter Bachman P.Bachman has contributed to the Society for Electronic Access list and others. He is actually a tentacle. Maybe a P.Metzger snake. Most disturbingly he has infiltrated RISKS. 9 Nick Collision Nick Collision has also infiltrated RISKS. A tentacle, but unknown origin-- possibly a T.C.May snake. Supposedly lives in the United Kingdom somewhere but refuses to comment specifically or give a phone number. Edits the alt.atheist FAQ (atheism is another classic Cyberanarchist philosophy). If Collision is a proven tentacle, the cyberanarchist infiltration is provably international in scope, with fake domain fronts. No known jobs have ever been performed by the `software consultants' at mantis.co.uk. 10 Arthur Chandler On the Future Culture list and Cypherpunks. probably an E.Hughes tentacle. This may be a wedge into discovering credit or SMTP software manipulations by Cypherpunks. 11 Greg Broiles Probably a snake of Medusa. Has intimate knowledge of fake email address use, knows about customized software, and has bizarre Cyberanarchist theories relating to human punishment. Strong knowledge of Macintosh software and hardware. 12 Eli Brandt Definitely has high level knowledge of the Big Macs and Medusa. Probably an E.Hughes tentacle. Once wrote, `I AM MEDUSA, CONTROLLER OF ALL TENTACLES'. 13 Paul Ferguson Another highly dangerous tentacle. Known to steal resumes. One of the Washington sites besides M.Landry. Known to have posted cyberanarchist propaganda on the PEM development list. 14 Nick Szabo The Szabo tentacle is one of the most persistent of all. Even after being exposed the `mother monster' continues to post, because a fairly significant reputation investment has been established under the name. Has strong interest in digital cash. Has admitted to knowledge of fake name use. Probably a T.C.May tentacle. 15 Hal Finney Finney is either a tentacle or an accomplice. If he is a tentacle he is the most treasured one of all. Involved in the defense of the jamie@netcom.com tentacle. Possibly an E.Hughes snake. Supposedly has contributed significant code to anonymous remailers and Zimmermann's PGP. (If he is a tentacle, Zimmermann has been fooled.) May even be Medusa's snake. * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * GROTESQUE PERVERSIONS * SUSPECTED ASSOCIATES (MEDUSA'S SISTERS) === 20 Jim McCoy A `nerdy' cyberanarchist who does things such as sleep in his clothes. Close ties to D.Barnes in Texas. They are working on their own digital bank in competition and cooperation with CA cyphrepunks. Longtime Usenet poster. Knowledgeable on the most serious subversive activities. 21 Doug Barnes D.Barnes is a lackey for Big Macs and Medusa. He may attack postmasters and coworkers at participating SQUISH player sites. Sysadmin of the io.com site. Introduced to fake addresses by E.Hughes. 22 Perry Metzger Metzger is the pit bull of the Internet. He has perfected the cyberspatial ad hominem attack. He has close ties to all the Big Macs and is probably aware of who Medusa is. His own tentacles and snakes are minor in comparison. Likes the mailbomb as a threat and attack. Probably involved in anonymous phone threats. 23 Bill Stewart This is a very dangerous insider, who has close affiliations with the Big Macs and a prestigious job at AT&T. Has claimed to have seen known tentacles and snakes at Cypherpunk parties and even seen their driver's licenses. Classic cyberanarchist propaganda outlet. SUSPECTED LEADERS (BIG MACS) === 25 Stanton McCandlish Probably on the secret cypherpunk development lists. Maybe knowledgeable about deceptions by other Big Macs. EFF online activist. Definite cyberanarchist apologist and sympathizer. 26 John Gilmore Cyberanarchist, built up Cygnus support. Admitted drug user. Probable snake charmer. Generally more ethical and moral than other Big Macs. May be a wedge into them. 27 T.C.May Close personal friend of E.Hughes. Worked for Intel and is a millionaire in stock values. May be financing the major international fake address infrastructure. Probably manipulating dozens of tentacles. May have hired actors and forged drivers license to defend tentacles. SUSPECTED MASTERMIND (MEDUSA) === 40 Eric Hughes Hughes is probably the mastermind of all major tentacle manipulations on the Internet. Has bizarre theories about human punishment and law enforcement. Denies any involvement. May be involved in illegal credit scanning. Interested in black marketeering, money laundering, etc. Very terse in all mail. Refuses to comment on all areas. Extremely dangerous. Has personally established many of the corrupt sites particularly in WA, CA, and TX. * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * SCANDALOUS CORRUPTION * SUSPECTED CORRUPT SITES (POISON NEEDLES) === Note: Any site supporting a snake can be corrupt, so that proven snakes lead to proven corrupt sites (see above). Those listed below are only the more serious ones. 0 netcom.com Paradise for cyberanarchists. Cheap, unauthenticated accounts indistinguishable from the real people. `Privacy' never violated so far by the Pawns. Close proximity to the CA cypherpunks. Home of dozens of snakes and tentacles. Cyberanarchist Central. 10 io.com D.Barnes' site. Lots of other fake addresses from inconsequential tentacles not listed above. 40 mantis.co.uk Supposedly a group of software consultants, but probably a cyberanarchist front. Could be a major wedge into the cyberanarchist conspiracy if exposed; has some links to the `Extropian' movement. 50 crl.com Probably corrupted by associations with E.Hughes and credit and SMTP tampering, based on the Chandler tentacle. 100 sun.com Extremely suspicious activity by sysadmins. Some probable email impersonation going on. Possible telephony corruptions. PLAYFIELD MAP (KILLING FIELDS, INFECTED OUTLETS, CRIME SCENES) === 0 Anonymous mail 0 Private Email 0 Cy{b,ph}erwonks 0 Anonymous Usenet post 1 Usenet (per group & article under true name) 1 Anonymous mailing list posts 5 Cypherpunks@toad.com 10 imp-interest@thumper.bellcore.com (Internet Mercantile Protocol) 10 Privacy Enhanced Mail development list 10 Other sensitive project development lists 20 CERT related lists 25 Talk on phone 35 Talk Face-to-Face 40 Current Underground Digest (per article) E.g. `Anarchy Gone Awry', `Psychopunk Manifesto' etc. 50 RISKS (per article) E.g. RISKS 15.25,15.27,15.28x, `Medusa's Snakes in Cyberspace, Medusa's Snake's Hiss, Further Inquiries into Identity on the Internet' 100 Wired E.g. article on the cypherpunks with nonexistent photographer, `protecting privacy' propaganda 500 New York Times For example, the article on the cypherpunks talking about `privacy' by J. Markoff. ATTACKS (TICKLES, POKES, COUNTERMEASURES) === 1 `Could you send me your phone number?' 1 `Who do you work for?' 1 `What do you work on?' 1 `Where do you live?' 1 `Who do you know?' 1 `How long have you had your account?' 3 `Go to hell, Medusa' 3 `Get away from me, Darth Vadar' 3 `I will never join the Dark Side' 4 `You are a baldfaced liar' 4 `black marketing is black filth' 4 `this is a toxic waste dump' 4 `stop the insidious poison!' 10 `you are all liars' 10 `Big Mac so-and-so is a traitor' 15 `cyberanarchists are money launderers' 15 `fake names are like drugs' 15 `fake names are like sodomy' 15 `fake names are like child molesting' 15 `Big Macs are like Nazis' 15 `Big Macs are homosexuals' 15 `Big Macs are drug users' 20 `Death to tentacles' 20 `Death to cyberanarchists' 20 `Death to Medusa' 25 Long expose with lots of hypothetical insinuations 30 Published rant against cyberanarchy 100 News article: `The cyberanarchist conspiracy' 200 Retrospective article: `what went wrong?' RATINGS (SQUIRMS AND CONTORTIONS) === Note: for effective score add the number associated above with the Small Fry, snake, tentacle, Big Mac or Medusa, poison needle, and the field, outlet, scene, and hypocrisy, lie, or betrayal involved (below) to the points below-- i.e. the more important targets involve the most points. Points 0 No response to email 1 Refuses to give out phone number of self 1 Refuses to give out email address of someone 1 Whine about `invading privacy' 1 Whine about `stalking' 1 Whine about `witchunt' 1 Whine about `McCarthyism' 1 Whine about `Inquisition' 1 Whine about `paranoia' 1 Whine about `ranting' 1 Whine about `your long posts' 1 Deny being snake or tentacle 1 Evade question of being snake or tentacle 1 Deny any knowledge of snakes or tentacles 1 Claim that no snakes or tentacles ever existed 1 Claim that there are very few snakes or tentacles 1 Claim that snakes or tentacles are easy to identify 1 Claim that no one cares who has snakes or tentacles 1 Claim that those who have tentacles are genetically superior 1 Claim that tentacles and snakes are the `new world order' 1 Claim that you are a hypocrite for having tentacles 1 Tell you not to get worried or upset about tentacles 1 Claim that you are an12070, S.Boxx 1 Listing circumstantial evidence to prove you are S.Boxx 1 Tedious style analysis to prove you are S.Boxx 1 `The Usenet Mantra, Live with it, applies' 1 `That which cannot be enforced should be not prohibited' 1 `Better to live with tentacles than ban them' 1 `No one should be limited in tentacles' 1 `Those who think tentacles should be limited are deluded' 1 `Tentacles are like harmless pseudonyms, e.g. Publius' 1 Talk about `projecting personalities' 1 References to science fiction, e.g. Ender's Game (Card) 1 Evade question of any Big Macs or Medusa 1 Deny any knowledge of Big Macs or Medusa 1 snakemail message identified 2 `please stop!' 2 `Everyone you have accused is real.' 2 Evades question, who is real in particular? 2 Gives you phone number of self 2 Refuses to give you phone number 2 Calls you insane 2 inbreeding 3 Calls you insane to postmaster or employer 3 `I have personally met everyone you accuse.' 3 Evades question, who is that? 3 Yells at your sysadmin on phone 3 Tells you a known tentacle is real 3 Calls you `insane' on Usenet group or list 3 Calls you `dangerous' on Usenet group or list 3 `people are really pissed off at you' 3 incest 4 Tells of seeing ID presented by tentacle suspect 4 `Seen at cypherpunk party' 4 You talk on phone 4 Proof of snake or tentacle 4 Yells at your close friends 4 Get close friend of accomplice to put on pressure 4 Refers to your nonexistent `violent death threats' 4 Tells you they have a gun 4 Evades question on having snakes or tentacles 4 denies having snakes or tentacles 4 Yells at someone who doesn't know you about you 4 virgin rape 4 Sysadmin Pawn says, `who cares?' 4 refuse to respond to accusations of being a Mother Monster 4 evade accusations of Mother Monster with evasions 4 Employer says, `what's going on?' 4 `I heard some people are planning something against you' 5 face-to-face talk 5 outright lie 5 Uncover proof suspected accomplice is involved 5 Proof of fake ID 5 Proof of Internet front site 5 Employer yells at someone 5 `I deny everything' 5 `I'm really concerned about you.' 5 `Refusal to answer is not evasion. Bye.' 5 `Your assertions are too bizarre to believe' 5 `he's/you're out of control' 5 `he's/you're a paranoid lunatic' 5 `he's/you're a psychopathic stalker' 5 `there is no conspiracy' 5 `I am your father, Luke, join the Dark Side' 5 Yell at someone uninvolved and clueless but high up 5 innocent bystander feelings hurt 5 braindead, blind, or brainwashed follower identified 10 Big Mac whines publicly 10 Big Mac says anything about Tentacles or Snakemail 10 Big Mac says anything publicly 10 Anonymous death threat (general) 10 tentacle threatens to self destruct 10 Big Mac caught molesting a follower with tentacle 10 Sign of paranoia in Small Fry 10 Mailbomb 10 Sendsys bomb 15 sabotage, poison, strangling 15 account is revoked under pressure 15 Proof of Big Mac hiring actor 15 Proof of out-of-state phone number for tentacle 15 Proof of media deception 15 Link the accomplice with a Big Mac 15 Link the accomplice with Medusa 15 Death threat by tentacle 15 tentacle self-destructs 15 Big Mac caught molesting a Small Fry with tentacle 15 Big Mac asks with tentacle, `do you like Big Mac so-and-so?' 15 Big Mac says to other Big Mac, `what are we going to do?' 15 Big Mac explains fake mail techniques in Snakemail 15 sign of paranoia in Big Mac 15 gang rape 15 pawn begins to wonder 20 Proof of completely corrupt sysadmin and site 20 Proof of illegal activity by accomplice 20 Death threat by accomplice 20 Proof of bribed reporter 20 Big Mac caught molesting another Big Mac 20 Big Mac quivers over homosexual or drug use accusations 20 Big Mac to another Big Mac in email: `I want to kill him.' 20 Big Mac develops Snakemail software 25 get attention of real reporter 25 Proof of illegal activity by Big Mac 25 Death threat by Big Mac 25 Proof of illegal impersonation (rare) 25 toxic waste dump identified 25 pawn starts to take action (rare) 50 Proof two Big Macs are homosexual lovers 50 Proof Big Mac is a drug user 50 Proof of Medusa 50 virgin rape by Medusa 50 reporter apologizes for errors (rare) 50 reporter is caught passing lies knowingly (rare) 75 Convince many outsiders of real Medusa 75 Proof of illegal activity by Medusa 75 Death threat by Medusa 75 Big Mac admits to homosexuality or drug use 75 Reporter writes story about conspiracy 75 Reporter is fired for being tainted 100 Stop Medusa on the Internet 100 Testify against Big Mac at any criminal trial 500 Cause Medusa to go to trial for criminal activity 500 Give pivotal damning evidence at Medusa trial 1000 Put Medusa in jail 2000 Kill Medusa 2000 Medusa goes certifiably insane 2000 You go certifiably insane 5000 Medusa tells you to commit suicide 5000 Cause Medusa to commit suicide 5000 You get murdered by a hired assassin of Medusa 10000 You get murdered by Medusa personally 20000 You get murdered and become a martyr as famous as Jesus Christ 25000 Medusa goes to hell forever 25000 You fulfill the prophecies of Nostradamus 50000 You fulfill the prophecies of the Apocalypse 50000 You go to heaven forever BALDFACED LIE BONUS POINTS === 1 Cyberanarchist nobody says, `your writing sucks' 1 Cyberanarchist idiot says, `nobody reads your posts' 1 Cyberanarchist vulture says, `your long posts are worthless' 5 Cyberanarchist weasel says, `I'm really concerned about you' 20 Medusa says, `I'm concerned about you.' 20 Colorado Cyberanarchist wannabe says, `everyone told me to do it.' 25 szabo@netcom.com says, `I have never pseudospoofed' 40 Medusa says, `I have never communicated under any other name' 50 Medusa says, `I will stop if you just tell me this...' 75 P.Metzger says, `szabo@netcom.com is Geoff Dale's roommate' 75 B.Stewart says, `I saw Szabo's driver's license' STELLAR HYPOCRISY AWARDS === 1 Cyberanarchist proofs that S.Boxx == You 5 Someone who promotes privacy invades yours 5 Someone who promotes privacy works to destroy it 5 Someone who attacks the government lives in the U.S. 5 Cyberanarchists complain about anonymous smear campaigns 10 Someone who advocates filtering doesn't filter you 10 Someone who vilifies you complains of vilification 10 Someone who is a pit bull says you are a psychopath 10 Colorado wannabe says, `I am not the leader' 15 A criminal calls you a hypocrite 15 An atheist uses Biblical references to Judgement 15 A cyberanarchist says, `who are you to judge me?' 15 A cyberanarchist talks about `casting the first stone' 15 A cyberanarchist talks about honesty 15 Cyberanarchists whine about persecution 15 Cyberanarchists post to imp-interest or cypherwonks lists instead of cypherpunks 15 Medusa says, `you have to learn some quality in your posts or I will censor you.' 15 Colorado Cyberanarchist wannabe throws you off his mailing list without notice. 20 Someone interested in cryptographic security says `spoofing is a way of life' 20 Someone complains about `invaded privacy' when you announce they mailbombed or lied to you 20 Medusa says, `I don't want brainwashed followers' 25 Big Macs say they are not really Big Macs 25 Braindead, blind, and brainwashed followers say the Big Macs are not really Big Macs 25 Braindead, blind, and brainwashed followers say they not accomplices 50 Someone who pretends to be your friend betrays you BIG AND BLOODY BETRAYALS === 20 P.Honeyman: `Whatever you do,I'm on your side' 25 E.Hughes says, `You are forcing me to censor you.' 25 T.C.May says, `I am tired of your rants. Stop sending me mail.' 30 M.Landry: `I am doing all I can' 30 G.Broiles: `Too bad about you and EH' 35 Hal Finney says, `jamie@netcom.com is real. You are insane.' 40 D.Barnes calls up university administrator and previous employer 40 Geoff Dale says, `Everyone you accuse is real' 40 S.Klingsporn says, `You are wrong. szabo@netcom.com is real.' 50 Big Mac says, `Refusal to answer is not dishonesty. Bye.' THE SMALL PRINT ON POINTS === All point values are subject to change without notice. some new categories may be added. some points may be decreased, some increased. A NOTE ABOUT YOUR OPPONENTS === The entities listed above, i.e. your opponents in SQUISH, are extremely sophisticated and have years of practice in fake email address use, and have learned how to rebuff and thwart even the most determined inquiries. They have extremely powerful resources at their disposal, including dozens of public access acounts, front sites, cover stories, and automated software for identity tracking, and sizeable investments in hardware and their own countermeasures. You will be attacking their most cherished vices and lies and they will respond viciously. They may be involved in criminal activities such as credit and telephony tampering, forgery, impersonation, fraud, etc. Beware of dangerous hazards they have erected or may hurl at you. UPDATES === updates on the SQUISH contest will be posted regularly. Send in notice of the more spectacular point accumulations with proof for verifications immediately and the Halls of Fame and Shame. Unverified points are not valid toward the cash prize. THE CASH PRIZE === A cash prize will be awarded to the first person to surpass 500 points, one dollar per point. The person may continue playing to continue to gain cash. Further awards may be presented to close contenders. Some restrictions apply. Void where prohibited. Tax not included. In the case of deceased victims the award will be given to the nearest living relative, or the Federation of Associations of Cyberspace Everywhere (FACE) if all relatives have met mysterious fatal accidents as well. If the world economies have collapsed from cyberanarchist sabotage before the award is granted, no further action is necessary (this constitutes the final sign of the Apocalypse). DEADLINE === TIME IS RUNNING OUT! AVOID INQUIRING FURTHER OR WAITING FOR FURTHER INSTRUCTIONS. START IMMEDIATELY! MONTHS OF PARTICIPATION ARE REQUIRED TO ACCUMULATE COMPETITIVE STANDING. SOME PARTICIPANTS ALREADY HAVE A HEAD START. THE CASH PRIZE WILL BE AWARDED APRIL 1, 1994. FURTHER INCREMENTS WILL BE AWARDED AT YEARLY INTERVALS THEREAFTER. MORE ABOUT `SQUISH' AND `FACE' === The Federation of Associations of Cyberspace, Everywhere was founded in 1994 as a group that coordinates the activities among the many different online organizations. We have played a very low-profile role to date, and wanted to find some way of promoting our newfound alliance. We have groups combined from BBSes, local area networks, the Internet, and other global and local networks around the world (see below). We have built up some membership funds from the contributing organizations and private contributions to provide the prize money for SQUISH, and some private individuals have donated significant amounts. The contest was inspired by S.Boxx, who was the architect of point classifications and the current opponent lists. S.Boxx has also promised to provide any funds necessary for the successful completion of the contest. We hope that recent interest into snakes and tentacles by many on the Internet will make the contest spirited entertainment and a strong success. We encourage reporters and the media to use this announcement as our official press release. Feel free to redistribute or comment on this announcement in any forum. QUESTIONS === Address further questions to cypherpunks@toad.com, gnu@toad.com, tcmay@netcom.com, or hughes@ah.com. Some additional information is available in RISKS 15.25, 15.27, 15.28x: ftp CRVAX.SRI.COM, login anonymous, directory RISKS: (include the colon), file RISKS-i.j === ///// //// // // //// ///// // // /// // // // // // /// // // //// // // // // // //// ////// /// // // // // // /// // // ///// ///\\ //// //// ///// // // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Introducing the SUPREMELY QUACKY UNIFIED INTERNET SNAKE HUNT! === Brought to you as a coordinated effort between the individuals * S.BOXX * MEDUSA * INFOCALYPSE * THE EXECUTIONER * PABLO ESCOBAR * DEADBEAT and the Federation of Associations of Cyberspace Everywhere (FACE) * ILF (INFORMATION LIBERATION FRONT) * BLACKNET (INTERNET ESPIONAGE COORDINATION HEADQUARTERS) * BLOODNET (CYBERSPATIAL BLACK MARKETEERING AND LIQUIDATION SQUAD) * CRAM (CYBERSPATIAL REALITY ADVANCEMENT MOVEMENT) * CRaP (CYBERANARCHIST REPRESSION AND POISON) * CY{B,PH}ER{PU,WO}NKS === * THOUSANDS OF CONTESTANTS * HUGE CASH PRIZES * * FASCINATING DISCOVERIES * HEDONISTIC DELIGHTS * * FANTASTIC FUN FOR EVERYONE * CRIMINAL CONVICTIONS * * GRISLY DEATH TORTURE * JUDGEMENT DAY * APOCALYPSE NOW * - ------------------------------------------------------------------------- To find out more about this anonymous remail service, send mail to remail@tamsun.tamu.edu with the word "remail help" as the only words in the subject field. ------- End of Forwarded Message -- Brad Jones(rjones@us.oracle.com) Cypherpunk Tentacle #6F4389 (also PGP key ID) The most redundant saying on Usenet: "Correct me if I'm wrong." In the unlikely event that Oracle has opinions, these aren't them. This message brought to you by the letters aleph and xi, and the number e. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: edgar@spectrx.saigon.com (Edgar W. Swank) Date: Mon, 17 Jan 94 09:14:01 PST To: Cypherpunks Subject: SecureDrive 1.2 Distribution Halted Message-ID: <8s4agc3w165w@spectrx.saigon.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I am (temporarily) stopping further distribution of SecureDrive 1.2, announced here a few days ago. The reason is the recent announcement of a version 1.1 by Mike Ingle which fixes one real bug and one (IMHO) dubious security "hole" in version 1.0. My version 1.2 does not have these changes. I hope to shortly announce version 1.3 which will combine the function I added to 1.2, and the fixes Mike has added to 1.1, and a few other enhancements, if time permits. I was overwhelmed with e-mail requests for 1.2. I'm grateful for these, especially the few who offered to place 1.2 on e-mail servers and anonymous FTP sites. I have kept all your requests and I will send you all a copy of version 1.3 as soon as it's ready. I agree with Mike that anyone with more than one physical hard drive should get version 1.1 now and switch to it. If you have only one physical hard drive, my recommendation would be to keep version 1.0 (or 1.2 if you already have it) and wait for version 1.3. This especially applies if you have more than a few SecureDrive encrypted floppy disks, as switching from 1.0 (or 1.2) to 1.1 will require decrypting (with CRYPTDSK 1.0) and re-encrypting (with CRYPTDSK 1.1) your HD partition and all your encrypted floppies. The security exposure of all this plaintext data laying around during conversion is probably more than the so-called "hole" fixed in 1.1. In my opinion there is no "hole" if you have a good passphrase and Mike's "fix" is inadequate for a weak passphrase. It may have some value for a very narrow range of marginal passphrases. My apologies for the delay and confusion. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTqhH94nNf3ah8DHAQEr1QP/eFlyD4Emt643hfkPS6HhCU08C8gF6qFy OHOw9BaZZxgX23juL6LhKAnlVWOmstWaTiW9/eKJ67gFSabSRBN/YjlP4WWRLtix naJViHRT7vn4zJvXmfpEsWcz1aDPTPJt4WwvRUvyvsB4bntorAQT5MJnByJFVYXB mwq92f4gVes= =zM9w -----END PGP SIGNATURE----- -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: edgar@spectrx.saigon.com (Edgar W. Swank) Date: Mon, 17 Jan 94 09:14:19 PST To: Cypherpunks Subject: SecureDrive Distribution Controversy Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- W. Kinney posted: Hal writes: >Mike wants to protect himself against a PGP-style investigation >into export of software. But if 1.2 is put up for FTP, it could >conceivably lead to such an investigation. And Mike would >presumably be a potential target. > >This is a confusing situation. What rights does Mike have to >control a derivative product like 1.2, given that he is releasing >it under the Gnu Public License? Legal questions aside, one might hope that within the Cypherpunks at least there might be more of an ethic of respecting the wishes of an author. Edgar seems awfully casual about exposing other people to legal difficulties without their consent, and justifying that by some bullshit technicality doesn't change the reality of it one bit. I for one am most unimpressed. And I would have hoped for more backbone from a group calling itself the Cypherpunks, perhaps we should rename it the Cypherwimps. ~~~~~ ~~~~~ I respected Mike's wishes (once they were clearly expressed) in respect to SecureDrive version 1.0, which was wholly his creation. I will continue to respect his wishes re version 1.1. But (to answer Hal's question) Mike has no control at all of derivitave products like version 1.2 and (to be announced shortly) version 1.3. I have done my best to make clear that Mike is not responsible for my distribution policies re versions 1.2/1.3. But I am not going to allow Mike or anyone else to intimidate me from the exercise of my constitutional right to publish my own code anywhere I damn well please, at least within the USA/Canada. I have not and will not export SecureDrive. I have warned anyone contemplating doing so that they may be violating US law. If someone does so anyway, it's not my fault; and if NSA or DOJ thinks it is, they can try to sell that idea to a judge & jury. If this ridiculous and unconstitutional law (especially an interpretion that publishing domestically constitutes export) needs to be tested, perhaps I'm the best one to do it. I'm retired, & my pension will continue even if I'm in jail. Should I be charged, I hope EFF will be there for me the way they were for Steve Jackson. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTqvN94nNf3ah8DHAQE1/AP5AetHZReujCW6JZg+x5gG9FQzwuejln++ 6LyPUzHd0bt4mVecq88cHzr40V0lPu2zWEp26sP39+EqTJz05j3rA7a4B3Du7PZ/ u9e7xheXE02sRB9Y+VOjbCyA53T9GXaow6qkHZ+cb4DLx1pp+xHNhlFMOeoDmqg9 rqgPTdKUAE8= =ZcSW -----END PGP SIGNATURE----- -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Peter shipley Date: Mon, 17 Jan 94 09:23:28 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <9401171721.AA25372@merde.dis.org> MIME-Version: 1.0 Content-Type: text/plain ------- Forwarded Message Return-Path: gwh@crl.com Return-Path: Received: from crl.crl.com (crl.com) by merde.dis.org (4.1/SMI-4.2) id AA25088; Mon, 17 Jan 94 07:09:11 PST Received: from localhost.crl.com.0.0.127.IN-ADDR.ARPA by crl.crl.com with SMTP id AA26197 (5.65c/IDA-1.5 for ); Mon, 17 Jan 1994 07:07:47 -0800 Message-Id: <199401171507.AA26197@crl.crl.com> To: postmaster@dis.org Cc: gwh@crl.com Subject: Ahem Date: Mon, 17 Jan 1994 07:07:47 -0800 From: George Herbert I don't know if you're behind the forged mail which is bouncing from your remailer apparently destined for cypherphunks, but I want it stopped. I am not amused. - -george ------- End of Forwarded Message From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tramm@lsmsa.nsula.edu (Tramm "X Programmer" Hudson) Date: Mon, 17 Jan 94 07:53:28 PST To: cypherpunk@toad.com Subject: Appropriate bit of poetry Message-ID: <9401171650.AA26592@lsmsa.nsula.edu> MIME-Version: 1.0 Content-Type: text We need to get off the snake/tentacle thing (and *I* am not a tentacle). To start getting us off the subject, I have an appropriate eecummings poem: when serpents bargain for the right to squirm and the sun strikes to gain a living wage- when thorns regard their roses with alarm and rainbows are insured against old age when every thrush may sing no new moon in if all screech-owls have not okayed his voice -and any wave signs on the dotted line or else an ocean is compelled to close when the oak begs permission of the birch to make an acorn-valleys accuse their mountains of having altitude-and march denounces april as a saboteur then we'll believe in that incredible unanimal mankind(and not until) e.e.cummings This, and more, poetry is available from ocf.berkeley.edu in the /pub/Library/poetry directory. Tramm "Will not be a snake for net access" Hudson tramm@lsmsa.nsula.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Alan (Miburi-san) Wexelblat" Date: Mon, 17 Jan 94 07:06:08 PST To: frissell@panix.com Subject: Crypto and taxes In-Reply-To: <199401162247.AA00203@panix.com> Message-ID: <9401171504.AA08321@media.mit.edu> MIME-Version: 1.0 Content-Type: text/plain Today (1/17) the Boston Globe had an article about the barter economy, featuring the concept of "Labor dollars" which are popular in a number of localities. The concept is that each "dollar" is worth 1 hr of someone's labor, with all dollars/hours being theoretically equal (if you want to rate your labor as worth more that's between you and whoever wants to pay you in labor dollars). They point out that this form of currency is popular in lower-income areas, and especially with lower-income workers who do not have large cashflows, but who do have tradeable skills (e.g. you do my tax forms, I'll fix that leak in your bathroom). Of course, this kind of thing has gone on for years between pairs of people who had immediate needs; what is interesting is the investiture of labor debt into visible tokens which can be traded, stored, etc. This is, of course, one of the reasons why currency arose in the first place... --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex@media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 an53607@anon.penet.fi All the world's a stage and most of us are desperately unrehearsed. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Colin Chandler Date: Mon, 17 Jan 94 10:13:29 PST To: TCR Subject: Re: Mac PGP In-Reply-To: <9401171157.AA16120@dec6.wu-wien.ac.at> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > why do you want to use an old version? There should be a mac-pgp2.3 (no A-Version). > try using archie with *pgp2.3*, you will see the new mac-files... Y not... U could probably do this yourself, but I thought that I might as well. BTW: it is VERY VERY slow. Host soda.berkeley.edu (128.32.149.19) Last updated 11:38 30 Nov 1993 Location: /pub/cypherpunks/pgp FILE -rw-r--r-- 236640 bytes 00:00 17 Mar 1993 macpgp2.2.cpt.hqx From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Philippe Nave" Date: Mon, 17 Jan 94 12:19:21 PST To: cypherpunks@toad.com (cypherpunks) Subject: Two more cents (PGP/mailing list) Message-ID: <9401172019.AA09025@toad.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In my 'two cents' posting the other day, I used the term 'filter' when I should have used a term like 'preprocessor' or something. If you've got a copy of the posting, note that later on in the message I suggested that the PGP validation step should allow unsigned messages to flow through the list in the usual manner- my suggestion should in no way be construed as advocating censorship or conditional acceptance of postings. My suggestion was for a very simple, automatic verification of PGP signatures against a 'cypherpunks public keyring' for those who sign their posts and provide public keys to the list maintainer(s). I see these benefits: 1) This would not alter the way the list runs today; if messages come in with no PGP sig, they'd just get broadcast unchanged 2) For those who sign messages, this would be a painless way to reassure *everyone* (PGP-capable or not) as to the authenticity of the message. 3) If individuals desire to receive only 'validated' mail, they may code their mail filters to trap the validation stamp (and deal with issues of 'censorship' individually) The reason I suggested that the PGP validator add a new header line (like X-PGP-Whatever: ...) rather than append the validation stamp to the body of the message is that I thought we might foul up a PGP sig if we alter the message body. Using a special header line also makes it easier to identify in your personal mail filter process (at least for me), and even if you have no mail filtering you would see the header (or lack thereof) at the top of the posting and could read on or can the posting right away. Hopefully, mail systems can be tailored on an individual basis to allow these headers to pass on to the user. - -- ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTrJLQvlW1K2YdE1AQFCeQP9ELfLmkFxIZOhbr7WJW+IezpTFEBX6mzE qvi/veIdE0hBP/3lJsRg0K8pJJopfFJ7Q9rOGRutGDVlTOUSuPgzjV0rn2laFudl POxM8NCDL5k/QIsyjsI152Z7R76mGgVRHzV/K+uUg9liHTvd14/OS7b00aKFoKtE S/Z+aQGpAVc= =Aqu0 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Yaoshiang Ho Date: Mon, 17 Jan 94 10:28:28 PST To: cypherpunks@toad.com Subject: GUNZIP (fwd) Message-ID: MIME-Version: 1.0 Content-Type: text/plain ---------- Forwarded message ---------- Date: Sun, 16 Jan 1994 13:26:31 -0800 (PST) From: Yaoshiang Ho To: cypherpunks@toad.com Subject: GUNZIP (fwd) ---------- Forwarded message ---------- Date: Sun, 16 Jan 94 14:45:18 CST From: Gary Jeffers To: cypherpunks@toad.com Subject: GUNZIP I need help. I've downloaded gunzip from the net but it doesn't work. My operating system is IBM mainframe vm/cms. error is "error in DMSRLD routine; return code 508. Maybe I got a wrong system gunzip? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Micromine Date: Sun, 16 Jan 94 18:46:02 PST To: CYPHERPUNKS@toad.com Subject: UNSUBSCRIBE Message-ID: <199401170244.KAA22318@yarrow> MIME-Version: 1.0 Content-Type: text/plain UNSUBSCRIBE From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Karl Lui Barrus Date: Mon, 17 Jan 94 09:03:29 PST To: cypherpunks@toad.com Subject: RSA: low exponent Message-ID: <9401171702.AA17894@arcadien.owlnet.rice.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- [concerning a low RSA modulus] I haven't had a chance to look at Matt's post very much... Actually, I beleive the largest concern over using a small modulus is if you encrypt a message to multiple recipients (i.e. an identical message to several people) This then leaves you open to the "low modulus attack" (how appropriately named :-) as described by Judith Moore in her paper "Protocol Failures in Cryptosystems". This paper also appears in the Simmons big book on Crypto. Basically, the message can be reconstructed with the Chinese Remainder Theorem (I beleive, it's been a while since I worked through it). To prevent this, random bits should be appended to change the message for each person. Karl Barrus klbarrus@owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTrElYOA7OpLWtYzAQEtdgQAm5OO+b3LxsmKtzYWNNFHEAaqkuEG4soZ 28SgCRFDpgKuov56GPVu/8Nl+zLS3H8LuEQg2KxFWT5zns/Rt/rlIo5o5Wp8KeXM ZxxzYd8K6x3zvplzE0G5kJMtJii4wUBPwP8m8kZQQFzSnRv86+MQAa9kGy0wb+tm P4LrmVoZeq8= =t9rg -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Karl Lui Barrus Date: Mon, 17 Jan 94 09:18:30 PST To: cypherpunks@toad.com Subject: REMAIL: remailer tech Message-ID: <9401171716.AA18049@arcadien.owlnet.rice.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Thanks for the note, L.Detweiler! Let's see, I added a bunch of files to the gopher site, and I'll do more maintenance next weekend. I sent out remailing requests, and got responses from these remailers: Remailed-By: Remailer X-Remailed-By: Anonymous X-Remailed-By: Anonymous From: nobody@cicada.berkeley.edu From: nobody@shell.portal.com Remailed-By: remailer03 From: nobody@rosebud.ee.uh.edu ---> elee6ue, which returned an insufficent funds message From: nobody@shell.portal.com ---> I surmise Hal is forwarding his alumni account to portal Remailed-By: Eli Brandt Remailed-By: remailer bogus account From: nobody@pmantis.berkeley.edu Remailed-By: remail@extropia.wimsey.com From: nobody@rebma.rebma.mn.org From: nobody@soda.berkeley.edu Remailed-By: Eric Hollander Remailed-By: nobody@menudo.uh.edu The following errors were received: "|/u50/sameer/.myfilt" (unrecoverable error) (expanded from: ) 550 ... User unknown So that's hearing from 18 out of 21, and maybe some more will drift in shortly :-) I'll test again in a while. >for the duration of the execution of the perl code. Another solution is >to have the messages sent into a buffering script, and something else >continuously running in the background to go through the queue to send messages. Yes, this is what the remailer at menudo does, all incoming mail is just filed away, and then remailed at midnight. I beleive I changed the mailout script to pause for 5 or 10 seconds in between mailing. Hopefully this will guard against massive onslaught attacks. Karl Barrus klbarrus@owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTrH1YOA7OpLWtYzAQHg+AQAhvxw/8uy6MGJZEd1rMaAoTDJKdP5urKN gtDd9vkfeWZrev1E3W6IdB/iJqfGLs2XsoS6lSBHbGEQU03d0MUlG9drdGBOCDbQ 7seZT/6TGof63PxOGW6gCklVIR9BsolmxRYf4Y768MgyAI15rEeK+46RO5es1fe1 8/N/aYbeSdM= =FXxh -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: consensus@netcom.com (Christopher Allen) Date: Mon, 17 Jan 94 11:33:30 PST To: cypherpunks@toad.com Subject: Re: message (fwd) Message-ID: <199401171932.LAA10772@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain >INTRODUCING > >=== > > ##### #### ## ## #### ##### ## ## > ### ## ## ## ## ## ### ## ## > #### ## ## ## ## ## #### ###### > ### ## ## ## ## ## ### ## ## > ##### ###\\ #### #### ##### ## ## FYI: This email and some related followup emails were sent to a number of low low-volume lists lists that I belong to. Somone is now apparently engaged in harassing a wide variety of Internet mailing lists completely unrelated with cryptography. In particular the Squish email was posted to were CREA-CPS@HEARN.nic.SURFnet.nl (CREA-CPS Creativity and Creative Problem Solving) and Annotated Lists of ThingS (ann-lots@vm1.nodak.edu). As a member of those lists I don't believe that the person sending the mail was a member. I have also recently seen complaints from a number of other list owners and users. I suspect that the Squish email may have been sent to every list out in world publically on the List of Lists, and those with remailers that allow non-members to post let the mail item through to their members. Please note that the request in that email... > Address further questions to cypherpunks@toad.com, gnu@toad.com, > tcmay@netcom.com, or hughes@ah.com. ...is spurious, as I believe the members of the cypherpunks list and the people listed above are targets of a clever net flamer. As I do subscribe to quite a number of lists, and as an active internet user I thought as a courtesy that I should let you know that that this message did not truely originate on cypherpunks nor the from the people listed as owners of cyperpunks. I suggest that you ignore the Squish email, and if your remailer allows non-members to post to your list that you should turn that feature off to prevent further re-occurences of messages of this sort. ..Christopher Allen ..Consensus Develoment Corporation ..4104-24th Street #419 ..San Francisco, CA 94114-3615 ..(415) 647-6384 Fax ..(415) 647-6383 Voice ..email: consensus@netcom.com ..mosaic frontpage: .."ftp://netcom.com/pub/consensus/www/ConsensusFrontDoor.html" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Halvor Kise jr." Date: Mon, 17 Jan 94 02:39:16 PST To: cypherpunks@toad.com Subject: Re: Using the tools we have Message-ID: <13A299E173C@sofus.dhhalden.no> MIME-Version: 1.0 Content-Type: text/plain > For added security you could do something even better. The list > server only posts messages that are "trusted" at a specified level, or it > adds a trust factor to the message. If the list maintainer has met you > and has signed his key, the list server will believe you are real. With > the web of trust and introducers, the list server will quickly be able to > identify most of the people on the list as being real or "pseudo". In > particular this will cut down on the number of forgeries posted to the list. > So the maintainer would do a hole lot of traveling then? Who would come here to Norway to see and sign my key? The real world is still a little larger than the cyber-world. Halvor Kise jr. * MEMENTO MORI * __________________________________________________ | Halvor Kise jr. * Username: halvork | | * Server: sofus | | Ostfold * Site name: dhhalden.no | | Regional College * Student at | | N-1757 Halden * Computer Science | -------------------------------------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wabasha-Kellogg High School <0811wksh@ties.k12.mn.us> Date: Mon, 17 Jan 94 10:09:02 PST To: cypherpunks@toad.com Subject: UNSUBSCRIBE Message-ID: MIME-Version: 1.0 Content-Type: text/plain UNSUBSCRIBE From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dclunie@flash.us.com (David Clunie) Date: Mon, 17 Jan 94 01:23:53 PST To: cypherpunks@toad.com Subject: Mac PGP Message-ID: <9401170917.AA01938@britt.ksapax> MIME-Version: 1.0 Content-Type: text/plain I am looking for a compiled version of PGP for the Mac ... would someone be able to point me to an ftp or mailserver site ? Thanks ... david (dclunie@flash.us.com) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Mon, 17 Jan 94 09:24:00 PST To: cypherpunks@toad.com Subject: Markoff article on encryption Message-ID: <9401171724.AA10251@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain extracted from: RISKS-FORUM Digest Saturday 15 January 1994 Volume 15 : Issue 38 ------------------------------ Date: Fri, 14 Jan 94 9:38:33 PST From: "Peter G. Neumann" Subject: "INDUSTRY DEFIES CLINTON ON DATA ENCRYPTION" -- John Markoff [The following item is copyrighted by the 1994 N.Y. Times, and appeared on Thursday, 13 Jan 1994. It is reproduced in RISKS with the permission of its author. Any further reuse requires permission of the New York Times. PGN] REDWOOD CITY, Calif. The Clinton administration's newly articulated information technology policy of persuasion, rather than dictation, is getting an early test. At an industry conference in Redwood City this week, computer hardware, software and telecommunications companies as well as a major bank, are saying they intend to adopt an industry coding standard for protecting the privacy of electronic communications, rather than support a standard being pushed by the administration. Unlike the administration-backed standard, the technology, which has been commercialized by RSA Data Security Inc., does not provide an electronic ``trapdoor'' that would enable law-enforcement agencies to eavesdrop on digital communications. The administration, whose standard is known as the Clipper chip, contends that a trapdoor is necessary to detect criminal activity or espionage because sophisticated encryption techniques can make digital phone calls or computer communications nearly impervious to wiretaps. Wednesday, Hewlett Packard Co. became the last of the leading United States computer companies to license the RSA software, joining Apple Computer, IBM, Sun Microsystems, Digital Equipment and Unisys. Several companies announced at the conference that they planned to begin selling products that embed RSA's software. Among them are General Magic, a software developer; National Semiconductor; a consortium of five cellular data companies, and Bankers Trust Co. The conference was sponsored by RSA, which is based in Redwood City, and attracted many of the nation's best non-government cryptographers a group of code makers and code breakers who have generally been hostile to any form of government restrictions on their technology. They have sparred for more than a decade with the National Security Agency, the main proponent of the Clipper chip. The agency is responsible for monitoring electronic communications worldwide for the government, in the name of national security. In addition to opposition from the cryptographers, the government's Clipper chip proposal has already stirred bitter opposition from civil liberties organizations and computer user groups, who fear the Clipper chip would make electronic communications too easy for anyone to eavesdrop. Now the industry's rush to embrace an encryption standard that does not provide a way for the government to listen to data or voice conversations is certain to put new pressure on the Clinton administration, which is now in the final stages of a classified review of its Clipper standard. ``It's clear that what is going on here today is contrary to the way the NSA wants the world to move,'' said Lynn McNulty, associate director for computer security at the National Institute for Standards and Technology, a Commerce Department agency. The institute proposed the Clipper standard last April, although most of its technical development was done by NSA researchers. Despite their defiance, researchers attending the conference worried that the government might still have the means to enforce its vision of a coding standard. ``They have the trump card that we don't have,'' said Bruce Schneier, a former government cryptography researcher, who is the author of a textbook titled ``Applied Cryptography.'' ``They could make it a law that it's mandatory to use their standard.'' ------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: kelly@netcom.com (Kelly Goen) Date: Mon, 17 Jan 94 12:38:31 PST To: edgar@spectrx.saigon.com (Edgar W. Swank) Subject: THANK YOU EDGAR!!! In-Reply-To: Message-ID: <199401172036.MAA23742@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Yes Some of us Do have backbones.... Thank you Edgar for following through on your convictions... PEOPLE COPYLEFT is COPYLEFT... if you dont want to lose legal control over your code then the answer is obvious DONT COPYLEFT and then whine about others actions... Cypherpunks WRITE and DISTRIBUTE CODE... Kelly Goen - US Internet publisher of PGP 1.0 1991 Subject of US customs Investigation 1993 Subject of US Grand Jury Inquiry 1993-1994 p.s. If you think Phil Z is the only one being hit by this... guess again... in the event indictments are handed down... they can legally come only to me for the publiccation...(offense!!) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: callsen@dec6.wu-wien.ac.at (TCR) Date: Mon, 17 Jan 94 04:06:08 PST To: orion@crl.com (Colin Chandler) Subject: Re: Mac PGP Message-ID: <9401171157.AA16120@dec6.wu-wien.ac.at> MIME-Version: 1.0 Content-Type: text/plain In your message from [Mon, 17 Jan 1994 02:44:32 -0800 (PST)] you wrote: |> |> Host ftp.wustl.edu (128.252.135.4) |> Last updated 11:25 22 Dec 1993 |> |> Location: /systems/mac/info-mac/Old/app |> FILE -r--r--r-- 211074 bytes 00:00 4 Feb 1993 mac-pgp-20.hqx why do you want to use an old version? There should be a mac-pgp2.3 (no A-Version). try using archie with *pgp2.3*, you will see the new mac-files... -ciao, tcr -- Thomas Callsen -Rauer Thomas.Callsen-Rauer@wu-wien.ac.at Vienna University of Economics and Business Administration Department of Management Information Systems From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: collins@newton.apple.com (Scott Collins) Date: Mon, 17 Jan 94 13:14:03 PST To: tramm@lsmsa.nsula.edu (Tramm "X Programmer" Hudson) Subject: Re: Appropriate bit of poetry Message-ID: <9401172109.AA01518@newton.apple.com> MIME-Version: 1.0 Content-Type: text/plain Alternatively... as Cat Stevens would say: "If you wanna be you, be you. If you wanna be me, be me..." I don't exactly share Stevens's sentiment. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins@newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2B Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Peter shipley Date: Mon, 17 Jan 94 13:13:31 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <9401172108.AA26098@merde.dis.org> MIME-Version: 1.0 Content-Type: text/plain ------- Forwarded Message Return-Path: steved@longs.lance.colostate.edu Return-Path: Received: from longs.lance.colostate.edu by merde.dis.org (4.1/SMI-4.2) id AA26069; Mon, 17 Jan 94 13:07:15 PST Errors-To: (Steve Dempsey) Received: from longs.lance.colostate.edu (longs.lance.colostate.edu [129.82.109.16]) by longs.lance.colostate.edu (8.6.4/8.6.4) with SMTP id OAA07984 for shipley@merde.dis.org; Mon, 17 Jan 1994 14:07:11 -0700 Message-Id: <199401172107.OAA07984@longs.lance.colostate.edu> To: Peter shipley Subject: Re: ld231782 In-Reply-To: Message to postmaster@longs.lance.colostate.edu from Peter shipley ; Message date: Sun, 16 Jan 94 23:26:14 PST. Message ID: <9401170726.AA21838@merde.dis.org> Reply-To: postmaster@longs.lance.colostate.edu Errors-To: (Steve Dempsey) From: (Steve Dempsey) X-Mailer: MH6.6 Date: Mon, 17 Jan 94 14:07:09 -0700 Sender: steved@longs.lance.colostate.edu X-Mts: smtp >your user ld231782 has been email varous unsolisted rants >this is a felony under federal. law. I would like to verify this. Please forward whatever direct proof you have, including message-IDs and date/time stamps. Anonymous or forged postings that don't point to *.lance.colostate.edu as the source will not be considered. >I am requesting that be be requested to stop or his account >be deactived. Seems reasonable though I won't do anything without additional proof. I will be speaking with Mr. Detweiler, but I must also respect his rights and first need to hold confirmed evidence of wrongdoing before I can justify any action against him. ==================================== Engineering Network Services Steve Dempsey Colorado State University postmaster@longs.lance.colostate.edu Fort Collins, CO 80523 ==================================== +1 303 491 0630 ------- End of Forwarded Message From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy <72114.1712@CompuServe.COM> Date: Mon, 17 Jan 94 10:36:06 PST To: Subject: CRYPTO & TAXES Message-ID: <940117182730_72114.1712_FHF29-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, It might look as though Duncan, I and others are piling on Hal Finney. If we are, it's because the topic of the technological obsolescence of government is near and dear to our hearts. We aren't just arguing to argue, but rather believe what we are saying with all our hearts. I believe Hal is completely sincere in his skepticism. I also believe he would like to be convinced. Therefore, I offer my posts to help him--and others among you, with similar doubts--to believe. Hal quoted me about using offshore techniques to rent cars, homes, etc. without creating an audit trail. He than continued: How does this bear on the issue of government collapse due to failure of income tax? This example actually strikes me as an unobjectionable use of cryptography, one in which individual privacy is protected. . . . I don't see how this brings down the government. This bears on income taxes in two ways: One way the government estimates your income is based on your consumption. If public records show you own a big house, a nice car, a boat or a plane, this is an indication of your income. If it looks like you are "living beyond your means," the IRS may conclude you have more means than you report. Similarly, if your *US based* credit card records show lots of expensive purchases, the same conclusion might be drawn. Expenditures without audit trails help you keep a low profile. Owning few or no seizable assets makes you effectively immune from serious collection efforts (i.e., "judgment proof"). Unless you have given the government some PR reason to go after you, they will leave you alone if there is nothing for them to grab. What all this means is that the government is denied revenue. Do that enough, and the state collapses or withers away. On the issue of "de-nationalizing" one's self, I mentioned that a Cayman Islands corporation is a non-US citizen even if it is owned by an American. Hal wrote in response: I gather that he is suggesting that people could set up corporations in the Cayman Islands and somehow divert some of their income to them, so that the income would be shielded from taxes. Can this be done today? Can and is. What Shell Oil did in the Netherlands Antilles, many folks can do in Cayman or elsewhere. Add in strong crypto, and the entry-level threshold drops orders of magnitude. Can I go to my boss and ask him to start sending my salary to this numbered bank account in the Cayman Islands, and to stop troubling the U.S. government with information about how much he is paying me? When you apply new technology, you get more bang for the buck if you avoid applying it linearly. No, you don't go to your boss (you still have a boss?) and ask for such an arrangement. But when you start your new business, you base it in a tax and privacy haven. In the US, you will be its loyal but "low-paid" representative. Over time, you convert all your work to this sort of offshore independent contractor business. Why doesn't everybody do it, and why will everybody start doing it in the future? Because strong crypto tied into traditional privacy techniques is just coming on line. When digital banking is fully deployed, people will jump on the bandwagon because it will be cheap and easy to do so. They will follow their own best interests. They will follow the money. . . . I am willing to accept that people will be eager to avoid paying taxes, but I still doubt that cryptography will bring down the United States government. Particularly when we consider the lack of sophistication (both financial and technical) of the vast middle class . . . Strong cryptography will be an essential part--but not the whole--of the solution. Don't underestimate the ability of the middle-class to become sophisticated if it's in their interest to do so. Middle-class Europeans, Asians and Latin Americans have learned similar lessons when it became advantageous. Americans are no less equal to the challenge. Plus we have an ace in the whole. We are heirs to the American Revolution. The only ideologically explicit anti-government revolution in history. Don't count us out. S a n d y >>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTrSQk5ULTXct1IzAQHi2wP7BstRuI9ERqgXPhRxs47QET5Lc8j7Ht4Y 1dUdpMHutotDSqD3p/vZPtbjzeCqbno6IYox8oKpH3xOV6NRapzB3UGAU4NEuc+Q rmG/NlMOKclAdwlctG0LDU5CmKlzNNJ9+TtOk/krrIWHCEPVJp08U++L6Yt0ipfx fru8djP9yS8= =Gv3n -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: usy1001@aberdeen.ac.uk Date: Mon, 17 Jan 94 05:46:07 PST To: cypherpunks@toad.com Subject: *SQUISH* THE TENTACLES IN CYBERSPACE!! (fwd) Message-ID: MIME-Version: 1.0 Content-Type: text With a SWISH and a SLASH, nobody@CICADA.BERKELEY.EDU leaped to the rescue: > > Introducing the SECRETLY QUIZZICAL UNIFIED INTERNET SNAKE HUNT! > > TIME IS RUNNING OUT! AVOID INQUIRING FURTHER OR WAITING FOR FURTHER > INSTRUCTIONS. START IMMEDIATELY! MONTHS OF PARTICIPATION ARE > REQUIRED TO ACCUMULATE COMPETITIVE STANDING. SOME PARTICIPANTS > ALREADY HAVE A HEAD START. I'd love to avoid further enquiry but... > THE CASH PRIZE WILL BE AWARDED APRIL 1, 1994. FURTHER INCREMENTS > WILL BE AWARDED AT YEARLY INTERVALS THEREAFTER. That wouldn't be a significant date would it? > Address further questions to cypherpunks@toad.com, gnu@toad.com, Right. What is it? ;) K From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: felix@hu.se (Felix Ungman) Date: Mon, 17 Jan 94 05:28:27 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation Message-ID: <199401171326.OAA18666@mail.swip.net> MIME-Version: 1.0 Content-Type: text/plain My ten ears (Swedish coins) in the list filter/authentication topic: List software filtering/authentication does NOT protect against fake posts. If I don't use PGP and receive a signed letter from cypherpunks@toad.com, I can't do a damn to check if it really is a posting or a forgery. To forge a post, just send mail from cypherpunks@toad.com to all known posters on the list. Conclusion: The only purpose of list software filtering is to reduce traffic. All checks of signatures (by poster or by list software) must still be made by the list reader. Opinion: What we need is better client software (intelligent mail sorting, automatic checking of signatures, powerful browsing capabilities, etc). When I have that I don't mind a few extra K's of mail (it doesn't cost much, and I don't want to miss any information, even fake information). Most of the noise isn't Detweiler, but replies to Detweiler (which isn't on the list anyway). BTW, What happend to MacPGP w/ AppleEvents? ---------------------------------------------------------------------- True Name: Felix Ungman "Gen is god and your God is not" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Jon 'Iain' Boone" Date: Mon, 17 Jan 94 11:23:30 PST To: cypherpunks@toad.com Subject: Re: Forged messages (was: TC May advertises cypherpunks as keeping your taxes from going to 'people of colour') In-Reply-To: Message-ID: <9401171919.AA25006@igi.psc.edu> MIME-Version: 1.0 Content-Type: text/plain Matthew J Ghio writes: > > "gtoal@gtoal.com" writes: > > Note that pizzabox.demon.co.uk [158.152.8.236] doesn't tell where it got > the message from. Could it have been longs.lance.colostate.edu? I > liked Detweiler better when he just used anon.penet.fi. Perhaps you just don't understand how headers work. Often times, the machine which originats a message puts a header in that says it "recieved" it *despite* the fact that the message was originated on that machine. This happens (I believe) because the mail agent submits the message to sendmail for sending. This causes sendmail to tag it as "recieved" despite its origin on that machine. > P.S. I sent myself a test email by telnetting to pizzabox.demon.co.uk > 25, but it identified the IP address I telnetted from... hopefully the > site administrators at demon.co.uk have recognized the problem and taken > steps to prevent further detweiling. But be on your lookout, this will > only hold him off until he can find another SMTP port to spoof from. Or, more likely, there was never a problem at pizzabox.demon.co.uk and the message is either not forged or the forger submitted it through another mechanism. Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959 finger boone@psc.edu for PGP public key block From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mentor@indial1.io.com (Loyd Blankenship) Date: Mon, 17 Jan 94 12:39:03 PST To: cypherpunks@toad.com Subject: Too Much Noise, Goodbye Message-ID: <199401172039.OAA08623@indial1.io.com> MIME-Version: 1.0 Content-Type: text/plain I've been subscribing to this list since almost the beginning, and used to learn a lot from it. The incredible DetNoise has finally worn me down, though. It's been fun... Loyd -- * Loyd Blankenship /o\ mentor@io.com (Finger for PGP key) * * 2529 Glen Springs Way / \ "And keep on praying through that bass, * * Austin, TX 78741 /fnord\ for it is a link to Jah. One love, one * * /_______\ heart, one destiny." -- Flabba Holt * From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Jon 'Iain' Boone" Date: Mon, 17 Jan 94 12:44:03 PST To: cypherpunks@toad.com Subject: PGP questions Message-ID: <9401172043.AA28038@igi.psc.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I have set up PGP on an ultrix box. Sometimes, when I or other people sign messages, the messages show up with a bad signature. Is it possible that something in the delivery path is editing an important part of the message to cause the signature to be invalid? Or is my pgp software just flaky? Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959 finger boone@psc.edu for PGP public key block -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTrONYSAMUrxt1aZAQEpLAP/WYByv8HfFnUa4fBit7w/0QCH+PKAr0Or G5whqmoCCq5Y9K6LCajzjTJuK5+8CfPTP5kNhdLBxqKdkhobyTjjPLSzaW8oMy2E hxp9Unp6b6CIBZ1XUtmYi2nIOBTcgH79hkrAoyJ5NpSPplXox61ft+nboM6xkN1d OmxgGLQxinM= =To1Y -----END PGP SIGNATURE----- # From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Marcos Della Date: Mon, 17 Jan 94 16:23:33 PST To: cypherpunks@toad.com Subject: Too much static, no more content... Message-ID: <9401171619.ZM1887@toontown> MIME-Version: 1.0 Content-Type: text/plain Well folks, its been fun, but I'm not all that fond of the 80-20 ratio of static to something worth reading. Too bad the Information Highway is being overcome by highway robbery... -- ,,, (o o) -----------------oOO--(_)--OOo------------- Marcos R. Della Harris - Digital Telephone Systems Division Email: marcos.della@dts.harris.com Phone 415/382-5361 FAX 415/382-5395 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: baum@newton.apple.com (Allen J. Baum) Date: Mon, 17 Jan 94 17:43:34 PST To: cypherpunks@toad.com Subject: Them ByeGone Days Message-ID: <9401180107.AA14095@newton.apple.com> MIME-Version: 1.0 Content-Type: text/plain Hmmph. All this time I thought I was a newbie, but look what I found I'd saved all these years, from the Feb 1983 Datamation (reprinted without permission): How Ovaltine's encryption experts used secure messaging techniques to boost sales and thrill adventure fans... CODE-O-GRAPHS OF THE SECRET SQUADRON by Stephen A. Kallis Jr. Like its relative, the movie serial, the adventure serial on radio was a continuing story, generally with lots of action; Each episode ended with the program's characters in a n unresolved (and usually cliff-hanging) situation, which would be resolved in the following show. From the late 1930's through the early '50s there were lots of radio adventure serials. They ranged from the famous, like "Jack Armstrong, the All-American Boy", and "Tom Mix' (and his Ralston Straight Shooters) to the obscure, like "Tennessee Jed" and "Speed Gibson of the International Secret Police". Most were broadcast between 5 and 6 p.m. and were aimed primarily at children. One of the most popular of these was "Captain Midnight".,, a show sponsored by Ovaltine. Although Captain Midnightwas in the thick of the children's hour, it was unique in having a large prop[ortion of adult listeners-- about 50%, according to Ovaltine. The shows were generally well written and well acted. A radio premium served a double purpose it generated demand for the sponsor's product and acted as a barometer of the show's popularity. Like many other shows of the period, Captain Midnightg ave premiums to listeners. A radio premium was an item that served a double purpose: it generated a demand for the sponsor's product (you had to send in a box top or label or some such) and it acted as a fairly good barometer of the number of people listening to the show (premiums cost less than the Hooper rating service of the period). Many of the premiums were rings, such as the Jack Armstrong Magic Dragon's Eye Ring, the Green Hornet Seal Ring, and the Sky King Teleblinker Ring, and the Captain Midnight show sent out its share. But Captain Midnight also distributed the Code-O-Graph, which was a very special premium. To understand the particular significance of the Code-O-Graph, it's necessary to tell a little about the show. The central character was Captain Midnight, the code name of a man who, as a young officer in World War 1, had completed a dangerous and extremely important mission at the stroke of 12. During the last few months of 1940, this fellow was brought out of an early retirement to head a secret paramilitary organization that would combat acts of sabotage. Captain Midnight was an aviator, and his outfit relied on fast transportation, especially airplanes, to get to out-of-the-way spots quickly. His outfit was called the Secret Squadron, and it sent secret communications-first codes, later ciphers. And the Code-O-Graph premiums let listeners in on the secrets. A code is a symbol or group of symbols that represents a word or phrase. The signal SOS means "I am in trouble and need assistance" and is thus a code signal, though not a secret one. Codes may be symbols, such as a skull-and-crossbones label on a bottle representing "the contents are poisonous," or may be strings of letters. To create a code scheme that enables agents to communicate meaningful messages requires a lot of phrases and a lot of unique symbols. This results in a code book, a rather bulky document used to encode and decode communications. The problem with a code book is that it's not the sort of thing a field agent in the Secret Squadron could use as a practical matter. Such a book would be too awkward for an agent to use, and would be relatively easy to capture. As Captain Midnight said on the show, "We've got to have . . . something small enough to be carried in a pocket and to be hidden easily. And something that can be gotten rid of in a hurry, if you have to." He brought the problem and a suggestion to Ichabod Mudd, the Secret Squadron's chief mechanic, and the result was the first Code-O-Graph, a cipher device. A cipher is what many laymen think of when someone speaks of a code. Unlike a code, a cipher is a letter-by-letter substitution of characters in a message. There are several varieties, but one of the most straightforward is the substitution cipher. JULIUS CAESER'S CODE A simple example is to take the alphabet and assign each letter its positional number, so that A = I, B = 2, C = 3, etc. With this arrangement, "code" is 3-15-4-5 . Of course, instead of numbers, it is possible to use another set of letters. If we shift the alphabet three letters, we find that A = D, B = E, and so forth, until we get to Z=C. In this scheme, "code" would be ''frgh." This particular cipher, incidentally, was used by Julius Caesar, and is known to cryptologists as a "Caesar substitution" in his honor. The idea of shifting one alphabet with respect to another could be carried to its logical conclusion by placing the two alphabets (or one alphabet and series of numbers) on two disks, each divided into 26 arc segments along its periphery, and connected by a central pivot. By moving the disks in relation to each other, one scale could be repositioned relative to the other. This device, known as a cipher disk, was invented by Leon Battista Alberti in the mid-15th century. The first Code-O-Graph had an inner dial with letters and an outer dial with numbers from I through 26. The two scales could be repositioned by turning the inner dial (technically, a rotor). The positions of the two scales were determined by aligning a number located on the reverse side of the rotor with one of two windows on the back of the Code-O-Graph. There were several such numbers, and each window was labeled- one was "Master Code," the other, "Super Code. " The alphabet was scrambled, as were the alphabets on all subsequent Code-O-Graphs. All of them were cipher disks. The first (or 1941 ) Code-O-Graph looked like a law-enforcement badge. A listener could get one merely by sending a top seal from a can of Ovaltine to the company, along with his or her name and address. By return mail, he or she would receive a Code-O-Graph and a manual explaining various secret signals. Getting a Code-O-Graph meant that the listener became a member of the Secret Squadron. Besides belonging to an "in" group, a listener with a Code-O-Graph could decipher clues broadcast during "signal sessions." What was the advantage in being a squadron member? Besides the general feeling of belonging to an "in" group, a listener with a Code-O-Graph was set apart because two or three times a week, the show would feature a "signal session," in which a message in cipher would be broadcast. The member with a Code-O-Graph would be able to decipher the message and obtain a clue about the following adventure (particularly useful with a cliff-hanger). The second Code-O-Graph was manufactured in late 1941, but was not issued until after the attack on Pearl Harbor (interestingly, in the show Captain Midnight was in Hawaii in November of 1941, investigating the possibility of an attack). This second unit had a more aeronautical design: a propeller and radial aircraft engine design decorated the center of the rotor, and an American flag motif graced the rest of the badge. The badge had a place for the listener to put a picture of him- or herself, thus personalizing the Code-O-Graph. The 1942 model, like its predecessor, was undated, and had a window on its back so that a number on the reverse of the rotor could be aligned for a code setting. The second Code-O-Graph used a single window labeled Master Code. The acute shortage of materials during 1942 and 1943 precluded manufacture of Code-O-Graphs for the years 1943 and 1944. In fact, most of the premiums offered by Ovaltine and other sponsors were made of cloth or paper. By late 1944, materials were not as scarce as previously, and Ovaltine was able to offer a Code-O-Graph for 1945. The unit was made out of stamped sheet steel coated with gilt paint (brass, which was used for the first two Code-O-Graphs, was still a critical material). The rotor was made of plastic. The year was prominently displayed across the top of the badge. The decoration, which was more subdued than in the previous model, represented a radial aircraft engine. 676 SETTINGS POSSIBLE The cipher setting scheme was different. Instead of a window in the back for scale alignments, the rotor was turned until a specific number was aligned with a specific letter (e.g., "code Z7" meant that the rotor was turned until the Z was next to the 7). The manual correctly stated that this scheme enabled the user to have 676 possible key settings. The center of the plastic rotor was molded to form a lens; the rotor was made out of clear plastic, with its scale painted for easy readability. This lens was a reasonably powerful magnifier, and the manual was dotted with tiny messages that could only be read under magnification. Such "unreadable" messages formed another type of secret communication. The following year produced a very good-looking Code-O-Graph. The 1946 model was also dated, but not as obviously as the 1945 version. It, too, used the letter-number key for code settings, and because the war had ended, it was made of brass (except for the rotor). The rotor was made of two plastic elements-a scale in red plastic (painting clear plastic red hadn't been an optimum solution, experience with the 1945 model had shown) and a central clear element for a dial handle to turn the rotor assembly. Behind the clear plastic face was a polished steel mirror, which could be used for flashing signals to other Secret Squadron members. The 1947 Code-O-Graph was a radical departure from the previous models in a couple of ways. First, it was not a badge, but a police-type whistle. The cipher scales were embossed and attached to one side of the whistle, while the year date and the Secret Squadron symbol (a winged clock face with the hands pointing at 12) were on the other side. The body of the whistle was blue, while the rotor was red. This was the only radio-era Code-O-Graph made entirely of plastic. Like the 1945 and 1946 Code-O-Graphs, it used letter-number key settings. The manual that accompanied the 1947 model suggested that the unit could be used as a sound signaling device, and gave a number of whistle-signals (such as those used by steam locomotives) for squadron members to practice. The 1948 Code-O-Graph seems to have been designed by a committee. It was a circular thing, similar in shape to a woman's compact. The body was brass, with both the rotor and the outer scale movable by an aluminum knob in the center of the face. The face was decorated with the date and a Secret Squadron symbol, and the letter and its associated number were read through small circular windows. The rotor and outer scale were embossed on aluminum disks. Turning the knob caused the two disks to turn; they were held together through friction augmented by circular lines of dimples. The key setting was reminiscent of the first two Code-O-Graphs: with the back removed, the user could set a pointer at any of 26 numbers on the back of one disk, and this would change alignment of the two scales. Unfortunately, this unit didn't work very well. The friction dimples were imperfect, and there was often slippage between the two disks. This of course could change the key setting in the middle of a message, making the remainder hash. The red plastic back of the 1948 Code-O-Graph had a secret compartment that could hold small pieces of paper or microfilm. Affixed to this compartment was a steel mirror, rectangular and larger than the 1946 unit's mirror. The red plastic back was subject to warping, and even archival copies of this Code-O-Graph in the Ovaltine files have warped backs. Many of the mirrors were lost before the year was out. Mostly because of the flaws in the 1948 model, the last Code-O-Graph of the radio series dispensed with frills and concentrated on ensuring that the cipher setting, once made, would be maintained. The 1949 model was known as the Keyomatic Code-O-Graph because it required a small key to change cipher settings. The unit is a small, oblong device about two inches long, consisting of a brass housing containing two red plastic gears. One gear has the alphabet scale embossed on it and the other has the number scale. Over the number-scale gear is a small opening designed so that a little brass key can be inserted into it. The number-scale gear is supported by a spring, and inserting the key depresses the gear so that it disengages from the other. The 1949 Code-O-Graph used the letter-number cipher-key settings from the 1945,1946, and 1947 models. Like the 1948 model, the user could view only one letter number pair at a time, through small windows on the face of the unit. To set the 1949 model for master code B-6, for example, the user would turn the gears by moving the exposed teeth of the alphabet-scale gear until the number 6 appeared in the right-hand window. Then, using the key, the user would depress the number gear, disengaging the two and retaining the 6 setting. The alphabet-scale gear would then rotate freely, and the user would move it until the B appeared in the left-hand window. Then the key would be withdrawn, reengaging the gears. While it offered a certain level of security to the unit, the key was small, and easily lost. The manual that came with the Code-O-Graph suggested that a string be looped through the key, but that wasn't done often enough, and many members of the 1949 Secret Squadron had to learn another way to reset their Code-O-Graphs. Since the key was not fancy, a strong toothpick or an unbent paper clip could usually do the trick. The 1949 model was the last of the radio-program Code-O-Graphs, and the reason for this is that the program changed format. After the spring-summer segment of the 1949 season, the program went from a 15 minute nightly adventure serial to a program that was a half-hour in length, with a complete story per episode. This was done in part because competing shows such as Sky King had changed to the format successfully. With all the loose ends tied up by the end of the show, however, there was no reason to send secret messages, or so the show's producers thought. And without secret messages, there was no need to issue a new Code-O-Graph. So, the era of cryptography on commercial radio effectively came to an end. Interestingly, the radio show did not survive long without its Code-O-Graphs. The level of writing slipped to a simpler style, (perhaps because everything had to be wrapped up in half an hour) and that alienated the adult audience. Also, the actor who played Captain Midnight for a decade, Ed Prentiss, had been replaced. And, of course, there was television, which by 1950 was becoming a force to be reckoned with. There were, no doubt, a lot of reasons for the show's demise. But I think one of the main ones was that the day of the Code-O-Graph had passed. Stephen A. Kallis Jr. has published two papers in the journal Cryptologia, and for the past five years has been working on a biography of Captain Midnight. He is a public relations specialist at a leading computer company. ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, 20525 Mariani Ave, MS 305-3B * * Cupertino, CA 95014 baum@apple.com * ************************************************** From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Hasan Bramwell" Date: Mon, 17 Jan 94 15:18:31 PST To: wex@media.mit.edu Subject: RE: Crypto and taxes Message-ID: <65590.hasan%pi.pro.ec@uunet.uu.net> MIME-Version: 1.0 Content-Type: text/plain In Message Mon, 17 Jan 94 10:04:45 -0500, "Alan Miburi-san Wexelblat" writes: >Today (1/17) the Boston Globe had an article about the barter economy, >featuring the concept of "Labor dollars" which are popular in a number of >localities. Part of the reason I have subscribed to this list is to find out more about the interelationships possible between barter systems and e-money. As newbie to the list I don't want to bore anyone with well known facts but... Does anyone have detailed knowledge of the works of Silvio Gesell, for example? (He was a prominent theoretician of barter systems at the turn of the century.) Can anyone tell me how I can get my hands on a copy of the LET system version of the board game "Monopoly"? ~~~~~~~ Hasan Bramwell Casilla 17-17-1004 Freehand Quito, Ecuador Internet: Ecuanet hasan@pi.pro.ec Compuserve: 70322,2617 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: fnerd@smds.com (FutureNerd Steve Witham) Date: Mon, 17 Jan 94 17:33:33 PST To: cypherpunks@toad.com Subject: Too Many Rats Message-ID: <9401180046.AA23054@smds.com> MIME-Version: 1.0 Content-Type: text/plain Here's a nice double-meaning phrase for certain times: "Too Many Rats" 1) Without crypto, you have too much contact with your neighbors, like the rats in those overcrowding experiments. 2) There are too many people who will take personal information about you and pass it on to curious strangers. Example of use: Alice: "I was having a conversation with a friend of mine and realized that my encryption script was broken and it was going out in plaintext!" Bob: (shivers) "Brr, too many rats!" -fnerd quote me ben, you're always crawling here and there... - - cryptocosmology- sufficiently advanced communication is indistinguishable from noise - god is in the least significant bits -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dwomack@runner.utsa.edu (David L Womack) Date: Mon, 17 Jan 94 18:03:34 PST To: cypherpunks@toad.com Subject: Internet Banking Message-ID: <9401180200.AA16565@runner.utsa.edu> MIME-Version: 1.0 Content-Type: text/plain As a recent subscriber, I'd like to ask a question or two regarding banking... 1. Such a bank would clearly need to be offshore, and in a location with no banking or taxation treaties with the US. Some of these are available, but, the record of quality accounting and regulation isn't always the best. What is the feeling about what depositors would want from such a bank before they "did business". 2. What is the minimum list of services a bank should provide? Deposit and transfer between inhouse accounts would be easy...wire transfer elsewhere would not be a problem...even handling some investments could be done. On the other hand, things like unsecured loans, credit cards, and immediate access to someone in "account services" would be a lot more difficult to implement. 3. What minimum account size would be appropriate? Domestic branches of offshore banks (i.e., Union Bank of Switzerland) generally require 100M, but the branches are subject to US record keeping requirements. Offshore, $1,000 or less is common. Would such levels, in your opinion, work? 4. Statements. Generating statements is time and accounting intensive. Generating statements on checking accounts is NOT cheap. Would accounts have to have scores of small transactions (i.e., $25 bucks for the xyz bill), or would it be possible to merely feed a domestic account from the offshore account. 5. Currency. US dollars? Swiss Franks? Other? Foreign currency is a nice option, but would up the costs for a startup bank. 6. Yield. Would depositors demand a yield? Current low rates at US banks seem to make this unimportant, but is it really unimportant? 7. Fees. What level of fees could the bank charge? A regular US checking account for a small business can cost $10 a month... 8. Any thoughts about marketing? Offshore banks, as I understand it, cannot lawfully advertise their services within the US. 9. Other thoughts? What do YOU think would be needed, unneeded, nice to have, in such an entity? What would frighten potential customers away? Thanks for any thoughts you might have. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Mon, 17 Jan 94 20:56:20 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation Message-ID: MIME-Version: 1.0 Content-Type: text/plain > On Sun, 16 Jan 1994, W. Kinney wrote: > > > My point of view is that if the possibility of being spoofed is high > > enough, that should provide sufficient incentive to the the _poster_ to PGP > > sign his messages. Robert A. Hayden replied: > I'm looking at it as a way to keep these fake postings from flooding my > mailbox. If real people want to post crap, than at least I have somebody > to bitch to, but fake postings waste my time and the money of people with > pay-feeds. > > *shrug* Ah ha! Another facet of a LIST run authentication system [Cypherpunks Run Authentication System - CRASs?] may be to allow users to mail THE LIST and ask their mail to be filtered so they don't have to pay for msgs they don't want. THIS IS DANGEROUS because a forger could mail in such a request.. to patch this, THE LIST could mail out a weekly msg -- a compiled list of which msgs got thru, and which were filtered, and why. This opens up another possibility which may prove more effective. If THE LIST can maintain a list of msgs/posters/ PGP authentication, then those users who trust THE LIST to authenticate their mail can select the msgs they want to receive [from the same compiled list]. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdwilson@gold.chem.hawaii.edu (Jim Wilson (VA)) Date: Tue, 18 Jan 94 00:08:38 PST To: drzaphod@brewmeister.xstablu.com (DrZaphod) Subject: Re: RETURNED MAIL, ANYBODY? In-Reply-To: Message-ID: <9401180807.AA00814@gold.chem.hawaii.edu> MIME-Version: 1.0 Content-Type: text/plain > > Has anybody else who has posted to the list in the past day gotten > a return from css@netcom.com [Chris Schefter]? All my posts > were mailed back to me by css with a note: "Unsolisted letter...returned" > BTW: The spelling is quoted correctly. > > I've inquired css but havn't gotten a reply. TTFN. > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - > - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - > - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - > - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Same results here. -Jim From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sameer Date: Mon, 17 Jan 94 22:28:37 PST To: cypherpunks@toad.com Subject: BOF @Usenix? Message-ID: <199401180626.WAA20973@soda.berkeley.edu> MIME-Version: 1.0 Content-Type: text Where/when is the Cypherpunks BOF @ Usenix? It's Wednesday right? (What's the hotel?) Thanks, Sameer From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jdblair@nextsrv.cas.muohio.EDU Date: Mon, 17 Jan 94 20:06:20 PST To: cypherpunks@toad.com Subject: thanks for applied crypto info Message-ID: <9401180429.AA05715@ nextsrv.cas.muohio.EDU > MIME-Version: 1.0 Content-Type: text/plain Thanks to everybody that sent information about Applied Cryptography. -john. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Mon, 17 Jan 94 23:43:39 PST To: cypherpunks@toad.com Subject: RETURNED MAIL, ANYBODY? Message-ID: MIME-Version: 1.0 Content-Type: text/plain Has anybody else who has posted to the list in the past day gotten a return from css@netcom.com [Chris Schefter]? All my posts were mailed back to me by css with a note: "Unsolisted letter...returned" BTW: The spelling is quoted correctly. I've inquired css but havn't gotten a reply. TTFN. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Peter shipley Date: Tue, 18 Jan 94 00:43:38 PST To: drzaphod@brewmeister.xstablu.com (DrZaphod) Subject: Re: RETURNED MAIL, ANYBODY? In-Reply-To: Message-ID: <9401180839.AA27813@merde.dis.org> MIME-Version: 1.0 Content-Type: text/plain >Has anybody else who has posted to the list in the past day gotten >a return from css@netcom.com [Chris Schefter]? All my posts >were mailed back to me by css with a note: "Unsolisted letter...returned" >BTW: The spelling is quoted correctly. Yes, I have. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Tue, 18 Jan 94 00:44:07 PST To: Cypherpunks Mailing List Subject: Re: RETURNED MAIL, ANYBODY? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I also got two of them. *shrug* ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and \/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTuiLp3BsrEqkf9NAQEsugP/cbyR+DIWCLu8Qta/7qV7gcTDa7IjfX63 NXmMXOOLxGnh7BzMFLS6s/HA6KLDVTYj6Hy82KWv0n4m7UdQju07pzAPw+n0WuJv mFA8pVC2kEbLL7RKYVdBSdpSyCwUlqdgkbgn5ioVfyueQsiO3zSgpsjOH45K8Fma 1D9gBAXg2qk= =ABKh -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Tue, 18 Jan 94 08:38:44 PST To: cypherpunks@toad.com Subject: Re: RETURNED MAIL, ANYBODY Message-ID: <199401181638.IAA01221@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain I sent mail to Schefter about this, and got a reply last night. He said this was his form of protest for having his unsubscribe messages ignored. I suggested that he bit-bucket the unwanted messages rather than bouncing them, and give Eric a little more time to process his unsub request. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an56238@anon.penet.fi (SuperDupont) Date: Tue, 18 Jan 94 01:38:38 PST To: cypherpunks@toad.com Subject: RSA Questions Message-ID: <9401180854.AA08208@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain Hi Cypherpunks ! I've got a few questions about the RSA encoding (if they're answered somewhere in litterature, just give directions, thanks) If the public encryption key is e (the exponent) and n=p*q (the modulus), then the encryption scheme is: cypher= (plain^e) mod n. Number theory tells us that the reverse operation (taking the e-th root) can be performed, as long as we know p and q: we know how to compute d such that for any plain Date: Tue, 18 Jan 94 09:23:44 PST To: cypherpunks@toad.com Subject: Bobby Inman pulling his name Message-ID: <9401181722.AA04105@netmail.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain I heard on the news this morning that the White House had informally agreed with Bobby Inman's decision to pull his name from consideration for the Secretary of Defense, but wouldn't have any comment until it was formalized. No explanation of reasons. I guess the CypherPunk lobbyists earned their pay this month . Perhaps some folks didn't like the idea of a career military type taking over what is usually considered a civilian post? ---- davehart@microsoft.com Not a Microsoft spokesperson. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jim@Tadpole.COM (Jim Thompson) Date: Tue, 18 Jan 94 07:26:23 PST To: cypherpunks@toad.com Subject: Inman turns down DOD sec job Message-ID: <9401181524.AA15259@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain supposedly there will be a press conference at 1:00pm to say 'why'. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Halvor Kise jr." Date: Tue, 18 Jan 94 00:48:38 PST To: drzaphod@brewmeister.xstablu.com (DrZaphod) Subject: Re: RETURNED MAIL, ANYBODY? Message-ID: <1504AD47203@sofus.dhhalden.no> MIME-Version: 1.0 Content-Type: text/plain > Has anybody else who has posted to the list in the past day gotten > a return from css@netcom.com [Chris Schefter]? All my posts > were mailed back to me by css with a note: "Unsolisted letter...returned" > BTW: The spelling is quoted correctly. > > I've inquired css but havn't gotten a reply. TTFN. Yes, I was puzzeled by that myself. Halvor Kise jr. * MEMENTO MORI * __________________________________________________ | Halvor Kise jr. * Username: halvork | | * Server: sofus | | Ostfold * Site name: dhhalden.no | | Regional College * Student at | | N-1757 Halden * Computer Science | -------------------------------------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Micromine Date: Mon, 17 Jan 94 18:06:18 PST To: cypherpunks@toad.com Subject: UNSUBSCRIBING Message-ID: <199401180205.KAA00761@yarrow> MIME-Version: 1.0 Content-Type: text/plain I tried previously to get out of the cypherpunks mailing list by sending a request (incorrectly) to cypherpunks@toad.com Since this was wrong I got fairly toasted by various flames. Not one of these people who were so concerned about bandwidth etc etc actually told me how to correctly unsubscribe, (I did get a few references to various RFC's and FYI's which I can't find anywhere). Since then I have sent an UNSUBSCRIBE letter to cypherpunks-request@toad.com several times and without any effect, I'm still getting mail ! Can someone either remove me from this list or explain in plain english how I can get myself removed !??? Sorry to waste bandwidth, (even though the Dethead seems to waste more of your bandwidth than I would in a hundred years). Sorry if this message is taken as a flame but this IS a high volume message area and I'm being swamped ! Simon Shaw. -- ------------------------------------------------------------------------------- Micromine Pty. Ltd. Exploration and Mining Software. [SNAIL] PO BOX 7, Nedlands 6009, Western Australia. [PHONE] +61 9 389-8722 [FAX] +61 9 386-7462 [BBS] +61 9 389-8317 [E-Mail] mmine@yarrow.wt.uwa.edu.au [Fidonet] 3:690/372.0@fidonet.org =============================================================================== From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: szabo@netcom.com (Nick Szabo) Date: Tue, 18 Jan 94 10:18:45 PST To: hfinney@shell.portal.com Subject: Barriers to offshore banking In-Reply-To: <199401170317.TAA24167@jobe.shell.portal.com> Message-ID: <199401181815.KAA18287@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain The middle class avoids current offshore banking because it is user-hostile and puts their life savings at high risk. An offshore bank often takes a week or more to service requests for statements sent by snail-mail. Offshore banks are notorious for obsconding with customers' money. Reputation information on these banks is hard to find to nonexistant. The typical offshore bank customer spends $1,000's on legal fees to obtain information on reputable banks, the legality of what they are doing in both the local and offshore jurisdictions, and to set up obscure, sophisticated legal entities. There aren't any good statistics, but I'd guess that most of the money saved by going offshore is lost to legal fees and fraud. A good on-line bank will tackle user friendliness by providing rapid, detailed feedback, either instant (IP connection) or slightly delayed (e-mail). This also indirectly tackles trust. You sleep better when you can instantly obtain the status of your account, withdraw your funds in case of emergency, distribute funds across several different banks with low overhead, and easily get detailed information about the variety of banks and accounts available. Trust could be more directly tackled by the following: * Private deposit insurance, with risk spread across several offshore banks * Offshore bank rating service, also available online * Sponsorship by major banks, with a longer-term reputation and larger capital base Nick Szabo szabo@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Tue, 18 Jan 94 10:46:23 PST To: felix@hu.se (Felix Ungman) Subject: Re: RETURNED MAIL, ANYBODY? In-Reply-To: <199401181115.MAA10274@mail.swip.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > > Yep, happened to me too (subject was "Re: PGP posting validation", a > coincidence?). > > Felix I wondered about that myself.. |-] -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Tue, 18 Jan 94 13:08:45 PST To: cypherpunks@toad.com Subject: Re: RETURNED MAIL, ANYBODY In-Reply-To: <199401181638.IAA01221@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > I sent mail to Schefter about this, and got a reply last night. He > said this was his form of protest for having his unsubscribe messages > ignored. I suggested that he bit-bucket the unwanted messages rather > than bouncing them, and give Eric a little more time to process his unsub > request. > > Hal That was my second guess.. I assumed the misspelling of UNSOLICITED was either A) Because he's a poor speller B) Because he typed that message in a fit of rage [that always happens to me] -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Tue, 18 Jan 94 08:06:23 PST To: cypherpunks@toad.com Subject: Re: PGP posting validation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain DrZaphod says: Ah ha! Another facet of a LIST run authentication system [Cypherpunks Run Authentication System - CRASs?] may be to allow users to mail THE LIST and ask their mail to be filtered so they don't have to pay for msgs they don't want. THIS IS DANGEROUS because a forger could mail in such a request.. to patch this, THE LIST could mail out a weekly msg -- a compiled list of which msgs got thru, and which were filtered, and why. Or, you could do what is done on the extropians list: Every time a filter/block or other command is received, the list software sends back a note confirming it. It would make it pretty obvious if someone was spoofing fake filtering commands. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Tue, 18 Jan 94 08:14:32 PST To: cypherpunks@toad.com Subject: Re: RETURNED MAIL, ANYBODY? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain DrZaphod wrote: > Has anybody else who has posted to the list in the past day > gotten a return from css@netcom.com [Chris Schefter]? > All my posts were mailed back to me by css with a note: > "Unsolisted letter...returned" BTW: The spelling is quoted correctly. Yeah, I got the same thing... someone please unsubscribe this fool from the list!!! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: trestrab@GVSU.EDU (BETH TRESTRAIL) Date: Tue, 18 Jan 94 09:03:44 PST To: drzaphod@brewmeister.xstablu.com (DrZaphod) Subject: Re: PGP posting validation Message-ID: <9400187589.AA758923257@GVSU.EDU> MIME-Version: 1.0 Content-Type: text/plain DrZaphod writes: > Ah ha! Another facet of a LIST run authentication system > [Cypherpunks Run Authentication System - CRASs?] > may be to allow users to mail THE LIST and ask their mail > to be filtered so they don't have to pay for msgs they don't > want. THIS IS DANGEROUS because a forger could mail in > such a request.. to patch this, THE LIST could mail out a > weekly msg -- a compiled list of which msgs got thru, and > which were filtered, and why. > > This opens up another possibility which may prove more > effective. If THE LIST can maintain a list of msgs/posters/ > PGP authentication, then those users who trust THE LIST > to authenticate their mail can select the msgs they want > to receive [from the same compiled list]. The list software that Ray Cromwell wrote for the Extropians list does all these things. Users can exclude [user|thread] and receive a regular ( I think daily) list of filtered msgs. Users can also set their own mode of receiving the list (reflected or digest), and can temporarily unsubscribe by excluding all. About the only intervention needed by list management is for subscribes and permanent unsubscribes, other than general maintenance. The list also has a security feature that when turned on only accepts posts from addresses previously authenticated as belonging to list members. This can still be spoofed, but at much greater difficulty than LD has had to expend heretofore. Jeff trestrab@gvsu.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "mycal" Date: Tue, 18 Jan 94 17:53:47 PST To: cypherpunks@toad.com Subject: Spread Spectrum xcever moduals Message-ID: <2d3c49c6.acsys@NetAcsys.com> MIME-Version: 1.0 Content-Type: text/plain Cypherpunks, Looking through the new Nuts and Volts I came accross this ad: SPREAD SPECTRUM tranceiver modules, USA, part 15, 100mw 902-928 MHz. XT interface needs only an address decoder, 74ls245 and antenna. Data or voice to 242kb/s. With manual $240 + $5 S&H, VISA or MasterCard. SKV International, 37200 Central Court, Newark, CA 94560. 510-796-1101, call for RF sales. Anyone up for setting up a bay area network based on these things? 100mw into a yagi could be good for 10 miles or so, and I think you are allowed up to a watt under part 15 as long as your signal meets certain requirements, this could extend the range to 30-40 miles per link. Local links could be set up to cover a number of users in a local area. How does this sound? Does anyone know of a better deal for SS modules? mycal -- Welfare by mycal@netacsys.com welfare, ha, your not my friend you bury the people, in the end gernerations of lost hope you feed destruction of famlies is your need an illusion of of hope that you pretend is the wasting of soles that will never mend wastfull bureaucracy is what you breed the middle class is what you bleed tentions of race is your rift stagnation of life is your gift so, welfare it is time to meet your death before you suck the life out of everyons breath From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew J Ghio Date: Tue, 18 Jan 94 09:49:32 PST To: cypherpunks@toad.com Subject: Re: Internet Banking In-Reply-To: <9401180200.AA16565@runner.utsa.edu> Message-ID: MIME-Version: 1.0 Content-Type: text/plain dwomack@runner.jpl.utsa.edu (David L Womack) wrote: > As a recent subscriber, I'd like to ask a question or > two regarding banking... ... a question or two... or ten... :) > 1. Such a bank would clearly need to be > offshore, and in a location with no banking > or taxation treaties with the US. Some of these > are available, but, the record of quality > accounting and regulation isn't always the best. > What is the feeling about what depositors would > want from such a bank before they "did business". This is a major problem. You'd proabaly have to make sure there were a wide variety of products or services availiable on the net that were in demand, to make people need to use your bank. Maybe you could get shareware authors and online database operators to advertise that they accept digimoney for their services. You could probably encourage this by offering them free services or other incentives. > 2. What is the minimum list of services a bank > should provide? Deposit and transfer between > inhouse accounts would be easy...wire transfer > elsewhere would not be a problem...even handling > some investments could be done. On the other hand, > things like unsecured loans, credit cards, and immediate > access to someone in "account services" would be a lot > more difficult to implement. Well, I'd be happy with a simple checking account, where you could type checks and sign them with PGP. Unsecured Loans would be a big problem...the bank might not be able to offer much (if any) interest on accounts. Of course most checking accounts don't offer much interest anyway so that's not a bit problem. > 3. What minimum account size would be appropriate? > Domestic branches of offshore banks (i.e., Union Bank of > Switzerland) generally require 100M, but the branches are > subject to US record keeping requirements. Offshore, > $1,000 or less is common. Would such levels, in your > opinion, work? I'd start off with no minimum balence. You want as many customers as possible from the beginning. > 4. Statements. Generating statements is time and > accounting intensive. Generating statements on > checking accounts is NOT cheap. Would accounts > have to have scores of small transactions (i.e., $25 > bucks for the xyz bill), or would it be possible to > merely feed a domestic account from the offshore > account. It is very cheap if it's all computer automated and statements are sent via email on the network. The reason checking account statements are expensive for conventional banks is because of the physical costs, such as paper, ink, envelopes, postage, etc... > 5. Currency. US dollars? Swiss Franks? Other? Foreign > currency is a nice option, but would up the costs for a > startup bank. Dunno. Probably multiple currencies, or maybe just backed up in gold. Theoretically the bank would want to accept any form of money, if it was a international orginization. > 6. Yield. Would depositors demand a yield? Current low > rates at US banks seem to make this unimportant, but is it > really unimportant? See #2.. > 7. Fees. What level of fees could the bank charge? A > regular US checking account for a small business can cost > $10 a month... Hopefully none, if they can secure the use of a large amount of capital to invest. > 8. Any thoughts about marketing? Offshore banks, as I > understand it, cannot lawfully advertise their services > within the US. Irrelevant. They don't need to, if they are known on the internet. > 9. Other thoughts? What do YOU think would be needed, unneeded, > nice to have, in such an entity? What would frighten potential > customers away? The biggest problem is that there isn't much security of your money in such an institution. The second problem is how does one deposit money in the bank? Do you send them a check? Where do you send it? How do you deposit cash? It wouldn't be feasible for such an institution to maintain many physical branch offices. To set up such a bank you'd need a fairly high-bandwidth internet connection, some computers and a software development team. You might also need to hire some customer service agents to answer email and telephones (if you have them). That's about it. A small operation could be run by two or three people, if you couldn't do it all yourself. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Yaoshiang Ho Date: Tue, 18 Jan 94 13:43:47 PST To: cypherpunks@toad.com Subject: unsubscribe Message-ID: MIME-Version: 1.0 Content-Type: text/plain UNSUBSCRIBE From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian D Williams Date: Tue, 18 Jan 94 13:59:15 PST To: cypherpunks@toad.com Subject: MISC; reminder Message-ID: <199401182159.NAA09351@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Punkster's Just a reminder, tonight on Nova "Codebreakers" stories of the world war II effort, check local listings. Brian Williams Extropian Cypherpatriot Cryptocosmology: "sufficently advanced comunication is indistinguishable from noise." Chicago Current temp -19 wind chill -63 4pm CST -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTxaZNCcBnAsu2t1AQFOdgP+NgsenZ1otjdCLK2aUKnhGW1Nwdr2Rk5+ V76MAqVWn+Iys190Hj3HTHBd6/aI7rhP9mRYWo8097pgYhMRmR35URa+hKRNLzP0 Iucwe9cWTLlbNnTPh+N04JJbwVhlDG3xXGykKeY0y9+IkUIeS0acu8nL01oGIurX hkqqkgmzxvE= =X6Ol -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: consensus@netcom.com (Christopher Allen) Date: Tue, 18 Jan 94 14:38:46 PST To: cypherpunks@toad.com Subject: Mr. Squish Message-ID: <199401182237.OAA29553@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain I explained to a list manager about our problems regarding the source of SQUISH and the system administrator that does not respond to requests to deal with the problem. >Return-Path: >Received: from cap.gwu.edu by mail.netcom.com (8.6.4/SMI-4.1/Netcom) > id MAA05785; Tue, 18 Jan 1994 12:47:43 -0800 >Received: by cap.gwu.edu (4.1/SMI-4.1) > id AA18334; Tue, 18 Jan 94 15:47:25 EST >Date: Tue, 18 Jan 1994 15:42:14 -0500 (EST) >From: Roger Burns >Subject: Mr. Squish >To: Christopher Allen >Message-Id: >Mime-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII > > >> Do you mind if I forward the above message to the cyperpunks list? Or would >> you be willing to do so yourself? > >Sure. I don't have ready access to Usenet, so feel free to post my comments. >BTW, I found two typos in my original message, so below I copy a revised >version. > >-- Roger rburns@cap.gwu.edu > >---------- Forwarded message ---------- > >Thank you for response. If I may give some unsolicited advice, I would >take a "Margaret Thatcher" approach to the postmaster who is allowing this >problem to fester. > >I would (1) trace down his office phone number (through nic whois or >nslookup or whatever) and ring him up and explain that allowing abuse of >the Internet is an abrogation of his company's contract for obtaining an >Internet connection, and that if he doesn't consent to handling this problem >appropriately, you will seek to have his company disconnected from >Internet based on that abrogation. > >If he doesn't succumb to that threat, I would then (2) phone thru his >company's main switchboard and ask to be connected to the postmaster's >boss, and explain to the boss that you will be seeking to have his >company's Internet connection ended due to the postmaster's >irresponsibility in allowing an unstable person to wreak havoc on the >worldwide computer network community. > >Now while it might be a pain to actually follow through on this threat, if >you put enough of a poker face on what you say, the bluff might very well >be enough at either step 1 or step 2. > >Good luck! And I hope I don't have to deal with this problem! (But if I >do, I've outlined how I will proceed.) > >-- Roger Burns rburns@cap.gwu.edu ..Christopher Allen ..Consensus Develoment Corporation ..4104-24th Street #419 ..San Francisco, CA 94114-3615 ..(415) 647-6384 Fax ..(415) 647-6383 Voice ..email: consensus@netcom.com ..mosaic frontpage: .."ftp://netcom.com/pub/consensus/www/ConsensusFrontDoor.html" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "strick -- strick AT versant DOT com -- henry strickland" Date: Tue, 18 Jan 94 14:43:46 PST To: sameer@uclink.berkeley.edu Subject: Re: BOF @Usenix? In-Reply-To: <199401180626.WAA20973@soda.berkeley.edu> Message-ID: <9401182244.AA04724@osc.versant.com> MIME-Version: 1.0 Content-Type: text/plain # Where/when is the Cypherpunks BOF @ Usenix? # # It's Wednesday right? (What's the hotel?) # # Thanks, # Sameer # Wednesday. San Francisco Hilton -- like two blocks west and one block south of union square. 7pm, i think, i'm not positive. There's a list of BOFS on the wall in the main bulletin board, one floor up from the lobby, go up the escalator. strick From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: norm@netcom.com (Norman Hardy) Date: Tue, 18 Jan 94 14:58:47 PST To: cypherpunks@toad.com Subject: Re: RSA Questions Message-ID: <199401182256.OAA09505@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain At 8:54 1/18/94 +0000, SuperDupont wrote: >Hi Cypherpunks ! > >I've got a few questions about the RSA encoding (if they're answered somewhere >in litterature, just give directions, thanks) > > If the public encryption key is e (the exponent) and n=p*q (the modulus), > then the encryption scheme is: > > cypher= (plain^e) mod n. > > Number theory tells us that the reverse operation (taking the e-th root) > can be performed, as long as we know p and q: we know how to compute d > such that for any plain > Now my questions are: > > 1. Is there a way to determine ALL the possible values of d verifying: > (plain^e)^d=plain for any plain their number) ? > > In other words, is there a way to know the number of keys that unlock > what your public key locks ? > > 2. Is there a way to determine ALL the possible values of d verifying: > (plain^e)^d=plain for *a given plain* ? > > In other words, is there a way to know the number of keys that unlock > *a given message* ? > >Here's an example that's quite worrying (maybe because I chose p and q >to be random primes, and they have bad properties): > >e=17 # Exponent >p=967 # Prime p >q=1031 # Prime q >n=p*q=996977 # Public modulus > >phi=(p-1)*(q-1)=994980 >g=gcd(p-1,q-1)=2 >f=phi/g=497490 >d=(1/e) mod f=234113 # A possible value of d given by number theory > >Here's the result of the exhaustive search for the answer to question No. 2: > >plain=12345 >cipher=(plain^e) mod n >decipher=(cipher^d) mod n > >The possible values for d (138 of them) are: > >3393 10603 17813 25023 32233 39443 46653 53863 61073 68283 75493 82703 89913 >97123 104333 111543 118753 125963 133173 140383 147593 154803 162013 169223 >176433 183643 190853 198063 205273 212483 219693 226903 234113 241323 248533 >255743 262953 270163 277373 284583 291793 299003 306213 313423 320633 327843 >335053 342263 349473 356683 363893 371103 378313 385523 392733 399943 407153 >414363 421573 428783 435993 443203 450413 457623 464833 472043 479253 486463 >493673 500883 508093 515303 522513 529723 536933 544143 551353 558563 565773 >572983 580193 587403 594613 601823 609033 616243 623453 630663 637873 645083 >652293 659503 666713 673923 681133 688343 695553 702763 709973 717183 724393 >731603 738813 746023 753233 760443 767653 774863 782073 789283 796493 803703 >810913 818123 825333 832543 839753 846963 854173 861383 868593 875803 883013 >890223 897433 904643 911853 919063 926273 933483 940693 947903 955113 962323 >969533 976743 983953 991163 > >That makes a probability of 0.013% >Looks to me like it's a LOT. Maybe I'm wrong. > >-zap > >------------------------------------------------------------------------- >To find out more about the anon service, send mail to help@anon.penet.fi. >Due to the double-blind, any mail replies to this message will be anonymized, >and an anonymous id will be allocated automatically. You have been warned. >Please report any problems, inappropriate use etc. to admin@anon.penet.fi. Laudable Paranoia! In short the numbers: cipher, decipher, plain, d and e must all be relatively prime to p and q for all of this stuff to work. In practice, since p and q are very large, the probability of the cryptanalyst finding another value d that deciphers your message is about the same as him finding p or q. That is the same probability of him factoring pq by guessing. In your example 138 out of 996980 is about the probability of being divisible by either p or q. You might check to make sure that the message that you are enciphering is relatively prime to p and q. You could better spend your, however, verifying that your hardware had not made a mistake, which is more likely, unless, however you are sending one of your factors so that a friend can share your secret key. In that case, however, anyone with your public key can compute your secret key, From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Tue, 18 Jan 94 13:03:47 PST To: Cypherpunks Mailing List Subject: Re: RETURNED MAIL, ANYBODY In-Reply-To: <199401181638.IAA01221@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- On Tue, 18 Jan 1994, Hal wrote: > I sent mail to Schefter about this, and got a reply last night. He > said this was his form of protest for having his unsubscribe messages > ignored. I suggested that he bit-bucket the unwanted messages rather > than bouncing them, and give Eric a little more time to process his unsub > request. What a putz.... :-) ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and \/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTxPTZ3BsrEqkf9NAQH2MAP9GmGTIwEG21O/CXRjHEoG4TZTx1OiaHTC HWUuXaDbZ1enbGTAAeU0iASJpylCrtligLPdveew3sKcHNGcTlBUyPogMKHhtvHf R5k6lJooYyzA7Ah4TBBJisivJa4kPVZwF6KwwvReOBYv4pGeXTJUAW+qt9lMWTis mRvFv3oZ4G0= =86Wp -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drzaphod@brewmeister.xstablu.com (DrZaphod) Date: Tue, 18 Jan 94 20:43:49 PST To: cypherpunks@toad.com Subject: Re: RETURNED MAIL, ANYBODY? In-Reply-To: <9401181725.AA14716@media.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > Yes, I got the same thing in response to my posting -- I wonder if someone > hacked his account or somesuch to put in a filter. He may not even be > seeing the emails. Perhaps a phone call is in order? Well.. the mystery has been answered; however, I DID check his directory for a .forward file to no avail.. must be an offline mailer. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod@brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Colin Chandler Date: Tue, 18 Jan 94 20:46:26 PST To: Yaoshiang Ho Subject: UNSUSCRIBE README In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain I think that this should be clarified: you UNSUBSCRIBE to sypherpunks-requests (right?) Not that I don't like filling my mail box with lots of messages titled UNSUBSCRIBE or anything... ;) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Tue, 18 Jan 94 19:48:47 PST To: Cypherpunks Mailing List Subject: Re: Bobby Inman pulling his name In-Reply-To: <9401181722.AA04105@netmail.microsoft.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- On Tue, 18 Jan 1994, Dave Hart wrote: > I heard on the news this morning that the White House had informally > agreed with Bobby Inman's decision to pull his name from consideration > for the Secretary of Defense, but wouldn't have any comment until it > was formalized. No explanation of reasons. The respons given by Inman was that Bob Dole and the republican cronies were conspiring against him to make sure his nomination was defeated, in order to make Clinton look bad. Actually, it probably is true (I don't trust Dole). Inman will appear on Nightline tonight (11:35 EST) ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and \/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W - -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTyuIZ3BsrEqkf9NAQECzQP/bIhqoWHh5G3AYvW6IPSHKPJLl6ZbnBw1 o0Q0xVUDjE8mqQarMmMbS6gk4ZuINGllupWz49JuJ/XhjQrFA/xfWmxLa2OynEc2 JvwmIFIgddOFfAhuCCQnXxrrC3zADT9HvfqpMNnRkUR2NMP4lN2ebEtGNotirtcf yMfXhcWoiTc= =BQ/h -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mikeingl@news.delphi.com (MIKEINGLE@DELPHI.COM) Date: Tue, 18 Jan 94 21:23:49 PST To: cypherpunks@toad.com Subject: New Keyserver Message-ID: <9401190522.AA29358@news.delphi.com> MIME-Version: 1.0 Content-Type: text/plain >Newsgroups: alt.security.pgp,nlnet.comp,sci.crypt >Path: news.delphi.com!noc.near.net!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!xlink.net!zib-berlin.de!netmbx.de!Germany.EU.net!EU.net!sun4nl!news.nic.surfnet.nl!news.kub.nl!kub.nl!teun >From: teun@kub.nl (Teun Nijssen) >Subject: Yet another PGP public key server running >Message-ID: <1994Jan18.152726.9396@kub.nl> >Date: Tue, 18 Jan 94 15:27:26 GMT >Organization: Tilburg University, Tilburg, The Netherlands >Nntp-Posting-Host: kubds2 >Lines: 20 >Xref: news.delphi.com alt.security.pgp:7821 sci.crypt:15950 Hello Internet, a new PGP public key server has been setup; this time in the Netherlands. It is a mail-only server, no anon-ftp. The address of the server is pgp-public-keys@kub.nl the service is already synchronized with the other international keyservers, although I will ask more servers to directly sync with me in the near future. The system running the service is directly connected to Tilburg University's FDDI ring, which is one 2 Mbps hop away from Delft, which is one 34 Mbps hop away from Amsterdam, which will soon have its Europanet/EMPB/Dante fatpipe to the USA. It should be well connected... For the time being, the server starts up every 15 minutes. greetings, teun From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Wed, 19 Jan 94 00:53:50 PST To: cypherpunks@toad.com Subject: Inman, Exports, and Conspiracies In-Reply-To: <9401190824.AA06315@bsu-cs.bsu.edu> Message-ID: <199401190851.AAA17884@mail.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Not sure what this has to do with List anymore, what with Inman slinking away (he pulled a perot), but here goes: "Anonymous" writes: > Additional reference was made during the interview > to a "proxy board being seperate from export violations" ? > and he supposedly was a member of the proxy board, > he also made reference to "the new mccarthyism" and complained extensively > about unfair newspaper editorial coverage and made reference > to reporters reading "some conspiracy theorists book" (Bamford "Puzzle Palace"?) Not Bamford, but likely a very new book on how the U.S. helped arm Iraq. I forget the title, but it's very new. I flipped through it, and in fact looked up the references to Inman, as I'd heard the book raked him over the coals. > The aboce snatches raise important questions > could Bobby Inman former head of NSA be involved in a > conspiracy to end run ITAR??? Can ANYONE illuminate this issue? > Ted koppel made the reference that that last exchange > probably lost most of the viewers... what is going on here??? > John Gilmore did you see and hear this what was Inman referring to? > and does it involve DELL or other private companies? Well, I'm not Gilmore, except as a Tentacle, but Dell was not the company involved. Any of the written articles about Inman should do a good job of naming these connections, how Inman wrote some letters, etc. Inman is history, in any case. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Wed, 19 Jan 94 00:23:50 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <9401190824.AA06315@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain Additional reference was made during the interview to a "proxy board being seperate from export violations" ? and he supposedly was a member of the proxy board, he also made reference to "the new mccarthyism" and complained extensively about unfair newspaper editorial coverage and made reference to reporters reading "some conspiracy theorists book" (Bamford "Puzzle Palace"?) The aboce snatches raise important questions could Bobby Inman former head of NSA be involved in a conspiracy to end run ITAR??? Can ANYONE illuminate this issue? Ted koppel made the reference that that last exchange probably lost most of the viewers... what is going on here??? John Gilmore did you see and hear this what was Inman referring to? and does it involve DELL or other private companies? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous Date: Wed, 19 Jan 94 00:33:50 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <9401190833.AA06405@bsu-cs.bsu.edu> MIME-Version: 1.0 Content-Type: text/plain suspect Dr Dobbs will have to register as an arms dealer fairly soon as their publication of a CD including all articles and source code from jan 1988 to june 1993 includes several source code included encryption artilces of the heading that could conceivably fall under ITAR I notice they chose NOT to include 1987, perhaps because of the RSA RATFOR article?? This should prove interesting... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Duncan Frissell Date: Wed, 19 Jan 94 04:03:53 PST To: cypherpunks@toad.com Subject: Barriers to offshore bank Message-ID: <199401191201.AA05325@panix.com> MIME-Version: 1.0 Content-Type: text/plain To: cypherpunks@toad.com S >The middle class avoids current offshore banking because it S >is user-hostile and puts their life savings at high risk. The middle class avoids current offshore banking because they want to be close to their money and because they have not (traditionally) had anything to do with foreign investments or even foreign travel (only 14% of Americans possess passports). S >An offshore bank often takes a week or more to service requests for S >statements sent by snail-mail. True, although all had telex and have fax and Americans have been able to use telex from their home computers at least since 1983. Fedex also serves almost all offshore financial centers. S >Offshore banks are notorious for obsconding with customers' money. There is no evidence that offshore investment risk is higher than onshore risk (US government deposit insurance not counted). Recall that you can lose money even in an FDIC insured deposit account in the US as the *average* depositor did over the last 10 years when account interest is adjusted for inflation/opportunity cost. S >Reputation information on these banks is hard to find to nonexistant. So if I open an account at the Cayman office of the Bank of Nova Scotia, I have no way of telling that it is safe. Most of the money in offshore banks is invested in subsidiaries of onshore banks. There are six major clearing banks in the Cayman Islands: Barclays Bank, Royal Bank of Canada, Bank of Nova Scotia, CIBC Bank and Trust Company (Cayman) Ltd, Cayman National Bank and Trust Co Ltd, and Bank of Butterfield (Cayman) Ltd. Of these, 4 are subsidiaries of major international banks, Bank of Butterfield is a banking subsidiary of one of the largest trust companies in Bermuda (with a good rep), and Cayman National Bank and Trust (a member of the Cirrus ATM network BTW) is 25 years old. S >The typical offshore bank customer spends $1,000's on legal fees to S >obtain information on reputable banks, the legality of what they are S >doing in both the local and offshore jurisdictions, and to set up S >obscure, sophisticated legal entities. There aren't any good S >statistics, but I'd guess that most of the money saved by going S >offshore is lost to legal fees and fraud. Sounds like market failure to me . I guess that when First Wisconsin Oshkosh opened *its* Cayman subsidiary, it was taking unwarranted risks with its customers money. I guess the people that put together all those film financing deals via the Netherlands Antilles must be kind of credulous since they are going to lose their dough. Trusts and corporations are not "obscure legal entities" BTW. S >A good on-line bank will tackle user friendliness by providing rapid, S >detailed feedback, True. S >Trust could be more directly tackled by the following: S >* Private deposit insurance, with risk spread across several S >offshore banks Already in place in some jurisdictions. S >* Offshore bank rating service, also available online Loads of those now but not online. S >* Sponsorship by major banks, with a longer-term reputation S >and larger capital base Already the most common way of doing business offshore. The main reason that Americans haven't opened foreign accounts is distance, transaction costs, and the costs of information. The nets eliminate distance and cut costs of transaction and information. DCF --- WinQwk 2.0b#1165 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: paul@poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 19 Jan 94 05:56:28 PST To: cypherpunks@toad.com Subject: Re: Inman, Exports, and Conspiracies In-Reply-To: <199401190851.AAA17884@mail.netcom.com> Message-ID: <199401191356.AA29114@poboy.b17c.ingr.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Oh, come on and admit it, Tim. The *real* reason Inman had to withdraw is because Operation SQUISH revealed that *HE* was Medusa. - -Paul - -- Paul Robichaux, KD4JZG | "Though we live in trying times perobich@ingr.com | We're the ones who have to try." - Neil Peart Intergraph Federal Systems | Be a cryptography user- ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLT078yA78To+806NAQGg/wQAnlEmVF2DhIyE/kToKSjFIXr0/YG9JKxR oSDcA4XAR9RfkwNCS4zEDAReZsIipZ30An2OPW+w8YenQ+FitoErBM8KYcGOs4dl Lf8+OMS7VE31/StSOv6GMKLXYV1tgxTV5RI5uW7Tz96HPEpSVqvZjeLovzxeTbTC W1biyl4VRvM= =qlli -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: callsen@dec6.wu-wien.ac.at (TCR) Date: Tue, 18 Jan 94 23:18:50 PST To: orion@crl.com (Colin Chandler) Subject: Re: UNSUSCRIBE README Message-ID: <9401190716.AA24063@dec6.wu-wien.ac.at> MIME-Version: 1.0 Content-Type: text/plain In your message from [Tue, 18 Jan 1994 20:42:31 -0800 (PST)] you wrote: |> I think that this should be clarified: you UNSUBSCRIBE to |> sypherpunks-requests (right?) |> Not that I don't like filling my mail box with lots of messages titled |> UNSUBSCRIBE or anything... ;) but this has ***no*** effect !!! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: lstanton@lehman.com (Linn Stanton) Date: Wed, 19 Jan 94 05:59:22 PST To: hayden@krypton.mankato.msus.edu Subject: Re: Bobby Inman pulling his name In-Reply-To: Message-ID: <9401191358.AA21126@sten.lehman.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Robert" == Robert A Hayden writes: Robert> The respons given by Inman was that Bob Dole and the Robert> republican cronies were conspiring against him to make Robert> sure his nomination was defeated, in order to make Clinton Robert> look bad. Robert> Actually, it probably is true (I don't trust Dole). This sounded to me like a convenient excuse. I think what really happened is that our fearless ex-NSA-leader found that he didn't like people invading HIS privacy. Maybe we should send someone to recruit him? Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPrQnTGlubiBILiBTdGFudG9uIDxsc3RhbnRvbkBz aGVhcnNvbi5jb20+ =oCru - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLT08csGRjm/KQ3JTAQGapQH+JbU9MCygirMPtz3mPcBBzXRXWy6g+0wd +O2jfQ2p5yX59nFZRsmQe/SgngcOz0J8Rf1/e/+UyKCbHX9vUXJgng== =ZZEr -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: schneier@chinet.com (Bruce Schneier) Date: Wed, 19 Jan 94 09:16:28 PST To: cypherpunks@toad.com Subject: Greetings and Thank You Message-ID: MIME-Version: 1.0 Content-Type: text/plain Thank you all for welcoming me to the cypherpunks meeting last weekend. I enjoyed myself, and will attend again if our schedules ever match. Following are two files. The first is the latest errata for my book, and the second is the index. I am trying to get permission to publish the bibliography electronically. Cheers, Bruce From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: schneier@chinet.com (Bruce Schneier) Date: Wed, 19 Jan 94 09:18:55 PST To: cypherpunks@toad.com Subject: APPLIED CRYPTOGRAPHY - Errata version 1.5.3 Message-ID: MIME-Version: 1.0 Content-Type: text/plain APPLIED CRYPTOGRAPHY ERRATA Version 1.5.3 - January 18, 1994 This errata includes all errors I have found in the first and second printings of the book, including minor spelling and grammatical errors. Please distribute this errata sheet to anyone else who owns a copy of the book. Page xvii: Third paragraph, first line: "Part IV" should be "Part III". Page 1: First paragraph, fourth line: "receiver cannot intercept" should be "intermediary cannot intercept". Page 6: Sixth and seventh lines: "against symmetric" should be "against a symmetric". Page 8: Second paragraph, first line: "q code" should be "a code". Page 10: Second paragraph, fifth line: Reference "[744]" should be "[774]". Page 11: Second paragraph: "The rotations of the rotors are a Caesar Cipher" should be "Each rotor is an arbitrary permutation of the alphabet". Page 13: Third paragraph: Delete parenthetical remark. Page 13: Fifth paragraph, first line: "Shift the key" should be "shift the ciphertext". Page 15: Section 1.3, first line: "Throughout the book use" should be "Throughout the book I use". Page 28: Third paragraph, third and fourth sentences should be "How to put mail in a mailbox is public knowledge. How to open the mailbox is not public knowledge." Page 30: "Attacks Against Public Key Cryptography," second paragraph: "The database also has to be protected from access by anyone" should be "The database also has to be protected from write access by anyone". Also: "substitute a key of his choosing for Alice's" should be "substitute a key of his own choosing for Bob's". Page 30: Last line: "substitute that key for his own public key" should be "substitute his own key for that public key". Page 32: Ninth line: Delete the word "encrypted". Page 34" "Signing Documents with..." First sentence: "too inefficient to encrypt long documents" should be "too inefficient to sign long documents". Page 40: Third line: "computer can exist" should be "computer can be". Page 40: Second paragraph: Delete "should be runs of zeros and the other half should be runs of ones; half the runs". Page 51: Step 5: "with what he received from Bob" should be "with what he received from Alice". Page 69: Last line: "tried to recover her private key" should be "tries to recover Alice's private key". Page 73: "Bit Commitment Using One-Way Functions," last paragraph: Second and third sentences should be "Alice cannot cheat and find another message (R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). If Alice didn't send Bob R_1, then she could change the value of both R_1 and R_2 and then the value of the bit." Page 77: "Flipping Coins into a Well," first line: "neither party learns the result" should be "Alice and Bob don't learn the result". Third line: parenthetical remark should be: "Alice in all three protocols". Page 90: Last paragraph: "step (3)" should be "step (4)". Page 91: Second line: "step (3)" should be "step (4)". Page 93: "Blind Signatures," first line: "An essential in all" should be "An essential feature in all". Page 98: First paragraph after protocol, fourth line: "to determine the DES key with the other encrypted message" should be "to determine the DES key that the other encrypted message was encrypted in." Page 115: "Protocol #2," third paragraph: "together determine if f(a,b)" should be "together determine f(a,b)". Page 131: Fifth paragraph: "each capable of checking 265 million keys" should be "each capable of checking 256 million keys". Page 133: Table 7.2: Third number in third column, "1.2308" should be "0.2308". Page 134: Table 7.3: "1027" should be "10^27". Page 139: Indented paragraph: "could break the system" should be "could break the system within one year". Page 141: "Reduced Keyspaces," last sentence: "don't expect your keys to stand up" should be "don't expect short keys to stand up". Page 148: Eighth line: "2^24" should be "2^32". Page 156: Second paragraph: "blocks 5 through 10" should be "blocks 5 through 12". Page 157: Figure 8.2: "IO" should be "IV". Page 159: Figure 8.3: "IO" should be "IV". Page 161: Figure 8.5: "Decrypt" should be "Encrypt". Page 162: Figure 8.6: "Encipherment" diagram: "Decrypt" should be "Encrypt". Input should be "p_i" instead of "b_i", and output should be "c_i" instead of "p_i". Page 164: Figure 8.7: "IO" should be "IV". Page 165: Last equation: There should be a "(P)" at the end of that equation. Page 167: Second paragraph, last line: "2^(2n-1)" should be "2^(2n-14)". Page 168: Figure 8.8: This figure is wrong. The encryption blocks in the second row should be off-centered from the encryption blocks in the first and third row by half a block length. Page 174: Middle of page: Equations should be: k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2 k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3 k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4 Page 175: Last paragraph, second line: "acting as the output function" should be "acting as the next-state function". Page 177: Diffie's quote, second to last line: "proposal to built" should be "proposal to build". Page 178: Figure 8.20: In "Node 2", the subscripts should be "D_2" and "E_3". Page 191: First paragraph: "3.5" should be "6.8". "0.56" should be "0.15". "EBCDIC (Extended Binary-Coded Decimal Interchange Code)" should be "BAUDOT". "0.30" should be "0.76". "0.70" should be "0.24". Page 193: Second sentence: "Unicity distance guarantees insecurity if it's too small, but does guarantee security if i