Xref: math.fu-berlin.de sci.crypt:19666 alt.privacy:12119 alt.security.pgp:9051 Newsgroups: sci.crypt,alt.privacy,alt.security.pgp Path: math.fu-berlin.de!zib-berlin.de!netmbx.de!Germany.EU.net!EU.net!howland.reston.ans.net!pipex!uknet!comlab.ox.ac.uk!pcl From: pcl@foo.oucs.ox.ac.uk (Paul C Leyland) Subject: Announcing pgptalk Message-ID: Date: 12 Feb 1994 14:09:55 GMT Lines: 30 Ok, time to let this out, now that it's been discovered 8-) Last year, Miron Cuperman, Stefan Neuhaus and myself did some work on a version of ytalk with encrypted traffic between the talkers. Miron did most of the hard work; Stefan and I tested and debugged. We were just about to release it when ytalk 3.0 came out. Since then, no-one has found the week or so to update the version we had built on the previous version. Anyway, if you use anon-ftp to download the file black.ox.ac.uk: /src/security/pgptalk.2.0.tar.Z you might find something of interest. The program will work in cleartext mode (i.e. native ytalk), shared-secret mode (all parties must type the same password) or public-key mode (all parties must be running pgp with accessible key rings), in which case a random IDEA session key is generated and swapped by Diffie-Hellman. Paul -- Paul Leyland | Hanging on in quiet desperation is Oxford University Computing Services | the English way. 13 Banbury Road, Oxford, OX2 6NN, UK | The time is gone, the song is over. Tel: +44-865-273200 Fax: +44-865-273275 | Thought I'd something more to say. Finger pcl@black.ox.ac.uk for PGP key | Newsgroups: sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!pipex!uunet!world!Eaco From: Eaco@world.std.com (Eaco + Associates) Subject: PGP Legal? Message-ID: Summary: What is the legal status of pgp? Is it legal to own, use? Keywords: pgp pretty good privacy cypt nsa Organization: Eaco & Associates, Accord, Mass. Date: Sat, 12 Feb 1994 16:11:01 GMT Lines: 10 I'm new to this newsgroup, and would like to know what the legal status of PGP is. Is it legal to use?... own? I saw the writeup in CompuServe's magazine this summer, but they pulled their copy off the system... what's the story? Thanks, -- Regards, >>Dick<< Newsgroups: sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!csulb.edu!csus.edu!netcom.com!strnlght From: strnlght@netcom.com (David Sternlight) Subject: Re: PGP Legal? Message-ID: Keywords: pgp pretty good privacy cypt nsa Reply-To: david@sternlight.com (David Sternlight) Organization: DSI/USCRPAC References: Date: Sat, 12 Feb 1994 22:44:02 GMT Lines: 26 In article , Eaco + Associates wrote: > I'm new to this newsgroup, and would like to know what the legal >status of PGP is. Is it legal to use?... own? In the U.S., there is a commercial version called ViaCrypt PGP, which so far is only available in a DOS version. As far as anyone knows that's legal for ownership and use in the U.S. but not for export without a Government export license (not to be confused with a patent license from the patent holders). Other versions of PGP are asserted to be an infringement of the patents of MIT and Stanford held by Public Key Partners, in the U.S. They are also illegal to export without an export license. The company making ViaCrypt PGP has got a license from the patent holders but not an export license from the government. Outside the U.S. the PKP patents aren't valid (unless the new GATT agreement changes this), and thus they are legal where national law permits them. However, there is apparently a federal Grand Jury investigation about just how they got outside the U.S. and whether there were any violations of U.S. law here as part of that. This might affect some inside the U.S. -- David Sternlight If you want to get somewhere, it's easier to move your sail than to try to change the wind. Newsgroups: sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!csulb.edu!csus.edu!netcom.com!grady From: grady@netcom.com (Grady Ward) Subject: Re: PGP Legal? Message-ID: Organization: Moby lexical databases X-Newsreader: TIN [version 1.2 PL1] References: Date: Sun, 13 Feb 1994 01:39:14 GMT Lines: 14 I have been advised by two patent attorneys that it is perfectly valid and legal to obtain, give away, and study the PGP source code. Fetch it from nic.funet.fi and a host of other sites. Crypto political issues ought to go to talk.politics.crypto, crypto technical and application issues go here; flames about Sternlight disinformation go to alt.fan.david-sternlight. -- Grady Ward | compiler of Moby lexicons: | finger grady@netcom.com +1 707 826 7715 | Words, Hyphenator, Part-of-Speech | for more information (voice/24hr FAX) | Pronunciator, Thesaurus | 15 E2 AD D3 D1 C6 F3 FC grady@netcom.com | and Language; all royalty-free | 58 AC F7 3D 4F 01 1E 2F Path: math.fu-berlin.de!news.th-darmstadt.de!fauern!xlink.net!howland.reston.ans.net!cs.utexas.edu!swrinde!dptspd!ephsa!jburrell From: jburrell@ephsa.sat.tx.us (Jason Burrell) Newsgroups: sci.crypt Subject: Re: PGP Legal? Keywords: pgp pretty good privacy cypt nsa Message-ID: Date: 13 Feb 94 02:31:02 GMT References: Sender: news@ephsa.sat.tx.us Distribution: na Organization: Rivercity Matrix -- San Antonio, Texas Lines: 32 Eaco@world.std.com (Eaco + Associates) writes: > > I'm new to this newsgroup, and would like to know what the legal > status of PGP is. Is it legal to use?... own? > > I saw the writeup in CompuServe's magazine this summer, but they > pulled their copy off the system... what's the story? > > Thanks, Its legal to use and own. Its NOT legal to transport it from the United States of America to a country outside the US border. In other words, do not export it from the U.S. RSA and PKP have a patent on the RSA algorithm, which is the public key cryptosystem used in PGP. IDEA is patented by an organization in Europe, I believe. RSA and PKP has virtually scared most US sites from carrying the cryptography software that uses their "patented algorithm." Another reason most US sites do not carry PGP/Secure Drive/et cetera is because of the export restrictions. When Phil originally wrote PGP, he placed it on a New Mexico site. Not long after, it was FTP'ed from a site out of the US. Result: It spread worldwide and the government tried to get Phil. Moral: You'll be better off *NOT* exporting it from the US (I know you didn't bring that up), and you'll be better off grabbing it from nic.funet.fi or equivelent. Newsgroups: sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!pipex!uknet!comlab.ox.ac.uk!pcl From: pcl@foo.oucs.ox.ac.uk (Paul C Leyland) Subject: Re: PGP Legal? Message-ID: In-reply-to: grady@netcom.com's message of Sun, 13 Feb 1994 01:39:14 GMT References: Date: 14 Feb 1994 11:08:32 GMT Lines: 32 In article grady@netcom.com (Grady Ward) writes: Crypto political issues ought to go to talk.politics.crypto, crypto technical and application issues go here; flames about Sternlight disinformation go to alt.fan.david-sternlight. The post by David Sternlight to which you are responding is a model of an informative article and dispassionate description of a subject which raises fervent discussion. While your comments about flames is, IMO, accurate and helpful, it might be regarded as provocative in this particular thread. With regard to the situation in the UK, so far as I am aware there are no problems with posessing or using PGP. The PKP patents are not valid in this country, and a valid licence has been obtained for the use of IDEA. I believe that PRZ's restrictions he places on commercial re-distribution are upholdable under British copyright legislation. Disclaimer: I am not an expert in British law. Paul -- Paul Leyland | Hanging on in quiet desperation is Oxford University Computing Services | the English way. 13 Banbury Road, Oxford, OX2 6NN, UK | The time is gone, the song is over. Tel: +44-865-273200 Fax: +44-865-273275 | Thought I'd something more to say. Finger pcl@black.ox.ac.uk for PGP key | Newsgroups: sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!vixen.cso.uiuc.edu!usenet.ucs.indiana.edu!venus.iucf.indiana.edu!graham From: graham@venus.iucf.indiana.edu (JIM GRAHAM) Subject: PGP backdoor? Message-ID: News-Software: VAX/VMS VNEWS 1.3-4 Sender: news@usenet.ucs.indiana.edu (USENET News System) Nntp-Posting-Host: venus.iucf.indiana.edu Reply-To: graham@venus.iucf.indiana.edu Organization: Indiana University Cyclotron Facility, Bloomington, Indiana Distribution: world Date: Wed, 16 Feb 1994 03:27:34 GMT Lines: 20 I apologize for what I'm sure has already been a thread, but I missed it. My simple question is: Is there any truth to the rumor that later versions of PGP were corrupted with a "backdoor"? Thanks, Jim Graham -- "No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain their right to keep and bear arms is as a last resort to protect themselves against tyranny in government." -Thomas Jefferson Note to the signature-impaired: This is not an NRA endorsement. Jim Graham graham@venus.iucf.indiana.edu Path: math.fu-berlin.de!zrz.TU-Berlin.DE!netmbx.de!Germany.EU.net!EU.net!uknet!pipex!mantis!mantis!not-for-mail From: mathew@mantis.co.uk (Snakes of Medusa) Newsgroups: sci.crypt Subject: Re: PGP backdoor? Date: 16 Feb 1994 12:56:07 -0000 Organization: Mantis Consultants Ltd, Cambridge. UK. Lines: 14 Message-ID: <2jt557$d8b@news.mantis.co.uk> References: NNTP-Posting-Host: sunforest.mantis.co.uk Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit In article , JIM GRAHAM wrote: >My simple question is: Is there any truth to the rumor that later versions >of PGP were corrupted with a "backdoor"? My simple answer is: No. mathew -- I have a flawless philosophical and scientific model of reality. Unfortunately, it's actual size. We must never be dogmatic. Anyone who says otherwise is wrong. Will betray country for food. Annoy the censors -- mention Paul Bernardo and Karla Homolka in your .signature. Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!cs.utexas.edu!rutgers!utcsri!newsflash.concordia.ca!canopus.cc.umanitoba.ca!russelg From: russelg@cc.umanitoba.ca (Gareth Russell) Newsgroups: sci.crypt Subject: Re: PGP backdoor? Message-ID: <2juc79$aj2@canopus.cc.umanitoba.ca> Date: 17 Feb 94 00:02:49 GMT References: <2jt557$d8b@news.mantis.co.uk> Organization: University of Manitoba, Winnipeg, Manitoba, Canada Lines: 26 NNTP-Posting-Host: antares.cc.umanitoba.ca In article <2jt557$d8b@news.mantis.co.uk> mathew@mantis.co.uk (Snakes of Medusa) writes: >In article , >JIM GRAHAM wrote: >>My simple question is: Is there any truth to the rumor that later versions >>of PGP were corrupted with a "backdoor"? > >My simple answer is: No. The longer answer is, if you're not convinced, get the source code and compile it yourself. Then you can see for yourself, if you know how to read source code. Another answer is, get a version that is accompanied by a PGP signature of a reliable organization. For example, ftp.funet.fi distributes a signature file along with the software. That means they stand behind it. In the end, consider this. Do you really think Zimmermann would write in a trap door, no matter who may have threatened him, when everyone gets to see the source code? Gary -- Gary Russell University of Winnipeg Faculty Association: russelg@uwpg02.uwinnipeg.ca University of Manitoba Graduate Studies: russelg@cc.umanitoba.ca Newsgroups: sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!csulb.edu!csus.edu!netcom.com!grady From: grady@netcom.com (Grady Ward) Subject: Re: PGP backdoor? Message-ID: Organization: Moby lexical databases X-Newsreader: TIN [version 1.2 PL1] References: Date: Thu, 17 Feb 1994 16:02:10 GMT Lines: 19 JIM GRAHAM (graham@venus.iucf.indiana.edu) wrote: : I apologize for what I'm sure has already been a thread, but I missed it. : My simple question is: Is there any truth to the rumor that later versions : of PGP were corrupted with a "backdoor"? No. PGP up to version 2.3a is available in source, so you can look at it and compile it yourself if you desire. Answers to specific PGP questions are freely available at the alt.security.pgp newsgroup. A general and platform specific PGP faqs are fetchable. -- Grady Ward | compiler of Moby lexicons: | finger grady@netcom.com +1 707 826 7715 | Words, Hyphenator, Part-of-Speech | for more information (voice/24hr FAX) | Pronunciator, Thesaurus | 15 E2 AD D3 D1 C6 F3 FC grady@netcom.com | and Language; all royalty-free | 58 AC F7 3D 4F 01 1E 2F Newsgroups: sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!vixen.cso.uiuc.edu!uchinews!ncar!csn!teal!mpj From: mpj@teal.csn.org (Michael Johnson) Subject: Re: PGP backdoor? Message-ID: Sender: news@csn.org (The Daily Planet) Nntp-Posting-Host: teal.csn.org Organization: Colorado SuperNet, Inc. References: <2jt557$d8b@news.mantis.co.uk> <2juc79$aj2@canopus.cc.umanitoba.ca> Date: Sun, 20 Feb 1994 18:41:48 GMT Lines: 25 russelg@cc.umanitoba.ca (Gareth Russell) writes: >>>My simple question is: Is there any truth to the rumor that later versions >>>of PGP were corrupted with a "backdoor"? >In the end, consider this. Do you really think Zimmermann would >write in a trap door, no matter who may have threatened him, when >everyone gets to see the source code? I know Philip Zimmermann personally, and can vouch for the fact that he believes that putting back doors in encryption systems is immoral. It would also weaken the system against attacks by criminals, enemy spys, etc. No way could you convince him to put a back door in. Besides, I've examined the source code and believe that I understand it. There are no back doors in either the freeware or Viacrypt PGP. That is why the NSA and Department of State are upset... ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj@csn.org ftp csn.org \mpj\README.MPJ for access info.| | |||/ /_\ | aka mpjohnso@nyx.cs.du.edu mikej@exabyte.com | | |||\ ( | m.p.johnson@ieee.org CIS 71331,2332 VPGP key by finger | | ||| \ \_/ |___________________________________________________________| Path: math.fu-berlin.de!zrz.TU-Berlin.DE!netmbx.de!Germany.EU.net!EU.net!news.forth.gr!calliope.csi.forth.gr!kermit From: kermit@calliope.csi.forth.gr (Aggelos D. Keromitis) Newsgroups: sci.crypt Subject: Stealth-PGP (Q) Date: 17 Feb 1994 13:47:44 GMT Organization: Institute of Computer Science, FORTH Hellas Lines: 23 Message-ID: <2jvsi0INNr77@pythia.csi.forth.gr> NNTP-Posting-Host: calliope.csi.forth.gr Summary: Question about development on Stealth-PGP Keywords: stealth PGP cryptography ftp fsp docs X-Newsreader: TIN [version 1.1 PL8] I noticed in the cypherpunks list that someone there said that he'd get his hands on Stealth-PGP in a few days. Anyone knows anything about it? -Aggelos PS. For those who dont know what Stealth-PGP is, it's supposed to encrypt messages into noise...thats all i know too :) PS2. There has been quite some use of the FSP site i set up, so i finally took the time to make thm available via ftp. The site is: ftp.csd.uch.gr:/pub/incoming/kermit/crypt/ Please do not upload any docs there (email them to me instead) and keep in mind that there is a low limit on ftp users, so use FSP whenever possible. -- ----------------------------------------------------------------------------- Aggelos Keromitis kermit@csd.uch.gr Network Operations Center/FORTHnet (noc@ics.forth.gr) kermit@ics.forth.gr Heraclion, Greece kermit@grearn.bitnet Finger kermit@calliope.ics.forth.gr for public PGP key ----------------------------------------------------------------------------- THERE ARE VERY FEW PROBLEMS THAT CAN'T BE SOLVED... ...WITH AN APPLICATION OF HIGH EXPLOSIVES! ----------------------------------------------------------------------------- Path: math.fu-berlin.de!zrz.TU-Berlin.DE!netmbx.de!Germany.EU.net!EU.net!sun4nl!hacktic!consolat.hacktic.nl!consgate.hacktic.nl!somedude From: somedude@consgate.hacktic.nl (somedude) Newsgroups: sci.crypt Subject: Stealth-PGP (Q) Message-ID: <000_9402182014@consgate.hacktic.nl> Date: 18 Feb 94 13:01:02 +0000 Organization: I hate originz.. (65:66/2) X-Mail-Agent: GIGO unreg at consgate vsn 0.98w32 X-FTN-To: kermit@calliope.csi.forth.gr Lines: 9 > PS. For those who dont know what Stealth-PGP is, it's > supposed to encrypt > messages into noise...thats all i know too :) Hmmm, just as a sidenote. The CryPt Newsletter, a few issues back, featured a program to 'hide' information within a graphics format. Of course, if you know where to look you can find it. Is this any different with Stealth-PGP? I'm afraid I missed the original posting. Or is the trick that they can't prove it's anything other than noise? ;) Xref: math.fu-berlin.de alt.security.pgp:8897 sci.crypt:19527 Path: math.fu-berlin.de!MathWorks.Com!yeshua.marcam.com!usc!howland.reston.ans.net!vixen.cso.uiuc.edu!moe.ksu.ksu.edu!engr.uark.edu!news.ualr.edu!news.ualr.edu!nntp Newsgroups: alt.security.pgp,sci.crypt Subject: PGP broken? Message-ID: <1994Feb17.214747.2936@news> From: CDWALKER@acs.harding.edu (Chris Walker) Date: 17 Feb 94 21:47:47 -0600 Distribution: world Organization: Harding University Nntp-Posting-Host: acs.harding.edu X-News-Reader: VMS NEWS 1.24 Lines: 21 About 2 weeks ago, on alt.security.pgp, an article was posted that didnt seem to generate much discussion. It included a paper written by Bill Payne on how easy it was to crack RSA cryptography (which is what PGP is based on). Is there any valididty to any of that article? Im a math major, but the math discussed in the article is still way beyond what I;ve had yet. Is this guy an target? or is he a kook? __ PGP public key for: Chris Walker -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi1VPFAAAAEEAMwOf3I72xSTuy1oDyZ2sxN9nlY0zp46H8KpsJvWKCLAAxf6 +fiS5YKbIylp1Nd+Y9Ru60WHwiu32QpwI0sEcd7Jv5Z6+cbeiHVW8gbG6+JQb6BV kgl7WGDCrnsi6P7W0XhncDGo4ZBlwWbYHWyt6642OoRJsuA+MRoyreq2ir7pAAUR tCdDaHJpcyBXYWxrZXIgPGNkd2Fsa2VyQGFjcy5oYXJkaW5nLmVkdT4= =g83f -----END PGP PUBLIC KEY BLOCK----- Xref: math.fu-berlin.de sci.crypt:19537 alt.security.pgp:8908 Path: math.fu-berlin.de!MathWorks.Com!yeshua.marcam.com!usc!howland.reston.ans.net!pipex!uunet!utcsri!csri.toronto.edu!blaak Newsgroups: sci.crypt,alt.security.pgp From: blaak@csri.toronto.edu (Raymond Blaak) Subject: Re: PGP broken? Message-ID: <1994Feb18.091147.15008@jarvis.csri.toronto.edu> References: <1994Feb17.214747.2936@news> Date: 18 Feb 94 14:11:47 GMT Lines: 22 CDWALKER@acs.harding.edu (Chris Walker) writes: > About 2 weeks ago, on alt.security.pgp, an article was posted that didnt seem >to generate much discussion. It included a paper written by Bill Payne on how >easy it was to crack RSA cryptography (which is what PGP is based on). Is there >any valididty to any of that article? Im a math major, but the math discussed >in the article is still way beyond what I;ve had yet. > Is this guy an target? or is he a kook? Bill Payne claimed to have an efficient way of calculating phi(n), which if true, allows one to calculate the private key of the RSA algorithm. It turns out that his algorithm is O(phi(n)), and since phi(n) is almost as big as n, and n in the RSA setting is at least hundreds of digits, the algorithm would take a long, long time. (i.e. Consider how long it would take for the fastest computer you can think of to count to 10^200.) Cheers, Ray Blaak blaak@csri.toronto.edu Xref: math.fu-berlin.de alt.security.pgp:8949 sci.crypt:19592 Newsgroups: alt.security.pgp,sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!wupost!csus.edu!netcom.com!mpd From: mpd@netcom.com (Mike Duvos) Subject: Re: PGP broken? Message-ID: Organization: NETCOM On-line Communication Services (408 241-9760 guest) References: <1994Feb17.214747.2936@news> Date: Sat, 19 Feb 1994 22:26:32 GMT Lines: 27 CDWALKER@acs.harding.edu (Chris Walker) writes: > About 2 weeks ago, on alt.security.pgp, an article was posted that didnt seem >to generate much discussion. It included a paper written by Bill Payne on how >easy it was to crack RSA cryptography (which is what PGP is based on). Is there >any valididty to any of that article? Im a math major, but the math discussed >in the article is still way beyond what I;ve had yet. > Is this guy an target? or is he a kook? Kook may be an unkind word. His algorithm is kind of cute but unfortunately requires a number of steps roughly proportional to PHI(N) in order to work. This is much worse than the leading factorization algorithms available today, which still cannot break RSA for any reasonable key size. Thus, PGP is definitely not broken. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd@netcom.com $ via Finger. $ -- --- Mike Duvos $ PGP 2.3a Public Key available $ mpd@netcom.com $ via Finger. $ Xref: math.fu-berlin.de alt.security.pgp:9024 sci.crypt:19650 Newsgroups: alt.security.pgp,sci.crypt From: nicho@olympus.demon.co.uk (Gregory Stewart-Nicholls) Path: math.fu-berlin.de!MathWorks.Com!yeshua.marcam.com!news.kei.com!sol.ctr.columbia.edu!howland.reston.ans.net!pipex!bnr.co.uk!uknet!demon!olympus.demon.co.uk!nicho Subject: Re: PGP broken? References: <1994Feb17.214747.2936@news> Organization: TeknoLogika ltd Reply-To: nicho@olympus.demon.co.uk X-Newsreader: Demon Internet Simple News v1.27 Lines: 27 Date: Mon, 21 Feb 1994 19:51:11 +0000 Message-ID: <761860271snz@olympus.demon.co.uk> Sender: usenet@demon.co.uk In article mpd@netcom.com "Mike Duvos" writes: > CDWALKER@acs.harding.edu (Chris Walker) writes: > > > About 2 weeks ago, on alt.security.pgp, an article was posted that didnt > seem > >to generate much discussion. It included a paper written by Bill Payne on how > >easy it was to crack RSA cryptography (which is what PGP is based on). Is > there > >any valididty to any of that article? Im a math major, but the math discussed > >in the article is still way beyond what I;ve had yet. > > Is this guy an target? or is he a kook? > > Kook may be an unkind word. His algorithm is kind of cute but > unfortunately requires a number of steps roughly proportional to > PHI(N) in order to work. This is much worse than the leading > factorization algorithms available today, which still cannot > break RSA for any reasonable key size. > > Thus, PGP is definitely not broken. Ummm pardon me, but I understood that PGP uses IDEA encryption for the plaintext, and only uses RSA to exchange IDEA keys. Can someone explain what I've misunderstood. -- Vidi | Gregory Stewart-Nicholls Vici | nicho@olympus.demon.co.uk Veni | TeknoLogika ltd Xref: math.fu-berlin.de alt.security.pgp:9040 sci.crypt:19658 Newsgroups: alt.security.pgp,sci.crypt Path: math.fu-berlin.de!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!csulb.edu!csus.edu!netcom.com!mpd From: mpd@netcom.com (Mike Duvos) Subject: Re: PGP broken? Message-ID: Organization: NETCOM On-line Communication Services (408 241-9760 guest) References: <1994Feb17.214747.2936@news> <761860271snz@olympus.demon.co.uk> Date: Tue, 22 Feb 1994 02:31:36 GMT Lines: 26 nicho@olympus.demon.co.uk (Gregory Stewart-Nicholls) writes: >> Kook may be an unkind word. His algorithm is kind of cute but >> unfortunately requires a number of steps roughly proportional to >> PHI(N) in order to work. This is much worse than the leading >> factorization algorithms available today, which still cannot >> break RSA for any reasonable key size. >> >> Thus, PGP is definitely not broken. > Ummm pardon me, but I understood that PGP uses IDEA encryption for the >plaintext, and only uses RSA to exchange IDEA keys. Can someone explain >what I've misunderstood. The question was about a paper written by someone who claimed that RSA was "easy to break". This turns out not to be the case. If you could break RSA, you could get the random IDEA key which PGP encrypts with RSA, and decipher the message. A direct attack on IDEA would produce the same result, but that wasn't the question being asked. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd@netcom.com $ via Finger. $ Newsgroups: sci.crypt Path: math.fu-berlin.de!zrz.TU-Berlin.DE!netmbx.de!Germany.EU.net!EU.net!howland.reston.ans.net!wupost!decwrl!pa.dec.com!cuug.ab.ca!pringler From: pringler@cuug.ab.ca (Randy Pringle) Message-ID: <9402180935.AA05244@sun> Subject: Scripts Nested PGP remailing Date: Fri, 18 Feb 1994 02:35:48 -0700 (MST) X-Received: by usenet.pa.dec.com; id AA16055; Fri, 18 Feb 94 01:35:42 -0800 X-Received: from cuugnet.cuug.ab.ca by inet-gw-1.pa.dec.com (5.65/13Jan94) id AA13099; Fri, 18 Feb 94 01:32:06 -0800 X-Received: from sun.cuug.ab.ca by cuugnet.cuug.ab.ca (AIX 3.2/UCB 5.64/4.05) id AA18610; Fri, 18 Feb 1994 02:28:15 -0700 X-Received: by sun (4.1//ident-1.0) id AA05244; Fri, 18 Feb 94 02:35:49 MST X-To: sci.crypt.usenet X-Mailer: ELM [version 2.4 PL23] X-Content-Type: text X-Content-Length: 598 Lines: 14 Hi. I'm looking for a few scripts that will allow to easily use nested encrypted and multiple remailers. I had a copy of something called pop.send and pop.mail that I got off of the soda ftp site. The problem was it would just lock up if I picked anything other remailers that didn't support encryption. Tried looking for any problems with script, but didn't see anything that would cause problems. Tried copying pgp directly into my Mail dir, still no dice. So..to make a long story short, anyone have any useful scripts? Doing this stuff manually is pretty slow. Thanks, Pringler@cuug.ab.ca Path: math.fu-berlin.de!zrz.TU-Berlin.DE!netmbx.de!Germany.EU.net!EU.net!howland.reston.ans.net!math.ohio-state.edu!news.acns.nwu.edu!uicvm.uic.edu!earlham.edu!earlham.edu!nntp Newsgroups: sci.crypt Subject: DES and PGP Message-ID: <1994Feb20.143237.1076@earlham.edu> From: evansbe@bufo.math.earlham.edu (Ben Evans) Date: 20 Feb 94 14:32:35 EST Nntp-Posting-Host: hyla.math.earlham.edu Lines: 5 Could someone please mail me the algorithms or tell me where I could find them for DES and PGP encryption I would really appreciate it -Thanx -Elric Evansbe@math.earlham.edu Xref: math.fu-berlin.de alt.security.pgp:9180 sci.crypt:19778 Newsgroups: alt.security.pgp,sci.crypt Path: math.fu-berlin.de!zib-berlin.de!netmbx.de!Germany.EU.net!EU.net!howland.reston.ans.net!agate!library.ucla.edu!csulb.edu!csus.edu!netcom.com!qwerty From: qwerty@netcom.com (-=Xenon=-) Subject: Stealth for PGP Available. Message-ID: Organization: PGP Info Clearinghouse. Date: Thu, 24 Feb 1994 08:34:24 GMT Lines: 188 -----BEGIN PGP SIGNED MESSAGE----- I have placed Stealth1.0 up for anonymous ftp at netcom.com in /pub/qwerty as stealth.tar.Z. I am not the author of Stealth. "Henry Hastur" is the author. I will gladly forward mail to him if you tell me to do so. My address is qwerty@netcom.com. So far it is only written for Unix, so don't e-mail me asking for a DOS version or whatever. I'm just a cheerleader and propagandist, who finally got some very kind soul to "write me a real encryptor". Why Stealth? Wired magazine just gave a plug for the Mac program "Stego" (ftp to sumex-aim.stanford.edu in /info-mac/cmp) by Romana Machado, which will, like any steganograph, hide a message in a carrier message. Problem is, anybody can reverse it, and if you are using PGP, immediately tell you are one of those drug dealing, child molesting, cryptography users ;-). Once Stealth is incorporated into such steganographs, then people can't easily tell that what they've extracted out of that picture of Madonna is even a message at all. If they don't have the right secret key to decrypt it, then all they get is garbage. "What message?!" Questions: 1) What does Stealth have to do with farming? 2) How do stealth encryptors make the Clipper chip look like a stupid waste of YOUR tax money? [Answers: 1) Zip, 2) By demonstrating that even if the Clipper keys are stolen, without your secret key they can't even tell you are using PGP]. -=Xenon=- Stealth V1.0 by Henry Hastur ---------------------------- Stealth is a simple filter for PGP which strips off all identifying header information to leave only the encrypted data in a format suitable for steganographic use. That is, the data can be hidden in images, audio files, text files, CAD files, and/or any other file type that may contain random data, then sent to another person who can retrieve the data from the file, attach headers, and PGP decrypt it. Stealth is not intended to replace the standardized methods of using encryption (e.g. ASCII-armoured PGP email) ; in an ideal world we would all be able to send openly encrypted mail or files to each other with no fear of reprisals, however there are often cases when this is not possible, either because the local government does not approve of encrypted communication, or perhaps because you are working for a company that does not allow encrypted email but doesn't care about Mandelbrot GIFs. This is where Stealth and steganography can come into play. Compiling - - --------- Stealth has currently only been tested on BSD and SVR4 Unix (and as such should work with most varieties of Unix), with both non-ANSI compilers and ANSI compilers with 'minimal ANSI' flags. In order to compile the program, you should just be able to extract the files from the tar file provided, then type 'make'. If that fails you may need to change the definition of CC and CFLAGS in the makefile to get it to compile. On machines with gcc, the GNU C compiler, Stealth can be compiled by simply changing the 'CC=cc' line in makefile to 'CC=gcc'. Stealth has not yet been tested on MS-DOS, but the only likely problems are with 16-bit integers (you may need to change some occurrences of int to long in order to get stealth to work), and you will need to remove the -DUNIX flag from compilations. Hopefully, version 1.1 will be released shortly with full DOS compatibility. Usage - - ----- Stealth always reads from its standard input and writes to the standard output, though when adding headers to data the data has to be stored in a temporary file (see Security Concerns below). Command line arguments : -c Conventional encryption used rather than public key -a Add headers (defaults to strip headers) -v Verbose output. Stealth needs to be able to find your pubring.pgp file, which it does by first checking in the directory pointed to by $PGPPATH, then the current directory. Examples - - -------- To encrypt a file with PGP and store it in the file pgp.stl prior to sending : pgp -ef < secrets.dat | stealth > pgp.stl To encrypt a file with conventional (IDEA) encryption, and pass to a steganography program called steg_program : pgp -fec < secrets.dat | stealth -c | steg_program To take the output from a steganographic extraction tool, add headers for key "Your Id", and decrypt : steg_program | stealth -a "Your Id" | pgp -f > secrets.dat To take the conventionally encrypted output from a steg program, attach headers and decrypt : steg_program | stealth -ac | pgp -f > secrets.dat Limitations - - ----------- Files can be signed, but can only be encrypted to one recipient - extra RSA headers for all but the first recipient will be stripped from the file. In addition, if you specify conventional encryption but pass an RSA-encrypted file into the filter the RSA-block will be stripped. In either case, stealth will print out warnings to inform you of this. Stealth provides no support for ASCII-armoured PGP messages - it will only work with the binary output format, and the output will have to be converted to a useable form after processing, either with a steganography program or a standard utility such as uuencode. Finally, for technical reasons there are potential problems with public keys of size (typically) 2^n + 1 or 2^n + 2 (e.g. 513 or 1026). If you are encrypting to a key of a peculiar size, it's possible that the algorithm used to add headers could fail, but fortunately this can be detected while stripping the headers, and a warning will be printed. If this warning appears, you will probably want to encrypt the data again until a suitably sized RSA-block is created. It is NOT neccesary to remove garbage data that the steganography program may have added to the end of the PGP-encrypted data. PGP output contains an encrypted end-of-file mark that allows the program to decrypt correctly and ignore any trailing garbage. Security Concerns - - ----------------- After passing through the stealth filter, the PGP-encrypted data is essentially white noise, with no identifying marks, and whilst it may well have enough peculiarities for an expert cryptanalyst to recognize it as encrypted data, the probability is much less than would be the case with a PGP header identifying the recipient attached. One other concern is that stealth has to create a temporary file when reading in data to attach headers, and depending on the build options chosen the program will store it in either $PGPPATH, the current directory or /tmp. On Unix machines, the file will be deleted as soon as it is opened, making it difficult to capture, but on other operating systems the file will only be deleted when it has been used. (In either case the file will be zeroed before being closed). In addition, some operating systems will use temporary files on your disk to emulate unix pipes (e.g. MS-DOS) - these files will not be zeroed when finished with ! Export Restrictions - - ------------------- Stealth is probably not covered by current export restrictions under the US ITAR regs, but I'm not a lawyer, so if in doubt check it out yourself. It was written outside the US and imported, so should soon be available on some European ftp sites as well as US sites. Henry Hastur -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLWwfawSzG6zrQn1RAQEjlQP/d85opZ6aMXfFpDu/KQz0DAzFxXNjiSZy 9l56kIUkmAx0aT5qF3UAg2UTDagiJlFNz6UXFhEKBkDV4JLJPq5C8HtsdpCiSLWr vVD2IEdASEd9ALCQMLS/YxVv6GG85n+phyoEV5ALsD1f0y4Nbk2Gfb+rexk5rN3a hFYRUekVuNY= =pkdK -----END PGP SIGNATURE-----