home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Ian & Stuart's Australian Mac: Not for Sale
/
Another.not.for.sale (Australia).iso
/
hold me in your arms
/
PGP Info
/
PGPFAQ6.ZIP
/
PGPFAQ-3.ASC
< prev
next >
Wrap
PGP Signed Message
|
1994-01-26
|
46KB
|
976 lines
-----BEGIN PGP SIGNED MESSAGE-----
========================================================================
Appendix II - Glossary of Cryptographic Terms
========================================================================
Chosen Plain Text Attack
This is the next step up from the Known Plain Text Attack. In this
version, the cryptoanalysit can choose what plain text message he wishes
to encrypt and view the results, as opposed to simply taking any old
plain text that he might happen to lay his hands on. If he can recover
the key, he can use it to decode all data encrypted under this key. This
is a much stronger form of attack than known plain text. The better
encryption systems will resist this form of attack.
Clipper
A chip developed by the United States Government that was to be used as
the standard chip in all encrypted communications. Aside from the fact
that all details of how the Clipper chip work remain classified, the
biggest concern was the fact that it has an acknowledged trap door in it
to allow the government to eavesdrop on anyone using Clipper provided
they first obtained a wiretap warrant. This fact, along with the fact
that it can't be exported from the United States, has lead a number of
large corporations to oppose the idea. Clipper uses an 80 bit key to
perform a series of nonlinear transformation on a 64 bit data block.
DES (Data Encryption Standard)
A data encryption standard developed by the United States Government. It
was criticized because the research that went into the development of the
standard remained classified. Concerns were raised that there might be
hidden trap doors in the logic that would allow the government to break
anyone's code if they wanted to listen in. DES uses a 56 bit key to
perform a series of nonlinear transformation on a 64 bit data block.
Even when it was first introduced a number of years ago, it was
criticized for not having a long enough key. 56 bits just didn't put it
far enough out of reach of a brute force attack. Today, with the
increasing speed of hardware and its falling cost, it would be feasible,
to build a machine that could crack a 56 bit key in under a day's time.
It is not known if such a machine has really been built, but the fact
that it is feasible tends to weaken the security of DES substantially.
I would like to thank Paul Leyland <pcl@ox.ac.uk> for the following
information relating to the cost of building such a DES cracking machine:
_Efficient DES Key Search_
At Crypto 93, Michael Wiener gave a paper with the above title. He
showed how a DES key search engine could be built for $1 million which
can do exhaustive search in 7 hours. Expected time to find a key from
a matching pair of 64-bit plaintext and 64-bit ciphertext is 3.5 hours.
So far as I can tell, the machine is scalable, which implies that a
$100M machine could find keys every couple of minutes or so.
The machine is fairly reliable: an error analysis implies that the mean
time between failure is about 270 keys.
The final sentence in the abstract is telling: In the light of this
work, it would be prudent in many applications to use DES in triple-
encryption mode.
I only have portions of a virtually illegible FAX copy, so please don't
ask me for much more detail. A complete copy of the paper is being
snailed to me.
Paul C. Leyland <pcl@ox.ac.uk>
Laszlo Baranyi <laszlo@instrlab.kth.se> says that the full paper is
available in PostScript via ftp from:
ftp.eff.org:/pub/crypto/des_key_search.ps
cpsr.org:/cpsr/crypto/des/des_key_search.ps
cpsr.org also makes it available via their Gopher service.
EFF (Electronic Frontier Foundation)
The Electronic Frontier Foundation (EFF) was founded in July, 1990, to
assure freedom of expression in digital media, with a particular emphasis
on applying the principles embodied in the Constitution and the Bill of
Rights to computer-based communication. For further information, contact:
Electronic Frontier Foundation
1001 G St., NW
Suite 950 East
Washington, DC 20001
+1 202 347 5400
+1 202 393 5509 FAX
Internet: eff@eff.org
IDEA (International Data Encryption Algorithm)
Developed in Switzerland and licensed for non commercial use in PGP. IDEA
uses a 128 bit user supplied key to perform a series of nonlinear
mathematical transformations on a 64 bit data block. Compare the length
of this key with the 56 bits in DES or the 80 bits in Clipper.
ITAR (International Traffic in Arms Regulations)
ITAR are the regulations covering the exporting of weapons and weapons
related technology from the United States. For some strange reason, the
government claims that data encryption is a weapon and comes under the
ITAR regulations. There is presently a move in congress to relax the
section of ITAR dealing with cryptographic technology.
Known Plain Text Attack
A method of attack on a crypto system where the cryptoanalysit has
matching copies of plain text, and its encrypted version. With weaker
encryption systems, this can improve the chances of cracking the code and
getting at the plain text of other messages where the plain text is not
known.
MD5 (Message Digest Algorithm #5)
The message digest algorithm used in PGP is the MD5 Message Digest
Algorithm, placed in the public domain by RSA Data Security, Inc. MD5's
designer, Ronald Rivest, writes this about MD5:
"It is conjectured that the difficulty of coming up with two messages
having the same message digest is on the order of 2^64 operations, and
that the difficulty of coming up with any message having a given
message digest is on the order of 2^128 operations. The MD5 algorithm
has been carefully scrutinized for weaknesses. It is, however, a
relatively new algorithm and further security analysis is of course
justified, as is the case with any new proposal of this sort. The
level of security provided by MD5 should be sufficient for implementing
very high security hybrid digital signature schemes based on MD5 and
the RSA public-key cryptosystem."
NSA (National Security Agency)
The following was lifted unedited except for formatting from the
sci.crypt FAQ:
The NSA is the official communications security body of the U.S.
government. It was given its charter by President Truman in the early
50's, and has continued research in cryptology till the present. The NSA
is known to be the largest employer of mathematicians in the world, and
is also the largest purchaser of computer hardware in the world.
Governments in general have always been prime employers of cryptologists.
The NSA probably possesses cryptographic expertise many years ahead of
the public state of the art, and can undoubtedly break many of the
systems used in practice; but for reasons of national security almost all
information about the NSA is classified.
One Time Pad
The one time pad is the ONLY encryption scheme that can be proven to be
absolutely unbreakable! It is used extensively by spies because it
doesn't require any hardware to implement and because of its absolute
security. This algorithm requires the generation of many sets of matching
encryption keys pads. Each pad consists of a number of random key
characters. These key characters are chosen completely at random using
some truly random process. They are NOT generated by any kind of
cryptographic key generator. Each party involved receives matching sets
of pads. Each key character in the pad is used to encrypt one and only
one plain text character, then the key character is never used again. Any
violation of these conditions negates the perfect security available in
the one time pad.
So why don't we use the one time pad all the time? The answer is that the
number of random key pads that need to be generated must be at least
equal to the volume of plain text messages to be encrypted, and the fact
that these key pads must somehow be exchanged ahead of time. This becomes
totally impractical in modern high speed communications systems.
Among the more famous of the communications links using a one time pad
scheme is the Washington to Moscow hot line.
PEM (Privacy Enhanced Mail)
The following was taken from the sci.crypt FAQ:
How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]?
Here's one popular method, using the des command:
cat file | compress | des private_key | uuencode | mail
Meanwhile, there is a de jure Internet standard in the works called PEM
(Privacy Enhanced Mail). It is described in RFCs 1421 through 1424. To
join the PEM mailing list, contact pem-dev-request@tis.com. There is a
beta version of PEM being tested at the time of this writing.
There are also two programs available in the public domain for encrypting
mail: PGP and RIPEM. Both are available by FTP. Each has its own news
group: alt.security.pgp and alt.security.ripem. Each has its own FAQ as
well. PGP is most commonly used outside the USA since it uses the RSA
algorithm without a license and RSA's patent is valid only (or at least
primarily) in the USA.
RIPEM is most commonly used inside the USA since it uses the RSAREF which
is freely available within the USA but not available for shipment outside
the USA.
Since both programs use a secret key algorithm for encrypting the body of
the message (PGP used IDEA; RIPEM uses DES) and RSA for encrypting the
message key, they should be able to interoperate freely. Although there
have been repeated calls for each to understand the other's formats and
algorithm choices, no interoperation is available at this time (as far as
we know).
PGP (Pretty Good Privacy)
PKP (Public Key Partners)
Claim to have a patent on RSA.
RIPEM
See PEM
RSA (Rivest-Shamir-Adleman)
RSA is the public key encryption method used in PGP. RSA are the initials
of the developers of the algorithm which was done at tax payer expense.
The basic security in RSA comes from the fact that, while it is
relatively easy to multiply two huge prime numbers together to obtain
their product, it is computationally difficult to go the reverse
direction: to find the two prime factors of a given composite number. It
is this one-way nature of RSA that allows an encryption key to be
generated and disclosed to the world, and yet not allow a message to be
decrypted.
Skipjack
See Clipper
TEMPEST
TEMPEST is a standard for electromagnetic shielding for computer
equipment. It was created in response to the fact that information can
be read from computer radiation (e.g., from a CRT) at quite a distance
and with little effort. Needless to say, encryption doesn't do much good
if the cleartext is available this way. The typical home computer WOULD
fail ALL of the TEMPEST standards by a long shot. So, if you are doing
anything illegal, don't expect PGP or any other encryption program to
save you. The government could just set up a monitoring van outside your
home and read everything that you are doing on your computer.
Short of shelling out the ten thousand dollars or so that it would take
to properly shield your computer, a good second choice might be a laptop
computer running on batteries. No emissions would be fed back into the
power lines, and the amount of power being fed to the display and being
consumed by the computer is much less than the typical home computer and
CRT. This provides a much weaker RF field for snoopers to monitor. It
still isn't safe, just safer. In addition, a laptop computer has the
advantage of not being anchored to one location. Anyone trying to
monitor your emissions would have to follow you around, maybe making
themselves a little more obvious. I must emphasize again that a laptop
still is NOT safe from a tempest standpoint, just safer than the standard
personal computer.
========================================================================
Appendix III - Cypherpunks
========================================================================
> What are Cypherpunks?
> What is the cypherpunks mailing list?
Eric Hughes <hughes@toad.com> runs the "cypherpunk" mailing list
dedicated to "discussion about technological defenses for privacy in the
digital domain." Frequent topics include voice and data encryption,
anonymous remailers, and the Clipper chip. Send e-mail to cypherpunks-
request@toad.com to be added or subtracted from the list. The mailing
list itself is cypherpunks@toad.com. You don't need to be a member of the
list in order to send messages to it, thus allowing the use of anonymous
remailers to post your more sensitive messages that you just as soon
would not be credited to you. (Traffic is sometimes up to 30-40 messages
per day.)
> What is the purpose of the Cypherpunk remailers?
The purpose of these remailers is to take privacy one level further.
While a third party who is snooping on the net may not be able to read
the encrypted mail that you are sending, he is still able to know who you
are sending mail to. This could possibly give him some useful
information. This is called traffic flow analysis. To counter this type
of attack, you can use a third party whose function is simply to remail
your message with his return address on it instead of yours.
Two types of remailers exist. The first type only accepts plain text
remailing headers. This type would only be used if your goal was only to
prevent the person to whom your are sending mail from learning your
identity. It would do nothing for the problem of net eavesdroppers from
learning to whom you are sending mail.
The second type of remailer accepts encrypted remailing headers. With
this type of remailer, you encrypt your message twice. First, you encrypt
it to the person ultimately receiving the message. You then add the
remailing header and encrypt it again using the key for the remailer that
you are using. When the remailer receives your message, the system will
recognize that the header is encrypted and will use its secret decryption
key to decrypt the message. He can now read the forwarding information,
but because the body of the message is still encrypted in the key of
another party, he is unable to read your mail. He simply remails the
message to the proper destination. At its ultimate destination, the
recipient uses his secret to decrypt this nested encryption and reads the
message.
Since this process of multiple encryptions and remailing headers can get
quite involved, there are several programs available to simplify the
process. FTP to soda.berkeley.edu and examine the directory
/pub/cypherpunks/remailers for the programs that are available.
> Where are the currently active Cypherpunk remailers?
Any additions, deletions, or corrections to the following list should be
posted on alt.security.pgp and forwarded to me for inclusion in a future
release of the FAQ. The number appearing in the first column has the
following meaning:
1: Remailer accepts only plain text headers.
2: Remailer accepts both plain text and encrypted headers.
3: Remailer accepts only encrypted headers.
Only remailers whose operational status has been verified by me appear on
this list. Remember, however, that this list is subject to change quite
often. Always send yourself a test message through the Remailer before
starting to use it for real.
1 hh@pmantis.berkeley.edu
1 hh@cicada.berkeley.edu
1 hh@soda.berkeley.edu
hh@soda.berkeley.edu also supports these header commands:
Post-To: <USENET GROUP(S)> (Regular posting to USENET)
Anon-Post-To: <USENET GROUP(S)> (Anonymous posting to USENET)
1 nowhere@bsu-cs.bsu.edu
1 remail@tamsun.tamu.edu
2 ebrandt@jarthur.claremont.edu
2 hal@alumni.caltech.edu [Fwd: hfinney@shell.portal.com]
2 elee7h5@rosebud.ee.uh.edu
2 hfinney@shell.portal.com
2 remailer@utter.dis.org
1 00x@uclink.berkeley.edu [Fwd: hh@soda.berkeley.edu]
2 remailer@rebma.mn.org
3 remail@extropia.wimsey.com
The following former Cypherpunk remailers are no longer in service.
Either a message stating that the system had been shutdown was received,
or the test message was returned due to an invalid address, or no test
message was returned after three attempts.
phantom@mead.u.washington.edu [Shutdown message returned]
remail@tamaix.tamu.edu [Mail returned, invalid address]
> Are there other anonymous remailers besides the cypherpunk remailers?
Yes, the most commonly used remailer on the Internet is in Finland. It is
known as anon.penet.fi. The syntax for sending mail through this remailer
is different from the cypherpunk remailers. For example, if you wanted to
send mail to me (gbe@netcom.com) through anon.penet.fi, you would send
the mail to "gbe%netcom.com@anon.penet.fi". Notice that the "@" sign in
my Internet address is changed to a "%". Unlike the cypherpunk remailers,
anon.penet.fi directly supports anonymous return addresses. Anybody using
the remailer is assigned an anonymous id of the form "an?????" where
"?????" is filled in with a number representing that user. To send mail
to someone when you only know their anonymous address, address your mail
to "an?????@anon.penet.fi" replacing the question marks with the user id
you are interested in. For additional information on anon.penet.fi, send
a blank message to "help@anon.penet.fi". You will receive complete
instructions on how to use the remailer, including how to obtain a pass
phrase on the system.
> Where can I learn more about Cypherpunks?
FTP: soda.berkeley.edu Directory: /pub/cypherpunks
> What is the command syntax?
The first non blank line in the message must start with two colons (::).
The next line must contain the user defined header "Request-Remailing-To:
<destination>". This line must be followed by a blank line. Finally, your
message can occupy the rest of the space. As an example, if you wanted to
send a message to me via a remailer , you would compose the following
message:
::
Request-Remailing-To: gbe@netcom.com
[body of message]
You would then send the above message to the desired remailer. Note the
section labeled "body of message" may be either a plain text message, or
an encrypted and armored PGP message addressed to the desired recipient.
To send the above message with an encrypted header, use PGP to encrypt
the entire message shown above to the desired remailer. Be sure to take
the output in armored text form. In front of the BEGIN PGP MESSAGE
portion of the file, insert two colons (::) as the first non-blank line
of the file. The next line should say "Encrypted: PGP". Finally the third
line should be blank. The message now looks as follows:
::
Encrypted: PGP
-----BEGIN PGP MESSAGE-----
Version 2.3a
[body of pgp message]
-----END PGP MESSAGE-----
You would then send the above message to the desired remailer just as you
did in the case of the non-encrypted header. Note that it is possible to
chain remailers together so that the message passes through several
levels of anonymity before it reaches its ultimate destination.
=======================================================================
Appendix IV - How to obtain articles from Wired Magazine
=======================================================================
Greetings from the WIRED INFOBOT!
This file provides both an index to some general Wired information files
and instructions for getting specific listings of the articles from back
issues of Wired via email.
* * *
Wired General Information Files
* * *
To retrieve the following files, send an email message to
infobot@wired.com containing the word "get" or "send," followed by the
name of the file, in the body of the message. For instance, to retrieve
the submission guide for Wired writers, you would send a message to the
InfoBot containing the following line:
send writers.guidelines
The files will be returned to you via email.
For more information, see the Help file, which can be obtained by
sending a message to the InfoBot containing the following line:
help
General information files currently available from the Wired InfoBot
include the following:
File Description
- ---- -----------
index This file
writers.guidelines Submissions guide for writers
ad.rates Advertising rates and other details
visions New Voices, New Visions 1994
wired.wonders Seven Wired Wonders article (Wired 1.6) plus
some additional Wired Wonders not listed
in print.
* * *
Retrieving Files from Previous Issues of Wired
* * *
To retrieve files from back issues of Wired, you first need to retrieve
the index of the files contained in those issues. In order to make file
size more manageable, there are two index files per issue, one for
regular _Wired_ departments (such as Street Cred, Electric Word, and
Electrosphere), and one for feature articles specific to that issue.
To order an index, send a message to the Wired InfoBot containing the
"get" or "send" command, followed by the issue number, a "slash"
character ("/"), either the keyword "departments" or "features", another
"slash" character ("/"), and the word "index".
For those of you who like reading DOS or UNIX manuals, the general case
command looks a little something like this:
send <issue number>/[departments][features]/index
For those of you who prefer real examples, if, for instance, you wanted
to order the index to all the feature articles in Wired 1.2, you would
send the command
send 1.2/features/index
and to get the index to the regular Wired departments in issue 1.3, you
would send the command
send 1.3/departments/index
Once you have received the index, you can order specific articles by
simply substituting the keyword for that article for the word "index" in
the above commands. Thus, to order the Street Cred section of issue
1.3, you would send the command
send 1.3/departments/street-cred
and to get Bruce Sterling's Virtual War article from issue 1.1, you
would use the command
send 1.1/features/virtwar
Got it? Great! Happy reading...
* * *
Getting help from a Real Human Being
* * *
We at Wired understand that using any new technology can be frustrating.
If you have any problems using the Wired InfoBot, please send mail to
the Wired InfoBeing (infoman@wired.com), the real human assigned the
task of maintaining this service. Please be patient with the InfoBeing,
as it is also responsible for other important tasks here at Wired. For
instance, if you send a message to the InfoBeing but do not receive a
follow-up, please wait *at least* 24 hours (and hopefully longer) before
sending any additional messages.
We here at Wired Online look forward to expanding our services. If you
have questions or comments regarding this service or others we should
offer, please address them to online@wired.com.
Thanks for your support!!!
- --all us folks at Wired Online--
=======================================================================
Appendix V - Testimony of Philip Zimmermann to Congress.
Reproduced by permission.
=======================================================================
- From netcom.com!netcomsv!decwrl!sdd.hp.com!col.hp.com!csn!yuma!ld231782 Sun
Oct 10 07:55:51 1993
Xref: netcom.com talk.politics.crypto:650 comp.org.eff.talk:20832
alt.politics.org.nsa:89
Newsgroups: talk.politics.crypto,comp.org.eff.talk,alt.politics.org.nsa
Path: netcom.com!netcomsv!decwrl!sdd.hp.com!col.hp.com!csn!yuma!ld231782
From: ld231782@LANCE.ColoState.Edu (L. Detweiler)
Subject: ZIMMERMANN SPEAKS TO HOUSE SUBCOMMITTEE
Sender: news@yuma.ACNS.ColoState.EDU (News Account)
Message-ID: <Oct10.044212.45343@yuma.ACNS.ColoState.EDU>
Date: Sun, 10 Oct 1993 04:42:12 GMT
Nntp-Posting-Host: turner.lance.colostate.edu
Organization: Colorado State University, Fort Collins, CO 80523
Lines: 281
Date: Sat, 9 Oct 93 11:57:54 MDT
From: Philip Zimmermann <prz@acm.org>
Subject: Zimmerman testimony to House subcommittee
Testimony of Philip Zimmermann to
Subcommittee for Economic Policy, Trade, and the Environment
US House of Representatives
12 Oct 1993
Mr. Chairman and members of the committee, my name is Philip
Zimmermann, and I am a software engineer who specializes in
cryptography and data security. I'm here to talk to you today about
the need to change US export control policy for cryptographic
software. I want to thank you for the opportunity to be here and
commend you for your attention to this important issue.
I am the author of PGP (Pretty Good Privacy), a public-key encryption
software package for the protection of electronic mail. Since PGP
was published domestically as freeware in June of 1991, it has spread
organically all over the world and has since become the de facto
worldwide standard for encryption of E-mail. The US Customs Service
is investigating how PGP spread outside the US. Because I am a
target of this ongoing criminal investigation, my lawyer has advised
me not to answer any questions related to the investigation.
I. The information age is here.
Computers were developed in secret back in World War II mainly to
break codes. Ordinary people did not have access to computers,
because they were few in number and too expensive. Some people
postulated that there would never be a need for more than half a
dozen computers in the country. Governments formed their attitudes
toward cryptographic technology during this period. And these
attitudes persist today. Why would ordinary people need to have
access to good cryptography?
Another problem with cryptography in those days was that
cryptographic keys had to be distributed over secure channels so that
both parties could send encrypted traffic over insecure channels.
Governments solved that problem by dispatching key couriers with
satchels handcuffed to their wrists. Governments could afford to
send guys like these to their embassies overseas. But the great
masses of ordinary people would never have access to practical
cryptography if keys had to be distributed this way. No matter how
cheap and powerful personal computers might someday become, you just
can't send the keys electronically without the risk of interception.
This widened the feasibility gap between Government and personal
access to cryptography.
Today, we live in a new world that has had two major breakthroughs
that have an impact on this state of affairs. The first is the
coming of the personal computer and the information age. The second
breakthrough is public-key cryptography.
With the first breakthrough comes cheap ubiquitous personal
computers, modems, FAX machines, the Internet, E-mail, digital
cellular phones, personal digital assistants (PDAs), wireless digital
networks, ISDN, cable TV, and the data superhighway. This
information revolution is catalyzing the emergence of a global
economy.
But this renaissance in electronic digital communication brings with
it a disturbing erosion of our privacy. In the past, if the
Government wanted to violate the privacy of ordinary citizens, it had
to expend a certain amount of effort to intercept and steam open and
read paper mail, and listen to and possibly transcribe spoken
telephone conversation. This is analogous to catching fish with a
hook and a line, one fish at a time. Fortunately for freedom and
democracy, this kind of labor-intensive monitoring is not practical
on a large scale.
Today, electronic mail is gradually replacing conventional paper
mail, and is soon to be the norm for everyone, not the novelty is is
today. Unlike paper mail, E-mail messages are just too easy to
intercept and scan for interesting keywords. This can be done
easily, routinely, automatically, and undetectably on a grand scale.
This is analogous to driftnet fishing-- making a quantitative and
qualitative Orwellian difference to the health of democracy.
The second breakthrough came in the late 1970s, with the mathematics
of public key cryptography. This allows people to communicate
securely and conveniently with people they've never met, with no
prior exchange of keys over secure channels. No more special key
couriers with black bags. This, coupled with the trappings of the
information age, means the great masses of people can at last use
cryptography. This new technology also provides digital signatures
to authenticate transactions and messages, and allows for digital
money, with all the implications that has for an electronic digital
economy. (See appendix)
This convergence of technology-- cheap ubiquitous PCs, modems, FAX,
digital phones, information superhighways, et cetera-- is all part of
the information revolution. Encryption is just simple arithmetic to
all this digital hardware. All these devices will be using
encryption. The rest of the world uses it, and they laugh at the US
because we are railing against nature, trying to stop it. Trying to
stop this is like trying to legislate the tides and the weather. It's
like the buggy whip manufacturers trying to stop the cars-- even with
the NSA on their side, it's still impossible. The information
revolution is good for democracy-- good for a free market and trade.
It contributed to the fall of the Soviet empire. They couldn't stop
it either.
Soon, every off-the-shelf multimedia PC will become a secure voice
telephone, through the use of freely available software. What does
this mean for the Government's Clipper chip and key escrow systems?
Like every new technology, this comes at some cost. Cars pollute the
air. Cryptography can help criminals hide their activities. People
in the law enforcement and intelligence communities are going to look
at this only in their own terms. But even with these costs, we still
can't stop this from happening in a free market global economy. Most
people I talk to outside of Government feel that the net result of
providing privacy will be positive.
President Clinton is fond of saying that we should "make change our
friend". These sweeping technological changes have big implications,
but are unstoppable. Are we going to make change our friend? Or are
we going to criminalize cryptography? Are we going to incarcerate
our honest, well-intentioned software engineers?
Law enforcement and intelligence interests in the Government have
attempted many times to suppress the availability of strong domestic
encryption technology. The most recent examples are Senate Bill 266
which mandated back doors in crypto systems, the FBI Digital
Telephony bill, and the Clipper chip key escrow initiative. All of
these have met with strong opposition from industry and civil liberties
groups. It is impossible to obtain real privacy in the information
age without good cryptography.
The Clinton Administration has made it a major policy priority to
help build the National Information Infrastructure (NII). Yet, some
elements of the Government seems intent on deploying and entrenching
a communications infrastructure that would deny the citizenry the
ability to protect its privacy. This is unsettling because in a
democracy, it is possible for bad people to occasionally get
elected-- sometimes very bad people. Normally, a well-functioning
democracy has ways to remove these people from power. But the wrong
technology infrastructure could allow such a future government to
watch every move anyone makes to oppose it. It could very well be
the last government we ever elect.
When making public policy decisions about new technologies for the
Government, I think one should ask oneself which technologies would
best strengthen the hand of a police state. Then, do not allow the
Government to deploy those technologies. This is simply a matter of
good civic hygiene.
II. Export controls are outdated and are a threat to privacy and
economic competitivness.
The current export control regime makes no sense anymore, given
advances in technology.
There has been considerable debate about allowing the export of
implementations of the full 56-bit Data Encryption Standard (DES).
At a recent academic cryptography conference, Michael Wiener of Bell
Northern Research in Ottawa presented a paper on how to crack the DES
with a special machine. He has fully designed and tested a chip that
guesses DES keys at high speed until it finds the right one.
Although he has refrained from building the real chips so far, he can
get these chips manufactured for $10.50 each, and can build 57000 of
them into a special machine for $1 million that can try every DES key
in 7 hours, averaging a solution in 3.5 hours. $1 million can be
hidden in the budget of many companies. For $10 million, it takes 21
minutes to crack, and for $100 million, just two minutes. That's
full 56-bit DES, cracked in just two minutes. I'm sure the NSA can
do it in seconds, with their budget. This means that DES is now
effectively dead for purposes of serious data security applications.
If Congress acts now to enable the export of full DES products, it
will be a day late and a dollar short.
If a Boeing executive who carries his notebook computer to the Paris
airshow wants to use PGP to send email to his home office in Seattle,
are we helping American competitivness by arguing that he has even
potentially committed a federal crime?
Knowledge of cryptography is becoming so widespread, that export
controls are no longer effective at controlling the spread of this
technology. People everywhere can and do write good cryptographic
software, and we import it here but cannot export it, to the detriment
of our indigenous software industry.
I wrote PGP from information in the open literature, putting it into
a convenient package that everyone can use in a desktop or palmtop
computer. Then I gave it away for free, for the good of our
democracy. This could have popped up anywhere, and spread. Other
people could have and would have done it. And are doing it. Again
and again. All over the planet. This technology belongs to
everybody.
III. People want their privacy very badly.
PGP has spread like a prairie fire, fanned by countless people who
fervently want their privacy restored in the information age.
Today, human rights organizations are using PGP to protect their
people overseas. Amnesty International uses it. The human rights
group in the American Association for the Advancement of Science uses
it.
Some Americans don't understand why I should be this concerned about
the power of Government. But talking to people in Eastern Europe, you
don't have to explain it to them. They already get it-- and they
don't understand why we don't.
I want to read you a quote from some E-mail I got last week from
someone in Latvia, on the day that Boris Yeltsin was going to war
with his Parliament:
"Phil I wish you to know: let it never be, but if dictatorship
takes over Russia your PGP is widespread from Baltic to Far East
now and will help democratic people if necessary. Thanks."
Appendix -- How Public-Key Cryptography Works
- ---------------------------------------------
In conventional cryptosystems, such as the US Federal Data Encryption
Standard (DES), a single key is used for both encryption and
decryption. This means that a key must be initially transmitted via
secure channels so that both parties have it before encrypted
messages can be sent over insecure channels. This may be
inconvenient. If you have a secure channel for exchanging keys, then
why do you need cryptography in the first place?
In public key cryptosystems, everyone has two related complementary
keys, a publicly revealed key and a secret key. Each key unlocks the
code that the other key makes. Knowing the public key does not help
you deduce the corresponding secret key. The public key can be
published and widely disseminated across a communications network.
This protocol provides privacy without the need for the same kind of
secure channels that a conventional cryptosystem requires.
Anyone can use a recipient's public key to encrypt a message to that
person, and that recipient uses her own corresponding secret key to
decrypt that message. No one but the recipient can decrypt it,
because no one else has access to that secret key. Not even the
person who encrypted the message can decrypt it.
Message authentication is also provided. The sender's own secret key
can be used to encrypt a message, thereby "signing" it. This creates
a digital signature of a message, which the recipient (or anyone
else) can check by using the sender's public key to decrypt it. This
proves that the sender was the true originator of the message, and
that the message has not been subsequently altered by anyone else,
because the sender alone possesses the secret key that made that
signature. Forgery of a signed message is infeasible, and the sender
cannot later disavow his signature.
These two processes can be combined to provide both privacy and
authentication by first signing a message with your own secret key,
then encrypting the signed message with the recipient's public key.
The recipient reverses these steps by first decrypting the message
with her own secret key, then checking the enclosed signature with
your public key. These steps are done automatically by the
recipient's software.
- --
Philip Zimmermann
3021 11th Street
Boulder, Colorado 80304
303 541-0140
E-mail: prz@acm.org
- --
ld231782@longs.LANCE.ColoState.EDU
========================================================================
Appendix VI - Anouncement of Philip Zimmermann Defense Fund.
Reproduced by permission.
========================================================================
- From prz@columbine.cgd.ucar.EDU Thu Oct 14 23:16:32 1993
Return-Path: <prz@columbine.cgd.ucar.EDU>
Received: from ncar.ucar.edu by mail.netcom.com (5.65/SMI-4.1/Netcom)
id AA05680; Thu, 14 Oct 93 23:16:29 -0700
Received: from sage.cgd.ucar.edu by ncar.ucar.EDU (5.65/ NCAR Central Post
Office 03/11/93)
id AA01642; Fri, 15 Oct 93 00:15:34 MDT
Received: from columbine.cgd.ucar.edu by sage.cgd.ucar.EDU (5.65/ NCAR Mail
Server 04/10/90)
id AA22977; Fri, 15 Oct 93 00:14:08 MDT
Message-Id: <9310150616.AA09815@columbine.cgd.ucar.EDU>
Received: by columbine.cgd.ucar.EDU (4.1/ NCAR Mail Server 04/10/90)
id AA09815; Fri, 15 Oct 93 00:16:57 MDT
Subject: PGP legal defense fund
To: gbe@netcom.com (Gary Edstrom)
Date: Fri, 15 Oct 93 0:16:56 MDT
From: Philip Zimmermann <prz@columbine.cgd.ucar.EDU>
In-Reply-To: <9310112013.AA07737@netcom5.netcom.com>; from "Gary Edstrom" at
Oct 11, 93 1:13 pm
From: Philip Zimmermann <prz@acm.org>
Reply-To: Philip Zimmermann <prz@acm.org>
X-Mailer: ELM [version 2.3 PL0]
Status: OR
Date: Fri, 24 Sep 1993 02:41:31 -0600 (CDT)
From: hmiller@orion.it.luc.edu (Hugh Miller)
Subject: PGP defense fund
As you may already know, on September 14 LEMCOM Systems (ViaCrypt)
in Phoenix, Arizona was served with a subpoena issued by the US District
Court of Northern California to testify before a grand jury and produce
documents related to "ViaCrypt, PGP, Philip Zimmermann, and anyone or
any entity acting on behalf of Philip Zimmermann for the time period
June 1, 1991 to the present."
Phil Zimmermann has been explicitly told that he is the primary
target of the investigation being mounted from the San Jose office of
U.S. Customs. It is not known if there are other targets. Whether or
not an indictment is returned in this case, the legal bills will be
astronomical.
If this case comes to trial, it will be one of the most important
cases in recent times dealing with cryptography, effective
communications privacy, and the free flow of information and ideas in
cyberspace in the post-Cold War political order. The stakes are high,
both for those of us who support the idea of effective personal
communications privacy and for Phil, who risks jail for his selfless and
successful effort to bring to birth "cryptography for the masses,"
a.k.a. PGP. Export controls are being used as a means to curtail
domestic access to effective cryptographic tools: Customs is taking the
position that posting cryptographic code to the Internet is equivalent
to exporting it. Phil has assumed the burden and risk of being the
first to develop truly effective tools with which we all might secure
our communications against prying eyes, in a political environment
increasingly hostile to such an idea -- an environment in which Clipper
chips and Digital Telephony bills are our own government's answer to our
concerns. Now is the time for us all to step forward and help shoulder
that burden with him.
Phil is assembling a legal defense team to prepare for the
possibility of a trial, and he needs your help. This will be an
expensive affair, and the meter is already ticking. I call on all of us,
both here in the U.S. and abroad, to help defend Phil and perhaps
establish a groundbreaking legal precedent. A legal trust fund has been
established with Phil's attorney in Boulder. Donations will be accepted
in any reliable form, check, money order, or wire transfer, and in any
currency. Here are the details:
To send a check or money order by mail, make it payable, NOT to Phil
Zimmermann, but to Phil's attorney, Philip Dubois. Mail the check or
money order to the following address:
Philip Dubois
2305 Broadway
Boulder, CO USA 80304
(Phone #: 303-444-3885)
To send a wire transfer, your bank will need the following
information:
Bank: VectraBank
Routing #: 107004365
Account #: 0113830
Account Name: "Philip L. Dubois, Attorney Trust Account"
Any funds remaining after the end of legal action will be returned
to named donors in proportion to the size of their donations.
You may give anonymously or not, but PLEASE - give generously. If
you admire PGP, what it was intended to do and the ideals which animated
its creation, express your support with a contribution to this fund.
- -----------------------------------------------------------------------
Posted to: alt.security.pgp; sci.crypt; talk.politics.crypto;
comp.org.eff.talk; comp.society.cu-digest; comp.society; alt.sci.sociology;
alt.security.index; alt.security.keydist; alt.security;
alt.society.civil-liberty; alt.society.civil-disob; alt.society.futures
- --
Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago
FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu
PGP 2.3A Key fingerprint: FF 67 57 CC 0C 91 12 7D 89 21 C7 12 F7 CF C5 7E
========================================================================
Appendix VII - A Statement from ViaCrypt Concerning ITAR
Reproduced by Permission
========================================================================
- -----BEGIN PGP SIGNED MESSAGE-----
The ITAR (International Traffic in Arms Regulations) includes
a regulation that requires a manufacturer of cryptographic
products to register with the U.S. State Department even if the
manufacturer has no intentions of exporting products. It appears
that this particular regulation is either not widely known, or
is widely ignored.
While no pressure was placed upon ViaCrypt to register, it is the
Company's position to comply with all applicable laws and regulations.
In keeping with this philosophy, ViaCrypt has registered with the
U.S. Department of State as a munitions manufacturer.
- -----BEGIN PGP SIGNATURE-----
Version: 2.4
iQCVAgUBLQ+DfmhHpCDLdoUBAQGa+AP/YzLpHBGOgsU4b7DjLYj8KFC4FFACryRJ
CKaBzeDI30p6y6PZitsMRBv7y2dzDILjYogIP0L3FTRyN36OebgVCXPiUAc3Vaee
aIdLJ6emnDjt+tVS/dbgx0F+gB/KooMoY3SJiGPE+hUH8p3pNkYmhzeR3xXi9OEu
GAZdK+E+RRA=
=o13M
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLUS7XkHZYsvlkKnJAQFz0wP+Jr8I5cyhHvCgWnfyWX+9h/Kkqb9M/9QF
BCZ7gjwcd42mjSji5KsyjF8LtXg7e9lHdnW6mnHRpuLwetxY02rqSWokGtMFVhfC
Vysln01nqmMHpCdml8RVzeTHlK0wPzI0AXx8MPxpI9z1wmGnaPKo7L1l155rWSw+
41ZsH7jft28=
=lmRY
-----END PGP SIGNATURE-----
