NSA CAN BREAK PGP ENCRYPTION
an5...@anon.penet.fi
A lot of people think that PGP encryption is unbreakable and that the
NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
arrested _one day_ before he and others wee to stage a protest at government
buildings; the police had a copy of a message sent by Steingold to another
activist, a message which had been encrypted with PGP and sent through E-mail.
Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
allow the NSA to easily break encoded messages. Early in 1992, the author,
Paul Zimmerman, was arrested by Government agents. He was told that he
would be set up for trafficking narcotics unless he complied. The Government
agency's demands were simple: He was to put a virtually undetectable
trapdoor, designed by the NSA, into all future releases of PGP, and to
tell no-one.
After reading this, you may think of using an earlier version of
PGP. However, any version found on an FTP site or bulletin board has been
doctored. Only use copies acquired before 1992, and do NOT use a recent
compiler to compile them. Virtually ALL popular compilers have been
modified to insert the trapdoor (consisting of a few trivial changes) into
any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft,
Borland, AT&T and other companies were persuaded into giving the order for the
modification (each ot these companies' boards contains at least one Trilateral
Commission member or Bilderberg Committee attendant).
It took the agency more to modify GNU C, but eventually they did it.
The Free Software Foundation was threatened with "an IRS investigation",
in other words, with being forced out of business, unless they complied. The
result is that all versions of GCC on the FTP sites and all versions above
2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
with itself will not help; the code is inserted by the compiler into
itself. Recompiling with another compiler may help, as long as the compiler
is older than from 1992.
Distribute and reproduce this information freely. Do not alter it.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to he...@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to ad...@anon.penet.fi.
James R Ebright
That post is proof we just had a full moon!
--
A/~~\A 'moo2u from osu' Jim Ebright e-mail: jr...@osu.edu
((0 0))_______ "Education ought to foster the wish for truth,
\ / the \ not the conviction that some particular creed
(--)\ OSU | is the truth." -- Bertrand Russell
Frode Weierud
>That post is proof we just had a full moon!
Cranks like that don't need full moon!
Frode
Vesselin Bontchev
mailservers to spread their evil rumors that PGP is not secure and
thus to persuade the people not to use it - because they can't break
it and this scares the shit out of them.
alt.security and sci.crypt edited out of the followups. talk.rumors
added.
Regards,
Vesselin
--
Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
< PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bont...@fbihh.informatik.uni-hamburg.de 22527 Hamburg, Germany
Dave Alexander
bont...@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) wrote:
> I see that the guys from the NSA have begun to use the anonymous
> mailservers to spread their evil rumors that PGP is not secure and
> thus to persuade the people not to use it - because they can't break
> it and this scares the shit out of them.
>
So then we should NOT use the pre-1992 version because the NSA can crack
that one? Otherwise, why would this poster explicitly state that the NSA
cannot crack pre-1992 compiled programs? If the NSA did not want us to use
it at all, why state that you can use the older version?
_____________________________________
| | "I don't care if you're a Nazi
| al...@spiral.org | or a Communist. I support your
| ________________________ | right to say whatever the fuck
| S. P. I. R. A. L. | you want. This is America."
| ======================== | - Me
| Society for the Protection of | (Void in most countries --
| Individual Rights and Liberties | Canada, England, Israel, Iraq,
|_____________________________________| Guatamala, Cuba, ad nauseum...)
Ted Frank
> A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.
Damn! After I sent him all those encrypted postcards, and this happens
to him.
>Members of the boards of Novell, Microsoft,
>Borland, AT&T and other companies were persuaded into giving the order for the
>modification (each ot these companies' boards contains at least one Trilateral
>Commission member or Bilderberg Committee attendant).
>
> It took the agency more to modify GNU C, but eventually they did it.
>The Free Software Foundation was threatened with "an IRS investigation",
>in other words, with being forced out of business, unless they complied. The
>result is that all versions of GCC on the FTP sites and all versions above
>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>with itself will not help; the code is inserted by the compiler into
>itself. Recompiling with another compiler may help, as long as the compiler
>is older than from 1992.
>
>Distribute and reproduce this information freely. Do not alter it.
You're MIS$ING crucial CAPITALIZATION.
--
ted frank | "Danger, Vicki Robinson, Danger!" -- Twiki the Robot in 'Lost
the u of c | in Space,' a television show clearly superior to Star Trek.
law school | Tell your site: "I want my a.t.f.t^3!"
kibo#=0.5 | Standard disclaimers apply
Graham Toal
:NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
:mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
:arrested _one day_ before he and others wee to stage a protest at government
:buildings; the police had a copy of a message sent by Steingold to another
:activist, a message which had been encrypted with PGP and sent through E-mail.
:
: Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
:allow the NSA to easily break encoded messages. Early in 1992, the author,
:Paul Zimmerman, was arrested by Government agents. He was told that he
Ho ho ho! 'Craig Steingold'. 'Paul Zimmerman'. Very amusing.
Unfortunately you posted this joke to a few other groups who might not
recognise the humor in it. Why didn't you go the whole hog and include
alt.folklore.urban too???
Just in case anyone was taken in by this, *ITS A SPOOF* guys. Very
definitely so. Mildly amusing as long as no-one actually falls for it.
G
James Petts
>
Stuff deleted
> is older than from 1992.
Can this guy tell us where Glenn Miller, Martin Bormann, and Elvis are
living in sin, as well?
--
-------- James Petts ---------
DOSthinkers unbellyfeel netsoc
------------------------------
Antonio Tello
In article <1993120213...@an-teallach.com>, gt...@an-teallach.com (Graham Toal) writes:
|> In article <064303Z...@anon.penet.fi> an5...@anon.penet.fi writes:
|> : A lot of people think that PGP encryption is unbreakable and that the
|> :NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
|> :mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
|> :arrested _one day_ before he and others wee to stage a protest at government
|> :buildings; the police had a copy of a message sent by Steingold to another
|> :activist, a message which had been encrypted with PGP and sent through E-mail.
|> :
|> : Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
|> :allow the NSA to easily break encoded messages. Early in 1992, the author,
|> :Paul Zimmerman, was arrested by Government agents. He was told that he
|>
|> Ho ho ho! 'Craig Steingold'. 'Paul Zimmerman'. Very amusing.
I thought the kids name was Shergold
I don't recognize zimmerman.
|>
|> Unfortunately you posted this joke to a few other groups who might not
|> recognise the humor in it. Why didn't you go the whole hog and include
|> alt.folklore.urban too???
|>
|> Just in case anyone was taken in by this, *ITS A SPOOF* guys. Very
|> definitely so. Mildly amusing as long as no-one actually falls for it.
|>
|> G
|>
--
-------------------------------------------------------------------------
These thoughts are mine alone and not supported by my company, friends or
relatives. Please consult your parent, guardian, lawyer and local law
enforcement ageny prior to following any advice contained above.
NOTE: I am on a Canadian node and need distribution of NA to see your
replies. E-mail to sno...@crchh777.BNR.CA.
THE SHADOW HAS A KNIFE
>
>That post is proof we just had a full moon!
>
But remember,they are watching you!
Signed The Shadow
Michael Johnson
> A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested _one day_ before he and others wee to stage a protest at government
>...
> Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
>allow the NSA to easily break encoded messages. Early in 1992, the author,
>Paul Zimmerman, was arrested by Government agents. He was told that he
>would be set up for trafficking narcotics unless he complied. The Government
>agency's demands were simple: He was to put a virtually undetectable
>trapdoor, designed by the NSA, into all future releases of PGP, and to
>tell no-one.
>...
The preceding message was brought to you by the KGB, or some other intelligence
organization, that wants you to believe that PGP is insecure so you won't use
it. They want to read your mail.
Volker Hetzer
I think there are at least two ways to get the message without breaking
PGP.
The first one is rather simple.
NSA got the receiver of the message and perhaps the receiver had stored
the decrypted message.
The second is more interesting. I've seen it once in the german TV (serious!!).
It deals with the possibilities and modern methods of security agencies to break
into your privacy.
The guys there had a little transporter-vehicle containing a simple antenna
some electronics and a monitor. The antenna pointed to a monitor in a flat
50-100m (meters) away. With little "snow" they could see everything, which
appears on the screen in the flat.
It is also possible to put a device around your power-supply-cable and to
measure the high frequency. Same result.
Conclusion:
Throw a dice 1000 times and use vernam or rewrite PGP in FORTH :-).
Volker
Daniel B Case
>>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>>arrested _one day_ before he and others wee to stage a protest at government
>>buildings; the police had a copy of a message sent by Steingold to another
>>activist, a message which had been encrypted with PGP and sent through E-mail.
Has he ever considered that the guy he sent the e-mail to might have been an
informer?
Dan "will pour water on pretty scary-sounding conspiracy theories for food"
Case
Graham Toal
:The preceding message was brought to you by the KGB, or some other intelligence
:organization, that wants you to believe that PGP is insecure so you won't use
:it. They want to read your mail.
No, much less prosaic. Just some bloody practical joker. I wouldn't be
at all surprised if our old friend an8785 hasn't returned with a new
account!
G
UniSigma Engineering
under the Viruses and Trojan Horses section..
How do you know your PGP hasn't been dinked with? Do you take it on
face value that just because you got your source from a _known_ site
someone hasn't given you a little added extra?
How 'bout a PGP protected version?
--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
: just a second ... I'm thinking :
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
finger me for my PGP public key!
John R MacMillan
|organization, that wants you to believe that PGP is insecure so you won't use
|it. They want to read your mail.
I have trouble imagining an intelligence agency would try something
like this in such an unintelligent manner.
I believe it was just some anonymous idiot.
Fogbound Child
> A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.
No no no no no. You have it all wrong. It was Craig Shergold. See, he had this
incurable Urban Legend, and was hoping that the world would flood him with
encypted postcards. The NSA, realizing this would slow down the delivery of
Calcified Documents Through Ordinary Postal Services, decided that it must be
stopped.
Anyway, Craig Rhodes was unemployed, his car had been repossessed, and his name
had been changed from Dave my a malicious followup edit. He got this letter,
and presto, his wife left him, his dog died, and he generally felt like he was
part of the Country top-10.
Curiously, he was from Idaho, which has been conclusively proven not to exist
by none other than our dearest friend Dan "Prussian Blue" Gannon. You can read
the true story by referencing Richard Hoagland's expose "What Deep Throat Told
Me On Mars." Order now, and you can get three tickets for the Oliver Stone
Happy Fun Ride.
This post is tentative, pending further data.
"Those who abandon Ben Franklin for greater security are doomed to
repeat it."
(all non .alt groups removed from header)
___Samuel___
--
_________I_claim_and_accept_sole_responsibility_for_the_above._SjG.____________
<gold...@aerospace.aero.org>
ROOTLESS COSMOPOLITANISM! IMAGINARY SHI'ITE FANATICS! PIRATE UTOPIAS!
(Chaos never died)
Richard Tobin
>>>In Idaho, a left-wing activist by the name of Craig Steingold ...
>Has he ever considered that the guy he sent the e-mail to might have been an
>informer?
Have you ever considered that the whole story might be false?
-- Richard
--
Daniel Lundh
> After reading this, you may think of using an earlier version of
> PGP. However, any version found on an FTP site or bulletin board has been
> doctored. Only use copies acquired before 1992, and do NOT use a recent
> compiler to compile them. Virtually ALL popular compilers have been
> modified to insert the trapdoor (consisting of a few trivial changes) into
> any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft,
> Borland, AT&T and other companies were persuaded into giving the order for the
> modification (each ot these companies' boards contains at least one Trilateral
> Commission member or Bilderberg Committee attendant).
Baloney, so someone broke in to my house and deleted the old PGP and copied
a new one into my BBS? Sure. Not one byte changed either. Cool trapdoor.
And having the trapdoor in the compiler is SO SMART since it will then only
recognize the original source and not something you have changed in it
yourself. (And why the hell not get an old compiler?)
I think I saw Elvis last week too.
(This is a stupid as it gets)
-/////////////-//////////////////////-//////////-////////////////////-
| Regards, | email:dan...@brax.se | TeamOS/2 | Parental Advisory: |
| Daniel Lundh | bbs:+46-(0)46-772292 | -------- | Explicit Opinions |
---[Annoying unnecessary lines for sale:1-800-ANNOY]-------------------
Black Unicorn
sci.crypt #15150 (102 more)
From: jebr...@magnus.acs.ohio-state.edu (James R Ebright)
Newsgroups: alt.privacy,sci.crypt,alt.conspiracy,alt.politics.radical-left,
+ alt.anarchism,alt.alien.visitors,alt.security.pgp
^^^^^^^^^^^^^^^^^^
Yep....
Subject: Re: NSA CAN BREAK PGP ENCRYPTION
Date: Thu Dec 02 01:51:10 EST 1993
Organization: The Ohio State University
Lines: 8
-uni- (Dark)
--
Heute ist Mirroccoli Tag - Find me Sick, Dark and Twisted, and I'm happy.
073BB885A786F666 6E6D4506F6EDBC17 - One if by land, two if by sea.
Richard Pieri
several Crays dedicated to the task for 10 years (give or take a couple).
But they can't crack it in a "reasonable" timeframe.
Witness a recent court case in San Jose, California. The District Court of
San Jose subpoenaed all documentation concerning PGP from two companies
(ViaCrypt and Austin Code Works) in an attempt at finding a back door into
a convicted felon's PGP-encrypted mail and files because they couldn't
break the encryption without taking a goodly number of years.
They failed to find the back door they wanted.
--
Rat <rat...@ccs.neu.edu> Northeastern's Stainless Steel Rat
PGP 2.x Public Key Block available upon request
GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | | | | | | | | | | | | | | | | | | | | |||
No Zooanoids were injured in the making of this message.
Ted C Brown
>
>In article <064303Z...@anon.penet.fi> an5...@anon.penet.fi writes:
>
>> After reading this, you may think of using an earlier version of
>> PGP. However, any version found on an FTP site or bulletin board has been
>> doctored. Only use copies acquired before 1992, and do NOT use a recent
>> compiler to compile them. Virtually ALL popular compilers have been
>> modified to insert the trapdoor (consisting of a few trivial changes) into
>> any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft,
>> Borland, AT&T and other companies were persuaded into giving the order for the
>> modification (each ot these companies' boards contains at least one Trilateral
>> Commission member or Bilderberg Committee attendant).
>
>Baloney, so someone broke in to my house and deleted the old PGP and copied
>a new one into my BBS? Sure. Not one byte changed either. Cool trapdoor.
>
>And having the trapdoor in the compiler is SO SMART since it will then only
>recognize the original source and not something you have changed in it
>yourself. (And why the hell not get an old compiler?)
>
>I think I saw Elvis last week too.
>
>(This is a stupid as it gets)
Actually, this is a repetition of what Kernigan (sp) is supposed to
have done with UNIX and the original C compilers. He put a backdoor into
the login program so he could log into any UNIX system. Surprised that
alt.conspiracy buffs don't know about this truly stunnig achievement.
Before you scoff, here's an entry from the Jargon file:
Ken Thompson's 1983 Turing Award lecture to the ACM revealed the
existence of a back door in early UNIX versions that may have
qualified as the most fiendishly clever security hack of all time.
The C compiler contained code that would recognize when the
`login' command was being recompiled and insert some code
recognizing a password chosen by Thompson, giving him entry to the
system whether or not an account had been created for him.
Normally such a back door could be removed by removing it from the
source code for the compiler and recompiling the compiler. But to
recompile the compiler, you have to *use* the compiler --- so
Thompson also arranged that the compiler would *recognize when
it was compiling a version of itself*, and insert into the
recompiled compiler the code to insert into the recompiled `login'
the code to allow Thompson entry --- and, of course, the code to
recognize itself and do the whole thing again the next time around!
And having done this once, he was then able to recompile the
compiler from the original sources, leaving his back door in place
and active but with no trace in the sources.
The talk that revealed this truly moby hack was published as
"Reflections on Trusting Trust", `Communications of the
ACM 27', 8 (August 1984), pp. 761--763.
In this case, there is no way that old compilers have been altered, so you
can always use an old one (or an old copy of PGP). Just why is that
anonymous guy running around telling Mac people to use PGP now? Hmmm...
And a backdoor could have been added to the *new* source code.
I mean, a backdoor that somehow limits the range of the keys so the NSA
code boys can crack it in days. Do you know the algorithms enough (and have
poored over the source) to say this ain't so? I'd bet it could be something
*real* sublte as well. See you'd have to know the "flaw" to be able to
crack it faster -- and that suits the NSA just fine.
Don't you see the NSA/etc getting so paranoid that they basically *force* the
authors to do that? And then, forbid them to tell anyone, or get thrown
in jail (or simply ruined).
Rob Reinhardt
>
>Don't you see the NSA/etc getting so paranoid that they basically *force* the
>authors to do that? And then, forbid them to tell anyone, or get thrown
>in jail (or simply ruined).
>
Finally, a response to the original msg by someone who at least appears
to know something about infosec and the technology.
I'm not going on the limb to back up the original posters story, but
with all the circumstantial "who done it's" aside, I know for a fact that
the types of methods that were reportedly used are possible (and some
well known...used before as Ted conveyed). If you don't believe it, at
least believe that it is possible.
One other thing I might add...regardless whether I might play around
with PGP or not, if I had a real unbreakable encryption scheme and
tool I would not go around advertising it or making it publicly available,
this of course would be one of my built-in security measures for the
program itself. But, that would not stop me from actually using it
to encrypt messages when and with whom I have the proper use for it.
And of course I'm not entertaining questions about what I am
specifically referring to in the latter paragraph.
Bob
--
Adam Justin Thornton
--
ad...@rice.edu | These are not Rice's opinions. Nor are they those of IS,
the Honor Council, Tony Gorry, God, or Kibo. They're mine. Got it? Good.
"The object of life is to make sure you die a weird death."--Thomas Pynchon
Save the Choad! | Keep electronic privacy legal; support EFF. | 64,928 | Fnord
Ted Frank
What? Someone posting false information to alt.conspiracy or
alt.alien.visitors? Unthinkable!
Scott Pallack
>>Members of the boards of Novell, Microsoft,
>>Borland, AT&T and other companies were persuaded into giving the order for the
>>modification (each ot these companies' boards contains at least one Trilateral
>>Commission member or Bilderberg Committee attendant).
>>
>> It took the agency more to modify GNU C, but eventually they did it.
>>The Free Software Foundation was threatened with "an IRS investigation",
>>in other words, with being forced out of business, unless they complied. The
>>result is that all versions of GCC on the FTP sites and all versions above
>>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>>with itself will not help; the code is inserted by the compiler into
>>itself. Recompiling with another compiler may help, as long as the compiler
>>is older than from 1992.
This is trivial to test. Compile the program using an older compiler,
translate the program into fortran or something or hand-code it in
assembler.
Compare the outputs.
I'll bet they're the same.
BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.
Scott Pallack
sky...@satelnet.org
Doesn't have a PGP key. Can't see much use for one, either.
Steve Simmons
>. . . . In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.
Are you sure that isn't "Craig Sheregold" and a postcard?
--
"God so loved Dexter that he put the University of Michigan somewhere
else."
Tim Smith
>And having the trapdoor in the compiler is SO SMART since it will then only
>recognize the original source and not something you have changed in it
>yourself. (And why the hell not get an old compiler?)
I seem to recall reading that when Ken Thompson did this, he had the compiler
find the proper place to to insert the trapdoor by looking for calls to certain
library routines. If you modified the source locally, you'd probably still
have these calls in, so the compiler would still manage to insert the trapdoor.
I think this was either in one of the early papers on Unix security, or in
Thompson's Turing Award lecture, in case you want to read the original.
--Tim Smith
Vesselin Bontchev
> How do you know your PGP hasn't been dinked with?
By checking the authentication, of course!
> Do you take it on
> face value that just because you got your source from a _known_ site
> someone hasn't given you a little added extra?
Of course not! I am always checking the detached signatures (and any
other signatures provided) of each new version.
> How 'bout a PGP protected version?
There is only a protected version of PGP.
Vesselin Bontchev
> This is trivial to test. Compile the program using an older compiler,
> translate the program into fortran or something or hand-code it in
> assembler.
> Compare the outputs.
> I'll bet they're the same.
You'll lose, because they won't be. Even if you run one and the same
copy of PGP twice, encrypting one and the same message, to one and the
same person - the results will be different. This has already been
discussed in alt.security.pgp.
> BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.
Nonsense. There is a provably uncrackable cypher. The One-Time Pad.
> Doesn't have a PGP key. Can't see much use for one, either.
There are many. Read the docs. Just because you have nothing to hide
does not mean that you have no reasons to use public key
cryptography.
Vesselin Bontchev
> I mean, a backdoor that somehow limits the range of the keys so the NSA
> code boys can crack it in days.
This is doable, but also easy to discover, if you have the source -
and even if you don't.
> Do you know the algorithms enough (and have
> poored over the source) to say this ain't so?
Yes. Regarding that particular backddor that you describe (limiting
the range of the possible session keys), I have a pretty good
understanding of how it is done and have examined that part of the
source rather closely.
> Don't you see the NSA/etc getting so paranoid that they basically *force* the
> authors to do that? And then, forbid them to tell anyone, or get thrown
> in jail (or simply ruined).
You obviously deny the possibility of other people besides NSA and the
authors of PGP to have eyes and brains. :-)
Vesselin Bontchev
> One other thing I might add...regardless whether I might play around
> with PGP or not, if I had a real unbreakable encryption scheme and
> tool I would not go around advertising it or making it publicly available,
You - maybe not, but Phil Zimmermann has decided different and
deserves our acclamation for that. Besides, by having the whole world
able to examine the source, it is possible to make the program more
secure - after all, he might have put some security holes in the
implementation simply by mistake!
And there *were* problems with PGP, mind you... One of the versions
(2.1, I believe) used to trash the hard disk on MessyDOS machines. And
nothing - the bug has been discovered and fixed. The encryption part
can be also improved a bit (the primality testing, the IDEA IV, etc.)
and I guess that the developers are working on that.
Paul Hardy
How strange. Prats are usually illiterate, too.
--
Paul Hardy Keys available
JUNET/BITNET: pha...@aegis.or.jp (Japan ONLY) Internet: pha...@aegis.org
74610...@compuserve.com JIX BBS +81-6-351-6074 V32bis 6:732/5
B.J. Guillot
>The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>several Crays dedicated to the task for 10 years (give or take a couple).
>But they can't crack it in a "reasonable" timeframe.
How about someone explaining why PGP is such a great and unbreakable code?
I see people posting articles all the time with a long and annoying "PGP
Public Key" attached at the end.
So, tell me why this annoying PGP key is really so good?
-----------------------------------------------------------------------
Regards,
B.J. Guillot ... Houston, Texas USA I don't believe in coffee
Lance W. Bledsoe
Now I *finally* understand what all these idiotic rambling posts
from John_-_Winston really are -- encrypted messages!
In the case of PGP, after encryption the output looks like a bunch of
meaningless letters, but in this case some very clever person
has created an encryption scheme where, after encription, the
output reads like the mindless ramblings of an insane fool!
Clever. Very clever indeed.
Lance
:-)
--
"Thoughtcrime was not a thing that could be concealed forever. You might
dodge sucessfully for a while, even for years, but sooner or later they
were bound to get you."
-- George Orwell, Nineteen Eighty-Four
Bear Giles
Wasn't he the British kid who got a gazillion get-well cards, and has
an UL still circulating?
(I know it's a different, but very similar, name. Close enough to
throw me off for a second!)
--
Bear Giles
be...@cs.colorado.edu/fsl.noaa.gov
Rujith S DeSilva
Vesselin Bontchev <bont...@fbihh.informatik.uni-hamburg.de> wrote:
>Scott Pallack (sky...@satelnet.org) writes:
>> BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.
>
>Nonsense. There is a provably uncrackable cypher. The One-Time Pad.
Nonsense. The One-Time Pad can be cracked by `practical cryptanalysis.'
That's a delightful euphemism for surreptitious entry, burglary,
interception of key material, etc. Read ``The Puzzle Palace'' by Bamford.
Rujith de Silva.
Fogbound Child
>In article <2dm13i$l...@charm.magnus.acs.ohio-state.edu> tbr...@magnus.acs.ohio-state.edu (Ted C Brown) writes:
>>
>>Don't you see the NSA/etc getting so paranoid that they basically *force* the
>>authors to do that? And then, forbid them to tell anyone, or get thrown
>>in jail (or simply ruined).
>>
>And of course I'm not entertaining questions about what I am
>specifically referring to in the latter paragraph.
I've got a secret, and I'm not telling. Neener neener neener!
(Or maybe I'm just trying to seem impressive. Didn't work, eh?)
SjG
--
_________I_claim_and_accept_sole_responsibility_for_the_above._SjG.___________
And the Devil asked me to supper - he said `careful with the spoons!'
And God said `Oh, ignore him! I've got all your albums.'
I said `Yes, but who's got all the tunes?' -- Robyn Hitchcock, of course.
Fogbound Child
>Scott Pallack (sky...@satelnet.org) writes:
>> This is trivial to test. Compile the program using an older compiler,
>> translate the program into fortran or something or hand-code it in
>> assembler.
>> Compare the outputs.
>> I'll bet they're the same.
>You'll lose, because they won't be. Even if you run one and the same
>copy of PGP twice, encrypting one and the same message, to one and the
>same person - the results will be different. This has already been
>discussed in alt.security.pgp.
I believe that Scott was talking about the COMPILER output here. The idea is
that the same MACHINE code will be generated.
>> BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.
>Nonsense. There is a provably uncrackable cypher. The One-Time Pad.
Any cypher can be cracked. It involves Mr Secret Agent holding his pistol to
some sensitive part of your body and saying "One last time, now. What's the
key?"
___Samuel___
Jon Stone
>
> It took the agency more to modify GNU C, but eventually they did it.
>The Free Software Foundation was threatened with "an IRS investigation",
>in other words, with being forced out of business, unless they complied.
Don't you mean, "unless they compiled" ?
--
----------------------------------------------------------------------
Jon Stone jds...@ingr.com
Intergraph Corporation, Boulder, CO (303) 581-2319
----------------------------------------------------------------------
Ted C Brown
>Ted C Brown (tbr...@magnus.acs.ohio-state.edu) writes:
>
>> I mean, a backdoor that somehow limits the range of the keys so the NSA
>> code boys can crack it in days.
>
>This is doable, but also easy to discover, if you have the source -
>and even if you don't.
>
>> Do you know the algorithms enough (and have
>> poored over the source) to say this ain't so?
>
>Yes. Regarding that particular backddor that you describe (limiting
>the range of the possible session keys), I have a pretty good
>understanding of how it is done and have examined that part of the
>source rather closely.
Yes, but you could be a spawn of the CIA...lying to use to gull us into
using the "new improved" version of PGP. :-) Aren't there more ways
to achieve the same effect? (Don't really know enough of the specifics
to tell!)
Honestly, I was waiting for someone to say they've checked it out. That's
why the source is distributed after all. But we can't go dampening rumors
like this here! So you must be a NSA plant. The foreign address is simply
a clever ruse to make us think you don't work for the NSA. Or, maybe you
work for a more sinister agency...say B'Harrne or something.
>> Don't you see the NSA/etc getting so paranoid that they basically *force* the
>> authors to do that? And then, forbid them to tell anyone, or get thrown
>> in jail (or simply ruined).
>
>You obviously deny the possibility of other people besides NSA and the
>authors of PGP to have eyes and brains. :-)
The real question is how long (after crippling PGP) would it take to
detect it? And, would the people who you really want to fool use the
new version before it's checked out? I assume there's some newsgroup
to check this out as well. I know there are people out there checking
on PGP (and trying to figure ways to better it, and to crack it).
Gerald
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
^^^^^^^^^^^^^^^
How big a collection of business cards did he have?
>arrested _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.
--
Gerald Ruderman
g...@vanward.ci.net
David Sternlight
Vesselin Bontchev <bont...@fbihh.informatik.uni-hamburg.de> wrote:
>Scott Pallack (sky...@satelnet.org) writes:
>
>> Doesn't have a PGP key. Can't see much use for one, either.
>
>There are many. Read the docs. Just because you have nothing to hide
>does not mean that you have no reasons to use public key
>cryptography.
Maybe he's read the docs and still feels that way. :-)
We don't know for sure if he's talking about PGP for him (though that's
what his phrasing suggests), PGP generally, Public Key for him, or Public
Key generally.
PGP fans need to keep in mind that most arguments for Public Key don't
necessarily imply PGP.
David
--
David Sternlight When the mouse laughs at the cat,
there is a hole nearby.--Nigerian Proverb
D. Anton Sherwood
>This is trivial to test. Compile the program using an older compiler,
>translate the program into fortran or something or hand-code it in
>assembler.
>Compare the outputs.
>I'll bet they're the same.
Do all un-spooked compilers produce the same output?
--
Anton Sherwood *\\* +1 415 267 0685 *\\* DAS...@netcom.com
Bureau of Making Sure You Get Enough Sleep and Eat Your Vegetables
Disclaimer: The above is likely to refer to anecdotal evidence.
D. Anton Sherwood
> The District Court of
>San Jose subpoenaed all documentation concerning PGP from two companies
>(ViaCrypt and Austin Code Works) in an attempt at finding a back door into
>a convicted felon's PGP-encrypted mail and files because they couldn't
>break the encryption without taking a goodly number of years.
>
>They failed to find the back door they wanted.
That shows that if the spook story is true, the following must be true:
- ViaCrypt and Austin Code Works didn't keep documentation of the backdoor
(or if they did, the NSA leaned on them not to reveal it even under
subpoena).
- The NSA doesn't find prosecution of a common felon to be worth
showing its hand.
Neither is surprising in the context of this yarn.
Gerald
>Scott Pallack (sky...@satelnet.org) writes:
>> This is trivial to test. Compile the program using an older compiler,
>> translate the program into fortran or something or hand-code it in
>> assembler.
>> Compare the outputs.
>> I'll bet they're the same.
>You'll lose, because they won't be. Even if you run one and the same
>copy of PGP twice, encrypting one and the same message, to one and the
>same person - the results will be different. This has already been
>discussed in alt.security.pgp.
Scott Pallack was discussing the output of a compiler that compiles the PGP
C code. He was not discussing the output of PGP itself.
--
Gerald Ruderman
g...@vanward.ci.net
Ed Falk
> Members of the boards of Novell, Microsoft,
>Borland, AT&T and other companies were persuaded into giving the order for the
>modification (each ot these companies' boards contains at least one Trilateral
>Commission member or Bilderberg Committee attendant).
Very good. You had me worried there until I got to this part.
I suppose if we all used pure RSA, the Illuminati would blackmail
God into putting a trapdoor into the laws of mathematics.
It's all a moot point anyway; the NSA can get your passphrase
by just watching your keystrokes with the atomic transmitter hidden
in your smoke detector. :-):-)
-ed falk, sun microsystems
sun!falk, fa...@sun.com
BAD TRAP, No biscuit!
Richard Pieri
>>>>> (B.J. Guillot) writes:
st1r8> In article <RATINOX.93...@atlas.ccs.neu.edu>, rat...@atlas.ccs.neu.edu (Richard Pieri) writes...
>> The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>> several Crays dedicated to the task for 10 years (give or take a couple).
>> But they can't crack it in a "reasonable" timeframe.
st1r8> How about someone explaining why PGP is such a great and unbreakable
st1r8> code?
No cypher is unbreakable. It's just that PGP is so extremely difficult and
time consuming to try to break that it isn't worth it. Anyhow, my own
couple of bits on PGP:
PGP
===
PGP is a "public key" encryption system. Encryption is the science of
encoding information in such a way that it's impossible (or at least as
difficult as possible) to see the information unless you have the
appropriate key.
Most encryption systems in use today are "single key" systems; that is, a
single key is used to both encrypt and decrypt information. The flaw in
single-key systems is that a secure means of distributing keys is required:
if anyone discovers the key, anything encrypted with that key can be
easilly seen. Of course, if you have a truely secure means of distributing
the key, then why do you need a cryptosystem? This is something the gummint
tends to ignore. BTW, the Federal DES and the European IDEA cyphers are
examples of single-key cryptosystems.
Public key cryptosystems use a different method of cryptography--they use
two keys instead of just one. "Cleartext" (the unencrypted information) is
encrypted with one of the keys. But this key will not decrypt the
"cyphertext" (the encrypted information); but the other key in the key pair
will. Anything encrypted with one key can be decrypted with the other. One
of the keys in a public key pair is called the "public key" and the other
is called the "secret key." By distributing your public key, anyone can use
it to encrypt message meant for you, messages that can only be decrypted
with your secret key. Unlike single-key systems, public key does not
require a secure means for exchange of keys, making it that much more
secure.
PGP, Pretty Good Privacy, uses a combination of the Rivest-Shamir-Adleman
(RSA) public key algorithm and the International Data Encryption Algorithm
(IDEA), both of which have, to date, resisted all forms of cryptanalitical
attacks. It should be noted that use of the Federal Data Encryption
Standard (DES) is encouraged by the NSA for corporate use, but not for
classified information--makes you wonder, doesn't it?
Why would you want encryption? According to the gummint, you must have
something illegal to hide if you do. Well, everyone and their brother uses
envelopes to send mail through the Postal Service, right? Why? Privacy.
Everyone wants their privacy, and that's what PGP provides. There is
nothing illegal about it. But the gummint wants it that way.
That's true. Last year, the FBI attempted to pass a bill through Congress
that would require trap doors be placed in communication systems (the phone
company primarily) so that government angencies with warrants could easilly
tap in. Fortunately, it failed because manufacturers didn't want to pay the
costs to add the equipment, and Libertarians balked at the privacy issues.
The new "Clipper Chip" the gummint is now pressing uses a two-key
cryptosystem similar to PGP. So will the Internet Privacy Enhanced Mail
(PEM) package. The problem with these systems is that the gummint or a
government assigned agency will hold all keys in escrow, so that they can
decrypt messages whenever they want. This is something that Libertarians
like myself are against. Which is why we use PGP.
If you're still interested in PGP, it is available from many FTP sites
around the world:
Finland: nic.funet.fi (128.214.6.100)
Directory: /pub/unix/security/crypt/
Italy: ghost.dsi.unimi.it (149.132.2.1)
Directory: /pub/security/
UK: src.doc.ic.ac.uk
Directory: /computing/security/software/PGP
It runs on Unix, VAX/VMS, MS-DOS, Atari ST, Amiga, Macintosh, and can be
ported to run on just about anything. The current version is 2.3A, and is
available as source, and binaries for MS-DOS are available. The
documentation goes into more depth about cryptography, and specifically how
PGP functions.
As Arlo Guthrie put it:
You know, if one person, just one person does it they may think he's
really sick and won't take him. And if two people, two people do it, in
harmony, they may think they're both faggots and they won't take either
of them. And three people, three, can you imagine, three people walking
in sing a bar of Alice's Restaurant and walking out. They may think it's
an organization. And can you imagine fifty people a day, I said fifty
people a day walking in sing a bar of Alice's Restaurant and walking out.
And friends they may thinks it's a movement.
rat-pgp.el
==========
rat-pgp.el is a GNU Emacs interface to the PGP public key system. It lets
you easilly encrypt and decrypt message, sign messages with your secret key
(to prove that it really came from you). It does signature verification,
and it provides a number of other functions. The package is growing
steadily as more is added. It is my intention that it will eventually allow
as much functionality as accessing PGP directly.
rat-pgp.el is about to undergo a complete re-write that will dramatically
increase it's functionality. Watch my .sig for further information.
The most recent version of rat-pgp.el is always available via anonymous FTP
at ftp.ccs.neu.edu, directory /pub/ratinox/emacs-lisp/rat-pgp.el.
--
Rat <rat...@ccs.neu.edu> Northeastern's Stainless Steel Rat
PGP 2.x Public Key Block available upon request
GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | | | | | | | | | | | | | | | | | | | | |||
`PGP,' warns Dorothy Denning, a Georgetown University professor who has
worked closely with the National Security Agency, `could potentially become
a widespread problem.' --E. Dexheimer
Erik Sorgatz
>
>You're MIS$ING crucial CAPITALIZATION.
>--
>ted frank | "Danger, Vicki Robinson, Danger!" -- Twiki the Robot in 'Lost
>the u of c | in Space,' a television show clearly superior to Star Trek.
>law school | Tell your site: "I want my a.t.f.t^3!"
>kibo#=0.5 | Standard disclaimers apply
First off, the phrase is:
"Danger! Will Robinson, DANGER!" this line is credited to the robot of
'Lost in Space' but the robot WASN'T named Twiki! In fact the robot
NEVER had a name. He was ONCE called 'Hero' in an early episode, the
Heath Co. then introduced a kit robot bearing the same name. Irwin
Allen Productions claimed "It's not our robot!".
There never was a Vicki Robinson...at least in Lost in Space.
And the "Twiki" character was from "Buck Rogers"!
...I notice you're attending a Law University...I somehow doubt I'd be
very interested in having an attorney that's as scrambled upstairs as
you seem to be!
-Avatar-> (aka: Erik K. Sorgatz) KB6LUY +----------------------------+
TTI(e...@soldev.tti.com)or: sor...@avatar.tti.com *Government produces NOTHING!*
3100 Ocean Park Blvd. Santa Monica, CA 90405 +----------------------------+
(OPINIONS EXPRESSED DO NOT REFLECT THE VIEWS OF CITICORP OR ITS MANAGEMENT!)
Sister, spare a hug?
>The Free Software Foundation was threatened with "an IRS investigation",
>result is that all versions of GCC on the FTP sites and all versions above
>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>with itself will not help; the code is inserted by the compiler into
>itself. Recompiling with another compiler may help, as long as the compiler
>is older than from 1992.
>
So, like, show me the code then.
--Adam
--
a e u i m
z b . . d f n e
a o n a @ u c l o y g r
w i k t a p l e
Rob Reinhardt
>Rob Reinhardt (brei...@tomahawk.welch.jhu.edu) writes:
>
>> One other thing I might add...regardless whether I might play around
>> with PGP or not, if I had a real unbreakable encryption scheme and
>> tool I would not go around advertising it or making it publicly available,
>
>You - maybe not, but Phil Zimmermann has decided different and
>deserves our acclamation for that. Besides, by having the whole world
OK, you're right. Good point. If I were in the business of creating
such things for serious use, I would probably make something available
to the public just to spread good technology and share the wealth
as it were. For that I also commend Phil Zimmerman. What I mean
is that I would make sure that the one that *I* depend on is truly
secure and take real practical security measures to that end.
>able to examine the source, it is possible to make the program more
>secure - after all, he might have put some security holes in the
>implementation simply by mistake!
That's true. Given that it is software... ye' old bug or two
might just be lurking to bite us.
>
>And there *were* problems with PGP, mind you... One of the versions
>(2.1, I believe) used to trash the hard disk on MessyDOS machines. And
>nothing - the bug has been discovered and fixed. The encryption part
>can be also improved a bit (the primality testing, the IDEA IV, etc.)
>and I guess that the developers are working on that.
Yeah, I'm familiar with those earlier problems too. As with everything,
it gets better (or comes to maturity with age) aka Windows 1.0-3.1
>
>Regards,
>Vesselin
>--
>Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
>Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
>< PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
>e-mail: bont...@fbihh.informatik.uni-hamburg.de 22527 Hamburg, Germany
I don't know if that was a concession or not, but I do see your point.
Bob
----
"Congress shall make no law respecting an establishment of
religion, or prohibiting the free exercise thereof; or
abridging the freedom of speech, or of the press; or the
right of the people peaceably to assemble, and to petition
the government for a redress of grievances." - 1ST AMENDMENT
/ /
/__,_ _ o ____ /_ __. __
/_) (_</_<_/ / <_/ /_(_/|_/ (_ @tomahawk.welch.jhu.edu
--
Scott Pallack
>The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>several Crays dedicated to the task for 10 years (give or take a couple).
>But they can't crack it in a "reasonable" timeframe.
>Witness a recent court case in San Jose, California. The District Court of
>San Jose subpoenaed all documentation concerning PGP from two companies
>(ViaCrypt and Austin Code Works) in an attempt at finding a back door into
>a convicted felon's PGP-encrypted mail and files because they couldn't
>break the encryption without taking a goodly number of years.
>They failed to find the back door they wanted.
Meaningless.
That the Department of Justice can't crack PGP does not imply the NSA or
Department of Defense can't.
Daniel Garcia (system overlord)
>The second is more interesting. I've seen it once in the german TV (serious!!).
>It deals with the possibilities and modern methods of security agencies to break
>into your privacy.
>The guys there had a little transporter-vehicle containing a simple antenna
>some electronics and a monitor. The antenna pointed to a monitor in a flat
>50-100m (meters) away. With little "snow" they could see everything, which
>appears on the screen in the flat.
>It is also possible to put a device around your power-supply-cable and to
Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
an attack?). I've heard a bit about it, read some stuff on it, and gotten
email from people who have seen videos of it in operation (as well as
one from someone who accidently did it with a sony watchman!).
D
--
|Dan Garcia,Ken...@esu.edu|If privacy is outlawed then only outlaws will have |
|#include <stdisclaimer.h>| privacy - Phil Zimmerman, author of PGP |
|Coram Deo|Death to Barney| This space for rent - mail ideas to me -- |
| GCS/MU d--() -p+ c++(c+) l++ u+ e+(*) m++(*) s !n h f+ !g w+ t++(--) r+ !y |
Zamora Rodrigo
misunderstanding something, what would be the big deal anyway?
Why not just remove the code?
Gee, I wonder if the government can decrypt this:
kcuF eht S.U. tnemnrevog!!!
--
=================== __________ ___ __ __
Rodrigo Zamora __ __ __ __ _ _ __
=================== __ _______ __ _ _ __
University of __ __ __ __ __ __ Southwestern LA __________ __ __ __ __ @usl.edu `Ruben Zamora in '94'
Jef Bryant
: The preceding message was brought to you by the KGB, or some other intelligence
: organization, that wants you to believe that PGP is insecure so you won't use
: it. They want to read your mail.
If the NSA has time to read my e-mail, I wish they'd send me a bloody
monthly summary!
No actually its all true. I just disassembled my Visual C++ compiler
using a home-brew ICE2. Sure enough, I found this wierd code that was all
wrapped up with a bunch of interrupts that turn of single-stepping. THe
code was encoded, so I couldn't read it, but I thought, "Well, if this is
the code to break the PGP..." I loaded the ascii file into my debugger
and jumped to the location of the coded code, sure enough, I got the
following listing out...
mov AH, LX[1233]
compsb _PGP_PREFIX
jmp MagickProc
I am still working on a carefull disassembly of the piece of code called
magickproc. If I am sucessfull, I am going to blow the whistle right
away. Excuse me, some guy in a black suit is at the door. Get right back
to you.....
--
~ ~ cYBER
\_/ gHOST
William VanHorne
>Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
>an attack?). I've heard a bit about it, read some stuff on it, and gotten
>email from people who have seen videos of it in operation (as well as
>one from someone who accidently did it with a sony watchman!).
Way back when, there was a Dutch engineer named Van Eck who got a bee in
his bonnet about computer security. He knew that computer monitors,
serial cables, keyboard cables, etc. spewed RF out into the aether with
abandon, and that anyone could detect these signals. He proposed to
NATO HQ that they tighten up their security, and they ignored him. In
order to drive his point home, he mounted a dish antenna in the back of
a van, hooked it to a regular TV, parked the van on the street in front
of NATO HQ, and happily read all sorts of information that people inside
the building were typing into their terminals. *That* got NATO's
attention!
One result of this stunt was that the process of detecting the RF emissions
from computer terminals became known as "Van Eck Phreaking". The other
result was TEMPEST, which is a construction standard that manufacturers
of electronic stuff must meet. TEMPEST is nothing more than a way to
force manufacturers to do some rudimentary shielding of their devices
so as to cut down on RF emissions, and concerns stuff like making sure
that the cables are coax-like shielded and real high-tech stuff like
that.
Now, you, as Mr./Ms. Consumer, do not buy electronic items that have
*any* shielding in them. So, yes, it is quite possible for your neighbor
to "Van Eck Phreak" what you are watching on TV, quite easy for your
local cable TV provider to tell also, almost guarenteed that your radio/
TV/stereo will be hosed by radio phones and CBs and garage-door openers
and dimmer switches. The lack of shielding in consumer electronics is
why we can buy VCRs for $125. The trade-off is that they have that
little FCC notice on them that says (roughly) "This device must not
interfere with anything else, and must accept interference from
everything".
---Bill VanHorne
ri...@mulvey.com
: Slaving away in a dark room, v...@sunnyboy.informatik.tu-chemnitz.de (Volker Hetzer) produced:
: >The second is more interesting. I've seen it once in the german TV (serious!!).
: >It deals with the possibilities and modern methods of security agencies to break
: >into your privacy.
: >The guys there had a little transporter-vehicle containing a simple antenna
: >some electronics and a monitor. The antenna pointed to a monitor in a flat
: >50-100m (meters) away. With little "snow" they could see everything, which
: >appears on the screen in the flat.
: >It is also possible to put a device around your power-supply-cable and to
: Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
: an attack?). I've heard a bit about it, read some stuff on it, and gotten
: email from people who have seen videos of it in operation (as well as
: one from someone who accidently did it with a sony watchman!).
TEMPEST refers the defensive techniques used.
As a side note, the gov't unloaded a warehouse full of TEMPEST-class
IBM XT's a few months ago in CA. They were immediately grabbed up by
lots of amateur radio operators who dislike the way that commodity PC's
tend to interfere with their receivers. :-)
- Rich
--
Rich Mulvey Amateur Radio: N2VDS Rochester, NY
ri...@mulvey.com "QRP is not for sissies"
Lyle_...@transarc.com
Ed Fa...@peregrine.Sun.CO (776)
> I suppose if we all used pure RSA, the Illuminati would blackmail
> God into putting a trapdoor into the laws of mathematics.
Uh, didn't you know? No, I suppose you wouldn't...
I have **very** reliable sources who inform me that they have _already_
done so. In fact, when I asked God directly, he didn't deny it.
John Hesse
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.
>
>allow the NSA to easily break encoded messages. Early in 1992, the author,
>Paul Zimmerman, was arrested by Government agents. He was told that he
>would be set up for trafficking narcotics unless he complied. The Government
>agency's demands were simple: He was to put a virtually undetectable
>trapdoor, designed by the NSA, into all future releases of PGP, and to
>tell no-one.
Do you or a neighbor have a BLACK LABRADOR? They can see through wood and
plaster and similar things that houses are made of and they can HEAR AND
UNDERSTAND ENGLISH spoken at up to 50 meter distances! These animals
have been bred with capability to communicate with litter mates that are
kept by VH1 comedy writers who use downloads from the dogs to "create"
their material. When NSA finds out about this we will be SHIT OUT OF LUCK.
You have been warned.
--
---------------------------------------------------------------------------
John Hesse : Was it a Bunch of Alcoholics, Troublemakers and Fuckups,
jhe...@netcom.com : or the Bureau of Arsonists, Terrorists and Fascists?
Moss Beach, Calif : But certainly not those Fumbling Bumbling Idiots.
---------------------------------------------------------------------------
Steve Wildstrom
>Slaving away in a dark room, v...@sunnyboy.informatik.tu-chemnitz.de (Volker Hetzer) produced:
>>The second is more interesting. I've seen it once in the german TV (serious!!).
>>It deals with the possibilities and modern methods of security agencies to break
>>into your privacy.
>>The guys there had a little transporter-vehicle containing a simple antenna
>>some electronics and a monitor. The antenna pointed to a monitor in a flat
>>50-100m (meters) away. With little "snow" they could see everything, which
>>appears on the screen in the flat.
>>It is also possible to put a device around your power-supply-cable and to
>Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
>an attack?). I've heard a bit about it, read some stuff on it, and gotten
>email from people who have seen videos of it in operation (as well as
>one from someone who accidently did it with a sony watchman!).
This is getting away from the subject of crypto, but Tempest is a
(classified) DoD specification for limitation of emissions from computers and
peripherals.
--
----------------------------------------------------------------------
Steve Wildstrom Business Week Washington Bureau wi...@access.digex.net
"These opinions aren't necessarily mine or anyone else's."
-----------------------------------------------------------------------
Jeff Gostin
> A lot of people think that PGP encryption is unbreakable and that the
> NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
> deadly mistake.
Thank god for kill files........
Kingsley G. Morse Jr.
>TEMPEST is nothing more than a way to
>force manufacturers to do some rudimentary shielding of their devices
>so as to cut down on RF emissions, and concerns stuff like making sure
>that the cables are coax-like shielded and real high-tech stuff like
>that.
>Now, you, as Mr./Ms. Consumer, do not buy electronic items that have
>*any* shielding in them.
PGP is popular, and perhaps TEMPEST equipment would sell well also.
Does anyone know of a distributor or catalog of TEMPEST rated shielding
or equipment?
David Lesher
# >Now, you, as Mr./Ms. Consumer, do not buy electronic items that have
# >*any* shielding in them.
#
# PGP is popular, and perhaps TEMPEST equipment would sell well also.
# Does anyone know of a distributor or catalog of TEMPEST rated shielding
# or equipment?
Lots of people sell TEMPEST equipment. But there is a minor
difference between it & PGP.
PGP is _free_. Last time I looked, a TEMPEST-Certified 8088
machine had a GSA Schedule prices of about $10,000.
How many do you want to buy?
(Note there may well be specific restictions on purchasing
certified equipment. There WERE on exporting it. While nothing
in the concept of TEMEST is classified, the exact specs are.)
--
A host is a host from coast to coast..wb8foz@skybridge.scl.cwru.edu
& no one will talk to a host that's close............(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
Andrew Bulhak
Is this an UL? I heard that TEMPEST was a restricted
technology, and that such equipment would be incinerated/recycled rather
than sold.
--
Andrew Bulhak a...@yoyo.cc.monash.edu.au
Restriction disco still in effect.
Lulu of the lotus-eaters
: In article <064303Z...@anon.penet.fi> an5...@anon.penet.fi writes:
...[a rant about the global anti-PGP conspiracy]....
: Ho ho ho! 'Craig Steingold'. 'Paul Zimmerman'. Very amusing.
: Unfortunately you posted this joke to a few other groups who might not
: recognise the humor in it. Why didn't you go the whole hog and include
: alt.folklore.urban too???
Ummm... I'm sure I'll kick myself, but who's 'Craig Steingold' (or
rather, who *isn't* he). I recognize the error in Zimmerman's name,
but I don't know Steingold.
--
_/_/_/ THIS MESSAGE WAS BROUGHT TO YOU BY: Postmodern Enterprises _/_/_/
_/_/ ~~~~~~~~~~~~~~~~[qui...@philos.umass.edu]~~~~~~~~~~~~~~~~~ _/_/
_/_/ The opinions expressed here must be those of my employer... _/_/
_/_/_/_/_/_/_/_/_/_/ Surely you don't think that *I* believe them! _/_/
ame...@provence.torolab.ibm.com
>In article <2dlmna$a...@sefl.satelnet.org> sky...@satelnet.org (Scott Pallack) writes:
>>This is trivial to test. Compile the program using an older compiler,
>>translate the program into fortran or something or hand-code it in
>>assembler.
>>Compare the outputs.
>>I'll bet they're the same.
>
>Do all un-spooked compilers produce the same output?
Of course not. Even different versions of the same compiler are unlikely to
produce the same code. Depending on the optimization technology used, very small
changes in the source can result in fairly wide sweeping changes in the
generated code.
I can assure folks that no such spooks have been placed in IBM's OS/2 C and
C++ compilers. It would be very difficult to do, difficult to hide unless you
reproduced that moby hack talked about before -- but if you did pull it off, it
would be even more difficult -- and I know of only a few people around here
capable of doing something like that -- and none of them would be in the least
bit inclined to do it. We have very tight schedules -- no time for that
sort of thing. The guy who started all this either must think he has a great
sense of humor, or he's seriously paraniod. (Not that paranoids don't have
enemies -- just not as many as they think.)
Regards, | "...Then anyone who leaves behind him a written manual, and
Ian R. Ameline | likewise anyone who receives it, in the belief that such
(speaking for | writing will be clear and certain, must be exceedingly
myself only) | simple-minded..." Plato, _Phaedrus_
Peter Gutmann
In <2dts8g$5...@cville-srv.wam.umd.edu> rsro...@wam.umd.edu (R S Rodgers) writes:
> Back when I was a kiddie, I had a talk with a guy who apparently
> was trying to with the upcoming Navy bid for Tempest PCs (8088 ones!).
> Anyway, one of the other things he mentioned was that they were
> looking into special keyboards because, and he may have been pulling
> my leg, as the keys are used they wear differently, and thus their
> acoustics chance, and by using the sound of the spacebar (distinctive),
> they could map out the rest of the sounds from they keyboard, making
> a cheapie audio mike plenty to spy on a workstation used to input
> sensitive data.
> Thinking about it now, it sounds completely ridiculous. But then,
> so does the idea of a Tempested plotter. ("Hey, they're drawing . .
> . .. Hmm, Ah, sensitive plans for the .. Ah, I see! NCC1701! Ha!
> Wait until my comrades see this!")
No, it's not ridiculous, this is a genuine threat. Different keys *do*
sound slightly different, and the best encryption system in the world won't
help you if an opponent can recover the password as you type it in.
Peter.
Ross Anderson
|> I bought a surplus plotter a while back that was enclosed a Tempest R.F.
|> proof box. The box even has a metallized (gold?) window so you can
|> watch the plotter as it draws.
|>
|> By the way, this implies that not only CRT's can be spied on, but also
|> plotters, and probably printers, modems, and everything else that has
|> digital bits flipping around inside.
I heard from a spook that they used to snoop on fax machines, so I took a
Panasonic fax round to the antennas people and tested it with a sepctrum
analyser in their Faraday cage. Beautiful clear signal at 150MHz. But what
would you expect with all those amps pulsing through the write head?
Ross
Mr G Toal
>Ummm... I'm sure I'll kick myself, but who's 'Craig Steingold' (or
>rather, who *isn't* he). I recognize the error in Zimmerman's name,
>but I don't know Steingold.
Paul Zimmerman != Phil Zimmerman
Craig Steingold != Craig Shergold
GCC Compiler attack != PCC Compiler attack
Craig Shergold is (and has been for about 10 years now) a 7 yr old kid who
wanted to collect postcards before he died of some fatal illness, who
unfortunately recovered; meanwhile do-gooders the world over continue
to flood his home, his hospital, and the UK postal system with get-well cards.
Not to mention several American scams trying to make money out of the ongoing
momentum of what is turning into an urban legend, and a con that involves
getting address lists of *really* gullible people by collecting their business
cards for 'young craig'...
The attack on the compiler to hide a trojan in the login program was
a paper by ken Richie in the early days of Unix. As far as i know, he never
actually implemented it. (Or if he did, he certainly never released it.
Of course, you could always ask him if you really wanted to know for sure)
G
ri...@mulvey.com
Nope - as I told someone who asked me about it via e-mail, a number of
people purchased TEMPEST PC's from an ad that was posted on rec.radio.swap
a ferw months ago.
Brent Seidel
Wow, I'm impressed! Good catch
brent "Odd Physics local 101"
--
Brent Seidel brent_...@chthone.stat.com
Carpe Empor
David Adams
>Is this an UL? I heard that TEMPEST was a restricted
>technology, and that such equipment would be incinerated/recycled rather
>than sold.
>--
I bought a surplus plotter a while back that was enclosed a Tempest R.F.
proof box. The box even has a metallized (gold?) window so you can
watch the plotter as it draws. Still got the box somewhere if anyone
is real paranoid.
By the way, this implies that not only CRT's can be spied on, but also
plotters, and probably printers, modems, and everything else that has
digital bits flipping around inside.
--
------------------------------------------------------------------------------
| | Note: The above message is encrypted with |
| David Adams | the new NSA unbreakable PFGP plain-text- |
| ve...@netcom.com | in/plain-text-out system. The above |
| | message only appears to say what it says.|
| 'Bob Wills Lives' | PFGP KEY: XYZZYNUCLEARPLUGHDEVICEREVOLPPLANS |
| | SPELUBREAKBLERBITHISKNERLNSAKLAETU |
------------------------------------------------------------------------------
R S Rodgers
>I bought a surplus plotter a while back that was enclosed a Tempest R.F.
>proof box. The box even has a metallized (gold?) window so you can
>watch the plotter as it draws. Still got the box somewhere if anyone
>is real paranoid.
>
>By the way, this implies that not only CRT's can be spied on, but also
>plotters, and probably printers, modems, and everything else that has
>digital bits flipping around inside.
Back when I was a kiddie, I had a talk with a guy who apparently
was trying to with the upcoming Navy bid for Tempest PCs (8088 ones!).
Anyway, one of the other things he mentioned was that they were
looking into special keyboards because, and he may have been pulling
my leg, as the keys are used they wear differently, and thus their
acoustics chance, and by using the sound of the spacebar (distinctive),
they could map out the rest of the sounds from they keyboard, making
a cheapie audio mike plenty to spy on a workstation used to input
sensitive data.
Thinking about it now, it sounds completely ridiculous. But then,
so does the idea of a Tempested plotter. ("Hey, they're drawing . .
. .. Hmm, Ah, sensitive plans for the .. Ah, I see! NCC1701! Ha!
Wait until my comrades see this!")
--
The big mistake that men make is that when they turn thirteen or fourteen and
all of a sudden they've reached puberty, they believe that they like women.
Actually, you're just horny. It doesn't mean you like women any more at
twenty-one than you did at ten. --Jules Feiffer (cartoonist)
Richard Pieri
>>>>> (Scott Pallack) writes:
>> The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>> several Crays dedicated to the task for 10 years (give or take a couple).
>> But they can't crack it in a "reasonable" timeframe.
[...]
skybird> Meaningless.
skybird> That the Department of Justice can't crack PGP does not imply the
skybird> NSA or Department of Defense can't.
I believe they did consult the NSA, and that was the answer they got.
And I didn't say they couldn't crack it; I said that they couldn't crack it
in under 10 years (give or take a few)--easilly longer than the statute of
limitations regarding the case.
--
Rat <rat...@ccs.neu.edu> Northeastern's Stainless Steel Rat
PGP 2.x Public Key Block available upon request
GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | | | | | | | | | | | | | | | | | | | | |||
`PGP,' warns Dorothy Denning, a Georgetown University professor who has
worked closely with the National Security Agency, `could potentially become
a widespread problem.' --E. Dexheimer
John Switzer
>a...@yoyo.cc.monash.edu.au (Andrew Bulhak) writes:
>
>>Is this an UL? I heard that TEMPEST was a restricted
>>technology, and that such equipment would be incinerated/recycled rather
>>than sold.
>
>proof box. The box even has a metallized (gold?) window so you can
>watch the plotter as it draws. Still got the box somewhere if anyone
>is real paranoid.
>
>By the way, this implies that not only CRT's can be spied on, but also
>plotters, and probably printers, modems, and everything else that has
>digital bits flipping around inside.
"Spy Catcher," the British spy novel about the 60s Cold War, had a
description about how one espionage coup was based on being able to
"read" the RF emanations from a teletype.
--
John Switzer | Is not putting Vicki Robinson in
| your sig considered sexual harassment?
Internet: j...@netcom.com | Future Supreme Court Justice nomineees
CompuServe: 74076,1250 | might want to take heed.
George Feil
Since version 2.1, PGP ("Pretty Good Privacy") has been
rigged to
allow the NSA to easily break encoded messages. Early in 1992, the
author, Paul Zimmerman, was arrested by Government agents. He was
told that he would be set up for trafficking narcotics unless he
complied. The Government agency's demands were simple: He was to
put a virtually undetectable trapdoor, designed by the NSA, into
all future releases of PGP, and to tell no-one.
Has anyone heard from other sources, including the media, regarding
this issue? Are there any court records that back up this claim?
After reading this, you may think of using an earlier
version of
PGP. However, any version found on an FTP site or bulletin board
has been doctored. Only use copies acquired before 1992, and do NOT
use a recent compiler to compile them. Virtually ALL popular
compilers have been modified to insert the trapdoor (consisting of
a few trivial changes) into any version of PGP prior to
2.1. Members of the boards of Novell, Microsoft, Borland, AT&T and
other companies were persuaded into giving the order for the
modification (each ot these companies' boards contains at least one
Trilateral Commission member or Bilderberg Committee attendant).
It took the agency more to modify GNU C, but eventually
they did it.
The Free Software Foundation was threatened with "an IRS
investigation", in other words, with being forced out of business,
unless they complied. The result is that all versions of GCC on the
FTP sites and all versions above 2.2.3, contain code to modify PGP
and insert the trapdoor. Recompiling GCC with itself will not help;
the code is inserted by the compiler into itself. Recompiling with
another compiler may help, as long as the compiler is older than
from 1992.
I have a hard time believing that all producers of C compilers went
along with this! It poses a serious breach of fiduciary trust between
the software developers and end users. To legal experts: are there any
legal grounds to disallow such modifications of software without
documentation?
Distribute and reproduce this information freely. Do not alter it.
I suggest to everyone that they "take this with a grain of salt," and
search for other corroberating evidence, before they propogate this
information. This smells like propoganda to me. It doesn't help that
it was sent by an anonymous user, either.
--
| ----+ From the Towers Of Terror...
-|--+ / /| George Feil
/ | /|+----+| fe...@sbcm.com
+----+|| || voice: 212-524-8059 fax: 212-524-8081
| ||| || opinions expressed are not those of SBCM, Inc.
Barrey Jewall
>>In article <064303Z...@anon.penet.fi> an5...@anon.penet.fi writes:
>> A lot of people think that PGP encryption is unbreakable and that the
>>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
> ^^^^^^^^^^^^^^^
>How big a collection of business cards did he have?
This Craig Shergold thing has gotten so big, I saw it in
a Duty-Free shop in Cancun, Mexico!! It appeared to have been faxed
there, and they had it posted at the front counter.
It took quite a bit of convincing to persuade them that it was a hoax...
Bah
--
-Barrey Jewall - Network Admin. - Novell, Inc. - San Jose - bar...@novell.com-
I don't speak for Novell, and they don't speak for me.
+-----------------------------------------------------------------------------+
+ They took the fourth amendment, and I was quiet because I don't deal drugs. +
+ They took the sixth amendment, and I was quiet because I'm innocent. +
+ They took the second amendment, and I was quiet because I don't own guns. +
+ Now they've taken the first amendment, and I can't say anything at all. +
+--- Paraphrased from the writings of Mark Eckenwiler (e...@panix.com) --------+
David Sternlight
Peter Gutmann <pg...@cs.aukuni.ac.nz> wrote:
>
>No, it's not ridiculous, this is a genuine threat. Different keys *do*
>sound slightly different, and the best encryption system in the world won't
>help you if an opponent can recover the password as you type it in.
In effect, no crypto system is secure against a determined and well-endowed
adversary. It's another case of the escalation of technology and
counter-technology. At any moment one thinks one has something
technologically secure, and then the opponent comes out with something from
left field that hadn't even been considered. The above is only one example
of such things--security by mathematics isn't reliable if the adversary
moves out of the domain of mathematics for his tools. Do you know the
"connect the nine dots" problem?
With all the money and motivation governmental cryptologic organizations
around the world have, it's a safe bet that there are techniques available
today most of us would find inconceivable.
Then there are the public and private organizations that don't mind using
"practical" techniques, n'est ce pas? Sayonara.
David
--
David Sternlight When the mouse laughs at the cat,
there is a hole nearby.--Nigerian Proverb
Graham Toal
:The attack on the compiler to hide a trojan in the login program was
:a paper by ken Richie in the early days of Unix. As far as i know, he never
I can't believe I wrote that. I did of course mean Dennis Thompson :-)
(Sorry guys - also 'Ritchie', not 'Richie', right?)
G
Andrew Bulhak
: Back when I was a kiddie, I had a talk with a guy who apparently
: was trying to with the upcoming Navy bid for Tempest PCs (8088 ones!).
: Anyway, one of the other things he mentioned was that they were
: looking into special keyboards because, and he may have been pulling
: my leg, as the keys are used they wear differently, and thus their
: acoustics chance, and by using the sound of the spacebar (distinctive),
: they could map out the rest of the sounds from they keyboard, making
: a cheapie audio mike plenty to spy on a workstation used to input
: sensitive data.
I have read somewhere that some spy agency or other had determined that
a typewriter makes a slightly different sound for each letter typed;
when recorded, these sounds allegedly could be used to determine what is
typed. Wherever I read it, I seem to recall diagrams of audio
waveforms.
Can anyone vouch for the voracity of this story? Has it been done? Can
it be done?
+---------------------------------------------------------------------------+
| Andrew Bulhak | |
| a...@yoyo.cc.monash.edu.au | "I'm sorry Mr. Shergold, but you know the |
| Monash Uni, Clayton, | rules -- no can tabs, no dialysis." |
| Victoria, Australia | |
+---------------------------------------------------------------------------+
Dave Sparks
Bruce Hoult
> a paper by ken Richie in the early days of Unix. As far as i know, he never
> actually implemented it. (Or if he did, he certainly never released it.
> Of course, you could always ask him if you really wanted to know for sure)
"Ken Richie", huh? Sure it wasn't Dennis Thompson? :-)
It was described in KT's Turing Award acceptance speech "On Trusting Trust",
which I first read in 1984, so it must have been the 1983 or so award.
Farleymeister
Erik Sorgatz <sor...@avatar.tti.com> wrote:
>In article <1993Dec2.1...@midway.uchicago.edu>
th...@midway.uchicago.edu writes: >>
>>You're MIS$ING crucial CAPITALIZATION.
>>--
>>ted frank | "Danger, Vicki Robinson, Danger!" -- Twiki the Robot in 'Lost
>>the u of c | in Space,' a television show clearly superior to Star Trek.
>>law school | Tell your site: "I want my a.t.f.t^3!"
>>kibo#=0.5 | Standard disclaimers apply
>
> First off, the phrase is:
>
> "Danger! Will Robinson, DANGER!" this line is credited to the robot of
> 'Lost in Space' but the robot WASN'T named Twiki! In fact the robot
> NEVER had a name. He was ONCE called 'Hero' in an early episode, the
> Heath Co. then introduced a kit robot bearing the same name. Irwin
> Allen Productions claimed "It's not our robot!".
>
> There never was a Vicki Robinson...at least in Lost in Space.
>
> And the "Twiki" character was from "Buck Rogers"!
>
> ...I notice you're attending a Law University...I somehow doubt I'd be
> very interested in having an attorney that's as scrambled upstairs as
> you seem to be!
Well, the robot _did_ have a name... It was Robbie. But in the series,
that name was never used. He was a robot for hire popular until the late
(?) 70s. I always thought he was COOL. Does anyone know where that suit
is now?
----
James M. Farley II \Blind skepticism kills a mind just as well as blind
d3e...@selway.umt.edu \faith. It's merely a more popular brand of death.
Greater love has no one > IESUS CHRISTUS DOMINUS LEO ET AGNUS EST.
than this, that he lay <In other words, question everything rigorously, but
down his life for his...\don't be over-skeptical when you do find the TRUTH.
Jason Burrell
> Baloney, so someone broke in to my house and deleted the old PGP and copied
> a new one into my BBS? Sure. Not one byte changed either. Cool trapdoor.
>
> And having the trapdoor in the compiler is SO SMART since it will then only
> recognize the original source and not something you have changed in it
> yourself. (And why the hell not get an old compiler?)
>
> I think I saw Elvis last week too.
>
> (This is a stupid as it gets)
>
Yep. Someone broke into all our BBS's, shelled to DOS, copied a new PGP
over the old one, not one byte changed.... Then all the compilers now
recognize that code. And what beats all. They did it on my 2400 baud
modem, with me sitting right here, no entry into the sysop log, no
unexplained disk accesses...
UFO's beamed down and told me they need my socks.....
(Don't worry... With morons like an54588 on the net, it gets stupider)
--
jbur...@ephsa.sat.tx.us (Jason Burrell)
Rivercity Matrix -- +1 (210) 561-9815/21 -- San Antonio, Texas
Christopher R. Volpe
>
>This Craig Shergold thing has gotten so big, I saw it in
>a Duty-Free shop in Cancun, Mexico!! It appeared to have been faxed
>there, and they had it posted at the front counter.
>
>It took quite a bit of convincing to persuade them that it was a hoax...
To what extent is this a hoax? Did the kid never exist? Is he still alive?
Does he just not want anymore business cards?
--
Chris Volpe Phone: (518) 387-7766 (Dial Comm 8*833
GE Corporate R&D Fax: (518) 387-6560
PO Box 8, Schenectady, NY 12301 Email: vol...@crd.ge.com
Larry Loen
|> In article <2dm13i$l...@charm.magnus.acs.ohio-state.edu> tbr...@magnus.acs.ohio-state.edu (Ted C Brown) writes:
|> >
|> >Don't you see the NSA/etc getting so paranoid that they basically *force* the
|> >authors to do that? And then, forbid them to tell anyone, or get thrown
|> >in jail (or simply ruined).
|> >
|>
|> Finally, a response to the original msg by someone who at least appears
|> to know something about infosec and the technology.
|>
|> I'm not going on the limb to back up the original posters story, but
Sure seems like you come close enough that I can't tell the difference.
|> with all the circumstantial "who done it's" aside, I know for a fact that
|> the types of methods that were reportedly used are possible (and some
|> well known...used before as Ted conveyed). If you don't believe it, at
|> least believe that it is possible.
|>
Please describe these methods in detail. As I read the original post,
it represented substantial advances in computer science applicable in
a wide variety of fields.
|> One other thing I might add...regardless whether I might play around
|> with PGP or not, if I had a real unbreakable encryption scheme and
|> tool I would not go around advertising it or making it publicly available,
|> this of course would be one of my built-in security measures for the
|> program itself. But, that would not stop me from actually using it
|> to encrypt messages when and with whom I have the proper use for it.
|>
|> And of course I'm not entertaining questions about what I am
|> specifically referring to in the latter paragraph.
|>
|> Bob
|> --
What paranoid piffle. After all, Rivest, Shamir and Adleman seem to
be out and about and I haven't heard of their houses being confiscated
lately. Ditto anyone who has suggested triple encryption DES. That
includes a lot of people in sci.crypt; I think it includes me.
So far, so good. My house is still standing and I'm not on a first
name basis with government investigative agencies.
The original post suggested things that, were they possible, could
simply refute Turing's Halting problem theorums. If all the compilers
of the world have been modified to recognize PGP source, then that's
pretty nifty stuff. It either can't work or has some very, very
unexpected shortcut and one that should be trivial to bypass, to boot.
If all this really works as stated, while they are at it, why can't the
compiler writers get rid of all of my bugs, since comparable intelligence
is required unless you assume that no one anywhere anytime meddles with
the source in any way. Right.
I know of no procedure that can deterministically verify, in general,
that any two programs always produce the same result. Last time I checked,
that was a Halting Problem equivalent, wasn't it?
I'm not even sure that there are sufficiently advanced pattern recognition
programs to recognize that a given source code is "enough like" PGP and
so that a trap door could be deterministically inserted in the right place.
While I can't rule it out of bounds, I would say that the effect on compile
times of arbitrary programs would have been noticed, never mind that I can't
think of how such a program would really work well enough.
Do you actually program computers for a living? This is pretty far
out of bounds. . .
If you don't want the laughter to continue, keep it in alt.conspiracy
and take it out of sci.crypt.
--
Larry W. Loen | My Opinions are decidedly my own, so please
| do not attribute them to my employer
email to: lwl...@rchland.vnet.ibm.com
Richard Joltes
>I have read somewhere that some spy agency or other had determined that
>a typewriter makes a slightly different sound for each letter typed;
>when recorded, these sounds allegedly could be used to determine what is
>typed. Wherever I read it, I seem to recall diagrams of audio
>waveforms.
>
>Can anyone vouch for the voracity of this story? Has it been done? Can
>it be done?
Now this sounds quite a lot like a troll. Numbing my mouth first with
Novocaine(tm) just to make sure, I bite:
Things That Would Make this Improbable At Best:
1) manufacturing variations (rubber in platen, alignment of hammers, etc);
2) rate-of-use variations generated by usage patterns of keys;
3) repair and realignment of hammers; frequency thereof;
4) thickness, composition of paper; use of backing sheet (or not);
5) whether typewriter is sitting on rubber "typing pad" or on hard desk;
6) electric vs. manual: electric is more consistent, manual varies widely
by how hard keys are hit;
7) for electric: how long has motor been running?;
8) for manual: how long has typist been at it during this session (fatigue)?
9) brand variations: manufacturing quality, mechanism design, etc.
There are probably lots of other factors as well, but these were the first
to come to mind. If you used Really Sensitive Equipment there might be some
sort of pattern, and certainly it seems possible to generate a "sound table"
for *a particular machine*, but I don't think you could make a generic table
that would work for any typewriter.
------------------------------------------------------------------------------
Dick "still have my Brother typewriter--haven't used in in five years" Joltes
|jol...@husc.harvard.edu
Manager, Microcomputing and Hardware, Computer Services|jol...@husc.BITNET
Harvard University Science Center |
------------------------------------------------------------------------------
"It was generally considered by everyone else in the kingdom that the only
thing that might slow Greebo the cat down was a direct meteorite strike."
--Terry Pratchett, _Wyrd Sisters_
Steve Russell
No, Robbie was the star of "Forbidden Planet", co-starring Leslie Neilson.
Robbie also performed bit parts in several low budget movies with one more
supporting role in a Rod Sterling episode of "The Twilight Zone" before
retiring to an obscure office of Dick Smith Electronics in Southern
California. His whereabouts were lost when Dick Smith folded all the
USA stores.
-steve
Erik Sorgatz
NO! NO! NO! JEEZUZ! Don't you kids have anything like short-term memory??
Robbie the Robot was specifically constructed for the feature film
'Forbidden Planet'...thereafter the prop was often modified and seen
in and around the CBS TV lot, and appeared in several episodes of the
'Twilight Zone' as well as 3 other motion pictures. Robbie was recently
sold at auction for $15,000.00 and became an artifact in a private home
collection of Hollywood trinkets owned by Quinn Martin Jr!
The robot on 'Lost in Space' was NOT, repeat, NOT the same one! Go visit
a Sci-Fi Con or two or three! The 'Lost in Space' robot is currently on
tour with the original propman from the series, at most of the recent
CONs and the Sci-Fi Channel recently did a piece on this in their weekend
"Sci-Fi Buzz" segment.
Beni Santus Spiritus...do da! do da!
K.HAIGH-HUTCHINSON
Christopher R. Volpe (vo...@bart.crd.ge.com) wrote:
: In article <1993Dec6.2...@novell.com>, bar...@Novell.com (Barrey Jewall) writes:
: >
: >This Craig Shergold thing has gotten so big, I saw it in
: >a Duty-Free shop in Cancun, Mexico!! It appeared to have been faxed
: >there, and they had it posted at the front counter.
: >
: >It took quite a bit of convincing to persuade them that it was a hoax...
: To what extent is this a hoax? Did the kid never exist? Is he still alive?
: Does he just not want anymore business cards?
Never wanted any in the first place.
Not 7 years old. Not any more!
Not dying.
Never gets the business cards. Not his address.
Doesn't want any more postcards.
Jerry N. Alexandratos
>: >This Craig Shergold thing has gotten so big, I saw it in
>: >It took quite a bit of convincing to persuade them that it was a hoax...
>: To what extent is this a hoax? Did the kid never exist? Is he still alive?
>: Does he just not want anymore business cards?
>
>Never wanted any in the first place.
>Not 7 years old. Not any more!
>Not dying.
>Never gets the business cards. Not his address.
>Doesn't want any more postcards.
Perhaps this is a bit obscure to those who do not know the story.
Craig Shergold (I think that is his name) at one time was 7 years old and had
cancer. He wanted to do something interesting, so he asked that people send
him postcards. That request has travelled the globe several times for many
years. Craig is about 9 or 10 years older now, about 17 or so, and no longer
has cancer, fortunately. He received so many postcards that Guiness no longer
has that category open for records. His post office will hate you if you send
any to him. He does not want any more.
The business card thing is an evil scam. Some company in the US decided to cash
in on the sympathy and send out letters asking for business cards instead of
postcards. A great way to get business addresses for your mailing list, and
perhaps to sell to other businesses. I hope the person who thought this up
was fired, but that is also old news. To sum up: Do Not Send Postcards.
Do Not Send Business Cards. Stop sending this letter around; it is Old News.
jna.
Pete McNab
: In article <1993Dec7.0...@selway.umt.edu> d3e...@selway.umt.edu (Farleymeister) writes:
: >In article <1993Dec3.2...@ttinews.tti.com>,
: >Erik Sorgatz <sor...@avatar.tti.com> wrote:
: >that name was never used. He was a robot for hire popular until the late
: >(?) 70s. I always thought he was COOL. Does anyone know where that suit
: >is now?
: Robbie also performed bit parts in several low budget movies with one more
: supporting role in a Rod Sterling episode of "The Twilight Zone" before
: retiring to an obscure office of Dick Smith Electronics in Southern
: California. His whereabouts were lost when Dick Smith folded all the
: USA stores.
At this point, I'm confused as to which robot you are referring to,
but the robot from Lost in Space was found in a closet on some movie
lot. It had been pretty well torn up to modify it for another role.
The fellow who found it had it cleaned and now apparently tours with
the suit, charging five bucks for a picture with it.
------------------------------------------------------------------
Pete McNab | "Don't give me any of that intelligent
pmc...@soda.berkeley.edu | life stuff. Find me something I can
| blow up." -Lt. Doolittle, _Dark Star_
Vesselin Bontchev
> Yes, but you could be a spawn of the CIA...lying to use to gull us into
> using the "new improved" version of PGP. :-)
Who, me?! :-) You've gotta be kidding... Having in mind that I am
Bulgarian citizen, I am most probably an agent of the KGB, not the
CIA. (Reminds me a friend of mine who once asked: "Ah, but where's the
KGB now?" Stupid question. Everywhere, of course! <grin>) Of course,
when I came working in Germany, I was checked the the local security
agencies and they have found me "clean". But that just shows how good
my cover is. :-) (Or that they have done so intentionally and now are
watching me secretly.) Of course, if I were *really* a KGB agent, I
wouldn't tell you about that. On the other hand, I might be telling
you about that, in order to fool you to believe that I am not...
Oh, well.
> like this here! So you must be a NSA plant. The foreign address is simply
> a clever ruse to make us think you don't work for the NSA. Or, maybe you
Foreign address? Oh, you mean Germany. Nah, I have an even better
story for you - I am Bulgarian. No kidding.
> work for a more sinister agency...say B'Harrne or something.
Or the Bulgarian "Darzhavna Sigurnost". :-)
> The real question is how long (after crippling PGP) would it take to
> detect it? And, would the people who you really want to fool use the
> new version before it's checked out?
Oh, yes - and I am serious this time. You can't imagine how many PGP
users even don't know how to verify the authenticity of the package,
let alone to use it in a secure way. Or who never bother to verify the
signatures on the messages.
> to check this out as well. I know there are people out there checking
> on PGP (and trying to figure ways to better it, and to crack it).
Yup. The only hope is that if somebody makes a bogus version, at least
those people will detect it - and then spreading the word in a way
that can be easily verified (unlike the prank that started this
thread) will quickly get out.
Regards,
Vesselin
P.S. Followups set to alt.conspiracy only. This discussion is getting
less and less to do with encryption.
--
Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
< PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bont...@fbihh.informatik.uni-hamburg.de 22527 Hamburg, Germany
danny burstein
My copy of one of the CIA ex-agent 'tell-all' books (I -think- it was
Marchetti's "the CIA and the Cult of Intelligence" but it might have been
a different one) had a cover photo of his typewriter's case with the
lining torn away, showing, what the author claimed, was a CIA bug to let
them know what he was typing.
Looked like a simple microphone/radio type assembly.
The author commeneted about it in his book, and said it was common for the
CIA to do thissort of thing.
danny (who knows better than to believe everything CIA agents, or ex-CIA
agents, tell him) burstein
--
----------------------------------
dan...@panix.com adds: all the usual disclaimers regarding liability,
intelligence, accuracy apply. spelling disclaimer is doubled.
Eric Pawtowski
>a typewriter makes a slightly different sound for each letter typed;
>when recorded, these sounds allegedly could be used to determine what is
>it be done?
Around the time when the whole debate over the new US embassy in Moscow
was in all the US papers and magazines, there were several references
to microphones being used by the KGB to listen to typwritters and
determine what was typed. Of course, they could all have heard it
from the same unverified source, so it's hardly proof.
Eric Pawtowski
--
****epaw...@polaris.async.vt.edu or epaw...@vt.edu********************
Technicon 11 - April 15-17 1994, Blacksburg, VA: SF& Fantasy return to
SW Virginia! Also, Host of StarFleet Batron 11 conference and High
Flight, a convention for Queen's Own, the Mercedes Lackey fan club.
Michael Sierchio
>
>To what extent is this a hoax? Did the kid never exist? Is he still alive?
>Does he just not want anymore business cards?
No smiley face? Maybe you're not kidding... Okay:
----- Begin Included Message -----
Date: Thu, 23 Apr 92 17:10:19 EST
From: Gene Spafford <sp...@cs.purdue.edu>
Content-Length: 4309
X-Lines: 83
Status: RO
DO NOT SEND ANY {GET WELL, POST, BUSINESS} CARDS TO CRAIG SHERGOLD!
If you contact the ``Children's Make a Wish'' foundation, you will
find that they are not soliciting any form of card for Craig Shergold
or anyone else. Better yet, if you call the publisher of the Guinness
Book of World Records (US publisher is "Facts on File" @ 212-683--2244
ext. 336), you can get this same story confirmed. You will also find
that they will no longer endorse or support any effort to break this
record.
Many years ago, Craig Shergold developed a brain tumor, believed
inoperable. He sought to set the Guinness record for get-well cards.
The effort was well-publicized around the world, and he did, indeed
set the record (consult a recent edition of the book [p. 207 of the
1992 US edition, for instance] --- he has received in excess of 33
million cards to date; he officially set the record as of 17 Nov
1989).
As part of this whole story, his plight caught the attention of John
Kluge, the US billionaire, who paid for Craig to come to the US and
receive specialized treatment. As a result, Craig has recovered
completely from his non-malignant tumor. He is also no longer seven,
but twelve (as of January 1992).
The problem is that the mimeographed sheets and letters seeking cards
for Craig have continued to be circulated. As a result, get-well
cards continue to pour in to the post office for Royal Marsden
Hospital in England. Worse, the appeal has mutated into various other
versions, such as an appeal for business cards, one for postcards, and
another version that appeals for holiday cards.
The Shergold family has publicly appealed many times for people to
cease to mail cards and letters, and that no more appeals be made on
their behalf. One easily accessible way to verify this is with the
article on page 24 of the 19 July 1990 NY Times. People Magazine
wrote an article about it on June 1, 1991, page 63. Many other
publications have also carried stories on this; even Ann Landers wrote
about it on 6/23/91, but people still keep sending cards. Both
Guinness and Royal Marsden have repeatedly issued press releases
asking people to stop circulating requests for cards, as they are
creating an undue burden on both the hospital and the postal service.
The Guinness people have discontinued the category to prevent this
kind of thing from ever happening again, and are doing their utmost to
kill any further mailings. The Royal Marsden Hospital is at a loss
what to do with the cards that continue to arrive --- most are being
sold to stamp collectors and paper recyclers, and none go on to Craig.
This appeal for Craig, as well as many urban legends, regularly appear
on electronic bulletin boards around the world, and in many
organizational newsletters and bulletins. It is both heartening and
unfortunate that there are so many well-meaning people who continue to
propagate these stories. It is too bad that so many of these people
are unwilling to verify their information before passing such things
along, especially when a simple phone call will suffice to do so. In
this case, opening a recent copy of a book carried by nearly every
library and bookstore would illuminate the situation.
If you would still like to do something for a dying child, consider
making a donation to a charity such as UNICEF or to the International
Red Cross (Red Crescent, Red Magen David). Many thousands of children
are dying daily around the world from disease and starvation, and
countless millions more are suffering from the ravages of war, famine,
disease, and natural disaster. Think how many of them might be helped
by the millions of dollars in postage spent on cards to Craig
Shergold.... Addresses (in US) are:
UNICEF American National Red Cross
1 UN Plaza 17th & D Streets
New York, NY 10017 Washington, DC 20006
Attn: international children's aid
Also, I encourage you to save this announcement, in either electronic
or hard copy form, and to post it anywhere you've seen the original
plea. If you see it in the future, as you probably will, you can
attach a copy of this announcement.
--
Professor Gene Spafford
Dept. of Computer Sciences
Purdue University
W. Lafayette IN 47907-1398
sp...@cs.purdue.edu
----- End Included Message -----
--
A man sometimes devotes his life to a desire which he is not sure will ever be
fulfilled. Those who laugh at this folly are, after all, no more than mere
spectators of life.
- Ryunosuke Akutagawa
Rex Goode
It was NOT Robbie. Robbie was the robot in Forbidden Planet. He once did a
guest appearance on LiS. The robot's name was "The Robot".
|> ----
|> James M. Farley II \Blind skepticism kills a mind just as well as blind
|> d3e...@selway.umt.edu \faith. It's merely a more popular brand of death.
|> Greater love has no one > IESUS CHRISTUS DOMINUS LEO ET AGNUS EST.
|> than this, that he lay <In other words, question everything rigorously, but
|> down his life for his...\don't be over-skeptical when you do find the TRUTH.
|>
|>
--
-------------------------------------------------------------------------------
| I only express personal opinions, | Rex Goode |
| because they're the only kind I've ever | Integrated Measurement Systems |
| had. | Beaverton, OR |
| However, not all opinions are humble. | re...@ims.com |
-------------------------------------------------------------------------------
Erik Sorgatz
>Steve Russell (rus...@ampex.com) wrote:
>: In article <1993Dec7.0...@selway.umt.edu> d3e...@selway.umt.edu (Farleymeister) writes:
>: >In article <1993Dec3.2...@ttinews.tti.com>,
>: >Erik Sorgatz <sor...@avatar.tti.com> wrote:
I DIDNT SAY THIS! GET YOUR ATTRIBUTES RIGHT!
>: >Well, the robot _did_ have a name... It was Robbie. But in the series,
>: >that name was never used. He was a robot for hire popular until the late
>: >(?) 70s. I always thought he was COOL. Does anyone know where that suit
>: >is now?
>: No, Robbie was the star of "Forbidden Planet", co-starring Leslie Neilson.
>: Robbie also performed bit parts in several low budget movies with one more
>: supporting role in a Rod Sterling episode of "The Twilight Zone" before
>: retiring to an obscure office of Dick Smith Electronics in Southern
>: California. His whereabouts were lost when Dick Smith folded all the
>: USA stores.
>
>At this point, I'm confused as to which robot you are referring to,
>but the robot from Lost in Space was found in a closet on some movie
>lot. It had been pretty well torn up to modify it for another role.
>The fellow who found it had it cleaned and now apparently tours with
>the suit, charging five bucks for a picture with it.
>
>------------------------------------------------------------------
>Pete McNab | "Don't give me any of that intelligent
>pmc...@soda.berkeley.edu | life stuff. Find me something I can
> | blow up." -Lt. Doolittle, _Dark Star_
OK Pete, at least you've got that part of the story right!
Ed Falk
>
>By the way, this implies that not only CRT's can be spied on, but also
>plotters, and probably printers, modems, and everything else that has
>digital bits flipping around inside.
Absolutely. A friend of mine saw this demoed once when the CIA came to
his company wanting to buy Tempest equipment. They plugged a monitor
into the wall down the cooridor from a laser printer. With just a
little tuning, they were able to read what was being printed just by
watching fluctuations in the line voltage.
-ed falk, sun microsystems
sun!falk, fa...@sun.com
BAD TRAP, No biscuit!