RSA "munitions" t-shirt
Adam Back
Subject: RSA "munitions" t-shirts
Sometime ago I wrote a minimal implementation of RSA, to be used as a
.sig program. The motivation was to provide a suitably small piece of
code which could be used to violate ITAR. ITAR is the US regulation
used by the NSA, and people like FBI director Freeh, who wish to have
government back doors into all encryption (such as the rejected US
govt. "Clipper" initiatives). Many people have been using this
program as a .sig, as a form of civil disobedience.
Soon after I posted the .sig to the cypherpunks mailing list, Josh
Osborne suggested making a T-shirt of the .sig. Technically it may be
illegal for a US citizen to export this shirt from the US. It may
even be an ITAR violation for a US citizen to let a foreign national
see him _wear_ an RSA t-shirt. Sound far fetched? Here's a verbatim
quote from the US ITAR regulations, read for yourself:
: ITAR section 120.17 (4)
:
: Disclosing (including oral or visual disclosure) or transferring
: technical data to a foreign person, whether in the United States or
: abroad
The technical data referred to includes cryptographic software, and
even discussion of cryptographic techniques.
Here is the latest version of my perl implementation of the RSA public
key cryptosystem (consider carefully the impliciations before quoting,
or using as a .sig if you're in the US :-):
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
(I am indebted to many perl hackers who contributed ways to shorten
the code, see: http://www.dcs.ex.ac.uk/~aba/rsa/story.html)
The shirt also has a barcode of the same code on it. (The reasoning
behind this was due to Phil Karn's experience trying to get permission
to export the floppy disk set for Bruce Schneier's book `Applied
Cryptography'. The NSA (in their infinite wisdom) decided to allow
the export of the book, but not of the floppy disks. (The floppy
disks contained precisely the same source code as that in the book,
and could be reproduced by anyone with the patience to type in the
example code.) The reasoning (he has a priceless letter from the ODTC
saying this) was that the floppy disks were in `machine readable
form'. To forstall this argument, the shirt is machine-readable.
(OCR-A font for the program, and a CODE128 bar-code. A shirt owner
informs me that the bar code scans.))
Raph Levien filed a Commodity Jurisdiction request (CJR) for an RSA
T-shirt (He actually posted the required paper work, and a sample
T-shirt to the US ODTC (Office of Defense Trade Controls)). A CJR is
the paper work that you have to go through in the US to ask permission
to export crypto software. If your crypto can't be broken relatively
easily, they turn down your application. The CJR was filed some time
ago now, and the ODTC has not answered to date. (We were kind of
hoping they'd ban it, but as you might imagine they are probably
loathe to draw such publicity to themselves :-)
(See, for T-shirt info:
http://www.dcs.ex.ac.uk/~aba/uk-shirt.html
http://www.obscura.com/~shirt/
and for info on the .sig:
http://www.dcs.ex.ac.uk/~aba/rsa/
)
Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
Medical Electronics Lab
Adam Back wrote:
>
> Subject: RSA "munitions" t-shirts[...]
> #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
> $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
Get them soon too! Gore said yesterday that the US government
will up the number of bits exportable from 40 to 56, and change
the requirements from State to Commerce departments. Also, they
will remove crypto software from the munitions list!
So Gore says. I bet he lies.
Patience, persistence, truth,
Dr. mike
Anil Das
Medical Electronics Lab wrote:
>
> Get them soon too! Gore said yesterday that the US government
> will up the number of bits exportable from 40 to 56, and change
> the requirements from State to Commerce departments. Also, they
> will remove crypto software from the munitions list!
If crypto S/W is removed from the munitions list, how
can the US government impose a limit of 56 bit keys on it?
> So Gore says. I bet he lies.
I bet Gore didn't say the second part.
--
Anil Das
Ted Park
Adam Back (a...@dcs.exeter.ac.uk) wrote:
: Subject: RSA "munitions" t-shirts
<stuff deleted>
The shirt that I got also glows in the dark. A friend of mine told me
that the shirts are machine readable AND machine washable!
--Ted.
--
---------------------------------------------
Ted Park tp...@world.std.com
also <A HREF="mailto:tp...@canuck.com"> tp...@canuck.com </A>
On the web as <A HREF="http://www.beer.org/~tpark/"> Ted's Home Page </A>
Medical Electronics Lab
Anil Das wrote:
>
> If crypto S/W is removed from the munitions list, how
> can the US government impose a limit of 56 bit keys on it?
>
> > So Gore says. I bet he lies.
>
> I bet Gore didn't say the second part.
From the Government's press release (by Gore):
:Under this initiative, the export of 56-bit key length encryption products
:will be permitted under a general license after one-time review, and
:contingent upon industry commitments to build and market future products
:that support key recovery. This policy will apply to hardware and software
:products. The relaxation of controls will last up to two years.
: For export control purposes, commercial encryption products
:will no longer be treated as munitions.
You tell me!!! how can they remove crypto from the munitions list
and still force 56 bit keys down our throats!!!! Huh???? HOW!!!!
William Unruh
In <3253FF...@neurophys.wisc.edu> Medical Electronics Lab <ros...@neurophys.wisc.edu> writes:
>Anil Das wrote:
>>
>> If crypto S/W is removed from the munitions list, how
>> can the US government impose a limit of 56 bit keys on it?
Let me see- You are under the impression that ITAR is the only law in
the USA? The way is simple. You pass a law, or and executive order under
the Export Control Act stating that all cryptorequires a license but
that crypto of 56 bits or less automatically has such a license, which
does not need to be applied for.
IE, there are many many ways that they can impliment their intention.
Some might require Congress, others will not.
--
Bill Unruh
un...@physics.ubc.ca
Commonwealth Land Title Company
>Anil Das wrote:
>>
>> If crypto S/W is removed from the munitions list, how
>> can the US government impose a limit of 56 bit keys on it?
>>
>>
>> I bet Gore didn't say the second part.
>From the Government's press release (by Gore):
>:Under this initiative, the export of 56-bit key length encryption products
>:will be permitted under a general license after one-time review, and
>:contingent upon industry commitments to build and market future products
>:that support key recovery. This policy will apply to hardware and software
>:products. The relaxation of controls will last up to two years.
>: For export control purposes, commercial encryption products
>:will no longer be treated as munitions.
>You tell me!!! how can they remove crypto from the munitions list
>and still force 56 bit keys down our throats!!!! Huh???? HOW!!!!
<rambling>
By the very fact that they are the government. For example, bills get passed
all of the time that "sound" good to the public at large, but if no money is
appropriated for the support of these bills, they effectively die.
Politicians can still say they did this and that though.
The truth (IMHO) is that if you do something that irritates anyone with enough
power in government, you will be dealt with. Either you will be dealt with
publicly and made into Public Enemy #1 or quickly and quietly disappear. We
CAN and SHOULD still do what we can to effect change, just be aware that there
is a large discrepancy between what the law says, what the people think the
law says, what the government says the law says, and what the truth in fact is.
</rambling>
Steve Smith
In article <3252A0...@neurophys.wisc.edu>, Medical Electronics Lab <ros...@neurophys.wisc.edu> wrote:
>Adam Back wrote:
>> Subject: RSA "munitions" t-shirts[...]
>> #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
>> $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
>> lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)[...]
>Get them soon too! Gore said yesterday that the US government
>will up the number of bits exportable from 40 to 56, and change
>the requirements from State to Commerce departments. Also, they
>will remove crypto software from the munitions list!
>So Gore says. I bet he lies.
I saw an announcement to this effect. Additionally, in two years, they
will allow an unlimited number of bits. In exchange, they will ban all
non-"key recovery" (non-escrow) crypto software.
Bad deal. On this issue, we don't need to "compromise". They do. The
crypto cat is out of the bag, and can't be stuffed back in.
--
Steve Smith s...@access.digex.net
Agincourt Computing +1 (301) 681 7395
"Everything should be made as simple as possible, but no simpler."
T'Kool
In article <3252B9...@engr.sgi.com>, Anil Das <d...@engr.sgi.com> wrote:
Anil- I came in late to this thread.
Am I to assume that T-shirts are available with the adelman/shamir RSA
encryption algorithm on them?
Where? How much? Nice BIG chars?
Drool, drool!
--
T'Kool Forwords
Vote November 5 !
d...@wit.net
parker_rob
Steve Smith (s...@access.digex.net) wrote:
>In article <3252A0...@neurophys.wisc.edu>, Medical Electronics Lab <ros...@neurophys.wisc.edu> wrote:
>>Adam Back wrote:
>>> Subject: RSA "munitions" t-shirts[...]
>>> #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
>>> $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
>>> lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)[...]
ACK! Help!
I was looking at the web site that describes the perl RSA program, but
my system crashed. I had not yet set a bookmark or written down the URL,
and the post (on this thread) that I got it from has expired from my site.
Can someone please point me at the URL for the web pages about the above
perl RSA program?
BTW, I tried it out under SunOS, and it didn't work at all (as expected).
I then tried downloading GNU dc, which was supposed to fix it, and I put
the compiled dc into my path before the SunOS one, but it made no
difference. In both cases the test (from the web site) gave no output.
I went home and tried it under Linux and it worked perfectly (though the
output is a binary file and so might be difficult to use in a mailing,
is that how it is supposed to be?). Could there be a dependence on a
certain version of perl as well? I'm not very familar with perl, but I've
heard that different versions of perl are not perl-source-compatible.
-Rob Parker
Mike Naylor
rpa...@loc3.tandem.com (parker_rob) wrote:
>ACK! Help!
....
>Can someone please point me at the URL for the web pages about the above
>perl RSA program?
a...@dcs.exeter.ac.uk (Adam Back) wrote:
>(I am indebted to many perl hackers who contributed ways to shorten
>the code, see: http://www.dcs.ex.ac.uk/~aba/rsa/story.html)
....
>(See, for T-shirt info:
> http://www.dcs.ex.ac.uk/~aba/uk-shirt.html
> http://www.obscura.com/~shirt/
>and for info on the .sig:
> http://www.dcs.ex.ac.uk/~aba/rsa/
Mike Naylor - Play 5 X 5 Poker at http://www.serve.com/games/
parker_rob
T'Kool (d...@wit.net) wrote:
>In article <3252B9...@engr.sgi.com>, Anil Das <d...@engr.sgi.com> wrote:
>
>Anil- I came in late to this thread.
>
>Am I to assume that T-shirts are available with the adelman/shamir RSA
>encryption algorithm on them?
Not exactly. My understanding is that the T-shirts include a simple
*implementation* of RSA encryption (in 3 lines of perl code, using
GNU's dc (desk calculator) for the heavy number crunching), in both
human- and machine-readable form (scanable font and scanable barcode
encoding of the text), which is intended to make them "illegal" to
export from the US without an appropriate license.
The text is also used as a sig as a way of "exporting" the source code
over the internet by the act of sending email or news postings.
My thanks to the previous poster who pointed me (again) to the web
pages I had lost on this:
mike....@mail.serve.com wrote:
%rpa...@loc3.tandem.com (parker_rob) wrote:
%>ACK! Help!
%....
%>Can someone please point me at the URL for the web pages about the above
%>perl RSA program?
%
%a...@dcs.exeter.ac.uk (Adam Back) wrote:
%>(I am indebted to many perl hackers who contributed ways to shorten
%>the code, see: http://www.dcs.ex.ac.uk/~aba/rsa/story.html)
%....
%>(See, for T-shirt info:
%> http://www.dcs.ex.ac.uk/~aba/uk-shirt.html
%> http://www.obscura.com/~shirt/
%
%>and for info on the .sig:
%> http://www.dcs.ex.ac.uk/~aba/rsa/
Anil Das
No I didn't.
> Anil- I came in late to this thread.
And got your attributions mixed up.
> Am I to assume that T-shirts are available with the adelman/shamir RSA
> encryption algorithm on them?
>
> Where? How much? Nice BIG chars?
The original article with the offer was posted by Adam Beck.
You might be able to get info about the T-shirt from one
of Web sites in the following quote from the original article.
In article <ABA.96Oc...@exe.dcs.exeter.ac.uk>
a...@dcs.exeter.ac.uk (Adam Back) wrote, among other things:
> (See, for T-shirt info:
>
> http://www.dcs.ex.ac.uk/~aba/uk-shirt.html
> http://www.obscura.com/~shirt/
>
> and for info on the .sig:
>
> http://www.dcs.ex.ac.uk/~aba/rsa/
> )
--
Anil Das