|
|
 |
|
|
|
register |
bbs |
search |
rss |
faq |
about
|
|
|
meet up |
add to del.icio.us |
digg it
|
|
|
|
Keep Out magazine Volume 1, Number 2 - Keep Out fe
-----BEGIN PGP SIGNED MESSAGE-----
Keep Out
Volume 1, Number 2
October/November 1994
In this issue:
* Pretty Good Privacy's Signature Bug
* How to use anonymous remailers; A Beginner's Guide
* Why Run a Remailer? An Interview With Erich Von Hollander
* For Beginners: The Web Of Trust and Digital Signatures
______________________________________________________________________
Preface To The Electronic Edition
By John Schofield
Welcome to the second electronic edition of Keep Out! There
will always be an electronic edition of Keep Out, released
approximately one month after the paper version. This is intended to
increase subscriptions to the paper version.
The issues and ideas discussed in Keep Out are too important to
limit them to those who can afford a subscription to Keep Out. This
electronic edition may be distributed freely anywhere in the world,
as long as no more than a small fee for duplication is charged.
If you would like to receive a free sample issue of Keep Out,
with no strings attached, simply send your postal address to
[email protected], or to "Keep Out" at 1:102/903.0 on
Fidonet, or call voice to (818) 345-8640, or mail your request to:
Keep Out Sample Issue
P.O. Box 571312
Tarzana, CA 91357-1312
If you enjoy Keep Out, either in the electronic or printed
versions, I strongly encourage you to subscribe. Subscriptions only
cost $15 per year, for six full issues of electronic privacy
information. Foreign subscriptions are a little more expensive, at
$25, to cover the increased mailing costs. See the advertisement at
the end of this file for more information on subscribing to Keep Out.
______________________________________________________________________
Publisher's Note
By John Schofield
Privacy advocates since the time of Jefferson have known that
government agencies will tend to expand their roles beyond their
original purpose. That is one of the reasons for the checks and
balances built into the American system of government.
Now that tendency to expand has a name: "mission creep."
The Los Angeles Times defines mission creep as, "the kind of
unconscious expansion of U.S. troops' basic role in a foreign
operation that helped turn the intervention in Somalia last year into
a debacle."
In Somalia, the military suffered from mission creep when their
goals changed from simply ensuring security to the much more difficult
goal of apprehending clan leader Mohammed Farah Aidid.
Unfortunately, the military is not the only organization that
suffers from mission creep.
A grand example of this is the Federal Communications Commission
(FCC). The FCC was started because there are a limited amount of
radio frequencies available on the spectrum, and a potentially
unlimited number of people wanting to use that spectrum.
Thus, the FCC had the valid purpose of allocating that scarce
resource fairly_arbitrating disputes and making sure that one
broadcast did not cause trouble with another.
However, the FCC is now regulating content.
This is clearly something it has no business doing.
As comedian Tom Smothers once said, "The ultimate censorship is
the flick of the dial." If people find a show offensive, they will
not watch it.
What does this have to do with privacy?
Mission creep is not limited to the FCC and the military.
Privacy advocates have to be ever-vigilant. Some laws, such as
the FBI's "wiretap bill," are clearly harmful. The "wiretap bill"
requires telephone companies to use equipment that makes telephone
taps easier for law enforcement to install.
Other proposals, though, are not as obviously harmful. A
national ID card has been discussed in two recent Clinton
administration initiatives, in the guise of providing health care (a
national health-care card) and as a work card (to stop illegal
immigrants from using forged papers to get work.)
Is a national ID card a bad idea? It would certainly help to
solve some perceived problems, such as employers hiring illegal
immigrants.
However, in looking at the "con" side of the proposal, it is
important to look also at the effects of mission creep.
For, as surely as the Somalis turned against the U.S. soldiers,
any government agency or plan will grow beyond its original charter.
A national ID card is the first step towards the kind of internal
passport required to travel in the cold war-era Soviet Union.
Government officials, of course, decry this as paranoia. But the
inescapable fact of mission creep remains.
We need to study the immediate effects of new government and
business proposals, but we also need to pay great attention to these
proposals' long-term potential for harm.
Privacy advocates have long known this. Now, with mission creep
becoming a common word, perhaps more people will realize its dangers.
______________________________________________________________________
Keep Out Policy Statements
Mission Statement
Electronic Privacy will become increasingly important in each of
our lives as computers and telecommunications bring people closer
together.
Keep Out is dedicated to the idea that everyone has the ability
and the right to decide their own destinies. That no one should
decide what people read or write or whom they talk to.
New technologies exist that make it a great deal easier than in
the past to monitor whom people talk to and what they say and do.
Keep Out's mission is to investigate ideas and products that make
people harder to monitor and control, and to popularize those ideas
and products by making them easier to understand and use. Through
this, Keep Out aims to preserve the existence of individual liberty
and freedom in the USA and the world.
Privacy Statement
Keep Out's mailing list will not be released to anyone for any
reason. All information about Keep Out subscribers is confidential.
Letter Policy
Letters will be printed exactly as received. Letters must be
shorter than 300 words. Pseudonyms and initials will not be used,
but names may be withheld by request. Keep Out will not publish
letters that are libelous. It may not be possible to print all
letters received; the Keep Out Editorial Board reserves the right to
print only those letters it deems most of interest to Keep Out
readers. Letters are the opinions of their authors, and not
necessarily of Keep Out.
Advertising Policy
Keep Out reserves the right to refuse an advertisement for any
reason. Keep Out will refuse an advertisement if, in the opinion of
the Keep Out Editorial Board, the advertisement tends to mislead
readers. Keep Out's editorial content is completely independent of
its advertising.
Contact Information
Internet: [email protected]
Fidonet: "Keep Out" at 1:102/903.0
Voice: +1-818-345-8640
BBS/FAX: +1-818-342-5127
Snail Mail: P.O. Box 571312
Tarzana, CA 91357-1312
USA
Keep Out magazine is published bimonthly by Keep Out, founded by
John Schofield. Copyright Keep Out 1994. All rights reserved by Keep
Out. Reproduction without permission is prohibited. Keep Out is not
responsible for unsolicited materials. Printed in the USA.
______________________________________________________________________
Keep Out Staff Roster
Publisher: John Schofield ([email protected])
Copy Editor: Amy K. Hood
Cover by: Marcos Borregales ([email protected])
Internet Services: ExpressNet ([email protected])
Ad Consultant: Julie Bailey
Consultants: Don Adler
Michael Bendgen
______________________________________________________________________
** Advertisement **
Pretty Good Privacy(tm)
* Privacy
ViaCrypt PGP is the perfect tool for anyone who values the
privacy of their proprietary or sensitive information.
* Strength
ViaCrypt PGP is the strongest privacy program available to the
civilian world.
* Interoperability
All versions of ViaCrypt PGP are completely interoperable.
* Control
With ViaCrypt PGP you are in complete control of your privacy.
YOU create your keys. YOU decide who to trust.
Versions available for Macintosh, DOS/Windows and UNIX.
ViaCrypt(tm) PGP(tm) is the world's most popular and secure software
program for e-mail and file privacy. ViaCrypt PGP is fully licensed
for personal, commercial, and government use.
Single User Prices:
ViaCrypt PGP for Windows (Sept.) $124.98
ViaCrypt PGP for MS-DOS $99.98
ViaCrypt PGP for Macintosh (Sept.) $124.98
ViaCrypt PGP for UNIX $149.98
ViaCrypt PGP for WinCIM/CSNav $119.98
ViaCrypt
2104 West Peoria Avenue
Phoenix, Arizona 85029
Orders: (800) 536-2664
Information: (602) 944-0773
FAX: (602) 943-2601
Internet: [email protected]
CompuServe: 70304,41
______________________________________________________________________
Signature Bug Afflicts PGP
By John Schofield
No complicated program is without bugs, and yet it is unsettling
when an important bug surfaces in a program we depend on.
A major bug was discovered in Pretty Good Privacy (PGP) during
the week of September 25.
Philip Zimmermann, PGP's original author, said the bug, "has been
there since [PGP version] 2.0," and affects all versions of PGP from
2.0 on, including 2.6.1, the unofficial international version (2.6ui),
and the commercial version produced by Viacrypt, called 2.7.
Zimmermann said a bug-fixed version of PGP would be released "in
a few days," from the normal distribution site at the Massachusetts
Institute of Technology (MIT).
[Editor's Note: The new version, called 2.6.2, has been
released.]
Leonard Mikus, Viacrypt president, said there would be no new
release of Viacrypt PGP 2.7, but that, "The next time we have
diskettes made we will update the program. We will make a free update
available to anyone who has the problem."
The bug only affects PGP's clearsig function, and causes PGP to
appear to validate a message's signature, even though the message has
been tampered with.
PGP has three different ways of signing a message--binary, ASCII-
armor, and clear-signing, also known as clearsig.
In a binary signature, PGP will sign the message in a format that
only computers can read. This is useful if you do not need to send
the signature through e-mail.
If you do, that's where ASCII-armor and clearsigning come in.
ASCII-armor is simply a way PGP translates binary information
(readable only by computers) to text that is readable by humans, and
can be transmitted through e-mail. Binary information can not be sent
by e-mail unless it is translated into text.
Clearsigning is a way of making the signed text clearly visible.
Figures 1 and 2 are examples of clearsigning. This separates the
signed text from the signature, and does not change the signed text.
Clearsigned signatures are used most often in e-mail and in
public conferences, such as newsgroups on the Internet, echos on
Fidonet, and public discussion areas on bulletin board systems.
When PGP users are aware of the bug, it is not terribly
important--there are workarounds. However, when PGP users are not
aware of the bug, the possibility for serious fraud exists.
The bug exists because of the way PGP checks for header
information. A header is a series of lines of text at the beginning
of a message, terminated by a line with only a carriage return on it.
In Figure 1, the "Version:" and "Comment:" lines in the signature
block are headers. When checking the signature, PGP ignores headers.
The problem comes because PGP also checks for and ignores headers
in the message text section of the signed message. Zimmermann said
PGP checks for headers there because "we want to put some fancy header
information there in future versions."
Since PGP ignores everything in the header when checking
signatures, it will verify a falsified message, like the one in Figure
2.
Worse yet, it is not possible to tell a fraudulent message from a
genuine one simply by looking. The fraudulent message in Figure 2 is
easily identifiable as fraudulent, because the first line is not blank.
However, it would be easy for someone to put a space character or a
tab on the first line of the message. PGP would identify this as part
of the header, but it would appear blank to the recipient.
This is not as bad as it seems at first, though.
Whenever you check a signature, PGP will output a file containing
only the signed text. This file is identical to the original text
signed by the message author.
Since PGP completely ignores the forged header information, the
forged text will not be in this output file.
Until a bug-fixed version of PGP is released, the best remedy is
to check the output text every time you check a signature. The output
text has always been accurate, and is accurate now.
It is important to emphasize that this is not a bug in the way
PGP checks message signatures, but rather a bug in the way PGP decides
what part of the message to check. The underlying mathematical
methods are as strong as they have ever been, and PGP is still secure.
Zimmermann described the bug as an "optical illusion" because
"if you're not paying attention, [the forged text] looks like it is
part of the message."
"We didn't make it rigorous enough in syntax checking. It will
take any old text there and think it's header information," Zimmermann
said.
"I've only known about [the bug] for the past three or four days.
I've been aware of it in some sense since [PGP version] 2.0, I just
didn't know that anyone thought of it as a bug. I thought it was good
that header information could go there."
Mikus said he does not consider the problem too important.
"If you armor it, you don't have the problem. Most people don't
sign it cleartext. It isn't the mode most people use it in. [The
bug] probably affects very few actual PGP users."
The bug only appears when PGP clearsigns messages. When PGP
signs a message in binary mode, or signs it in ASCII-armor mode, the
signatures are valid.
Mikus did say, however, that it "could be misleading if anyone
uses it in that mode. As long as the recipient understands what's
going on, he'll know how to interpret it."
=======================================
Figure 1: A Valid Message
- -----BEGIN PGP SIGNED MESSAGE-----
This is a sample PGP message. This is the only valid paragraph in
this message. This is a two-line message.
- -----BEGIN PGP SIGNATURE-----
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.
iQCVAwUBLxGbXmj9fvT+ukJdAQHovwP9HfYshnqyVwdl626olpB1QIjWlEaF+Qzq
8ZM6sgWO97yAYV1U5ivezOfZbZnkgIwN+4XSuTln6ZHuM5hY4Ruf/p6Ndig70j14
+H3tprBGAFSX7hXz9u+l611wrsIOR1B3Zb9WLDVFyCirPVfNos5kjHnX4M7QOI8w
oDQeUvYnolk=
=Y8yC
- -----END PGP SIGNATURE-----
=======================================
Figure 2: A falsified message
- -----BEGIN PGP SIGNED MESSAGE-----
This is bogus text that PGP thinks is a header. PGP will not check
this paragraph when it checks the signature, only the last paragraph.
PGP considers this message identical to Figure 1.
You can even have what appears to be blank lines in the forged
message, by putting a tab on them, as was done on the line above
this paragraph.
This is a sample PGP message. This is the only valid paragraph in
this message. This is a two-line message.
- -----BEGIN PGP SIGNATURE-----
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.
iQCVAwUBLxGbXmj9fvT+ukJdAQHovwP9HfYshnqyVwdl626olpB1QIjWlEaF+Qzq
8ZM6sgWO97yAYV1U5ivezOfZbZnkgIwN+4XSuTln6ZHuM5hY4Ruf/p6Ndig70j14
+H3tprBGAFSX7hXz9u+l611wrsIOR1B3Zb9WLDVFyCirPVfNos5kjHnX4M7QOI8w
oDQeUvYnolk=
=Y8yC
- -----END PGP SIGNATURE-----
______________________________________________________________________
** Advertisement **
Chatterbox! BBS
LA's Best Entertainment BBS!
(818) 718-1600
8-n-1
* 11+ GIGABYTES OF FUN!
* DATING AND MATCHMAKING
* NATIONWIDE FAX SERVICE
* 12 CD ROM's ON-LINE
* OVER 80,000 LIBRARY FILES
* THOUSANDS OF PHOTOS (ADULT, ETC.)
* INTERNET ACCESS (chatrbox.com)
* RIP-VGA GRAPHICS-USE YOUR MOUSE!
* MULTI-USER GAMES (D&D, CHESS, SCRABBLE, MANY OTHERS)
CHATTERBOX! BBS - Your REST STOP on the INFORMATION SUPER HIGHWAY!
HAVE YOUR OWN INTERNET ADDRESS WITHIN MINUTES OF CALLING.
28.8K HIGH SPEED ACCESS NOW AVAILABLE
______________________________________________________________________
Return to Sender: Running a Remailer
By John Schofield
Like much of modern technology, anonymous remailers can be
double-edged swords.
Remailers are used to send anonymous messages that are almost
impossible to trace to their originators.
This capability can be used beneficially. An often-quoted
example is to help an executive come forward and get support for
childhood abuse or help with alcoholism. Or to help an engineer find
out something he really should know, but doesn't.
But remailers often have a dark side as well. They can be used
to harass people, to send out pirated software, or even to send truly
untraceable ransom notes.
Erich von Hollander is a remailer operator, and he spends far
more time than he would like resolving problems related to his
remailer. (Von Hollander operates the soda.berkeley.edu remailer.)
"There are complaints all the time. Once a month there will be
a pretty raging flame war."
Another problem von Hollander mentioned is "the morons who post
homophobic flames."
Von Hollander spends about an hour a day resolving problems with
the remailer.
He said his remailer, which is based on code written by Hal
Finney and Eric Hughes, "is a very internationally used remailer. My
site is probably two or three in the world [in terms of use] after the
Finnish remailer."
The Finnish remailer Von Hollander is referring to is the
anon.penet.fi system, run by Johan Helsingius.
Von Hollander said he handles problems on a case-by-case basis.
"If it's not too serious, I send them e-mail. If it is serious,
I block that address from sending mail [through the remailer]."
Von Hollander says he uses the logs the remailer keeps to track
down people who misuse it.
"The reason I keep logs is that it's an experimental remailer,
and I need them to track down bugs. And I'd have been shut down long
ago if I didn't have the ability to track people down.
"That makes it less secure. It's primarily an experimental
remailer, doing remailer research, and only secondarily to provide
a service."
He prefers that, "if anyone is doing something illegal, I suggest
that they chain [and encrypt] it, because I don't want to be able to
tell who they are."
Von Hollander said his remailer has almost been shut down a
couple of times because of complaints.
With remailers, complaints are inevitable, von Hollander said.
"I knew people would abuse it. It is a given that a certain
percentage of people are immature and do stupid things. You can count
on people doing stupid things. People aren't going to wake up.
"I didn't know that the remailer would be as big as it has. I
didn't know that the volume of problems would be as great. I spend
too much time resolving problems, when I'd rather be
[writing software]."
Von Hollander said it takes very few resources for someone to
operate a remailer.
"The only hardware is something that runs Perl and Sendmail, and
pretty much any UNIX machine would do that. You could get a 386 box
and run Linux on it, which is a free operating system. It will run on
a lot of different things."
Von Hollander said the only other requirement is a UUCP
connection to the Internet, which is available inexpensively many
places.
"The remailer code out there is good stuff. I would encourage
everyone to run a remailer. If you use one you should also run one.
You don't have to be a programmer. It doesn't take a lot of system
resources."
Von Hollander also said that Pretty Good Privacy [PGP] and
remailers "go hand in hand. Everyone who uses the remailer should
learn and use PGP."
Although Von Hollander said he doesn't like the amount of time he
spends resolving problems, he has not yet had to deal with serious
abuse of the remailer.
"It's just people being rude and annoying. I have not had to
deal with real criminal activity. Nobody has sent child porn or
pirated software yet. It's only a matter of time, and unlike Johan
[Helsingius] in Finland, I am under the US's more constrictive laws,
so if someone sends child porn through it, I may go to jail. They may
seize the machine. I just hope nobody does it because I don't want to
deal with it."
Von Hollander said one way to reduce his potential legal
liability is to require that messages be encrypted.
"If it's encrypted, then I can't read it and I'm certainly not
responsible for it."
Although Von Hollander started the remailer because it "seemed
cool," he has philosophical reasons for continuing to operate it.
"Anonymity should be the default. There aren't a lot of cases
where your name needs to be used. Unfortunately, our society is
moving in the opposite direction, where your social security number
and driver's license needs to be given to do anything."
"If I don't get my license renewed, I can't buy a drink. That's
ridiculous. An expired license is still proof of age. Agencies are
expanding their authority way past what their charter is."
"I'm fighting this the only way I can, which is on the net. I
don't know how much this is actually doing, but it's a start."
Von Hollander said the biggest influence of remailers has been on
the sex newsgroups, but he foresees different changes.
"The biggest effect in the future might be the conflict between
anonymity and copyright law."
When copyright violators can easily and anonymously distribute
information widely, traditional copyrights become almost impossible to
enforce.
______________________________________________________________________
How To: Anonymous Remailers
By John Schofield
Internet anonymous remailers have great potential for good, and
great potential for harm. But before you can use them for anything,
you need to know how.
Let's start by looking at one of the first remailers in
operation, and certainly the busiest--the anon.penet.fi remailer in
Finland.
This remailer is fairly simple to use and understand, so we will
start looking at this one before moving on to the more complex (though
still easy to use) Cypherpunk remailers.
The anon.penet.fi remailer is pseudonym-based. This means that
the remailer at all times has a record of the real e-mail addresses of
the people who use it. As we will get into later, the Cypherpunk
remailers do not keep records of who uses them.
To receive an anonymous ID from the remailer, simply send e-mail
to [email protected]. You will receive a message giving you an
anonymous ID. For instance, my (no longer) anonymous ID is
[email protected].
Before you can use the remailer, you need to tell it a password
to use. This prevents someone from pretending to be you, and finding
out what anonymous ID you have.
To set a password, send a message to [email protected]. The
subject does not matter. The body of your message should contain only
your password.
Now, to send someone an anonymous message, you would address it
to [email protected]. Then on the first line of the message, you
would put "X-Anon-To: exene.[email protected]." The second line would
be "X-Anon-Password:" and your password. The remailer would deliver
the message to Exene Cervenka (assuming that really was her e-mail
address), without her being able to tell who the message was from.
See Figure 1 for an example of this type of message.
Posting mail in an Internet newsgroup is very similar. Instead
of putting the e-mail address after the "X-Anon-To" header, you would
put the newsgroup name. For instance, having a header of
"X-Anon-To: alt.sex.smurfs" would post the message to that newsgroup.
(That newsgroup is ficticious. At least, I hope it is.)
In both cases, the "From:" on the remailed message would be your
anonymous pseudonym, not your real e-mail address. If anyone replies
to one of your anonymous messages, the remailer would send the message
to your real e-mail address as soon as it received the message to your
pseudonym.
Using the Cypherpunks remailers is more secure than using the
anon.penet.fi remailer, because Cypherpunks remailers are not
alias-based.
That means that they do not keep a permanent record of remailer
users, and do not match up anonymous id's with real e-mail addresses.
Cypherpunks remailers are one-way only. (Some Cypherpunks have
written remailers that allow replies, without keeping usage
records. Send e-mail to "[email protected]" with a subject
of "remailer-info" for more information on one.)
To use a Cypherpunk remailer like the one at [email protected], you
would simply put the line "Request-Remailing-To:" and an e-mail
address in the message header.
Since many people do not have the ability to modify message
headers on their systems, you can also put a line with two colons on
the first line of the message. Anything after that, up to the first
blank line, will be considered part of the header by the remailer. An
example of this is in Figure 2.
To post through Cypherpunk remailers to Internet newsgroups, you
must use a mail-to-news gateway. This is a computer that looks for
messages addressed in a certain way, and posts them to an Internet
newsgroup. For instance, to post to the sci.crypt newsgroup, you
would send mail to [email protected].
Simply write the name of the newsgroup you wish to send to,
replacing periods with dashes, and add "@cs.utexas.edu" to the end of
it. The computer at cs.utexas.edu will post to whatever newsgroup you
specify. There are other mail-to-news gatways available.
You can also "chain" remailers, which adds considerably more
security to the process. Chaining is simply sending a message through
more than one remailer before it reaches its final destination.
To do this, just put more "Request-Remailing-To" lines in your
message. See Figure 3 for an example. The first remailer in the
chain will strip off the commands to it, leaving the "::" line and the
"Request-Remailing-To" line for the next remailer in the chain.
Most Cypherpunk remailers also support encryption, using the
Pretty Good Privacy (PGP) encryption program, written by Philip
Zimmermann. Simply put the line "Encrypted: PGP" in the message
header. As with other header lines, if you can not put it in the
header, put it as the second line in the message body, with a "::"
on the line before it, and a blank line after it.
This way, it is possible to put the address to be remailed to
in the encrypted text, with a "::" line, and the remailer will send
it to its final destination.
It is even possible to chain encrypted messages, which adds a
great deal of security to the system.
When encrypted messages are chained, none but the last remailer
in the chain will know the final destination of the message. The
first remailer in the chain knows it is sending an encrypted message
to another remailer. The second remailer decrypts the message, finds
the final destination of the message, and remails it. The second
remailer only knows where the message originated from (the first
remailer), not the person who actually wrote the message.
To determine the author of a chained message, you would need to
subvert (or subpoena) every remailer operator in the chain. Assuming
you used a chain of six remailers in six countries, it would be almost
impossible to determine the message's author.
Chaining encrypted messages is simple--you work backwards.
First, you create the message "Hey, Fred." and the
"Request-Remailing-to:" directions for the last remailer, to tell it
the final destination of the message.
Then you encrypt that message with the PGP key of the last
remailer in the chain. So you have a PGP-encrypted message. Now you
put a "Request-Remailing-To" line and an "Encrypted: PGP" line at the
top of the message. See Figure 4 for an example.
In Figure 4, the "Request-Remailing-To" line tells the first
remailer where to send the message. The "Encrypted: PGP" message is
for the second remailer, and tells it to decrypt the message. It will
decrypt the PGP message, read the final address, and send it there.
Cypherpunk remailers that support encryption even support a kind
of "return address" people can use to reply to you.
Simply write YOUR e-mail address with a "Request-Remailing-To"
line and a "::" line, and encrypt them with the remailer's public key.
Include them at the end of your message, with instructions to
move the encrypted block to the beginning and include an "Encrypted:
PGP" line in the header. If your correspondent does that, you will
receive the reply, without he or she having the slightest idea who
you are.
The remailer will decrypt the PGP message, and see that it should
remail the message to you. However, since only the remailer can
decrypt that message, nobody else can detect who you are. It works
quite well.
There is much turnover in the ranks of remailer operators. They
tend to come and go quite often.
A list of Cypherpunks remailers is in Figure 5. To receive a
current list of remailers, you can finger
[email protected].
If you do not have access to finger, much information on
remailers is available on the Cypherpunks mailing list. Send e-mail
to [email protected] for information on joining the list.
=======================================
Figure 1 (Your messages may not be displayed in this format on your
system.)
From: [email protected]
Subject: Debate
To: [email protected]
X-Anon-To: [email protected]
X-Anon-Password: Garble
Tell me you're not REALLY offering a Rolling Stones credit card, Mick!
=======================================
Figure 2 (Your messages may not be displayed in this format on your
system.)
From: [email protected]
Subject: Your Music
To: [email protected]
::
Request-Remailing-To: [email protected]
Hello there, John! How goes it?
=======================================
Figure 3 (Your messages may not be displayed in this format on your
system.)
From: [email protected]
Subject: Anonymity
To: [email protected]
::
Request-Remailing-To: [email protected]
::
Request-Remailing-To: [email protected]
Hello, Exene. I love your music!
=======================================
Figure 4 (Your messages may not be displayed in this format on your
system.)
From: [email protected]
Subject: Anonymity
To: [email protected]
::
Request-Remailing-To: [email protected]
::
Encrypted: PGP
- -----BEGIN PGP MESSAGE-----
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.
hIwDZu+GI0R7oCEBA/9kOO9DSx+7yI/GEWQ9IV0dPCsk5OZA2xLk9aGKTiBx8fxp
RQvZ3NSMWygXk/aklt5XU1+Bc1MK81PIGyXGXYkGULWV8Ba6nUsIYTO3Yeu4rnBT
jLJD4rETZ9JHnMl/uMUy/y8RZONdBKXna0xfbARuwMMInm49ZeysyTFQskLkr6YA
AAAt+dog4FPoib0UoeHdRRsFvjUWeIZse/5nDJN/wUCbXvTKyd5QZWCOkYO4tlFB
=thcO
- -----END PGP MESSAGE-----
=======================================
Figure 5: List of Cypherpunk Remailers
[email protected].
[email protected]
[email protected]
lmccarth@ducie.cs.umass.edu
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
tomaz@flame.sinet.org
[email protected]
Thanks to Raph Levien for compiling this information.
______________________________________________________________________
Beginners: Digital Signatures, The Foundation of the `Web of Trust'
By John Schofield
The "web of trust" is one of the most important and most
misunderstood aspects of the data encryption program Pretty Good
Privacy (PGP). The "web of trust" is the name Philip Zimmermann, PGP
author, gave the network of key signatures that make it possible to
exchange encrypted messages with people you have never met.
Used correctly, signatures make this web possible. Used
incorrectly, they make it vulnerable to fraud and deception, and cause
it to lose its most important element--security.
Before we can learn more about the web of trust, though, we must
learn more about how PGP handles signatures. Digital signatures are
the basis for the web of trust.
In the interest of clarity, we are going to talk about signatures
only as they apply to messages. However, PGP can sign almost
anything--messages, keys and programs, for example. PGP's signatures
work the same no matter what material it signs.
There are two basic parts to every PGP signature. One part
verifies that a message has not been altered since it was signed, and
the other part verifies the identity of the person who signed the
message.
First, PGP computes a hash of the message using the Message
Digest 5 (MD5) method. A hash is simply a long number that changes
depending on the contents of the message. MD5 was developed by Ron
Rivest, one of the inventors of the RSA algorithm used for encryption
in PGP.
PGP uses MD5 to generate a 16-byte hash of the message. If one
character in the message changes, the hash will be completely
different.
This ensures that a signature can not be simply cut and pasted
from one signed message to another. Signatures are unique to the
message that they sign.
But that leaves one hole wide open. Someone wishing to forge a
message could write the message and use MD5 to attach their own hash
to it. PGP would look at the hash, and verify that it matched the
message.
That's where the other aspect of PGP's digital signatures
comes in. After PGP generates the hash with MD5, it encrypts the
hash with the signer's secret key.
This simple step adds real security to PGP's digital signatures.
Let's demonstrate this by looking at how PGP checks a signature.
First, it looks at the signature to see what key it was
signed with. If PGP can find the public key that goes with the
signature, it can continue checking it. Otherwise, the signature is
useless.
PGP uses the signer's public key to decrypt the signature.
(Remember, it was encrypted with the secret key.) Then it compares
the decrypted hash with one PGP generates right then. If the two
hashes match, the signature is valid.
If the hash PGP generated did not match the hash contained in
the signature, or PGP was unable to decrypt the hash, it means the
message has been altered, and PGP will report a bad signature.
A forger could replace the hash in the message with a new hash
that matches the altered message, but the forger could not encrypt
his hash with the original signer's private key. Only the original
signer has a copy of her private key. Thus, PGP signatures are
secure against tampering and forgery.
The Problem of Key Authentification
Key authentification is a thorny problem in most public-key
schemes. Anyone can create a key, claiming it belongs to someone
else. How can you be sure the key you have actually belongs to the
person you wish to communicate with?
One solution is to use a central certifying authority. This
central authority would act somewhat like a notary public, certifying
that a particular key belongs to a particular person. This scheme
has been used in other public-key programs, such as Privacy Enhanced
Mail (PEM) on the Internet.
PGP takes a different route. Instead of having a central
certifying authority, PGP lets you decide who you trust, and who you
do not.
Lets say Alice creates a public key. She could distribute it,
but nobody would trust her key. There would be no way of telling
whether Alice created the key, or whether it was created by an
imposter trying to intercept Alice's messages.
To prove to people that her key actually belongs to her, Alice
needs to have someone sign it. So Alice goes to a friend of hers,
Bob, who agrees to sign her key. First, Bob verifies that the key he
is signing is actually the key Alice generated, by verifying the key
fingerprint over the telephone with Alice.
The key fingerprint is simply a section of the PGP key. The
odds against two different keys having the same fingerprint are
astronomical. When Alice tells Bob that the fingerprints match, he
can be reasonably sure that the key he has belongs to Alice.
Then Bob signs the key, (with the command "PGP -KC ALICE") and
gives it back to Alice.
Now when Alice distributes her key, anyone who trusts Bob will
know that Alice's key is genuine.
A Small Problem
But what about Charles, who wants to communicate with Alice, but
has never heard of Bob? What can he do?
If Charles does not trust Bob, he has no way of knowing whether
Alice's key is genuine.
That is why everyone should get many signatures on their public
key. It helps ensure that, when someone wants to communicate with
you, there is a good chance that someone they trust has signed your
key.
With PGP, you can define your level of trust for someone. If
you think they are untrustworthy, PGP will ignore their signatures.
If you think they are only partially reliable, PGP will require more
than one signature before a key is trusted. You can tune the
trust parameters of PGP to make it paranoid or relaxed about
signatures.
You do this with the Completes_Needed parameter in PGP's
CONFIG.TXT file. This is the number of completely trusted signatures
needed to "trust" a key.
You can also change the number of partially trusted signatures
needed for a key, with the Marginals_Needed parameter.
You can even change the number of levels of trust you want PGP
to have. For instance, if you trust Bob, and Bob signed Charles'
key, do you trust Charles' signature on Dave's key? How about Dave's
signature on Erwin's key? It is all easily configurable with the
Cert_Depth parameter.
Encrypting to Many
An interesting side effect of the way PGP handles encryption is
the ability to encrypt a file so that more than one person can
decrypt it, without adding much to the size of the file.
As we saw in the last issue, PGP's encryption is like an
envelope, with the cleartext inside an IDEA "envelope," which is
itself inside an RSA "envelope."
The cleartext message is encrypted with the IDEA encryption
algorithm, and then only the IDEA key is encrypted with the RSA
public-key algorithm using the recipient's public key. This gives
PGP the benefit of fast single-key encryption and the key-management
advantages of public-key systems.
This makes encrypt-to-many possible. Rather than encrypting the
whole message several times, PGP just encrypts the IDEA key several
times.
Let's say Alice wants to send the same message to Bob, Charles,
and Dave, but doesn't want anyone else to intercept it. She could
have PGP encrypt the message three times, but this would mean she
would have to transmit three times as much information.
Alice can have PGP encrypt the message once, with the IDEA
algorithm, and then encrypt the IDEA key with Bob's public key, with
Charles' public key, and with Dave's public key. Rather than three
whole messages, she just has to send the message and three encrypted
keys.
Encrypting to many is as simple as putting more than one name on
PGP's command-line.
PGP -E "John Schofield" Hood Carey
This would encrypt a message to John Schofield, Amy Hood, and
Matthew Carey, assuming you have their public keys. Enclosing "John
Schofield" in quotes allows you to have a space in the person's name.
Even though there is a space between "Hood" and "Carey," because
they are not in quotes, PGP considers them two different names, and
looks for "Hood" and "Carey," not "Hood Carey."
In the next issue, we will talk about what you need to do to
fully install PGP on your system, and we'll look at all the ways you
can customize it to suit your setup. It's a lot simpler than you
think.
______________________________________________________________________
How to Get a Copy of PGP
* If you live in the USA or Canada
By modem:
The Penny University at 214-650-0382
Colorado Catacombs BBS at 303-772-1062
Rights On! at 407-383-1372
The Sprawl at 818-342-5127
Over the Internet:
To get PGP 2.6.2 from the Massachusetts Institute of Technology,
telnet to net-dist.mit.edu, log in as getpgp and answer the questions.
Then FTP to net-dist.mit.edu and change to the hidden directory you
learned about in the telnet session.
Commercial Version:
If you want a version of PGP that can be used for commercial
purposes, contact Viacrypt Inc. at (602) 944-0773. They sell a
completely licensed version of PGP that is legal for use in the USA
and Canada.
* If you live outside the USA and Canada
By Modem:
Dynamo Donut at +49-231-7261726
Over the Internet:
For source code to PGP 2.6ui:
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.zip
For DOS PGP 2.6ui executables:
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP.pgp26uix.zip
Michael Paul Johnson ([email protected]) and [email protected]
contributed greatly to this list.
______________________________________________________________________
** Advertisement **
______________
** Keep Out **
--------------
Keep Out is the premier source for down-to-earth information on
protecting your electronic privacy.
"It's a good buy for those who want to do something about
privacy and not be bothered with the nitty-gritty of algorithms and
politics," said Wired magazine on page 183 of their December, 1994
issue.
Keep Out gives you practical information on encryption,
electronic anonymity, remailers, steganography, and every other
technology that can affect your privacy.
A one-year (six-issue) subscription to Keep Out costs $15 ($25
outside the U.S. and Canada). Back issues of Volume 1, Number 1 are
available at $7 per issue ($10 outside the U.S. and Canada).
=======================================
________________
** The Sprawl **
----------------
The Sprawl is an excellent on-line resource for privacy
information. It has an extensive library of encryption and other
privacy-related software, and many informative text files. The
Sprawl carries all privacy-related Fidonet echos, as well as most
privacy-related Internet Newsgroups and mailing lists.
Two hundred minutes of time on the Sprawl costs only $1. You
can buy as much or as little time as you want. Test the Sprawl out
for yourself at (818) 342-5127. Once you are voice-verified, you'll
have one hour of paid time on the Sprawl given to you free to explore
with.
=======================================
We can not accept credit cards, but checks and money orders (in U.S.
funds) made payable to "Keep Out" are welcome.
P.O. Box 571312
Tarzana, CA 91357-1312
USA
(818) 345-8640 voice
(818) 342-5127 BBS/Fax
Fidonet: "keep out" at 1:102/903.0
Internet: [email protected]
______________________________________________________________________
End-Of-File
-----BEGIN PGP SIGNATURE-----
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.
iQCVAwUBLxWJDWj9fvT+ukJdAQGzzQQArK49cx7rZWktj/709TWZoWRIevRoA6W0
FMrkGrN3cZr8/c2SmjW99Zk3+HdqzFNTVAglGFp5Gdhaw7vq97Ij/8HuCeOuFiqK
jgqU+e62GmhyT3bzG4j4YENFLZgvD4RJJXSG7BgNXMncZv1K4tBQa/3Rls+0psf7
05ViqxK1IDw=
=Tn5Z
-----END PGP SIGNATURE-----
|
|
|
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
totse.com certificate signatures
|
|
|
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
|
|
|
|
|
|
